https://www.howtoforge.com/linux-chattr-command
Many a time, a Linux machine is used by different users. So there are chances that these users access a common set of files. This opens up door to problems like accidental deletion or editing of important files, something which you - as an administrator - would definitely not want to happen.
Thankfully, there exists a command - dubbed chattr - that's developed to help you in specifically these kinds of scenarios. In this tutorial, we will discuss this tool using some easy to understand examples. But before we do that, it's worth mentioning that all examples here have been tested on Ubuntu 16.04 LTS.
For example:
Many a time, a Linux machine is used by different users. So there are chances that these users access a common set of files. This opens up door to problems like accidental deletion or editing of important files, something which you - as an administrator - would definitely not want to happen.
Thankfully, there exists a command - dubbed chattr - that's developed to help you in specifically these kinds of scenarios. In this tutorial, we will discuss this tool using some easy to understand examples. But before we do that, it's worth mentioning that all examples here have been tested on Ubuntu 16.04 LTS.
Linux chattr command
Basically, the chattr command is used to change file attributes on a Linux file system. Following is its syntax:
chattr [ -RVf ] [ -v version ] [ mode ] files...
And here's what the man page says about it:chattr changes the file attributes on a Linux file system. The format of a symbolic mode is +-=[aAcCdDeijsStTu]. The operator '+' causes the selected attributes to be added to the existing attributes of the files; '-' causes them to be removed; and '=' causes them to be the only attributes that the files have. The letters 'aAcCdDeijsStTu' select the new attributes for the files: append only (a), no atime updates (A), compressed (c), no copy on write (C), no dump (d), synchronous directory updates (D), extent format (e), immutable (i), data journalling (j), secure deletion (s), synchronous updates (S), no tail-merging (t), top of directory hierarchy (T), and undeletable (u). The following attributes are read-only, and may be listed by lsattr(1) but not modified by chattr: compression error (E), huge file (h), indexed directory (I), inline data (N), compression raw access (X), and compressed dirty file (Z). Not all flags are supported or utilized by all filesystems; refer to filesystem-specific man pages such as btrfs(5), ext4(5), and xfs(5) for more filesystem-specific details.Following are some Q&A-styled examples that should give you a good idea on how the chattr command works.
Q1. How to use chattr command?
Suppose you want to make a file read-only. So all you have to do is to run the chattr command with +i option and the name of the file as input.For example:
chattr +i test.txt
Following screenshot shows no other operation was successful on the file once it became read-only using chattr.
Note: As you would have already observed, you need to have root privileges to use the chattr command.
Q2. How to remove read-only restriction imposed by chattr?
This is simple - all you have to do is to use the -i option instead of +i. For example:
chattr -i test.txt
So you can see the read-only factor got removed with the -i option.Q3. How to provide append-only permission to a file?
Sometimes, you may not want complete restriction on a file. What I mean is, you may want to provide users append-only access to a file, so that new info can be added, but existing info cannot be deleted or edited. This is also possible using chattr through the +a option.
chattr +a test.txt
So you can see that we could append to the file now, but could not
edit existing information in the file as well as delete the file. To
reverse this behavior, just use the -a option.
chattr -a test.txt
Q4. How to apply a restriction using chattr to all files in a directory?
This can be done using the flag -R, which lets you recursively change attributes of directories and their contents. For example, if you want to make all files inside the test-dir directory as read-only, use the chattr command in the following way:
chattr -R +i ./test-dir/
The following screenshot shows the read-only restriction was successfully applied to all files inside the directory.Q5. How to check chattr attributes applied on files?
Until now, to check if a chattr attribute was successfully applied, we tried performing operations like editing the file or deleting it. But there's a separate command that lets you easily see if the attributes were applied or not. The command in question is lsattr.
lsattr [FILENAME]
For example, the following screenshot shows lsattr output clearly
suggesting the 'i' attribute was applied to all files in the directory.
Just to reconfirm, here's the output after the -i option was used.
So you can see in the screenshot above, the read-only attribute was removed from all files.
No comments:
Post a Comment