Detailed description of chattr and lsattr commands in Centos

Usage of the chattr command:

Chattr [+-=] [ASacdistu] [file or directory name]

Parameter description:
+-=: [+ Add] [-decrease] [= Set] attribute meanings respectively
A: the access time of the file (or directory) when the attribute A is set
Atime (access) will not be modified, which can prevent portable computers from having disk I/O errors!
S: This function is similar to the sync function! Data is synchronized to the disk! This effectively prevents data loss!
A: After setting a, this file can only add data, but cannot be deleted. Only root can set this attribute.
C: After this attribute is set, the file will be automatically compressed and automatically decompressed during reading, but during storage, it will be compressed before storage (it seems very useful for large files !)
D: when the dump (backup) program is executed, setting the d attribute will enable the file (or directory) to be dump!
I: This is amazing! He can make an archive unable to be deleted, renamed, set links, or write or add data! Great help for system security!
J: when the file system format ext3 is used, setting the j attribute will record the file in journal before writing! However, when the filesystem parameter is set to data = journalled, this attribute is invalid because the log has been set!
S: when the file sets the s parameter, it will be completely removed from the hard disk space.
U: opposite to s. When u is used to set the file, the data content still exists in the disk and can be used for undeletion.

Chattr example Shell

 

Chattr + I/etc/shadow # After adding the "I" hidden attribute, the file cannot be changed.
Chattr-I/etc/shadow # remove the hidden attribute "I"
Lsattr command usage: lsattr [-aR]
Parameter description:
-A: lists the properties of hidden files;
-R: the data in the subdirectories are also listed!

Lsattr example Shell

 

Chattr + I. bash_logout # Add a hidden "I" attribute, which will be detailed later
Lsattr-a # list all the attributes (including hidden attributes) of the files or files in the current directory
--------------./.
--------------./..
--- I ----------./. bash_logout
--------------./. Bash_profile
--------------./. Bashrc

For exampleThis is a normal deletion logic. The user is root. In general sense, as long as the file is not open, root can delete any file:

Root @ compute-node :~ /Test # ls-l
Total 0
-Rw-r -- 1 root 0 Jul 18 :02 1.txt
-Rw-r -- 1 root 0 Jul 18 :02 2.txt
Root @ compute-node :~ /Test # rm 1.txt
Root @ compute-node :~ /Test # ls
2. txt
Root @ compute-node :~ /Test #

Then, 2.txtcan be deleted without authorization. Lsattr 2.txt has one more attribute:

Root @ compute-node :~ /Test # chattr + I 2.txt
Root @ compute-node :~ /Test # rm 2.txt
Rm: cannot remove 2.txt: Operation not permitted
Root @ compute-node :~ /Test #
Root @ compute-node :~ /Test # lsattr 2.txt
---- I -------- e -- 2.txt

After the I of 2.txtis removed, 2.txt can be deleted again.

Root @ compute-node :~ /Test # chattr-I 2.txt
Root @ compute-node :~ /Test # rm 2.txt
Root @ compute-node :~ /Test # ls
Root @ compute-node :~ /Test #