linux 设置文件属性,Linux 使用chattr设置文件属性

文件的普通属性可以通过ls -l来查看，但还有一些“高级”的文件属性，可以通过chattr来设置、lsattr来查看。这些属性包括 文件是否被自动压缩、文件是否允许修改、删除等。简单的语法如下：

NAME

chattr - change file attributes on a Linux file system

SYNOPSIS

chattr [ -RVf ] [ -v version ] [ mode ] files...

DESCRIPTION

chattr changes the file attributes on a Linux file system.

The format of a symbolic mode is +-=[acdeijstuACDST].

ATTRIBUTES

When a file with the 'A' attribute set is accessed, its atime record is not modified. This avoids a certain amount of disk I/O for

laptop systems.

A file with the `a' attribute set can only be open in append mode for writing. Only the superuser or a process possessing the

CAP_LINUX_IMMUTABLE capability can set or clear this attribute.

A file with the `c' attribute set is automatically compressed on the disk by the kernel. A read from this file returns uncompressed

data. A write to this file compresses data before storing them on the disk. Note: please make sure to read the bugs and limitations

section at the end of this document.

When a directory with the `D' attribute set is modified, the changes are written synchronously on the disk; this is equivalent to the

`dirsync' mount option applied to a subset of the files.

A file with the `d' attribute set is not candidate for backup when the dump(8) program is run.

A file with the `i' attribute cannot be modified: it cannot be deleted or renamed, no link can be created to this file and no data can

be written to the file. Only the superuser or a process possessing the CAP_LINUX_IMMUTABLE capability can set or clear this attribute.

When a file with the `u' attribute set is deleted, its contents are saved. This allows the user to ask for its undeletion. Note:

please make sure to read the bugs and limitations section at the end of this document.

示例1：设置文件只能被追加内容，多用于日志

qingsong@db2a:/tmp$

touch log1

qingsong@db2a:/tmp$

sudo chattr +a log1

qingsong@db2a:/tmp$

echo "line1" >> log1

qingsong@db2a:/tmp$

echo "line2" > log1

-bash: log1: Operation not permitted

示例2：设置文件不能被修改，包括不能被删除、重命名、复制、建立链接文件、修改内容，即使超级用户或者root也没法修改文件

qingsong@db2a:/tmp$

touch log2

qingsong@db2a:/tmp$

sudo chattr +i log2

qingsong@db2a:/tmp$

echo "line1" >> log2

-bash: log2: Permission denied

qingsong@db2a:/tmp$

sudo echo "line1" >> log2

-bash: log2: Permission denied

qingsong@db2a:/tmp$

sudo echo "line1" > log2

-bash: log2: Permission denied

qingsong@db2a:/tmp$

rm log2

rm: remove write-protected regular empty file 'log2'? y

rm: cannot remove 'log2': Operation not permitted

qingsong@db2a:/tmp$ sudo rm log2

rm: cannot remove 'log2': Operation not permitted

切换到root之后，也无法删除、重命名、建立硬链接，不过，符号链接还是可以建立的：

qingsong@db2a:/tmp$

sudo su root

root@db2a:/tmp#

rm log2

rm: cannot remove log2 Operation not permitted

root@db2a:/tmp#

mv log2 log2.bak

mv: cannot move log2 to log2.bak Operation not permitted

root@db2a:/tmp#

cp -l log2 log2.bak

cp: cannot create hard link log2.bak to log2 Operation not permitted

root@db2a:/tmp#

cp -s log2 log2.bak

root@db2a:/tmp#

ls -l log2*

-rw-rw-r-- 1 qingsong qingsong 0 Aug 20 19:57 log2

lrwxrwxrwx 1 root root 4 Aug 20 20:01 log2.bak -> log2

查看特殊属性，由于这些属性都是隐藏的，ls看不出来，需要使用lsattr来查看：

root@db2a:/tmp#

lsattr log* -----a-------e-- log1 ----i--------e-- log2 lsattr: Operation not supported While reading flags on log2.bak 所以，有时候明明看起来有权限，却操作不了，不妨看一下隐藏属性。