Straight to the downloads:
There is an extended attribute in Linux called "immutable". If you set this attribute on a file (with the chattr(1) utility), then you cannot change, delete or rename the file, even with root privileges.
Normally, with files, if you set read-only on the directory that file is in, then you cannot rename or delete the file, or make new files in that directory. If you set read-only on the file itself, then you can't changes to the file contents, but you are still free to delete it.
This patch adds a similar level of seperation to the immutable attribute. It is possible to have immutable files that can be unlinked/renamed, and mutable files that can't be unlinked/renamed.
This is achieved through a new file attribute, which I have tentatively called "Immutable Linkage Invert". Note that "Linkage" refers to any change to a file that merely changes the list of filenames associated with it (hard links), not the actual contents.
Note: this patch currently works for ext2 and ext3 out of the box, but there is another version that will work on reiserfs with the latest patches from namesys.com already applied.
The below table denotes the behaviour of the new attribute.
|Immutable||Immutable Linkage Invert||File Data Immutable||File Linkage Immutable|
For backwards compatibility, if this new flag is unset, the the old behaviour of immutability is retained completely. If it is set, then the "Immutable Linkage" of the file is the opposite of the "Immutableness" of the file - hence the name, Immutable Linkage Invert.
This change requires a patch to the Linux kernel, and a patch to e2fsprogs. After both the kernel and e2fsprogs have been patched, you should see behaviour like this:
[root@vshost tmp]# chattr +I file1 file3 [root@vshost tmp]# chattr +i file1 file2 [root@vshost tmp]# lsattr ---iI--------- ./file1 ---i---------- ./file2 ----I--------- ./file3 -------------- ./file4 [root@vshost tmp]# rm -f file3 rm: cannot unlink `file3': Operation not permitted [root@vshost tmp]# echo "Cheese" >> file1 bash: file1: Permission denied [root@vshost tmp]# echo "Cheese" >> file2 bash: file2: Permission denied [root@vshost tmp]# echo "Cheese" >> file3 [root@vshost tmp]# echo "Cheese" >> file4 [root@vshost tmp]# rm -f file* rm: cannot unlink `file2': Operation not permitted rm: cannot unlink `file3': Operation not permitted [root@vshost tmp]# lsattr ---i---------- ./file2 ----I--------- ./file3 [root@vshost tmp]#
I have made some .rpms of the patched e2fsprogs for Redhat 6.2 and 7.1. I have tested the version for 7.1, but not 6.2, so please let me know if it works.
|Package||Redhat 6.2 .rpm||Redhat 7.1 .rpm||.srpm|
|e2fsprogs||420,461 bytes||535,084 bytes||1,210,173 bytes|
|e2fsprogs-devel||424,015 bytes||535,084 bytes|