Loading
Protect Files with chattr
- Fun with ethtool
- Linux-Based X Terminals with XDMCP
- 100% disappointed with the decision to go all digital.
- Readers' Choice Awards 2011
- Parallel Programming with NVIDIA CUDA
- You Need A Budget
- Validate an E-Mail Address with PHP, the Right Way
- The Linux powered LAN Gaming House
- The Linux RAID-1, 4, 5 Code
- Python for Android
- Gnome3 is such a POS. No one
4 hours 56 min ago - Gnome 3 is the biggest POS
5 hours 6 min ago - I didn't knew this thing by
11 hours 10 min ago - Author's reply
14 hours 35 min ago - Link to modlys
15 hours 42 min ago - I use YNAB because of the
15 hours 53 min ago - Search
20 hours 56 min ago - Question
21 hours 19 min ago - for the record
21 hours 22 min ago - That's disappointing. Thanks
23 hours 45 min ago
Comments
ext2+ only
Need to also keep in mind that chattr is NOT a universal filesystem command. It is specific to ext2/3 and probably ext4 as well.
files permissions already exist
I don't understand in what circumstances it can be used. Actually, there are file permissions to do that, aren't they?
It's good for preventing accidental stupidity
This is very good for files that shouldn't be changed very often, for example, stuff like /etc/sendmail.cf or /etc/resolv.conf. Think of it as an extra protection layer in addition to file permissions, not instead of.
Let's say you're concerned about possible issues with junior sysadmins who have just been entrusted with root. You've given them the standard "be careful, if you're not sure, ask" lecture. But let's face it; they're new sysadmins. They still might make a mistake, and you don't want them just changing, say, /etc/shadow willy-nilly. You can throw the immutable attribute on /etc/shadow as an added "protection" layer. Sure, since they're root anyway, they can flip the immutable flag off...but it's good to encourage them to really think about what they're doing before they do it.
Even a seasoned sysadmin who's tired can make the mistake of "rm -rf /Directory/I/Really/Wanted". Whoops...well, this flag can help out there, too, if it's applied beforehand. The tired sysadmin--who really should stop and get some sleep before going further--will issue that "rm -rf" command, see the "Operation not permitted" message, realize his butt just got saved, require a rather immediate change in underwear, and prudently stop until a proper nap has been taken.
--TP
Your Reply
Terrell,
Your reply made my day. Very good explanation. ;)
Shawn Powers is an Associate Editor for Linux Journal. You might find him chatting on the IRC channel, or Twitter