[TriLUG] Set a file so that even root cannot change or delete it
Jon Carnes
jonc at nc.rr.com
Sun Mar 10 03:23:01 EST 2002
chattr - lets you set a file so that even root cannot delete it (or modify it
in any way), until you use chattr to unset the bits that make the file
immutable.
lsattr - list the special attributes of the files or directories.
===
The error message you get if a file is set so that even root cannot delete it:
cannot unlink <file-name> : Operation not permitted
So what's the big deal? I'm fighting the good fight against a hacker who
broke into a server in California (not one of my sites). He threw a root kit
onto the server and I couldn't blow it off the machine... till I discovered
chattr.
Of course he's also slipped in some libraries, so I'm having the dickens of a
time fighting it remotely.
Jon
More information about the TriLUG
mailing list