Home
Main Menu
Home
Help Docs
Newbies
Corporates
Gnu/Linux Distros
Programming
Databases
Links
Search
Regular
News
Interviews
Aaj Ka Tip
Aaj Ka Command
Community
Blogs
Wiki
Forums
Services
Free Software

How to write protect important files Print E-mail
Protect some files from users with sudo access to modify it

How to write protect important file (even root can NOT modify/delete it)

If you have some internal application developed to manage the users and other stuff. However some admin still some time make changes /etc/passwd or /etc/master.passwd via sudo. Then the idea of file write protection comes. I suggested to use them chflags.
This kind of write protection can be set under Gnu/Linux and FreeBSD using the special bit call immutable by root user only. Once this bit is setup no one can delete or modify file including root. And only root can clear the File immutable bit.

You must be a root user to setup or clear the immutable bit.

1. Setup file immutable bit
Use chflags command as follows:
#chflags schg /tmp/test.doc

Try to remove or moify file file with rm or vi:
# rm -f /tmp/test.doc
rm: /tmp/test.doc: Operation not permitted

Don't be supriesed even root is not allowed to remove or modify file. This is useful to protect important file such as /etc/passwd, /etc/master.passwd etc.

2. Display if file immutable bit is on or off:
ls -lo /tmp/test.doc
-rw-r--r-- 1 root wheel schg 19 Jun 29 22:22 /tmp/test.doc

3. Clear or remove file immutable bit:
#chflags noschg /tmp/test.doc

Now you can remove or modify file. Please note that immutable flag can be set by root user only. chflags also supports few other interesting flags.

arch: set the archived flag
nodump: set the nodump flag
sappnd: set the system append-only flag
schg: set the system immutable flag
sunlnk: set the system undeletable flag
uappnd: set the user append-only flag
uchg: set the user immutable flag
uunlnk: set the user undeletable flag

Putting the letters ``no'' before an option causes the flag to be turned off.

It is possible to do this in Gnu/Linux too using the chattr command. For more info on it do man chattr.

Also you can explore various Gnu/Linux options to view these attributes using the man ls and checking out the options
< Previous   Next >



gnulinuxclub
Join Us
About Us
Contact Us
Support Us
Acknowlegdement
Login(only for dev.)

Royalty Free Images

O'Reilly User Group discount!




Powered By GIMP GIMP
Contact Webmaster Copyleft 2011 gnulinuxclub.org