This command is only used by root and is set to be valid for the root user
chattr [+-=] Options file or directory
Common Options Description:
A: Atime (access time) of a file or directory cannot be modified (modified), which can effectively prevent the occurrence of disk I/O errors such as laptops.
S: HDD I/O sync option, similar to sync.
A: Append, after setting this parameter, can only add data to the file, not delete, more for the server log file security, only root can set this property.
C: Compresse, set whether the file is compressed and then stored. An automatic decompression operation is required for reading.
D: No dump, the settings file cannot be the backup target of the dump program.
I: The settings file cannot be deleted, renamed, linked, and cannot be written or added. The I parameter is useful for file system security settings.
J: Journal, set this parameter so that when the file system is mounted via the Mount parameter: data=ordered or Data=writeback, the file is recorded (in journal) when it is written. If the filesystem parameter is set to Data=journal, the parameter is automatically invalidated.
S: Delete files or directories confidentially, that is, the hard disk space is fully recovered.
U: In contrast to S, when set to U, the data content actually exists in the disk and can be used for undeletion.
A and I are commonly used in the various parameter options. The A option enforces that only non-removable, multi-log system security settings can be added. While I is a more stringent security setting, only superuser (root) or processes with cap_linux_immutable processing power (identity) can apply this option.
Illustrate the most common options I and a
I: If I property is set on the file, the file is not allowed to be deleted, renamed, Added and modified.
If you set the I property on the directory, you can only modify the data for the files in the directory, but you cannot create new files and delete existing files
1 /** Set I properties on File **/2[Email protected] tmp]#TouchOne.file3[Email protected] tmp]#Echo 'just a test'>> one.file4[Email protected] tmp]#CatOne.file5 just a test6[Email protected] tmp]#chattr+i one.file 7[Email protected] tmp]#Echo 'Hello World'>> one.file //cannot add File contents8-bash:one.file: Permission denied9[Email protected] tmp]# vim one.file //vim can open the file, but also cannot modify, add, delete the contents of the fileTen[Email protected] tmp]#MVOne.fileanother.file //Cannot rename file One MV: Cannot move ' one.file'To ' Another.file': Operation not permitted A[Email protected] tmp]#RM-RF one.file //Cannot delete file - RM: Cannot remove ' one.file': Operation not permitted - the /** Set I properties on directory **/ -[Email protected] tmp]#mkdirTest - [email protected] tmp]# ll -Total - +-rw-r--r--1Root root AMay A +: $One.file -Drwxr-xr-x2Root root4096May A +: -Test +[Email protected] tmp]#TouchTest/one.file A[Email protected] tmp]#Echo 'just a test file'>> Test/one.file at[Email protected] tmp]#chattr+I test -[Email protected] tmp]#Echo 'Hello World'>> Test/one.file -[Email protected] tmp]#HeadTest/one.file -Just a testfile - Hello World -[Email protected] tmp]#RM-RF Test/one.file in RM: Cannot remove ' test/one.file': Permission denied -[Email protected] tmp]#TouchTest/another.file to Touch: CannotTouch' Test/another.file': Permission denied
A: If you set a property to a file, you can only add data to the file, but you cannot delete or modify the data.
If you set a property to a directory, you can only create and modify files in the directory, but you cannot delete the files
1[Email protected] tmp]#TouchBoth.file2[Email protected] tmp]#Echo 'Hello Worle'>>.file3[Email protected] tmp]#chattr+a.file4[Email protected] tmp]#Echo 'just a test'>>.File//can append the contents of files, only use the command to increase or decrease, cannot use the editor such as Vim to add5[Email protected] tmp]# vim.file //you can use VIM to open a file, but you cannot delete, modify, or add file content6[Email protected] tmp]#mkdirtwotest7[Email protected] tmp]#TouchTwotest/one.file 8[Email protected] tmp]#chattr+a twotest9[Email protected] tmp]#Echo 'Hello World'>> Twotest/one.file //can modify the contents of a fileTen[Email protected] tmp]#TouchTwotest/two.file //can create files One[Email protected] tmp]#RM-RF Twotest/one.file //Cannot delete file A RM: Cannot remove ' twotest/one.file': Operation not permitted -[Email protected] tmp]#MVTwotest/one.fileTwotest/one.file.file //Cannot rename file - MV: Cannot move ' twotest/one.file'To ' Twotest/one.file.file': Operation not permitted
View file properties
Lsattr-a displaying file or directory properties
[Email protected] tmp]# lsattr-a one.file
----I--------e-one.file//one.file file has the I attribute, the file system is ext (e)
Lsattr-d Display Directory Properties
[Email protected] tmp]# lsattr-d twotest
-----a-------e-twotest//directory twotest has a attribute, file system is ext (e)
Linux file Properties Command chattr