Hello, currently been trying to get make a file which is undeleteable which i did with "chattr" commands probably same possible with "setfacl" but now i'm having slightly difficult problem with making that file editable.
originally i wanted it to be file with special permissions without inheritance from previous folder and on top of that it being undeleteable and editable by group/user/root and that only root can delete the file.
Can anyone help me on this matter, I'm running Debian 8, Thank you in advance.
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
problem with file permissions and inheritance
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times
Re: problem with file permissions and inheritance
Surely editable is the same thing as deletable (is that a word)?
Consider this:
The file may still be there but the contents are not.
Consider this:
Code: Select all
Puffy:~$ echo foo > test
Puffy:~$ cat test
foo
Puffy:~$ echo > test
Puffy:~$ cat test
Puffy:~$
deadbang
- GarryRicketson
- Posts: 5644
- Joined: 2015-01-20 22:16
- Location: Durango, Mexico
Re: problem with file permissions and inheritance
Why not just use the same command, but with the - instead of the +, to change the attributes back and after done with the editing, use the + to add the attributes again ? Pretty simple really.
https://linux.die.net/man/1/chattr
Pay attention to what it says:
https://linux.die.net/man/1/chattr
There also is this: https://www.tecmint.com/chattr-command-examples/The operator '+' causes the selected attributes to be added to the existing attributes of the files; '-' causes them to be removed; and '=' causes them to be the only ---snip---
Pay attention to what it says:
One cannot delete or modify file/folder once attributes are sets with chattr command, even though one have full permissions on it.
The only way to change the attributes, so that any one, including root can edit or delete them is if you change to attributes back , and that must be done as root.2. How to unset attribute on Files
In the above example, we’ve seen how to set attribute to secure and prevent files from a accidental deletion, here in this example, we will see how to reset (unset attribute) permissions and allows to make a files changeable or alterable using -i flag.
Code: Select all
man chattr
A file with the 'i' attribute cannot be modified: it cannot be deleted
or renamed, no link can be created to this file and no data can be
written to the file. Only the superuser or a process possessing the
CAP_LINUX_IMMUTABLE capability can set or clear this attribute.
"What we expect you have already Done"
==========
Old Website
======================
For the Birds
==================
What Does a Parrot Know About PTSD?
==========
Old Website
======================
For the Birds
==================
What Does a Parrot Know About PTSD?
-
- Posts: 2
- Joined: 2019-04-08 04:56
Re: problem with file permissions and inheritance
was thinking of adding this but thought was not necessary, and was wrong. The file can be edited in terminal, but i need to edit it in GUI menus, terminal for root is ok(Thanks for that).Head_on_a_Stick wrote:Surely editable is the same thing as deletable (is that a word)?
Consider this:The file may still be there but the contents are not.Code: Select all
Puffy:~$ echo foo > test Puffy:~$ cat test foo Puffy:~$ echo > test Puffy:~$ cat test Puffy:~$
-
- Global Moderator
- Posts: 3049
- Joined: 2017-09-17 07:12
- Has thanked: 5 times
- Been thanked: 132 times
Re: problem with file permissions and inheritance
Editing a file requires write permission on the file itself.Head_on_a_Stick wrote:Surely editable is the same thing as deletable (is that a word)?
Deleting a file (unlink) requires write permission on the parent directory.
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times
Re: problem with file permissions and inheritance
Ah, thanks.p.H wrote:Deleting a file (unlink) requires write permission on the parent directory.
But my point was pragmatic: still having the file is of little use if it is empty.
deadbang
- GarryRicketson
- Posts: 5644
- Joined: 2015-01-20 22:16
- Location: Durango, Mexico
Re: problem with file permissions and inheritance
Show us , exactly how you wrote the command using chattr, please use code boxes.Hello, currently been trying to get make a file which is undeleteable which i did with "chattr" commands probably same possible with "setfacl" but now i'm having slightly difficult problem with making that file editable.
Show what attributes you set.
You can use the "a" (append) to make it writeable / editable :
Code: Select all
man chattr
Does not make sense, GUI menus are not editors, and can not edit anything,---snip-- A file with the 'a' attribute set can only be open in append mode for
writing. Only the superuser or a process possessing the
CAP_LINUX_IMMUTABLE capability can set or clear this attribute.[/code]but i need to edit it in GUI menus
There are some editors you can run as root, IE: root thunar, and those can be started from a menu in a GUI,..but it is so much simpler, and easier if you just use the CLI, start your editor as root, What editor is it ? IE, Nano, Pico ,Vi, Leafpad, Gedit, and so on.
Pleas use the 'ls -l' command, and show what the current permissions of the file or directory are. Like this:
Code: Select all
garry% ls -l /home/garry/test
total 16
-rw-r--r-- 1 garry garry 14 Apr 9 16:09 test1.txt
drwxr-xr-x 2 garry garry 512 Apr 9 16:09 test3dir
garry% ls -l /home/garry/test/test1.txt
-rw-r--r-- 1 garry garry 14 Apr 9 16:09 /home/garry/test/test1.txt
garry%
Also, show the attributes that you have set when you used 'chattr',
use the 'lsattr' command to do that:
Code: Select all
garry% lsattr /home/garry/test
---------------- /home/garry/test/test1.txt
---------------- /home/garry/test/test3dir