Ubuntu – How to protect a file from user changes


I am using Ubuntu 12.04 and I want to protect some pictures of another user using the su command (I have admin privileges). How can I protect a file using the terminal while still allowing the rest of the users to read it?

Best Answer

Ubuntu uses the EXT4 file-system format by default (I am assuming that we are not talking about anything else here).

If you do not want to take ownership of the file without removing the ability for the user to read that file you can start by allowing them to read, but not write to that file with:

chmod a-w,ug+r foo_file

description: change file permissions, all cannot write, user+group can read

Then can make files immutable so that even users with root permission cannot change then by using the following:

sudo chattr +i foo_file

To be able to delete or even modify this file you would need to use the command:

sudo chattr -i foo_file

and then you will be able to do something with it.

The plus point of using this is that most users (and admins) never have experienced immutable files in Linux.

That was the user will see this when trying to remove (or alter) the file:

~> sudo chmod a-w,ug+r asd
~> ll asd
-r--r--r-- 1 bruno bruno 156 feb 21 20:46 asd
~> sudo chattr +i asd
~> chmod +w asd
chmod: changing permissions of ‘asd’: Operation not permitted
~> rm asd
rm: remove write-protected regular file ‘asd’? y
rm: cannot remove ‘asd’: Operation not permitted
~> sudo rm asd
rm: cannot remove ‘asd’: Operation not permitted

while still being able to read it:

~> cat asd

After you issue chattr +i the file is "locked", no changes can be made until a user with root permissions sets it off with chattr -i.