Skip to Content
Fedora Linux
book

Fedora Linux

by Chris Tyler
October 2006
Beginner
658 pages
17h 17m
English
O'Reilly Media, Inc.
Content preview from Fedora Linux

Making Files Immutable

Because the root user can override permissions, file permissions alone are not enough to ensure that a file will not be changed. But when a file is made immutable, it cannot be changed by anyone.

How Do I Do That?

To make a file immutable, use the chattr (change attribute) command to add the i attribute to the file:

# chattr +i 
               
                  foo
               
# date >>
               
                  foo
               
               
                  bash: foo: Permission denied
               
# mv 
               
                  foo baz
               
mv: cannot move \Qfoo' to \Qbaz': Operation not permitted
# rm 
               
                  foo
               
rm: cannot remove \Qfoo': Operation not permitted

You can find out if the i attribute has been set by using the lsattr (list-attribute) command:

# lsattr 
               
                  foo
               
----i-------- foo

The presence of the i in the output indicates that the file foo has been made immutable.

Removing the i attribute causes the file to act normally again:

# chattr -i 
               
                  foo
               
#
                   
               
               date
               
                   >>foo
               
#
                   
               
               mv
               
                   foo baz
               
#
                   
               
               rm
               
                   baz
               
# ls baz
ls: baz: No such file or directory

How Does It Work?

The immutable capability is provided by the ext2/ext3 filesystems. Each file has an immutable flag that is part of the ext2/ext3 file attributes; when set, the ext2/ext3 code in the kernel will refuse to change the ownership, group, name, or permissions of the file, and will not permit writing, appending, or truncation of the file.

By making configuration files and programs immutable, you can provide a small measure of protection against change. This can be used to guard against accidental changes to configuration files. It can also prevent a program ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

AirBnbBlueOriginElectronic ArtsHomeDepotNasdaqRakutenTata Consultancy Services

QuotationMarkO’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.
Julian F.
Head of Cybersecurity
QuotationMarkI wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.
Addison B.
Field Engineer
QuotationMarkI’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.
Amir M.
Data Platform Tech Lead
QuotationMarkI'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Mark W.
Embedded Software Engineer

You might also like

CentOS Quick Start Guide

CentOS Quick Start Guide

Shiwang Kalkhanda
Mastering FreeBSD and OpenBSD Security

Mastering FreeBSD and OpenBSD Security

Paco Hope, Bruce Potter, Yanek Korff
Linux Server Hacks

Linux Server Hacks

Rob Flickenger

Publisher Resources

ISBN: 0596526822Errata Page