Finding files with immutable flag
Ricardo Dias Marques
I installed Red Hat Linux 6.2 some weeks ago.
As part of the security measures I have taken on that system, I did a
chattr +i on some files to set the immutable flag on.
However, some problems happened because of that (some programs trying
to change some of those files and not being able to).
So, now I want to find all the files that have the +i (immutable) flag
on, and remove the flag from *some* of the files. I know I could chattr
recursively to remove the immutable flag from ALL the files, but I
still want to keep some of them immutable.
My question is then: Is there a variation of the "find" command to get
a listing of all the files with the immutable flag on?
Thanks in advance! :)
Best wishes,
Ricardo Dias Marques
ricma...@spamcop.net
Sent via Deja.com http://www.deja.com/
Before you buy.
Jeld The Dark Elf
this attribute.
--
-----------------------------------------------------------
Everybody lies. But it doesn't matter since nobody listens.
-----------------------------------------------------------
Ricardo Dias Marques
Jeld wrote:
> Read man lsattr. You should be able to pipe
> output of lsattr through grep to look for
> this attribute [immutable flag]
Thanks for the tip. The problem is, if I go the root directory, and do:
lsattr -R | grep +i
I get error messages, when the "search" goes to /dev and /proc
For instance, when the search descends into a /dev subdirectory, I get:
lsattr: No such device While reading flags on ./dev/audio
and when the search gets into a /proc subdirectory:
lsattr: Inappropriate ioctl for device While reading flags
on ./proc/3636
Is there a way to exclude /dev and /proc from the search?
Thanks again.
Matthew Gatto
>
>Jeld wrote:
>> Read man lsattr. You should be able to pipe
>> output of lsattr through grep to look for
>> this attribute [immutable flag]
>
>Thanks for the tip. The problem is, if I go the root directory, and do:
>lsattr -R | grep +i
>
>I get error messages, when the "search" goes to /dev and /proc
>
>For instance, when the search descends into a /dev subdirectory, I get:
>lsattr: No such device While reading flags on ./dev/audio
>
>and when the search gets into a /proc subdirectory:
>lsattr: Inappropriate ioctl for device While reading flags
>on ./proc/3636
>
>
>Is there a way to exclude /dev and /proc from the search?
you could just ignore those error messages:
$ lsattr -R 2>/dev/null |grep -- "-i-"
of course, if you're looking for files with the append flag set too,
you'll have to change that to grep -- "-ia"
--
8:56pm up 87 days, 16:22, 4 users, load average: 0.27, 0.11, 0.03
Ricardo Dias Marques
On Sun, 01 Oct 2000, Matthew Gatto wrote:
[snip]
>you could just ignore those error messages:
>$ lsattr -R 2>/dev/null |grep -- "-i-"
>of course, if you're looking for files with the append flag set too,
>you'll have to change that to grep -- "-ia"
Thanks a lot for the tip! By the way, what is the purpose of the "2"
caracter in the lsattr command you typed?
Matthew Gatto
> Hi Matthew :)
>
> On Sun, 01 Oct 2000, Matthew Gatto wrote:
>
> [snip]
> >you could just ignore those error messages:
> >$ lsattr -R 2>/dev/null |grep -- "-i-"
> >of course, if you're looking for files with the append flag set too,
> >you'll have to change that to grep -- "-ia"
>
> Thanks a lot for the tip! By the way, what is the purpose of the "2"
> caracter in the lsattr command you typed?
the 2>/dev/null redirects Standard Error (messages) to the null
device. I forgot to mention that is specific to the bash shell. You
can find out what shell you're using by typing "echo $SHELL"
--
7:31pm up 90 days, 14:58, 4 users, load average: 0.08, 0.02, 0.01
Ricardo Dias Marques
Matthew Gatto wrote:
[snip]
> the 2>/dev/null redirects Standard Error (messages) to the null
> device. I forgot to mention that is specific to the bash shell. You
> can find out what shell you're using by typing "echo $SHELL"
OK. I am indeed using Bash, so your tip works great for me!
Thanks again for all the help Matthew :)
Best wishes,
Ricardo Dias Marques
ricma...@spamcop.net