Linux Command lsattr Usage and 4 Options

by

The Linux command lsattr is used to display the attributes applied to files or directories. Unlike the typical file listing command ls, lsattr reveals special attributes used in the file system, which can be helpful for system administrators to protect files or control specific functions. In this post, we will explore how to use the lsattr command and its options, and also discuss its practical applications in real-world scenarios.

What is the Linux Command lsattr?

lsattr is a command that shows the attributes of files or directories within the Linux file system, mainly used in ext2, ext3, and ext4 file systems. With this command, you can check if a file or directory has attributes such as read-only, immutable, or undeletable. These attributes play a crucial role in preventing files from being unintentionally modified or deleted.

In Linux, file and directory attributes are critical for maintaining security and integrity. For example, setting an immutable attribute on important system files can protect them from accidental deletion.

How to Use the lsattr Command

The basic usage of the lsattr command is very straightforward. You simply specify the file or directory path after the command to view its attributes.

lsattr [options] [file or directory path]
ShellScript

If you run lsattr without any options, it will display the attributes of all files in the current directory.

lsattr
ShellScript

Executing this command will output a list of the file attributes in the current directory, as shown in the figure below. Each file’s attributes are represented by letters that appear in front of the file name, indicating the characteristics of the file.

Figure 1. Linux command lsattr: Output of attributes of files and directories in the current directory
Figure 1. Linux command lsattr: Output of attributes of files and directories in the current directory

As shown above, the letters that precede the file name represent the file’s attributes. The meaning of these attributes will be explained below.

Explanation of lsattr Command Attributes

The letters displayed by the lsattr command correspond to various special attributes assigned to files or directories. Below are the meanings of the main attributes:

  • a: Append-only mode — You can only add content to the file; modifying existing content is not allowed.
  • i: Immutable mode — The file cannot be modified or deleted. This attribute is often applied to critical system files.
  • d: No dump — The file will be excluded from backup (dump).
  • e: Extent attribute — Indicates that the file has extended attributes.
  • s: Secure deletion — When the file is deleted, its content is overwritten with zeros. Note that this may not apply to ext2, ext3, or ext4. If you want to securely delete files, consider using tools like wipe or srm.
  • u: Undeletable — After the file is deleted, it remains recoverable.

Main Options of the lsattr Command

The lsattr command can be used with various options to control the output format or display specific file attributes. Here are the key options:

  • -a: Include hidden files — By default, hidden files (those starting with a .) are excluded, but this option includes them in the output.
  • -d: Show directory attributes — Displays only the attributes of directories, not the files inside them.
  • -R: Recursively display attributes — Shows the attributes of all files and subdirectories within the specified directory.
  • -v: Show version — Displays version information of the file.
lsattr -a
ShellScript

This command will show the attributes of all files in the current directory, including hidden files.

Figure 2. Linux command lsattr: Viewing all files, including hidden ones, using the -a option
Figure 2. Linux command lsattr: Viewing all files, including hidden ones, using the -a option
lsattr -R /var/log
ShellScript

This command will recursively display the attributes of files within the /var/log directory and its subdirectories.

Figure 3. Linux command lsattr: Recursively viewing file attributes using the -R option
Figure 3. Linux command lsattr: Recursively viewing file attributes using the -R option

Important Notes

The lsattr command is only used for reading file or directory attributes and does not change them. To modify file attributes, use the chattr command. For example, to make a file undeletable, you can use the chattr +i command to add the immutable attribute.

Although lsattr does not require root privileges, changing attributes with chattr may. Therefore, always be cautious when modifying file attributes, as incorrectly changing the attributes of system files could lead to unexpected issues.

Practical Uses of the lsattr Command

The Linux command lsattr is mainly used in system administration to check if files are protected. For example, you can verify if an important configuration or log file has the i attribute, which sets it to immutable mode, using the lsattr command.

Additionally, you can exclude unnecessary temporary files or log files from backups by adding the d attribute, which prevents them from being included in the dump process. This can help save storage space by avoiding the backup of irrelevant files.

Summary

The Linux command lsattr is a crucial tool for viewing file system attributes. Features like the immutable attribute (i), which prevents file modification or deletion, and the secure deletion attribute (s), which overwrites file content upon deletion, are essential for protecting the integrity of important files. However, be aware that certain file systems may not support all attributes, so always check the manual before using the command.

Though simple, this command can be highly effective in safeguarding important data from accidental or malicious deletion. Therefore, Linux system administrators should be familiar with this command and its attributes to ensure the system operates securely.

References

Leave a Comment