5 ‘chattr’ Commands to Make Important Files IMMUTABLE (Unchangeable) in Linux

Best Affordable Linux and WordPress Services For Your Business
Outsource Your Linux and WordPress Project and Get it Promptly Completed Remotely and Delivered Online.

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.45/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Narad Shrestha

He has over 10 years of rich IT experience which includes various Linux Distros, FOSS and Networking. Narad always believes sharing IT knowledge with others and adopts new technology with ease.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

12 Responses

  1. Rahul says:

    I have one file in my server with below permissions:

    # lsattr -a syshub
    ----i--------e-- syshub

    How can I delete this?

  2. Robin says:

    Thank you for the excellent summary and examples!

    There is one point I have a further question about:

    Your elaboration on the “i” attribute says “no execution”

    I could not find this mentioned in the man pages at https://linux.die.net/man/1/chattr

    Also, I tried to run an immutable (albeit executable) script on my Linux workstation, and it works just fine.

    Is it different on your system?

    I believe executable files would still be executable, even if set immutable, do you agree?

    • Bred Floggs says:

      Also wrong about creating symlinks. I’ve not checked every bit of info, but he frankly doesn’t knwo what he’s talking about

      • Bred Floggs says:

        Also: Don’t add attributes to passwd or shadow – this is a bad idea. It adds nothing to security – in fact, by preventing users from changing their passwords, it actively reduces security. Interesting that one small article can get so much wrong.

  3. ganesh says:

    Can anyone please explain me about -e options in chattr.
    I am seeing like this
    ——————–e– for the file.

    • Shashank says:

      It indicates that the file is using extents for mapping the blocks on disk. Extents is file system dependent. You’re most likely using ext4. It may not be removed using chattr. To know more about extent, see the wikipedia page for extent(filesystem)

  4. Noob says:

    I love Tecmint. Always great information. Thanks guys.

  5. Naagabaabu says:

    Thanks for you information on chattr command. There is one small modification in 4th point. You need to change the placements of the command..

    chattr +a filename and example to add data

    chattr -a filename and example to add data

  6. Nishant says:

    Thank you for pointing this out. I needed chattr -ai to fix a directory that was mute. Appreciate it.

  7. Kyle H says:

    If you chattr +i /etc/shadow, users can’t change their passwords either.

  8. Vinodh says:

    Thanks for the posting Narad :)

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.