How to Use the Linux Flock Command to Prevent Another Root Process from Deleting a File

  • Home
  • Languages
  • Linux
  • How to Use the Linux Flock Command to Prevent Another Root Process from Deleting a File

How do I use the linux flock command to prevent another root process from deleting a file?

No, flock does NOT prevent anyone from doing anything. Unix locks are ADVISORY, which means that they prevent other processes from also calling flock (or in the case of a shared lock, prevent another process using an exclusive one).

It doesn't stop root, or anyone else, from reading, writing or deleting the file.

In any case, even if it was a mandatory lock, it wouldn't stop the file being deleted, as it's the file being locked not the directory entry.

flock() doesn't preventing other process to get exclusive lock

Try:

if ((fd1 = open( "file1", O_RDWR | O_CREAT | O_TRUNC)) == -1)
//  ^                                                ^

As what you have written is the same as:

if (open( "file1", O_RDWR | O_CREAT | O_TRUNC) == -1)
    fd1 = TRUE;
else
    fd1 = FALSE;

Therefore you are attempting to lock stdin or stdout (depending on the result of open()).

flock doesn't get released on logout/reboot

Don't remove the file; just let the process holding the file open exit.

(
    if [[ -n $LOGFILE ]]; then
        exec >>"$LOGFILE" 2>&1
    fi

    flock -xn 200 || { show_message "$(basename ${0}): cannot acquire lock ${LOCK_FILE}"; exit 3; }

    main
) 200>"${LOCK_FILE}"

When main exists, the subshell that opened $LOCK_FILE will exit as well, and the lock will be dropped.

If you want to release the lock explicitly, use flock --unlock 200 instead of removing the file.

How to protect file from reading by other processes without mandatory lock in Linux?

Well, if you have a sensitive data, then you should decide to whom you can trust. Do remember that you have to trust at least to superuser (well, with SELinux this is not a complete truth but nevertheless).

Then when you decide to whom you can trust, you may configure file permissions and permissions of the directory where it's located such a way that only trusted users are permitted to access its content. Directory permissions are required to hide the fact that the file exists.

You could also delete the file right after it's created and opened and then write to the opened file. This way you can assure that the file is actually removed if your program unexpectedly dies


Related Topics

Docker Behind Proxy That Changes Ssl Certificate

How to Develop Opengl Es (Gles) 2.0 Applications on Linux

How to Pass a Value to a Builtin Linux Kernel Module at Boot Time

How to Create a JSON Web Token (Jwt) Using Openssl Shell Commands

How to Start Redis-Server on a Different Port Than the Default Port 6379 in Ubuntu

Bash Export Command

Gdb Break When Program Opens Specific File

Using Output of Awk to Run Command

Who Can Access a File with Octal Permissions "000" on Linux/Unix

Bash: Head & Tail Behavior with Bash Script

Why Doesn't "History | Vim" Work

Can Gdb Change the Assembly Code of a Running Program

Shell Script Tilde Expansion

Postgresql on Elastic Beanstalk (Amazon Linux 2)

How to Write Shell Command Within Pharo Smalltalk

How Are Threads/Processes Parked and Woken in Linux, Prior to Futex

How Is the Address of the Text Section of a Pie Executable Determined in Linux

Automated Test Tools for Linux/Ncurses


Leave a reply



Submit