In a ZFS file system, you can mark security-relevant files for special treatment. The file attributes can affect local files, NFS-mounted files, or CIFS-mounted files. The chmod(1) and ls(1) man pages describe how to set and list file attributes.
File attributes that have security implications include the following:
appendonly attribute – Permits adding to the end of a file but prevents modifying existing contents. This attribute on a log file can prevent changes to log file entries. Requires the PRIV_FILE_FLAG_SET privilege on the process to set the attribute and all privileges to remove it.
immutable attribute – Prevents modifying or deleting the contents of a file. Also prevents changing file metadata except for access time updates. On a directory, this attribute prevents the deletion of the directory and its files. Requires the PRIV_FILE_FLAG_SET privilege on the process to set the attribute and all privileges to remove it.
For an example, see Example 21, Making a ZFS File Immutable.
nounlink attribute – Prevents deletion of critical files or directories. On a directory, this attribute prevents the deletion or renaming of files. This attribute can prevent the accidental deletion of files that are critical for an application. Requires the PRIV_FILE_FLAG_SET privilege on the process to set the attribute and all privileges to remove it.
sensitive attribute – Indicates that the file contains keying information, such as PINs or passwords. Sensitive files are not written to the audit record.
readonly attribute – Permits no content change to a CIFS-mounted file. The owner of the file can set or clear this attribute, or a user or group with the write_attributes permission can set or clear this attribute.
For more information, see Examples of Setting Security-Relevant Attributes on ZFS Files.