The file and folder in Linux could not be deleted
- 2020-12-22 17:53:45
- OfStack
preface
Recently, our server was hacked, and some files' properties were changed, so that we could not delete the virus files, and root users could not delete the virus files, now let's record the solution.
Ordinary delete
If the file belongs to the current user, the rm command can be used to delete it
rm -rf file.sh
If it cannot be removed, try using root user to remove it. If it cannot be removed, see the instructions below.
Commands you need to know
If the normal way of deleting does not work, then we need to know the following command to delete
lsattr
The lsattr command is used to display the properties of the file as follows
# list file.sh File properties
lsattr file.sh
# Lists the properties of all files and folders in the current directory
lsattr
Attributes that
Details please refer to: https: / / baike baidu. com/item/chattr / 9841067 & # 63; fr=aladdin
chattr
chattr is used to modify file attributes. Please switch to root user for this command. If it is ubuntu user, sudo can be added before the command to modify
# for file.sh Files to increase i logo
chattr +i file.sh
# for file.sh File to remove i logo
chattr -i file.sh
# for file.sh increase i, a Two logo
chattr +ia file.sh
# for file.sh File to remove i, a Two logo
chattr -ia file.sh
Details please refer to the operation: https: / / baike baidu. com/item/chattr / 9841067 & # 63; fr=aladdin
The actual operation
It is known from the above that when the file sets any 1 attribute of i and a, we cannot delete the file, so we first remove the attributes of i and a, and then perform deletion:
# remove i, a attribute
chattr -ia file.sh
# Check to see if the removal was successful
lsattr file.sh
# Remove the file
rm -rf file.sh
If the file has not been deleted successfully, we need to consider whether the folder to which the file belongs has the i or a attribute set (this is really hard to find out).
# On the back 1 level
cd ..
# Direct use of lsattr Command that lists the properties of all files and folders under the current folder
# Don't use lsattr folder This syntax lists the properties of the files under the folder
lsattr
If the folder is set, remove the properties of the folder, and then delete the files in the folder
harvest
conclusion