I’m trying to set an immutable attribute on some files in my home directory, but I keep encountering issues: chattr: Operation not permitted while setting flags on /data/ops/app.conf.

1
2
$ chattr +i /data/ops/app.conf
chattr: Operation not permitted while setting flags on /data/ops/app.conf

From the chattr man page:

A file with the ‘i’ attribute cannot be modified: it cannot be deleted or renamed, no link can be created to this file, most of the file’s metadata can not be modified, and the file can not be opened in write mode. Only the superuser or a process possessing the CAP_LINUX_IMMUTABLE capability can set or clear this attribute.

We can see that only the superuser or a process with the CAP_LINUX_IMMUTABLE capability can set or clear this attribute. So, getting an error when trying to set the i flag as a regular user is expected. When I run the following command, it works as expected:

1
$ sudo chattr +i /data/ops/app.conf

P.S.
The same applies to the a flag (append only), and the j flag (data journaling) requires the CAP_SYS_RESOURCE capability.

a flag:
A file with the ‘a’ attribute set can only be opened in append mode for writing. Only the superuser or a process possessing the CAP_LINUX_IM‐MUTABLE capability can set or clear this attribute.

j flag:
A file with the ‘j’ attribute has all of its data written to the ext3 or ext4 journal before being written to the file itself, if the file system is mounted with the “data=ordered” or “data=writeback” options and the file system has a journal. When the filesystem is mounted with the “data=journal” option all file data is already ournalled and this attribute has no effect. Only the superuser or a process possessing the CAP_SYS_RESOURCE apability can set or clear this attribute.