Making Files Immutable




Making Files Immutable

Because the root user can override permissions, file permissions alone are not enough to ensure that a file will not be changed. But when a file is made immutable, it cannot be changed by anyone.

How Do I Do That?

To make a file immutable, use the chattr (change attribute) command to add the i attribute to the file:

# chattr +i foo
# date >>foobash: foo: Permission denied
# mv foo baz
mv: cannot move \Qfoo' to \Qbaz': Operation not permitted
# rm foo
rm: cannot remove \Qfoo': Operation not permitted

You can find out if the i attribute has been set by using the lsattr (list-attribute) command:

# lsattr foo
----i-------- foo

The presence of the i in the output indicates that the file foo has been made immutable.

Removing the i attribute causes the file to act normally again:

# chattr -i foo
#
                   date >>foo
#
                   mv foo baz
#
                   rm baz
# ls baz
ls: baz: No such file or directory

How Does It Work?

The immutable capability is provided by the ext2/ext3 filesystems. Each file has an immutable flag that is part of the ext2/ext3 file attributes; when set, the ext2/ext3 code in the kernel will refuse to change the ownership, group, name, or permissions of the file, and will not permit writing, appending, or truncation of the file.

By making configuration files and programs immutable, you can provide a small measure of protection against change. This can be used to guard against accidental changes to configuration files. It can also prevent a program from being subverted to change files it should not; although SELinux provides similar protection, you may add software to your system that is not covered by the SELinux targeted policy.

Do not attempt to upgrade or remove software packages if you've made any of the files belonging to those packages immutable! Doing so may render your system unusable. Be particularly careful if you are using immutable files on a system that has automatic yum updates enabled.


What About...

...making an entire subtree immutable?

The -R option to chattr causes it to operate recursively over all of the files and subdirectories within a directory:

# chattr -R +i /etc

...other file attributes that might be useful?

Although a number of file attributes have been defined for ext2/ext3 filesystems, very few of the interesting ones have been implemented! For example, attributes have been defined to enable per-file automatic data compression, automatic zeroing (enhanced security erasure) of deleted files, and save-for-undeletion, but none of those features have been implemented so far.

But there is one other attribute that is occasionally useful: the append-only attribute, a. When applied to a file by chattr, this attribute provides all of the protection of the immutable attribute, except that it remains possible to append data to the file. This is ideal for logfiles, because it makes it impossible to alter or erase data that has been placed in the logfile.

Where Can I Learn More?

  • The manpages for chattr and lsattr