Immuable_file

$chattr +i /filename

Attribute : + set attribute – remove attribute = force these attributes

  • a – append only: Writing to a file will only allow the file to be opened in append mode for writing. That is you cannot redirect output to overwrite the file, only append to it. Most normal file edit operations, like opening the file with a text editor, will most likely fail as the program will attempt to overwrite the file with the changes and “permission denied” will be displayed. This attribute can only be set by an account with superuser privileges.
  • A – Do not update Atime – access time. When the file is accessed do not update the access time (atime) attribute. This attribute can be a little tricky because if you want to see it in action you need to be aware of a few things. The behavior of atime is determine by how the file system is mounted. With noatime set the access time of the file is not updated when the file is accessed. With atime set use the kernel defaults for how atime is set. Now it could be set in strict mode where atime is always updated when the file is accesses or with relatime which only update the access time should it be older than the modification time when the file is accessed. So if you are monitoring the atime with stat on a file and you are accessing the file and not seeing this time stamp change, chances are the file system you are on is mounted with noatime or relatime set. You would actually have to modify the file and then access it (e.g; cat the file) before the atime would change.
  • c – compressed attribute: Compress sets the file to be compressed when written to on the disk. Data written to the file is compressed by the kernel before the file is written and when read, the file is uncompressed by the kernel for the read. Note that setting this attribute can incur overhead as the file will need to be compressed and uncompressed when written to or accessed. Note that this attribute is not honored by ext2 and ext3 file systems.
  • C – no copy-on-write: The standard behavior on most Linux file systems is that when a file is opened by multiple tasks at one time, instead of creating multiple copies of the information for each task, a pointer to the shared resource is used. Should a task write to the file, then a private copy is broken off for that task instead of manipulating the shared resource. This behavior can be turned off by setting the C attribute so that a separate, private copy is never created.
  • d -no dump: This marks the file as not being a candidate for backups when the dump command is used.
  • D – Sychronous Directory Updates: When a change is made to the file changes are written synchronously to the disk. What this means is that any changes to a file are immediately written to disk and available. This is particularly useful in a networked situation where multiple systems may be accessing a share. When a file is created in that share the directory is immediately updated so that it is visible to all systems accessing the share.
  • e – extents: This attribute indicates that the file is using extents for mapping the blocks on disk. Extents replaced traditional block mapping schemes (found in ext2 and ext3) and define a contiguous range of physical blocks for storage of the data. This attribute is set by the file system and cannot be altered by chattr.
  • E – This is an experimental attribute that may be set by compression programs to indicate that a compressed file has a compression error. This attribute cannot be set or changed with chattr.
  • h – This is not an attribute you can set. Its presence indicates that the file is storing its blocks in units of the file system block size as opposed to the units of sectors. This is shown when a file is, or was at one time, larger than 2TB.
  • i – Immutable: This renders the file impervious to change. The file cannot be written to, appended to, or deleted. It cannot be renamed and it cannot have a link created to it. This attribute can only be set by a superuser account.
  • I - Directory is being indexed: This attribute is not something you can set with chattr. What this indicates is that the directory is being indexed using hashed trees.
  • j – Data journaling: If the file system is mounted with the data=ordered or data=writeback options enabled then this attribute will force the data to be written to the ext3 journal before being written to the file. If the share is mounted with data=journal, than this attribute has no effect as that is the way data=journal behaves.
  • s – Secure deletion: When the file is deleted the blocks the file used are zeroed out. This attribute is not honored by ext2 and ext3 file systems.
  • S – Sychronous Updates: With synchronous update attribute set any changes to the file are immediately written to the disk. Otherwise, changes to the file are cached and then updated at a later time.
  • t- no tail merging: Tail merging, or block sub-allocation is when a single block is used to hold the tail end of a files data. File systems are formatted into blocks for storage. The default in most Linux systems if 4KB blocks. Most files do not evenly divide into the block values resulting in the last, or tail, block of the file containing empty space. Block sub-allocation is a behavior of some file systems to aggregate the tails of multiple blocks into a single block thus freeing up the blocks those file ends would have consumed. This no tail merging attribute turns this feature off on the file.
  • T – Top of directory hierarchy: This attribute works with Orlov’s block allocator algorithm. The idea is that storing files in related directories closer together will result in faster disk access. An apt example is home directories. By grouping files with their home directories on a disk theoretically most access should be sped up. Otherwise, if directories and unrelated files are grouped together then disk access to related files will take longer. This flag will attempt to force sub-directories to be unrelated and should be spread apart.
  • u – Undeletable: This attribute sets the file to be recoverable should it be deleted, the contents of the file are actually saved. This option is not available to ext2 and ext3 file systems. This is a hold over from extfs.

Source : link

Date : 2020.10.13