Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Stop root from writing to directory
Top Forums UNIX for Advanced & Expert Users Stop root from writing to directory Post 303041550 by cokedude on Wednesday 27th of November 2019 06:08:21 PM
Old 11-27-2019
Quote:
Originally Posted by Neo
Note to Original Poster:

You do realize, of course, that when root runs chattr to prohibit writing to a directory, root can also run chattr to permit the same.

So, this method does not stop malicious activity from a user with root privs because root can recursively reverse this using the same chattr command.

You could restrict using chattr and then remove chattr from the system, but that is also not a 'perfect' solution.

The more important question to the original poster is "what are you actually trying to accomplish, why are you doing this and what is the risk profile of the system in question?".

See this post and others like it: Alternative for chattr
I have a VERY annoying and poorly written app that has to be run as root and I am not allowed to get rid of, that will not stop writing to a directory and filling up the file system. When this filesystem fills up it prevents people from logging in through ssh then I have login to the console to fix this. This is also an old server that I can can extent the file system because it does not have lvm.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

What files are writing to a directory

Is there a way to tell what files/scripts are writing/wrote to a given directory? (3 Replies)
Discussion started by: hattorihanzo
3 Replies

2. Shell Programming and Scripting

writing script to clean up a directory

I have to do a directory clean up on several machines. The task is as follows: go to a particular directory (cd /xxx) 1. create a directory ' SCRIPTCLEANUP ' ( i KNOW IT) loop through 2. List the directory 3. if directory and start with 'DQA' leave it, 4. if directory or file move it to... (0 Replies)
Discussion started by: ajaya
0 Replies

3. UNIX for Dummies Questions & Answers

how to stop to current directory using find

Hello, I just want to ask the following use of find command: 1. how can I find files only to the current directory? 2. how can I find files to directories and all subdiretories (are this include soft links?) but will not go to other mountpoints that is under that mountpoint. Im combining... (1 Reply)
Discussion started by: james_falco
1 Replies

4. Shell Programming and Scripting

stop unix find on a directory structure after finding 1st occurrence

Hi, Has anyone tried to restrict Solaris 10 unix find on a large directory structure based on time to stop running after finding the first occurrence of a matching query. Basically I'm trying to build up a usage map of user workspaces based on file modification (week/month/3 months/year etc) and... (3 Replies)
Discussion started by: jm0221
3 Replies

5. UNIX for Dummies Questions & Answers

How to display only Owner and directory/sub directory names under particular root

hai, I am new to Unix, I have a requirement to display owner name , directory or sub directory name, who's owner name is not equal to "oasitqtc". (here "oasitqtc" is the owner of the directory or sub directory.) i have a command (below) which will display all folders and sub folders, but i... (6 Replies)
Discussion started by: gagan4599
6 Replies

6. Shell Programming and Scripting

Writing Script to Copy Newest Directory

I am trying to write a script that once executed it will search within a directory and copy only the newest directory that has not been copied before to a new location. Kind of like what ROBOCOPY /M does in windows? The directories are not left in the new location so using a sync action won't... (2 Replies)
Discussion started by: Keriderf
2 Replies

7. Shell Programming and Scripting

Shell script to poll a directory and stop upon an event

Need shell script to: 1/keep polling a directory "receive_dir" irrespective of having files or no files in it. 2/move the files over to another directory "send_dir". 3/the script should only stop polling upon a file "stopfile" get moved to "receive_dir". Thanks !! My script: until do... (0 Replies)
Discussion started by: iaav
0 Replies

8. What is on Your Mind?

Stop Writing Scripts

Please, I beg you, “Stop!” Yes, stop writing scripts and instead build workflows. Programmers, Sys-Admins, System Support, I'm talking to you. Ok, I know in this community I'm going to get some serious backlash for my statements but I truly believe in my statement. There was a time when... (13 Replies)
Discussion started by: mikemazz
13 Replies

9. UNIX for Dummies Questions & Answers

Removing directory with leading hyphen from root directory

I know that this basic question has been asked many times and solutions all over the internet, but none of the are working for me. I have a directory in the root directory, named "-p". # ls -l / total 198 <snip> drwxr-xr-x 4 root root 4096 Dec 3 14:18 opt drwxr-xr-x 2 root ... (2 Replies)
Discussion started by: edstevens
2 Replies

10. Solaris

SunOS confusing root directory and user home directory

Hello, I've just started using a Solaris machine with SunOS 5.10. After the machine is turned on, I open a Console window and at the prompt, if I execute a pwd command, it tells me I'm at my home directory (someone configured "myuser" as default user after init). ... (2 Replies)
Discussion started by: egyassun
2 Replies

LEARN ABOUT SUSE

chattr

CHATTR(1)						      General Commands Manual							 CHATTR(1)

NAME

       chattr - change file attributes on a Linux file system

SYNOPSIS

       chattr [ -RVf ] [ -v version ] [ mode ] files...

DESCRIPTION

       chattr changes the file attributes on a Linux file system.

       The format of a symbolic mode is +-=[acdeijstuADST].

       The operator `+' causes the selected attributes to be added to the existing attributes of the files; `-' causes them to be removed; and `='
       causes them to be the only attributes that the files have.

       The letters `acdeijstuADST' select the new attributes for the files: append only (a), compressed (c),  no  dump	(d),  extent  format  (e),
       immutable (i), data journalling (j), secure deletion (s), no tail-merging (t), undeletable (u), no atime updates (A), synchronous directory
       updates (D), synchronous updates (S), and top of directory hierarchy (T).

       The following attributes are read-only, and may be listed by lsattr(1) but not modified by chattr: huge file (h),  compression  error  (E),
       indexed directory (I), compression raw access (X), and compressed dirty file (Z).

OPTIONS

       -R     Recursively change attributes of directories and their contents.

       -V     Be verbose with chattr's output and print the program version.

       -f     Suppress most error messages.

       -v version
	      Set the file's version/generation number.

ATTRIBUTES

       When  a file with the 'A' attribute set is accessed, its atime record is not modified.  This avoids a certain amount of disk I/O for laptop
       systems.

       A file with the `a' attribute set can only be open  in  append  mode  for  writing.   Only  the	superuser  or  a  process  possessing  the
       CAP_LINUX_IMMUTABLE capability can set or clear this attribute.

       A  file with the `c' attribute set is automatically compressed on the disk by the kernel.  A read from this file returns uncompressed data.
       A write to this file compresses data before storing them on the disk.  Note: please make sure to read the bugs and limitations  section	at
       the end of this document.

       When  a	directory  with  the  `D'  attribute set is modified, the changes are written synchronously on the disk; this is equivalent to the
       `dirsync' mount option applied to a subset of the files.

       A file with the `d' attribute set is not candidate for backup when the dump(8) program is run.

       The 'E' attribute is used by the experimental compression patches to indicate that a compressed file has a compression error.  It  may  not
       be set or reset using chattr(1), although it can be displayed by lsattr(1).

       The 'e' attribute indicates that the file is using extents for mapping the blocks on disk.  It may not be removed using chattr(1).

       The  'I'  attribute is used by the htree code to indicate that a directory is being indexed using hashed trees.	It may not be set or reset
       using chattr(1), although it can be displayed by lsattr(1).

       The 'h' attribute indicates the file is storing its blocks in units of the filesystem blocksize instead of in units of sectors,	and  means
       that  the  file	is  (or  at  one  time	was) larger than 2TB.  It may not be set or reset using chattr(1), although it can be displayed by
       lsattr(1).

       A file with the `i' attribute cannot be modified: it cannot be deleted or renamed, no link can be created to this file and no data  can	be
       written to the file.  Only the superuser or a process possessing the CAP_LINUX_IMMUTABLE capability can set or clear this attribute.

       A file with the `j' attribute has all of its data written to the ext3 journal before being written to the file itself, if the filesystem is
       mounted with the "data=ordered" or "data=writeback" options.  When the filesystem is mounted with the "data=journal" option all	file  data
       is already journalled and this attribute has no effect.	Only the superuser or a process possessing the CAP_SYS_RESOURCE capability can set
       or clear this attribute.

       When a file with the `s' attribute set is deleted, its blocks are zeroed and written back to the disk.  Note: please make sure to read  the
       bugs and limitations section at the end of this document.

       When  a	file  with  the `S' attribute set is modified, the changes are written synchronously on the disk; this is equivalent to the `sync'
       mount option applied to a subset of the files.

       A directory with the 'T' attribute will be deemed to be the top of directory hierarchies for the purposes of  the  Orlov  block	allocator.
       This  is  a hint to the block allocator used by ext3 and ext4 that the subdirectories under this directory are not related, and thus should
       be spread apart for allocation purposes.   For example it is a very good idea to set the 'T' attribute on  the  /home  directory,  so  that
       /home/john  and /home/mary are placed into separate block groups.  For directories where this attribute is not set, the Orlov block alloca-
       tor will try to group subdirectories closer together where possible.

       A file with the 't' attribute will not have a partial block fragment at the end of the file merged with other files (for those  filesystems
       which  support  tail-merging).	This is necessary for applications such as LILO which read the filesystem directly, and which don't under-
       stand tail-merged files.  Note: As of this writing, the ext2 or ext3 filesystems do not (yet, except in very experimental patches)  support
       tail-merging.

       When  a	file with the `u' attribute set is deleted, its contents are saved.  This allows the user to ask for its undeletion.  Note: please
       make sure to read the bugs and limitations section at the end of this document.

       The 'X' attribute is used by the experimental compression patches to indicate that a raw contents of a  compressed  file  can  be  accessed
       directly.  It currently may not be set or reset using chattr(1), although it can be displayed by lsattr(1).

       The 'Z' attribute is used by the experimental compression patches to indicate a compressed file is dirty.  It may not be set or reset using
       chattr(1), although it can be displayed by lsattr(1).

AUTHOR

       chattr was written by Remy Card <Remy.Card@linux.org>.  It is currently being maintained by Theodore Ts'o <tytso@alum.mit.edu>.

BUGS AND LIMITATIONS

       The `c', 's',  and `u' attributes are not honored by the ext2 and ext3 filesystems as implemented in the current  mainline  Linux  kernels.
       These attributes may be implemented in future versions of the ext2 and ext3 filesystems.

       The `j' option is only useful if the filesystem is mounted as ext3.

       The `D' option is only useful on Linux kernel 2.5.19 and later.

AVAILABILITY

       chattr is part of the e2fsprogs package and is available from http://e2fsprogs.sourceforge.net.

SEE ALSO

       lsattr(1)

E2fsprogs version 1.41.11					    March 2010								 CHATTR(1)
All times are GMT -4. The time now is 06:48 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy