Sunday, October 16, 2011

Make Your Files Immutable Which Even Root Can't Delete

A cool tip on how you can make files on your system immutable. By immutable, I mean evenroot can't delete the files if he choose to. Linux ships with a tool called chattr which can be used for the purpose . 'chattr' is similar to the 'attrib' DOS equivalent tool but much more powerful and flexible.
To make your file (test_file) immutable
# chattr +i test_file
... You can only do it logged in as root. Here the +i option sets the immutable bit for the file. Once this bit is set, even root can't delete or tamper with the file.
If you want to unset the immutable flag, just run the following command:
# chattr -i test_file
You can check what are the attributes of a file by using the following command:
# lsattr test_file
----i-------- test_file
If the immutable flag is set, there will be an 'i' in the listing. This command is used by system administrators to restrict the users from changing a file in a particular way or even the administrator can by mistake delete a critical file because of a mis-typed command. But if the immutable flag is set, these mistakes can be avoided.

chattr can be used to set/unset many more file attributes. Like if you want to allow everybody to just append data to a file and not change already entered data, you can set the append bit as follows:
# chattr +a test_file
Now the test_file can only be opened in append mode for writing data. You can unset the append attribute as follows:
# chattr -a test_file
To know more about this very useful tool in the system administrator's forte, check the man page forchattr.