Quickly check whether a file is locked against modification using `lsattr` and related tools. 16.11.2025 | reading time: 2 min On a production host a configuration file suddenly cannot be edited; is it locked by the kernel or by a process? Use `lsattr` to inspect the immutable attribute and decide the next step. Hands-on example Create a small scenario and observe behavior; commands and outputs follow: ``` $ printf "version=1\n" > /srv/app/config.yaml $ ls -l /srv/app/config.yaml -rw-r--r-- 1 root root 10 Sep 10 12:00 /srv/app/config.yaml $ lsattr /srv/app/config.yaml ----i--------e-- /srv/app/config.yaml $ sudo chattr +i /srv/app/config.yaml $ lsattr /srv/app/config.yaml ----i--------e-- /srv/app/config.yaml $ echo "version=2" > /srv/app/config.yaml -bash: /srv/app/config.yaml: Permission denied $ sudo chattr -i /srv/app/config.yaml $ echo "version=2" > /srv/app/config.yaml $ cat /srv/app/config.yaml version=2 ``` What to watch for The immutable flag (i) is enforced by the kernel and prevents modifications, deletion and renaming; only root or a process with the appropriate capability can toggle it; on directories the flag blocks creating or removing entries and the append-only flag (a) behaves differently; not every filesystem supports these attributes the same way, so confirm filesystem compatibility before relying on them. Complementary commands `chattr` is used to set or clear attributes, `lsattr` shows them, and `getfattr` is useful for extended attributes (xattr) which are a different mechanism; `stat` and `ls -l` do not reveal the immutable bit, while low-level tools such as `debugfs` can inspect filesystem internals on ext filesystems. Next step If you find an immutable file, decide whether to remove the flag and audit why it was set, and incorporate attribute checks into configuration management and incident playbooks; deepen this practical knowledge by studying filesystem behavior and consider formal certification to validate skills. Join Bits & Bytes Academy First class LINUX exam preparation. filesystem utilities security
