Chattr

Last updated
chattr
Original author(s) Remy Card
Operating system Linux
Platform Cross-platform
Type Command
chflags
Operating system BSD-like systems, including macOS
Platform Cross-platform
Type Command

chattr is the command in Linux that allows a user to set certain attributes of a file. lsattr is the command that displays the attributes of a file.

Contents

Most BSD-like systems, including macOS, have always had an analogous chflags command to set the attributes, but no command specifically meant to display them; specific options to the ls command are used instead. The chflags command first appeared in 4.4BSD.

Solaris has no commands specifically meant to manipulate them. chmod [1] and ls [2] are used instead.

Other Unix-like operating systems, in general, have no analogous commands. The similar-sounding commands chatr (from HP-UX) and lsattr (from AIX) exist but have unrelated functions.

Among other things, the chattr command is useful to make files immutable so that password files and certain system files cannot be erased during software upgrades. [3]

In Linux systems (chattr and lsattr)

File system support

The command line tools chattr (to manipulate attributes) and lsattr (to list attributes) were originally specific to the Second Extended Filesystem family (ext2, ext3, ext4), and are available as part of the e2fsprogs package.

However, the functionality has since been extended, fully or partially, to many other systems, including XFS, ReiserFS, JFS and OCFS2. The btrfs file system includes the attribute functionality, including the C flag, which turns off the built-in copy-on-write (CoW) feature of btrfs due to slower performance associated with CoW.

chattr description

The form of the chattr command is:

chattr[-RVf][-+=AacDdijsTtSu][-vversion]files...

lsattr description

The form of the lsattr command (gnu 1.41.3):

lsattr[-RVadv][files...]

Attributes

Some attributes include:

File attributes on a Linux file system according to the chattr(1) Linux man page
Attributelsattr flagchattr optionSemantics and rationale
No atime updatesA+A to set
-A to clear
  • When a file with the A attribute set is accessed, its atime record is not modified.
  • This avoids a certain amount of disk I/O operations.
Append onlya+a to set
-a to clear [note 1]
  • A file with the a attribute set can only be open in append mode for writing.
Compressedc+c to set
-c to clear [note 2]
  • A file with the c attribute set is automatically compressed on the disk by the kernel.
  • A read from this file returns uncompressed data.
  • A write to this file compresses data before storing them on the disk.
No Copy-on-Write (CoW)C+C to set
-C to clear [note 3]
  • A file with the C attribute will not be subject to Copy-on-Write updates.
  • Updates to these files may not be subject to atomic snapshots, and may lack some reliability information on some filesystems and kernels.
Synchronous directory updatesD+D to set
-D to clear
  • When a directory with the D attribute set is modified, the changes are written synchronously on the disk
  • This is equivalent to the dirsync mount option, applied to a subset of the files.
No dumpd+d to set
-d to clear
  • A file with the d attribute set is not candidate for backup when the dump program is run.
Compression errorE(unavailable)
  • The E attribute is used by the experimental compression patches to indicate that a compressed file has a compression error.
Extent formate(unavailable)
  • The e attribute indicates that the file is using extents for mapping the blocks on disk.
Huge fileh(unavailable)
  • The h attribute indicates the file is storing its blocks in units of the filesystem blocksize instead of in units of sectors.
  • It means that the file is, or at one time was, larger than 2TB.
Indexed directoryI(unavailable)
  • The I attribute is used by the htree program code to indicate that a directory is being indexed using hashed trees.
Immutablei+i to set
-i to clear [note 1]
  • A file with the i attribute cannot be modified.
  • It cannot be deleted or renamed, no link can be created to this file and no data can be written to the file.
  • When set, prevents, even the superuser, from erasing or changing the contents of the file.
Data journalingj+j to set
-j to clear [note 4]
  • A file with the j attribute has all of its data written to the ext3 journal before being written to the file itself, if the filesystem is mounted with the "data=ordered" or "data=writeback" options.
  • When the filesystem is mounted with the "data=journal" option all file data is already journaled, so this attribute has no effect.
Secure deletions+s to set
-s to clear [note 2] [note 5]
Synchronous updatesS+S to set
-S to clear
  • When a file with the S attribute set is modified, the changes are written synchronously on the disk; this is equivalent to the 'sync' mount option applied to a subset of the files.
  • This is equivalent to the sync mount option, applied to a subset of the files.
Top of directory hierarchyT+T to set
-T to clear
  • A directory with the T attribute will be deemed to be the top of directory hierarchies for the purposes of the Orlov block allocator.
  • This is a hint to the block allocator used by ext3 and ext4 that the subdirectories under this directory are not related, and thus should be spread apart for allocation purposes.
  • For example: it is a very good idea to set the T attribute on the /home directory, so that /home/john and /home/mary are placed into separate block groups.
  • For directories where this attribute is not set, the Orlov block allocator will try to group subdirectories closer together where possible.
No tail-mergingt+t to set
-t to clear
  • For those filesystems that support tail-merging, a file with the t attribute will not have a partial block fragment at the end of the file merged with other files.
  • This is necessary for applications such as LILO, which reads the filesystem directly and doesn't understand tail-merged files.
Undeletableu+u to set
-u to clear [note 2]
  • When a file with the u attribute set is deleted, its contents are saved.
  • This allows the user to ask for its undeletion.
Compression raw accessX(unavailable)
  • The X attribute is used by the experimental compression patches to indicate that a raw contents of a compressed file can be accessed directly.
Compressed dirty fileZ(unavailable)
  • The Z attribute is used by the experimental compression patches to indicate a compressed file is "dirty".
Version / generation number-v-v version
  • File's version/generation number.

Notes

  1. 1 2 Only the superuser or a process possessing the CAP_LINUX_IMMUTABLE capability can set or clear these attributes.
  2. 1 2 3 These attributes are not honored by the ext2 and ext3 filesystems as implemented in the current mainline Linux kernels.
  3. These attributes only make sense for Copy-on-Write file-systems such as btrfs .
  4. Only the superuser or a process possessing the CAP_SYS_RESOURCE capability can set or clear this attribute.
  5. This attribute is not honored by the ext4 filesystem as implemented in the current mainline Linux kernels as reported in Bug #17872.

In BSD-like systems (chflags)

File system support

The chflags command is not specific to particular file systems. UFS on BSD systems, and APFS, HFS+, SMB, AFP, and FAT on macOS support at least some flags.

chflags description

The form of the chflags command is:

chflags[-R[-H|-L|-P]]flagsfile...

Displaying

BSD-like systems, in general, have no default user-level command specifically meant to display the flags of a file. The ls command will do with either the -lo, or the -lO, depending on the system, flags passed.

Attributes

All traditional attributes can be set or cleared by the super-user; some can also be set or cleared by the owner of the file. Some attributes include:

File attributes
Attributels flagchflags flagOwner-settableOS supportSemantics and rationale
Archivedarcharch, archivedNoAllFile is archived
OpaqueopaqueopaqueYesAllDirectory is opaque when viewed through a union mount
No dumpnodumpnodumpYesAllFile cannot be dumped
System append-onlysappndsappnd, sappendNoAllExisting data in the file can't be overwritten and the file cannot be truncated
User append-onlyuappnduappnd, uappendYesAllExisting data in the file can't be overwritten and the file cannot be truncated
System immutableschgschg, schange, simmutableNoAllFile cannot be changed, renamed, moved, or removed
User immutableuchguchg, uchange, uimmutableYesAllFile cannot be changed, renamed, moved, or removed
System no-unlinksunlnksunlnk, sunlinkNoFreeBSD, DragonFly BSD, macOSFile cannot be removed, renamed or mounted on; on macOS this flag needs to be set or cleared from single user mode
User no-unlinkuunlnkuunlnk, uunlinkYesFreeBSD, DragonFly BSDFile cannot be removed, renamed or mounted on
HiddenhiddenhiddenYesmacOSFile is hidden by default in the GUI (but not in ls)
Hiddenhiddenhidden, uhiddenYesFreeBSDFile might be hidden by default in some GUI desktops (but not in ls)
TrackedtrackedtrackedYesmacOSFile modifications and deletions are tracked
RestrictedrestrictedrestrictedNomacOSFile is protected by System Integrity Protection; accompanied by the extended attribute com.apple.rootless; flag needs to be set or cleared from Recovery Mode
CompressedcompressedNomacOSFile is HFS-compressed (read-only flag); not available on APFS-formatted volumes
Data VaultNomacOSHidden privacy flag since macOS Mojave set by the core system to prohibit any access without special entitlements
Offlineofflineoffline, uofflineYesFreeBSDFile is offline
SnapshotsnapshotNoFreeBSD, NetBSDFile is a snapshot file (read-only flag)
Sparsesparsesparse, usparseYesFreeBSDWrites of all zeroes may be written as "holes"
Must be archiveduarchuarch, uarchiveYesFreeBSDFile must be archived

See also

Notes

  1. chmod(1)    illumos and OpenSolaris User Commands Reference Manual from latest Sun based OpenSolaris
  2. ls(1)    illumos and OpenSolaris User Commands Reference Manual from latest Sun based OpenSolaris
  3. chflags(1)    OpenBSD General Commands Manual

Related Research Articles

ext2, or second extended file system, is a file system for the Linux kernel. It was initially designed by French software developer Rémy Card as a replacement for the extended file system (ext). Having been designed according to the same principles as the Berkeley Fast File System from BSD, it was the first commercial-grade filesystem for Linux.

ext3, or third extended filesystem, is a journaled file system that is commonly used with the Linux kernel. It used to be the default file system for many popular Linux distributions but generally has been supplanted by its successor version ext4. The main advantage of ext3 over its predecessor, ext2, is journaling, which improves reliability and eliminates the need to check the file system after an improper, a.k.a. unclean, shutdown.

In Unix and Unix-like operating systems, chmod is the command and system call used to change the access permissions and the special mode flags of file system objects. Collectively these were originally called its modes, and the name chmod was chosen as an abbreviation of change mode.

fsck System tool for checking the consistency of a file system

The system utility fsck is a tool for checking the consistency of a file system in Unix and Unix-like operating systems, such as Linux, macOS, and FreeBSD. The equivalent programs on MS-DOS and Microsoft Windows are CHKDSK, SFC, and SCANDISK.

The Unix file system (UFS) is a family of file systems supported by many Unix and Unix-like operating systems. It is a distant descendant of the original filesystem used by Version 7 Unix.

fstab is a system file commonly found in the directory /etc on Unix and Unix-like computer systems. In Linux, it is part of the util-linux package. The fstab file typically lists all available disk partitions and other types of file systems and data sources that may not necessarily be disk-based, and indicates how they are to be initialized or otherwise integrated into the larger file system structure.

<span class="mw-page-title-main">File system</span> Computer filing system

In computing, a file system or filesystem governs file organization and access. A local file system is a capability of an operating system that services the applications running on the same computer. A distributed file system is a protocol that provides file access between networked computers.

Most file systems include attributes of files and directories that control the ability of users to read, change, navigate, and execute the contents of the file system. In some cases, menu options or functions may be made visible or hidden depending on a user's permission level; this kind of user interface is referred to as permission-driven.

rm (Unix) Unix command utility

rm is a basic command on Unix and Unix-like operating systems used to remove objects such as computer files, directories and symbolic links from file systems and also special files such as device nodes, pipes and sockets, similar to the del command in MS-DOS, OS/2, and Microsoft Windows. The command is also available in the EFI shell.

The proc filesystem (procfs) is a special filesystem in Unix-like operating systems that presents information about processes and other system information in a hierarchical file-like structure, providing a more convenient and standardized method for dynamically accessing process data held in the kernel than traditional tracing methods or direct access to kernel memory. Typically, it is mapped to a mount point named /proc at boot time. The proc file system acts as an interface to internal data structures about running processes in the kernel. In Linux, it can also be used to obtain information about the kernel and to change certain kernel parameters at runtime (sysctl).

File attributes are a type of metadata that describe and may modify how files and/or directories in a filesystem behave. Typical file attributes may, for example, indicate or specify whether a file is visible, modifiable, compressed, or encrypted. The availability of most file attributes depends on support by the underlying filesystem where attribute data must be stored along with other control structures. Each attribute can have one of two states: set and cleared. Attributes are considered distinct from other metadata, such as dates and times, filename extensions or file system permissions. In addition to files, folders, volumes and other file system objects may have attributes.

In computing, the sticky bit is a user ownership access right flag that can be assigned to files and directories on Unix-like systems.

Extended file attributes are file system features that enable users to associate computer files with metadata not interpreted by the filesystem, whereas regular attributes have a purpose strictly defined by the filesystem. Unlike forks, which can usually be as large as the maximum file size, extended attributes are usually limited in size to a value significantly smaller than the maximum file size. Typical uses include storing the author of a document, the character encoding of a plain-text document, or a checksum, cryptographic hash or digital certificate, and discretionary access control information.

The following tables compare general and technical information for a number of file systems.

e2fsprogs is a set of utilities for maintaining the ext2, ext3 and ext4 file systems. Since those file systems are often the default for Linux distributions, it is commonly considered to be essential software.

ext4 is a journaling file system for Linux, developed as the successor to ext3.

In computer operating systems, mkfs is a command used to format a block storage device with a specific file system. The command is part of Unix and Unix-like operating systems. In Unix, a block storage device must be formatted with a file system before it can be mounted and accessed through the operating system's filesystem hierarchy.

The Orlov block allocator is an algorithm to define where a particular file will reside on a given file system (blockwise), so as to speed up disk operations.

<span class="mw-page-title-main">Unix filesystem</span> Directory structure used by a Unix-like operating system

In Unix and operating systems inspired by it, the file system is considered a central component of the operating system. It was also one of the first parts of the system to be designed and implemented by Ken Thompson in the first experimental version of Unix, dated 1969.

References

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.