I thought i know a lot about Solaris, however today i found out about a feature that is in Solaris i never heard of. It was on an internal discussion alias. Or to be exact ... i think i've read that part of the man page but never connected the dots: Let’s assume you have a set of files in a directory that you shouldn’t delete. It would be nice to have some protection, that a short but fatally placed
Let’s assume those files are in
You can still change the files in the directory. Of course you are still able to write zeros or trash into it and thus removing the content by accident. You can write into the files But even as root, i can’t delete those files without removing this attribute. So you can’t delete this files by accident. Very useful for a broad set of files, for example redo log and datafiles from your database. The obvious requirement: You application shouldn’t delete the files as a regular pattern of operation. Solaris would block you application from doing so.
©c0t0d0s0.org
rm
typed under caffeine deprivation doesn't wipe out this important file. It would be nice, that the OS protects you from deleting it except you really, really want it (and thus execute additional steps). Let’s assume those files are in
/importantfiles
. You can mark this directory with the nounlink
attribute.
root@aramaki:/apps/ADMIN# chmod S+vnounlink .
root@aramaki:/apps/ADMIN# touch test2
root@aramaki:/apps/ADMIN# echo „test“ >> test2
root@aramaki:/apps/ADMIN# cat test2
test
root@aramaki:/apps/ADMIN# rm test2
rm: test not removed: Not owner
root@aramaki:/apps/ADMIN# chmod S-vnounlink .
root@aramaki:/apps/ADMIN# rm test2
If you just want to do it for a single file, this is possible, too
root@aramaki:/apps/ADMIN# chmod S+vnounlink test4
root@aramaki:/apps/ADMIN# rm test4
You can still change the files in the directory. Of course you are still able to write zeros or trash into it and thus removing the content by accident. You can write into the files But even as root, i can’t delete those files without removing this attribute. So you can’t delete this files by accident. Very useful for a broad set of files, for example redo log and datafiles from your database. The obvious requirement: You application shouldn’t delete the files as a regular pattern of operation. Solaris would block you application from doing so.
©c0t0d0s0.org
Comments
Post a Comment