http://www.linuxtechi.com/file-directory-attributes-in-linux-using-chattr-lsattr-command
Different Options that can be used in chattr Command :
# chattr
# lsattr
There are certain control attributes that
may be set on a file or directory in order to allow data to be
appended, to prevent it from being changed or deleted, etc. For example,
you can enable attributes on a critical system file or directory so
that no users, including root, can delete or change it, disallow a
backup utility such as the dump command to back up a specific file or
directory, and so on. These attributes can only be set on files and
directories located in an ext2, ext3, or an ext4 file system
There are two commands lsattr and chattr that are used for attribute management. The following is the list of commonly used attributes
|
Attributes
|
Description
|
|
a (append)
|
Append operation is allowed on the file
|
|
A
|
This attribute will not allow to update access time of a file
|
|
c (compressed)
|
When this attribute is enable then file is compressed on the disk automatically
|
|
d (dump)
|
File cannot be backed up using the dump command.
|
|
D
|
When D attribute is set on directory then changes are stored synchronously on the disk
|
|
e (extent format)
|
It shows that the file is using extents for mapping the blocks on disk
|
|
i (immutable)
|
When this attribute is enable on file then we cannot be altered, renamed and delete file.
|
|
j (journaling)
|
When this attribute is set then file’s data is stored in journal first then written to file.
|
|
S (synchronous)
|
When this attribute is set , then changes or modifications are stored synchronously on the disk
|
- -R change attributes of directory and its sub-directories recursively
- -V Verbose output of chattr command along with version.
- -f Suppress most error messages.
- The ‘+’ sign is used to set attribute on the files and directories,
- The ‘-‘ sign is used to remove or unset the attribute
- The ‘=’ sign causes them to be the only attributes that the files have.
# chattr
# lsattr
Example:1 Make a file immutable using ‘i’ attribute
[root@linuxtechi ~]# chattr +i dummy_data [root@linuxtechi ~]# lsattr dummy_data ----i----------- dummy_dataNow try to remove and edit the File
[root@linuxtechi ~]# rm -f dummy_data rm: cannot remove ‘dummy_data’: Operation not permitted [root@linuxtechi ~]# echo "test" >> dummy_data -bash: dummy_data: Permission denied
Example:2 Remove the immutable attribute
[root@linuxtechi ~]# chattr -i dummy_data [root@linuxtechi ~]# lsattr dummy_data ---------------- dummy_data
Example:3 To allow only append operations on the file
[root@linuxtechi ~]# chattr +a dummy_data [root@linuxtechi ~]# lsattr dummy_data -----a---------- dummy_dataNow try to append the contents of fstab file in dummy_data file
[root@linuxtechi ~]# cat /etc/fstab >> dummy_data [root@linuxtechi ~]#
Example :4 Secure Directory and its sub-directories using -R option and ‘+i’ attribute.
Let’s create a directory sysadmin and its subdirectories[root@linuxtechi ~]# mkdir sysadmin
[root@linuxtechi ~]# mkdir sysadmin/admim_{1,2,3,4,5}
[root@linuxtechi ~]# ls -l sysadmin/
total 0
drwxr-xr-x. 2 root root 6 Apr 19 09:50 admim_1
drwxr-xr-x. 2 root root 6 Apr 19 09:50 admim_2
drwxr-xr-x. 2 root root 6 Apr 19 09:50 admim_3
drwxr-xr-x. 2 root root 6 Apr 19 09:50 admim_4
drwxr-xr-x. 2 root root 6 Apr 19 09:50 admim_5
Set immutable attribute Recursively on the directory sysadmin[root@linuxtechi ~]# chattr -R +i sysadmin [root@linuxtechi ~]# lsattr -R sysadmin/ ----i----------- sysadmin/admim_1 sysadmin/admim_1: ----i----------- sysadmin/admim_2 sysadmin/admim_2: ----i----------- sysadmin/admim_3 sysadmin/admim_3: ----i----------- sysadmin/admim_4 sysadmin/admim_4: ----i----------- sysadmin/admim_5 sysadmin/admim_5: [root@linuxtechi ~]#Now try to delete directories using rm command
[root@linuxtechi ~]# rm -rf sysadmin rm: cannot remove ‘sysadmin/admim_1’: Permission denied rm: cannot remove ‘sysadmin/admim_2’: Permission denied rm: cannot remove ‘sysadmin/admim_3’: Permission denied rm: cannot remove ‘sysadmin/admim_4’: Permission denied rm: cannot remove ‘sysadmin/admim_5’: Permission denied [root@linuxtechi ~]#To unset the the attributes recursively use the below command
[root@linuxtechi ~]# chattr -R -i sysadmin
No comments:
Post a Comment