4

Consider this scenario:

User is executing a command on a file. This file becomes 'in-use' now.

$ tail -f somefile.log

In another shell, user deletes the file.

$ rm somefile.log

Now, this file is 'removed'. Meaning the only hardlink to the file inode is gone. If you execute the following command, you can still see the file, indicated as 'deleted'.

$ lsof | grep somefile.log

Disk space used by somefile.log is not released until user interrupts tail command in this case.

My question is, is it possible to prevent users from deleting files that are in-use at the moment of deletion attempt (similar to Windows)? Is it possible to use PAM for this?

Shaakunthala
  • 211

2 Answers2

0

There is no way to 'lock' files or to prevent them from modification from users that have permissions to do so.

As long as the user has file system permissions (write permissions, to be exact) to delete a file, then they will be able to delete it. You will need to utilize users and file permissions in order to prevent someone from deleting files.

Specifically, I would look at the following commands:

chmod
chown
chgrp
adduser
passwd
Ross
  • 1,150
  • Really the right to delete a file depend on the permission the user have on the directory containing it. Try "sudo touch file_owned_by_root; rm file_owned_by_root" in your home dir. You will be asked for confirmation, but you will be able to delete it. Remember, in Unix deleting a file simply remove the hardlink --- real deletion happens only when the last hardlink is removed. – Rmano Mar 10 '14 at 16:25
0

In windows when you open a file , it will be locked by a process and cannot be delete or edit it until the process release it , that a primary reason for the need of restart after every update in windows .

Linux has another mechanism which permit deletion of a file while its executing , and you can still use it until all process using it terminates. So here is the advantage when you upgrade there is no need to reboot.

When you delete the file in Linux , it will be deleted when all references to this file is deleted , so if you want to solve deletion you should create hard-links for this file , or work with permissions of the user on this file .

nux
  • 39,252
  • I understand the advantage of this behaviour. I'm asking this question as part of my research interest. In practical World, sometimes users delete big files and then later surprise to see that disk space is not released. And eventually find out that some daemon is still writing to the file. – Shaakunthala Mar 10 '14 at 15:02
  • did you read well my answer – nux Mar 10 '14 at 15:05
  • Sorry, I missed the last part. But still, Both hardlinks and permissions prevents the file from being deleted even when user is supposed to delete it. I was wondering if there's some rule based control that look at file's use indicated under /proc/<pid>/fd/. – Shaakunthala Mar 10 '14 at 15:22