I have a number of directories under /tmp where reports are collected. An example of this are openscap scans, say /tmp/openscap. I like to keep history of scans, however I just found out that RHEL has a cronjob that cleans out files out of /tmp.
I didn't want to disabled the cronjob, because I wanted it to clean out files that I don't need, however I don't want it to cleanup the /tmp/openscap.
So I used chattr to prevent this;
Code:
chattr -R +i /tmp/openscap
However I have scripts that I run, as a non-privileged user, that create reports and place them into /tmp/openscap, and with the +i set on /tmp/openscap, so the script has issues.
To me chattr, is to setup files/directories where nothing can be done with them.
I've seen examples where it is recommended to set this for /etc/passwd and /etc/shadow, however if my simple script, ran as a non-privileged user, is having issues, I would worry about using chattr.