4.6. Additional Protection Features

In addition to the access permissions, any file has attributes that allow it to be secured further. There is, however, a limitation on such attributes' application: They can only be used with the Ext2 and Ext3 file system. But this circumstance can be called a limitation with a reservation, because Ext3 has been the file standard for all distributions for a long time.

The current attributes of a file can be viewed with the help of the lsattr command:

 lsattr filename.txt

Its execution results will usually look like the following:

 -------------- filename.txt

The string of dashes means that none of the attributes are set.

Attributes are set using the chattr command as follows :

 chattr attributes file_name

Using the -R option with a directory will apply the specified attributes recursively to the directory and its contents.

The attributes used by the chattr command and their functions are the following:

A The file's atime record (the time that the file was last accessed) is not modified when the file is accessed. From the security standpoint, this attribute has a negative effect, because the access date can be used to monitor when the file was modified last. I, therefore, recommend not setting this attribute. But if you are running Linux on a home computer and have no need to monitor the access history, you can set this attribute to reduce the number of disk writes (by eliminating an extra write operation when saving the file).
a A file with this attribute set can only be opened in the append mode. This means that any data it already contains cannot be modified or deleted.
d When the backup utility is run, files with this attribute set are not backed up. Setting this attribute allows the size of the backup to be reduced. However, you should only set this attribute to files that are of little importance, such as temporary files.
i This disables any modifications (editing, deleting, renaming, creating links) of a file with this attribute set.
s After a file is deleted, it cannot be restored: Its blocks are set to zeros and then written to the disk. This means that the disk space occupied by the file will be filled with zeros.
S All changes to the file will be written on the disk.

An attribute is set by specifying it prefixed with the + character; it is cleared by specifying it prefixed with the - character. Consider the following examples:

 chattr +i test chattr +s test lsattr test s--i---------- test

In the first entry, the file's i attribute is set, disallowing any modifications to the file. In the second entry, the file's s attribute is set. When the file is deleted, its place on the disk will be overwritten with zeros, ensuring that it cannot be recovered. The command in the third entry displays the file's current attributes, which are displayed in the last entry. You can see that the file's s and i attributes are set.

These attributes are mutually exclusive: The former disallows modification, and the latter requires that the file be completely erased from the disk. What will happen if you try to delete the file? Take a look:

 rm test rm: remove write-protected file "test"?

In the first entry, you execute the rm command to delete the file. The operating system reacts to the command by asking it to confirm the deletion of the write-protected file (the message in the second entry). As you can see, the operating system detected the file's i (no modifications) attribute. Enter "Y" to agree to the deletion. The system issues an error message and the file remains intact.

Clear the i attribute and list the file's updated attributes:

 chattr -i test lsattr test s------------- test

You can see that the i attribute has been cleared. Now the file can be deleted using the rm command without any problems.