Linux chattr Command Tutorial for Beginners (5 Examples)
On this page
- The Linux chattr command
- Q1. How to use chattr command?
- Q2. How to remove read-only restriction imposed by chattr?
- Q3. How to provide append-only permission to a file?
- Q4. How to apply a restriction using chattr to all files in a directory?
- Q5. How to check chattr attributes applied on files?
- Conclusion
Often a Linux computer is used by different users. So there is a possibility that these users access a common group of files. This opens the door to problems like accidental deletion or editing of important files, which you as an administrator definitely don't want.
Fortunately, there is a command called chattr that is designed for just such cases. In this tutorial, we will explain this tool with some easy-to-understand examples. But before we do that, we should mention that all the examples here have been tested on Ubuntu 22.04 LTS and Debian 11.
The Linux chattr command
Basically, the chattr command is used to change file attributes on a Linux file system. Following is its syntax:
chattr [ -RVf ] [ -v version ] [ mode ] files...
And here's what the man page says about it:
chattr changes the file attributes on a Linux file system.
The format of a symbolic mode is +-=[aAcCdDeijsStTu].
The operator '+' causes the selected attributes to be added to the
existing attributes of the files; '-' causes them to be removed; and
'=' causes them to be the only attributes that the files have.
The letters 'aAcCdDeijsStTu' select the new attributes for the files:
append only (a), no atime updates (A), compressed (c), no copy on write
(C), no dump (d), synchronous directory updates (D), extent format (e),
immutable (i), data journalling (j), secure deletion (s), synchronous
updates (S), no tail-merging (t), top of directory hierarchy (T), and
undeletable (u).
The following attributes are read-only, and may be listed by lsattr(1)
but not modified by chattr: compression error (E), huge file (h),
indexed directory (I), inline data (N), compression raw access (X), and
compressed dirty file (Z).
Not all flags are supported or utilized by all filesystems; refer to
filesystem-specific man pages such as btrfs(5), ext4(5), and xfs(5) for
more filesystem-specific details.
The following are some Q&A-styled examples that should give you a good idea on how the chattr command works.
Q1. How to use chattr command?
Suppose you want to make a file read-only. So all you have to do is to run the chattr command with +i option and the name of the file as input.
For example:
chattr +i test.txt
The following screenshot shows no other operation was successful on the file once it became read-only using chattr.
Note: As you would have already observed, you need to have root privileges to use the chattr command.
Q2. How to remove read-only restriction imposed by chattr?
This is simple - all you have to do is to use the -i option instead of +i. For example:
chattr -i test.txt
So you can see the read-only factor got removed with the -i option.
Q3. How to provide append-only permission to a file?
Sometimes, you may not want a full restriction on a file. What I mean is, that you may want to provide users append-only access to a file, so that new info can be added, but existing info cannot be deleted or edited. This is also possible using chattr through the +a option.
chattr +a test.txt
So you can see that we could append to the file now, but could not edit existing information in the file as well as delete the file. To reverse this behavior, just use the -a option.
chattr -a test.txt
Q4. How to apply a restriction using chattr to all files in a directory?
This can be done using the flag -R, which lets you recursively change attributes of directories and their contents. For example, if you want to make all files inside the test-dir directory as read-only, use the chattr command in the following way:
chattr -R +i ./test-dir/
The following screenshot shows the read-only restriction was successfully applied to all files inside the directory.
Q5. How to check chattr attributes applied on files?
Until now, to check if a chattr attribute was successfully applied, we tried performing operations like editing the file or deleting it. But there's a separate command that lets you easily see if the attributes were applied or not. The command in question is lsattr.
lsattr [FILENAME]
For example, the following screenshot shows lsattr output clearly suggesting the 'i' attribute was applied to all files in the directory.
Just to reconfirm, here's the output after the -i option was used.
As you can see in the screenshot above, the read-only attribute was removed from all files.
Conclusion
You will likely agree that chattr is a must-know command line tool if you are a system admin, or manage users on a Linux machine in general. Effectively using the command can save you a lot of hassle. This article should be enough to get you started with the command. Once you've practiced the examples we've discussed here, head to the tool's man page to learn more about it.