Ping a Specific Port

Question

dolzenko

Asked: 2010-10-29 00:09:47 +0800 CST2010-10-29 00:09:47 +0800 CST 2010-10-29 00:09:47 +0800 CST

How can root user create file/directory unwritable for itself?

Normal users can chmod files to make them unaccessible like

evgeniy@ubuntu:~$ touch test
evgeniy@ubuntu:~$ chmod 444 test
evgeniy@ubuntu:~$ echo 'test' > test
bash: test: Permission denied

Can something like this be simulated for the root user?

danlefree · Answer 1 · 2010-10-29T01:39:44+08:00

Best Answer

danlefree

chattr +i * will prevent even the root account from making changes to files in the directory (until chattr -i * is run).

Per Slartibartfast's comments, a few things you should know about chattr and the immutable attribute:

The immutable bit will prevent a file from being deleted, renamed, linked to, or written to; use lsattr to display attributes in much the same way ls displays ownership and permissions
You can prevent the immutable bit from being unset (even by root) by changing the CAP_LINUX_IMMUTABLE flag - to do so you'll want to install libcap, but it's only fair warning that capabilities are poorly documented (at best)

Ignacio Vazquez-Abrams · Answer 2 · 2010-10-29T00:19:06+08:00

Ignacio Vazquez-Abrams

SELinux can be used to mark a file as unwriteable by root in the current domain and user role.