The operation and maintenance department often teases itself with rm -rf /, but in fact, rm -rf / does not work under the current security mechanism. You see:

[root@zmedu-17 ~]# rm -rf /
rm: stay"/" Recursive operations are dangerous
rm: use --no-preserve-root Option skip safe mode

We need to add the following -- no preserve root to skip safe mode to delete it/
However, we want to delete some files on / that are not in use. For example/*

[root@zmedu-17 ~]# rm -rf /*
rm: Cannot delete"/boot/efi": Device or resource busy
rm: Cannot delete"/dev/hugepages": Device or resource busy
rm: Cannot delete"/dev/mqueue": Device or resource busy
rm: Cannot delete"/dev/pts/2": Operation not allowed
rm: Cannot delete"/dev/pts/1": Operation not allowed
rm: Cannot delete"/dev/pts/0": Operation not allowed
rm: Cannot delete"/dev/pts/ptmx": Operation not allowed
rm: Cannot delete"/dev/shm": Device or resource busy

However, if it is an ordinary file, it will not be so lucky. The ordinary file has been deleted. On the ext4 file system, we can use tools to find the file based on the Inode number, but the empty file can not be recovered.

Although we are very careful, it is still possible to delete files. This is just like a man to a woman. With crime tools, there is always the possibility of committing a crime, unless he becomes a father-in-law.

Today I will introduce a command to you. Its appearance is equivalent to adding a lock to important files while you backup them to ensure that files will not be deleted or modified by mistake.

Command: chatr: lock the file. After locking, it cannot be deleted or modified

Parameters:

+a can only add content to the file, but cannot delete it

-d: Cannot delete

+i: Locked, files cannot be deleted, modified, or moved

View lock: lsattr

Unlock: - i the minus sign here indicates contact

Let's use / etc/passwd

[root@zmedu-17 ~]# lsattr /etc/passwd #View original permissions
---------------- /etc/passwd
[root@zmedu-17 ~]# chattr +i /etc/passwd   #Lock
[root@zmedu-17 ~]# lsattr /etc/passwd    #View permissions after locking
----i----------- /etc/passwd
[root@zmedu-17 ~]# rm -rf /etc/passwd #Delete test
rm: Cannot delete"/etc/passwd": Operation not allowed
[root@zmedu-17 ~]# mv /etc/passwd /root/  #Mobile test
mv: Unable to"/etc/passwd" Move to"/root/passwd": Operation not allowed
[root@zmedu-17 ~]# echo aaa >> /etc/passwd  #Modify file content test
-bash: /etc/passwd: insufficient privilege
 

Did you successfully prevent you from deleting files by mistake. Of course, you said to follow the following operation, and then said that you deleted the file by mistake. I also believe it:

[root@zmedu-17 ~]# lsattr /etc/passwd  #Check whether it is locked
----i----------- /etc/passwd     
[root@zmedu-17 ~]# chattr  -i /etc/passwd  #Remove locking permission
[root@zmedu-17 ~]# lsattr /etc/passwd   #Check to see if it has been removed
---------------- /etc/passwd
[root@zmedu-17 ~]# rm -rf /etc/passwd  #Deliberately delete it by mistake

As long as you want to delete it, there will always be a way. Is there a safer way? of course

We can hide chatr

[root@zmedu-17 ~]# which chattr   #View command directory
/usr/bin/chattr
[root@zmedu-17 ~]# mkdir /opt/yc  #Create yc directory
[root@zmedu-17 ~]# mv /usr/bin/chattr /opt/yc/ #Copy the command
[root@zmedu-17 ~]# cd /opt/yc/     #Enter yc directory
[root@zmedu-17 yc]# mv chattr h   #Hide commands using aliases
[root@zmedu-17 ~]# /opt/yc/h +i /etc/passwd  #h is the chatr command
[root@zmedu-17 ~]# lsattr /etc/passwd
----i----------- /etc/passwd

If you want to restore, just copy it back

[root@zmedu-17 yc]# mv h /usr/bin/chattr
[root@zmedu-17 yc]# chattr -i /etc/passwd

This article is from ID: Internet old Xin more content is concerned about the official account of the "geek operation and maintenance home".