Linux files cannot delete-rw-r--r--(special properties are set with Lsattr chattr) __linux

A problem has been encountered today. A text file can not be deleted, it seems to be to fill the lsattr chattr knowledge, because this involves a lot of security things

The Chattr command is powerful, some of which are supported by the Linux kernel version, and many of the features are not implemented if the Linux kernel version is below 2.2
. Also-d to check for errors in the compressed file, requires more than 2.5.19 Kernel to support. In addition, modifying attributes through the CHATTR command
can improve the security of the system, but it does not work for all directories. The CHATTR command cannot protect//dev,/tmp,/var
directories. Lsattr is simpler, just showing the properties of the file

Sometimes you find that you cannot modify a file with root permissions, mostly because you have locked the file with the chattr command. The chattr command has a lot of functions, some of which are supported by the Linux kernel version, but now the majority of running Linux systems are more than 2.6 cores. Modifying a property with the chattr command can improve the security of the system, but it does not work for all directories. The CHATTR command cannot protect//dev,/tmp,/var directories. The lsattr command is the file attribute that displays the chattr command settings.

Chattr
Syntax: [Root @test/root]# chattr [+-=][asacdistu] [file or directory name]
Parameter description:
+-=: The meaning of [+ add] [-decrease] [= set] Attribute
A: When the attribute of a is set, the access time of the file (or directory) Atime (access) will not be modified,
This can be avoided if a portable computer is prone to disk I/O errors.
S: This feature is a bit like the sync function. is to write data synchronously to disk. Can effectively avoid the loss of data.
A: After setting a, this file will only add data, but not delete, only root can set this property.
C: After this property is set, it will automatically "compress" the file, and will automatically decompress it when it is read.
But when it is stored, it will be compressed before it is stored (it seems to be useful for large files.) ）
D: When the Dump (Backup) program is executed, setting the D attribute will enable the file (or directory) to have a dump effect.
I: This I can be very powerful. He can make a file "can not be deleted, renamed, set links can not write or add data." 』
has a considerable amount of help for system security.
J: When using the Ext3 file system format, setting the J property will cause the file to be recorded in the journal before it is written.
But when the filesystem setting parameter is data=journalled, because the log has been set, this property is invalid.
S: When the file sets the s parameter, he will be completely removed from this hard disk space.
U: In contrast to S, when using U to set up a file, the data content actually exists on the disk and can be used to undeletion.
Example:
[Root @test/root]# chattr +i/etc/shadow<== hehe. So you can't change the file.
[Root @test/root]# chattr-i/etc/shadow <== to dismiss this property.
Description
This instruction is important, especially in the security of the system. Because these properties are hidden, you need to lsattr to see the property. Yo. Among them, the most important thing is the attribute of +i, because he can make a file cannot be changed, it is very important for those who need strong system security. There are quite a few attributes in it that need root to be set. In addition, if the log file is the login file, it is more necessary to +a this can be increased, but will not be killed parameters. How. It's great. In the future, when it comes to the perception of login, let's talk about how to set him up.

--------------------------------------------------------------------------------

Lsattr
Syntax: [Root @test/root]# lsattr [-ar]
Parameter description:
-A: Shows the properties of the hidden file;
-R: The data, along with subdirectories, is also listed.
Example:
[Root @test/root]# chattr +i. bash_logout
[Root @test/root]# lsattr-a
-------------- ./.
-------------- ./..
---i----------./.bash_logout
--------------./.bash_profile
--------------./.BASHRC
--------------./.emacs
--------------./.SCREENRC
Description
These two instructions must be used with special care, such as: One day you are in a good mood, suddenly/etc/shadow this important password record file to his set into a property with I, then after a few days, you suddenly want to add users, but has been unable to add. Don't doubt it, go and get rid of the attribute I.

Application Examples:

1, with the chattr command to prevent the system of a key file is modified:
# chattr +i/etc/resolv.conf

And then using mv/etc/resolv.conf and other commands to manipulate the file, are obtained operation not permitted results. Vim will prompt W10:Warning:Changing a readonly file error when editing the file. To modify this file, you will remove the I attribute: chattr-i/etc/resolv.conf

# lsattr/etc/resolv.conf
The following properties are displayed
----I--------/etc/resolv.conf

2, so that a file can only append data to the inside, but can not be deleted, applicable to various log files:
# chattr +a/var/log/messages