1 00:00:06,960 --> 00:00:10,620 - In this video you'll learn about filesystem attributes. 2 00:00:10,620 --> 00:00:13,680 So the POSIX standard defines a number of attributes 3 00:00:13,680 --> 00:00:16,080 that can be used to add security to files. 4 00:00:16,080 --> 00:00:19,140 You can use chattr to set them, 5 00:00:19,140 --> 00:00:21,300 and lsattr to get an overview 6 00:00:21,300 --> 00:00:23,730 of currently applied attributes. 7 00:00:23,730 --> 00:00:26,910 There is a couple of attributes that is defined, 8 00:00:26,910 --> 00:00:29,730 but the immutable attribute is most common. 9 00:00:29,730 --> 00:00:30,563 Let me show you. 10 00:00:35,040 --> 00:00:40,040 So I'm creating a file with the name removeme.txt, 11 00:00:41,730 --> 00:00:46,713 and then chattr +i on removeme.txt. 12 00:00:48,600 --> 00:00:49,710 Now what is going to happen 13 00:00:49,710 --> 00:00:53,550 if they use rm -f on removeme.txt? 14 00:00:53,550 --> 00:00:55,860 I'm getting an operation not permitted. 15 00:00:55,860 --> 00:00:58,020 But I am root, yes that is right, 16 00:00:58,020 --> 00:01:01,440 but lsattr on removeme 17 00:01:01,440 --> 00:01:05,610 is showing that the immutable attribute is set, 18 00:01:05,610 --> 00:01:08,280 and if an attribute is set, even if you are root, 19 00:01:08,280 --> 00:01:12,420 you can't remove it without first removing the attribute. 20 00:01:12,420 --> 00:01:14,446 And that's what I'm doing next, 21 00:01:14,446 --> 00:01:18,480 chattr -i on removeme.txt, and now it's gone, 22 00:01:18,480 --> 00:01:21,690 and now I should be able to remove the file. 23 00:01:21,690 --> 00:01:22,980 There we go, and now it's gone. 24 00:01:22,980 --> 00:01:25,770 That is how you can use attributes. 25 00:01:25,770 --> 00:01:27,240 This is pretty convenient 26 00:01:27,240 --> 00:01:29,610 if you want to add some protection to files, 27 00:01:29,610 --> 00:01:34,410 and you wanna make sure nobody by accident is removing them. 28 00:01:34,410 --> 00:01:36,960 Now if you have a look at the man page, man chattr, 29 00:01:37,920 --> 00:01:40,920 then you can see all the letters that can be used 30 00:01:40,920 --> 00:01:43,050 for the attributes right here. 31 00:01:43,050 --> 00:01:44,850 But as I was telling you, 32 00:01:44,850 --> 00:01:49,323 many of these attributes are not really very well supported.