Practical uses of the immutable flag in Linux

Question

Does anyone have real world scenarios where they've used the immutable flag in Linux?

chattr +i file.txt

Since root can unset the attribute, it seems like you're protecting the file against users who have root access but aren't aware of the feature.

score 11 · Answer 1 · answered Oct 25 '12 at 19:21

11

I use this on any directory that is only intended to be a mount point. It prevents files from mistakenly getting written if the file system isn't mounted.

answered Oct 25 '12 at 19:21

3dinfluence

12,409
2
27
41

3

Nice. I've never seen that use before. – ewwhite Oct 25 '12 at 19:26
Yep, that's slick – xofer Oct 25 '12 at 20:54

score 9 · Accepted Answer · answered Oct 25 '12 at 17:36

I've seen this used in virtual hosting setups where file(s) need to remain in directories that users have access to, e.g. php5.fcgi. I also occasionally use it to add an extra step to deleting important files, to protect them from my own absent-mindedness.

score 4 · Answer 3 · edited Apr 13 '17 at 12:14

4

It's quite handy for for hacking someone else's systems and keeping your trojaned binaries from being deleted!!

edited Apr 13 '17 at 12:14

Community

1

answered Oct 25 '12 at 17:50

ewwhite

194,921
91
434
799

As a corollary it's very often used to *prevent someone from installing trojaned binaries in the first place* -- e.g. on FreeBSD most key programs are installed system-immutable (and if you run with a securelevel >=1 you can't turn the flag off without rebooting into single-user mode) – voretaq7 Oct 25 '12 at 21:53
This BSD thing sounds interesting... It's almost like Linux, but with more useful stuff! – ewwhite Oct 25 '12 at 21:54
Like an actual production-ready operating system even! :-) The [chflags](http://www.freebsd.org/cgi/man.cgi?query=chflags&sektion=1&apropos=0&manpath=FreeBSD+9.0-RELEASE) man page has details on the basic flags (more goodies can be done with ACLs, as in Linux), & there's a whole page on [security](http://www.freebsd.org/cgi/man.cgi?query=security&sektion=7&apropos=0&manpath=FreeBSD+9.0-RELEASE) which describes the `securelevel` functionality. – voretaq7 Oct 25 '12 at 21:58

score 0 · Answer 4 · answered Oct 25 '12 at 19:15

0

Usually to protect against automatic deletion of the file, eg. through cleaning of temporary directories etc. though of course you have to hope whatever might delete that file behaves well on failure :)

answered Oct 25 '12 at 19:15

Tom Newton

4,021
2
23
28

The immutable flag wouldn't be my choice here unless you also want to protect against changes -- remember a file that has been `chattr +i`'d is *immutable* - you can't write, delete, truncate, append... – voretaq7 Oct 25 '12 at 22:00

score -2 · Answer 5 · answered Oct 25 '12 at 17:40

-2

To keep pesky developers and hacking sysadmins off your ish.

answered Oct 25 '12 at 17:40

dmourati

24,720
2
40
69

Care to elaborate? This answer really isn't all that useful in the current state. – Zoredache Oct 25 '12 at 22:11

Practical uses of the immutable flag in Linux

5 Answers5