Protect your data with file attributes


If you are the file’s owner this is not mean usually you can do anything to this file.

This article explains how to add/remove a file attributes to protect your files.

And this article is a response for a request.

Table of Contents:

  • File attribute?
  • Example of using file attributes
  • Extended File attribute? 

1. File attributes:

File attributes are metadata associated with computer files that define file system behavior. Each attribute can have one of two states: set and cleared. Attributes are considered distinct from other metadata, such as dates and times, filename extensions or file system permissions. In addition to files, folders, volumes and other file system objects may have attributes. For more information.


 Protect your data with File attributes

Any file has an owner, group and other permissions (Read (r), Write (w), Execute (x))

Also you can affect a specific permission (Read, Write and/or Execute) to a specific user or group with FACL (Filesystem Access Control Lists).

Also you can secure your file with adding attributes to a file.

- append only (a),
- compressed (c)
- no dump (d), 
- immutable (i)
- data journalling (j), 
- secure deletion (s)
- no tail-merging (t),
- undeletable (u)
- no  atime  updates  (A), 
- synchronous directory updates (D)
- synchronous updates (S), 
- top of directory hierarchy (T).

Note 1:  The operator ‘+’ causes the selected attributes to be added to the existing attributes of the files; ‘-’ causes them to be removed and ‘=’ causes them to be the only attributes that the files have.

# chattr +-=[ASacDdIijsTtu]

Note 2:  By default, only the root user can change these file attributes. To allow users to set and remove these file attributes, you must add the option user_xattr to the file /etc/fstab to the dedicated partition, for example:

# vi /etc/fstab
/dev/vg1/home          /home            ext4    defaults,user_xattr        1 2

2. Example of using file attributes:

Now, I will take some example to explain:

Create an empty file, with the user ‘user’:

$ touch file.txt

Display the File attribute with lsattr, append a text message to the file:

$ lsattr file.txt
------------- file.txt
$ echo Hello File > file.txt
$ cat file.txt
Hello File

The attribute immatuble (i), makes a file cannot be modified, deleted, renamed, nor can any hard link be created.

Add the attribute immatuble (i) with the user ‘root’:

# chattr +i /home/user/file.txt
$ lsattr file.txt
----i-------- file.txt
$ echo Hello Extended File  >> file.txt
-bash: file.txt: Permission denied
$ ln file.txt file.txt.ln
ln: creating hard link `file.txt.ln' to `file.txt': Operation not permitted
$ rm file.txt
rm: remove write-protected regular file `file.txt'? yes
rm: cannot remove `file.txt': Operation not permitted
$ ls –l file.txt
-rw-rw-r-- 1 user user 11 Feb  1 16:19 file.txt

To remove the attribute immatuble (i), with the user root:

# chattr -i /home/user/file.txt

Display the File attribute with lsattr, append the file with another text message:

$ lsattr file.txt
------------- file.txt
$ echo Hello Extended File  >> file.txt
$ cat file.txt
Hello File
Hello Extended File


3. Extended File Attribute:

Extended file attributes is a file system feature that enables users to associate computer files with metadata not interpreted by the file system, whereas regular attributes have a purpose strictly defined by the file system (such as permissions or records of creation and modification times). For more information.

They can be retrieved and set through shell commands (getfattr, setfattr) or through system calls (fgetxattr, flistxattr, fremovexattr, fsetxattr, getxattr, lgetxattr, listxattr, llistxattr, lremovexattr, lsetxattr, removexattr, setxattr) for more information.

Note: Extended attributes are arbitrary name/value pairs which are associated with files or directories. They can be used to store system objects like capabilities of executables and access control lists, as well as user objects



File attributes are settings associated with computer files that grant or deny certain rights to how a user or the operating system can access that file.



Share it now!
Bookmark the permalink.
Loading Facebook Comments ...

Leave a Reply