extended file attributes with ext[2|3|4]

Most Unix/Linux users, and – hopefully – all admins are familiar with the standard 9 bits of permissions typically supported on various *nix file systems:


Where “u”, “g”, and “o” indicate “user”, “group”, and “other” while “rwx” indicates whether the item can be read, written, or executed.

Also of note are file ownerships in the form of


So a file might be owned by warren:warren with read/write privileges only for the owner: rw-rw----.

That’s pretty handy.

How many of you know there are hidden permissions that do not show up in a normal use of ls -l?

I didn’t until last week – and I’ve been using Linux for more than a decade 🙁

Turns out that – at least with ext2, etx3, and ext4 filesystems – there are a variety of other attributes that can be assigned to a file. One of them is the immutable flag*.

(Using a related command to ls, lsattr, a person can view the extended attribute flags of a file.)

In specific, the immutable flag disallows even the owner from deleting his/her own file! There was the source of a very ornery issue I ran into while doing an upgrade last week of a customer’s management environment. The upgrade installer ran into an issue wherein it interrupted its own process. But when it did, it left the filesystem in an inconsistent state – specifically with regards to an SSL certificate file and the machine identifier file (agent.srv and mid, if you’re curious) having the immutable flag set. When attempting to pick back up with the upgrade, the installer failed more [apparently] asymptomatically (and esoterically) than I had ever seen before.

After several exchanges with senior product support, a working fix of running chattr -i /path/to/file was provided. Neither myself, nor any of the senior admins at my customer had ever heard of chattr. So off to the man pages. Turns out that chattr is quite the command – but it’s not well publicized (at least, I don’t think it is).

If you run into a file you own, but cannot delete, be sure to inspect the extended attributes with lsattr, and fix any mis-set flags with chattr.

*The entire list of alterable flags: “append only (a), compressed (c), no dump (d), extent format (e), immutable (i), data journalling (j), secure deletion (s), no tail-merging (t), undeletable (u), no atime updates (A), synchronous directory updates (D), synchronous updates (S), and top of directory hierarchy (T).” Non-modifiable, but visible with lsattr, flags: “huge file (h), compression error (E), indexed directory (I), compression raw access (X), and compressed dirty file (Z)”.