Prevent Files And Folders From Accidental Deletion Or Modification In Linux

Prevent Files And Folders From Accidental Deletion Or Modification In Linux

Some times, I accidentally “SHIFT+DELETE” my data. Yes, I am an idiot who don’t double check what I am exactly going to delete. And, I am too dumb or lazy to backup the data. Result? Data loss! They are gone in a fraction of second. I do it every now and then. If you’re anything like me, I’ve got a good news. There is a simple, yet useful commandline utility called “chattr” (abbreviation of Change Attribute) which can be used to prevent files and folders from accidental deletion or modification in Unix-like distributions. It applies/removes certain attributes to a file or folder in your Linux system. So the users can’t delete or modify the files and folders either accidentally or intentionally, even as root user. Sounds useful, isn’t it?

In this brief tutorial, we are going to see how to use chattr in real time in-order to prevent files and folders from accidental deletion in Linux.

Prevent Files And Folders From Accidental Deletion Or Modification In Linux

By default, Chattr is available in most modern Linux operating systems. Let us see some examples.

The default syntax of chattr command is:

chattr [operator] [switch] [filename]

chattr has the following operators.

  • The operator ‘+’ causes the selected attributes to be added to the existing attributes of the files;
  • The operator ‘-‘ causes them to be removed;
  • The operator ‘=’ causes them to be the only attributes that the files have.

Chattr has different attributes namely – aAcCdDeijsStTu. Each letter applies a particular attributes to a file.

  • a – append only,
  • A – no atime updates,
  • c – compressed,
  • C – no copy on write,
  • d – no dump,
  • D – synchronous directory updates,
  • e – extent format,
  • i – immutable,
  • j – data journalling,
  • P – project hierarchy,
  • s – secure deletion,
  • S – synchronous updates,
  • t – no tail-merging,
  • T – top of directory hierarchy,
  • u – undeletable.

In this tutorial, we are going to discuss the usage of two attributes, namely a, i which are used to prevent the deletion of files and folders. That’s what our topic today, isn’t? Indeed!

Prevent files from accidental deletion

Let me create a file called file.txt in my current directory.

$ touch file.txt

Now, I am going to apply “i” attribute which makes the file immutable. It means you can’t delete, modify the file, even if you’re the file owner and the root user.

$ sudo chattr +i file.txt

You can check the file attributes using command:

$ lsattr file.txt

Sample output:

----i---------e---- file.txt

Now, try to remove the file either as a normal user or with sudo privileges.

$ rm file.txt

Sample output:

rm: cannot remove 'file.txt': Operation not permitted

Let me try with sudo command:

$ sudo rm file.txt

Sample output:

rm: cannot remove 'file.txt': Operation not permitted

Let us try to append some contents in the text file.

$ echo 'Hello World!' >> file.txt

Sample output:

bash: file.txt: Operation not permitted

Try with sudo privilege:

$ sudo echo 'Hello World!' >> file.txt

Sample output:

bash: file.txt: Operation not permitted

As you noticed in the above outputs, We can’t delete or modify the file even as root user or the file owner.

To revoke attributes, just use “-i” switch as shown below.

$ sudo chattr -i file.txt

Now, the immutable attribute has been removed. You can now delete or modify the file.

$ rm file.txt

Similarly, you can restrict the directories from accidental deletion or modification as described in the next section.

Prevent folders from accidental deletion and modification

Create a directory called dir1 and a file called file.txt inside this directory.

$ mkdir dir1 && touch dir1/file.txt

Now, make this directory and its contents (file.txt) immutable using command:

$ sudo chattr -R +i dir1

Where,

  • -R – will make the dir1 and its contents immutable recursively.
  • +i – makes the directory immutable.

Now, try to delete the directory either as normal user or using sudo user.

$ rm -fr dir1
$ sudo rm -fr dir1

You will get the following output:

rm: cannot remove 'dir1/file.txt': Operation not permitted

Try to append some contents in the file using “echo” command. Did you make it? Of course, you couldn’t!

To revoke the attributes back, run:

$ sudo chattr -R -i dir1

Now, you can delete or modify the contents of this directory as usual.

Prevent files and folders from accidental deletion, but allow append operation

We know now how to prevent files and folders from accidental deletion and modification. Next, we are going to prevent files and folders from deletion, but allow the file for writing in append mode only. That means you can’t edit, modify the existing data in the file, rename the file, and delete the file. You can only open the file for writing in append mode.

To set append mode attribution to a file/directory, we do the following.

For files:

$ sudo chattr +a file.txt

For directories: 

$ sudo chattr -R +a dir1

A file/folder with the ‘a’ attribute set can only be open in append mode for writing.

Add some contents to the file(s) to check whether it works or not.

$ echo 'Hello World!' >> file.txt
$ echo 'Hello World!' >> dir1/file.txt

Check the file contents using cat command:

$ cat file.txt
$ cat dir1/file.txt

Sample output:

Hello World!

You will see that you can now be able to append the contents. It means we can modify the files and folders.

Let us try to delete the file or folder now.

$ rm file.txt

Output:

rm: cannot remove 'file.txt': Operation not permitted

Let us try to delete the folder:

$ rm -fr dir1/

Sample output:

rm: cannot remove 'dir1/file.txt': Operation not permitted

To remove the attributes, run the following commands:

For files:

$ sudo chattr -R -a file.txt

For directories: 

$ sudo chattr -R -a dir1/

Now, you can delete or modify the files and folders as usual.

For more details, refer the man pages.

man chattr

Wrapping up

Data protection is one of the main job of a System administrator. There are numerous free and commercial data protection software are available on the market. Luckily, we’ve got this built-in tool that helps us to protect the data from accidental deletion or modification. Chattr can be used as additional tool to protect the important system files and data in your Linux system.

And, that’s all for today. Hope this helps. I will be soon here with another useful article. Until then, stay tuned with OSTechNix!

Cheers!

Thanks for stopping by!

Help us to help you:

Have a Good day!!

6 Responses

  1. David Okwii says:

    Wow, I didn’t know about this feature. Only knew about setting file/directory permissions. Thanks for the tutorial.

  2. Bishwajit Samanta says:

    Wowwwwwww awesome feature

  3. wbgreene333 says:

    I’ve always thought this would be a great feature for distributions to implement on key system files as root kit malware defense.

    First add a separate password requirement for setting/resetting the immutable attribute and second add a separate logfile of attempts to change an immutable file. It would make system updating need some changes for the separate password in order to make changes to key files, but I think it’d be worth it.

    • SK says:

      > First add a separate password requirement for setting/resetting the
      immutable attribute and second add a separate logfile of attempts to
      change an immutable file.

      Good point! But I have no idea how to set separate a separate password.

      • wbgreene333 says:

        I’m afraid that adding a separate password to the attribute before allowing changes would be a job for kernel developers, and likely a difficult “sell”.

        As it stands now the immutable attribute is minimally useful since if the malware gets root, immutable is easily removed.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.