"Protection against the fool" or how to prohibit changing / deleting important folders

    Good time of day.

    Historically, I have a virtual machine for my small projects. However, since I do not use its resources to 100%, I decided not to be greedy and let a few friends share it. There are not many sites, I don’t take money for hosting, so I considered setting up something like cpanel too much. In addition, I am one of those who prefer to configure everything manually. I chose the following structure:

    /home/hostuser/vhosts/sitename.ru/{tmp,web,logs}
    

    And then the question arose: how to prevent the user from deleting / renaming folders in sitename.ru? If the web folder is missing , then apache and nginx will give a warning, but they will load anyway. But if you delete / move the logs folder , then both apache and nginx will not start due to an error (quite strange behavior for me). The hostuser folder completely belongs to this user and his personal group ( hostuser: hostuser ), which means that if he wants, he will be able to delete any internal folder / file, even if it belongs to the superuser. So how do you prevent deletion / relocation so that the user (by accident or on purpose) does not break the entire hosting?

    After a short googling, a solution was found. In addition to standard permissions and acl, in file systems such as ext2, ext3, ext4, additional attributes can be set for a file. Read more about all the attributes on the Wiki , or man chattr . We are interested in the immutable attribute . Only a superuser can set this attribute for a file or folder. If you assign the immutable attribute to a file, then this file cannot be changed or deleted (and even the superuser cannot do this until it removes this attribute). If you assign the immutable attributeto a folder, then this folder cannot be deleted, and it will also be impossible to change the structure inside it. Thus, it turns out that if we need to protect the sitename.ru folder and the structure inside it, we need to execute a simple command:

    chattr +i /home/hostuser/vhosts/sitename.ru
    

    To remove the attribute, use the -i flag .

    If you need to protect only one folder (for example, logs ), you can do the following:

    touch /home/hostuser/vhosts/sitename.ru/logs/.keep
    chattr +i /home/hostuser/vhosts/sitename.ru/logs/.keep
    

    Actually, this is how to put “protection against the fool” (even with superuser rights).

    Thanks for attention.

    Paying attention!

    It is important to understand that this article is not about information security . The lock on the mailbox is information security . The glass on the fire alarm button is protection against the fool .
    If you create a .keep file and give it the -i attribute , the folder itself can be transferred and the file can be transferred. You cannot delete the file itself and the folder structure before this file.
    If you need a more reliable level of security, use the immutable attribute with mount --bind. Using this bundle, you can configure protection against intentional structural changes.

    Also popular now: