The use of lsattr and CHATTR commands in Linux

The Chattr command is powerful, some of which are supported by the Linux kernel version, and many of the features are not implemented if the Linux kernel version is below 2.2. Also-d to check for errors in the compressed file, requires more than 2.5.19 Kernel to support. In addition, modifying attributes through the CHATTR command can improve the security of the system, but it does not work for all directories. The CHATTR command cannot protect//dev,/tmp,/var directories. Lsattr is simpler, just showing the properties of the file

Chattr: To change the file, directory properties and Chmod,ls These commands, chmod just change the file read and write, execute permissions, the lower level of control of the property by the chattr to change.

Usage of the chattr command: chattr [-RV] [-v version] [mode] files ...

Most crucially, in the [mode] section, the [mode] section is composed of +-= and [Asacddiijsttu] characters, which are used to control the file's
Property.
+: On the basis of the original parameter setting, append the parameter.
-: On the basis of the original parameter setting, remove the parameter
=: Update set for specified parameter.
A: Atime (Access time) for a file or directory cannot be modified (modified) to effectively prevent the occurrence of disk I/O errors such as laptop computers.
S: HDD I/O sync option, features similar to sync
A: That is append, set this parameter, can only add data to the file, and can not be deleted, more for the server log file security, only root can set this property.
C: That is, Compresse, set the file is compressed and then stored. An automatic decompression operation is required for reading.
D: That is no dump, the set file can not be a dump program backup target.
I: The settings file can not be deleted, renamed, set link relationship, can not write or add content. The I parameter is a great help for the security settings of the file system.
J: Journal, set this parameter so that when passed through the Mount parameter: data=ordered or data=writeback mounted file system, the file is written to be recorded first (in journal). If the filesystem is set to Data=journal, the parameter is automatically invalidated.
S: Delete files or directories confidentially, that is, the hard disk space is fully recovered.
U: In contrast to S, when set to U, the data content actually exists in the disk and can be used for undeletion.

A and I are commonly used in various parameter options. The A option enforces that only non-removable, and more security settings for the logging system can be added. While I is a stricter security setting, only superuser (root) or processes with cap_linux_immutable processing power (identification) can impose this option.

application Example:

1. Use chattr command to prevent a key file in the system from being modified

The code is as follows	Copy Code
# chattr +i/etc/fstab

Then try the RM MV Rename, and so on, which are all results of operation not permitted

2, so that a file can only append content to the inside, can not be deleted, some log files applicable to this operation

The code is as follows	Copy Code
# chattr +a/data1/user_act.log

3. View file properties

The code is as follows	Copy Code
# Lsattr/data1/user_act.log -–a ——-/data1/user_act.log

4, cancel the permissions, modify the file

The code is as follows	Copy Code
# chattr-i/etc/fstab

This allows you to continue modifying the/etc/fstab file.