11-27-2019
Quote:
Note to Original Poster:
You do realize, of course, that when root runs
chattr to prohibit writing to a directory, root can also run
chattr to permit the same.
So, this method does not stop malicious activity from a user with root privs because root can recursively reverse this using the same
chattr command.
You could restrict using
chattr and then remove chattr from the system, but that is also not a 'perfect' solution.
The more important question to the original poster is "
what are you actually trying to accomplish, why are you doing this and what is the risk profile of the system in question?".
See this post and others like it:
Alternative for chattr
I have a VERY annoying and poorly written app that has to be run as root and I am not allowed to get rid of, that will not stop writing to a directory and filling up the file system. When this filesystem fills up it prevents people from logging in through ssh then I have login to the console to fix this. This is also an old server that I can can extent the file system because it does not have lvm.
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Is there a way to tell what files/scripts are writing/wrote to a given directory? (3 Replies)
Discussion started by: hattorihanzo
3 Replies
2. Shell Programming and Scripting
I have to do a directory clean up on several machines. The task is as follows:
go to a particular directory (cd /xxx)
1. create a directory ' SCRIPTCLEANUP ' ( i KNOW IT)
loop through
2. List the directory
3. if directory and start with 'DQA' leave it,
4. if directory or file move it to... (0 Replies)
Discussion started by: ajaya
0 Replies
3. UNIX for Dummies Questions & Answers
Hello,
I just want to ask the following use of find command:
1. how can I find files only to the current directory?
2. how can I find files to directories and all subdiretories (are this include soft links?) but will not go to other mountpoints that is under that mountpoint.
Im combining... (1 Reply)
Discussion started by: james_falco
1 Replies
4. Shell Programming and Scripting
Hi,
Has anyone tried to restrict Solaris 10 unix find on a large directory structure based on time to stop running after finding the first occurrence of a matching query. Basically I'm trying to build up a usage map of user workspaces based on file modification (week/month/3 months/year etc) and... (3 Replies)
Discussion started by: jm0221
3 Replies
5. UNIX for Dummies Questions & Answers
hai,
I am new to Unix, I have a requirement to display owner name , directory or sub directory name, who's owner name is not equal to "oasitqtc".
(here "oasitqtc" is the owner of the directory or sub directory.)
i have a command (below) which will display all folders and sub folders, but i... (6 Replies)
Discussion started by: gagan4599
6 Replies
6. Shell Programming and Scripting
I am trying to write a script that once executed it will search within a directory and copy only the newest directory that has not been copied before to a new location. Kind of like what ROBOCOPY /M does in windows?
The directories are not left in the new location so using a sync action won't... (2 Replies)
Discussion started by: Keriderf
2 Replies
7. Shell Programming and Scripting
Need shell script to:
1/keep polling a directory "receive_dir" irrespective of having files or no files in it.
2/move the files over to another directory "send_dir".
3/the script should only stop polling upon a file "stopfile" get moved to "receive_dir". Thanks !!
My script:
until
do... (0 Replies)
Discussion started by: iaav
0 Replies
8. What is on Your Mind?
Please, I beg you, “Stop!” Yes, stop writing scripts and instead build workflows.
Programmers, Sys-Admins, System Support, I'm talking to you.
Ok, I know in this community I'm going to get some serious backlash for my statements but I truly believe in my statement.
There was a time when... (13 Replies)
Discussion started by: mikemazz
13 Replies
9. UNIX for Dummies Questions & Answers
I know that this basic question has been asked many times and solutions all over the internet, but none of the are working for me. I have a directory in the root directory, named "-p".
# ls -l /
total 198
<snip>
drwxr-xr-x 4 root root 4096 Dec 3 14:18 opt
drwxr-xr-x 2 root ... (2 Replies)
Discussion started by: edstevens
2 Replies
10. Solaris
Hello,
I've just started using a Solaris machine with SunOS 5.10.
After the machine is turned on, I open a Console window and at the prompt, if I execute a pwd command, it tells me I'm at my home directory (someone configured "myuser" as default user after init).
... (2 Replies)
Discussion started by: egyassun
2 Replies
chroot(2) System Calls Manual chroot(2)
NAME
chroot() - change root directory
SYNOPSIS
DESCRIPTION
causes the named directory to become the root directory, the starting point for path searches for path names beginning with path points to
a path name naming a directory. The user's working directory is unaffected by the system call.
The entry in the root directory is interpreted to mean the root directory itself. Thus, cannot be used to access files outside the subtree
rooted at the root directory.
Security Restrictions
The effective user ID of the process must be a user with the privilege to change the root directory.
See privileges(5) for more information about privileged access on systems that support fine-grained privileges.
RETURN VALUE
returns the following values:
Successful completion.
Failure.
is set to indicate the error.
ERRORS
fails and the root directory remains unchanged if one or more of the following is true:
Any component of the path name is not a directory.
The named directory does not exist or a component of the
path does not exist.
The effective user
ID is not a user who has the privilege.
path points outside the allocated address space of the process. The reliable detection of this error is implementation
dependent.
The length of the specified path name exceeds
bytes, or the length of a component of the path name exceeds bytes while is in effect.
Too many symbolic links were encountered in translating the path
name.
WARNINGS
Obsolescent Interfaces
is to be obsoleted at a future date.
SEE ALSO
chroot(1M), chdir(2), privileges(5).
STANDARDS CONFORMANCE
TO BE OBSOLETED chroot(2)