How do you make a file or folder undeletable or unchangeable even to the root user? Use the chattr command.
This would be useful if you have a that you don’t want to delete by accident or if you are investigating a user’s file and you do not want someone deleting the “evidence” while you investigate.
The command works by setting the immutable bit of the file. Note: This command must be run as root
How do you make a file immutable ?
chattr +i file_name
An example use would be:
chattr +i /var/log/messages
Now if I tried to delete the file I would get:
rm -f /var/log/messages
rm: cannot remove `messages’: Operation not permitted
Please remember that this was done as root !
If you want to unset or turn off the immutable bit (unchattr) you can use the command:
chattr -i file_name
If you want to check what are the attributes of a file you can do so using the command lsattr:
lsattr file_name
In our example we would be getting:
lsattr messages
—-i——– messages
notice the immutable bit? It’s that little letter ‘i’ in the files permissions settings.
