This Blog is intended to collect information of my various Intrests,pen my opinion on the information gathered and not intended to educate any one of the information posted,but are most welcome to share there view on them
Saturday, August 14, 2010
Immutable Files in Linux
Recently I came across a situation. I was trying to delete a configuration file in Linux and got error “rm: cannot remove `path/filename’: Operation not permitted”. I was logged in as root but even though I was neither able to change the contents of file nor able to delete it. I checked the ownership and permissions on the file and found that the file is owned by root user and permissions are 644 which are the default permission when you create a new file.
[root@vcsnode1 ~]# ls -l /etc/configfile
-rw-r–r– 1 root root 0 Jan 26 08:45 /etc/configfile
After little troubleshooting, I found that Immutable Flag was set on the file.
What is Immutable Flag :
Immutable flag is an additional file attribute which can be set on file so that anyone should not be able to delete/tamper with the file. It is very useful to setup this flag on Production Servers where changes to configuration files are rare. This attribute can be set on a Linux second extended file system only.
Who can set immutable flag on a file:
Either root user or any process having CAP_LINUX_IMMUTABLE capability can set or clear this attribute.
How to check whether immutable flag is set on a file
lsattr command can be used to check whether an immutable flag is set on a file.
There are many other file attributes which can be set on a file on Linux second extended file system. A couple of attributes are mentioned below :
append only (a) : – File with this attribute can be opened in append mode only. One has to be root or a process having CAP_LINUX_Immutable capability to set/unset this flat.
compressed (c) : - File with this attribute keep the file in compressed state on the disk by the kernel. A read to this file always
no dump (d) :- File with this attribute set, would not be a candidate for backup when the dump program executes.
data journalling (j) :- File with this attribute set writes all it’s data to journal before writing the data to the file if the file system is mounted with ordered or writeback journaling options. If the file system is mounted with “journal” journaling option, this flag has no effect as the “journal” journaling option would provide similar functionality for all the files stored on the file system.
secure deletion (s) :- If the file with this attribute set is deleted, all the data blocks for the file are zeroed and written back to the disk.
All the above attributes can be set/unset using the chattr command.
Syntax : chattr + or – flag filename.
To set an attribute use “+” sign with chattr command followed by the flag mentioned above in “()”.
To unset an attribute use “-” sign with chattr command followed by the flag mentioned above in “()”.