Monday, July 23, 2018

Linux chattr Command Tutorial for Beginners (5 Examples)

https://www.howtoforge.com/linux-chattr-command

Many a time, a Linux machine is used by different users. So there are chances that these users access a common set of files. This opens up door to problems like accidental deletion or editing of important files, something which you - as an administrator - would definitely not want to happen.
Thankfully, there exists a command - dubbed chattr - that's developed to help you in specifically these kinds of scenarios. In this tutorial, we will discuss this tool using some easy to understand examples. But before we do that, it's worth mentioning that all examples here have been tested on Ubuntu 16.04 LTS.

Linux chattr command

Basically, the chattr command is used to change file attributes on a Linux file system. Following is its syntax:
chattr [ -RVf ] [ -v version ] [ mode ] files...
And here's what the man page says about it:
       chattr changes the file attributes on a Linux file system.

       The format of a symbolic mode is +-=[aAcCdDeijsStTu].

       The  operator  '+'  causes  the  selected attributes to be added to the
       existing attributes of the files; '-' causes them to  be  removed;  and
       '=' causes them to be the only attributes that the files have.

       The  letters  'aAcCdDeijsStTu' select the new attributes for the files:
       append only (a), no atime updates (A), compressed (c), no copy on write
       (C), no dump (d), synchronous directory updates (D), extent format (e),
       immutable (i), data journalling (j), secure deletion  (s),  synchronous
       updates  (S),  no tail-merging (t), top of directory hierarchy (T), and
       undeletable (u).

       The following attributes are read-only, and may be listed by  lsattr(1)
       but  not  modified  by  chattr:  compression  error (E), huge file (h),
       indexed directory (I), inline data (N), compression raw access (X), and
       compressed dirty file (Z).

       Not  all  flags  are supported or utilized by all filesystems; refer to
       filesystem-specific man pages such as btrfs(5), ext4(5), and xfs(5) for
       more filesystem-specific details.
Following are some Q&A-styled examples that should give you a good idea on how the chattr command works.

Q1. How to use chattr command?

Suppose you want to make a file read-only. So all you have to do is to run the chattr command with +i option and the name of the file as input.
For example:
chattr +i test.txt
Following screenshot shows no other operation was successful on the file once it became read-only using chattr.
How to use chattr command
Note: As you would have already observed, you need to have root privileges to use the chattr command.

Q2. How to remove read-only restriction imposed by chattr?

This is simple - all you have to do is to use the -i option instead of +i. For example:
chattr -i test.txt
How to remove read-only restriction imposed by chattr
So you can see the read-only factor got removed with the -i option.

Q3. How to provide append-only permission to a file?

Sometimes, you may not want complete restriction on a file. What I mean is, you may want to provide users append-only access to a file, so that new info can be added, but existing info cannot be deleted or edited. This is also possible using chattr through the +a option.
chattr +a test.txt
How to provide append-only permission to a file
So you can see that we could append to the file now, but could not edit existing information in the file as well as delete the file. To reverse this behavior, just use the -a option.
chattr -a test.txt

Q4. How to apply a restriction using chattr to all files in a directory?

This can be done using the flag -R, which lets you recursively change attributes of directories and their contents. For example, if you want to make all files inside the test-dir directory as read-only, use the chattr command in the following way:
chattr -R +i ./test-dir/
The following screenshot shows the read-only restriction was successfully applied to all files inside the directory.
How to apply a restriction using chattr to all files in a directory

Q5. How to check chattr attributes applied on files?

Until now, to check if a chattr attribute was successfully applied, we tried performing operations like editing the file or deleting it. But there's a separate command that lets you easily see if the attributes were applied or not. The command in question is lsattr.
lsattr [FILENAME]
For example, the following screenshot shows lsattr output clearly suggesting the 'i' attribute was applied to all files in the directory.
How to check chattr attributes applied on files
Just to reconfirm, here's the output after the -i option was used.
output after the -i option was used
So you can see in the screenshot above, the read-only attribute was removed from all files.

Conclusion

You will likely agree that chattr is must-know command line tool if you are a system admin, or manage users on a Linux machine in general. Effectively using the command can save you from a lot of hassle. This article should be enough to get you started with the command. Once you've practiced the examples we've discussed here, head to the tool's man page to learn more about it.

No comments:

Post a Comment