How to prevent that a user deletes a file owned by root in his home directory

Even though a file is held by root and has 700 rights, if the root user saves it in another user's home directory or any other directory owned by another user, that user can remove the file.

Example:

root@workstation:/home/otheruser# ls -la
total 8
drwxr-xr-x 2 otheruser otheruser 4096 Jul 28 11:52 .
drwxr-xr-x 3 root      root      4096 Jul 28 11:51 ..
-rwx------ 1 root      root         0 Jul 28 11:52 root_users_file

I may now remove the file by suing to "otheruser," because "otheruser" is the owner of the directory where "root users file" is stored:

root@workstation:/home/otheruser# su otheruser
$ rm root_users_file
rm: remove write-protected regular empty file `root_users_file'? y

Now to protect the file from being deleted, use the command chattr +i:

chattr +i root_users_file

and then try again to delete the file as "otheruser", the action will be denied:

root@workstation:/home/otheruser# su otheruser
$ rm root_users_file
rm: remove write-protected regular empty file `root_users_file'? y
rm: cannot remove `root_users_file': Operation not permitted

Now even the root user is not able to delete or edit the file anymore. With the command chattr -i the protection can be removed:

chattr -i root_users_file

Leave a Comment