Only the Root User Can Modify a File That Has the Immutable Attribute Set. True or False?
chattr (Change Attribute) is a command line Linux utility that is used to set/unset certain attributes to a file in Linux system to secure accidental deletion or modification of of import files and folders, even though you are logged in as a root user.
In Linux native filesystems i.east. ext2, ext3, ext4, btrfs, etc. supports all the flags, though all the flags won't back up to all non-native FS. One cannot delete or alter file/folder in one case attributes are sets with chattr command, fifty-fifty though i have full permissions on information technology.
This is very useful to set attributes in organization files like passwd and shadow files wherein user'southward info are contains.
Syntax of chattr
# chattr [operator] [flags] [filename]
Attributes and Flags
Following are the listing of mutual attributes and associated flags can be ready/unset using the chattr command.
- If a file is accessed with 'A' aspect set, its atime record is not updated.
- If a file is modified with 'Southward' attribute set, the changes are updates synchronously on the disk.
- A file is set with 'a' attribute, can only be open in append mode for writing.
- A file is set with 'i' attribute, cannot exist modified (immutable). Means no renaming, no symbolic link creation, no execution, no writable, only superuser can unset the attribute.
- A file with the 'j' attribute is set, all of its information updated to the ext3 journal earlier being updated to the file itself.
- A file is set with 't' aspect, no tail-merging.
- A file with the aspect 'd', will no more than candidate for backup when the dump procedure is run.
- When a file has 'u' attribute is deleted, its data are saved. This enables the user to ask for its undeletion.
Operator
- + : Adds the attribute to the existing attribute of the files.
- – : Removes the attribute to the existing aspect of the files.
- = : Go along the existing attributes that the files have.
Here, we are going to demonstrate some of the chattr command examples to set/unset attributes to a file and folders.
one. How to add attributes on files to secure from deletion
For demonstration purpose, we've used folder demo and file important_file.conf respectively. Before setting up attributes, make sure to verify that the existing files have any attributes set using 'ls -50' command. Did you see the results, currently no aspect are set up.
[[email protected] tecmint]# ls -fifty total 0 drwxr-xr-10. two root root 6 Aug 31 eighteen:02 demo -rwxrwxrwx. 1 root root 0 Aug 31 17:42 important_file.conf
To set attribute, we utilise the + sign and to unset utilize the – sign with the chattr command. So, allow's set immutable bit on the files with +i flags to prevent anyone from deleting a file, even a root user don't accept permission to delete information technology.
[[email protected] tecmint]# chattr +i demo/ [[email protected] tecmint]# chattr +i important_file.conf
Note: The immutable bit +i can merely be gear up by superuser (i.e root) user or a user with sudo privileges can able to gear up.
After setting immutable bit, permit'due south verify the attribute with command 'lsattr'.
[[email protected] tecmint]# lsattr ----i----------- ./demo ----i----------- ./important_file.conf
Now, tried to delete forcefully, rename or change the permissions, only it won't immune says "Performance non permitted".
[[e-mail protected] tecmint]# rm -rf demo/ rm: cannot remove âdemo/â: Performance non permitted
[[e-mail protected] tecmint]# mv demo/ demo_alter mv: cannot move âdemo/â to âdemo_alterâ: Functioning not permitted
[[e-mail protected] tecmint]# chmod 755 important_file.conf chmod: changing permissions of âimportant_file.confâ: Operation not permitted
two. How to unset attribute on Files
In the above case, we've seen how to set attribute to secure and forbid files from a adventitious deletion, here in this case, nosotros will run across how to reset (unset aspect) permissions and allows to make a files changeable or alterable using -i flag.
[[email protected] tecmint]# chattr -i demo/ important_file.conf
After resetting permissions, verify the immutable status of files using 'lsattr' command.
[[email protected] tecmint]# lsattr ---------------- ./demo ---------------- ./important_file.conf
You lot see in the above results that the '-i' flag removed, that means y'all tin safely remove all the file and binder reside in tecmint folder.
[[electronic mail protected] tecmint]# rm -rf * [[email protected] tecmint]# ls -fifty total 0
3. How to Secure /etc/passwd and /etc/shadow files
Setting immutable attribute on files /etc/passwd or /etc/shadow, makes them secure from an adventitious removal or tamper and also it will disable user account creation.
[[email protected] tecmint]# chattr +i /etc/passwd [[email protected] tecmint]# chattr +i /etc/shadow
Now effort to create a new system user, you lot will go error message saying 'cannot open /etc/passwd'.
[[electronic mail protected] tecmint]# useradd tecmint useradd: cannot open /etc/passwd
This way you can set immutable permissions on your important files or system configuration files to forestall from deletion.
4. Append data without Modifying existing data on a File
Suppose, you only want to allow everyone to just suspend data on a file without irresolute or modifying already entered information, you tin use the 'a' attribute every bit follows.
[[e-mail protected] tecmint]# chattr +a instance.txt [[electronic mail protected] tecmint]# lsattr instance.txt -----a---------- example.txt
Afterward setting append mode, the file tin can exist opened for writing data in suspend mode merely. You tin unset the suspend attribute equally follows.
[[e-mail protected] tecmint]# chattr -a instance.txt
At present try to replace already existing content on a file example.txt, y'all will go error saying 'Functioning not permitted'.
[[electronic mail protected] tecmint]# repeat "replace contain on file." > example.txt -bash: example.txt: Operation non permitted
Now try to append new content on a existing file instance.txt and verify it.
[[email protected] tecmint]# repeat "replace contain on file." >> example.txt
[[email protected] tecmint]# cat example.txt Here is the example to test 'a' attribute hateful append only. replace comprise on file.
5. How to Secure Directories
To secure entire directory and its files, we use '-R' (recursively) switch with '+i' flag along with total path of the folder.
[[email protected] tecmint]# chattr -R +i myfolder
Later setting recursively aspect, try to delete the binder and its files.
[[electronic mail protected] tecmint]# rm -rf myfolder/ rm: cannot remove 'myfolder/': Performance not permitted
To unset permission, we use same '-R' (recursively) switch with '-i' flag forth with total path of the binder.
[[electronic mail protected] tecmint]# chattr -R -i myfolder
That'due south it! To know more than about chattr command attributes, flags and options employ the homo pages.
If You Appreciate What We Do Here On TecMint, You Should Consider:
TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.
If you similar what you are reading, please consider buying us a coffee ( or 2 ) every bit a token of appreciation.
We are thankful for your never ending support.
0 Response to "Only the Root User Can Modify a File That Has the Immutable Attribute Set. True or False?"
Post a Comment