Link: http://mangocool.com/detail_1_1439515930283.html
It is solved that the original file can also set hidden permissions, which is the chattr setting. Let's take a look at the detailed explanation of this command.
[root]#chattr --help
Usage: chattr [-RV] [-+=AacDdijsSu] [-v version] files...
Parameter or option description:
-R: Recursive processing, all files and subordinates in the specified directory will be processed catalogs are processed together.
-V: Display verbose procedures with version numbers.
-v: Set the file or directory version (version).
+ : Add parameters to the original parameter settings.
- : Remove the parameter based on the original parameter setting.
= : Update to the specified parameter setting.
A: The atime (access time) of a file or directory cannot be modified (modified), which can effectively prevent the occurrence of I/O errors such as laptop disks.
S: hard disk I/O synchronization option, the function is similar to sync.
a: Append. After setting this parameter, you can only add data to the file, but cannot delete it. It is mostly used for server log file security. Only root can set this attribute.
c: that is, compresse, set whether the file is compressed and then stored. It needs to go through automatic decompression operation when reading.
d: means no dump, the setting file cannot be the backup target of the dump program.
i: The setting file cannot be deleted, renamed, linked, and cannot be written or added at the same time. The i parameter is very helpful for the security settings of the file system.
j: Journal, set this parameter so that when the file system is mounted by the mount parameter: data=ordered or data=writeback, the file will be recorded first (in the journal) when it is written. If the filesystem parameter is set to data=journal, this parameter is automatically invalid.
s: Confidentially delete files or directories, that is, all hard disk space is recovered.
u: Contrary to s, when it is set to u, the data content actually still exists in the disk and can be used for undeletion.
The commonly used parameter options are a and i. The a option can only be added but not deleted, and it is mostly used for the security settings of the log system. And i is a more stringent security setting, only superuser (root) or a process with CAP_LINUX_IMMUTABLE processing capability (flag) can impose this option.
Let's take an example:
[root]#touch chattr_test
[root]#chattr +i chattr_test
[root]#rm chattr_test
rm: remove write-protected regular empty file `chattr_test`? y
rm: cannot remove `chattr_test`: Operation not permitted
At this time, even root itself cannot be deleted directly, you must first remove the i setting and then delete it.
Since the above attributes are hidden, you need to use the lsattr command to view them, which will be briefly described below.
lsattr command format:
[root]#lsattr [-RVadlv] [files...]
Parameter or option description:
-R: recursively list directory and file attributes.
-V: Display the program version number.
-a: Display all file attributes, including hidden files (.), current directory (./) and upper directory (../).
-d: List directory attributes only.
-l: (This parameter currently has no effect).
-v: Display the file or directory version.
Example:
[root]#chattr +aij lsattr_test
[root]#lsattr
----ia---j--- ./lsattr_test