Get your server issues fixed by our experts for a price starting at just 25 USD/Hour. Click here to register and open a ticket with us now!
« previous next »
Pages: [1]   Go Down

Author Topic: Changing the File Attributes  (Read 3481 times)

0 Members and 1 Guest are viewing this topic.

rohitj

  • Guest
Changing the File Attributes
« on: November 16, 2013, 09:54:33 pm »
Changing the File Attributes

This explains how to use chattr to keep important system files secure. However, this command is only available on ext2 and ext3 partitions.

chattr

chattr [options] mode files

Modify file attributes. Specific to Linux Second and Third Extended Filesystem (ext2 and ext3). Behaves similarly to symbolic chmod, using +, -, and =. mode is in the form opcode attribute. See also lsattr.

Options

-R Modify directories and their contents recursively.

-V Print modes of attributes after changing them.

-v version Set the file’s version.

Opcodes

+
Add attribute.

-
Remove attribute.

=
Assign attributes (removing unspecified attributes).

Attributes

A —> Don’t update access time on modify.

a —> Append only for writing. Can be set or cleared only by a privileged user.

c —>Compressed.

d —> No dump.

i —> Immutable. Can be set or cleared only by a privileged user.

j —> Journalled file. This is useful only in cases where you are using an ext3 filesystem mounted with the data=”ordered” or data=”writeback” attributes. The data=”journalled” option for the filesystem causes this operation to be performed for all files in the system and makes this option irrelevant.

S —> Synchronous updates.

s —> Secure deletion. The contents are zeroed on deletion, and the file cannot be undeleted or recovered in any way.

u —> Undeletable. This causes a file to be saved even after it has been deleted, so that a user can undelete it later.

Examples of using chattr and lsattr

// Set the immutable bit on a file so it cannot be changed or removed

# chattr +i myfile
# lsattr myfile
—-i——– myfile

// Testing the immutable flag by attempting to delete the file

# rm myfile
rm: cannot remove `myfile’: Operation not permitted

// Set myfile to append-only

# chattr +a myfile
# lsattr myfile
—–a——- myfile
# echo testing > myfile
myfile: Operation not permitted
# echo testing >> myfile
// no errors – file was appended to

In some instances this may useful to keep important files safe from deletion. Remember that even root can’t delete a file that is immutable or append-only without first explicitly removing that attribute. Using this flag on /etc/passwd or /etc/shadow files keeps them safe from an accidental rm -f and also ensures no new accounts can be added in the event of an exploit. Keeping other files append-only means once they are written, that data can’t be changed.
====================================================================>
Logged
Pages: [1]   Go Up
« previous next »