Skip to main content

How to make a file immutable(read-only)

Assign Special attributes to a file using "chattr".

 If you want to restrict all the operation on a file except readonly including root user, chattr can help to achieve this.
[root@localhost rpm]# touch /tmp/my.txt
[root@localhost rpm]# ll /tmp/my.txt
-rw-r--r--. 1 root root 0 Jan 25 15:36 /tmp/my.txt
[root@localhost rpm]# chgrp harry /tmp/my.txt
[root@localhost rpm]# chown natasha /tmp/my.txt
[root@localhost rpm]# ll /tmp/my.txt
-rw-r--r--. 1 natasha harry 0 Jan 25 15:36 /tmp/my.txt
[root@localhost rpm]# chmod 000 /tmp/my.txt
[root@localhost rpm]# ll /tmp/my.txt
----------. 1 natasha harry 0 Jan 25 15:36 /tmp/my.txt
[root@localhost rpm]#

root user doesn't have any permission on /tmp/my.txt file, still it can do all the file operation on this file.
[root@localhost rpm]# cat >> /tmp/my.txt
root user added some data
[root@localhost rpm]# cat /tmp/my.txt
root user added some data
[root@localhost rpm]#

How to restrict root user so that any user can't perform any operation?
[root@localhost rpm]# chattr +i /tmp/my.txt
[root@localhost rpm]# lsattr /tmp/my.txt
----i----------- /tmp/my.txt
[root@localhost rpm]#

Now if any user including root try to do any file operation except read, they can't do.
[root@localhost rpm]# cat >> /tmp/my.txt
-bash: /tmp/my.txt: Permission denied
[root@localhost rpm]#

[root@localhost rpm]# rm -rvf /tmp/my.txt
rm: cannot remove ‘/tmp/my.txt’: Operation not permitted
[root@localhost rpm]#

[root@localhost rpm]# chattr -i /tmp/my.txt ---------- if want to remove

chattr has lots of option but i and a are my favorite.

a -> We can append some data but can't remove anything.
[root@localhost rpm]# chattr +a /tmp/my.txt
[root@localhost rpm]# cat > /tmp/my.txt
-bash: /tmp/my.txt: Operation not permitted
[root@localhost rpm]# cat >> /tmp/my.txt
adding few more lines
[root@localhost rpm]# cat /tmp/my.txt
root user added some data
adding few more lines
[root@localhost rpm]#

Comments

Post a Comment

Please share your experience.....

Popular posts from this blog

error: db5 error(11) from dbenv->open: Resource temporarily unavailable

If rpm command is not working in your system and it is giving an error message( error: db5 error(11) from dbenv->open: Resource temporarily unavailable ). What is the root cause of this issue? How to fix this issue?   just a single command- [root@localhost rpm]# rpm --rebuilddb Detailed error message- [root@localhost rpm]# rpm -q firefox ^Cerror: db5 error(11) from dbenv->open: Resource temporarily unavailable error: cannot open Packages index using db5 - Resource temporarily unavailable (11) error: cannot open Packages database in /var/lib/rpm ^Cerror: db5 error(11) from dbenv->open: Resource temporarily unavailable error: cannot open Packages database in /var/lib/rpm package firefox is not installed [root@localhost rpm]# RPM manage a database in which it store all information related to packages installed in our system. /var/lib/rpm, this is directory where this information is available. [root@localhost rpm]# cd /var/lib/rpm ...
2 comments
Read more

Failed to get D-Bus connection: Operation not permitted

" Failed to get D-Bus connection: Operation not permitted " - systemctl command is not working in Docker container. If systemctl command is not working in your container and giving subjected error message then simple solution of this error is, create container with -- privileged option and also provide init file full path  /usr/sbin/init [root@server109 ~]# docker container run -dit --privileged --name systemctl_not_working_centos1 centos:7 /usr/sbin/init For detailed explanation and understanding I am writing more about it, please have look below. If we have a daemon based program(httpd, sshd, jenkins, docker etc.) running inside a container and we would like to start/stop or check status of daemon inside docker then it becomes difficult for us to perform such operations , because by default systemctl and service  commands don't work inside docker. Normally we run below commands to check services status in Linux systems. [root@server109 ~]# systemctl status ...
4 comments
Read more

error: src refspec main does not match any

$ git push -u origin main error: src refspec main does not match any error: failed to push some refs to 'https://gitlab.com/jay2tinku/my-new-project.git' If you get such error while performing any git operation. This means you have to check your default branch name. From last few git versions by default branch name is main instead of master . It never means that it will always be main/master . Normally at the time of installation we have to configure that but most of the time we ignore that and go with default options. Simple fix of this error is :- git push -u origin master or git push -u origin main Please have a look on below scenario for complete understanding $ mkdir my-new-project $ cd  my-new-project $ git status $ git init $ cat > test.txt My first line!!! $  git status $ git remote add origin https://gitlab.com/jay2tinku/my-test-project.git $ git add . $ git status $ git commit . -m "Intial push commit" $ git push -u origin main error: src...
1 comment
Read more