Linux attribute fun: preventing read-only access from being overwritten with chattr

Image via Wikipedia

Have you ever wanted to make attributes, such as rwx permissions, for a file or group of files fixed and impossible to change by chmod, even for the root user (unless they know how to override it)? If yes, then chattr is the command you need.

As an example, let's say you have one or more files in a directory named /var/opt/xst that you need to protect the attributes of (e.g. make them read only).

Here's how you would do it:


1) Set permissions for the file, or files in a directory.
e.g. chmod 444 /var/opt/xst/xst.ini OR chmod 444 /var/opt/xst/*

2) ls -la /var/opt/xst/ to confirm the permission was changed

3) To make the file permissions immutable:
chattr -i /var/opt/xst/xst.ini OR chattr -i 444 /var/opt/xst/*

4) To revert:
chattr +i /var/opt/xst/xst.ini OR chattr +i 444 /var/opt/xst/*

There's also the option to make the attributes for any file "append-only" (chattr +a).

Note: You can check current attributes by using lsattr.

Related articles

• Power of the Command Line (nofluffjuststuff.com)