Skip to content

Phils Blog and Stuff

TELECOMS. VIRTUALIZATION. IT. CODING. and more…

Menu
  • Home
  • Resources
    • Subnet Mask Cheat Sheet
    • Easy Dmarc+Email
    • MX Tool Box
    • LOAD BALANCING & SRE
  • SHOP
  • SOLUTIONS
  • SERVICES
  • Contact Me
Menu

how you can make files on your system immutable…

Posted on 22/02/201208/03/2023 by Phil

Here is a cool tip on how you can make files on your system immutable. By immutable, I mean evenroot can’t delete the files if he choose to. Linux ships with a tool called chattr which can be used for the purpose. ‘chattr’ is similar to the ‘attrib’ DOS equivalent tool but much more powerful and flexible.
To make your file (test_file) immutable

# chattr +i test_file
… You can only do it logged in as root. Here the +i option sets the immutable bit for the file. Once this bit is set, even root can’t delete or tamper with the file.
If you want to unset the immutable flag, just run the following command:
# chattr -i test_file
You can check what are the attributes of a file by using the following command:
# lsattr test_file
----i-------- test_file
If the immutable flag is set, there will be an ‘i’ in the listing. This command is used by system administrators to restrict the users from changing a file in a particular way or even the administrator can by mistake delete a critical file because of a mis-typed command. But if the immutable flag is set, these mistakes can be avoided.

 

chattr can be used to set/unset many more file attributes. Like if you want to allow everybody to just append data to a file and not change already entered data, you can set the append bit as follows:
# chattr +a test_file
Now the test_file can only be opened in append mode for writing data. You can unset the append attribute as follows:
# chattr -a test_file
To know more about this very useful tool in the system administrator’s forte, check the man page forchattr.

POSTS

  • Home Assistant. Add water meter with PHP+MQTT+YML.
  • Automating your home with Home Assistant. Initial install and config (Hyper-V).
  • The importance of setting up email security correctly.
  • Automate Debian installations with Seed, DHCP and Nginx.
  • A simple link shortener.. Fun little project…

WORD CLOUD

3CX 3CX Phone System Apache Asterisk Cacti CentOS CRM DHCP DNS Email Fail over Failover File System Firewall FreeBSD FreeNAS FXO IAX install IP IP PBX Linux M0n0wall Nottingham Open Source PBX PFSense PHP Router Server SIP snom SSH TrixBox ubuntu VLAN Voice VoIP VPN vyatta WAN Website WiFi yealink ZFS

© 2025 Phils Blog and Stuff | Powered by Superbs Personal Blog theme