Topics: Red Hat / Linux, Security, System Admin

Linux Extended File System Attributes

On Linux, you sometimes may run into an issue where you can't change permissions of a file, even though you're root, and you have access. For example:

# ls -asl authorized_keys
8 -rw------- 1 root root 6325 Sep 17 02:48 authorized_keys
# chmod 700 authorized_keys
chmod: changing permissions of `authorized_keys': Operation not 
# whoami
This is usually caused by the Extendef File System Attributes, especially if package e2fsprogs is installed. Two commands that will come in handy here are /usr/bin/chattr and /usr/bin/lsattr.

The most common attributes are:
  • A - When the file is accessed the atime record is not modified. This avoids a certain amount of disk I/O.
  • a - When this file is opened, it is opened in append only mode for writing.
  • i - This file cannot be modified, renamed or deleted.
For example:
# lsattr authorized_keys
----i-------- authorized_keys
This shows that the immutable flag (i) is in place on the file, and thus the reason why the file can't be modified. To remove it, use chattr:
# chattr -i authorized_keys
# lsattr authorized_keys
------------- authorized_keys
Now any commands to modify the file, will work:
# chmod 700 authorized_keys

If you found this useful, here's more on the same topic(s) in our blog:

UNIX Health Check delivers software to scan Linux and AIX systems for potential issues. Run our software on your system, and receive a report in just a few minutes. UNIX Health Check is an automated check list. It will report on perfomance, capacity, stability and security issues. It will alert on configurations that can be improved per best practices, or items that should be improved per audit guidelines. A report will be generated in the format you wish, and the report includes the issues discovered and information on how to solve the issues as well.

Interested in learning more?