Ubuntu: Make your files immutable which even root can’t delete

by on Jul.25, 2010, under Linux (Ubuntu)

Ok, so here’s another nice trick I came across in the past, as I had several FTP accounts for different purposes. However, during my tests I discovered a serious security leak: PHP scripts were able to read all my files. Therefore I created a .htaccess file which should force a download for each requested file – even more PHP scripts, in order to prevent their execution.

Everything seemed to work fine, however after some more tests I found, that the FTP users were able to delete my .htaccess file for some reason. It took me some time to find an explanation for this issue and the reason was, that the FTP users automatically also were the owners of those .htaccess files, and had sufficient privileges to remove them as well.

After searching for further ways to avoid that I found a sweet solution for this matter. The following command will make files immutable/undeletable, so even the systems root user couldn’t remove them:

chattr +i /opt/gtasa-dedicated/.htaccess

After executing this command, my FTP users were
a) unable to execute any form of scripts in this directory
b) unable to unblock themselves from their restrictions

3 Comments for this entry

  • easter decor

    1st off excellent blog. Im not sure if it has been addressed, but when using Firefox I can never get the entire post to load without refreshing several times. Could just be my connection. Appreciate your work

  • WP Themes

    Genial brief and this post helped me alot in my college assignement. Say thank you you seeking your information.

  • Deann Fraire

    Hi! This is my first visit to you blog and I have so enjoyed the encouragement that you share. You also have alot of fascinating links as well. Thanks for being in blog land and I expect to visit and learn more again in the near future.


Leave a Reply


Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!