Linux: comando “lsattr”, come vedere gli attributi di un file.
A dire il vero non avevo mai usato prima d’ora il comando “lsattr”.
Ho scoperto i comandi lsattr e chattr da poco tempo, da quando un evento ancora a me non chiaro ha modificato il comportamento del mio linux impedendomi di rimuovere un utente dal mio sistema.
E’ inutile dire che questa cosa mi ha fatto impazzire; ho lavorato sul problema per diverse ore ed ogni volta che provavo a fare una operazione direttamente o indirettamente sul file “/etc/passwd” veniva generato un errore che mi indicava l’impossibilità di modificarlo.
Tutto è iniziato quando ho provato a rimuovere un utente sul mio sistema ricevendo il messaggio operation non permitted. Da buon smanettone e vecchio sistemista ho subito iniziato ad indagare; il primo tentativo di soluzione, che ricordo, per tentare di capire, al di la di provare, “userdel e deluser” , è stato di editare il file /etc/passwd a mano con il mio fidato “vi”; Il risultato dell’operazione di edit al salvataggio del file è stato quello di ricevere il messaggio can’t open file /etc/passwd, da qui l’insinuazione del dubbio, il sistema è stato violato? ma come è stato mai possibile? .
Da questo punto in poi l’inizio della maratona, verifica dei permessi del file, test di cambio dei permessi ( ovviamente non consentito: operation non permitted), tentativi di editing con diversi strumenti, verifica del comportamento di Selinux …
Preoccupato della situazione, se non altro per i miei dati, ho provato a scorrere le dir ed i file di log alla ricerca di qualcosa di strano, con l’obiettivo di capire se fosse stato installato qualche rootkit o qualcosa di diverso; ho continuato pertanto ad indagare e dopo vari tentativi ho scoperto che sul file /etc/passwd era solo possibile appendere elementi, ma non cancellarli, ne era possibile rimovere il file stesso o svuotarlo; insomma un comportamento alquanto insolito. Sempre più convinto di una corruzione del mio sistema ho quindi deciso di ricorrere alle maniere forti facendo partire il mio sistema con un live e montando il disco “attenzionato” manualmente con la speranza di risolvere il problema ed individuare magari qualche situazione strana. Il risultato non è stato quello atteso; continuavo ad avere lo stesso comportamento il che da un lato mi ha un pò tranquillizzato perché sicuramente non poteva essere qualcosa legata al mio sistema, inteso come hacking sui comandi principali, ma dovesse essere qualcosa legata al file system.
Convinto di questa cosa dopo avere provato anche a fare un fsck del sistema giusto per escludere ogni di tipo di problema legato ad inconsistenza del file system, ho indagato sulla possibilità che qualche “ACL” potesse aver cambiato il comportamento sui file usando il comando
#getacl <nomefile>
non avendo riscontrato nulla di strano leggendo su internet mi sono imbattuto in lsattr.
Da qui la sorpresa. Usando il comando lsattr sul mio mio file
lsattr /etc/passwd
ricevevo un risultato del genere:
-----a-------e-- ./etc/passwd
da qui la luce.
Analizzando il significato dei vari flag :
- A Non aggiornare l’atime
- S Aggiornamento sincrono
- D Aggiornamento sincrono delle directory
- a solo append
- c compresso
- d no dump
- i immutabile
- s cancellazione sicura
- T top of directory hierarchy
- j data journalling
- t no tail-merging
- u Non cancellabile
diventava chiaro il motivo del comportamento fin’ora descritto, gli attributi del file era impostati per consentire solo l’append di contenuti sul file.
Da qui per ripristinare il corretto funzionamento è stato un secondo è stato sufficiente utilizzare il comando chattr.
chattr -a /etc/passwd
l’uso del segno + o – consente a chattr di impostare o rimuovere l’attributo selezionato.
Insomma il problema è stato risultato è tutto sembra funzionare per bene, ma ancora oggi non mi è chiaro cosa abbia interferito nel cambiando degli attributi dei files.
Per completezza riporto il man di lsattr e chattr.
MAN lsattr |
LSATTR(1) General Commands Manual LSATTR(1)
NAME lsattr - list file attributes on a Linux second extended file
system
SYNOPSISlsattr [ -RVadlpv ] [ files... ] DESCRIPTION lsattr lists the file attributes on a second extended file
system. See chattr(1) for a description of the attributes and
what they mean.
OPTIONS -R Recursively list attributes of directories and their
contents.
-V Display the program version.
-a List all files in directories, including files that start
with `.'.
-d List directories like other files, rather than listing
their contents.
-l Print the options using long names instead of single
character abbreviations.
-p List the file's project number.
-v List the file's version/generation number.
AUTHOR lsattr was written by Remy Card <Remy.Card@linux.org>. It is
currently being maintained by Theodore Ts'o <tytso@alum.mit.edu>.
AVAILABILITY lsattr is part of the e2fsprogs package and is available from
http://e2fsprogs.sourceforge.net.
SEE ALSOchattr(1) COLOPHON This page is part of the e2fsprogs (utilities for ext2/3/4
filesystems) project. Information about the project can be found
at ⟨http://e2fsprogs.sourceforge.net/⟩. It is not known how to
report bugs for this man page; if you know, please send a mail to
man-pages@man7.org. This page was obtained from the project's
upstream Git repository
⟨git://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git⟩ on
2021-08-27. (At that time, the date of the most recent commit
that was found in the repository was 2021-08-22.) If you
discover any rendering problems in this HTML version of the page,
or you believe there is a better or more up-to-date source for
the page, or you have corrections or improvements to the
information in this COLOPHON (which is not part of the original
manual page), send a mail to man-pages@man7.org
E2fsprogs version 1.46.4 August 2021 LSATTR(1)
|
MAN chattr |
CHATTR(1) General Commands Manual CHATTR(1)
NAMEchattr - change file attributes on a Linux file system SYNOPSISchattr [ -RVf ] [ -v version ] [ -p project ] [ mode ] files... DESCRIPTION chattr changes the file attributes on a Linux file system.
The format of a symbolic mode is +-=[aAcCdDeFijmPsStTux].
The operator '+' causes the selected attributes to be added to
the existing attributes of the files; '-' causes them to be
removed; and '=' causes them to be the only attributes that the
files have.
The letters 'aAcCdDeFijmPsStTux' select the new attributes for
the files: append only (a), no atime updates (A), compressed (c),
no copy on write (C), no dump (d), synchronous directory updates
(D), extent format (e), case-insensitive directory lookups (F),
immutable (i), data journaling (j), don't compress (m), project
hierarchy (P), secure deletion (s), synchronous updates (S), no
tail-merging (t), top of directory hierarchy (T), undeletable
(u), and direct access for files (x).
The following attributes are read-only, and may be listed by
lsattr(1) but not modified by chattr: encrypted (E), indexed
directory (I), inline data (N), and verity (V).
Not all flags are supported or utilized by all file systems;
refer to file system-specific man pages such as btrfs(5),
ext4(5), and xfs(5) for more file system-specific details.
OPTIONS -R Recursively change attributes of directories and their
contents.
-V Be verbose with chattr's output and print the program
version.
-f Suppress most error messages.
-v version
Set the file's version/generation number.
-p project
Set the file's project number.
ATTRIBUTES a A file with the 'a' attribute set can only be opened in
append mode for writing. Only the superuser or a process
possessing the CAP_LINUX_IMMUTABLE capability can set or
clear this attribute.
A When a file with the 'A' attribute set is accessed, its
atime record is not modified. This avoids a certain
amount of disk I/O for laptop systems.
c A file with the 'c' attribute set is automatically
compressed on the disk by the kernel. A read from this
file returns uncompressed data. A write to this file
compresses data before storing them on the disk. Note:
please make sure to read the bugs and limitations section
at the end of this document. (Note: For btrfs, If the 'c'
flag is set, then the 'C' flag cannot be set. Also
conflicts with btrfs mount option 'nodatasum')
C A file with the 'C' attribute set will not be subject to
copy-on-write updates. This flag is only supported on
file systems which perform copy-on-write. (Note: For
btrfs, the 'C' flag should be set on new or empty files.
If it is set on a file which already has data blocks, it
is undefined when the blocks assigned to the file will be
fully stable. If the 'C' flag is set on a directory, it
will have no effect on the directory, but new files
created in that directory will have the No_COW attribute
set. If the 'C' flag is set, then the 'c' flag cannot be
set.)
d A file with the 'd' attribute set is not a candidate for
backup when the dump(8) program is run.
D When a directory with the 'D' attribute set is modified,
the changes are written synchronously to the disk; this is
equivalent to the 'dirsync' mount option applied to a
subset of the files.
e The 'e' attribute indicates that the file is using extents
for mapping the blocks on disk. It may not be removed
using chattr(1).
E A file, directory, or symlink with the 'E' attribute set
is encrypted by the file system. This attribute may not
be set or cleared using chattr(1), although it can be
displayed by lsattr(1).
F A directory with the 'F' attribute set indicates that all
the path lookups inside that directory are made in a case-
insensitive fashion. This attribute can only be changed
in empty directories on file systems with the casefold
feature enabled.
i A file with the 'i' attribute cannot be modified: it
cannot be deleted or renamed, no link can be created to
this file, most of the file's metadata can not be
modified, and the file can not be opened in write mode.
Only the superuser or a process possessing the
CAP_LINUX_IMMUTABLE capability can set or clear this
attribute.
I The 'I' attribute is used by the htree code to indicate
that a directory is being indexed using hashed trees. It
may not be set or cleared using chattr(1), although it can
be displayed by lsattr(1).
j A file with the 'j' attribute has all of its data written
to the ext3 or ext4 journal before being written to the
file itself, if the file system is mounted with the
"data=ordered" or "data=writeback" options and the file
system has a journal. When the file system is mounted
with the "data=journal" option all file data is already
journalled and this attribute has no effect. Only the
superuser or a process possessing the CAP_SYS_RESOURCE
capability can set or clear this attribute.
m A file with the 'm' attribute is excluded from compression
on file systems that support per-file compression.
N A file with the 'N' attribute set indicates that the file
has data stored inline, within the inode itself. It may
not be set or cleared using chattr(1), although it can be
displayed by lsattr(1).
P A directory with the 'P' attribute set will enforce a
hierarchical structure for project id's. This means that
files and directories created in the directory will
inherit the project id of the directory, rename operations
are constrained so when a file or directory is moved into
another directory, that the project ids must match. In
addition, a hard link to file can only be created when the
project id for the file and the destination directory
match.
s When a file with the 's' attribute set is deleted, its
blocks are zeroed and written back to the disk. Note:
please make sure to read the bugs and limitations section
at the end of this document.
S When a file with the 'S' attribute set is modified, the
changes are written synchronously to the disk; this is
equivalent to the 'sync' mount option applied to a subset
of the files.
t A file with the 't' attribute will not have a partial
block fragment at the end of the file merged with other
files (for those file systems which support tail-merging).
This is necessary for applications such as LILO which read
the file system directly, and which don't understand tail-
merged files. Note: As of this writing, the ext2, ext3,
and ext4 file systems do not support tail-merging.
T A directory with the 'T' attribute will be deemed to be
the top of directory hierarchies for the purposes of the
Orlov block allocator. This is a hint to the block
allocator used by ext3 and ext4 that the subdirectories
under this directory are not related, and thus should be
spread apart for allocation purposes. For example it is
a very good idea to set the 'T' attribute on the /home
directory, so that /home/john and /home/mary are placed
into separate block groups. For directories where this
attribute is not set, the Orlov block allocator will try
to group subdirectories closer together where possible.
u When a file with the 'u' attribute set is deleted, its
contents are saved. This allows the user to ask for its
undeletion. Note: please make sure to read the bugs and
limitations section at the end of this document.
x The 'x' attribute can be set on a directory or file. If
the attribute is set on an existing directory, it will be
inherited by all files and subdirectories that are
subsequently created in the directory. If an existing
directory has contained some files and subdirectories,
modifying the attribute on the parent directory doesn't
change the attributes on these files and subdirectories.
V A file with the 'V' attribute set has fs-verity enabled.
It cannot be written to, and the file system will
automatically verify all data read from it against a
cryptographic hash that covers the entire file's contents,
e.g. via a Merkle tree. This makes it possible to
efficiently authenticate the file. This attribute may not
be set or cleared using chattr(1), although it can be
displayed by lsattr(1).
AUTHOR chattr was written by Remy Card <Remy.Card@linux.org>. It is
currently being maintained by Theodore Ts'o <tytso@alum.mit.edu>.
BUGS AND LIMITATIONS The 'c', 's', and 'u' attributes are not honored by the ext2,
ext3, and ext4 file systems as implemented in the current
mainline Linux kernels. Setting 'a' and 'i' attributes will not
affect the ability to write to already existing file descriptors.
The 'j' option is only useful for ext3 and ext4 file systems.
The 'D' option is only useful on Linux kernel 2.5.19 and later.
AVAILABILITY chattr is part of the e2fsprogs package and is available from
http://e2fsprogs.sourceforge.net.
SEE ALSOlsattr(1), btrfs(5), ext4(5), xfs(5). COLOPHON This page is part of the e2fsprogs (utilities for ext2/3/4
filesystems) project. Information about the project can be found
at ⟨http://e2fsprogs.sourceforge.net/⟩. It is not known how to
report bugs for this man page; if you know, please send a mail to
man-pages@man7.org. This page was obtained from the project's
upstream Git repository
⟨git://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git⟩ on
2021-08-27. (At that time, the date of the most recent commit
that was found in the repository was 2021-08-22.) If you
discover any rendering problems in this HTML version of the page,
or you believe there is a better or more up-to-date source for
the page, or you have corrections or improvements to the
information in this COLOPHON (which is not part of the original
manual page), send a mail to man-pages@man7.org
|
Sono amante della tecnologia e delle tante sfumature del mondo IT, ho partecipato, sin dai primi anni di università ad importanti progetti in ambito Internet proseguendo, negli anni, allo startup, sviluppo e direzione di diverse aziende; Nei primi anni di carriera ho lavorato come consulente nel mondo dell’IT italiano, partecipando attivamente a progetti nazionali ed internazionali per realtà quali Ericsson, Telecom, Tin.it, Accenture, Tiscali, CNR. Dal 2010 mi occupo di startup mediante una delle mie società techintouch S.r.l che grazie alla collaborazione con la Digital Magics SpA, di cui sono Partner la Campania, mi occupo di supportare ed accelerare aziende del territorio .
Attualmente ricopro le cariche di :
– CTO MareGroup
– CTO Innoida
– Co-CEO in Techintouch s.r.l.
– Board member in StepFund GP SA
Manager ed imprenditore dal 2000 sono stato,
CEO e founder di Eclettica S.r.l. , Società specializzata in sviluppo software e System Integration
Partner per la Campania di Digital Magics S.p.A.
CTO e co-founder di Nexsoft S.p.A, società specializzata nella Consulenza di Servizi in ambito Informatico e sviluppo di soluzioni di System Integration, CTO della ITsys S.r.l. Società specializzata nella gestione di sistemi IT per la quale ho partecipato attivamente alla fase di startup.
Sognatore da sempre, curioso di novità ed alla ricerca di “nuovi mondi da esplorare“.
Comments