chattr and lsattr – protecting Linux Files

Lets say you have a public folder in your firm and you want everyone to edit the files in that folder except of one. how would you go about protecting that file?

Lets add to the equation the fact that you have scripts running as root on the folder and you want them not to be able to touch that file. any ideas?

That’s where chattr and lsattr step in, they manage special attributes for files under ext2 and ext3, and the one I’m referring to here is the ‘i’ setting – immutable, for a sample:

lets create a file:
echo `date` > filename

as root do:
chattr +i filename

And that’s it,you cant delete the file, move it, rename it, or save into it any changes, until you remove the ‘i’ settings from it.

So next time you find a file that you cannot modify or delete even as root, check it with lsattr, to make sure its not protected in some other way.

A short update – This will not work on NFS mounted file systems,
you will get the following error:
lsattr: Inappropriate ioctl for device While reading flags on

Technorati Tags: ,

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>