removing write permission does not prevent root from writing to the file

linux unix permissions root

31,975

Solution 1

1) This is a normal behaviour. root has rw access on all files at all times.

2) You can protect a file even from root (not deliberate action, but accidental, anyway) by using

chattr +i filename.ext

That is "change attributes add immutable". To remove the protection:

chattr -i filename.ext

have a look at man chattr for more info

Solution 2

Yes, this is normal. Root is god.
Yes, there are ways to prevent root from overwriting files.
- Set the immutable bit with chattr (+i sets, -i unsets). Requires root access, works only on ext2/ext3 (presumably ext4 too), but is otherwise practical.
- Don't run apps as root. No root privs, no overwriting files. Use sudo to access system functions.
- Unmount the filesystem. No mounted fs, no overwriting files. [*]
- Turn off computer. No electricity, no overwriting files.

These methods follow logically from #1. As you can see, the last two methods are generally not useful, in the same way that protecting Windows against viruses by unplugging the network is generally not useful. This is why root is dangerous.[+]

_{[*] Discounting the possibility of "accidentally" writing directly to the block device, of course. Yes, root can do that. Yes, you can prevent that: disconnect the device.}

_{[+] This is also where those BOfH myths come from. They're not all myths.}

31,975

laramichaels

Updated on September 17, 2022

Comments

laramichaels over 1 year
I just noticed on my Ubuntu machine (ext3 filesystem) that removing write permissions from a file does not keep root from writing to it.

Is this a general rule of UNIX file permissions? Or specific to Ubuntu? Or a misconfiguration on my machine?
```
# touch abc
# chmod ugo-w abc
# python
Python 2.6.4 (r264:75706, Dec  7 2009, 18:45:15) 
[GCC 4.4.1] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> open('abc','w').write('AAA\n')
>>> 
# cat abc
AAA
```
Writing to the file fails (as expected) if I do this from my normal user account.
1. Is this normal behavior?
2. Is there a way to prevent root from accidentally writing to a file? (Preferably using normal filesystem mechanisms, not AppArmor, etc.)
Please teach me about something that I most definitely don't understand.

NOTE: I understand that root has total control over the system and can, eg, change the permissions on any file. My question is whether currently set permissions are enforced on code running as root. The idea is the root user preventing her/himself from accidentally writing to a file.

NOTE: I also understand that one should not be logged in as root for normal operations. I just noticed this behavior and am asking you about it.
laramichaels about 14 years

@brice: many thanks. directly addresses my question. didn't know about chattr.
quack quixote about 14 years

my system seems to need root access to run chattr. is there a user-mode means of setting such attributes?
laramichaels about 14 years

@~quack: brice's method is way more practical than the three you list. : )
quack quixote about 14 years

... although it is a great answer to the question, "can root protect a file so well even He cannot delete it"!
laramichaels about 14 years

@~quack: my question made it clear I understand the issues with running commands as root.
GDP2 over 7 years

FYI, the equivalent of this on OS X is sudo chflags <s|u>chg <file> to make it immutable for the system or user, respectively, and sudo chflags no<s|u>chg <file> for unsetting the immutable flag for the system or user, respectively.
Ungeheuer over 3 years

Brice, I need a file to be writable by a single user, not even root should be able to modify/delete that file. Looking through chattr, it seems that the file is either immutable for everyone including root, or root can touch the file. Is there any way to achieve what I'm trying to?