如何防止Linux中的文件被更改
[英]How to prevent a file in linux from being changed
问题描述
I've installed a CMS on my CentOS which changes a file constantly. 
我在CentOS上安装了CMS,该CMS会不断更改文件。 And I want to prevent it from being changed. 而且我想防止它被更改。 I tried: 我试过了:
chattr +i file.php
Or: 要么:
chmod 444 file.php
Even I've tried copying file(as file.php2) and then mounting it: 甚至我都尝试过复制文件(作为file.php2),然后挂载它:
mount --bind file.php2 file.php -o ro
Then how can I prevent my file from being changed by that CMS? 然后,如何防止该CMS更改我的文件?
2 个解决方案
解决方案1
1 2017-03-12 08:28:27
尝试sudo chmod 400 file.php这将使该文件对其他用户不可编辑。
解决方案2
1 已采纳 2017-03-12 09:06:16
You must 你必须
- prevent others than owner to write the file : 阻止所有者以外的其他人写文件:
chmod 644 file.php
- you must set the ownership of the file to a different user and group than the user running the CMS 您必须将文件的所有权设置为与运行CMS的用户不同的用户和组
chown root:root file.php
- Additionnaly, prevent others than owner to write to directory : 此外,请阻止所有者以外的其他人写入目录:
chmod 755 /path/to/dir/containing/
- Additionnaly, change owner of folder to another user/group 此外,将文件夹的所有者更改为另一个用户/组
chown root:root /path/to/dir/containing/
Why work on the folder too ? 为什么还要在文件夹上工作?
Because a user having write rights on a folder can delete any other user's files, even if he couldn't write to it or read it. 因为对文件夹具有写权限的用户可以删除任何其他用户的文件,即使他无法写入或读取该文件。 As a consequence, if you do not change the folder's permission too, the CMS user could delete your 'protected' file and write another one in its place. 因此,如果您也没有更改文件夹的权限,则CMS用户可以删除“受保护”文件,并在其位置写入另一个文件。
Edit: and of course, your CMS shouldn't run as root, or all the above would be ignored 编辑:当然,您的CMS不应以root身份运行,否则以上所有内容都将被忽略
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.