Linux extended attributes protect files from accidental or malicious changes, and the security features are easy...
to set with a few commands.
In Unix's early days, security was three permissions assigned to the user, group and other entities. As Linux replaced Unix and data security gained importance, Linux extended attributes were created.
The most important difference between permissions and attributes is that attributes don't depend on a user account. For that reason, changes made to them apply to all users, even root. You can use attributes to protect files from being deleted or modified by accident.
To work with extended attributes, you first need support in your Linux file system. On ext3 and ext4 file systems, check for support using the tune2fs –l command. Check the default mount options; if you don't see them listed, enable extended attributes support using tune2fs –o user_xattr /dev/yourfilesystem. Alternatively, use user_xattr as a mount option in fstab.
Once your file system is prepared for attributes, it's easy to set them with chattr. All you need is root permission. The following attributes are the most interesting for Linux security:
- Append only (a): allows you to add to the contents of a file, but not to remove any of the current contents, or the file itself.
- Immutable (i): disallows deletion or any modification.
- Secure deletion (s): ensures that after deletion the contents of the file cannot be recovered.
- Undeletable (u): ensures that the contents of the file can be modified, but it's not possible to delete the file.
For instance, if you want to apply the immutable permission to a file, use chattr +i file.
Check what attributes are applied with lsattr (see listing 1). With lsattr, you can see how attributes are applied and verified. With the immutable attribute set in the example above, even user root cannot remove the file.
[root@iad data]# chattr +i file1
[root@iad data]# lsattr file1
[root@iad data]# rm -f file1
rm: cannot remove 'file1': Operation not permitted
Listing 1. Checking and setting permissions with Linux extended attributes.
Linux extended attributes are a useful security addition to complement or counteract default functionality in the file system. To continue the example above, applying "i" extended attributes as an extra layer of protection to files in a user's home directory will prevent the user from removing all files from their home directory, even if the user has permission to delete these files by default.
Other extended attributes
On an ext4 file system, all files have the extents (e) attribute set by default, because ext4 uses these to store files. An extent has a default allocation size of 2 MB, whereas a traditional file system block is only 4 KB typically. This advanced file system feature is implemented via attributes.
On the main page of the chattr command, some attributes are listed that cannot actually be used. Every attribute needs supporting functionality in the underlying file system. If the file system doesn't offer this functionality, you can set the attribute, but to no effect.
About the author:
Sander van Vugt is an independent trainer and consultant based in the Netherlands. He is an expert in Linux high availability, virtualization and performance. He has authored many books on Linux topics, including Beginning the Linux Command Line, Beginning Ubuntu LTS Server Administration and Pro Ubuntu Server Administration.