Umurnin chattr 5 don Sanya Fayiloli Masu Muhimmanci (Ba a Canjawa) a cikin Linux


chattr (Change Attribute) shine layin umarni na Linux wanda ake amfani dashi don saita/cire wasu sifofi zuwa fayil a cikin tsarin Linux don amintaccen gogewa ko gyara mahimman fayiloli da manyan fayiloli, kodayake an shigar da ku. a matsayin tushen mai amfani.

A cikin tsarin fayilolin Linux na asali watau ext2, ext3, ext4, btrfs, da sauransu. Mutum ba zai iya share ko gyara fayil/fayil da zarar an saita halayensu tare da umarnin chattr, kodayake mutum yana da cikakken izini akansa.

Wannan yana da matukar amfani don saita halaye a cikin fayilolin tsarin kamar passwd da fayilolin inuwa waɗanda bayanan mai amfani ya ƙunshi.

# chattr [operator] [flags] [filename]

Masu biyowa sune jerin halayen gama gari kuma ana iya saita tutoci masu alaƙa/cire su ta amfani da umarnin chattr.

  1. Idan an isa ga fayil tare da saitin sifa na 'A', ba a sabunta rikodin atime ɗin sa.
  2. Idan an gyaggyara fayil tare da saitin sifa 'S', sauye-sauyen ana sabunta su ne tare da juna akan faifai.
  3. An saita fayil tare da sifa 'a', za'a iya buɗe shi kawai a yanayin kari don rubutu.
  4. An saita fayil tare da sifa 'i', ba za a iya gyara shi ba (mai canzawa). Yana nufin babu sake suna, babu ƙirƙirar hanyar haɗin yanar gizo, babu aiwatarwa, babu rubutu, babban mai amfani ne kaɗai zai iya warware sifa.
  5. An saita fayil mai sifa 'j', an sabunta duk bayanansa zuwa mujallar ext3 kafin a sabunta shi zuwa fayil ɗin kanta.
  6. An saita fayil tare da sifa 't', ba tare da haɗa wutsiya ba.
  7. Fayil mai sifa 'd', ba zai ƙara zama ɗan takara don madadin lokacin da ake gudanar da aikin juji ba.
  8. Lokacin da fayil yana da sifa 'u' aka share, ana adana bayanansa. Wannan yana bawa mai amfani damar neman cirewa.

  1. + : Yana ƙara sifa ga abubuwan da ke akwai na fayilolin.
  2. : Yana kawar da sifa ga abubuwan da ke akwai na fayilolin.
  3. : Kiyaye abubuwan da ke akwai da fayilolin ke da su.

Anan, zamu nuna wasu misalan umarni na chattr don saita/cire halayen zuwa fayil da manyan fayiloli.

1. Yadda ake ƙara halaye akan fayiloli don amintattu daga gogewa

Don dalilai na nuni, mun yi amfani da babban fayil demo da fayil important_file.conf bi da bi. Kafin kafa halayen, tabbatar da tabbatar da cewa fayilolin da ke akwai suna da kowane sifofi da aka saita ta amfani da umarnin 'ls -l'. Shin kun ga sakamakon, a halin yanzu ba a saita sifa ba.

 ls -l
total 0
drwxr-xr-x. 2 root root 6 Aug 31 18:02 demo
-rwxrwxrwx. 1 root root 0 Aug 31 17:42 important_file.conf

Don saita sifa, muna amfani da alamar + kuma don cire saiti yi amfani da alamar tare da umarnin chattr. Don haka, bari mu sanya bit ɗin da ba za a iya canzawa ba a kan fayiloli masu alamar +i don hana kowa goge fayil, ko da tushen mai amfani ba shi da izinin share shi.

 chattr +i demo/
 chattr +i important_file.conf

Lura: The m bit +i za a iya saita shi kawai ta superuser (watau tushen) mai amfani ko mai amfani da sudo gata zai iya saitawa.

Bayan saita bit mara canzawa, bari mu tabbatar da sifa tare da umarnin 'lsattr'.

 lsattr
----i----------- ./demo
----i----------- ./important_file.conf

Yanzu, an yi ƙoƙarin sharewa da ƙarfi, sake suna ko canza izini, amma ba za a yarda da cewa Ba a yarda da aiki ba.

 rm -rf demo/
rm: cannot remove âdemo/â: Operation not permitted
 mv demo/ demo_alter
mv: cannot move âdemo/â to âdemo_alterâ: Operation not permitted
 chmod 755 important_file.conf
chmod: changing permissions of âimportant_file.confâ: Operation not permitted

2. Yadda za a unset sifa a kan Files

A cikin misalin da ke sama, mun ga yadda ake saita sifa don amintacce da hana fayiloli daga gogewar bazata, anan a cikin wannan misalin, zamu ga yadda ake sake saita izinin (ba a saita sifa) kuma ba da damar canza fayiloli ko canzawa ta amfani da - ina tuta.

 chattr -i demo/ important_file.conf

Bayan sake saita izini, tabbatar da matsayin fayilolin da ba za a iya canzawa ta amfani da umarnin 'lsattr'.

 lsattr
---------------- ./demo
---------------- ./important_file.conf

Kuna gani a cikin sakamakon da ke sama cewa an cire tutar '-i', wannan yana nufin zaku iya cire duk fayil ɗin da babban fayil ɗin da ke cikin babban fayil ɗin tecment lafiya.

 rm -rf *

 ls -l
total 0

3. Yadda ake Secure /etc/passwd da /etc/shadow files

Saita sifa mara canzawa akan fayiloli /da sauransu/passwd ko /da sauransu/shadow, yana sa su amintattu daga cirewa ko tambarin bazata kuma hakan zai hana ƙirƙirar asusun mai amfani.

 chattr +i /etc/passwd
 chattr +i /etc/shadow

Yanzu gwada ƙirƙirar sabon mai amfani da tsarin, zaku sami saƙon kuskure yana cewa 'ba za a iya buɗe /etc/passwd' ba.

 useradd tecmint
useradd: cannot open /etc/passwd

Ta wannan hanyar zaku iya saita izini maras canzawa akan mahimman fayilolinku ko fayilolin tsarin tsarin don hana gogewa.

4. Sanya bayanai ba tare da Gyara bayanan da ke cikin fayil ba

A ce, kawai kuna son ba kowa damar kawai saka bayanai akan fayil ba tare da canza ko canza bayanan da aka riga aka shigar ba, kuna iya amfani da sifa 'a' kamar haka.

 chattr +a example.txt

 lsattr example.txt
-----a---------- example.txt

Bayan saita yanayin ƙari, za'a iya buɗe fayil ɗin don rubuta bayanai a yanayin ƙari kawai. Kuna iya cire sifa ta append kamar haka.

 chattr -a example.txt

Yanzu gwada maye gurbin abubuwan da suka riga sun kasance akan fayil misali.txt, za ku sami kuskure suna cewa 'Ba a yarda da aiki ba'.

 echo "replace contain on file." > example.txt
-bash: example.txt: Operation not permitted

Yanzu gwada ƙara sabon abun ciki akan fayil ɗin da ke akwai example.txt kuma tabbatar da shi.

 echo "replace contain on file." >> example.txt
 cat example.txt
Here is the example to test 'a' attribute mean append only.
replace contain on file.

5. Yadda Ake Tsare Takaddun Bayanai

Don amintar da dukan kundin adireshi da fayilolin sa, muna amfani da '-R'(a kai-tsaye) canza tare da '+i' tuta tare da cikakken hanyar babban fayil ɗin.

 chattr -R +i myfolder

Bayan saita sifa akai-akai, gwada share babban fayil ɗin da fayilolinsa.

 rm -rf myfolder/
rm: cannot remove 'myfolder/': Operation not permitted

Don cire izini, muna amfani da '-R' guda ɗaya (a-kai-a-kai) canzawa tare da tutar '-i' tare da cikakken hanyar babban fayil ɗin.

 chattr -R -i myfolder

Shi ke nan! Don ƙarin sani game da halayen umarnin chattr, tutoci da zaɓuɓɓuka yi amfani da shafukan mutum.