Protect files from modification by setting filesystem attributes that stop writes, renames and deletes. 26.02.2026 | reading time: 2 min The `chattr` command lets you set low-level filesystem attributes on Linux files and directories to prevent accidental or malicious changes; try it when permissions alone are not enough. Hands-on demo Follow along with this live example that creates a file, makes it immutable, shows the failed write attempt, then removes the flag and writes again:\n```sh\n$ sudo touch /tmp/secret.txt\n$ sudo sh -c "echo 'initial' > /tmp/secret.txt"\n$ lsattr /tmp/secret.txt\n-------------- /tmp/secret.txt\n$ sudo chattr +i /tmp/secret.txt\n$ lsattr /tmp/secret.txt\n----i-------- /tmp/secret.txt\n$ sudo sh -c "echo 'more' >> /tmp/secret.txt"\nsh: /tmp/secret.txt: Operation not permitted\n$ sudo chattr -i /tmp/secret.txt\n$ sudo sh -c "echo 'more' >> /tmp/secret.txt"\n$ cat /tmp/secret.txt\ninitial\nmore\n``` Practical notes and pitfalls Use `+i` for immutable and `+a` for append-only; these stop writes and deletions even by normal root processes until the flags are removed, so be cautious; `lsattr` shows attributes, `-R` makes changes recursive, and not all filesystems support every flag, so verify support before relying on them for backups or system files. When to use and when not Set immutable on configuration or critical data to reduce accidental tampering, but do not treat `chattr` as a replacement for access control or auditing; a determined administrator can remove attributes, and some services may break if they cannot update files they expect to change. Companion commands Pair `chattr` with `lsattr` to inspect flags and with filesystem tools when preparing storage; use `getfattr` for extended attributes if you need metadata beyond chattr's scope. Join Bits & Bytes Academy First class LINUX exam preparation. filesystem security utilities
