views:

908

answers:

3

Hello there, I would like to prevent one of my root process from deleting a certaing file. So I came across the flock command, it seems to fit my need, but I didnt get its sintax.

If I only indicate a shared lock, it doesnt work:
flock -s "./file.xml"

If I add a timeout parameter, it still doesnt work
flock -s -w5 "./file.xml"

It seems that way, it fits in flock [-sxun][-w #] fd# way.
(What is this fd# parameter?)

So, I tried the flock [-sxon][-w #] file [-c] command
Using flock -s -w5 "./file.xml" -c "tail -3 ./file.xml" and it worked, tail command at ./file.xml was executed.
But I would like to know, does the lock end after the command or does it last 5 seconds after the end of the command execution? My main question is, how can I prevent another root process deleting a file in linux?

+8  A: 

No, flock does NOT prevent anyone from doing anything. Unix locks are ADVISORY, which means that they prevent other processes from also calling flock (or in the case of a shared lock, prevent another process using an exclusive one).

It doesn't stop root, or anyone else, from reading, writing or deleting the file.

In any case, even if it was a mandatory lock, it wouldn't stop the file being deleted, as it's the file being locked not the directory entry.

MarkR
Oh, thanks man.I'll try the folder lock.Thanks
Danmaxis
No, you don't understand. Linux does not have mandatory locking, normally. Mandatory locking solves little and mostly just allows one app to deny service to another with no explanation or way of dealing with it. If you really really, really want to stop root from deleting a file, chattr it to "immutable", but they can always change it back then delete it.
MarkR
+2  A: 

MarkR is correct chattr'ing the file will prevent it from being deleted.

-(~)-------------------------------------------------------------------------------------------------------(08:40 Mon Mar 29)
risk@DockMaster [2135] --> sudo chattr +i junk.txt
[sudo] password for risk: 
-(~)-------------------------------------------------------------------------------------------------------(08:40 Mon Mar 29)
risk@DockMaster [2136] --> sudo rm ./junk.txt 
rm: cannot remove `./junk.txt': Operation not permitted
zsh: exit 1     sudo rm ./junk.txt
-(~)-------------------------------------------------------------------------------------------------------(08:40 Mon Mar 29)
risk@DockMaster [2137] --> sudo rm -f ./junk.txt
rm: cannot remove `./junk.txt': Operation not permitted
zsh: exit 1     sudo rm -f ./junk.txt
-(~)-------------------------------------------------------------------------------------------------------(08:40 Mon Mar 29)
risk@DockMaster [2138] --> 
kSiR
+1  A: 

flock is not the right tool for this job. If you have a programme that is deleting files, you should not run that programme as root. You should run it as a different user. Unix has very good support for file permissions, but root is a god account. Root can do everything, and there are no permissions for root.

Rory