This is the sixth day of my participation in Gwen Challenge

againstrm * -rf

In Linux, using rm * -rf under the root account is very dangerous. If you are not careful, you may delete important files in the system.

O&m engineers or system engineers use special methods to prevent system files and important configuration files from being deleted by mistake. The commonly used method is chattr + I filename.

lsattr

Usually I ask to view the properties of a file like this

[root@localhost Desktop]# ls -ltr
total 8
-rwxr--r--. 1 root root 157 Jun 26 10:53 test.sh
-rwxr--r--. 1 root root  79 Jun 26 10:55 test1.sh
Copy the code

The extended properties you see with lsattr look like this

[root@localhost Desktop]# lsattr
-------------e- ./test.sh
-------------e- ./test1.sh
Copy the code

Lsattr is to view the extended properties of files and folders. The corresponding command is chattr to modify the extended properties of files.

chattr

The chattr command is very powerful, some of which are supported by Linux kernel versions, and many of which cannot be implemented if the Linux kernel version is lower than 2.2. Similarly, -d checks errors in compressed files, which requires kernels above 2.5.19 to support. In addition, modifying properties with the chattr command can improve system security, but it is not suitable for all directories. The chattr command cannot protect the /, /dev, / TMP, and /var directories. Lsattr is a simple command to display file attributes. These two commands are used to change file and directory attributes. Compared with chmod and ls commands, chmod only changes the read/write and execute permissions of files.

liyongjun@Box20:~/hugoblog/content/post$ chattr --helpChattr [-prvf] [-+=aAcCdDeijPsStTuF] [-v version] file...Copy the code

The key is in the [mode] section, which is made up of characters like +-= and [aAcCdDeijPsStTuF], which controls the file

Properties.

+ : Add parameters based on the original parameter setting.

– : Deletes the parameter based on the original parameter setting.

= : Updates the specified parameter Settings.

A: The atiME (Access Time) of A file or directory cannot be modified, which effectively prevents disk I/O errors such as laptop computers.

S: Indicates the disk I/O synchronization option. The function is similar to sync.

A: Append. After setting this parameter, data can only be added to files, but cannot be deleted. This parameter is mainly used to secure server logs.

C: Compresse sets whether files should be compressed before storage. Automatic decompression is required for reading.

D: No dump. The specified file cannot be the backup target of the dump program.

I: Configuration files cannot be deleted, renamed, linked, written or added. The I parameter is very helpful in setting up the security of the file system.

J: journal. Set this parameter so that when a file system is mounted by the mount argument: data=ordered or data=writeback, the files are recorded before being written (in journal). If filesystem is set to data=journal, this parameter is automatically invalid.

S: Files or directories are deleted confidentially, that is, all hard disk space is reclaimed.

U: In contrast with S, when u is set to U, data is stored in the disk and can be used in undeletion.

Parameter a and I are commonly used. Parameter A is used for security Settings of the log system, but cannot be deleted. I is a more rigid security setting that can only be imposed by superuser (root) or CAP_LINUX_IMMUTABLE processes.

Application examples:

1. Run the chattr command to prevent a file from being deleted

[root@localhost Desktop]# lsattr
-------------e- ./test.sh
-------------e- ./test1.sh
[root@localhost Desktop]# chattr +i *
[root@localhost Desktop]# lsattr
----i--------e- ./test.sh
----i--------e- ./test1.sh
[root@localhost Desktop]# rm * -rf
rm: cannot remove `test1.sh': Operation not permitted
rm: cannot remove `test.sh': Operation not permitted
[root@localhost Desktop]# ls
test1.sh  test.sh
Copy the code

Delete file warning operation is not allowed, the file is not deleted

2. You can only add content to a file but cannot delete it. Some log files are suitable for this operation

[root@localhost Desktop]# chattr +a /var/log/messages
[root@localhost Desktop]# rm /var/log/messages
rm: remove regular file `/var/log/messages'? y
rm: cannot remove `/var/log/messages': Operation not permitted
[root@localhost Desktop]# echo helloo >> /var/log/messages
Copy the code

The message file can only be appended, not deleted or emptied.