Solaris republished Admin

Protecting files from accidental deletion

Additional protection against rm -rf *
Joerg Moellenkamp
Joerg Moellenkamp
2 minutes to read
 
(originally published on 27.10.2017, reviewed/rewritten on 13.04.2025, tested on Oracle Solaris 11.4 SRU 79)
 

Let’s assume you have a set of files in a directory that you shouldn’t delete. It would be nice to have some protection, that a short but fatally placed rm typed under caffeine deprivation doesn’t wipe out this important file. It would be nice, if the OS protects you from deleting the file. Except you really, really want it (and thus execute additional steps).

Okay, in my example those files are in /importantfiles. You can mark this directory with the nounlink attribute.

root@testbed:~# mkdir importantfiles
root@testbed:~# chmod S+vnounlink importantfiles
root@testbed:~# cd importantfiles
root@testbed:~/importantfiles# touch test2
root@testbed:~/importantfiles# echo test >> test2
root@testbed:~/importantfiles# echo test >> test2
root@testbed:~/importantfiles# cat test2
test
test
root@testbed:~/importantfiles# rm test2
rm: test2 not removed: Insufficient privileges
root@testbed:~/importantfiles# cd ..
root@testbed:~# chmod S-vnounlink importantfiles
root@testbed:~# rm -rf importantfiles

You can do the same just for a single file:

root@testbed:~# touch importantfile
root@testbed:~# chmod S+vnounlink importantfile 
root@testbed:~# ls -/v importantfile 
-rw-r--r--   1 root     root           0 Apr. 13 19:48 importantfile
		{archive,nohidden,noreadonly,nosystem,noappendonly,nonodump,noimmutable,av_modified,noav_quarantined,nounlink,nooffline,nosparse,nosensitive}
root@testbed:~# rm importantfile 
rm: importantfile not removed: Insufficient privileges
root@testbed:~# chmod S-vnounlink importantfile 
root@testbed:~# ls -/v importantfile 
-rw-r--r--   1 root     root           0 Apr. 13 19:48 importantfile
		{archive,nohidden,noreadonly,nosystem,noappendonly,nonodump,noimmutable,av_modified,noav_quarantined,nonounlink,nooffline,nosparse,nosensitive}
root@testbed:~# rm importantfile

There is a reason why i doing this example as root: This attribute protects the file even against a deletion by root.

That said, you have to keep in mind: This doesn’t protect you againt filling this file up with 0 for example. You can remove the content. You can’t remove the file. At least not without executing an additional step before. Think about it like a protective cap you have to flip open before you can access a switch. If you still manage to delete this file by accident … well, i don`t know …

This is a small, but very powerful feature for files that are used frequently, written to frequently, but only deleted in exceptional cases. For example datafiles in your database. With this attribute in place Solaris would simply prevent you from deleting this file, even in the nastiest hours of caffeine deprivation.

Joerg Moellenkamp
Written by

Joerg Moellenkamp

Grey-haired, sometimes grey-bearded Windows dismissing Unix guy.

You may also like...

Solaris republished Admin

Setting up NTP in Solaris 11

A question of time

Solaris republished Admin

Synchronous svcadm

Waiting for results

Solaris republished Admin Security

Time-based limits to SSH

Lockout after midnight