Data Makes

Menu
  • Home
  • Contact
  • About Us
  • Data Tips
  • Tech Tips
Menu

Preventing file changes on Linux

Posted on April 26, 2016March 3, 2020 by David M.
All content posted on this blog is solely the responsibility and perspective of the author. This site is not endorsed or supported by any commercial entity.

Today’s tip will be short – but it can be very useful.  Simply put, if you want to prevent a file from being changed on a Linux file system I have just learned that there is an immutable options.  All you have to do is type (as root)

chattr +i <filename>

Now, of course, you can undo this by using

chattr -i <filename>

So, you may be asking, why would I want to make a file unchangeable?

I will answer that by describing the specific case that caused me to look for this.  I was in the process of trying to enable DNSSEC on my Linux computer.  To address this concern, I installed the unbound DNS resolver (a topic for a different post)

I tried to make some configuration changes to both dhclient and resolvconf to ensure I was always using unbound.  Neither of these changes seemed to force the VPN client I was using from Private Internet Access to use 127.0.0.1 as the DNS server.  This leads me to believe that the Private Internet Access client directly writes /etc/resolv.conf – completely bypassing unbound.

The solution – immutable files.  Basically, I locked /etc/resolv.conf so that it can’t be changed!  Now, I just have to remember to unlock it if I ever run a VPN application where I really do want to honor the DNS servers of the VPN provider – such as for a corporate network.

Post categories

  • Tech Tips

Recent Posts

  • Limiting access to your web-site to Cloudflare IP addresses only
  • High intensity port sharing with haproxy
  • Monitoring Google Contacts for changes – are you losing contacts?
  • Securing Cloudflare’s FlexibleSSL even farther with UFW
  • Preventing file changes on Linux
©2021 Data Makes
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.