Advanced Filesystem Attributes
Security - Training

Advanced Filesystem Attributes

 

As a Linux administrator, you may be called upon to set up a control system for file access. You probably already know how to set read, write, and execute permissions on files, and you will need to make extensive use of that knowledge. But, sometimes, you'll need more than just these permissions settings to get the job done. That's where filesystem attributes will come in handy. You can set different attributes on files in order to gain more control over how they are accessed.

There are two slight catches, though. You can only set file attributes on machines with hard drives that are formatted with either the ext2 or ext3 filesystems. That's not a problem for machines that are running a Red Hat-type operating system, since ext3 is your only choice with them. But, if you're setting up a machine with, say, Ubuntu Server, you'll have other filesystems to choose from. Just be sure to choose ext3 if you want to set file attributes.

 

Attempting to view file attributes on a reiser filesystem

Also, if you're accessing files on another computer via NFS, the attributes will still be in effect, but you won't be able to view or change the attributes.

To view file attributes, you'd use the lsattr command. Entering just the command by itself will show a list of all files in the current directory.

 

lsattr

------------- ./mytext.txt

------------- ./Duron_backup

------------- ./iptables-L.txt

------------- ./New_error.txt

------------- ./Desktop

------------- ./moodle-2007-8-25

------------- ./test_dir

------------- ./BOINC

------------- ./ts2_client_rc2_2032.tar.bz2

------------- ./OOo_2.3.0_LinuxIntel_install_wJRE_en-US.tar.gz

------------- ./ifconfig_output.txt

------------- ./dmesg

------------- ./BOINC.tar.bz2

------------- ./ts2_client_rc2_2032

------------- ./tls_handshake_error.txt

 

You can see from the listing that no attributes have been set. Now, let's say that we don't want to allow the "mytext.txt" file to be backed up with the "dump" command. We'll use the chattr command to set the "d" attribute.

 

lsattr mytext.txt

------------- mytext.txt

chattr +d mytext.txt

lsattr mytext.txt

------d------ mytext.txt


 

Here, we've used the "+" sign to add the attribute. We'll use the "-" sign to remove it.

 

chattr -d mytext.txt

lsattr mytext.txt

------------- mytext.txt


 

Setting the "s" attribute will cause the file to be securely wiped when someone deletes it. This makes it much harder for unauthorized persons to recover and view the file.

 

chattr +s mytext.txt

lsattr mytext.txt

s------------ mytext.txt

 

Using an upper-case "S" instead of a lower-case "s" tells the filesystem to immediately write the file to disk, instead of storing it in a buffer. (Note also, that we left the "s" attribute this time, so that we now have two attributes set for this file.)

 

chattr +S mytext.txt

lsattr mytext.txt

s-S---------- mytext.txt


The upper-case "A" attribute tells the filesystem to not update the file's atime. This can cut down on disk access, which could help extend a laptop's battery life, and can cut down on bandwidth usage if you're accessing files via NFS.

chattr +A mytext.txt

lsattr mytext.txt

s-S----A----- mytext.txt

 

Of course, you'll seldom want to use the "A" attribute. If you need to turn off atime updates, you're better off mounting the filesystem with the "noatime" parameter, instead.

So far, we've performed all attribute changes with only normal user privileges, and on the user's own files. There are still two other attributes that can only be set with root privileges. Even if the file belongs to you, you'll receive an error if you try to change them with only your normal user privileges.

 

chattr +a mytext.txt

chattr: Operation not permitted while setting flags on mytext.txt

 

The "a" attribute will allow a file to be opened only in append mode. This will allow you to add more text or data to a file, but will not allow you to overwrite it.

 

sudo chattr +a mytext.txt

Password:

lsattr mytext.txt

s-S--a-A----- mytext.txt

echo "This is a test of the a attribute." > mytext.txt

bash: mytext.txt: Operation not permitted

echo "This is a test of the a attribute." >> mytext.txt

 

The final attribute we'll cover, which also requires root privileges, is the "i" attribute. This make a file immutable. In other words, it can't be changed, renamed, or deleted. And, no links can be created to it.

 

sudo chattr +i mytext.txt

Password:

lsattr mytext.txt

s-S-ia-A----- mytext.txt

rm mytext.txt

rm: remove write-protected regular file `mytext.txt'? y

rm: cannot remove `mytext.txt': Operation not permitted

 

Finally, if you need to add or delete more than one attribute, you can combine the operations into one single command.

 

sudo chattr -AaisS mytext.txt

lsattr mytext.txt

------------- mytext.txt


 

There are a few other attributes that we haven't covered. But they either have operational bugs, or they're attributes that are set by the system, and not by the user.

For more information, enter "man chattr" at the command-line.