What is chattr and lsattr command in Linux and how to use them ?

In this article, we will look what are chattr and lsattr commands in Linux and how to use these commands.

1. What is chattr and lsattr ?
chattr corresponds to “change attribute” and used to change few file/filesystem attributes.
lsattr corresponds to “list attribute” and used to list few file/filesystem attributes.

2. Why to use chattr and lsattr ?
There are multiple attributes with a filesystem, and with files on a filesystem in Linux. Some of the attributes are controlled by chmod command which changes files’ permissions, some are controlled by tune2fs to modify filesystem attributes.

And few of such attributes that control files behavior/access are handled by chattr and lsattr command.

Sometimes we need to change these attributes and hence chattr/lsattr commands are required.

3. Package requirement
Ideally chattr/lsattr command package is already installed on default installation.
However still you can verify using below command.

[root@nglinux ~]# rpm -qa | grep -i e2fsprogs 
[root@nglinux ~]# 

If these commands are not available, then you need to install e2fsprogs rpm package using below command.

[root@nglinux ~]# yum install e2fsprogs
Loaded plugins: fastestmirror, refresh-packagekit, security
Setting up Install Process

4. How to list attributes with lsattr ?
Lets list attributes of a file:

[root@nglinux ~]# lsattr file1 
-------------e- file1
[root@nglinux ~]# 

In the above output, we can see there are no attributes set(all have -), except “e”.
Lets see what all attributes are supported by lsattr/chattr commmand and then we will see how to change these attributes.

5. List of all attributes shown in lsattr output.
If you count “-” in above lsattr output, you will find there are a total of 15 attributes supported by lsattr/chattr command. Out of these 14 attributes are as follows:

a: append only
c: compressed
d: no dump
e: extent format
i: immutable
j: data journalling
s: secure deletion
t: no tail-merging
u: undeletable
A: no atime updates
C: no copy on write
D: synchronous directory updates
S: synchronous updates
T: top of directory hierarchy

Hence “e” shown above in the lsattr output indicates that the file supports extent format.

The ‘e’ attribute indicates that the file is using extents for mapping
the blocks on disk. It may not be removed using chattr(1).

The last 15th attribute(only shown in lsattr and can’t be changed) has any 1 of the following character:
h: huge file
E: compression error
I: indexed directory
X: compression raw access
Z: compressed dirty file

6. How to change an attribute with chattr ?
Now we know all the attributes available with lsattr, lets check out how to change any of the attribute using chattr command.
To add the attribute we use “+”(addition sign) and to remove the attribute we use “-“(minus sign).

Example 1:- Disabling access time for a file

### Check current access time of the file.
[root@nglinux ~]# ls -l  --time=atime file1
-rw-r--r--. 1 root root 6 Jan 10 23:02 file1

### Add attribute A to avoid access time update.
[root@nglinux ~]# chattr +A file1
[root@nglinux ~]# lsattr file1
-------A-----e- file1
[root@nglinux ~]# 

### Now read file1 to update access time.
[root@nglinux ~]# cat file1

### Now check access time, its not updated and same.
[root@nglinux ~]# ls -l  --time=atime file1
-rw-r--r--. 1 root root 6 Jan 10 23:02 file1
[root@nglinux ~]# 

### Now remove atime property and see atime is updated.
[root@nglinux ~]# chattr -A file1
[root@nglinux ~]# lsattr file1
-------------e- file1
[root@nglinux ~]# cat file1
[root@nglinux ~]# ls -l --time=atime file1
-rw-r--r--. 1 root root 6 Jan 10 23:09 file1
[root@nglinux ~]# 

Example 2: Make a file immutable so that no one can delete the file.
We generally use this option to keep safe our files to avoid any accidental delete command.

[root@nglinux ~]# lsattr file1
-------------e- file1

### Adding immutable flag.
[root@nglinux ~]# chattr +i file1
[root@nglinux ~]# lsattr file1
----i--------e- file1

### Now try to remove the file.
[root@nglinux ~]# rm -rf file1
rm: cannot remove `file1': Operation not permitted
[root@nglinux ~]# 

Now even the root can’t delete the file.

This is the magic of these file attributes in Linux.

I hope you liked the article. Do post your comments, suggestions or questions below.

0 0 votes
Article Rating
Notify of

1 Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Paul Campbell
Paul Campbell
1 year ago

Thank You. I found a “remedy” and it referred to chattr -i

Your explanation was very helpful.
It encourages me to look more closely.