Jesin's Blog

Welcome to the Portal of Technology

  • Facebook
  • GitHub
  • Google+
  • RSS
  • Twitter
  • Home
  • Categories
    • Domains
    • Linux
    • Networking
    • PHP
    • Virtualization
    • Web Design
    • Web Servers
    • Windows
  • WordPress Plugins
    • Custom Error Pages
    • HTTP Digest Authentication
    • Mailgun Email Validator
  • Toolbox
    • DNS Lookup Tool
    • htdigest Generator Tool Online
    • htpasswd Generator Tool Online
    • HTTP Headers Lookup Tool
    • MD5 Encryption Tool
    • Open Port Check Tool
    • SHA-1 Encryption Tool
    • URL Encoding/Decoding Tool
  • About Me
  • Contact Me
  • Sitemap
Home ›
Linux ›
How to make undeletable files and directories in Linux

How to make undeletable files and directories in Linux

July 12, 2011 Linux Jesin A 6 Comments

linux category thumbnail

A very useful Linux tip on how to make files and directories undeletable even by the root user. You can apply this tip on all important configuration files so that no one accidentally or intentionally deletes it. To achieve this the chattr (Change Attribute) command is used it Linux. The chattr command “immunizes” the file not only from deletion but also modification. The chattr command does care about chmod values, even if a file has 777 permissions immunizing the file will prevent it from being deleted or modified.

chattr +i /path/to/filename

The above command will add the “immutable” flag to the file. Try removing the file with the rm command and you’ll receive the error

rm: cannot remove `file’: Operation not permitted

The same will happen when you try to modify this file. You can also add the immutable flag to directories.

chattr +i /path/to/directory

This will make the directory undeletable, you cannot create new files inside this directory but existing files can be modified but CANNOT be deleted. To recursively immunize everything inside a directory.

chattr -R +i /path/to/directory

How to remove the immutable flag ?

If you ever what to delete the file the immutable attribute should be removed. For this just use a minus (-) symbol in the place of plus (+)

chattr -i /path/to/file

You can do the same for directories too.

How to view file attributes ?

To find out the attributes of a file included whether the file is immunized

lsattr /path/to/directory

The lsattr will produce an output similar to the one below

----i------------e- ./file
----i------------e- ./dir
-----------------e- ./file2

The letter ‘i’ shows that a file has the immutable attribute. The letter ‘e’ according to the man page of chattr says

The ‘e’ attribute indicates that the file is using extents for mapping the blocks on disk. It may not be removed using chattr(1).

Related posts:

linux category thumbnailLinux ACL Tutorial linux category thumbnailCommand to Display Directory Sizes in Linux linux category thumbnailMount an ISO file in Linux linux category thumbnailChange Home Directory in Linux linux category thumbnailSetup Linux DNS Server for Windows Active Directory

Tags: linux, linux commands

Comments

  1. Sam McAllister says

    August 11, 2011 at 7:51 pm

    Thanks !

    Reply
  2. Philip Rhoades says

    February 23, 2016 at 2:26 am

    This is ALMOST what I need:

    On a number of occasions I have accidentally deleted all the files in my RoundCubeMail Sent dir – I have always managed to recover nearly everything from backups but it annoys me to lose even insignificant mails. I need a Sent dir where mails are continuously created as normal but created with the “chattr +i” option so they can’t be deleted – but that does not seem possible? The only way I can see to do that is to use something like inotifywait and automatically change every new file created . .

    Any other ideas?

    Thanks,
    Phil.

    Reply
    • Jesin A says

      February 23, 2016 at 3:21 am

      Hi Phil,

      You could set the following to run as a cronjob every hour (/etc/cron.hourly/) as the root user:

      chattr +i $(find /path/to/roundcube/sent/folder -type f  -iname "*" -exec lsattr {} \; | grep -vP "(?<=-)i(?=-).* " | cut -d' ' -f2)

      The regular expression used in grep is not perfect but should work in most cases. I got it from http://unix.stackexchange.com/a/132796

      Reply
  3. Philip Rhoades says

    February 23, 2016 at 8:46 am

    Jesin,

    Thanks for that but I think an inotifywait scriptlet would be better – that would do the job as soon as a file was created. It would be nice if there was bit set option on the directory that would do it automatically but that doesn’t seem to exist . .

    P.

    Reply
  4. Allan says

    August 10, 2017 at 9:13 am

    Hi, i need your Help…

    I need to remove all attributes in all “folder and files” in my folder “public_html” in my site….
    How i can remove in all files and folder on one command??

    I try but dont work….
    -type f -exec chattr +i \{\} \;

    Thanks

    Reply
    • Jesin A says

      August 10, 2017 at 4:50 pm

      Hi Allan,

      Try this inside the public_html directory

      find . -type f -exec chattr -i {} \;
      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get a wealth of information delivered to your inbox. Subscribe and never miss a single article.

  • Tutorials and howtos
  • Code, scripts and commands
  • Online Tools

* No spam, unsubscribe anytime

Hire Me

  • SSL installation and hardening (A+ on Qualys SSL test)
  • Apache & Nginx configuration
  • Email deliverability improvement (10/10 on Mail Tester & MailGenius)
  • WordPress customization, optimization and migration
  • and much more…

    Tools

    • DNS Lookup Tool
    • htdigest Generator Tool Online
    • htpasswd Generator Tool Online
    • HTTP Headers Lookup Tool
    • MD5 Encryption Tool
    • Open Port Check Tool
    • SHA-1 Encryption Tool
    • URL Encoding/Decoding Tool

    Nav

    • Home
    • About Me
    • Contact Me
    • Privacy Policy
    • Sitemap
    Vultr SSD VPS

    Creative Commons License
    Jesin's Blog by Jesin A is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
    Based on a work at websistent.com.