Chattr Command in Linux (File Attributes)
Many Linux filesystems support special file attributes that control how the kernel and system tools handle a file. You can mark a file as immutable so it cannot be changed or removed by mistake, or set a log file to append-only so new entries can be added without allowing old ones to be overwritten. These attributes work separately from standard permission bits , and support depends on the filesystem.
The chattr command sets or removes supported attributes, and its companion lsattr displays them. This guide explains the most useful flags with practical examples.
chattr Syntax
The chattr command takes the following general form:
chattr [OPTIONS] [OPERATOR][ATTRIBUTES] FILE...The [OPERATOR] is one of three symbols:
+- Add the specified attributes to the existing ones.-- Remove the specified attributes from the existing ones.=- Set the specified attributes as the only attributes, replacing all others.
The operator is followed by one or more [ATTRIBUTES] flags. The most useful flags are:
i- Immutable. The file cannot be modified, deleted, renamed, or linked to. Only root or a process with the required capability can set or clear this flag.a- Append only. The file can only be opened in append mode for writing. Existing content cannot be overwritten or truncated. Only root or a process with the required capability can set or clear this flag.A- No atime updates. The kernel will not update the access time (atime) when the file is read.d- No dump. The file is skipped by thedumpbackup program.e- Extents. The file uses extents for mapping blocks on disk. This flag may appear inlsattroutput, but it cannot be removed withchattr.s- Secure deletion. This flag is documented bychattr, but current ext2, ext3, and ext4 kernels do not honor it.S- Synchronous updates. Changes to the file are written to disk immediately.j- Data journaling. File data is written to the ext3 or ext4 journal before being written to the file itself.u- Undeletable. This flag is documented bychattr, but current ext2, ext3, and ext4 kernels do not honor it.
For the full list, run man chattr.
The most commonly used option is:
-R- Apply attribute changes recursively to directories and their contents.
By default, file attributes are not preserved when copying a file with commands like cp
or rsync
.
Viewing Attributes with lsattr
Before changing attributes, you need to see what is already set. The lsattr command shows the current attribute flags for one or more files:
lsattr todo.txt--------------e----- todo.txtEach position in the output corresponds to an attribute flag. In this case only the e (extents) flag is set, which is the default on ext4 filesystems.
If you prefer descriptive names instead of single-letter flags, use -l:
lsattr -l todo.txtYou can also pass a directory to lsattr to see the attributes of every file inside it. This is helpful when auditing a configuration directory like /etc/:
lsattr /etc/By default this skips hidden files. Add -a to include dot files in the listing:
lsattr -a /etc/If you want to see the attributes of the directory itself rather than its contents, use -d:
lsattr -d /etc/For a full recursive listing of a directory tree, use -R:
lsattr -R /etc/Making a File Immutable
One of the most common uses of chattr is making a file immutable so it cannot be modified, deleted, or renamed.
Create a test file and set the immutable flag with +i:
touch ~/demo.txt
sudo chattr +i ~/demo.txtWe use sudo because changing the immutable flag requires elevated privileges.
Verify the change:
lsattr ~/demo.txt----i---------e----- /home/user/demo.txtThe i flag now appears in the output. If you try to remove the file, the operation will fail:
rm ~/demo.txtrm: cannot remove '/home/user/demo.txt': Operation not permittedTo remove the immutable flag when you need to edit or delete the file again:
sudo chattr -i ~/demo.txtAfter clearing the flag, you can modify or remove the file normally.
Setting Append-Only Mode
The a (append-only) attribute is useful for log files. It allows new data to be appended but prevents existing content from being overwritten or truncated.
Create a test file and enable append-only mode:
touch /tmp/app.log
sudo chattr +a /tmp/app.logAfter setting this flag, you can still append to the file:
echo "new entry" | sudo tee -a /tmp/app.logBut attempting to overwrite it will fail:
echo "overwrite" | sudo tee /tmp/app.logtee: /tmp/app.log: Operation not permittedThis restriction applies to new write attempts. As the chattr manual notes, existing open file descriptors are not affected retroactively.
To remove the append-only flag:
sudo chattr -a /tmp/app.logCombining Multiple Attributes
You can set or remove multiple attributes in a single command. For example, to make a file immutable and disable atime updates:
sudo chattr +iA todo.txtVerify:
lsattr todo.txt----i------A--e----- todo.txtTo remove both at once:
sudo chattr -iA todo.txtUsing the = Operator
The = operator replaces the current user-settable attributes with exactly the ones you specify. For example, to leave a file with only the A flag set:
sudo chattr =A todo.txtThis clears other changeable flags such as i or a and keeps A. Filesystem-managed flags such as e may still appear in lsattr output.
Applying Attributes Recursively
The -R flag applies attribute changes to a directory and everything inside it. Start with a test directory before you use it on system paths:
mkdir -p ~/demo-config/subdir
touch ~/demo-config/app.conf ~/demo-config/subdir/site.conf
sudo chattr -R +i ~/demo-config/Every file and subdirectory under ~/demo-config/ is now immutable. To reverse it:
sudo chattr -R -i ~/demo-config//etc/nginx/, package managers and configuration tools will fail to update files there. Remove the flag before running updates.Quick Reference
| Task | Command |
|---|---|
| View attributes | lsattr file |
| View attributes recursively | lsattr -R /path/ |
| Make file immutable | sudo chattr +i file |
| Remove immutable flag | sudo chattr -i file |
| Set append-only | sudo chattr +a file |
| Remove append-only | sudo chattr -a file |
| Disable atime updates | sudo chattr +A file |
| Skip dump backups | sudo chattr +d file |
| Apply recursively | sudo chattr -R +i /dir/ |
| Set exact attributes | sudo chattr =A file |
Troubleshooting
“Operation not permitted” when setting attributes
Only root can set the i and a flags. Run the command with sudo.
“Operation not permitted” even with sudo
Some filesystems and mount setups do not support these file attribute flags. Verify the filesystem type with df -T /path/to/file and confirm it supports chattr.
Cannot delete or modify a file unexpectedly
Someone may have set the immutable flag. Check with lsattr file and look for the i flag. Remove it with sudo chattr -i file.
Package updates fail with “Operation not permitted”
If you applied chattr +i recursively to a system directory like /etc/, package managers will not be able to update configuration files. Remove the flag with sudo chattr -R -i /etc/directory/ before running updates.
Conclusion
The chattr and lsattr commands give you filesystem-level control over how files can be modified, deleted, or backed up. For related file permission management, see the chmod
and chown
guides.
Tags
Linuxize Weekly Newsletter
A quick weekly roundup of new tutorials, news, and tips.
About the authors
Dejan Panovski
Dejan Panovski is the founder of Linuxize, an RHCSA-certified Linux system administrator and DevOps engineer based in Skopje, Macedonia. Author of 800+ Linux tutorials with 20+ years of experience turning complex Linux tasks into clear, reliable guides.
View author page