Linux chattr Command Tutorial for Beginners (5 Examples)

Often a Linux computer is used by different users. So there is a possibility that these users access a common group of files. This opens the door to problems like accidental deletion or editing of important files, which you as an administrator definitely don't want.

Fortunately, there is a command called chattr that is designed for just such cases. In this tutorial, we will explain this tool with some easy-to-understand examples. But before we do that, we should mention that all the examples here have been tested on Ubuntu 22.04 LTS and Debian 11.

The Linux chattr command

Basically, the chattr command is used to change file attributes on a Linux file system. Following is its syntax:

chattr [ -RVf ] [ -v version ] [ mode ] files...

And here's what the man page says about it:

       chattr changes the file attributes on a Linux file system.

       The format of a symbolic mode is +-=[aAcCdDeijsStTu].

       The  operator  '+'  causes  the  selected attributes to be added to the
       existing attributes of the files; '-' causes them to  be  removed;  and
       '=' causes them to be the only attributes that the files have.

       The  letters  'aAcCdDeijsStTu' select the new attributes for the files:
       append only (a), no atime updates (A), compressed (c), no copy on write
       (C), no dump (d), synchronous directory updates (D), extent format (e),
       immutable (i), data journalling (j), secure deletion  (s),  synchronous
       updates  (S),  no tail-merging (t), top of directory hierarchy (T), and
       undeletable (u).

       The following attributes are read-only, and may be listed by  lsattr(1)
       but  not  modified  by  chattr:  compression  error (E), huge file (h),
       indexed directory (I), inline data (N), compression raw access (X), and
       compressed dirty file (Z).

       Not  all  flags  are supported or utilized by all filesystems; refer to
       filesystem-specific man pages such as btrfs(5), ext4(5), and xfs(5) for
       more filesystem-specific details.

The following are some Q&A-styled examples that should give you a good idea on how the chattr command works.

Q1. How to use chattr command?

Suppose you want to make a file read-only. So all you have to do is to run the chattr command with +i option and the name of the file as input.

For example:

chattr +i test.txt

The following screenshot shows no other operation was successful on the file once it became read-only using chattr.

How to use chattr command

Note: As you would have already observed, you need to have root privileges to use the chattr command.

Q2. How to remove read-only restriction imposed by chattr?

This is simple - all you have to do is to use the -i option instead of +i. For example:

chattr -i test.txt

How to remove read-only restriction imposed by chattr

So you can see the read-only factor got removed with the -i option.

Q3. How to provide append-only permission to a file?

Sometimes, you may not want a full restriction on a file. What I mean is, that you may want to provide users append-only access to a file, so that new info can be added, but existing info cannot be deleted or edited. This is also possible using chattr through the +a option.

chattr +a test.txt

How to provide append-only permission to a file

So you can see that we could append to the file now, but could not edit existing information in the file as well as delete the file. To reverse this behavior, just use the -a option.

chattr -a test.txt

Q4. How to apply a restriction using chattr to all files in a directory?

This can be done using the flag -R, which lets you recursively change attributes of directories and their contents. For example, if you want to make all files inside the test-dir directory as read-only, use the chattr command in the following way:

chattr -R +i ./test-dir/

The following screenshot shows the read-only restriction was successfully applied to all files inside the directory.

How to apply a restriction using chattr to all files in a directory

Q5. How to check chattr attributes applied on files?

Until now, to check if a chattr attribute was successfully applied, we tried performing operations like editing the file or deleting it. But there's a separate command that lets you easily see if the attributes were applied or not. The command in question is lsattr.

lsattr [FILENAME]

For example, the following screenshot shows lsattr output clearly suggesting the 'i' attribute was applied to all files in the directory.

How to check chattr attributes applied on files

Just to reconfirm, here's the output after the -i option was used.

output after the -i option was used

As you can see in the screenshot above, the read-only attribute was removed from all files.

Conclusion

You will likely agree that chattr is a must-know command line tool if you are a system admin, or manage users on a Linux machine in general. Effectively using the command can save you a lot of hassle. This article should be enough to get you started with the command. Once you've practiced the examples we've discussed here, head to the tool's man page to learn more about it.

Share this page:

2 Comment(s)