Linux Tips
The Immutable Bit
2019.11.11
Nathan Thompson
The Problem
For a while, I have pondered upon how to best handle updates to cronie on my Linux client systems. When cronie updates, the 0anacron file (/etc/cron.hourly.0anacron
) is rewritten by the default settings, preventing my backups from running on battery power. Frustrating to say the least.
The Fix
For the last few years, I have considered several ways on managing the situation:
- Perhaps setting up a notification for when cronie updates the 0anacron file? Inotify seems interesting and potentially useful for such a task? Keep making statements into questions? Okay?
- If not a notification, could I lock the file from changes when cronie updates? My only concern here is the syntax of 0anacron has changed over the years as I have backup copies of this file{1} with much different syntax than the current file.
- Edit cronie to execute a different file than 0anacron. While this sounds good, I have no real understanding of how to edit cronie in this manner. I am far out of my wheelhouse here. Sorry readers.
- Allow cronie to update normally, but then manually edit the 0anacron file to comment out the power section after each update. This method works well enough, but is tedious if you have multiple systems to keep updated.
For a few years, I happily chose option "4" as cronie only updates a couple times a year, at most, sometimes updates might only occur every couple years! Yet, in 2019, there have been five updates to cronie already and we have about six weeks remaining in the year.{2}
Wondering if it was time to revisit the issue after the second or third update this year, I decided option "2" was the way to go. On my own system, I let cronie update with unfettered access to 0anacron, allowing for the possibility of material changes to the syntax warranting the replacement of the old 0anacron file. In that situation, I can happily copy the most recent file over to the other systems with a locked 0anacron file.
{1} Duplicating the original file and then appending .bak to it is a great way to be able to undo changes in case you seriously bork something when editing config files.
{2} Not that I am anticipating any additional updates to cronie for 2019, but as an Arch user we definitely get more updates than the average bear.
How to implement the fix?
With Linux there are always a number of way to skin a cat{3}, but I settled on a simple tool, chattr
, which allows the user to set or remove certain file attributes. The particular attribute we are after is the "immutable bit". Setting this attribute means nothing on the system, not even the super user, can edit, rename, link to, nor delete the specified file. Perfect! Not a problem, so how do we configure such an attribute? Glad you asked!
- Open a terminal in a user account that is able to access sudo.
- Type
sudo chattr +i /etc/cron.hourly/0anacron
- You will be prompted for your password.
+
is used to set the attribute.i
is the immutable bit.
- Now try editing the 0anacron file.
sudo nano /etc/cron.hourly/0anacron
- You will be prompted for your password if enough time has passed between step 2 and 3.
- Now type toucan at the top of the document.
- Ctrl X will write buffer.
- Type Yes when prompted.
- Error message should appear.
- Success!!!!
- If you need to reset the immutable bit, no problem, simply:
- Type
sudo chattr -i /etc/cron.hourly/0anacron
- You will be prompted for your password.
-
is used to remove the attribute.i
is the immutable bit.
- Type
{3} Yeah, another animal reference in the same article, a particularly gruesome one at that, who thinks of these things?
Up to Date Cronie with Backup Continuity
Now we can rest easy knowing our backups likely will not break as the proper file can no longer be overwritten by subsequent cronie updates. However, remain ever vigilant in case a day comes when cronie does actually need to update the 0anacron file, as manual intervention will be required once again. Sorry, sometimes life is not perfect, but we are coping pretty well all things considered. Happy computing!