Sometimes, using the rm -rf filename command, the file cannot be deleted. appear:
rm: cannot remove `/tmp/tmptmp/.journal': Operation not permitted
mkdir: cannot create directory `/tmp/tmptmp': File exists
This situation is often overwhelming. Here is its workaround:
1. Use the form of lsattr filename to view its attributes.
lsattr /tmp/tmptmp/.journal
----i-d------ /tmp/tmptmp/.journal
Found that it has one more i and one d attribute
2. Use the chattr -d -i filename command to modify its properties
chattr -d /tmp/tmptmp/.journal
3. When I use lsattr to view its properties, I find that it is normal.
------------- /tmp/tmptmp/.journal
4. Then use rm -rf to delete it.
The following article is reproduced from: http://www.cnblogs.com/oskb/archive/2013/12/10/3467925.html
PS: Sometimes you find that you can't modify a file with root privileges, most of the reason is that you have locked the file with the chattr command. The chattr command is very useful, and some of its functions are supported by the Linux kernel version, but now most of the Linux systems that are produced and run are kernels above 2.6. Modifying attributes through the chattr command can improve system security, but it is not suitable for all directories. The chattr command cannot protect /, /dev, /tmp, /var directories. The lsattr command displays the file attributes set by the chattr command.
The lsattr command is used to display file hidden attributes.
The file system attributes displayed by the lsattr command and the Linux file system attributes displayed by ls are two different concepts. The attributes implemented by lsattr are the physical attributes of the file system, while the file attributes displayed by ls are the logical attributes of the operating system to manage the file system.
lsattr command syntax
lsattr [-adlRvV][file or directory...]
lsattr command parameter
-a Displays all files and directories, including extra built-in names starting with ".", the current directory "." and the upper directory "..".
-d If the target file is a directory, display the attribute information of the directory instead of the attribute information of its content.
-l Do not arbitrarily alter files or directories.
-R Recursive processing, processing all files and subdirectories in the specified directory together.
-v Displays the file or directory version.
-V Display version information.
用chattr执行改变文件或目录的属性,需用lsattr(list attribute)命令才能查询其属性。
chattr 命令语法
chattr [ -RVf ] [ -v version ] [ mode ] files…
最关键的是在[mode]部分,[mode]部分是由+-=和[ASacDdIijsTtu]这些字符组合的,这部分是用来控制文件的属性。
chattr命令参数
+ 在原有参数设定基础上,追加参数。
- 在原有参数设定基础上,移除参数。
= 更新为指定参数设定。
A 文件或目录的 atime (access time)不可被修改(modified), 可以有效预防例如手提电脑磁盘I/O错误的发生。
S 硬盘I/O同步选项,功能类似sync。
a 即append,设定该参数后,只能向文件中添加数据,而不能删除,多用于服务器日志文件安全,只有root才能设定这个属性。
c 即compresse,设定文件是否经压缩后再存储。读取时需要经过自动解压操作。
d 即no dump,设定文件不能成为dump程序的备份目标。
i 设定文件不能被删除、改名、设定链接关系,同时不能写入或新增内容。i参数对于文件 系统的安全设置有很大帮助。
j 即journal,设定此参数使得当通过mount参数:data=ordered 或者 data=writeback 挂 载的文件系统,文件在写入时会先被记录(在journal中)。如果filesystem被设定参数为 data=journal,则该参数自动失效。
s 保密性地删除文件或目录,即硬盘空间被全部收回。
u 与s相反,当设定为u时,数据内容其实还存在磁盘中,可以用于undeletion。
各参数选项中常用到的是a和i。a选项强制只可添加不可删除,多用于日志系统的安全设定。而i是更为严格的安全设定,只有superuser (root) 或具有CAP_LINUX_IMMUTABLE处理能力(标识)的进程能够施加该选项。
范例
1. 用chattr命令防止系统中某个关键文件被修改
# chattr +i linuxeye.txt
# mv linuxeye.txt linux.txt
mv: cannot move `linuxeye.txt' to `linux.txt': Operation not permitted
# echo 'www.linuxeye.com' >> linuxeye.txt
-bash: linuxeye.txt: Permission denied
# lsattr linuxeye.txt
----i---------- linuxeye.txt
给linuxeye.txt文件加上i属性后,执行修改文件得到的结果是Operation not permitted,不能修改文件。要想修改此文件就要把i属性去掉,如下:
# chattr -i linuxeye.txt
# echo 'www.linuxeye.com' >> linuxeye.txt