How to create an unchangeable file in Linux

How to create an unchangeable file in Linux

If you want to write protection for some important files in Linux, they cannot be deleted or tampered with into previous versions or other things, or in other cases, you may want to prevent some configuration files from being automatically modified by the software. UsechownAndchmodThe command to modify the File Ownership or permission bit is a solution to this situation, but this is not perfect, because it cannot avoid operations with root permissions. ThenchattrThis is useful.

chattrIs a Linux Command that can set or cancel the flag of a file. It is separated from standard file permissions (read, write, and execute. Another command related to this islsattrIt can display which flag spaces of the file have been set. Initially, only the EXT File System (EXT2/3/4) supportedchattrAndlsattrBut now many other native Linux file systems are supported, such as XFS, Btrfs, and ReiserFS.

In this tutorial, I will demonstrate how to usechattrTo make files in Linux unchangeable.

chattrAndlsattrCommands are part of the e2fsprogs package and are pre-installed in all modern Linux distributions.

Below ischattr.

1. $ Chattr [-RVf] [Operator] [flag] file...

The operators can be "+" (add the selected flag to the flag list) and "-" (remove the selected flag from the flag list) or "=" (force the selected flag space ).

Below are some available flag spaces.

• A: It can only be opened in append mode.
• A: You cannot update atime (File Access time ).
• C: The data is automatically compressed when it is written to the disk.
• C: Disable "copy upon writing ".
• I: cannot be changed.
• S: Security deletion through auto return. (LCTT: Normally, the content of the deleted file will not be modified. Modifying the flag will replace the original content with "0" after the file is deleted)

"Unchangeable" flag

To make a file unchangeable, add the "unchangeable" flag to the file as follows. For example, write protection for the/etc/passwd file:

1. $ sudo chattr +i /etc/passwd

Note that the root user permission is required to set or cancel the "unchangeable" flag of a file. Check whether the "unchangeable" flag of the file is added.

1. $ lsattr /etc/passwd

Once a file is set to unchangeable, it cannot be modified by any user. Even the root user cannot modify, delete, overwrite, move, or rename the file. If you want to modify this file again, you need to cancel the "unchangeable" flag.

Use the following command to cancel the "unchangeable" flag:

1. $ sudo chattr -i /etc/passwd

If you want to make all contents under a directory (such as/etc) unchangeable, use the "-R" option:

1. $ sudo chattr -R +i /etc

"APPEND only" flag

Another useful flag is "APPEND only", which only allows the object content to be appended. You cannot overwrite or delete an object with the "APPEND only" flag set. This flag is useful when you want to avoid accidental cleanup of log files.

Similar to the "unchangeable" flag, you can use the following command to change the file to the "only appendable" Mode:

1. $ sudo chattr +a /var/log/syslog

Note that when you copy a file that is "unchangeable" or "appendable" to another place, the new file will not retain these symbols!

 

Conclusion

In this tutorial, I show how to usechattrAndlsattrTo avoid file tampering (unexpected or otherwise. Note that you cannotchattrAs a security measure, the "unchangeable" flag can be easily canceled. One possible way to solve this problem is to limitchattrCommand availability, or remove the CAPLINUXIMMUTABLE kernel capability flag. AboutchattrFor more details about the available flag spaces, see its man manual.

This article permanently updates the link address: