Sometimes you can not find the root authority to modify a file, because they've locked the file with the chattr command. Chattr command a large role, some functions are supported by the Linux kernel versions, but now produce most of the systems are running linux kernel 2.6 or more. By chattr command to modify properties can improve the security of the system, but it is not suitable for all directories. chattr command can not protect /, / dev, / tmp, / var directory. lsattr command displays the file attributes chattr command.
First, set the file system attributes: chattr
chattr [+ - =] [option] file or directory name
+: Increase permissions
-: Delete permissions
=: Equal to a certain authority
Options:
a, if you set a property to a file, you can only increase in the data file, you can not delete and modify data, if you set a property for the directory, then only allowed to create and modify files in the directory, but not delete files, multi-purpose the server log file security.
i, if i set the properties for a file, then do not allow the file to delete, rename, you can not add and modify data, if i set the directory property, you can only modify the data directory files, but not create and delete files .
Note: After chattr restrict permissions, root user is no exception. This command prevents the file misuse.
Second, view the system properties file: lsattr
lsattr options file name
options:
-a displays all files and directories
-d If the directory lists only the property itself, rather than the child file
Third, exemplified
1, set the file read-only.
------------------------------------------
[root @ CentOS7 Home] # the chattr I II +
------------------------------------------
2, see give the file attributes chattr command
----------------------------------------- -
[root @ CentOS7 Home] # the lsattr
---------------- ./pi1
---------------- ./pi2
--- -i ----------- ./ii # can be seen will be provided a plurality of read-only parameter i
---------------- ./dd
[root @ CentOS7 Home] #
------------------------------------------
3, cancel the file read-only
------------------------------------------
[ @ Home CentOS7 root] # the chattr -i ii
---------------------------------------- -
4, if you want to change the directory and its contents recursively properties are marked with -R to complete, for example, if you want all the files in the directory d1 are read-only, use the following ways:
---- --------------------------------------
[CentOS7 the root @ ~] # the chattr -R & lt + I d1
------------------------------------------
