Reputation: 400
How to prevent a file in linux from being changed
I've installed a CMS on my CentOS which changes a file constantly. And I want to prevent it from being changed. I tried:
chattr +i file.php
Or:
chmod 444 file.php
Even I've tried copying file(as file.php2) and then mounting it:
mount --bind file.php2 file.php -o ro
Then how can I prevent my file from being changed by that CMS?
Upvotes: 0
Views: 961
Answers (2)
Reputation: 226
Try sudo chmod 400 file.php This will make the file non editable to other users.
Upvotes: 1
Reputation: 88
You must
- prevent others than owner to write the file :
chmod 644 file.php
- you must set the ownership of the file to a different user and group than the user running the CMS
chown root:root file.php
- Additionnaly, prevent others than owner to write to directory :
chmod 755 /path/to/dir/containing/
- Additionnaly, change owner of folder to another user/group
chown root:root /path/to/dir/containing/
Why work on the folder too ?
Because a user having write rights on a folder can delete any other user's files, even if he couldn't write to it or read it. As a consequence, if you do not change the folder's permission too, the CMS user could delete your 'protected' file and write another one in its place.
Edit: and of course, your CMS shouldn't run as root, or all the above would be ignored
Upvotes: 1
Related Questions
- Changing file permissions in php
- Deny access to a PHP file (Nginx)
- restrict access on file with php in apache
- How to get permission for file access
- Readable file only by PHP
- php how to lock a file only for read when it is writing?
- php set permissions file to make it writable
- How to Stop PHP files editing parent directories with chmod or .htaccess?
- Security of changing permissions of file on server
- file permissions in php