cPanel Config

Welcome to cPanelConfig the fastest growing cPanel configuration and troubleshooting guide on the internet. Please take the time and register. We would love to have your contribution to this completely free cPanel resource. We are updating this daily so be sure to visit us on a regular basis.

Making a file or folder undeletable (even to root) - chattr

1 Star2 Stars3 Stars4 Stars5 Stars (3 votes, average: 4.33 out of 5)
Loading ... Loading ...

Posted by yolau

This article will tell you how you can make a file or folder undeletable (immutable) even for root.

This is useful if you have an important file that you don’t want to delete by accident or if you are investigating some user’s files and you don’t want someone deleting the “evidence” while you investigate.

The command works by setting the immutable bit of the file.

How you can make a file immutable ?
Note: This command must be run as root

chattr +i file_name

An example use would be:

chattr +i ftp.log

Now if I want to delete the file I would get:

rm -f ftp.log
rm: cannot remove `ftp.log’: Operation not permitted

Please remember that this was done as root !

If you want to unset the immutable bit you can use the command:

chattr -i file_name

If you want to check what are the attributes of a file you can do so using the command lsattr:

lsattr file_name

In our example we would be getting:

lsattr ftp.log
—-i——– ftp.log

Please notice the immutable bit !

Hope it helps!
If you have any questions just leave me a comment.

Share this: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • bodytext
  • del.icio.us
  • Slashdot
  • StumbleUpon
  • Netvouz
  • description
  • ThisNext
  • MisterWong
  • Wists
  • De.lirio.us
  • Furl
  • MyShare
  • Smarking
  • Technorati
  • YahooMyWeb

If you enjoyed this post, make sure you subscribe to my RSS feed!

4 Responses to “Making a file or folder undeletable (even to root) - chattr”

  1. AlperY, on June 26th, 2008 at 3:54 pm Said:

    “”chattr” can be used against hackers in linux servers. You can do chattr +i /bin/ls to prevent ls being modified which is a known method employed by hackers to hide their activities.
    If you do such a modification, be aware that /bin/ls (or any file) won’t be upgraded and package manager will throw error.
    I used chattr for /bin/ls and coreutils package (containing ls) couldn’t upgrade since it couldn’t remove the previous version of ls.

  2. Pablo’s Blog»Archivo del blog » Haciendo un archivo imborrable en Linux, on June 28th, 2008 at 9:38 pm Said:

    [...] artículo siguiente explica como hacer un archivo o directorio imborrable en Linux, aún para el usuario [...]

  3. Lilia, on August 19th, 2008 at 8:49 am Said:

    Well I am with SUSE SP 10 (Reiserfs) and I get this error when I use chattr:
    “chattr: Inappropriate ioctl for device while reading flags on testserver.der”

    I tried to lock a file using Java or C program, but I am still able to delete them with either root or non root user.

    Any idea?

  4. Ash, on September 20th, 2008 at 7:42 am Said:

    Lilia: chattr - change file attributes on a LIinux second extended file system — means ext2, not reiserfs. Do not know anything simmilar for reiserfs though.

Leave a Reply

« How to monitor the CPU temperature in your Linux box Important FreeBSD & Mbox Information »