FreeBSD operating system has an extra security feature for files called file flags. It provides additional control over files, but not directories. If you set the flag of a file it can not be removed or altered by anyone including root.
The chflag utility can be used to modify the file flags of the listed files as specified by the flag operand. Only root or the owner of a file can enable or disable these flags.
How to write-protect a file
You can write-protect a file by enabling the schg flag on it. To make file1 write-protected, so that no one can edit this file, use the following command in your terminal –
chflags schg file1
To check the current flags set on a file, use –
ls -lo file1
How to enable the undeletable flag on a file
If you enable the undeletable flag on a file. The file can not be deleted by anyone even by root. Set the undeletable flag on a file by using –
chflags sunlink file1
Now again execute the given command to view the flags on a file-
ls -lo file1
Now if you run the command to edit or delete the file1 this says operation not permitted –
To edit or delete this file first you need to turn off these flags.
Remove the immutable or undeletable flag of a file
To disable the write-protected or immutable flag from a file, use the following command –
chflag noschg file1
Or issue the given command to disable undeletable flag from the file –
chflags nosunlink file1
Some other files flag in FreeBSD
Apart from these two flags, there are some other flags that can be used by the root user or owner of the file to alter the behavior of a file. A few of them are listed below –
- arch – set the archived flag
- sappnd – set the system append-only flag
- schg – set the system immutable flag
- sunlnk – set the system undeletable flag
- uappnd –set the user append-only flag
- uchg – set the user immutable flag
- uunlnk –set the user undeletable flag
If you use no before these flags it will disable the flag on a file. To know more about the flags and option that can be used with chflag, see its manual page by using –
man chflag
Conclusion
By enabling a flag you can increase the security of a file. Now if you want something to say on this topic then share your thought with us in the comments below.