Ubuntu: Make your files immutable which even root can’t delete
by admin on Jul.25, 2010, under Linux (Ubuntu)
Ok, so here’s another nice trick I came across in the past, as I had several FTP accounts for different purposes. However, during my tests I discovered a serious security leak: PHP scripts were able to read all my files. Therefore I created a .htaccess file which should force a download for each requested file – even more PHP scripts, in order to prevent their execution.
Everything seemed to work fine, however after some more tests I found, that the FTP users were able to delete my .htaccess file for some reason. It took me some time to find an explanation for this issue and the reason was, that the FTP users automatically also were the owners of those .htaccess files, and had sufficient privileges to remove them as well.
After searching for further ways to avoid that I found a sweet solution for this matter. The following command will make files immutable/undeletable, so even the systems root user couldn’t remove them:
chattr +i /opt/gtasa-dedicated/.htaccess
After executing this command, my FTP users were
a) unable to execute any form of scripts in this directory
b) unable to unblock themselves from their restrictions
3 Comments for this entry
Leave a Reply
-
Welcome
This blog was designed to be filled with articles related to some of our more recent projects, macOS and linux guides (particularly Debian), coding and plenty of other topics.
Navigator:
July 27th, 2010 on 18:57
1st off excellent blog. Im not sure if it has been addressed, but when using Firefox I can never get the entire post to load without refreshing several times. Could just be my connection. Appreciate your work
August 4th, 2010 on 11:31
Genial brief and this post helped me alot in my college assignement. Say thank you you seeking your information.
August 5th, 2010 on 08:23
Hi! This is my first visit to you blog and I have so enjoyed the encouragement that you share. You also have alot of fascinating links as well. Thanks for being in blog land and I expect to visit and learn more again in the near future.
Blessing.