Using chattr CMD To Protect Documents

The form of the chattr command is:

chattr [-RVf] [-+=AacDdijsSu] [-v version] files…
-R is to recurse all subdirectories
+i is to set the immutable bit to prevent even root from erasing or changing the contents of a file.
-i is to unset the immutable bit
The form of the chflags command is:

chflags [-R [-H | -L | -P] flags file …
-H If the -R option is specified, symbolic links on the command line are followed. (Symbolic links encountered in the tree traversal are not followed.)
-L If the -R option is specified, all symbolic links are followed.
-P If the -R option is specified, no symbolic links are followed. This is the default.
-R Change the file flags for the file hierarchies rooted in the files instead of just the files themselves.
Attributes (chattr)[edit]
Some attributes include:

append only (a)
don’t update atime (A)
compressed (c)
no Copy-on-write (C) [2]
no dump (d)
synchronous directory updates (D)
immutable (i)
data journaling (j)
secure deletion (s)
synchronous updates (S)
no tail-merging (t)
top of directory hierarchy (T)
undeletable (u)

I’m using it to keep the /etc/resolv.conf file from changing after a restart
chattr +i /etc/resolv.conf

To enable changes, run
chattr -i /etc/resolv.conf

Posted in Linux SysAdmin and tagged , , , , , , , .

Leave a Reply

Your email address will not be published. Required fields are marked *


*