13 replies to this topic

[Allan®]

Quote

what command would you use to make sure that you cannot easily delete a file called backup (which you own) without affecting other permissions?

This is a question in a lab I'm doing. I've racked my brain, I've racked Google's brain. I've tried a TON of other things, and I can't seem to figure it out... can anyone help?

[xendrome]

The question doesn't really make any sense.... "command"? Do they mean attribute? is this talking about security permissions?

[Allan®]

I'm assuming the professor is asking what chmod stuff I'd do. It's very badly written, though.

[zoheb]

have a look at chattr command

e.g : chattr +i filename.

with this command the permissions does not change and nor you can edit or delete the file unless >>>> chattr -i filename

[-Alex-]

zoheb, on 09 February 2012 - 12:56, said:

have a look at chattr command

e.g : chattr +i filename.

with this command the permissions does not change and nor you can edit or delete the file unless >>>> chattr -i filename

Good command, but chattr +u backup is probably better (makes the file only undeleteable).

http://linux.about.c...mdl1_chattr.htm

[Allan®]

Neither command worked.

[-Alex-]

Upon closer inspection of the man page for chattr, +u would appear to be wrong:

Quote

When a file with the `u' attribute set is deleted, its contents are saved. This allows the user to ask for its undeletion.

But +i should work:

Quote

A file with the `i' attribute cannot be modified: it cannot be deleted or renamed, no link can be created to this file and no data can be written to the file. Only the superuser or a process pessessing the CAP_LINUX_IMMUTABLE capability can set or clear this attribute.

[ichi]

rm /bin/rm

But then again if you don't want to screw the system, chattr +i is the way to go.
AFAIK you must execute it as root, though, and root still can delete the file. It just prevents plain users from modifying it in any way.

You could also make the file undeletable for every user including root using SELinux, or replace rm with the safe-rm wrapper and add your backup file to the blacklist.

[zoheb]

With chattr +i , not even root cannot delete it.
You need to use -i attribute

[-Alex-]

zoheb, on 10 February 2012 - 04:39, said:

With chattr +i , not even root cannot delete it.
You need to use -i attribute

You had it right first time, it's +i

Quote

The operator `+' causes the selected attributes to be added to the existing attributes of the files; `-' causes them to be removed

[Allan®]

Correct answer is
Chmod u-w backup

[cybertimber2008]

Allan®, on 10 February 2012 - 17:07, said:

Correct answer is
Chmod u-w backup

That removes write permissions, but that doesn't prevent you from deleting the file, even in a regular, non-root account.

[nick@fedora16vm ~]$ touch file.txt
[nick@fedora16vm ~]$ ll file.txt
-rw-rw-r-- 1 nick nick 0 Feb 10 13:06 file.txt
[nick@fedora16vm ~]$ chmod u-w file.txt
[nick@fedora16vm ~]$ ll file.txt
-r--rw-r-- 1 nick nick 0 Feb 10 13:06 file.txt
[nick@fedora16vm ~]$ rm file.txt
rm: remove write-protected regular empty file `file.txt'? y
[nick@fedora16vm ~]$ ll file.txt
ls: cannot access file.txt: No such file or directory

Edit:
/threadhijack: I'm unfamilar with the chattr, but highly interested... but I can't get it work. Any ideas? (Fedora 16)

[nick@fedora16vm ~]$ chattr +i file.txt
chattr: Operation not permitted while setting flags

Edited by cybertimber2008, 10 February 2012 - 18:09.

[Allan®]

That was the answer the Professor gave me, and the program he wrote to check answers said it was correct... thus I have to accept it's wrong, even if it isn't.

[-Alex-]

Print out this thread and give it to him