Changed file ownership to root but original user can still edit the file? - CPanel - PhpOut

IMB
July 25, 2018
153 views
0 votes
2 Answers

I ran the following commands:

chown root:root file.php
chmod 0644 file.php

Settings appear to have been applied when typing ls -l:

-rw-r--r-- 1 root root 310 Jul 26 01:25 file.php

However, the original user can still edit the file via Cpanel File Manager and upon saving, the file ownership went back to the original user. E.g.,

-rw-r--r-- 1 orig_user orig_user 310 Jul 26 01:25 file.php

How do I prevent the user from editing files already owned by root?

Tags: chmod chown cpanel file-permissions linux

Answers

- merlin2011
- July 25, 2018 at 7:34 pm
- 0 votes
0
Use chattr on the file to make it immutable.
```
sudo chattr +i file.php
```
Login or Signup to reply.

- klaus
- July 25, 2018 at 8:03 pm
- 0 votes
0
If the editor uses “erase old file + write new file” instead of “modify existing file”, this works perfect. If so, the permissions on the containing directory must be changed to prevent a user from erasing the file.

Removing a file did not depend on the permission of the file!

Try it out in a shell:
```
> touch bla
> chmod 000 bla
> sudo chown root:root bla
> rm bla
... maybe a warning ...
```
but the file will be erased!

As this chown and chmod did not help for the file, but for the containing directory.

On filesystems like ext2, ext3 and most common newer ones you can use chattr to protect with more attributes.
```
> sudo chattr +i bla 
> lsattr bla
```
From the chattr man page:

A file with the ‘i’ attribute cannot be modified: it cannot be deleted or renamed, no link can be created to this file and no data can be written to the file. Only the superuser or a process possessing the CAP_LINUX_IMMUTABLE capability can set or clear this attribute.
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.