In order to prevent a file or directory from being accidentally or intentionally modified, renamed or deleted in Linux, we can set the immutable flag which will disable this functionality.
About the immutable flag
The immutable flag is an extended file system attribute, and can be set on both files and directories. With this flag in place, the file or directory cannot be modified, renamed or deleted without first removing the immutable flag. Setting this flag requires root privileges.
In the following example, we create a new empty file called ‘no-edit.txt’.
[[email protected] ~]# touch no-edit.txt
We can use the lsattr command on this file to view its extended attributes, in this case only ‘e’ is there by default.
[[email protected] ~]# lsattr no-edit.txt --------------e---- no-edit.txt
Next we’ll write some data to the file, which works as expected.
[[email protected] ~]# echo test >> no-edit.txt [[email protected] ~]# cat no-edit.txt test
Now we use the chattr command to set the ‘i’ flag, where i represents immutable.
[[email protected] ~]# chattr +i no-edit.txt
We can now run the lsattr command again to confirm that the ‘i’ flag is now listed on the file.
[[email protected] ~]# lsattr no-edit.txt ----i---------e---- no-edit.txt
The no-edit.txt file is now immutable, so let’s try and write more data to it and see if we can delete or rename it.
[[email protected] ~]# echo more-test >> no-edit.txt zsh: operation not permitted: no-edit.txt [[email protected] ~]# rm -f no-edit.txt rm: cannot remove 'no-edit.txt': Operation not permitted [[email protected] ~]# mv no-edit.txt no-edit2.txt mv: cannot move 'no-edit.txt' to 'no-edit2.txt': Operation not permitted
As we can see in this example, we are not able to modify, delete, or rename our test file as it has been set to immutable. This works exactly the same when applying the ‘i’ flag to a folder, however if you do make a folder immutable, this will apply to all of the files inside, meaning that any sub directories or files within the immutable directory cannot be modified.
If you want to be able to change, remove, or rename an immutable file or directory, you must first remove the ‘i’ flag. This is done again using the change attribute (chattr) command, as shown below.
[[email protected] ~]# chattr -i no-edit.txt [[email protected] ~]# lsattr no-edit.txt --------------e---- no-edit.txt
At this point we can now edit, delete or rename the no-edit.txt file as it is no longer immutable.
In Linux we can set the immutable flag on a file or directory with the ‘chattr’ command. Once immutable, it will not be possible to delete, modify, or rename the file or directory that it has been applied to. We can use the ‘lsattr’ command to list attributes on a particular file or directory to see if the ‘i’ flag is in place. A superuser can remove the immutable flag, allowing it to be removed, edited, or renamed.