next up previous contents
Next: Files updated at startup Up: Secure some files Previous: With lidsadm   Contents

With chattr

On ext2 filesystems, you can also use some ext2 special attributes : immutable and append-only. chattr is the standard program to do this :

chattr +i important_stuff
chattr +a important_log
With these attributes, nobody (even root) can modify, delete or trunc your files. You must then be sure nobody can remove these attributes by removing the CAP_LINUX_IMMUTABLE capability from the system (see chapter 9).

Biondi Philippe 2000-02-24