chattr

Make a file or directory [i]mmutable to changes and deletion, even by superuser

$ sudo chattr +i [path/to/file_or_directory]

$ sudo chattr -i [path/to/file_or_directory]

$ sudo chattr -R +i [path/to/directory]

$ chattr +F [path/to/directory]

$ sudo chattr +a [path/to/file]

chattr [-RVf] [-+=aAcCdD[iI]sSuU] files...

-R
    Recursively change attributes in directories.

-V
    Output version information (rarely used).

-f
    Suppress most error messages.

-v
    Set or display file version (filesystem-specific).

+a or -a or =a
    Append-only: allow writes/appends but no truncation/overwrites.

+A or -A or =A
    No atime updates: don't update access time on reads.

+c or -c or =c
    Compressed: enable transparent compression.

+d or -d or =d
    No dump: exclude from dump(8) backups.

+D or -D or =D
    Dirsync: write directory updates synchronously.

+i or -i or =i
    Immutable: prevent modification, deletion, or renaming (even by root).

+s or -s or =s
    Secure deletion: overwrite data with zeros on delete.

+S or -S or =S
    Synchronous updates: write metadata synchronously.

+u or -u or =u
    Undeletable: allow recovery of deleted data.

+I or -I or =I
    Indexed directories (ext4 htree).

The chattr command modifies file and directory attributes on supported Linux filesystems such as ext2, ext3, ext4, XFS, and Btrfs. These attributes extend beyond standard permissions, enforcing behaviors like immutability, append-only writes, compression, and no access-time updates.

Common uses include securing critical files (e.g., making /etc/passwd immutable against deletion or modification), optimizing performance by disabling atime updates on logs or temp files, and enabling features like transparent compression or synchronous updates for data integrity.

Attributes are set using + to add, - to remove, or = to set exactly. Most require root privileges. Once set, some attributes (like immutable) restrict even root from altering the file until the attribute is cleared. This makes chattr powerful for system hardening, tamper protection, and forensic preservation.

It operates via ioctl calls to the kernel, so compatibility depends on filesystem support. View attributes with lsattr.

Requires root for most attributes; filesystem-specific support (ext2/3/4, XFS, etc.); immutable (+i) blocks changes until cleared; not all attributes available on all FS; no effect on non-supported filesystems like FAT or NTFS.

chattr +i /etc/resolv.conf — make immutable.
chattr -i /etc/resolv.conf — remove immutable.
chattr +a /var/log/messages — append-only logging.
lsattr /etc/resolv.conf — view attributes.

Core on ext2/3/4; partial on XFS (a,i,S), Btrfs (c,i); check man chattr for details.

Developed as part of e2fsprogs package for ext2 filesystem by Remy Card and Theodore Ts'o in early 1990s; extended for ext3/4 and other FS; widely used since Linux 2.5+ kernels.

lsattr(1), debugfs(8), e2fsck(8)