removing write permission does not prevent root from writing to the file

removing write permission does not prevent root from writing to the file I just noticed on my Ubuntu machine (ext3 filesystem) that removing write permissions from a file does not keep root from writing to it.
Asked by: Guest \| Views: 249

Total answers/comments: 2

Comments display order:

Guest [Entry]

"1) This is a normal behaviour. root has rw access on all files at all times.

2) You can protect a file even from root (not deliberate action, but accidental, anyway) by using

chattr +i filename.ext

That is ""change attributes add immutable"". To remove the protection:

chattr -i filename.ext

have a look at man chattr for more info"

Guest [Entry]

"You can also restrict file access for the root user, by using Linux kernel ""Capabilities"": http://www.securityfocus.com/infocus/1400

There is also the possibility of using SE-Linux or some other kernel patch to make some files immutable even to root."