Write Denied: The +i Culprit

This document (000021762) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server

Situation

Unable to create, move or remove files within a specific directory.

sles-server:/mnt # ll broken/
total 0
-rw-r--r-- 1 root root 0 Mar 27 10:42 first_file

sles-server:/mnt # touch broken/another_new_file
touch: setting times of 'broken/another_new_file': No such file or directory

sles-server:/mnt # echo Hi > broken/another_new_file
-bash: broken/another_new_file: Operation not permitted


sles-server:/mnt # mv broken/first_file broken/to_delete
mv: cannot move 'broken/first_file' to 'broken/to_delete': Operation not permitted

sles-server:/mnt # rm broken/first_file
rm: cannot remove 'broken/first_file': Operation not permitted

The same applies to directories: they cannot be moved, their permissions cannot be modified, and their owner cannot be changed.

sles-server:/mnt # mv broken/ to-be-delete
mv: cannot move 'broken/' to 'to-be-delete': Operation not permitted

sles-server:/mnt # chown wtmpx:users broken/
chown: changing ownership of 'broken/': Operation not permitted

sles-server:/mnt # chmod 700 broken/
chmod: changing permissions of 'broken/': Operation not permitted

The filesystem has sufficient free inodes and disk space. Additionally, the filesystem check did not report any issues.

sles-server:/mnt # df -hT /mnt
Filesystem     Type  Size  Used Avail Use% Mounted on
/dev/sdc1      xfs    60G   33M   60G   1% /mnt

sles-server:/mnt # df -hi /mnt
Filesystem     Inodes IUsed IFree IUse% Mounted on
/dev/sdc1         30M     7   30M    1% /mnt

The directory doesn't have any extra extended ACL.

sles-server:/mnt # ll
total 0
drwxr-xr-x 2 root root 24 Mar 27 10:42 broken
drwxr-xr-x 2 root root 24 Mar 27 10:42 working

sles-server:/mnt # getfacl broken
# file: broken
# owner: root
# group: root
user::rwx
group::r-x
other::r-x

Creating files and directories is possible in other folders, including the parent folder.

sles-server:/mnt # touch config_file

sles-server:/mnt # touch working/suse.conf

sles-server:/mnt # ll config_file working/suse.conf
-rw-r--r-- 1 root root 0 Mar 27 10:52 config_file
-rw-r--r-- 1 root root 0 Mar 27 10:52 working/suse.conf

Resolution

To resolve the issue, remove the immutable flag from the directory by using chattr command.

sles-server:/mnt # chattr -i broken/

sles-server:/mnt # lsattr .
------------------- ./broken
------------------- ./working

sles-server:/mnt # touch broken/after-removing-immutable-flag

sles-server:/mnt # ll broken/after-removing-immutable-flag
-rw-r--r-- 1 root root 0 Mar 27 11:02 broken/after-removing-immutable-flag

Cause

The lsattr command can be used on the parent directory to list file and directory attributes, as the standard ls command does not display them. This issue could be caused by changes to directory attributes or by external security or hardening software.

sles-server:/mnt # lsattr .
----i-------------- ./broken
------------------- ./working

sles-server:/mnt # lsattr -l .
./broken                     Immutable
./working                    ---

The presence of the “i” flag, as shown above, indicates that the affected directory is marked as immutable.

According to the chattr man page:

A  file  with  the  'i'  attribute  cannot  be  modified:  it  cannot  be deleted or renamed, no link can be created to this file and no data can be written to the file.

Additional Information

For additional information, check the lsattr and chattr man pages.

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.