Linux Password Trick With Immutable Bit Using chattr Command

by on April 26, 2004 · 10 comments· LAST UPDATED June 3, 2010

in , ,

With the help of utility called chattr, you can changes the file attributes on a Linux second extended file system. The operator + causes the selected attributes to be added to the existing attributes of the files; - causes them to be removed; and = causes them to be the only attributes that the files have.

1) Login as the root user.

2) Type the following command to write protect /etc/shadow file:
# chattr +i /etc/shadow

3) Login as user vivek and type the passwd command to change password:

$ passwd

Changing password for user vivek.
Changing password for vivek
(current) UNIX password: OLDPASSWED
New password: NEWPASSWD
Retype new password:NEWPASSWD
passwd: all authentication tokens updated successfully.

4) Now logout and try to login with the new password. However, system will not accept your new password. You still need to use the old password. A file with the 'i' attribute cannot be modified: it cannot be deleted or renamed, no link can be created to this file and no data can be written to the file. Only the superuser or a process possessing the CAP_LINUX_IMMUTABLE capability can set or clear this attribute.

5) Get the list of Linux second extended file system using the lsatter command (run as root user :-) )

# lsattr /etc/shadow

----i-------- /etc/shadow

6) To see all Linux second extended file system attributes read the man page
man chattr
man lsattr

7) Please note that even root user is not allowed to change the password. You can remove the attribute using the following command:

# chattr -i /etc/shadow
# lsattr /etc/shadow

------------- /etc/shadow

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 10 comments… read them below or add one }

1 Mr Surbade April 4, 2009 at 4:48 pm

Works like a charm.

Reply

2 Philippe Petrinko June 3, 2010 at 11:24 am

Nice topic.

2 Typos Here:
“For rest of Linux second extended file system attributes read man chatter, man lsatter.”
=> … read man chattr, man lsattr

Reply

3 Bijohn Vincent February 20, 2012 at 4:15 am

What does the attribute ‘e’ stands for? I am using centOS 6.
[root@cfserver masterfiles]# lsattr /etc/passwd
————-e- /etc/passwd

Reply

4 Ben March 17, 2012 at 3:07 pm

extent.
exactly what that means yet. i determined this by trying chattr -e ./somefile
and it returned

root@dell:~$ chattr -e somefile
chattr: Clearing extent flag not supported on somefile

Reply

5 Ben March 17, 2012 at 3:09 pm

extent.
Not sure exactly what that means yet. i determined this by trying chattr -e ./somefile
and it returned

root@dell:~$ chattr -e somefile
chattr: Clearing extent flag not supported on somefile

Reply

6 phila_guy December 22, 2012 at 2:52 pm

Also useful for clearing the lost+found directory for files that can’t be deleted by root directly using rm or rm -rf. I had to recover a 1TB USB 3 disk with e2fsck using an alternate block after I accidentally tried to dd an 8 Mb .iso to the USB disk and not the USB thumbdrive I had meant for it to go. I was able to recover the disk but this left me with a file and a directory in lost+found that I could not delete that cron.daily kept warning me about. I used lsattr to list the attributes that the file and directory had and just used chattr -R to recursively wipe all the attributes for everything in lost+found. A simple rm -rf worked after that.

Reply

7 Old BSD guy February 6, 2013 at 9:28 pm

What good is the immutable flag without securelevels?

Reply

8 Bob September 2, 2013 at 5:30 pm

I have had a horrible problem with a hacker changing my .htaccess file to redirect my website to a site selling drugs. I have tried changing the permissions of 444, but that doesn’t seem to prevent the hack. I am now trying making the file immutable. I hope this does the trick.

Reply

9 Moneybags November 5, 2013 at 11:13 pm

I’m sorry, what is the point of doing this on /etc/shadow?

Reply

10 CMac February 26, 2014 at 7:24 pm

I cant see any benefit to doing this, you should not play with things you dont fully understand, lest you bork your system……

Reply

Leave a Comment

Tagged as: , , , , , , , , , , , , , , ,

Previous post:

Next post: