|All content posted on this blog is solely the responsibility and perspective of the author. This site is not endorsed or supported by any commercial entity.|
Today’s tip will be short – but it can be very useful. Simply put, if you want to prevent a file from being changed on a Linux file system I have just learned that there is an immutable options. All you have to do is type (as root)
chattr +i <filename>
Now, of course, you can undo this by using
chattr -i <filename>
So, you may be asking, why would I want to make a file unchangeable?
I will answer that by describing the specific case that caused me to look for this. I was in the process of trying to enable DNSSEC on my Linux computer. To address this concern, I installed the unbound DNS resolver (a topic for a different post)
I tried to make some configuration changes to both dhclient and resolvconf to ensure I was always using unbound. Neither of these changes seemed to force the VPN client I was using from Private Internet Access to use 127.0.0.1 as the DNS server. This leads me to believe that the Private Internet Access client directly writes /etc/resolv.conf – completely bypassing unbound.
The solution – immutable files. Basically, I locked /etc/resolv.conf so that it can’t be changed! Now, I just have to remember to unlock it if I ever run a VPN application where I really do want to honor the DNS servers of the VPN provider – such as for a corporate network.