How can I prevent deletion of a folder in Linux? I have a Documents/Keychains folder that I don’t want to accidentally delete or delete its contents, but I need read and write permissions (so I don’t have to enter passwords every time). Is there an analog of the +i attribute that would only prohibit deletion, but not other operations?
How to Prevent Folder Deletion in Linux While Maintaining Read and Write Permissions
There are several effective methods to prevent folder deletion in Linux while maintaining read and write permissions. The most reliable approach is using the immutable attribute (+i) with modifications to prevent only deletion, not other operations.
Table of Contents
- Basic Protection Methods
- Immutable Attribute (+i) and Its Limitations
- Using Parent Directory Permissions
- ACL (Access Control Lists)
- Protection Through Symlink or Wrapper
- Practical Application for Documents/Keychains
- Recommendations and Best Practices
Basic Protection Methods
To prevent accidental deletion of the Documents/Keychains folder, you can use several approaches:
- Modifying parent directory access rights — controlling write permissions in the parent folder
- Using the immutable attribute (+i) — setting a protected state for the file
- ACL (Access Control Lists) — extended access control lists
- Creating special wrappers or symlinks — physically limiting access
Each method has its advantages and limitations. Let’s examine them in detail.
Immutable Attribute (+i) and Its Limitations
The +i (immutable) attribute is the most well-known way to protect files and directories from any changes:
# Set the +i attribute
chattr +i Documents/Keychains
# Check attributes
lsattr Documents/Keychains
# Remove the +i attribute
chattr -i Documents/Keychains
However, this approach has a significant limitation: the +i attribute prohibits any changes, including:
- Creating new files
- Modifying existing files
- Renaming files
- Changing permissions
For your situation where read and write permissions are needed, this method is not suitable as it completely blocks write access.
Important: The
+iattribute only works on filesystems that support extended attributes, such as ext2, ext3, ext4, XFS.
Using Parent Directory Permissions
A more flexible approach is managing access rights to the parent directory. To prevent deletion, you need to control the w (write) permission in the parent folder:
# Check current permissions
ls -ld Documents/
# Change permissions so only the owner can modify contents
chmod 750 Documents/
However, this doesn’t completely solve the problem, as the folder owner can still delete its contents.
A more effective method is to use a combination of permissions:
# Set permissions on the parent directory
chmod 750 Documents/
# Remove write permission for group and others
# Now only the owner can modify the contents
This method allows reading and writing to the folder but limits deletion to only the owner.
ACL (Access Control Lists)
ACL provides more flexible access control than standard Unix permissions:
# Set ACL
setfacl -m u:user_name:rwx Documents/Keychains
# Prevent deletion for everyone except owner
setfacl -m d:u:everyone:-wx Documents/Keychains
# Check ACL
getfacl Documents/Keychains
ACL allows fine-tuning permissions for different users and groups. For your situation, you can:
- Give full rights to the owner
- Give read and write rights to needed users
- Prevent deletion rights for everyone except the owner
# Example ACL configuration
setfacl -R -m u:owner:rwx,g:users:rwx,o:--- Documents/Keychains
setfacl -R -m d:u:owner:rwx,g:users:rwx,o:--- Documents/Keychains
Protection Through Symlink or Wrapper
Another interesting approach is using symbolic links or special wrappers:
# Create a protected folder with limited access
mkdir -p /secure/Keychains_backup
cp -r Documents/Keychains/* /secure/Keychains_backup/
# Create a symlink for convenient access
ln -s /secure/Keychains_backup ~/Keychains_access
# Delete the original folder
rm -rf Documents/Keychains
This way, the content is physically located in a secure place, and access is provided through the symlink.
Practical Application for Documents/Keychains
For your specific situation with the Documents/Keychains folder, I recommend the following approach:
# 1. Set ACL with deletion prevention
setfacl -R -m u:$USER:rwx,g:$USER:rwx,o:--- Documents/Keychains
setfacl -R -m d:u:$USER:rwx,g:$USER:rwx,o:--- Documents/Keychains
# 2. Create a special wrapper script
cat > /usr/local/bin/protect_keychains.sh << 'EOF'
#!/bin/bash
# Script to protect the Keychains folder from deletion
KEYCHAINS_DIR="$HOME/Documents/Keychains"
if [ -d "$KEYCHAINS_DIR" ]; then
echo "Setting protection for Keychains folder..."
setfacl -R -m u:$USER:rwx,g:$USER:rwx,o:--- "$KEYCHAINS_DIR"
setfacl -R -m d:u:$USER:rwx,g:$USER:rwx,o:--- "$KEYCHAINS_DIR"
echo "Protection installed. Folder cannot be deleted."
else
echo "Keychains folder not found: $KEYCHAINS_DIR"
fi
EOF
chmod +x /usr/local/bin/protect_keychains.sh
# 3. Add to autostart
echo "@reboot /usr/local/bin/protect_keychains.sh" | crontab -
This script automatically configures ACL on system boot, ensuring continuous protection.
Recommendations and Best Practices
For optimal protection of your Documents/Keychains folder, I recommend:
- Use ACL instead of simple permissions — they provide more flexible control
- Regularly check access permissions — ensure the settings are working correctly
- Create backups — make a backup of the contents before applying protection
- Document changes — save the settings for possible restoration
Important: All these methods require superuser rights for configuration. Make sure you have the necessary privileges before applying changes.
For your situation, the most suitable solution would be a combination of ACL and periodic permission checks, as this will provide the necessary flexibility while maintaining protection against accidental deletion.