Ask Your Question
3

How to protect a file ... even from root ? [closed]

asked 2011-09-29 01:52:38 -0600

shanks gravatar image

how can you make files on your system immutable. By immutable, I mean even root can't delete the files if he chooses to.

edit retag flag offensive reopen merge delete

Closed for the following reason the question is answered, right answer was accepted by zoltanh721
close date 2014-06-27 17:37:39.844004

3 Answers

Sort by » oldest newest most voted
4

answered 2011-09-30 14:01:20 -0600

Dan Walsh gravatar image

updated 2011-09-30 14:05:35 -0600

SELinux can do this, as long as you reverse the question. You can setup SELinux types running as root that can not touch files on the system. The thing most people don't understand is that they need to clarify what the process "CAN DO" versus what the process "CANNOT DO". As was stated in the previous reply to this statement you can turn the file immutable but if you can make the file immutable from root, then you get no security. Similarly for SELinux, if you define a type of a process that can do everything except touch a particular file (type). Then the process could turn SELinux off and touch the file, or transition to a type that could touch the file.

edit flag offensive delete link more

Comments

1

@Dan Walsh, you can post your own question on SELinux and answer it for documentation! We recommend and encourage this.

mether gravatar imagemether ( 2011-09-30 14:03:26 -0600 )edit
4

answered 2011-09-29 01:58:52 -0600

shanks gravatar image

To make your file immutable

# chattr +i testfile

You can only do it logged in as root. Here the +i option sets the immutable bit for the file. Once this bit is set, even root can't delete or tamper with the file.

If you want to unset the immutable flag, just run the following command:

# chattr -i testfile

You can check what are the attributes of a file by using the following command:

# lsattr testfile
----i--------  testfile

If the immutable flag is set, there will be an 'i' in the listing. This command is used by system administrators to restrict the users from changing a file in a particular way or even the administrator can by mistake delete a critical file because of a mis-typed command. But if the immutable flag is set, these mistakes can be avoided.

chattr can be used to set/unset many more file attributes. Like if you want to allow everybody to just append data to a file and not change already entered data, you can set the append bit as follows:

# chattr +a testfile

Now the testfile can only be opened in append mode for writing data. You can unset the append attribute as follows:

# chattr -a testfile

To know more about this very useful tool in the system administrator's forte, check the man page for chattr.

edit flag offensive delete link more

Comments

note that root can set this flag, so it's not really protecting from root.

nirik gravatar imagenirik ( 2011-09-29 20:19:07 -0600 )edit

I think you might want to clarify that you are talking about accidental deletion of files.

mether gravatar imagemether ( 2011-09-29 21:45:56 -0600 )edit
-2

answered 2011-10-02 15:34:45 -0600

domg472 gravatar image

updated 2011-10-02 16:27:01 -0600

Block all physical access to the system. Power off the box, disconnect all cables, remove all batteries and other power supplies.

SELinux can not help here. Policy must be loaded to enable SELinux. Whatever loads policy is likely able to access the file before it loads policy.

edit flag offensive delete link more

Question Tools

Stats

Asked: 2011-09-29 01:52:38 -0600

Seen: 6,367 times

Last updated: Oct 02 '11