chattr

Make a file or directory [i]mmutable to changes and deletion, even by superuser

$ chattr +i [path/to/file_or_directory]

$ chattr -i [path/to/file_or_directory]

$ chattr -R +i [path/to/directory]

$ chattr +F [path/to/directory]

$ chattr +a [path/to/file]

chattr [-RVf] [-v version] [-L] [-P] [+|-|=attributes] files...

attributes
    One or more characters specifying the attribute(s) to add (+), remove (-), or set (=).
Common attributes include:
a: Append only. Files can only be opened in append mode for writing.
i: Immutable. File cannot be modified, deleted, renamed, or linked. No data can be written to the file.
A: No atime updates. Disables updates to the file's access time.
S: Synchronous updates. Changes are written to disk synchronously.
D: Synchronous directory updates. For directories, changes are written synchronously.
c: Compress. File is automatically compressed/decompressed (not widely supported or used).
s: Secure deletion. When deleted, blocks are zeroed out (not guaranteed).
u: Undeletable. Attempts to save file content on deletion (not guaranteed).
j: Data journaling. All file data is written to the ext3 journal (deprecated on ext4).
t: No tail-merging. Prevents small files from being merged into larger blocks.

-R
    Recursively changes attributes on directories and their contents.

-v
    Displays the new version number of the file/directory. Use -v version to set a specific version.

-f
    Suppress most error messages.

-L
    If a symbolic link is encountered, change attributes on the link itself instead of the target.

-P
    When processing directories, change attributes on logical pathnames (default).

chattr is a powerful Linux command used to modify extended file attributes on files and directories, primarily on ext2, ext3, ext4, and sometimes XFS or Btrfs filesystems.
Unlike standard Unix permissions (chmod), which control read, write, and execute access for different user categories, chattr allows setting more granular and often more restrictive attributes. These attributes are kernel-enforced, offering an additional layer of security and data integrity. For instance, making a file immutable (+i) prevents it from being deleted, renamed, modified, or linked, even by the root user, until the attribute is removed. Similarly, the append-only (+a) attribute allows a file to be opened only in append mode for writing. chattr is crucial for protecting critical system files, log files, or sensitive data from accidental or malicious alteration. Most significant attribute changes require superuser (root) privileges.

chattr attributes are filesystem-specific. They are primarily supported and most effective on ext2/3/4 filesystems. While some attributes (i, a) might work on XFS or Btrfs, their behavior or support might vary.
Many critical attributes, especially i (immutable) and a (append-only), require root privileges to set or unset.
Misuse of chattr, particularly making critical system files immutable, can lead to system instability or prevent necessary updates and operations.
It is not a replacement for standard file permissions (chmod); it provides an additional, often more restrictive, layer of control.

Protecting log files (e.g., +a for /var/log/syslog to only allow appending).
Preventing accidental deletion or modification of critical configuration files (e.g., +i for /etc/fstab or /etc/resolv.conf).
Securing sensitive data files from unauthorized changes, even by privileged users.

The i (immutable) attribute is so strong that even the root user cannot delete or modify the file without first removing the attribute. This provides a significant security enhancement against rootkits or accidental system changes.

Use the lsattr command (e.g., lsattr filename) to view the attributes set on a file or directory.

chattr is part of the e2fsprogs package, a set of utilities for managing the ext2, ext3, and ext4 filesystems. Its development has been closely tied to the evolution of these filesystems, especially since the introduction of attributes in ext2. While initially designed for ext filesystems, its utility led to some attributes being adopted or emulated on other modern Linux filesystems where applicable. Its core functionality has remained consistent, focusing on providing granular control over file behavior at the kernel level.

lsattr(1), chmod(1), chown(1), setfattr(1)