This article will illustrate the use of the “i” and “a” file attributes on a Linux operating system. Both of these attributes can come handy when the system administrator wants to apply additional access restrictions to specific files.

Attribute “i“

Sometimes it might be very useful to render a file immutable – nobody (not even the root user) will be able to edit, rename, move or delete this file. The way to do that on a Linux file system is by using file attributes (also called flags) and more specifically the “i“-immutable file attribute.

On a Linux system, there are two commands for working with file attributes. These are:

chattr – this is the command, which is used to set file attributes to files. Some attributes, including the immutable attribute can only be set by the superuser.

– this is the command, which is used to set file attributes to files. Some attributes, including the immutable attribute can only be set by the superuser. lsattr – this is the command that is used to display the attributes currently set for a file.

I will illustrate the use of file attributes by the simple example below:

We create an empty file:

Let’s list the current attributes of this file:

As you can see the only flag set for this newly created file is the “e” flag which is on by default for all Linux files on an ext4 file system.

Now, let’s set the “i” flag for this file. Remember that by default, only a superuser can do this:

Let’s list the attributes now:

As you can see the “i” flag is visible now.

To test the functionality, I will try to modify the file in several ways:

[email protected]:~# mv example.txt renamed.txt mv: cannot move `example.txt' to `renamed.txt': Operation not permitted [email protected]:~# rm -f example.txt rm: cannot remove `example.txt': Operation not permitted [email protected]:~# echo "Some string" > example.txt bash: example.txt: Permission denied

As can be seen from the above examples, we cannot move, delete or add content to this file.

To remove the immutable attribute from a file you need to use the chattr command again. For example:

Attribute “a“

Another useful file attribute is the “a” attribute. The “a” stands for “append” and this flag indicates that a file can only be opened for append operations, i.e. additional content can only be added to the file but none of the existing content can be modified.

The functionality can be easily illustrated with the example below:

First, set the “a” attribute:

Next, attempt to modify the file:

Only the last operation that we attempted on this file was successful because it just appended the “appending new content” string to the end of the file without modifying its existing content.