The a Linux file attribute is often documented as applicable to files.
chattr(1) manpage:
A file with the 'a' attribute set can only be open in append mode for writing.
0x20 File can only be appended (EXT4_APPEND_FL).
My questions are:
chattr +a restricted to files only?
The append only flag (chattr +a) prevent from removing the directory, a well as files and directories created directly inside that directory:
Create test directory and files:
# mkdir /tmp/foo
# chattr +a /tmp/foo
That directory can't be deleted:
# rmdir /tmp/foo
rmdir: failed to remove ‘/tmp/foo’: Operation not permitted
Now create files and directory inside it:
# touch /tmp/foo/bar
# mkdir /tmp/foo/baz
Let's inspect that:
# lsattr -d /tmp/foo /tmp/foo/ba*
-----a-------e-- /tmp/foo
-------------e-- /tmp/foo/bar
-------------e-- /tmp/foo/baz
Try to erase stuffs:
# rm /tmp/foo/bar
rm: cannot remove ‘/tmp/foo/bar’: Operation not permitted
# rmdir /tmp/foo/baz
rmdir: failed to remove ‘/tmp/foo/baz’: Operation not permitted
rm -Rf /tmp/foo
rm: cannot remove ‘/tmp/foo/bar’: Operation not permitted
rm: cannot remove ‘/tmp/foo/baz’: Operation not permitted
Finally, sub-sub-directory and files in sub-directories are not protected:
# mkdir /tmp/foo/baz/bat
# touch /tmp/foo/baz/baff
# rm --verbose -Rf /tmp/foo/baz
removed directory: ‘/tmp/foo/baz/bat’
removed ‘/tmp/foo/baz/baff’
rm: cannot remove ‘/tmp/foo/baz’: Operation not permitted
Again, note that only /tmp/foo had the append flag:
# lsattr -d /tmp/foo /tmp/foo/baz
-----a-------e-- /tmp/foo
-------------e-- /tmp/foo/baz