With the help of utility called chattr, you can changes the file attributes on a Linux second extended file system. The operator + causes the selected attributes to be added to the existing attributes of the files; - causes them to be removed; and = causes them to be the only attributes that the files have.
1) Login as the root user.
2) Type the following command to write protect /etc/shadow file:
# chattr +i /etc/shadow
3) Login as user vivek and type the passwd command to change password:
$ passwd
Changing password for user vivek.
Changing password for vivek
(current) UNIX password: OLDPASSWED
New password: NEWPASSWD
Retype new password:NEWPASSWD
passwd: all authentication tokens updated successfully.
4) Now logout and try to login with the new password. However, system will not accept your new password. You still need to use the old password. A file with the 'i' attribute cannot be modified: it cannot be deleted or renamed, no link can be created to this file and no data can be written to the file. Only the superuser or a process possessing the CAP_LINUX_IMMUTABLE capability can set or clear this attribute.
5) Get the list of Linux second extended file system using the lsatter command (run as root user :-) )
# lsattr /etc/shadow
----i-------- /etc/shadow
6) To see all Linux second extended file system attributes read the man page
man chattr
man lsattr
7) Please note that even root user is not allowed to change the password. You can remove the attribute using the following command:
# chattr -i /etc/shadow # lsattr /etc/shadow
------------- /etc/shadow
Featured Articles:
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins

- My 10 UNIX Command Line Mistakes
- 25 PHP Security Best Practices For Sys Admins
- The Novice Guide To Buying A Linux Laptop
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- Top 20 OpenSSH Server Best Security Practices
- Top 10 Open Source Web-Based Project Management Software
Facebook it - Tweet it - Print it -
We're here to help you make the most of sysadmin work. So, subscribe!


{ 2 comments… read them below or add one }
Works like a charm.
Nice topic.
2 Typos Here:
“For rest of Linux second extended file system attributes read man chatter, man lsatter.”
=> … read man chattr, man lsattr