Release:
[root@testing
Desktop]# rm -f mysafefile
[root@testing
Desktop]# lsattr mysafefile
Linux Flavors with ext2 based file
system
Problem:
Protecting critical files from
unauthorized or unknown delete
Solution:
You can use the Chattr command for
protecting your critical files from unauthorized or unknown deletion. Chattr is
the acronym for Change file attributes. It is similar to the chmod
command in Linux but having a different invocation and syntax. It only works
with ext2/ext3/ext4 filesystems.
Once you have given the chattr +i
<filename>, the particular file is made as immutable. Then file cannot be
modified, linked or deleted even by the root user. One cannot see the overridden
rule by using the normal permission check commands. Once set the attribute, it can
be removed only by the root user. Demo on it is shown below.
At first we will create a file with the
filename as mysafefile which is to be made safe from modification or deletion.
[root@testing Desktop]# touch mysafefile
Now let us view the default permission
for the file using the below command.
[root@testing Desktop]# ll mysafefile
-rw-r--r-- 1 root root 0 Aug 27 12:37 mysafefile
So the root is having read write
permission, the group root and others are having the read-only permission.
Now let us protect our file from
unknown modification or deletion by adding the immutable option using the
string “+i”.
[root@testing Desktop]# chattr +i mysafefile
So we will now check whether there was
any change in the permission for the created file.
[root@testing Desktop]# ll mysafefile
-rw-r--r-- 1 root root 0 Aug 27 12:37 mysafefile
The permission has no visible change
using normal permission check. It remains the same. We will now try editing the
file which we have protected using the chattr command.
#vi mysafefile
Once you have opened the file you can see at the bottom left
of the file that the file is read-only. Hence you will be unable to edit the
file. We will now try now what if we try to delete this file.
rm: cannot
remove `mysafefile': Operation not permitted
So the root user is also not able to delete the file.
Now let us check on how we can view the overridden permission. You can use the
lsattr <filename> command for viewing the attributes currently set for the
file.
----i--------
mysafefile
You can now see the “i” attribute set for the file which
prevented it from the deletion. Inorder to clear the attribute you can give the
below command.
[root@testing
Desktop]# chattr -i mysafefile
Confirm the clear using the lsattr command.
[root@testing
Desktop]# lsattr mysafefile
-------------
mysafefile
No comments:
Post a Comment