1
00:00:00,000 --> 00:00:12,640
Another way to apply security to files is by using file system attributes.

2
00:00:12,640 --> 00:00:17,760
That's a POSIX definition, and POSIX goes back to the UNIX standard that has been defined

3
00:00:17,760 --> 00:00:24,940
a long time ago to guarantee standard solutions between different UNIX distributions.

4
00:00:24,940 --> 00:00:30,299
So POSIX defines a number of attributes that can be used to add security to files.

5
00:00:30,299 --> 00:00:36,020
And you can use chatter for change attribute to set them, and ls for list attribute to

6
00:00:36,020 --> 00:00:39,779
get an overview of currently applied attributes.

7
00:00:39,779 --> 00:00:43,139
And of all the attributes, the immutable attribute is common.

8
00:00:43,139 --> 00:00:48,340
You'll also find the a attribute, which allows you to append to a file, but nothing else.

9
00:00:48,340 --> 00:00:52,900
Now the nice thing about the attribute is that these attributes are irrespective of

10
00:00:52,900 --> 00:00:56,540
the user that is going to hit the file that has an attribute.

11
00:00:56,540 --> 00:00:57,939
Let's check it out.

12
00:00:57,939 --> 00:01:03,220
So I can do this as the root user in my own home directory, because as I told you, attributes

13
00:01:03,220 --> 00:01:05,660
don't really relate to the user.

14
00:01:05,660 --> 00:01:11,620
I'm going to create, touch my file, and ls-l is showing the property of my file.

15
00:01:11,620 --> 00:01:15,699
It's an empty file with read, write, read, and read permissions.

16
00:01:15,699 --> 00:01:17,199
And we also see this dot.

17
00:01:17,199 --> 00:01:23,080
Now the dot is interesting, because that is the indicator that some attributes apply.

18
00:01:23,080 --> 00:01:27,480
If I'm using ls-attr on my file, then we can see the list of all the attributes.

19
00:01:27,480 --> 00:01:29,559
Aha, no attributes apply.

20
00:01:29,559 --> 00:01:33,839
We just have an area in the metadata of the file to store attributes.

21
00:01:33,839 --> 00:01:34,839
Well, that's good.

22
00:01:34,839 --> 00:01:44,120
Let's use ch-attr plus a on my file to add this append attribute in ls-attr my file.

23
00:01:44,120 --> 00:01:46,320
And there you can see that it works.

24
00:01:46,320 --> 00:01:49,559
And echo hello greater than greater than to my file.

25
00:01:49,559 --> 00:01:50,559
Is that allowed?

26
00:01:50,559 --> 00:01:51,559
Yeah, that is allowed.

27
00:01:51,559 --> 00:01:57,080
And rm on my file, and that is asking if you want to remove it.

28
00:01:57,080 --> 00:02:00,040
And there we can see the attribute in action.

29
00:02:00,040 --> 00:02:03,239
Operation not permitted, not even for user root.

30
00:02:03,239 --> 00:02:08,119
So if ever a user root, you encounter a situation where you think, what is going on?

31
00:02:08,119 --> 00:02:11,000
I would advise you check if any attributes apply.