There are plenty of tools and methods out there to secure and prevent your files and folders from accidental deletion. chattr is one of them. It is a command-line utility to change the file attributes on an ext2/ext3/ext4 filesystems. It prevents the accidental deletion of your important files. Even though you have full permissions over files, you can’t delete them which are secured by chattr.
Syntax
# chattr [operator] [switch] [filename]
Operator
+ causes the selected attributes to be added to the existing attributes of the files;
- causes them to be removed;
= causes them to be the only attributes that the files have.
Switch
R - Recursively change attributes of directories and their contents.
a - A file with the `a' attribute set can only be open in append mode for writing. Only the superuser or a process possessing the CAP_LINUX_IMMUTABLE capability can set or clear this attribute.
i - A file with the `i' attribute cannot be modified: it cannot be deleted or renamed, no link can be created to this file and no data can be written to the file. Only the superuser or a process possessing the CAP_LINUX_IMMUTABLE capability can set or clear this attribute.
The difference between ‘a’ and ‘i’ switch are the file with ‘a’ attribute can append the contents and the file with ‘i’ attribute can’t append. You can view the attributes of files using command lsattr.
Usage
Let us create a sample files in /home/sk directory called unixmen1, unixmen2:
sk@sk:~$ touch unixmen1 unixmen2
Example 1: chattr with ‘i’ switch
sk@sk:~$ sudo chattr +i unixmen1
View the attributes of file unixmen1:
sk@sk:~$ sudo lsattr unixmen1 ----i--------e-- unixmen1
Well, now the attributes has been set up to unixmen1 file. Next try to remove the file with root user privileges.
sk@sk:~$ sudo rm -f unixmen1 rm: cannot remove ‘unixmen1’: Operation not permitted
See, you can’t remove the file even if you have root privileges.
Try to append some contents to unixmen1 file:
sk@sk:~$ cat >> unixmen1 bash: unixmen1: Permission denied sk@sk:~$ sudo cat >> unixmen1 bash: unixmen1: Permission denied
You can’t append any contents whether you are a super-user or normal user when the file is secured with chattr.
Remove the file attributes:
sk@sk:~$ sudo chattr -i unixmen1
Now add some contents to unixmen1 file:
sk@sk:~$ cat >> unixmen1 Welcome to Unixmen Network
Press CTRL+D to save and exit the file.
You will able to append contents without any restrictions now. Display the contents of the file using the following command:
sk@sk:~$ cat unixmen1 Welcome to Unixmen Network
Also now you will able to remove the file too. It doesn’t matter whether you are a super user or normal user:
sk@sk:~$ rm -f unixmen1
or:
sk@sk:~$ rm unixmen1
Note that I didn’t use sudo in the above example.
Example 2: chattr with ‘a’ switch
As I mentioned before, the main difference between ‘a’ and ‘i’ switch is you can append the contents to file with ‘a’ switch and you can’t append any contents to files which are setup with ‘i’ switch:
sk@sk:~$ sudo chattr +a unixmen2
Append some contents to unixmen2 file:
sk@sk:~$ cat >> unixmen2 Hello welcome to unixmen network
Press CTRL+D to save and exit the file. You will able to append contents now, but you can’t remove the file:
sk@sk:~$ rm -f unixmen2 rm: cannot remove ‘unixmen2’: Operation not permitted sk@sk:~$ sudo rm -f unixmen2 rm: cannot remove ‘unixmen2’: Operation not permitted
Remove the attributes using the following command:
sk@sk:~$ sudo chattr -a unixmen2
Now try to delete the file:
sk@sk:~$ rm unixmen2
The file will be deleted without any restrictions.
Example 3: chattr with ‘R’ switch
Say for example I have a directory called unixmen. This folder contains some files called file1, file2 and file3:
sk@sk:~$ mkdir unixmen sk@sk:~$ cd unixmen/ sk@sk:~/unixmen$ touch file1 file2 file3 sk@sk:~/unixmen$ cd .. sk@sk:~$ ls unixmen/ file1 file2 file3
Set the attributes with ‘i’ switch to the unixmen folder and its contents:
sk@sk:~$ sudo chattr -R +i unixmen/
Here the ‘R’ switch the is used to change the attributes of directory unixmen and its contents recursively.
Try to delete the folder unixmen or its contents:
sk@sk:~$ rm -fr unixmen/ rm: cannot remove ‘unixmen/file1’: Permission denied rm: cannot remove ‘unixmen/file2’: Permission denied rm: cannot remove ‘unixmen/file3’: Permission denied
sk@sk:~$ sudo rm -fr unixmen/ rm: cannot remove ‘unixmen/file1’: Permission denied rm: cannot remove ‘unixmen/file2’: Permission denied rm: cannot remove ‘unixmen/file3’: Permission denied
See, you can’t remove the folder or its contents whether you are a root or a normal user. And you can’t append any contents to the files inside unixmen folder if you use ‘i’ switch:
sk@sk:~$ cat >> unixmen/file1 bash: unixmen/file1: Permission denied
To remove the attributes of unixmen folder and its contents, just execute the following command:
sk@sk:~$ sudo chattr -R -i unixmen/
Now you can change, delete and modify the folder and its contents as well.
As we seen in the Example 2, you can append contents to files only when you setup the folder attributes with ‘a’ switch:
sk@sk:~$ sudo chattr -R +a unixmen/
Append contents to files:
sk@sk:~$ cat >> unixmen/file1 Hello Welcome
Press CTRL+D to save and exit the file.
Display the contents of file1:
sk@sk:~$ cat unixmen/file1 Hello Welcome
However you can’t delete the folder nor the files too:
sk@sk:~$ rm -fr unixmen/ rm: cannot remove ‘unixmen/file1’: Operation not permitted rm: cannot remove ‘unixmen/file2’: Operation not permitted rm: cannot remove ‘unixmen/file3’: Operation not permitted sk@sk:~$ sudo rm -fr unixmen/ rm: cannot remove ‘unixmen/file1’: Operation not permitted rm: cannot remove ‘unixmen/file2’: Operation not permitted rm: cannot remove ‘unixmen/file3’: Operation not permitted
Example 4: Prevent users from changing password
This example will help you to prevent users from changing the passwords also. As we all know the /etc/shadow file stores actual password in encrypted format for user’s account with additional properties related to user password. ie. It stores secure user account information. So let us make this file write protect in order to prevent the password change:
sk@sk:~$ sudo chattr +i /etc/shadow
Now change the current user password (eg. sk):
sk@sk:~$ sudo passwd sk Enter new UNIX password: Retype new UNIX password: passwd: Authentication token manipulation error passwd: password unchanged
Now logout and login again with user ‘sk’. You can’t able to login with new password, however you still need your old password to login.
View the attributes of /etc/shadow file using the following command:
sk@sk:~$ sudo lsattr /etc/shadow ----i--------e-- /etc/shadow
To restore the old attributes, just enter the following command:
sk@sk:~$ sudo chattr -i /etc/shadow
I hope you will enjoy and use this command to secure and prevent files from accidental deletion. For more information about chattr command refer the man pages.
sk@sk:~$ man chattr
