`chattr +i` error on NFS
Solution 1
NFS doesn't have a concept of immutable files, which is why you get the error. I'd suggest that you just remove write access from everyone instead, which is probably close enough for your purposes.
$ > foo
$ chmod a-w foo
$ echo bar > foo
bash: foo: Permission denied
The main differences between removing the write bit for all users instead of using the immutable attribute:
- The immutable attribute must be unset by root, whereas chmod can be changed by the user owning the file;
- The immutable attribute removes the ability to remove the file without removing the immutable attribute, which removing the write bit doesn't do (although you can change the directory permissions to disallow modification, if that is acceptable).
If either of these things matter to you when dealing with authorized_keys, you probably have a more fundamental problem with your security model.
Solution 2
Correct this will not work over NFS.
However, on the server where this directory is exported try run your chattr command. With a couple of gotchas
You may need to enable ACLs:
$ mount -o remount,acl /
(To make that change permanent edit your /etc/fstab)
SELinux may get in your way:
To find out for sure:
$ ls -Z
Related videos on Youtube
02 : 34
02 : 31
01 : 30
02 : 01
03 : 09
mavillan
Currently pursuing Master's degree in Computer Science at UTFSM. I'm highly interested in Numerical Methods and Scientific Computing.
Updated on September 18, 2022Comments
-
mavillan almost 2 years
I'm trying to secure my
authorized_keysfile to prevent it from being modified. I run this:[root@localhost]# chattr +i authorized_keys chattr: Inappropriate ioctl for device while reading flags on authorized_keysI think it may be due to the filesystem:
[root@localhost]# stat -f -c %T /home/user/ nfsthere is a way to modify it with chattr?