Contents

Prevent File/Directory Modification, Deletion and Renaming in Linux

21 Jul 2018 1 25  0
Prevent File/Directory Modification, Deletion and Renaming in Linux
Prevent File/Directory Modification, Deletion and Renaming in Linux

 

If you want to stop a file or directory from being accidentally or intentionally modified, renamed, or deleted in Linux, we may set the immutable flag, which should disable this functionality.

About the immutable flag

The immutable flag is an extended file system attribute, and you can set it on both files and directories. With this flag in place, the file or directory won’t be modified, renamed, or deleted without first deleting the immutable flag. Setting this flag doesn’t require root privileges.

Example

In the example below, we will be creating a new empty file called ‘no-edit.txt’.

touch no-edit.txt

We may use the lsattr command on this file to see its extended attributes; in this case, only ‘e’ is there by default.

lsattr no-edit.txt
--------------e---- no-edit.txt

Now, we will write a bit of data to the file, which will work as expected.

echo test >> no-edit.txt
cat no-edit.txt
test

We will now use the chattr command to set the ‘I’ flag, which we use to represent immutable.

chattr +i no-edit.txt

We can now run the lsattr command once again to confirm that the ‘I’ flag is listed on the file.

lsattr no-edit.txt
----i---------e---- no-edit.txt

The no-edit.txt file is now immutable, so let’s attempt to write more data to it and see if we can delete or rename it.

echo more-test >> no-edit.txt
zsh: operation not permitted: no-edit.txt
rm -f no-edit.txt
rm: cannot remove 'no-edit.txt': Operation not permitted
mv no-edit.txt no-edit2.txt
zsh: operation not permitted: no-edit.txt
rm: cannot remove 'no-edit.txt': Operation not permitted
mv: cannot move 'no-edit.txt' to 'no-edit2.txt': Operation not permitted

As you can see in this example, we will not be able to modify, delete, or rename our test file, since it has been set to immutable. This works exactly the same way when applying the ‘I’ flag to a folder; however, if you do make a folder immutable, this will apply to all the files inside, meaning that any sub directories or files within the immutable directory won’t be able to be modified.

If you would like to change, remove, or rename an immutable file or directory, you need to first remove the ‘I’ flag. This can be done again using the change attribute (chattr) command, as shown below:

chattr -i no-edit.txt
lsattr no-edit.txt
--------------e---- no-edit.txt

At this point, we should be able to edit, remove, or rename the no-edit.txt file, since it is no longer immutable.

Summary

In Linux, we should be able to set the immutable flag on a file or directory with the ‘chattr’ command. After it has been made immutable, it will not be possible to remove, modify, or rename the file or directory that the flag has been applied to. We can use the ‘lsattr’ command to list attributes on a specific file or directory to see if the ‘I’ flag is in place. A superuser should be able to remove the immutable flag, allowing the file or directory to once again be removed, edited, or renamed.

 

 

0 Comments
Add a comment

Leave a Reply