Freebsd 101 : File flags (An added security layer).

File flags:

File flags add an extra layer of permissions and security for files. This concept applies only to files but not to directories.

Below is an example showing a file with an immutable flag (simmutable):

Another example showing an append_only flag (sappend) file:

The chflags command:

We use the command chflags to modify these flags:

Example:

To enable the system "undeletable" flag (sunlink) on a file, we use the below command:

To disable the system "undeletable" flag (sunlink) on a file we use the nosunlink parameter :

To display the flags of a file we use the below command:

Remark:

These flags are not applicable to directories only to files as stated before.

Using The flags even the root user could be prevented from removing or modifying files using the simmutable flag.

It is useful when giving root access to database administrators for example, to prevent them from deleting or altering files on the system.

Example of flags:

sappend : set the append-only flag on a file. With this flag we can't change the content of afile, we can only add data to it.
hidden : allows the owner of the file or the superuser to set the hidden attribute on a file.
simmutable : allows the root user to set the system immutable flag on a file (the file can't be deleted, modified or moved to another location).

Leave as a comment:

IT hands-on