One thing I've noticed among my fellow Linux colleagues is that although most of them frequently use
chmod to set file access permissions, only a few of them use chattr to set up advanced file and directory parameters. chattr is a powerful command, used to set up additional parameters to file system objects in order to optimize file access speed, security, disk space utilization etc. Here is only a brief description of how you can use some of it's options to fine tune your file system.1. Hashed trees indexing
You've been using this option for sure, but you probably didn't know. You can't set it by yourself, but system applies this option automatically for every directory which contains 255 items or more. What does it do? By default, items in directory are indexed by using trees, but this technique becomes inefficient when directory contains large number of files. So, when you create a 255th item in directory, the 'I' option is applied which instructs the kernel to index directory by using the hashed trees which speeds the things up. Example:
% mkdir test
% lsattr -d test
------------------ test
% for i in `seq 1 254`; do touch test/file$i; done
% lsattr -d test
------------------ test
% touch test/file255
% lsattr -d test
--------------I--- test
2. Immutable files
You can use this option to lock files for deleting, editing, appending, renaming or being linked. You can even protect your files so root can't delete them, for example if you hold some of your files in /tmp because of quotas on your home directory. You can also use it to lock files for which you are sure that will never change, for example some files from the
/etc directory. Using this you can harden your system and protect it from malicious processes that want to modify system files. Note that all this doesn't really prevents root (more precisely, any user possessing the CAP_LINUX_IMMUTABLE option) from removing the 'i' option from file system object and then modifying/deleting it, but it will protect you from evil rm -rf commands and it will come handy when you want to prevent creation of new files in a directory. Example:or
# whoami
root
# id -gn
root
# touch test
# chattr +i test
# rm -f test
rm: cannot remove `test': Operation not permitted
# chattr -i test
# rm test
rm: remove regular empty file `test'?
# rm -f test
# mkdir test
# chattr +i test
# touch test/file
touch: cannot touch `test/file': Permission denied
3. File compression
When your disk space is low, it's time for compression or deleting. Instead of manually compressing and decompressing your files, you can instruct kernel to do it for use. Compressing and uncompressing is fully transparent, you can work with your files as they are not compressed at all. Just apply the 'c' option to file or directory and watch your free space. Note that this is not yet implemented in ext2 and ext file systems.
You can find more details and other interesting options in chattr(1) and lsattr(1).
You can find more details and other interesting options in chattr(1) and lsattr(1).
0 comments:
Post a Comment