making configuration read-only?
Ralf Mardorf
ralf.mardorf at alice-dsl.net
Sat Jan 28 11:45:57 CET 2023
On Sat, 2023-01-28 at 10:36 +0100, Ulli Horlacher wrote:
> For which files/directories shall I do a "chown root:root"?
Hi,
to protect files I'm in favour of the 'i' attribute.
[rocketmouse at archlinux virtualbox-epoch1-6.1.40]$ man chattr | grep -A1 "'i' attribute"
i A file with the 'i' attribute cannot be modified: it cannot be deleted or renamed, no link can be created to this file, most of the file's metadata can not be modified, and
the file can not be opened in write mode. Only the superuser or a process possessing the CAP_LINUX_IMMUTABLE capability can set or clear this attribute.
[rocketmouse at archlinux virtualbox-epoch1-6.1.40]$ lsattr VirtualBox-6.1.40.tar.bz2
----i---------e------- VirtualBox-6.1.40.tar.bz2
Disabling write access to configurations in $HOME can be risky. I
suspect that making .config/dconf/user immutable is asking for trouble.
I can't comment on xfce configurations such as .config/xfce4/panel/*/*
or wherever those items are located nowadays.
Regards,
Ralf
More information about the Xfce
mailing list