A Linux based operating system does not have the concept of a ‘recycle bin’ in contrast to Windows operating systems. Therefore in Linux if we delete a file or directory it is generally considered to be lost forever unless we have a backup. Although there are a couple of methods available to recover deleted data from a Linux file system but these methods require the use of third party software and are tedious, not very straightforward and full proof. Perhaps the best possible way to prevent a file or directory from being accidentally removed or modified is to prohibit it completely. In Linux this functionality can be achieved by making use of the immutable flag. In this article, we will explain what the immutable flag is and then demonstrate practically how it works.
What is the immutable flag?
The immutable flag is an extended file system attribute, and can be set on both files and directories. Once the immutable flag is set the the file or directory cannot be modified, renamed or deleted without removing the immutable flag first. The immutable flag can be set or unset using the chattr command. Setting the immutable flag requires root privileges.
The chattr command explained:
The chattr (Change Attribute) is a command line Linux utility that is used to set/unset certain attributes to a file in Linux system to secure accidental deletion or modification of important files and folders even if you are logged in as the root user.
Here is a description of the chattr command from it’s man page:
CHATTR(1) General Commands Manual CHATTR(1) NAME chattr - change file attributes on a Linux file system SYNOPSIS chattr [ -RVf ] [ -v version ] [ mode ] files... DESCRIPTION chattr changes the file attributes on a Linux file system. The format of a symbolic mode is +-=[aAcCdDeijsStTu]. The operator '+' causes the selected attributes to be added to the existing attributes of the files; '-' causes them to be removed; and The letters 'aAcCdDeijsStTu' select the new attributes for the files: append only (a), no atime updates (A), compressed (c), no copy on write (C), no dump (d), synchronous directory updates (D), extent format (e), immutable (i), data jour‐ nalling (j), secure deletion (s), synchronous updates (S), no tail-merging (t), top of directory hierarchy (T), and undeletable (u). The following attributes are read-only, and may be listed by lsattr(1) but not modified by chattr: compression error (E), huge file (h), indexed directory (I), inline data (N), compression raw access (X), and compressed dirty file (Z). Not all flags are supported or utilized by all filesystems; refer to filesystem-specific man pages such as btrfs(5), ext4(5), and xfs(5) for more filesystem-specific details.
Given below is a list of attributes that can be set/unset using the chattr command:
Following are the list of common attributes and associated flags can be set/unset using the chattr command.
- If a file is accessed with ‘A‘ attribute set, its atime record is not updated.
- If a file is modified with ‘S‘ attribute set, the changes are updates synchronously on the disk.
- A file is set with ‘a‘ attribute, can only be open in append mode for writing.
- A file is set with ‘i‘ attribute, cannot be modified (immutable). Means no renaming, no symbolic link creation, no execution, no writable, only superuser can unset the attribute.
- A file with the ‘j‘ attribute is set, all of its information updated to the ext3 journal before being updated to the file itself.
- A file is set with ‘t‘ attribute, no tail-merging.
- A file with the attribute ‘d‘, will no more candidate for backup when the dump process is run.
- When a file has ‘u‘ attribute is deleted, its data are saved. This enables the user to ask for its undeletion.
Syntax for using the chattr command:
Given below is the syntax for using the chattr command.
chattr [operator] [flags] [filename]
The flags are the attributes that were discussed above. Given below is a description of the different operators available with the chattr command:
+ : Adds the attribute to the existing attribute of the files.
– : Removes the attribute to the existing attribute of the files.
= : Keep the existing attributes that the files have.
Now that we’ve been familiarized with what is the immutable flag and how it could be set, it’s time for a practical demonstration. Let’s create a file named no-del.txt and then check if it has any extended attributes set using the lsattr command.
[root@linuxnix ~]# touch no-del.txt [root@linuxnix ~]# [root@linuxnix ~]# lsattr no-del.txt ---------------- no-del.txt [root@linuxnix ~]#
The above output shows that currently no extended file system attributes are set. Let’s add some content to the file.
[root@linuxnix ~]# echo "testing" >> no-del.txt [root@linuxnix ~]# cat no-del.txt testing [root@linuxnix ~]#
Now we will set the immutable flag on the file.
[root@linuxnix ~]# chattr +i no-del.txt [root@linuxnix ~]# lsattr no-del.txt ----i----------- no-del.txt [root@linuxnix ~]#
If we try to make any modification to the file now we will not be allowed to do so even though I’m logged in as the root user.
[root@linuxnix ~]# echo "testing" >> no-del.txt -bash: no-del.txt: Permission denied [root@linuxnix ~]# rm no-del.txt rm: remove regular file ‘no-del.txt’? y rm: cannot remove ‘no-del.txt’: Operation not permitted [root@linuxnix ~]#
Once we unset the immutable flag, we will be able to make changes to the file.
[root@linuxnix ~]# chattr -i no-del.txt [root@linuxnix ~]# lsattr no-del.txt ---------------- no-del.txt [root@linuxnix ~]# echo "testing" >> no-del.txt [root@linuxnix ~]# rm -f no-del.txt [root@linuxnix ~]#
In this article we demonstrated how we could set the immutable flag on a file/directory using the chattr command to prevent modification or deletion of the file. We hope that you’ve found this article to be useful and we look forward towards your suggestions are feedback.
Latest posts by Sahil Suri (see all)
- Oracle VirtualBox installation troubleshooting in Linux explained - October 23, 2018
- How to install Oracle virtual box on Centos 7? - October 22, 2018
- Understanding swapiness parameter in Linux - September 20, 2018
- Resolving YUM: Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast - September 19, 2018
- How to prevent file/folder modification/deletion in Linux? - September 18, 2018