fatmawati achmad zaenuri/Shutterstock

Along with the usual read, write, and execute permissions of files Linux files have another set of attributes that control other characteristics of the file. Here’s how to view and change them.

Permissions and attributes

In Linux, who can access a file and what they can do with it is controlled by a set of permissions user centered. whether i can read the contents of a file writing new data to the file, or executing a file if it’s a script or a program are all governed by that set of permissions. Permissions apply to the file, but define the restrictions and capabilities for different categories of users.

There are permits for owner of the file, for group of the file and for others that is, users who are not in the first two categories. You can use the lscommand with the -loption (long list) to view the permissions on a file or directory.

To change permissions, use the chmodcommand . At least you can if you have write permissions to the file or if you are the root user.

We can see that file permissions are user-centric because they grant or remove user-level permissions. On the contrary, attributes of a file are file system centric. Like permissions, they are set on the file or directory. But once configured, they are the same for all users.

Attributes are a separate collection of permission settings. Attributes control features such as immutability and other behavior at the file system level. To see the attributes of a file or directory we use the lsattrcommand. To set the attributes we use the chattrcommand.

Permissions and attributes are stored within inodes . An inode is a file system structure which contains information about file system objects, such as files and directories . A file’s location on the hard drive, its creation date, permissions, and attributes are stored within its inode.

Because different file systems have different capabilities and underlying structures, the attributes may behave differently, or be ignored entirely, by some file systems. In this article, we are using ext4 what is the default file system for many Linux distributions.

Looking at the attributes of a file

The commands chattrY lsattrThey will already be present on your computer, so there is no need to install anything.

To check the attributes of files in the current directory, use lsattr:


List of file attributes for all files in a directory

Dashed lines are placeholders for attributes that are not set. The only attribute that is set is the eattribute (extensions). This shows that the filesystem inodes are using, or will use if necessary, extensions to point to all parts of the file on the hard drive.

If the file is held in a contiguous sequence of hard drive blocks, your inode only has to record the first and last blocks used to store the file. If the file is fragmented the inode must record the number of the first and last blocks of each part of the file. These pairs of hard drive block numbers are called extensions.

This is the list of the most used attributes.

  • a : Just add. A file with this attribute can only be added to. It can still be written, but only at the end of the file. It is not possible to overwrite any of the existing data within the file.
  • c : Compressed. The file is compresses automatically on the hard drive and decompresses when read. Data written to files is compressed before being written to the hard drive.
  • R : Without atime updates . The atimeis a value in an inode that records the last time a file was accessed.
  • C : No copy on write. If two processes request access to a file, they can be given pointers to the same file. They only receive their own unique copy of the file if they attempt to write to the file, making it unique to that process.
  • d : No dump. The Linux command dumpit is used to write copies of entire file systems to backup media. This attribute does dumpignore the file. It is excluded from the backup.
  • D : Synchronous directory updates. When this attribute is enabled for a directory, all changes to that directory are written synchronously, that is, immediately, to the hard drive. Data operations can be buffered.
  • and : extension format. The eattribute indicates that the file system is using extensions to map the location of the file on the hard drive. You can’t change this with chattr. It is a function of how the file system works.
  • I : immutable. An immutable file cannot be modified, including renaming and deletion. The root user is the only person who can set or disable this attribute.
  • s : Secure deletion. When a file with this set of attributes is deleted, the blocks on the hard drive that contained the file’s data are overwritten with bytes containing zeroes. Note that this is not respected by the ext4File System.
  • yes : Synchronous updates. Changes to a file with its Sset of attributes are written to the file synchronously.
  • or : Delete a file that has your uattribute set causes a copy of the file to be made. This can be beneficial for file recovery if the file was deleted by mistake.

Change the attributes of a file

The chattrcommand allows us to change the attributes of a file or directory. We can use the operators +(set) and -(unset) to apply or remove an attribute, similar to chmodcommand and permissions.

The chattrcommand also has a =operator (set only). This sets the attributes of a file or directory to only the attributes that are specified in the command. That is, all the attributes that not appear on the command line cancel .

Configuring the add-only attribute

Let’s set the add-only attribute on a text file and see how it affects what we can do with the file.

sudo chattr +un archivo de texto.txt

Set the add-only attribute on a text file

We can verify that the add-only bit has been set using lsattr:

lsattr archivo-texto.txt

List of attributes for a text file

The letter ” a” indicates that the attribute has been set. Let’s try to overwrite the file. Redirect output to a file with a single angle bracket “ >” replaces the entire contents of the file with the redirected output.

We have preloaded the text file with some placeholder text lorem ipsum .


Placeholder text in a text file

We will redirect the output from lsthe file:

ls -l > archivo-de-texto.txt
sudo ls -l > archivo-de-texto.txt

Attempt to overwrite an add-only text file

The operation is not allowed, even if we use the sudocommand .

If we use two angle brackets “ >>” to redirect the output, it is added to the existing data in the file. That should be acceptable for our add-only text file.

sudo ls -l >> archivo-de-texto.txt

Redirect output to the end of a text file

We return to the command prompt without any error message. Let’s take a look inside the file to see what has happened.


Browse the contents of a text file

The redirected output of lshas been added to the end of the file.

New data added to an add-only text file

Although we can add data to the file, that is the only change we can make to it. We can’t remove it and we can’t root either.

rm archivo de texto.txt
sudo rm archivo de texto.txt

Can't delete a text file just to add

Immutable Attribute Configuration

If you want to protect a file that will never have new data added to it, you can set the immutable attribute. This prevents all changes to the file, including adding data.

sudo chattr +i segundo-archivo.txt
lsattr segundo archivo.txt

Set the immutable attribute on a text file

We can see the “ i” indicating that the immutable attribute has been set. Having made our file immutable, even the root user cannot rename it ( mv), remove it ( rm) or add data to it.

sudo mv segundo archivo.txt nuevo nombre.txt
sudo rm segundo archivo.txt
sudo ls -l >> segundo-archivo.txt

An immutable file that resists change

Don’t trust safe delete on ext4

As we pointed out, some operating systems do not support all attributes. extThe family of file systems does not respect the safe delete attribute included ext4. Do not rely on this for secure file deletion.

It is easy to see that this does not work in ext4. We will set the sattribute (safe delete) in a text file.

sudo chattr +s tercer archivo.txt

Setting the secure delete attribute on a text file

What we are going to do is find out the inode that contains the metadata of this file. The inode contains the first hard drive block occupied by the file. The file contains some placeholder text from lorem ipsum .

We will read that block directly from the hard drive to verify that we are reading the correct location on the hard drive. We’ll delete the file and then read the same hard immersion block one more time. If the safe delete attribute is honored, we should read the zeroed bytes.

We can find the inode of the file using the hdparmcommand with the --fibmapoption (file block map).

sudo hdparm --fibmap tercer archivo.txt

Find the inode of a file

The first block of the hard drive is 18100656. We will use the ddcommand to read it.

The options are:

  • if=/dev/sda : Read from the first hard drive of this computer.
  • bs=512 : Use a hard drive block size of 512 bytes.
  • skip=18100656 : Skip all blocks before block 18100656. In other words, start reading at block 18100656.
  • count=1 : Read a block of data.
sudo dd if=/dev/sda bs=512 skip=18100656 cuenta=1

Reading the first hard drive block of a file

As expected, we see the placeholder text of lorem ipsum . We are reading the correct block on the hard drive.

Now we will delete the file.

rm tercer archivo.txt

If we read that same hard drive block, we can still see the data.

sudo dd if=/dev/sda bs=512 skip=18100656 cuenta=1

Read data from a hard drive block used by a deleted file

Again, don’t rely on this for secure deletion on ext4. There is best available methods to delete files so that they cannot recover.

Helpful, but use with caution

Setting file attributes can make them immune to accidental disasters. If you can’t delete or overwrite a file, it’s pretty safe.

You may think you’d like to apply them to system files and make your Linux installation more secure . But system files must be replaced periodically as updates are issued or applied. For that reason, it is safer to use these attributes only on files of your own creation.

RELATED:   The new Samsung SD cards offer a write speed of up to 120 MB / s

Leave a Reply

Your email address will not be published. Required fields are marked *