Re: root unable to delete

From: Muhammad Faisal Rauf Danka (
Date: 11/08/02

Date: Thu, 7 Nov 2002 21:22:43 -0800 (PST)
From: Muhammad Faisal Rauf Danka <>

Maybe the intruder set the +i attribute on the file by using chattr.

According to it's man pages:


A file with the `i' attribute cannot be modified: it can­
       not be deleted or renamed, no link can be created to this
       file and no data can be written to the file. Only the
       superuser can set or clear this attribute.


But since you have rebuilt the whole machine, you cannot confirm it. However in future try chattr -i /path/to/filename before modifying it.


man chattr
man lsattr

Muhammad Faisal Rauf Danka

Head of GemSEC / Chief Technology Officer
Gem Internet Services (Pvt) Ltd.
Key Id: 0x784B0202
Key Fingerprint: 6F8C EDCF 6C6E 06A5 48D7 6A20 C592 484B
784B 0202

--- "Administrator" <> wrote:
>Greetings All,
>I had a machine get hacked on RH 7.2
>Whoever did it made some changes to files
>and did something to the file that does not
>all me to delete the file, when I am logged
>in as root and the file is owned by root and
>is in the group of root and is set as 755 .
>I can't even edit and save the changes to the
>Can someone tell me how they did it ?
>I have removed the machine and rebuilt it but
>I would love to know how it was done.
>Thanks all,


Select your own custom email address for FREE! Get w/No Ads, 6MB, POP & more!
     To unsubscribe email
         with "unsubscribe" in the subject of the message.