8

I'd like to know if I can prevent the root user from deleting a file. Is it possible?

Gilles 'SO- stop being evil'
  • 829,060
Aniruddha
  • 91
  • 2
    Turn the computer off. Not possible to do anything to stop this! – slm Apr 26 '13 at 13:21
  • 2
    Root is what in the Windows world is called the "superadmin" it's an account intended to be used specifically because it can do anything it wants. Even if you were to prevent root from doing something, then there would be no way to do it. People should only get root access if there's nothing that can be done with permissions/acls/setuid/capabilities/sudo or if doing so would be more time than it's worth. If you're that concerned about it, write a script to do what they need root for and give them sudo rights for that script. – Bratchley Apr 26 '13 at 13:28
  • Why do you want to do this? – Nils Apr 29 '13 at 13:55

4 Answers4

14

No, this isn't possible. You can set the immutable attribute with chattr +i, which will at least make it irritating and non-obvious what has to be done to allow writing to the file, but they can just unset it again. Also, your filesystem has to support this, and have the functionality enabled.

SELinux can also do some limiting, but again, it can be disabled.

The better solution is to properly control users and programs by limiting their access, and not allowing them to run as root unless absolutely necessary.

Chris Down
  • 125,559
  • 25
  • 270
  • 266
  • 1
    But, of course, SELinux and the like can prevent root from disabling it. :-) – Hauke Laging Apr 26 '13 at 14:15
  • @HaukeLaging Root can, through varying configurations, modify arbitrary memory, so it is just made increasingly difficult with each barrier. Playing cat and mouse with root doesn't really have much of a point (but yes, it would be theoretically possible to stop root from doing so). – Chris Down Apr 26 '13 at 14:45
  • @ChrisDown, SELinux can certainly reduce root to a "normal user", permission-wise. It is part of the whole idea, in fact. – vonbrand Apr 26 '13 at 16:26
  • 1
    @vonbrand Whilst that may be something that SELinux desires to do, it is difficult to do in practice. Like I said, it is theoretically possible, but practically improbable. – Chris Down Apr 26 '13 at 17:06
  • @ChrisDown, very much possible, but very un-Unixy, so few do it. The fingers are much too accustomed to doeing certain things... besides, it makes sense only for terminally paranoid configurations. – vonbrand Apr 26 '13 at 19:38
  • can we run chattr +i in macOS? – alper Jul 26 '22 at 22:05
6

As others have said, generally, the idea of root is a user is permitted to make the machine do anything the machine can do. So, there isn't an easy flag that can prevent root from intentionally deleting a file (chattr +i can prevent accidental deletion).

But, despite this, there are a couple of solutions:

  1. Put the file on a fileserver, and configure the fileserver not to allow the delete. This works because local root isn't root on the file server.
  2. Put the file on WORM media. This works because the hardware will not allow an overwrite, so the data is protected. (Overwrite is not something the machine can do.) Cheap options are CD-R and DVD-R. Make sure your drive indeed cannot overwrite (destroy) already written sections. There are WORM SD cards as well.
derobert
  • 109,670
0

No.

Any user with "sudo" privileges or the root user can see and delete everything.

However in an ideal system you wouldn't have to worry about that because only one user have super privileges, and he will only use only when it necessary and always responsively.

RSFalcon7
  • 4,407
0

It is possible under very specific circumstances:

You can unplug the USB drive where the change occurs, or disconnect the ethernet cable between the computer and the NAS. But chances are that the file will be corrupted or left unreachable or both.

Other than hardware-based action, your may be able to restore the file from a previous backup.

mouviciel
  • 1,235