Re: Root can't delete files

From: R Dicaire (rdicaire@ardynet.com)
Date: 10/11/01


Message-Id: <200110111820.f9BIKoW14977@rdb.linux-help.org>
Date: Thu, 11 Oct 2001 18:20:50 -0000
To: "Focus-Linux" <focus-linux@securityfocus.com>
Subject: Re: Root can't delete files
From: "R Dicaire" <rdicaire@ardynet.com>

Forwarded From: xsdg <xsdg@openprojects.net>

> Also, to clear up any confusion, the immutable flag only prevents file
contents
> from being _removed_. The files can still be appended to. If you use the
> immutable attribute on your logs, you'll probably have to do something to
> logrotate to get it to work correctly...

the +a flag to chattr sets whether a file can be appended to. If the file is
set +i, it cannot be appended to. From the chattr man page:

<SNIP>

A file with the `a' attribute set can only be open in append mode for
writing.
Only the superuser can set or clear this attribute.

A file with the `i' attribute cannot be modified: it cannot be deleted
or renamed, no link can be created to this file and no data can be written to
the file. Only the superuser can set or clear this attribute.

</SNIP>