problem with file permissions and inheritance

[crazyforever4]

Hello, currently been trying to get make a file which is undeleteable which i did with "chattr" commands probably same possible with "setfacl" but now i'm having slightly difficult problem with making that file editable.
originally i wanted it to be file with special permissions without inheritance from previous folder and on top of that it being undeleteable and editable by group/user/root and that only root can delete the file.
Can anyone help me on this matter, I'm running Debian 8, Thank you in advance.

[Head_on_a_Stick]

Surely editable is the same thing as deletable (is that a word)?

Consider this:

Code: Select all

Puffy:~$ echo foo > test
Puffy:~$ cat test
foo
Puffy:~$ echo > test
Puffy:~$ cat test

Puffy:~$

The file may still be there but the contents are not.

[GarryRicketson]

Why not just use the same command, but with the - instead of the +, to change the attributes back and after done with the editing, use the + to add the attributes again ? Pretty simple really.
https://linux.die.net/man/1/chattr

The operator '+' causes the selected attributes to be added to the existing attributes of the files; '-' causes them to be removed; and '=' causes them to be the only ---snip---

There also is this: https://www.tecmint.com/chattr-command-examples/
Pay attention to what it says:

One cannot delete or modify file/folder once attributes are sets with chattr command, even though one have full permissions on it.

2. How to unset attribute on Files

In the above example, we’ve seen how to set attribute to secure and prevent files from a accidental deletion, here in this example, we will see how to reset (unset attribute) permissions and allows to make a files changeable or alterable using -i flag.

The only way to change the attributes, so that any one, including root can edit or delete them is if you change to attributes back , and that must be done as root.

Code: Select all

man chattr

A file with the 'i' attribute cannot be modified: it cannot be deleted
or renamed, no link can be created to this file and no data can be
written to the file. Only the superuser or a process possessing the
CAP_LINUX_IMMUTABLE capability can set or clear this attribute.

[crazyforever4]

Surely editable is the same thing as deletable (is that a word)?

Consider this:

Code: Select all

Puffy:~$ echo foo > test
Puffy:~$ cat test
foo
Puffy:~$ echo > test
Puffy:~$ cat test

Puffy:~$

The file may still be there but the contents are not.

was thinking of adding this but thought was not necessary, and was wrong. The file can be edited in terminal, but i need to edit it in GUI menus, terminal for root is ok(Thanks for that).

[p.H]

Surely editable is the same thing as deletable (is that a word)?

Editing a file requires write permission on the file itself.
Deleting a file (unlink) requires write permission on the parent directory.

[Head_on_a_Stick]

Deleting a file (unlink) requires write permission on the parent directory.

Ah, thanks.

But my point was pragmatic: still having the file is of little use if it is empty.

[GarryRicketson]

Hello, currently been trying to get make a file which is undeleteable which i did with "chattr" commands probably same possible with "setfacl" but now i'm having slightly difficult problem with making that file editable.

Show us , exactly how you wrote the command using chattr, please use code boxes.
Show what attributes you set.
You can use the "a" (append) to make it writeable / editable :

Code: Select all

man chattr

---snip-- A file with the 'a' attribute set can only be open in append mode for
writing. Only the superuser or a process possessing the
CAP_LINUX_IMMUTABLE capability can set or clear this attribute.[/code]

but i need to edit it in GUI menus

Does not make sense, GUI menus are not editors, and can not edit anything,
There are some editors you can run as root, IE: root thunar, and those can be started from a menu in a GUI,..but it is so much simpler, and easier if you just use the CLI, start your editor as root, What editor is it ? IE, Nano, Pico ,Vi, Leafpad, Gedit, and so on.

Pleas use the 'ls -l' command, and show what the current permissions of the file or directory are. Like this:

Code: Select all

garry% ls -l /home/garry/test
total 16
-rw-r--r--  1 garry  garry   14 Apr  9 16:09 test1.txt
drwxr-xr-x  2 garry  garry  512 Apr  9 16:09 test3dir
garry% ls -l /home/garry/test/test1.txt
-rw-r--r--  1 garry  garry  14 Apr  9 16:09 /home/garry/test/test1.txt
garry% 

Where I used "test" as the name of the directory, use the name of the directory, and correct path .
Also, show the attributes that you have set when you used 'chattr',
use the 'lsattr' command to do that:

Code: Select all

garry% lsattr /home/garry/test
---------------- /home/garry/test/test1.txt
---------------- /home/garry/test/test3dir
 

Above, you see none are set.