Create files that even root can't manipulate
root@catlin:/tmp# rm -rf junk/ rm: cannot unlink `junk/stubborn.txt': Operation not permitted rm: cannot remove directory `junk': Directory not empty root@catlin:/tmp# cd junk/ root@catlin:/tmp/junk# ls -al total 40 drwxr-xr-x 2 root root 4096 Sep 4 14:45 ./ drwxrwxrwt 13 root root 4096 Sep 4 14:45 ../ -rw-r--r-- 1 root root 29798 Sep 4 14:43 stubborn.txt root@catlin:/tmp/junk# rm ./stubborn.txt rm: remove write-protected file `./stubborn.txt'? y rm: cannot unlink `./stubborn.txt': Operation not permitted
What's going on? Are we root or aren't we? Let's try emptying the file instead of deleting it:
root@catlin:/tmp/junk# cp /dev/null stubborn.txt cp: cannot create regular file `stubborn.txt': Permission denied root@catlin:/tmp/junk# > stubborn.txt bash: stubborn.txt: Permission denied
Well, /tmp certainly isn't mounted read-only. What is going on?
In the ext2 and ext3 filesystems, there are a number of additional file attributes that are available beyond the standard bits accessible through chmod. If you haven't seen it already, take a look at the manpages for chattr and its companion, lsattr .
One of the very useful new attributes is -i, the immutable flag. With this bit set, attempts to unlink, rename, overwrite, or append to the file are forbidden. Even making a hard link is denied (so you can't make a hard link, then edit the link). And having root privileges makes no difference when immutable is in effect:
root@catlin:/tmp/junk# ln stubborn.txt another.txt ln: creating hard link `another.txt' to `stubborn.txt': Operation not permitted
To view the supplementary ext flags that are in force on a file, use lsattr:
root@catlin:/tmp/junk# lsattr ---i--------- ./stubborn.txt
and to set flags a la chmod, use chattr:
root@catlin:/tmp/junk# chattr -i stubborn.txt root@catlin:/tmp/junk# rm stubborn.txt root@catlin:/tmp/junk#
This could be terribly useful for adding an extra security step on files you know you'll never want to change (say, /etc/rc.d/* or various configuration files.) While little will help you on a box that has been r00ted, immutable files probably aren't vulnerable to simple overwrite attacks from other processes, even if they are owned by root.
There are hooks for adding compression, security deletes, undeletability, synchronous writes, and a couple of other useful attributes. As of this writing, many of the additional attributes aren't implemented yet, but keep watching for new developments on the ext filesystem.