Jan 182010
 

How do you make a file or folder undeletable or unchangeable even to the root user? Use the chattr command.

This would be useful if you have a that you don’t want to delete by accident or if you are investigating a user’s file and you do not want someone deleting the “evidence” while you investigate.

The command works by setting the immutable bit of the file. Note: This command must be run as root

How do you make a file immutable ?

chattr +i file_name

An example use would be:

chattr +i /var/log/messages

Now if I tried to delete the file I would get:

rm -f /var/log/messages
rm: cannot remove `messages’: Operation not permitted

Please remember that this was done as root !

If you want to unset or turn off the immutable bit (unchattr) you can use the command:

chattr -i file_name

If you want to check what are the attributes of a file you can do so using the command lsattr:

lsattr file_name

In our example we would be getting:

lsattr messages
—-i——– messages

notice the immutable bit? It’s that little letter ‘i’ in the files permissions settings.

 Posted by at 2:27 am