Chattr

Last updated
chattr
Original author(s) Remy Card
Operating system Linux
Platform Cross-platform
Type Command
chflags
Operating system BSD-like systems, including macOS
Platform Cross-platform
Type Command

chattr is the command in Linux that allows a user to set certain attributes of a file. lsattr is the command that displays the attributes of a file.

Contents

Most BSD-like systems, including macOS, have always had an analogous chflags command to set the attributes, but no command specifically meant to display them; specific options to the ls command are used instead. The chflags command first appeared in 4.4BSD.

Solaris has no commands specifically meant to manipulate them. chmod [1] and ls [2] are used instead.

Other Unix-like operating systems, in general, have no analogous commands. The similar-sounding commands chatr (from HP-UX) and lsattr (from AIX) exist but have unrelated functions.

Among other things, the chattr command is useful to make files immutable so that password files and certain system files cannot be erased during software upgrades. [3]

In Linux systems (chattr and lsattr)

File system support

The command line tools chattr (to manipulate attributes) and lsattr (to list attributes) were originally specific to the Second Extended Filesystem family (ext2, ext3, ext4), and are available as part of the e2fsprogs package.

However, the functionality has since been extended, fully or partially, to many other systems, including XFS, ReiserFS, JFS and OCFS2. The btrfs file system includes the attribute functionality, including the C flag, which turns off the built-in copy-on-write (CoW) feature of btrfs due to slower performance associated with CoW.

chattr description

The form of the chattr command is:

chattr[-RVf][-+=AacDdijsTtSu][-vversion]files...

lsattr description

The form of the lsattr command (gnu 1.41.3):

lsattr[-RVadv][files...]

Attributes

Some attributes include:

File attributes on a Linux file system according to the chattr(1) Linux man page
Attributelsattr flagchattr optionSemantics and rationale
No atime updatesA+A to set
-A to clear
  • When a file with the A attribute set is accessed, its atime record is not modified.
  • This avoids a certain amount of disk I/O operations.
Append onlya+a to set
-a to clear [note 1]
  • A file with the a attribute set can only be open in append mode for writing.
Compressedc+c to set
-c to clear [note 2]
  • A file with the c attribute set is automatically compressed on the disk by the kernel.
  • A read from this file returns uncompressed data.
  • A write to this file compresses data before storing them on the disk.
No Copy-on-Write (CoW)C+C to set
-C to clear [note 3]
  • A file with the C attribute will not be subject to Copy-on-Write updates.
  • Updates to these files may not be subject to atomic snapshots, and may lack some reliability information on some filesystems and kernels.
Synchronous directory updatesD+D to set
-D to clear
  • When a directory with the D attribute set is modified, the changes are written synchronously on the disk
  • This is equivalent to the dirsync mount option, applied to a subset of the files.
No dumpd+d to set
-d to clear
  • A file with the d attribute set is not candidate for backup when the dump program is run.
Compression errorE(unavailable)
  • The E attribute is used by the experimental compression patches to indicate that a compressed file has a compression error.
Extent formate(unavailable)
  • The e attribute indicates that the file is using extents for mapping the blocks on disk.
Huge fileh(unavailable)
  • The h attribute indicates the file is storing its blocks in units of the filesystem blocksize instead of in units of sectors.
  • It means that the file is, or at one time was, larger than 2TB.
Indexed directoryI(unavailable)
  • The I attribute is used by the htree program code to indicate that a directory is being indexed using hashed trees.
Immutablei+i to set
-i to clear [note 1]
  • A file with the i attribute cannot be modified.
  • It cannot be deleted or renamed, no link can be created to this file and no data can be written to the file.
  • When set, prevents, even the superuser, from erasing or changing the contents of the file.
Data journalingj+j to set
-j to clear [note 4]
  • A file with the j attribute has all of its data written to the ext3 journal before being written to the file itself, if the filesystem is mounted with the "data=ordered" or "data=writeback" options.
  • When the filesystem is mounted with the "data=journal" option all file data is already journaled, so this attribute has no effect.
Secure deletions+s to set
-s to clear [note 2] [note 5]
Synchronous updatesS+S to set
-S to clear
  • When a file with the S attribute set is modified, the changes are written synchronously on the disk; this is equivalent to the 'sync' mount option applied to a subset of the files.
  • This is equivalent to the sync mount option, applied to a subset of the files.
Top of directory hierarchyT+T to set
-T to clear
  • A directory with the T attribute will be deemed to be the top of directory hierarchies for the purposes of the Orlov block allocator.
  • This is a hint to the block allocator used by ext3 and ext4 that the subdirectories under this directory are not related, and thus should be spread apart for allocation purposes.
  • For example: it is a very good idea to set the T attribute on the /home directory, so that /home/john and /home/mary are placed into separate block groups.
  • For directories where this attribute is not set, the Orlov block allocator will try to group subdirectories closer together where possible.
No tail-mergingt+t to set
-t to clear
  • For those filesystems that support tail-merging, a file with the t attribute will not have a partial block fragment at the end of the file merged with other files.
  • This is necessary for applications such as LILO, which reads the filesystem directly and doesn't understand tail-merged files.
Undeletableu+u to set
-u to clear [note 2]
  • When a file with the u attribute set is deleted, its contents are saved.
  • This allows the user to ask for its undeletion.
Compression raw accessX(unavailable)
  • The X attribute is used by the experimental compression patches to indicate that a raw contents of a compressed file can be accessed directly.
Compressed dirty fileZ(unavailable)
  • The Z attribute is used by the experimental compression patches to indicate a compressed file is "dirty".
Version / generation number-v-v version
  • File's version/generation number.

Notes

  1. 1 2 Only the superuser or a process possessing the CAP_LINUX_IMMUTABLE capability can set or clear these attributes.
  2. 1 2 3 These attributes are not honored by the ext2 and ext3 filesystems as implemented in the current mainline Linux kernels.
  3. These attributes only make sense for Copy-on-Write file-systems such as btrfs .
  4. Only the superuser or a process possessing the CAP_SYS_RESOURCE capability can set or clear this attribute.
  5. This attribute is not honored by the ext4 filesystem as implemented in the current mainline Linux kernels as reported in Bug #17872.

In BSD-like systems (chflags)

File system support

The chflags command is not specific to particular file systems. UFS on BSD systems, and APFS, HFS+, SMB, AFP, and FAT on macOS support at least some flags.

chflags description

The form of the chflags command is:

chflags[-R[-H|-L|-P]]flagsfile...

Displaying

BSD-like systems, in general, have no default user-level command specifically meant to display the flags of a file. The ls command will do with either the -lo, or the -lO, depending on the system, flags passed.

Attributes

All traditional attributes can be set or cleared by the super-user; some can also be set or cleared by the owner of the file. Some attributes include:

File attributes
Attributels flagchflags flagOwner-settableOS supportSemantics and rationale
Archivedarcharch, archivedNoAllFile is archived
OpaqueopaqueopaqueYesAllDirectory is opaque when viewed through a union mount
No dumpnodumpnodumpYesAllFile cannot be dumped
System append-onlysappndsappnd, sappendNoAllExisting data in the file can't be overwritten and the file cannot be truncated
User append-onlyuappnduappnd, uappendYesAllExisting data in the file can't be overwritten and the file cannot be truncated
System immutableschgschg, schange, simmutableNoAllFile cannot be changed, renamed, moved, or removed
User immutableuchguchg, uchange, uimmutableYesAllFile cannot be changed, renamed, moved, or removed
System no-unlinksunlnksunlnk, sunlinkNoFreeBSD, DragonFly BSD, macOSFile cannot be removed, renamed or mounted on; on macOS this flag needs to be set or cleared from single user mode
User no-unlinkuunlnkuunlnk, uunlinkYesFreeBSD, DragonFly BSDFile cannot be removed, renamed or mounted on
Hiddenhiddenhidden, uhiddenYesmacOS, FreeBSDFile is hidden by default in the GUI (but not in ls)
TrackedtrackedtrackedYesmacOSFile modifications and deletions are tracked
RestrictedrestrictedrestrictedNomacOSFile is protected by System Integrity Protection; accompanied by the extended attribute com.apple.rootless; flag needs to be set or cleared from Recovery Mode
CompressedcompressedNomacOSFile is HFS-compressed (read-only flag); not available on APFS-formatted volumes
Data VaultNomacOSHidden privacy flag since macOS Mojave set by the core system to prohibit any access without special entitlements
Offlineofflineoffline, uofflineYesFreeBSDFile is offline
SnapshotsnapshotNoFreeBSD, NetBSDFile is a snapshot file (read-only flag)
Sparsesparsesparse, usparseYesFreeBSDWrites of all zeroes may be written as "holes"
Must be archiveduarchuarch, uarchiveYesFreeBSDFile must be archived

See also

Notes

  1. chmod(1)    illumos and OpenSolaris User Commands Reference Manual from latest Sun based OpenSolaris
  2. ls(1)    illumos and OpenSolaris User Commands Reference Manual from latest Sun based OpenSolaris
  3. chflags(1)    OpenBSD General Commands Manual

Related Research Articles

ext2, or second extended file system, is a file system for the Linux kernel. It was initially designed by French software developer Rémy Card as a replacement for the extended file system (ext). Having been designed according to the same principles as the Berkeley Fast File System from BSD, it was the first commercial-grade filesystem for Linux.

ext3, or third extended filesystem, is a journaled file system that is commonly used by the Linux kernel. It used to be the default file system for many popular Linux distributions. Stephen Tweedie first revealed that he was working on extending ext2 in Journaling the Linux ext2fs Filesystem in a 1998 paper, and later in a February 1999 kernel mailing list posting. The filesystem was merged with the mainline Linux kernel in November 2001 from 2.4.15 onward. Its main advantage over ext2 is journaling, which improves reliability and eliminates the need to check the file system after an unclean shutdown. Its successor is ext4.

In Unix and Unix-like operating systems, chmod is the command and system call used to change the access permissions and the special mode flags of file system objects. Collectively these were originally called its modes, and the name chmod was chosen as an abbreviation of change mode.

In computer security, an access-control list (ACL) is a list of permissions associated with a system resource. An ACL specifies which users or system processes are granted access to resources, as well as what operations are allowed on given resources. Each entry in a typical ACL specifies a subject and an operation. For instance,

fsck System tool for checking the consistency of a file system

The system utility fsck is a tool for checking the consistency of a file system in Unix and Unix-like operating systems, such as Linux, macOS, and FreeBSD. The equivalent programs on MS-DOS and Microsoft Windows are CHKDSK, SFC, and SCANDISK.

<span class="mw-page-title-main">File system</span> Format or program for storing files and directories

In computing, a file system or filesystem is a method and data structure that the operating system uses to control how data is stored and retrieved. Without a file system, data placed in a storage medium would be one large body of data with no way to tell where one piece of data stopped and the next began, or where any piece of data was located when it was time to retrieve it. By separating the data into pieces and giving each piece a name, the data are easily isolated and identified. Taking its name from the way a paper-based data management system is named, each group of data is called a "file". The structure and logic rules used to manage the groups of data and their names is called a "file system."

<span class="mw-page-title-main">Theodore Ts'o</span> American computer scientist, free software developer

Theodore Yue Tak Ts'o is an American software engineer mainly known for his contributions to the Linux kernel, in particular his contributions to file systems. He is the secondary developer and maintainer of e2fsprogs, the userspace utilities for the ext2, ext3, and ext4 filesystems, and is a maintainer for the ext4 file system.

Most file systems include attributes of files and directories that control the ability of users to read, change, navigate, and execute the contents of the file system. In some cases, menu options or functions may be made visible or hidden depending on a user's permission level; this kind of user interface is referred to as permission-driven.

rm (Unix) Unix command utility

rm is a basic command on Unix and Unix-like operating systems used to remove objects such as computer files, directories and symbolic links from file systems and also special files such as device nodes, pipes and sockets, similar to the del command in MS-DOS, OS/2, and Microsoft Windows. The command is also available in the EFI shell.

In computing, an extent is a contiguous area of storage reserved for a file in a file system, represented as a range of block numbers, or tracks on count key data devices. A file can consist of zero or more extents; one file fragment requires one extent. The direct benefit is in storing each range compactly as two numbers, instead of canonically storing every block number in the range. Also, extent allocation results in less file fragmentation.

File attributes are a type of meta-data that describe and may modify how files and/or directories in a filesystem behave. Typical file attributes may, for example, indicate or specify whether a file is visible, modifiable, compressed, or encrypted. The availability of most file attributes depends on support by the underlying filesystem where attribute data must be stored along with other control structures. Each attribute can have one of two states: set and cleared. Attributes are considered distinct from other metadata, such as dates and times, filename extensions or file system permissions. In addition to files, folders, volumes and other file system objects may have attributes.

In computing, the sticky bit is a user ownership access right flag that can be assigned to files and directories on Unix-like systems.

Extended file attributes are file system features that enable users to associate computer files with metadata not interpreted by the filesystem, whereas regular attributes have a purpose strictly defined by the filesystem. Unlike forks, which can usually be as large as the maximum file size, extended attributes are usually limited in size to a value significantly smaller than the maximum file size. Typical uses include storing the author of a document, the character encoding of a plain-text document, or a checksum, cryptographic hash or digital certificate, and discretionary access control information.

The following tables compare general and technical information for a number of file systems.

e2fsprogs is a set of utilities for maintaining the ext2, ext3 and ext4 file systems. Since those file systems are often the default for Linux distributions, it is commonly considered to be essential software.

ext4 is a journaling file system for Linux, developed as the successor to ext3.

Btrfs is a computer storage format that combines a file system based on the copy-on-write (COW) principle with a logical volume manager, developed together. It was founded by Chris Mason in 2007 for use in Linux, and since November 2013, the file system's on-disk format has been declared stable in the Linux kernel.

In computer operating systems, mkfs is a command used to format a block storage device with a specific file system. The command is part of Unix and Unix-like operating systems. In Unix, a block storage device must be formatted with a file system before it can be mounted and accessed through the operating system's filesystem hierarchy.

<span class="mw-page-title-main">Unix filesystem</span> Directory structure used by a Unix-like operating system

In Unix and operating systems inspired by it, the file system is considered a central component of the operating system. It was also one of the first parts of the system to be designed and implemented by Ken Thompson in the first experimental version of Unix, dated 1969.

References

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.