Skip to main content

How to make a file immutable(read-only)

Assign Special attributes to a file using "chattr".

If you want to restrict all the operation on a file except readonly including root user, chattr can help to achieve this.
[root@localhost rpm]# touch /tmp/my.txt
[root@localhost rpm]# ll /tmp/my.txt
-rw-r--r--. 1 root root 0 Jan 25 15:36 /tmp/my.txt
[root@localhost rpm]# chgrp harry /tmp/my.txt
[root@localhost rpm]# chown natasha /tmp/my.txt
[root@localhost rpm]# ll /tmp/my.txt
-rw-r--r--. 1 natasha harry 0 Jan 25 15:36 /tmp/my.txt
[root@localhost rpm]# chmod 000 /tmp/my.txt
[root@localhost rpm]# ll /tmp/my.txt
----------. 1 natasha harry 0 Jan 25 15:36 /tmp/my.txt
[root@localhost rpm]#

root user doesn't have any permission on /tmp/my.txt file, still it can do all the file operation on this file.
[root@localhost rpm]# cat >> /tmp/my.txt
root user added some data
[root@localhost rpm]# cat /tmp/my.txt
root user added some data
[root@localhost rpm]#

How to restrict root user so that any user can't perform any operation?
[root@localhost rpm]# chattr +i /tmp/my.txt
[root@localhost rpm]# lsattr /tmp/my.txt
----i----------- /tmp/my.txt
[root@localhost rpm]#

Now if any user including root try to do any file operation except read, they can't do.
[root@localhost rpm]# cat >> /tmp/my.txt
-bash: /tmp/my.txt: Permission denied
[root@localhost rpm]#

[root@localhost rpm]# rm -rvf /tmp/my.txt
rm: cannot remove ‘/tmp/my.txt’: Operation not permitted
[root@localhost rpm]#

[root@localhost rpm]# chattr -i /tmp/my.txt ---------- if want to remove

chattr has lots of option but i and a are my favorite.

a -> We can append some data but can't remove anything.
[root@localhost rpm]# chattr +a /tmp/my.txt
[root@localhost rpm]# cat > /tmp/my.txt
-bash: /tmp/my.txt: Operation not permitted
[root@localhost rpm]# cat >> /tmp/my.txt
adding few more lines
[root@localhost rpm]# cat /tmp/my.txt
root user added some data
adding few more lines
[root@localhost rpm]#

Comments

Popular posts from this blog

error: db5 error(11) from dbenv->open: Resource temporarily unavailable

If rpm command is not working in your system and it is giving an error message( error: db5 error(11) from dbenv->open: Resource temporarily unavailable ). What is the root cause of this issue? How to fix this issue?   just a single command- [root@localhost rpm]# rpm --rebuilddb Detailed error message- [root@localhost rpm]# rpm -q firefox ^Cerror: db5 error(11) from dbenv->open: Resource temporarily unavailable error: cannot open Packages index using db5 - Resource temporarily unavailable (11) error: cannot open Packages database in /var/lib/rpm ^Cerror: db5 error(11) from dbenv->open: Resource temporarily unavailable error: cannot open Packages database in /var/lib/rpm package firefox is not installed [root@localhost rpm]# RPM manage a database in which it store all information related to packages installed in our system. /var/lib/rpm, this is directory where this information is available. [root@localhost rpm]# cd /var/lib/rpm ...

Failed to get D-Bus connection: Operation not permitted

" Failed to get D-Bus connection: Operation not permitted " - systemctl command is not working in Docker container. If systemctl command is not working in your container and giving subjected error message then simple solution of this error is, create container with -- privileged option and also provide init file full path  /usr/sbin/init [root@server109 ~]# docker container run -dit --privileged --name systemctl_not_working_centos1 centos:7 /usr/sbin/init For detailed explanation and understanding I am writing more about it, please have look below. If we have a daemon based program(httpd, sshd, jenkins, docker etc.) running inside a container and we would like to start/stop or check status of daemon inside docker then it becomes difficult for us to perform such operations , because by default systemctl and service  commands don't work inside docker. Normally we run below commands to check services status in Linux systems. [root@server109 ~]# systemctl status ...

AWS cloud automation using Terraform

In this post I'll create multiple resources in AWS cloud using Terraform . Terraform is an infrastructure as code( IAC ) software which can do lots of things but it is superb in cloud automation. To use Terraform we have write code in a high-level configuration language known as Hashicorp Configuration Language , optionally we can write code in JSON as well. I'll create below service using Terraform- 1. Create the key-pair and security group which allow inbound traffic on port 80 and 22 2. Launch EC2 instance. 3. To create EC2 instance use same key and security group which created in step 1 4. Launch Volume(EBS) and mount this volume into /var/www/html directory 5. Upload index.php file and an image on GitHub repository 6. Clone GitHub repository into /var/www/html 7. Create S3 bucket, copy images from GitHub repo into it and set permission to public readable 8 Create a CloudFront use S3 bucket(which contains images) and use the CloudFront URL to update code in /var/w...