Prevent editing/truncating file but not deletion (unlink)
I would like to make sure a file's content (the inode content) cannot be modified in any way, but still allow deleting (unlinking) the file (rationale below). That is, I could like to do something to file dest so that 'cp source dest' fails, even as root, but 'cp --remove-destination source dest' succeeds. The only thing I could find is to use chattr +i on the file. However, that also prevents unlinking. Is there a better solution?
The reason for this is that the file is a jar, used by a running java virtual machine. I want to update the code with a new version (with the same file name), but keep the previous instance of the JVM running for some time until it finishes its job. That will work if I first unlink the jar, but not if I use plain cp, which will by default truncate and overwrite the file's content, creating havoc and crashes in the running JVM. Since that is running a server used in production by hundreds of people simultaneously, I would like to make sure this never happens because I did a plain cp by mistake. Thanks for any help and information. |
Quote:
In such cases I write a small script, or better a shell function, e.g. function Jar_Remove { DEST=my_destination SOUR=my_source chattr -i $DEST echo "Chattr -i $DEST..." cp --remove-destination $SOUR $DEST echo "Remove $DEST and copying $SOUR to $DEST..." chattr +i $DEST echo "chattr restored." } export -f Jar_Remove This function with the export in a file sourced by .bashrc. It is perhaps not elegant, but your destination is safe, and only the call of Jar_Remove by root does the right thing. If you want to use it as a user, use "sudo". HTH er1ch |
All times are GMT -5. The time now is 01:26 PM. |