I can not delete this directory admin when under the root permission. Can anyone help?
This is mainly due to the improper uninstall of the Vesta control panel. And the file attributes are shown here:
-------------e- admin/conf/mail
-------------e- admin/conf/web
-------------e- admin/conf/dns
and the attributes for directory admin are:
----i--------e- admin/conf
It seems the attribute i is causing problems, that attribute means the file is immutable.
With files like this not even root can change them, you need to change permissions first and then try to delete.
if you have a ext2, 3 or 4 filesystem you can use the chattr command to change the attribute.
Try executing the command:
>sudo chattr -i {filename}
This commands removes the attribute, and you should be able to delete the files.
If you want to set this bit to another file, is a trick to secure some files from deletion even from root, you can try:
>sudo chattr +i {filename}
Related
If the write permission of the file is disabled, no one can change the file.
The chattr +i FILE also can protect the file from change.
Let me know what the difference, and when we should use chattr +i rather than chown -w.
chattr +i sets the immutable filesystem attribute on the file. It differs from access control rules. Access control rules apply to the file attributes, while immutable is a filesystem extended file attribute, which may not be available on all filesystems. Only a user with root privileges can set or unset this extended attribute. Nobody, not even the owner or a user with write permission, can write into such file. A user without write file permission can create a hard link to a regular file, but if the file is marked as immutable, a user cannot create a hard link, since the filesystem cannot change the references count to this immutable file.
chattr +i is useful for protection from accidental deletion by root. Also an immutable file cannot be renamed or moved from one directory to another.
From chattr man page
A file with the 'i' attribute cannot be modified: it cannot be deleted or renamed, no link can be created to this file and no data
can be written to the file. Only the superuser or a process possessing the CAP_LINUX_IMMUTABLE capability can set or clear this
attribute.
As you can see , chattr is more powerful than chmod. chmod -w removes only 'write' permission to the file content. And also you need to use chattr +i to protect/lock the file then chattr -i to unlock
chmod -w file is available on all UNIX environment, however chattr -i FILE using extended file attributes might not be available on your system, depending on the type of the File System/Distro!
Apart from that, have a look at this link for the good and bad points of employing extended file attributes.
I have created directory and set read only permission for root using chmod.
chmod -R 400 some_dir/
but when I try to create any file inside it using touch, I was expecting error message something like
touch some_dir/hello.txt
"touch: cannot touch `some_dir/hello.txt': Permission denied"
but it creates file "hello.txt" inside it happily, but directory permission if I check it still shows readonly for root. Please explain what I'm missing here, since I was expecting error message which would be displayed if any other user(apart from root) try to create file in that directory?
PS: I'm running as root user.
Short answer is - Yes, Root user can create files in a directory that is marked as Read Only. You may argue - why? But that's the whole point of root account. It's a special user and it can do things that others can't.
If you want to prevent the file from accidental modifications, you can set the i attribute of the file on with chattr +i command. This will make the file unchangeable. However, note that it will only prevent accidental modifications. Root users can still just unset the attribute first and then modify the file.
I want to remove xyz_DB.lock.db file. I tried as root but couldn't delete it. How to remove it in terminal. My initial requirement was remove a folder. but it includes this locked file. And is there anyway to delete folder directly which include a locked file ?
Check with lsattr command if the immutable bit is set for the file, it will show (i)
# lsattr file
----i--------e- file
If so, change it using following command:
# chattr -i file
And then try to remove it.
Try either changing the files permissions through the GUI or use rm -rf on the directory that contains it.
try "chown" to provide permission to your file/folder and then delete it,
e.g: assume username= amol and filename=myfile.txt,,
For File:--- sudo chown amol:amol myfile.txt
For Folder:-- sudo chown -R amol:amol directory_name
I am trying to edit my .mycshrc file to add in more shortcut commands in my terminal.
However, I realize there is a problem.
It appears that my file was replaced by a senior (he is gone, the same goes to the computer) and I am unable to edit it due to the permission rights where the options in the Permissions tab are all greyed out.
I tried typing chmod 644 .mycshrc and I was given the error: chmod: changing permissions of .mycshrc': Operation not permitted
Then I tried to create a new plain text document file, rename it as .mycshrc and it ain't working even as I have added in new commands unless I am doing it wrong..
The following is a sample that I am trying to add it in:
alias designer '/apps/Linux64/qt/qt-4.5.0/bin/designer'
You need to change the user, and not the file mode in this case. Use
sudo chown youruser:youruser .mycshrc
where youruser is your username.
In any case, the chmod 644 .mycshrc was failing because you aren't the owner of the file (the senior's user account is the owner most probably since he replaced it). That is precisely the reason why you need to do the above step with sudo, as the root user.
Find out a easier way to handle the problem I am facing.
Delete away the old file
Create a new file (make sure file format is the same as the old one)
Add in any new alias if necessary
type source ~/.mycshrc in command line
Viola~ It works!
Make sure you are in the directory when the file is being saved since it works for me in this manner
I have a bunch of long-running scripts and applications that are storing output results in a directory shared amongst a few users. I would like a way to make sure that every file and directory created under this shared directory automatically had u=rwxg=rwxo=r permissions.
I know that I could use umask 006 at the head off my various scripts, but I don't like that approach as many users write their own scripts and may forget to set the umask themselves.
I really just want the filesystem to set newly created files and directories with a certain permission if it is in a certain folder. Is this at all possible?
Update: I think it can be done with POSIX ACLs, using the Default ACL functionality, but it's all a bit over my head at the moment. If anybody can explain how to use Default ACLs it would probably answer this question nicely.
To get the right ownership, you can set the group setuid bit on the directory with
chmod g+rwxs dirname
This will ensure that files created in the directory are owned by the group. You should then make sure everyone runs with umask 002 or 007 or something of that nature---this is why Debian and many other linux systems are configured with per-user groups by default.
I don't know of a way to force the permissions you want if the user's umask is too strong.
Here's how to do it using default ACLs, at least under Linux.
First, you might need to enable ACL support on your filesystem. If you are using ext4 then it is already enabled. Other filesystems (e.g., ext3) need to be mounted with the acl option. In that case, add the option to your /etc/fstab. For example, if the directory is located on your root filesystem:
/dev/mapper/qz-root / ext3 errors=remount-ro,acl 0 1
Then remount it:
mount -oremount /
Now, use the following command to set the default ACL:
setfacl -dm u::rwx,g::rwx,o::r /shared/directory
All new files in /shared/directory should now get the desired permissions. Of course, it also depends on the application creating the file. For example, most files won't be executable by anyone from the start (depending on the mode argument to the open(2) or creat(2) call), just like when using umask. Some utilities like cp, tar, and rsync will try to preserve the permissions of the source file(s) which will mask out your default ACL if the source file was not group-writable.
Hope this helps!
It's ugly, but you can use the setfacl command to achieve exactly what you want.
On a Solaris machine, I have a file that contains the acls for users and groups. Unfortunately, you have to list all of the users (at least I couldn't find a way to make this work otherwise):
user::rwx
user:user_a:rwx
user:user_b:rwx
...
group::rwx
mask:rwx
other:r-x
default:user:user_a:rwx
default:user:user_b:rwx
....
default:group::rwx
default:user::rwx
default:mask:rwx
default:other:r-x
Name the file acl.lst and fill in your real user names instead of user_X.
You can now set those acls on your directory by issuing the following command:
setfacl -f acl.lst /your/dir/here
in your shell script (or .bashrc) you may use somthing like:
umask 022
umask is a command that determines the settings of a mask that controls how file permissions are set for newly created files.
I don't think this will do entirely what you want, but I just wanted to throw it out there since I hadn't seen it in the other answers.
I know you can create directories with permissions in a one-liner using the -m option:
mkdir -m755 mydir
and you can also use the install command:
sudo install -C -m 755 -o owner -g group /src_dir/src_file /dst_file