Description and example of chattr and lsattr commands

The chattr command is very useful. some of the functions are supported by the Linux kernel version. if the Linux kernel version is earlier than 2.2, many functions cannot be implemented. Similarly, if-D is used to check the wrong function in the compressed file, the kernel 2.5.19 or later is required. In addition, use the chattr command to modify...

 

The chattr command is very useful. some of the functions are supported by the Linux kernel version. if the Linux kernel version is earlier than 2.2, many functions cannot be implemented. Similarly, if-D is used to check the wrong function in the compressed file, the kernel 2.5.19 or later is required. In addition, modifying attributes using the chattr command can improve system security, but it is not suitable for all directories. The chattr command cannot protect the/,/dev,/tmp, and/var directories. Lsattr is relatively simple. it only displays the file attributes [root] # lsattr

---- Ia --- j ---./lsattr_test

These two commands are used to change the attributes of files and directories. compared with the chmod and ls commands, chmod only changes the read and write permissions of files, the underlying property control is changed by chattr. Usage of the chattr command: chattr [-RV] [-v version] [mode] files... the most important part is in the [mode] section. the [mode] section is composed of the +-= and [ASacDdIijsTtu] characters, which are used to control file attributes. +: Append parameters based on the original parameter settings.

-: Remove the parameter based on the original parameter settings. =: Updated to the specified parameter settings. A: The atime (access time) of A file or directory cannot be modified, which can effectively prevent I/O errors on A laptop disk. S: Hard disk I/O synchronization option, similar to sync. A: append. after this parameter is set, data can only be added to the file, but cannot be deleted. This attribute is mostly used for server log file security and can only be set by root. C: compresse: specifies whether the file is compressed before being stored. Automatic decompression is required for reading. D: no dump. the file cannot be the backup target of the dump program. I: The set file cannot be deleted, renamed, or linked, and cannot be written or added. The I parameter is very helpful for security settings of the file system. J: That is, journal. this parameter is set so that when the file system is mounted by the mount parameter: data = ordered or data = writeback, the file is first recorded (in journal) when written ). If the filesystem parameter is set to data = journal, this parameter is automatically invalid. S: Confidential deletion of files or directories, that is, the hard disk space is all withdrawn. U: opposite to s. when set to u, the data content still exists in the disk and can be used for undeletion. a and I are often used in each parameter option. Option a can only be added and cannot be deleted. it is mostly used for security settings of the log system. I is a more rigorous security setting. this option can be applied only to processes with superuser (root) or CAP_LINUX_IMMUTABLE processing capability (identifier.

Application Example 1:
1. use the chattr command to prevent the modification of a key file in the system.

# Chattr + I/etc/fstab and then try rm mv rename and other commands to operate on this file. The results of Operation not permitted are obtained. 2. you can only append content to a file, cannot be deleted. some log files apply to this operation # chattr + a/data1/user_act.log Application Example 2:

[root@ticket-A ~]# passwd rootChanging password for user root.New UNIX password: Retype new UNIX password: Sorry, passwords do not matchNew UNIX password: Retype new UNIX password: passwd: Authentication token manipulation error

Some say that the root directory space is full, or the password file permission is incorrect. if you used to perform security configuration on the system, set/etc/passwd, to change/etc/shadow to unmodifiable, you must cancel the previous modification as follows:

[Root @ station22 ~] # Lsattr/etc/passwd/etc/shadow ---- I --------/etc/passwd ---- I --------/etc/shadow

[Root @ station22 ~] # Chattr-I/etc/passwd [root @ station22 ~] # Chattr-I/etc/shadow [root @ station22 ~] # Lsattr/etc/passwd/etc/shadow -------------/etc/passwd -----------/etc/shadow and then modify the root password. After the modification, Run [root @ station22 ~]. # Chattr + I/etc/passwd [root @ station22 ~] # Chattr + I/etc/shadow author: Crazy Monkey