问题
I would like to prevent one of my root processes from deleting a certain file. So I came across the flock command, it seems to fit my need, but I didn't get its syntax.
If I only indicate a shared lock, it doesn't work:
flock -s "./file.xml"
If I add a timeout parameter, it still doesn't work:
flock -s -w5 "./file.xml"
It seems that way, it fits in flock [-sxun][-w #] fd# way.
(What is this fd# parameter?)
So, I tried:
flock [-sxon][-w #] file [-c] command
Using flock -s -w5 "./file.xml" -c "tail -3 ./file.xml" and it worked, tail command at ./file.xml was executed.
But I would like to know, does the lock end after the command or does it last 5 seconds after the end of the command execution? My main question is, how can I prevent another root process from deleting a file in linux?
回答1:
No, flock does NOT prevent anyone from doing anything. Unix locks are ADVISORY, which means that they prevent other processes from also calling flock (or in the case of a shared lock, prevent another process using an exclusive one).
It doesn't stop root, or anyone else, from reading, writing or deleting the file.
In any case, even if it was a mandatory lock, it wouldn't stop the file being deleted, as it's the file being locked not the directory entry.
回答2:
sudo chattr +i ./file.xml
MarkR is correct chattr'ing the file will prevent it from being deleted:
-(~)-------------------------------------------------------------------------------------------------------(08:40 Mon Mar 29)
risk@DockMaster [2135] --> sudo chattr +i junk.txt
[sudo] password for risk:
-(~)-------------------------------------------------------------------------------------------------------(08:40 Mon Mar 29)
risk@DockMaster [2136] --> sudo rm ./junk.txt
rm: cannot remove `./junk.txt': Operation not permitted
zsh: exit 1 sudo rm ./junk.txt
-(~)-------------------------------------------------------------------------------------------------------(08:40 Mon Mar 29)
risk@DockMaster [2137] --> sudo rm -f ./junk.txt
rm: cannot remove `./junk.txt': Operation not permitted
zsh: exit 1 sudo rm -f ./junk.txt
-(~)-------------------------------------------------------------------------------------------------------(08:40 Mon Mar 29)
risk@DockMaster [2138] -->
回答3:
flock is not the right tool for this job. If you have a programme that is deleting files, you should not run that programme as root. You should run it as a different user. Unix has very good support for file permissions, but root is a god account. Root can do everything, and there are no permissions for root.
来源:https://stackoverflow.com/questions/1040828/how-do-i-use-the-linux-flock-command-to-prevent-another-root-process-from-deleti