0

I've installed a CMS on my CentOS which changes a file constantly. And I want to prevent it from being changed. I tried:

chattr +i file.php

Or:

chmod 444 file.php

Even I've tried copying file(as file.php2) and then mounting it:

mount --bind file.php2 file.php -o ro

Then how can I prevent my file from being changed by that CMS?

Improve this question

2 Answers 2

Reset to default
1

You must

  • prevent others than owner to write the file :

chmod 644 file.php

  • you must set the ownership of the file to a different user and group than the user running the CMS

chown root:root file.php

  • Additionnaly, prevent others than owner to write to directory :

chmod 755 /path/to/dir/containing/

  • Additionnaly, change owner of folder to another user/group

chown root:root /path/to/dir/containing/

Why work on the folder too ?

Because a user having write rights on a folder can delete any other user's files, even if he couldn't write to it or read it. As a consequence, if you do not change the folder's permission too, the CMS user could delete your 'protected' file and write another one in its place.

Edit: and of course, your CMS shouldn't run as root, or all the above would be ignored

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Try sudo chmod 400 file.php This will make the file non editable to other users.

Improve this answer

4 Comments

Try to figure out from where that file get changed from CMS
how should i do that? is there any way to understand which file of cms changed file.php?
search through your all cms files in editor for ex. php file functions like fopen or that file name. so that you track it
files are encrypted

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.