(Last Updated On: November 8, 2018)

Sometimes it is necessary to prevent all users including root from deleting a file. This is often done by changing the file attributes on a Linux file system. The tool used to change file attributes in Linux and other Unix systems is chattr

The format of a symbolic mode is +-=[acdeijstuADST]. The format of a symbolic mode is +-=[acdeijstuADST] and they select the new attributes for
the files.

  • The operator ‘+’ causes the selected attributes to be added
    to the existing attributes of the files
  • ‘-’ causes them to be removed
  • ‘=’ causes them to be the only attributes that the files have.

See explanation of all letters used below:

a - append only
c - compressed
d - no  dump
e - extent  format
i -  immutable
j - data journalling
s - secure deletion
t - no tail-merging
u - undeletable
A - no  atime  updates
D - synchronous directory updates
S - synchronous updates
T - top  of  directory  hierarchy

When a directory or a file has immutable attribute set, you will get the error  “Permission denied”  while trying to delete the underlying files. If the attributei (immutable bit) is set on a file, not even root will be able to modify it.

Simulate delete file “Operation not permitted” on Linux

Create a directory under /tmp

mkdir /tmp/testdir

Touch a file in the directory

touch /tmp/testdir/testfile

Set append-only attribute

sudo chattr +a /tmp/testdir/testfile

For a folder and its contents, use -R option for recursive change

sudo chattr -R +a /tmp/testdir/

See file attributes

$ lsattr /tmp/testdir/testfile
-----a---------- testdir/testfile

Try delete the folder

$ rm -f /tmp/testdir/testfile 
rm: cannot remove ‘testfile’: Operation not permitted

Remove append-only attribute

sudo chattr -a /tmp/testdir/testfile

You should now be able to delete the file

rm -f /tmp/testdir/testfile

This works same for the immutable attribute (i).

sudo chattr -i /tmp/testdir/testfile 
rm -f /tmp/testdir/testfile