Prevent File/Directory Modification, Deletion and Renaming in Linux

In order to prevent a file or directory from being accidentally or intentionally modified, renamed or deleted in Linux, we can set the immutable flag which will disable this functionality.

About the immutable flag

The immutable flag is an extended file system attribute, and can be set on both files and directories. With this flag in place, the file or directory cannot be modified, renamed or deleted without first removing the immutable flag. Setting this flag requires root privileges.

Example

In the following example, we create a new empty file called ‘no-edit.txt’.

[root@server ~]# touch no-edit.txt

We can use the lsattr command on this file to view its extended attributes, in this case only ‘e’ is there by default.

[root@server ~]# lsattr no-edit.txt
--------------e---- no-edit.txt

Next we’ll write some data to the file, which works as expected.

[root@server ~]# echo test >> no-edit.txt
[root@server ~]# cat no-edit.txt
test

Now we use the chattr command to set the ‘i’ flag, where i represents immutable.

[root@server ~]# chattr +i no-edit.txt

We can now run the lsattr command again to confirm that the ‘i’ flag is now listed on the file.

[root@server ~]# lsattr no-edit.txt    
----i---------e---- no-edit.txt

The no-edit.txt file is now immutable, so let’s try and write more data to it and see if we can delete or rename it.

[root@server ~]# echo more-test >> no-edit.txt
zsh: operation not permitted: no-edit.txt
[root@server ~]# rm -f no-edit.txt
rm: cannot remove 'no-edit.txt': Operation not permitted
[root@server ~]# mv no-edit.txt no-edit2.txt
mv: cannot move 'no-edit.txt' to 'no-edit2.txt': Operation not permitted

As we can see in this example, we are not able to modify, delete, or rename our test file as it has been set to immutable. This works exactly the same when applying the ‘i’ flag to a folder, however if you do make a folder immutable, this will apply to all of the files inside, meaning that any sub directories or files within the immutable directory cannot be modified.

If you want to be able to change, remove, or rename an immutable file or directory, you must first remove the ‘i’ flag. This is done again using the change attribute (chattr) command, as shown below.

[root@server ~]# chattr -i no-edit.txt
[root@server ~]# lsattr no-edit.txt
--------------e---- no-edit.txt

At this point we can now edit, delete or rename the no-edit.txt file as it is no longer immutable.

Summary

In Linux we can set the immutable flag on a file or directory with the ‘chattr’ command. Once immutable, it will not be possible to delete, modify, or rename the file or directory that it has been applied to. We can use the ‘lsattr’ command to list attributes on a particular file or directory to see if the ‘i’ flag is in place. A superuser can remove the immutable flag, allowing it to be removed, edited, or renamed.

Leave a Comment

NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>