a command that is important for system security
chattr
chattr
for setting file properties
lsattr
for viewing file properties
1.function
Modify the ext2 and Ext3 file System Properties (attribute), using the privilege superuser.
2. Format
chattr [-RV] [-+=aacddijssu] [-V version]file or directory
3. Main parameters
-R: Recursively processes all files and subdirectories.
-V: Displays the modified content in detail and prints the output.
-: Invalid property.
+: Activates the attribute.
= : Specifies a property.
A: Atime, tell the system not to modify the last access time for this file. Setting this option avoids the slow I/O machine over-accessing the disk, which can be helpful for slower computers A:append only, the system only allows appending data after this file, and does not allow any process to overwrite or truncate the file. If the directory has this attribute, the system will only allow the file to be created and modified in this directory, and no files are allowed to be deleted.
suitable for log filesi:immutable, the system does not allow any modifications to this file. If the directory has this attribute, then any process can only modify files under the directory, not allow the creation and deletion of files. can be used in/etc/passwd and other important files, can let the system cannot add users or modify the password
s:secure Delete to allow the system to use 0 to populate the area where the file is located when the file is deleted. prevent data from being restored
U:undelete, when an application requests that the file be deleted, the system retains its data block so that it can be recovered later to delete the file.
C:compress, the system compresses the file in a transparent manner. When reading from this file, the extracted data is returned, and when the data is written to the file, the data is first compressed before it is written to disk.
S: Sync, once the application writes to this file, the system immediately writes the result of the modification to the disk.
D: Check for errors in the compressed file.
D: No dump, the DUMP program ignores this file when a file system backup is in progress.
4. Description
chattrcommands are very useful, some of which are supported by the Linux kernel version, and if the Linux kernel version is less than 2.2, many of the features are not implemented. The same-D check for errors in compressed files requires 2.5.19 or more cores to support. In addition, modifying a property with the chattr command can improve the security of the system, but it is not suitable for all directories. The CHATTR command cannot protect/,/dev,/tmp,/var directories. Linux command:
lsattr
Function Description:
Syntax
Additional notes:
Parameters
Linux--Chattr
