Really unalterable file

While setting Cisco VPN client, I wanted to run it in background. To do it I needed to prevent this software to modify configuration file (remove user password). chmod 0400 didn't help, but in Linux there is another tool to make a file "unalterable": chattr:

chattr +i /etc/opt/cisco-vpnclient/Profiles/remotesite.pcf

Another case, when I don't want to allow my fingers to break the system, is when I edit a file:

vim -M /file/to/edit

view /file/to/edit allows you to execute :w!, but M flag - doesn't.

Root means more rights and more responsibility.

No comments: