Restrict file access to append only

linux permissions logs rsync xfs
12,609

Solution 1

The chattr utility is written for ext2/ext3/ext4 filesystems. It emits ioctls on the files, so it's up to the underlying filesystem to decide what to do with them. The XFS driver in newer Linux kernels supports the same FS_IOC_SETFLAGS ioctl as ext[234] to control flags such as append-only, but you may be running an older kernel where it doesn't (CentOS?). Try using the xfs_io utility instead:

echo chattr +a | xfs_io test.log

Note that, for XFS like for ext[234], only root can change the append-only flag (more precisely, you need the CAP_LINUX_IMMUTABLE capability).

Solution 2

Do you have permissions to do that? From man 1 chattr:

A file with the `a' attribute set can only be open in append mode for writing. Only the superuser or a process possessing the CAP_LINUX_IMMUTABLE capability can set or clear this attribute.

Share:
12,609

Related videos on Youtube

metalhead
Author by

metalhead

Updated on September 18, 2022

Comments

  • metalhead
    metalhead over 1 year

    I have a directory with log files and I'm putting logs from script launched by users into them. Logging with syslog doesn't seem possible in this case. (non-daemon rsync)

    I want the users to have only write permissions on log files. The problem is, that write permissions must be further restricted, so that users (script) can only append to that files. The underlying filesystem is XFS.

    The following doesn't work:

    # chattr +a test.log
chattr: Inappropriate ioctl for device while reading flags on test.log

    Is there any other solution for this? Thank you for your hints.

    • Stéphane Chazelas
      Stéphane Chazelas over 11 years
      Are you sure it's XFS? chattr +a works for me here (3.2 kernel). Note that you need to be root to use chattr (a $ prompt suggests non-superuser), though you'd get a different error message if chattr +a was supported and you were not root.
    • Gilles 'SO- stop being evil'
      Gilles 'SO- stop being evil' over 11 years
    • Gert van den Berg
      Gert van den Berg over 11 years
      What is the mount options on the partition? It might possibly store it using xattr, which might need the relevant mount option? (The socumentation for XFS don't mention much about it either...)
    • Michael Mrozek
      Michael Mrozek over 11 years
      This closed on SF, so I'm leaving it open here

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Permission problems with rsync
How to make rsync completely ignore permission from source
rsync: Permission denied (publickey) with SSH
Permission denied using Rsync as root
How can rsync fail due to missing permissions if remote login occurs with root?
rsync: chdir /test failed : Permission denied (13)
Preserving file and folder permissions with rsync
rsync permissioning?
Linux (NAS) Permissions problem (Permission Denied)
rsync - mkstemp failed: Permission denied (13)