Prevent Files And Folders From Accidental Deletion Or Modification In Linux
Fuente: https://www.ostechnix.com/prevent-files-folders-accidental-deletion-modification-linux/
Some times, I accidentally “SHIFT+DELETE” my data. Yes, I am an idiot who don’t double check what I am exactly going to delete. And, I am too dumb or lazy to backup the data. Result? Data loss! They are gone in a fraction of second. I do it every now and then. If you’re anything like me, I’ve got a good news. There is a simple, yet useful commandline utility called “chattr” (abbreviation of Change Attribute) which can be used to prevent files and folders from accidental deletion or modification in Unix-like distributions. It applies/removes certain attributes to a file or folder in your Linux system. So nobody can delete or modify the files and folders either accidentally or intentionally, even as root user. Sounds useful, isn’t it? Indeed!
In this brief tutorial, we are going to see how to use chattr in real time in-order to prevent files and folders from accidental deletion in Linux.
Prevent Files And Folders From Accidental Deletion Or Modification In Linux
By default, Chattr is available in most modern Linux operating systems. Let us see some examples.The default syntax of chattr command is:
chattr [operator] [switch] [filename]chattr has the following operators.
- The operator ‘+’ causes the selected attributes to be added to the existing attributes of the files;
- The operator ‘-‘ causes them to be removed;
- The operator ‘=’ causes them to be the only attributes that the files have.
- a – append only,
- A – no atime updates,
- c – compressed,
- C – no copy on write,
- d – no dump,
- D – synchronous directory updates,
- e – extent format,
- i – immutable,
- j – data journalling,
- P – project hierarchy,
- s – secure deletion,
- S – synchronous updates,
- t – no tail-merging,
- T – top of directory hierarchy,
- u – undeletable.
Prevent files from accidental deletion
Let me create a file called file.txt in my current directory.$ touch file.txtNow, I am going to apply “i” attribute which makes the file immutable. It means you can’t delete, modify the file, even if you’re the file owner and the root user.
$ sudo chattr +i file.txtYou can check the file attributes using command:
$ lsattr file.txtSample output:
----i---------e---- file.txtNow, try to remove the file either as a normal user or with sudo privileges.
$ rm file.txtSample output:
rm: cannot remove 'file.txt': Operation not permittedLet me try with sudo command:
$ sudo rm file.txtSample output:
rm: cannot remove 'file.txt': Operation not permittedLet us try to append some contents in the text file.
$ echo 'Hello World!' >> file.txtSample output:
bash: file.txt: Operation not permittedTry with sudo privilege:
$ sudo echo 'Hello World!' >> file.txtSample output:
bash: file.txt: Operation not permittedAs you noticed in the above outputs, We can’t delete or modify the file even as root user or the file owner.
To revoke attributes, just use “-i” switch as shown below.
$ sudo chattr -i file.txtNow, the immutable attribute has been removed. You can now delete or modify the file.
$ rm file.txtSimilarly, you can restrict the directories from accidental deletion or modification as described in the next section.
Prevent folders from accidental deletion and modification
Create a directory called dir1 and a file called file.txt inside this directory.$ mkdir dir1 && touch dir1/file.txtNow, make this directory and its contents (file.txt) immutable using command:
$ sudo chattr -R +i dir1Where,
- -R – will make the dir1 and its contents immutable recursively.
- +i – makes the directory immutable.
$ rm -fr dir1
$ sudo rm -fr dir1You will get the following output:
rm: cannot remove 'dir1/file.txt': Operation not permittedTry to append some contents in the file using “echo” command. Did you make it? Of course, you couldn’t!
To revoke the attributes back, run:
$ sudo chattr -R -i dir1Now, you can delete or modify the contents of this directory as usual.
Prevent files and folders from accidental deletion, but allow append operation
We know now how to prevent files and folders from accidental deletion and modification. Next, we are going to prevent files and folders from deletion, but allow the file for writing in append mode only. That means you can’t edit, modify the existing data in the file, rename the file, and delete the file. You can only open the file for writing in append mode.To set append mode attribution to a file/directory, we do the following.
For files:
$ sudo chattr +a file.txtFor directories:
$ sudo chattr -R +a dir1A file/folder with the ‘a’ attribute set can only be open in append mode for writing.
Add some contents to the file(s) to check whether it works or not.
$ echo 'Hello World!' >> file.txt
$ echo 'Hello World!' >> dir1/file.txtCheck the file contents using cat command:
$ cat file.txt
$ cat dir1/file.txtSample output:
Hello World!You will see that you can now be able to append the contents. It means we can modify the files and folders.
Let us try to delete the file or folder now.
$ rm file.txtOutput:
rm: cannot remove 'file.txt': Operation not permittedLet us try to delete the folder:
$ rm -fr dir1/Sample output:
rm: cannot remove 'dir1/file.txt': Operation not permittedTo remove the attributes, run the following commands:
For files:
$ sudo chattr -R -a file.txtFor directories:
$ sudo chattr -R -a dir1/Now, you can delete or modify the files and folders as usual.
For more details, refer the man pages.
man chattr
Wrapping up
Data protection is one of the main job of a System administrator. There are numerous free and commercial data protection software are available on the market. Luckily, we’ve got this built-in tool that helps us to protect the data from accidental deletion or modification. Chattr can be used as additional tool to protect the important system files and data in your Linux system.And, that’s all for today. Hope this helps. I will be soon here with another useful article. Until then, stay tuned with OSTechNix!
Cheers!
No hay comentarios:
Publicar un comentario