Ever been Hacked and now you can’t delete the file…Operation not permitted

Posted on April 16, 2014 by Nikesh Shakya in Linux, News

You can check the file and ownership permissions as well as if the file is set to immutable with these commands in root SSH:

ls -lah /home/username/public_html/pathtofile lsattr /home/username/public_html/pathtofile

The first command will show the file and ownership permissions. If they are 000 or root:root, the root user should still be able to remove the file regardless with this command:

cd /home/username/public_html/pathtofolder rm filename

People can really get into trouble by running rm commands without ensuring they are at the correct directory path for the removal.

Next, the “lsattr” command above, the second one, will show if there are any attributes set on the file. If you see a -i on the lsattr command, then run this command to unset that attribute:

chattr -i /home/username/public_html/pathtofile

This will remove that immutable file attribute. What immutable does would be preventing changing and removing a file. If the file has that set on it, even the root user cannot remove the file and this is my suspicion on what might be happening if you haven’t been able to remove it even as the root user in root SSH.

Leave a Comment