43

While logged in, I can do the following:

mkdir foo
touch foo/bar
chmod 400 foo/bar 
chmod 500 foo

Then I can open vim (not as root), edit bar, force a write with w!, and the file is modified.

How can I make the operating system disallow any file modification?

UPDATE Mar 02 2017

  1. chmod 500 foo is a red herring: the write permission on a directory has nothing to do with the ability to modify a file's contents--only the ability to create and delete files.

  2. chmod 400 foo/bar does in fact prevent the file's contents from being changed. But, it does not prevent a file's permissions from being changed--a file's owner can always change his file's permissions (assuming they can access the file i.e. execute permission on all ancestor directories). In fact, strace(1) reveals that this is what vim (7.4.576 Debian Jessie) is doing--vim calls chmod(2) to temporarily add the write permission for the file's owner, modifies the file, and then calls chmod(2) again to remove the write permission. That is why using chattr +i works--only root can call chattr -i. Theoretically, vim (or any program) could do the same thing with chattr as it does with chmod on an immutable file if run as root.

user2141130
  • 545
  • 1
  • 4
  • 7

3 Answers3

69

You can set the "immutable" attribute with most filesystems in Linux.

chattr +i foo/bar

To remove the immutable attribute, you use - instead of +:

chattr -i foo/bar

To see the current attributes for a file, you can use lsattr:

lsattr foo/bar

The chattr(1) manpage provides a description of all the available attributes. Here is the description for i:

   A  file with the `i' attribute cannot be modified: it cannot be deleted
   or renamed, no link can be created to this file  and  no  data  can  be
   written  to  the  file.  Only the superuser or a process possessing the
   CAP_LINUX_IMMUTABLE capability can set or clear this attribute.
jordanm
  • 42,678
  • 3
    On Linux, that immutable flag is available on many file systems not just ext2/3/4 (at least btrfs, hfsplus, jfs, nilfs2, xfs, ocfs2, ubifs, gfs2, reiserfs AFAICT from a quick look through the code) – Stéphane Chazelas Mar 10 '13 at 23:02
  • @StephaneChazelas I saw the chattr command was part of e2fsprogs package on my system. That is why I made that statement. I have updated the answer based on your comment. – jordanm Mar 10 '13 at 23:17
  • It doesn't work for symlinks :-(. This solution would be great, because I want to avoid that the symlink can be accidentaly modified by any user including root. – natenho Jun 23 '15 at 20:17
  • Immutable is an inode flag correct, not an xattr? ioctl flag to be precise? – rassa45 Jul 18 '18 at 14:55
1

To make an entire directory tree read-only:

cd <directory>
find ./ -print0 | sudo xargs -I {} -0 chattr +i {}

To make it readable again, change +i to -i.

1

You can:

  1. Change the file owner to root or a dummy newly created user
  2. Keep the correct group.
  3. Use chmod 440 to allow reading by group (which is you).

If the correct user is not the only one in this group, you should create a new group and add only him in it, and use this group for it. However, you are not the owner of the file, therefore your vi cannot change the file owner.

yo'
  • 929
  • 3
    If you can write to the parent directory, then vim can delete the file and create a new one (and it's what it does when you do :w!). vim doesn't go as far as changing the permissions of the directory temporarily though. So keeping the directory non-writable should be safe. – Stéphane Chazelas Mar 10 '13 at 23:13