making configuration read-only?

Ralf Mardorf ralf.mardorf at
Sat Jan 28 11:45:57 CET 2023

On Sat, 2023-01-28 at 10:36 +0100, Ulli Horlacher wrote:
> For which files/directories shall I do a "chown root:root"?


to protect files I'm in favour of the 'i' attribute.

[rocketmouse at archlinux virtualbox-epoch1-6.1.40]$ man chattr | grep -A1 "'i' attribute"
       i      A file with the 'i' attribute cannot be modified: it cannot be deleted or renamed, no link can be created to this file, most of the file's metadata can not be modified, and
              the file can not be opened in write mode.  Only the superuser or a process possessing the CAP_LINUX_IMMUTABLE capability can set or clear this attribute.
[rocketmouse at archlinux virtualbox-epoch1-6.1.40]$ lsattr VirtualBox-6.1.40.tar.bz2 
----i---------e------- VirtualBox-6.1.40.tar.bz2

Disabling write access to configurations in $HOME can be risky. I
suspect that making .config/dconf/user immutable is asking for trouble.
I can't comment on xfce configurations such as .config/xfce4/panel/*/*
or wherever those items are located nowadays.


More information about the Xfce mailing list