banner
Previous Page
PCLinuxOS Magazine
PCLinuxOS
Article List
Disclaimer
Next Page

Making Files Immutable


by YouCanToo

I have a web hosting customer who keeps deleting random files and then complaining things are not working as they should. Linux comes to the rescue with the chattr command.

Making a file Immutable, which even the root user cannot delete.

im•mu•ta•ble
adjective
adjective: immutable

  1. unchanging over time or unable to be changed.
  2. an immutable fact:
  3. fixed, set, rigid, inflexible, permanent, established, carved in stone.

Here is a cool tip on how you can make files on your system immutable. By immutable, I mean even root can't delete the files if he chooses to. Linux ships with a tool called chattr which can be used for the purpose. 'chattr' is similar to the 'attrib' DOS equivalent tool but much more powerful and flexible.



To make your file immutable, open a console window as the root user and enter the following command

[root@localhost dwmoar]# chattr +i filename

NOTE... You can only do it logged in as root.

Here the +i option sets the immutable bit for the file. Once this bit is set, even root can't delete or tamper with the file.

If you want to unset the immutable flag, just run the following command:

[root@localhost dwmoar]# chattr -i filename

You can check what are the attributes of a file by using the following command:

[root@localhost dwmoar]# lsattr filename ----i-------- filename

If the immutable flag is set, there will be an 'i' in the listing. This command is used by system administrators to restrict the users from changing a file in a particular way or even the administrator can by mistake delete a critical file because of a mis-typed command. But if the immutable flag is set, these mistakes can be avoided.

chattr can be used to set/unset many more file attributes. If you want to allow everybody to just append data to a file and not change already entered data, you can set the append bit as follows:

[root@localhost dwmoar]# chattr +a filename

Now the filename can only be opened in append mode for writing data. You can unset the append attribute as follows:

[root@localhost dwmoar]# chattr -a filename



Previous Page              Top              Next Page