Getting started with chattr
Q Does anybody use the chattr program at all? I was looking at the program's man page recently and it appears to be a very interesting utility. I'm a little surprised that it doesn't seem to get much mention as some of the attribute settings it can create would, on the face of it, appear to be very useful, such as the immutable attribute, switch '-i'. Would that be useful from a security point of view to protect key system programs from being modified (renamed, deleted, overwritten, etc)? And the '-s' switch looks good, which I take to mean 'sparse', as it apparently zeros a file's blocks, then writes them back to disk on a delete. Would that be a quick solution for people who have posted, inquiring about how to remove a file in total?
The program even has an'undeletion' attribute, switch '-u', though it should be pointed out that it's not implemented as yet. There will be a total gem if that ever occurs. In fact chattr seems like a gem of a utility overall. I suppose it could make updating files a bit bothersome, if a person forgot they had set the immutable attribute on a file. But then, it would just be a matter of resetting it as 'root'. I guess a trojan or the like could do the same if it suspected it may be set. But at least it would forcethe trojan to engage in extra activity and possibly make itself known as a result. The man page suggests that chattr's designed for the ext2 FS, but it does mention ext3, and talks about a journaling switch 'j'. I'm not sure how much that would limit its broader usability. I would think it would just be one of the many concerns associated with any development project. I've been wondering what people think of chattr, and, if they've used it, if it just caused them too much bother to be bothered. To me, it seems like it's just been hiding down there in /usr/bin', waiting to be put to work.
A The chattr utility is indeed very useful, as it allows many of the extended POSIX flags for files to be modified easily from the command line. chattr should work with many file systems, although it should be noted that ext2 and ext3 are essentially the same, with the latter being wrapped by the jbd layer in the kernel. Using chattr is very useful in situations where you don't want users to delete files from their home directory, or make modifications to them even when they can run 'chmod' over them. It can also prove handy when multiple administrators are working on a system and you want to avoid them making changes other admins don't want modifying. While anyone with root access can remove chattr settings, it does make them think and hopefully stops people before they make silly mistakes. It's worth remembering that many file systems now also have extended ACL capabilities configurable from the command line, with the current 2.6 kernel releases, to allow for very granular file access controls.
Follow us on Identi.ca or Twitter