What does the lsattr command do?

The lsattr command lists file attributes on ext2, ext3, and ext4 filesystems, showing special properties like immutable, append-only, and other extended attributes.

How do I view file attributes with lsattr?

Use 'lsattr filename' to view attributes of a specific file, or 'lsattr -a' to show attributes of all files including hidden ones in the current directory.

What filesystems support lsattr?

lsattr works primarily with ext2, ext3, and ext4 filesystems. Some attributes may also work on other filesystems like XFS and Btrfs.

lsattr Command

The lsattr command lists file attributes on ext2, ext3, and ext4 filesystems. It displays special file properties that control how the filesystem handles files, such as immutable, append-only, and compression attributes.

Syntax

lsattr [OPTIONS] [FILES...]

Description

The lsattr command displays file attributes that are specific to ext2, ext3, and ext4 filesystems. These attributes provide additional control over file behavior beyond standard Unix permissions.

Key features:

Display extended file attributes
Work with ext2/ext3/ext4 filesystems
Show special file properties
Support recursive directory traversal
Complement the chattr command

Note: lsattr primarily works with ext2, ext3, and ext4 filesystems. Some attributes may be supported on other filesystems like XFS and Btrfs.

Common Options

Option	Description
`-a`	List all files including hidden files (starting with .)
`-d`	List directories like other files, not their contents
`-R`	Recursively list attributes of directories and contents
`-v`	List the file's version/generation number
`-l`	Print the options using long names instead of single characters
`-p`	List the file's project number

File Attributes

Attribute	Symbol	Description
Append only	`a`	File can only be opened for appending
Compressed	`c`	File is compressed by the kernel
No dump	`d`	File is not a candidate for backup when dump is run
Extent format	`e`	File uses extents for mapping blocks
Immutable	`i`	File cannot be modified, deleted, or renamed
Data journaling	`j`	File data is written to journal before being written to file
Secure deletion	`s`	File blocks are zeroed when deleted
No tail-merging	`t`	File tail should not be merged
Undeletable	`u`	File contents are saved when deleted
No atime updates	`A`	File access time is not updated
Synchronous updates	`S`	File changes are written synchronously
Top of directory hierarchy	`T`	Directory is top of directory hierarchy

Examples

List attributes of a file

lsattr file.txt

Shows attributes of the specified file

List attributes of all files

lsattr *

Shows attributes of all files in current directory

List attributes including hidden files

lsattr -a

Shows attributes of all files including hidden ones

List directory attributes

lsattr -d /home/user

Shows attributes of the directory itself, not its contents

Recursive listing

lsattr -R /home/user

Recursively shows attributes of all files and subdirectories

Show version numbers

lsattr -v file.txt

Displays file version/generation number along with attributes

Long format output

lsattr -l file.txt

Shows attributes using long names instead of single characters

Show project numbers

lsattr -p file.txt

Displays project number (if supported by filesystem)

Understanding lsattr Output

Output Format

                        $ lsattr file.txt
                        -------------e-- file.txt
                        
                        $ lsattr -v file.txt
                        123456 -------------e-- file.txt
                        
                        $ lsattr -l file.txt
                        file.txt             Extents
                    

Different output formats showing attributes

Common Attribute Combinations

                        # Normal file
                        -------------e-- normal_file.txt
                        
                        # Immutable file
                        ----i--------e-- protected_file.txt
                        
                        # Append-only file
                        -----a-------e-- log_file.txt
                        
                        # No atime updates
                        --------A----e-- frequently_read.txt
                    

Examples of different attribute combinations

Working with chattr

Setting Attributes

Make file immutable

                        # Set immutable attribute
                        sudo chattr +i important_file.txt
                        
                        # Verify the change
                        lsattr important_file.txt
                        # Output: ----i--------e-- important_file.txt
                    

Set and verify immutable attribute

Make file append-only

                        # Set append-only attribute
                        sudo chattr +a log_file.txt
                        
                        # Check attributes
                        lsattr log_file.txt
                        # Output: -----a-------e-- log_file.txt
                    

Set and verify append-only attribute

Remove attributes

                        # Remove immutable attribute
                        sudo chattr -i important_file.txt
                        
                        # Verify removal
                        lsattr important_file.txt
                        # Output: -------------e-- important_file.txt
                    

Remove attributes and verify changes

Practical Use Cases

System Protection

Protect system files

                        # Make critical system files immutable
                        sudo chattr +i /etc/passwd /etc/shadow /etc/group
                        
                        # Verify protection
                        lsattr /etc/passwd /etc/shadow /etc/group
                        
                        # Files cannot be modified even by root
                        # Must remove immutable attribute first
                    

Protect critical system files from modification

Log file management

                        # Make log files append-only
                        sudo chattr +a /var/log/important.log
                        
                        # Check attribute
                        lsattr /var/log/important.log
                        
                        # Log can be appended to but not truncated or deleted
                    

Ensure log files can only be appended to

Performance Optimization

Disable atime updates

                        # Disable atime updates for frequently accessed files
                        chattr +A frequently_read_file.txt
                        
                        # Verify setting
                        lsattr frequently_read_file.txt
                        # Output: --------A----e-- frequently_read_file.txt
                    

Improve performance by disabling atime updates

Backup Management

Exclude files from backup

                        # Mark files to be excluded from dump backups
                        chattr +d temp_file.txt cache_file.txt
                        
                        # Check attributes
                        lsattr temp_file.txt cache_file.txt
                        # Output: --d----------e-- temp_file.txt
                        #         --d----------e-- cache_file.txt
                    

Mark temporary files to exclude from backups

Troubleshooting

Common Issues

Filesystem not supported

                        $ lsattr file.txt
                        lsattr: Inappropriate ioctl for device While reading flags on file.txt
                        
                        # Check filesystem type
                        df -T .
                        
                        # lsattr works best with ext2/ext3/ext4
                    

Handle unsupported filesystem errors

Permission denied

                        $ lsattr /root/file.txt
                        lsattr: Permission denied While reading flags on /root/file.txt
                        
                        # Use sudo for files you don't own
                        sudo lsattr /root/file.txt
                    

Handle permission issues

Cannot modify immutable files

                        # If you can't modify a file, check for immutable attribute
                        lsattr suspicious_file.txt
                        
                        # If immutable (i) is set, remove it first
                        sudo chattr -i suspicious_file.txt
                        
                        # Then you can modify the file
                    

Troubleshoot immutable file issues

Best Practices

File Attribute Best Practices

Document Changes - Keep records of which files have special attributes
Use Sparingly - Only set attributes when necessary
Test First - Test attribute effects on non-critical files
Backup Strategy - Consider how attributes affect backups
Security Awareness - Understand security implications of each attribute
Regular Audits - Periodically review files with special attributes