Regular users do not have permissions to alter files, however the super user can do any changes to the critical system files. For most of the times, one must avoid logging as a root user but at times one needs to login as a root user itself. Here, a small mistake could potential cause irreversible damage to the system. Take an example you are deleting a file & enter the following;
# rm -rf / etc/sysconfig/network-scripts/ifcfg-eth0:0
Noticed the space after ‘/’? That’s not intentional & it got mistyped in haste. Now, if the root user hits enter without correcting his mistake, it will lead to deletion of the entire root directory. You wouldn’t want that. However there is a simple command which prevents root user from deleting files or directories. You can set it on files or directories which you perceive to be important.
The command sets a certain attribute onto a file. These are special attributes over the regular file permissions. The attribute can be only set & unset by a root user.
# chattr +a filename
Now try doing,
# rm -rf filename
You will get,
rm: cannot remove ‘filename’ : Operation not permitted
You can do same on directories.
# chattr +a directory
This will also have an effect on the subsequent sub-directories in the specified directory. However, with the append(a) option, the file can still be altered using the append command. So to avoid that, use the immutable(i) switch instead of (a).
# chattr +i filename
The file can be now deleted nor written to(cannot be appended too).
To unset any of these attributes, simply use minus(-) along with the attribute you specified & file name/directory name.
# chattr -i filename
# chattr -a /directory/
Set this attribute on critical files & directories and you may avoid a potential doom’s day.