Shulou(Shulou.com)06/01 Report--

This article mainly introduces "how to create write-protected files under Linux". In daily operation, I believe that many people have doubts about how to create write-protected files under Linux. The editor consulted all kinds of materials and sorted out simple and easy-to-use methods of operation. I hope it will be helpful to answer the doubts of "how to create write-protected files under Linux". Next, please follow the editor to study!

If you want to write protect some important files in Linux so that they cannot be deleted or tampered with to previous versions or other things, or in other cases, you may want to prevent some configuration files from being automatically modified by the software. Using the chown and chmod commands to modify the attribution or permission bits of a file is a solution to this situation, but it is not perfect because it cannot avoid operations with root permissions. That's when chattr came in handy.

Chattr is a Linux command that sets or cancels the flag bits of a file, which is separate from the standard file permissions (read, write, execute). Another command related to this is lsattr, which shows which flag bits of the file are set. Initially only the EXT file system (EXT2/3/4) supports flag bits managed by chattr and lsattr, but now many other native Linux file systems do, such as XFS, Btrfs, ReiserFS, and so on.

In this tutorial, I will demonstrate how to use chattr to make files in Linux immutable.

The chattr and lsattr commands are part of the e2fsprogs package and are pre-installed in all modern Linux distributions.

Here is the basic syntax of chattr.

$chattr [- RVf] [operator] [flag bit] file.

Where the operator can be "+" (add the selected flag bit to the flag bit list), "-" (remove the selected flag bit from the flag bit list), or "=" (force the selected flag bit to be used).

Here are some available flag bits.

A: can only be opened in append mode.

A: atime (file access time) cannot be updated.

C: it is automatically compressed when written to disk.

C: turn off copy while writing.

I: it cannot be changed.

S: safely deleted by automatic zeroing. (LCTT translation note: in general, the content of the deleted file will not be modified, and changing the flag bit will cause the original content of the deleted file to be replaced by "0".)

"immutable" flag bit

In order to make a file immutable, you need to add the "immutable" flag bit to the file as follows. For example, write-protect the / etc/passwd file:

The code is as follows:

$sudo chattr + I / etc/passwd

Note that setting or canceling the "immutable" flag bit of a file requires root permission. Now check to see if the file's "immutable" flag has been added.

The code is as follows:

$lsattr / etc/passwd

Once the file is made immutable, no user will be able to modify the file. Even root users cannot modify, delete, overwrite, move, or rename the file. If you want to modify this file again, you need to cancel the "unchangeable" flag first.

Cancel the "immutable" flag bit with the following command:

The code is as follows:

$sudo chattr-I / etc/passwd

If you want to make a directory (such as / etc) and all its contents unchangeable, use the "- R" option:

The code is as follows:

$sudo chattr-R + I / etc

"only append" flag bit

Another useful flag bit is "append only", which only allows the contents of the file to be modified in a way that is appended. You cannot overwrite or delete a file with the "append only" flag set. This flag bit is useful if you want to avoid accidental cleanup of log files.

Similar to the "immutable" flag bit, you can use the following command to change the file to "append only" mode:

The code is as follows:

$sudo chattr + a / var/log/syslog

Note that when you copy an "immutable" or "appendable" file to another place, the new file will not retain these flags!

At this point, the study on "how to create write-protected files under Linux" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.