How to lock down files in Linux using chattr
As system admins there is always a few trouble users that keep changing files we don’t want them to, such as /etc/resolv.conf. We can do that using the chattr command.
Here is the file with no flags using the lsattr command.
lsattr – list file attributes on a Linux second extended file system
$ lsattr resolv.conf -------------e- resolv.conf
So lets lock down the file using -i (immutable) so that even root cannot make a change using the chattr command.
chattr – change file attributes on a Linux second extended file system
sudo chattr +i resolv.conf
Check our changes
$ lsattr resolv.conf ----i--------e- resolv.conf
Where we now see the i flag in the output. If we open the file we now see readonly at the bottom.
"resolv.conf" [readonly] 5L, 180C
So say we have to make a change to the file, easy enough using the chattr command again but instead of +i we use -i
sudo chattr -i resolv.conf
Check it with the lsattr command and we are back what we started with. So we can make the changes and then lock the file down again.
$ lsattr resolv.conf -------------e- resolv.conf
So with just a few commands we can lock and unlock files on Linux.
Leave a Reply