11-20-2019
Note to Original Poster:
You do realize, of course, that when root runs
chattr to prohibit writing to a directory, root can also run
chattr to permit the same.
So, this method does not stop malicious activity from a user with root privs because root can recursively reverse this using the same
chattr command.
You could restrict using
chattr and then remove chattr from the system, but that is also not a 'perfect' solution.
The more important question to the original poster is "
what are you actually trying to accomplish, why are you doing this and what is the risk profile of the system in question?".
See this post and others like it:
Alternative for chattr
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Is there a way to tell what files/scripts are writing/wrote to a given directory? (3 Replies)
Discussion started by: hattorihanzo
3 Replies
2. Shell Programming and Scripting
I have to do a directory clean up on several machines. The task is as follows:
go to a particular directory (cd /xxx)
1. create a directory ' SCRIPTCLEANUP ' ( i KNOW IT)
loop through
2. List the directory
3. if directory and start with 'DQA' leave it,
4. if directory or file move it to... (0 Replies)
Discussion started by: ajaya
0 Replies
3. UNIX for Dummies Questions & Answers
Hello,
I just want to ask the following use of find command:
1. how can I find files only to the current directory?
2. how can I find files to directories and all subdiretories (are this include soft links?) but will not go to other mountpoints that is under that mountpoint.
Im combining... (1 Reply)
Discussion started by: james_falco
1 Replies
4. Shell Programming and Scripting
Hi,
Has anyone tried to restrict Solaris 10 unix find on a large directory structure based on time to stop running after finding the first occurrence of a matching query. Basically I'm trying to build up a usage map of user workspaces based on file modification (week/month/3 months/year etc) and... (3 Replies)
Discussion started by: jm0221
3 Replies
5. UNIX for Dummies Questions & Answers
hai,
I am new to Unix, I have a requirement to display owner name , directory or sub directory name, who's owner name is not equal to "oasitqtc".
(here "oasitqtc" is the owner of the directory or sub directory.)
i have a command (below) which will display all folders and sub folders, but i... (6 Replies)
Discussion started by: gagan4599
6 Replies
6. Shell Programming and Scripting
I am trying to write a script that once executed it will search within a directory and copy only the newest directory that has not been copied before to a new location. Kind of like what ROBOCOPY /M does in windows?
The directories are not left in the new location so using a sync action won't... (2 Replies)
Discussion started by: Keriderf
2 Replies
7. Shell Programming and Scripting
Need shell script to:
1/keep polling a directory "receive_dir" irrespective of having files or no files in it.
2/move the files over to another directory "send_dir".
3/the script should only stop polling upon a file "stopfile" get moved to "receive_dir". Thanks !!
My script:
until
do... (0 Replies)
Discussion started by: iaav
0 Replies
8. What is on Your Mind?
Please, I beg you, “Stop!” Yes, stop writing scripts and instead build workflows.
Programmers, Sys-Admins, System Support, I'm talking to you.
Ok, I know in this community I'm going to get some serious backlash for my statements but I truly believe in my statement.
There was a time when... (13 Replies)
Discussion started by: mikemazz
13 Replies
9. UNIX for Dummies Questions & Answers
I know that this basic question has been asked many times and solutions all over the internet, but none of the are working for me. I have a directory in the root directory, named "-p".
# ls -l /
total 198
<snip>
drwxr-xr-x 4 root root 4096 Dec 3 14:18 opt
drwxr-xr-x 2 root ... (2 Replies)
Discussion started by: edstevens
2 Replies
10. Solaris
Hello,
I've just started using a Solaris machine with SunOS 5.10.
After the machine is turned on, I open a Console window and at the prompt, if I execute a pwd command, it tells me I'm at my home directory (someone configured "myuser" as default user after init).
... (2 Replies)
Discussion started by: egyassun
2 Replies
chroot(2) System Calls Manual chroot(2)
NAME
chroot - Changes the effective root directory
SYNOPSIS
#include <unistd.h>
int chroot ( const char *path );
STANDARDS
Interfaces documented on this reference page conform to industry standards as follows:
chroot(): XPG4, XPG4-UNIX
Refer to the standards(5) reference page for more information about industry standards and associated tags.
PARAMETERS
Points to the new effective root directory. If the path parameter refers to a symbolic link, the chroot() function sets the effective root
directory to the directory pointed to by the symbolic link.
DESCRIPTION
The chroot() function causes the directory named by the path parameter to become the effective root directory.
The effective root directory is the starting point when searching for a file's pathname that begins with a / (slash). The current working
directory is not affected by the chroot() function.
The calling process must have superuser privilege in order to change the effective root directory. The calling process must also have
search access to the new effective root directory.
The .. (dot-dot) entry in the effective root directory is interpreted to mean the effective root directory itself. Thus, .. (dot-dot) can-
not be used to access files outside the subtree rooted at the effective root directory.
RETURN VALUES
Upon successful completion, a value of 0 (zero) is returned. If the chroot() function fails, a value of -1 is returned and errno is set to
indicate the error.
ERRORS
If the chroot() function fails, the effective root directory remains unchanged and errno may be set to one of the following values: Search
permission is denied for any component of the pathname. The path parameter points outside the process' allocated address space. An I/O
error occurred while reading from or writing to the file system. More than MAXSYMLINKS symbolic links are encountered while resolving
path. The length of the path argument exceeds PATH_MAX or a pathname component is longer than NAME_MAX. The path parameter does not exist
or points to an empty string. A component of path is not a directory. The process does not have appropriate privilege.
RELATED INFORMATION
Functions: chdir(2)
Commands: cd(1)
Standards: standards(5) delim off
chroot(2)