I've tried to use chattr/lsattr on various files/directories under RHEL, however it seems to cause havoc when trying to either move files into directories or delete files in directories where the -i flag has been set.

Also finding out that various scripts have issues too...

Was wondering what others are using chattr/lsattr on? I was thinking /etc/passwd and /etc/shadow, but if I have scripts having issues on test files, this would not be a good move.

Can you be a bit more specific about which flags have been causing you problems, under which circumstances, and what these problems are?

I have a number of directories under /tmp where reports are collected. An example of this are openscap scans, say /tmp/openscap. I like to keep history of scans, however I just found out that RHEL has a cronjob that cleans out files out of /tmp.

I didn't want to disabled the cronjob, because I wanted it to clean out files that I don't need, however I don't want it to cleanup the /tmp/openscap.

So I used chattr to prevent this;

However I have scripts that I run, as a non-privileged user, that create reports and place them into /tmp/openscap, and with the +i set on /tmp/openscap, so the script has issues.

To me chattr, is to setup files/directories where nothing can be done with them.

I've seen examples where it is recommended to set this for /etc/passwd and /etc/shadow, however if my simple script, ran as a non-privileged user, is having issues, I would worry about using chattr.

It sounds as if the -i attribute is doing the job it was intended to do.

Why don't you store the files in /var/tmp? That directory is intended for storing temporary files that are to survive a reboot. Or indeed store them in any other suitable directory that doesn't get auto wiped?

If you use /var/tmp, you would have to check what RHEL does, if anything, with respect to maintenance on /var/tmp. I read somewhere that RHEL deletes files there that have not been accessed, modified or had a status change in the last 30 days, but that may not be up-to-date info. You could get round that by batch touching the files every so often.

Or, you could find out where RHEL calls tmpwatch (it will probably depend on which version of RHEL you are running) and add an --exclude option.

Correct, I'm moving stuff I want to keep under /var/tmp instead of /tmp.

I've looked at their cronjobs too to make sure they don't clean up /var/tmp...

thanks