To make the files immutable, “chattr” command can be used. The filesystems in Linux ext2, ext3, ext4, btrfs supports all the flags, however all the flags won’t support all non-native FS. One cannot delete or modify file/folder once attributes are sets with chattr command, even though you have full permission.
Chattr – Syntax
chattr [operator] [flags] [filename]
How to set attributes on files to secure from deletion
The first step is to check if the existing files have any attributes by using the command
[root@admin ~]# ls -l
drwxr-xr-x. 2 root root 6 Mar 25 18:02 demo
-rwxrwxrwx. 1 root root 0 Mar 25 17:42 important_file.conf
To set the attribute we can use “+ “sign and for unset use “-” sign with the “chattr” command. Now we are going to set immutable bit on the files with “+i” flags to prevent anyone from deleting a file, even a root user don’t have permission to delete it.
[root@admin ~]# chattr +i demo/
[root@admin ~]# chattr +i important_file.conf
The root user or user with sudo privileges need to set the immutable bit “+i”. After setting the immutable bit we can verify it by the command lsattr.
[root@hashroot ~]# lsattr
Now, try to change the permissions, delete forcefully or rename, we will get an error of “Operation not permitted“.
[root@admin ~]# rm -rf demo/
rm: cannot remove âdemo/â: Operation not permitted
[root@admin ~]# mv demo/ demo_alter
mv: cannot move âdemo/â to âdemo_alterâ: Operation not permitted
[root@admin ~]# chmod 755 important_file.conf
chmod: changing permissions of âimportant_file.confâ: Operation not permitted
How to unset the attributes
To unset the assigned attributes by using the “-i” flag with the “chattr” command use the command below.
[root@admin ~]# chattr -i demo/ important_file.conf
To verify the attribute after unsetting by using the command “lsattr” we can use below command.
[root@admin ~]# lsattr
How to Secure /etc/passwd and /etc/shadow files
We can set immutable attributes to /etc/shadow or /etc/passwd to make them more secure and protect it from accidental deletion and also to disable user account creation.
[root@admin ~]# chattr +i /etc/passwd
[root@admin ~]# chattr +i /etc/shadow
Now we try to create a new user, will get an error message saying ‘cannot open /etc/passwd‘.
[root@admin ~]# useradd hashroot
useradd: cannot open /etc/passwd
This method is more secure to save your important files and configuration files from deletion.
Append data without Modifying existing data on a File
If you only want to allow append data to a file without modifying or deleting existing data, we can use “a” with “chattr” command. This can be performed using “+a” flag.
[root@admin ~]# chattr +a example.txt
[root@admin ~]# lsattr example.txt
By using the append data, it is only opened for writing. We can use “-a” flag with “chattr” to unset the append mode.
[root@admin ~]# chattr -a example.txt
Now when we try to change the existing data on file, we will get an error message saying “Operation not permitted”.
[root@admin ~]# echo “replace contain on file.” > example.txt
-bash: example.txt: Operation not permitted
and also try to add data to the file, it will also display error.
[root@admin ~]# echo “replace contain on file.” >> example.txt
[root@admin ~]# cat example.txt
Here is the example to test ‘a’ attribute mean append-only.
How to Secure Directories
To secure a directory with all its files use “-R” (Recursively) with”+i” flag and with the full path of the directory.
[root@admin ~]# chattr -R +i myfolder
Now try to delete this recursively set directory, It will display an error message.
[root@admin ~]# rm -rf myfolder/
rm: cannot remove ‘myfolder/’: Operation not permitted
To unset the attributte of the directory with all its files use “-R” (Recursively) with “-i” flag and with its full path.
[root@admin ~]# chattr -R -i myfolder
” margin_top=”50px” margin_bottom=”” animation_type=”slide” animation_direction=”left” animation_speed=”0.3″ class=”” id=””]