set permission of file so that it is not deletable or writeable

Question

This is what I think is happening.

In Unix the ability to delete a file is governed by the writeability of the directory that it is in. This ultimatly affects the writeability of the file. As a file can be deleted and replaced.

I can set the stick bit. This helps a bit, but is ignored for the owner of the file.

I realise that ultimately any permission can be changed by the owner. But is there a way to stop a file being deleted, in the absence of changing permission (by accident)?

I am interested for solutions, for Gnu/Linux. However if there is no solution for this one, then I would be interested in solutions for any Unix, including fringe variants (plan 9, mac-os, bsb, solaris, athena, etc. etc. ….).

---

Immutable bit chattr +i file, can only be set by user with CAP_LINUX_IMMUTABLE e.g. root (So is not very useful).

Answer 1

Currently, Linux inherits standard Unix "rwx" access controls. This means that without serious redesign of current permission model it is not possible to deny file owner to remove the file, albeit kernel is able to restrict that. (kernel does manage your files, and can deny any user activity, but current kernel has too little permission bits to control on)

If not root user, then you can try set mode for owner only, for example, chmod 444 file. Note that you have each time to set write bit back to modify it. And some software (like vim) can automatically reset that bit without any notice, but by default it does not do that.

Immutable flag does help only if you have a mechanism - sudo or like, which gives you permission to change it as unprivileged user.

See also Are there more advanced filesystem ACLs beyond traditional 'rwx' and POSIX ACL?. ACLs (not POSIX) can solve this issue by defining remove permission.