Files that even root can't kill. 03/29 Update SLTechnology News&Howtos

Files that even root can't kill.

2025-03-29 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Shulou(Shulou.com)06/03 Report--

Do you have the impression that root users can do whatever they want? Any rm-rf *, a wave of coquettish operation leaving? It may not be that easy.

Come on, delete me!

To start with an example, create a text file test.txt

$touch test.txt

Change its permission bit to 777

$chmod 777 test.txt$ ls-al test.txt-rwxrwxrwx 1 root root 13 Aug 31 15:03 test.txt

Then do a little something that I won't tell you for the time being. Finally, try to delete:

$rm test.txtrm: cannot remove 'test.txt': Operation not permitted

Huh? Root user, 777power limit, why can't you delete it?

I attribute

So what did I do in the middle? In fact, only one order was carried out:

Chattr + I test.txt

It leads to the effect we saw earlier. In addition to what we can see, the file in Linux also has some file attributes, among which the I attribute is used to prevent the file from being modified, renamed, and deleted. After executing the previous command, we can view its properties in the following ways:

$lsattr test.txt----i-e-- test.txt

If you want to remove the property, simply execute

Chattr-I test.txt

You can delete it at this time. Of course, only superusers can modify this property. So it's okay for root users to do whatever they want, but it takes a little bit of action.

Https://www.csdn.net/article/a/2019-11-04/15950345

Http://www.51cto.com/it/news/2019/1104/16234.html

Https://article.pchome.net/content-2103123.html

File attribute

In fact, in addition to the I attribute mentioned earlier, there are other properties, including:

A can only open files to write by appending (for log files)

A does not update the atime of the file, that is, the access time

No backup operation occurs when the d dump command is running

S files are written to disk when they are updated, which is equivalent to using sync for files.

There are other attributes are not listed, interested can refer to the man manual.

Summary

So if you find that some files have permission bits of 777, but you can't delete them with root, use lsattr to see if there is an I attribute.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.