Linux Password trick with immutable bit using chattr command

With the help of utility called chattr, you can changes the file attributes on a Linux second extended file system. The operator + causes the selected attributes to be added to the existing attributes of the files; - causes them to be removed; and = causes them to be the only attributes that the files have.

1) Login as the root user

2) Type the following command to write protect /etc/shadow file:
# chattr +i /etc/shadow

3) Now lets test it with user vivek. Login as user vivek and type passwd command to change password:

$ passwd

Changing password for user vivek.
Changing password for vivek
(current) UNIX password: OLDPASSWED
New password: NEWPASSWD
Retype new password:NEWPASSWD
passwd: all authentication tokens updated successfully.

4) Now logout and try to login with new password. What you can't? Use the old password you can login now.A file with the 'i' attribute cannot be modified: it cannot be deleted or renamed, no link can be created to this file and no data can be written to the file. Only the superuser or a process possessing the CAP_LINUX_IMMUTABLE capability can set or clear this attribute.

5) Get the list of Linux second extended file system using the lsatter command (run as root user :-) )

# lsattr /etc/shadow

----i-------- /etc/shadow

6) For rest of Linux second extended file system attributes read man chatter, man lsatter.

7) Please note that even root user is not allowed to change password. Before doing this root need to remove the attribute using command:

# chattr -i /etc/shadow
# lsattr /etc/shadow

------------- /etc/shadow

Featured Articles:

Want to read Linux tips and tricks, but don't have time to check our blog everyday? Subscribe to our daily email newsletter to make sure you don't miss a single tip/tricks. Subscribe to our weekly newsletter here!

Linux Password trick with immutable bit using chattr command

Featured Articles:

Related Posts

Sponsored Links