How to create an unchangeable file in Linux
If you want to write protection for some important files in Linux, they cannot be deleted or tampered with into previous versions or other things, or in other cases, you may want to prevent some configuration files from being automatically modified by the software. Usechown
Andchmod
The command to modify the File Ownership or permission bit is a solution to this situation, but this is not perfect, because it cannot avoid operations with root permissions. Thenchattr
This is useful.
chattr
Is a Linux Command that can set or cancel the flag of a file. It is separated from standard file permissions (read, write, and execute. Another command related to this islsattr
It can display which flag spaces of the file have been set. Initially, only the EXT File System (EXT2/3/4) supportedchattr
Andlsattr
But now many other native Linux file systems are supported, such as XFS, Btrfs, and ReiserFS.
In this tutorial, I will demonstrate how to usechattr
To make files in Linux unchangeable.
chattr
Andlsattr
Commands are part of the e2fsprogs package and are pre-installed in all modern Linux distributions.
Below ischattr
.
$ Chattr [-RVf] [Operator] [flag] file...
The operators can be "+" (add the selected flag to the flag list) and "-" (remove the selected flag from the flag list) or "=" (force the selected flag space ).
Below are some available flag spaces.
- A: It can only be opened in append mode.
- A: You cannot update atime (File Access time ).
- C: The data is automatically compressed when it is written to the disk.
- C: Disable "copy upon writing ".
- I: cannot be changed.
- S: Security deletion through auto return. (LCTT: Normally, the content of the deleted file will not be modified. Modifying the flag will replace the original content with "0" after the file is deleted)
"Unchangeable" flag
To make a file unchangeable, add the "unchangeable" flag to the file as follows. For example, write protection for the/etc/passwd file:
$ sudo chattr +i /etc/passwd
Note that the root user permission is required to set or cancel the "unchangeable" flag of a file. Check whether the "unchangeable" flag of the file is added.
$ lsattr /etc/passwd
Once a file is set to unchangeable, it cannot be modified by any user. Even the root user cannot modify, delete, overwrite, move, or rename the file. If you want to modify this file again, you need to cancel the "unchangeable" flag.
Use the following command to cancel the "unchangeable" flag:
$ sudo chattr -i /etc/passwd
If you want to make all contents under a directory (such as/etc) unchangeable, use the "-R" option:
$ sudo chattr -R +i /etc
"APPEND only" flag
Another useful flag is "APPEND only", which only allows the object content to be appended. You cannot overwrite or delete an object with the "APPEND only" flag set. This flag is useful when you want to avoid accidental cleanup of log files.
Similar to the "unchangeable" flag, you can use the following command to change the file to the "only appendable" Mode:
$ sudo chattr +a /var/log/syslog
Note that when you copy a file that is "unchangeable" or "appendable" to another place, the new file will not retain these symbols!
Conclusion
In this tutorial, I show how to usechattr
Andlsattr
To avoid file tampering (unexpected or otherwise. Note that you cannotchattr
As a security measure, the "unchangeable" flag can be easily canceled. One possible way to solve this problem is to limitchattr
Command availability, or remove the CAPLINUXIMMUTABLE kernel capability flag. Aboutchattr
For more details about the available flag spaces, see its man manual.
This article permanently updates the link address: