Go to main content

Securing Files and Verifying File Integrity in Oracle® Solaris 11.3

Exit Print View

Updated: October 2017

Examples of Setting Security-Relevant Attributes on ZFS Files

This section shows how to add security-relevant attributes to ZFS files and how to display them.

Note -  If you are working in a non-global zone, you cannot set the immutable, nounlink, or appendonly attributes by default. You must add the privilege file_flag_set to the zone to enable setting these attributes. See How to Modify Zone Privileges in Creating and Using Oracle Solaris Zones.
Example 21  Making a ZFS File Immutable

A user who is assigned the Object Access Management rights profile makes a file immutable by running the following command:

$ chmod S+ci file.1
$ echo this >>file.1
-bash: file.1: Not owner
$ rm file.1
rm: cannot remove `file.1': Not owner

To display the permissions, the user runs the ls -l/c command:

$ ls -l/c file.1
-rw-r--r--+  1 root     root      206695 Jul 20 14:27 file.1

To make the file accessible again, the user runs the following command:

$ chmod S-ci file.1
$ ls -l/c file.1
-rw-r--r--+  1 root     root      206695 Jul 20 14:27 file.1
Example 22  Making a ZFS File Read-Only

The following example shows how to apply read-only access to a ZFS file.

$ chmod S+cR file.2
$ echo this >>file.2
-bash: file.2: Not owner

Preventing Accidental Deletions With the nounlink Attribute

The nounlink attribute complements the immutability of files or directories in ZFS by securing them from being accidentally removed. However, unlike the immutable attribute, nounlink only prevents a file from being deleted or renamed. The file can still be changed by applications or by users.

This behavior is useful for a broad set of files, for example, log files and datafiles from your database. One obvious requirement is that your application must not delete the files as a regular pattern of operation. The nounlink attribute would prevent the deletion.

Example 23  Protecting Files in a Directory From Deletion

In this example, an administrator who is assigned the Object Access Management rights profile and a pfbash login shell prevents the accidental deletion of important applications. With the nounlink attribute set on a directory, the file owners, the administrator, and even the root role must take extra steps to delete the files in that directory.

$ cd /apps/ADMIN
$ chmod S+vnounlink
$ chmod touch test2
$ chmod echo text >> test2
$ cat test2
$ rm test2
    rm: test not removed: Not owner
$ chmod S-vnounlink test2
$ rm test2
$ ls test2
    test2: No such file or directory

The owner can still update the files in the directory, and can still remove the file contents by accident. But, even as root, the files are undeletable without removing the nounlink attribute.

nounlink can make a single file undeletable:

$ cd /apps/ADMIN
$ chmod S+vnounlink importantApp

Displaying and Changing ZFS File Attributes

You can display and set special attributes with the following syntax:

$ ls -l/v file.3
-r--r--r--   1 root     root      206695 Jul 20 14:59 file.3
noimmutable,av modified,noav_quarantined,nonounlink,nooffline,nosparse}
$ chmod S+cR file.3
$ ls -l/v file.3
-r--r--r--   1 root     root      206695 Jul 20 14:59 file.3

Some of these attributes apply only in an Oracle Solaris SMB environment.

You can clear all attributes on a file. For example:

$ chmod S-a file.3
$ ls -l/v file.3
-r--r--r--   1 root     root      206695 Jul 20 14:59 file.3