If you want to protect a single file in a directory (without moving it or changing the permissions of the containing directory), to the point that root access is obligatory for change or deletion, what are your options?
Aside from the Linux-specific “immutable” or chown root file; chmod 644 file and hardlinking file to a directory owned by root with write permissions only for root, is there another, simpler general Unix way to do it?
Portably? Probably not. The plain Unix permission bits model doesn't really have the concept of a "remove this" -permission for files, there's just "remove (and create) contained files" for directories.
The closest you can get is by setting the "sticky bit" (+t) on the directory, and making the directory and the file owned by root. The sticky bit prevents removing files not owned by you but allows users to play with their own files without restrictions.
chattr +i impervious.file which makes a file immutable until you revert it with chattr -i impervious.file
– Mio Rin
May 20 '18 at 15:46