3

I am trying make a immutable file that is anyone can read only and can't do any modification into it. i.e - No one can write into it or delete it or move it. For this is referred chattr this LINUX command.

chattr +i filename.txt

This command makes file immutable but if any other person logged into root in linux then he can remove this immutable by 

chattr -i filename.txt

So I want to make something script/code/command, anything so when I make file immutable by then only by running these script/code/command then and then only file should be mutable so anyone can modify this, otherwise not.

Also I referred this chattr github code. I came to know that they used ioctl function and flags to mask this file and made immutable but I didn't find anything more except this.

There is another way to do it in Solaris OS by using zfs but it is not working in UBUNTU because of different platform. Is there any way to do it?

Any suggestion or solution appreciated.

Tejas Lotlikar
  • 2,985
Omkar
  • 131

1 Answers1

0

Root is a special user that can do whatever it wants, it is needed for a lengthy list of reasons. Having another person access your machine as root means giving them access to everything in the machine, with no restrictions. Every rule you enforce on the system root user can bypass it.

In your case seems like you want to limit access to other people, so having them use root is not the way to go. You either have secure files or give the root password around.

If you are not giving the root password to anyone and are afraid that another user might change stuff with sudo, then you can restrict them and this was the reason to introduce sudo in the first place. Sudo policies can be changed in the sudoers file thus allowing you to restrict other users' power on your machine.

If you want to restrict a single command, like chattr, I would suggest writing an AppArmor profile.

safesintesi
  • 51
  • 2