How do I use the linux flock command to prevent another root process from deleting a file?
https://stackoverflow.com/questions/1040828
-
22-07-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I would like to prevent one of my root processes from deleting a certain file. So I came across the flock command, it seems to fit my need, but I didn't get its syntax.
If I only indicate a shared lock, it doesn't work:
flock -s "./file.xml"
If I add a timeout parameter, it still doesn't work:
flock -s -w5 "./file.xml"
It seems that way, it fits in flock [-sxun][-w #] fd# way.
(What is this fd# parameter?)
So, I tried:
flock [-sxon][-w #] file [-c] command
Using flock -s -w5 "./file.xml" -c "tail -3 ./file.xml" and it worked, tail command at ./file.xml was executed.
But I would like to know, does the lock end after the command or does it last 5 seconds after the end of the command execution? My main question is, how can I prevent another root process from deleting a file in linux?
Solution
No, flock does NOT prevent anyone from doing anything. Unix locks are ADVISORY, which means that they prevent other processes from also calling flock (or in the case of a shared lock, prevent another process using an exclusive one).
It doesn't stop root, or anyone else, from reading, writing or deleting the file.
In any case, even if it was a mandatory lock, it wouldn't stop the file being deleted, as it's the file being locked not the directory entry.
OTHER TIPS
sudo chattr +i ./file.xml
MarkR is correct chattr'ing the file will prevent it from being deleted:
-(~)-------------------------------------------------------------------------------------------------------(08:40 Mon Mar 29)
risk@DockMaster [2135] --> sudo chattr +i junk.txt
[sudo] password for risk:
-(~)-------------------------------------------------------------------------------------------------------(08:40 Mon Mar 29)
risk@DockMaster [2136] --> sudo rm ./junk.txt
rm: cannot remove `./junk.txt': Operation not permitted
zsh: exit 1 sudo rm ./junk.txt
-(~)-------------------------------------------------------------------------------------------------------(08:40 Mon Mar 29)
risk@DockMaster [2137] --> sudo rm -f ./junk.txt
rm: cannot remove `./junk.txt': Operation not permitted
zsh: exit 1 sudo rm -f ./junk.txt
-(~)-------------------------------------------------------------------------------------------------------(08:40 Mon Mar 29)
risk@DockMaster [2138] -->
flock is not the right tool for this job. If you have a programme that is deleting files, you should not run that programme as root. You should run it as a different user. Unix has very good support for file permissions, but root is a god account. Root can do everything, and there are no permissions for root.
