The file and folder in Linux could not be deleted

  • 2020-12-22 17:53:45
  • OfStack

preface

Recently, our server was hacked, and some files' properties were changed, so that we could not delete the virus files, and root users could not delete the virus files, now let's record the solution.

Ordinary delete

If the file belongs to the current user, the rm command can be used to delete it


rm -rf file.sh

If it cannot be removed, try using root user to remove it. If it cannot be removed, see the instructions below.

Commands you need to know

If the normal way of deleting does not work, then we need to know the following command to delete

lsattr

The lsattr command is used to display the properties of the file as follows


#  list  file.sh  File properties 
lsattr file.sh
#  Lists the properties of all files and folders in the current directory 
lsattr

Attributes that

The i property is set to prevent files from being deleted, renamed, or connections from being written or added to the data, which can only be set by root users After the a property is set, the file can only add data, but cannot delete or modify data, which can only be set by root users When A sets the A attribute, the access time of atime will not be changed if you access this file or directory. This prevents slower MACHINES from overaccessing the disk. This is helpful for slower computers. After the s property is set, if the file is deleted, it will be completely deleted from the hard disk After the S property is set, the file writes synchronously to the hard disk (generally asynchronous) After the u property is set, the data contents of the deleted file are still stored on disk and the file can be retrieved e represents the file as executable

Details please refer to: https: / / baike baidu. com/item/chattr / 9841067 & # 63; fr=aladdin

chattr

chattr is used to modify file attributes. Please switch to root user for this command. If it is ubuntu user, sudo can be added before the command to modify


#  for  file.sh  Files to increase  i  logo 
chattr +i file.sh
#  for  file.sh  File to remove  i  logo 
chattr -i file.sh
#  for  file.sh  increase  i, a  Two logo 
chattr +ia file.sh
#  for  file.sh  File to remove  i, a  Two logo 
chattr -ia file.sh

Details please refer to the operation: https: / / baike baidu. com/item/chattr / 9841067 & # 63; fr=aladdin

The actual operation

It is known from the above that when the file sets any 1 attribute of i and a, we cannot delete the file, so we first remove the attributes of i and a, and then perform deletion:


#  remove  i, a  attribute 
chattr -ia file.sh
#  Check to see if the removal was successful 
lsattr file.sh
#  Remove the file 
rm -rf file.sh

If the file has not been deleted successfully, we need to consider whether the folder to which the file belongs has the i or a attribute set (this is really hard to find out).


#  On the back 1 level 
cd ..
#  Direct use of  lsattr  Command that lists the properties of all files and folders under the current folder 
#  Don't use  lsattr  folder   This syntax lists the properties of the files under the folder 
lsattr

If the folder is set, remove the properties of the folder, and then delete the files in the folder

harvest

Although lsattr and chattr were discovered in the process of virus cleaning this time, through the understanding of file attributes, we found that in the actual work we can use the file attributes to protect important files from being deleted by mistake, and ensure that the files can be recovered after being deleted by mistake. If there is still no effect after the operation of the file, we can try to solve it from the folder.

conclusion


Related articles: