You Mengzhe
2019年8月24日星期六
LINUX上创建不可删除文件
我们都知道在Linux上默认都会有一个名为root的超级用户,该用户可以修改系统上的任何文件和目录,那我们怎么创建一些不能被删除/修改的文件和目录呢?
那在Linux系统中有一个命令chattr可以用来修改文件和目录的属性,通过该命令就可以设置文件和目录不可删除,甚至包括root也不能操作。
创建不可删除的文件
例如,我们在系统上新建一个名为undeletable-file的文件,通过名了chattr设置其属性为不可修改的:
❯ echo "some contents" ❯ ~/undeletable-file
❯ sudo chattr +i -V ~/undeletable-file
chattr 1.43.8 (1-Jan-2018)
Flags of /home/mengz/undeletable-file set as ----i--------------
❯ rm -f ~/undeletable-file
rm: cannot remove 'undeletable-file': Operation not permitted
❯ sudo rm -f ~/undeletable-file
rm: cannot remove 'undeletable-file': Operation not permitted
❯ echo "change" ❯❯ ~/undeletable-file
bash: undeletable-file: Operation not permitted
注意 : 是用命令chattr修改属性的时候需要root权限,因此这里使用了sudo 。
我们也可以通过命令lsattr来查看当前文件的属性:
❯ lsattr ~/undeletable-file
----i-------------- /home/mengz/undeletable-file
设置目录不可修改
针对目录,同样是用命令chattr,是用-R选项可以递归地修改目录和其文件的属性:
❯ mkdir -p immutable-dir/{dir1,dir2}
❯ touch immutable-dir/dir1/file1
❯ touch immutable-dir/dir2/file2
❯ sudo chattr +i -RV immutable-dir/
chattr 1.43.8 (1-Jan-2018)
Flags of immutable-dir/ set as ----i--------------
Flags of immutable-dir//dir1 set as ----i--------------
Flags of immutable-dir//dir1/file1 set as ----i--------------
Flags of immutable-dir//dir2 set as ----i--------------
Flags of immutable-dir//dir2/file2 set as ----i--------------
❯ rm -rf immutable-dir/
rm: cannot remove 'immutable-dir/dir1/file1': Operation not permitted
rm: cannot remove 'immutable-dir/dir2/file2': Operation not permitted
❯ sudo rm -f immutable-dir/dir1/file1
rm: cannot remove 'immutable-dir/dir1/file1': Operation not permitted
要使文件或者目录可修改,是用命令chattr加上选项-i :
❯ sudo chattr -i -RV immutable-dir/
chattr 1.43.8 (1-Jan-2018)
Flags of immutable-dir/ set as -------------------
Flags of immutable-dir//dir1 set as -------------------
Flags of immutable-dir//dir1/file1 set as -------------------
Flags of immutable-dir//dir2 set as -------------------
Flags of immutable-dir//dir2/file2 set as -------------------
❯ rm -rf immutable-dir/