How to use Linux File System attributes

In Linux, there are many ways to protect your files. File System attributes are one of them. In this article, you will learn how to use these file system attributes.

Before using file system attributes, you should understand the main differences between various file systems. Generally, file systems are divided into XFS file systems and other file systems. For attribute management, XFS has its own solution, and the attribute options we will discuss here are completely different. In this article, we will discuss the attribute settings on the ext file system. To use file system attributes, you must start the file system. By default, only the newly started file system uses the file system attributes. To enable file system attribute support, you must specify a mount option when mounting the file system. This option is user_xattr. Before testing any information described in this article, make sure that this property is set to start. You can use the mount command to confirm the information. The following content shows how to view file system attributes on the computer that started the root file system.

Confirm the file system attribute support by using the mount command

/dev/mapper/vg_flo-lv_root on / type ext4 (rw,noatime,user_xattr)proc on /proc type proc (rw)sysfs on /sys type sysfs (rw)devpts on /dev/pts type devpts (rw,gid=5,mode=620)tmpfs on /dev/shm type tmpfs (rw,rootcontext="system_u:object_r:tmpfs_t:s0")/dev/sda1 on /boot type ext4 (rw)/dev/mapper/luks-3e67401f-44c6-4a27-a1bf-cdf0dcf45f65 on /home type ext4(rw,noatime,user_xattr)none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)none on /proc/fs/vmblock/mountPoint type vmblock (rw)sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)fusectl on /sys/fs/fuse/connections type fusectl (rw)gvfs-fuse-daemon on /home/sander/.gvfs type fuse.gvfs-fuse-daemon(rw,nosuid,nodev,user=sander)

If the current file system does not support these attributes, you can usually add the user_xattr option for a mounted file system. You can use the following command to add the user_xattr option to the root file system.

mount -o remount,user_xattr /

The remount option ensures that the file system uses new attributes without the need to completely detach the file system. If you want the file system to support file system attributes for a long time, you must specify the attributes as an option in the/etc/fstab file. The following shows how to enable file system attributes for the root logical volume on my Fedora system.

Display and change attributes

There are two different file system attributes. Some attributes are used as default attributes, while others are set as simple file management systems. The lsattr command displays partial system attributes of files and directories on the computer without changing the attributes of the file system. For example, if the I attribute is found on the etc directory, this means that the directory is using the H-tree index to accelerate the search. Similarly, in an ext4 file system, E attributes may be found in many files and directories, which means these files are using blocks instead of blocks for more efficient storage. All these system attributes represent a certain State and cannot be changed.

For attributes that can be modified by administrators, you will find that some of these attributes are in the lab state. This indicates that these attributes may be deployed and used in the new kernel and file system, but there is no function yet. However, some deployed attributes may be useful to you. For example:

I immutable: files with this attribute cannot be modified. This attribute can effectively prevent accidental deletion of important files.

J journal: This attribute ensures that the file data block is written into the log before the file metadata. This attribute applies only to data = mount log mode. It can provide more protection for your files.

S secure deletion: data blocks of files with this attribute are cleared before the DELETE command is submitted. This attribute applies only to the latest kernel version and file system.

U undelete: files that use this attribute can be restored using tools, such as extundelete. This attribute applies only to the latest kernel version and file system.

You can use the chattr command to set file attributes. For example, the following command configures the/etc/hosts file attribute to immutalbe:

chattr +i /etc/hosts

Run the lsattr command to check whether the configuration is successful. This command displays all the currently configured properties of a file.

[root@flo ~]# chattr +i /etc/hosts[root@flo ~]# lsattr /etc/hosts----i--------e- /etc/hosts

A good feature of file system attributes is that these attributes can be applied to all users. Therefore, the file system attribute is valid no matter which user logs on. This ensures that the root user is also limited by your attribute settings. However, root users can delete file system attributes.

In modern Linux file systems such as ext4, by default, file system attributes can be used to implement advanced file system functions, such as zones. In other file systems, before you start using these advanced features, you may have to start property support. With these attributes, you can add additional user protection for your files, even root users. Therefore, file system attributes provide a very valuable extra protection method for your server security.