Recently our server was attacked by hackers, and then the attributes of some files were modified, causing us to be unable to delete the virus files. At the same time, the root user cannot delete them. Now we will record the solution.
Linux file/folder cannot be deleted problem solution
Normal deletion
If the file belongs to the current user, then Use the rm command to delete
rm -rf file.sh
If it cannot be deleted, try to delete it using the root user. If it cannot be deleted, please see the instructions below.
Recommended: "Linux Tutorial"
Commands you need to know
If you delete it normally The method is useless, then we need to know the following command to delete it
lsattr
lsattr command is used to display the attributes of the file. The usage method is as follows
# 列出 file.sh 文件的属性 lsattr file.sh # 列出当前目录下所有文件以及文件夹的属性
lsattr
Attribute description
i After the attribute is set, the file cannot be deleted or renamed, and the set connection cannot be written or added. Data, only the root user can set
a After the attribute is set, the file can only add data, and the data cannot be deleted or modified. Only the root user can set
A After setting the A attribute, if When you access this file or directory, its access time atime will not be modified, which can avoid excessive disk access by machines with slow I/O. This helps on slower computers.
s After the property is set, if the file is deleted, it will be completely deleted from the hard disk
S After the property is set, the file will be written to the hard disk synchronously (usually asynchronously)
u After the attribute is set, the data content will still exist on the disk after the file is deleted, and the file can be retrieved
e means that the file is an executable file
chattr
chattr is used to modify file attributes. Please switch to the root user to use this command. If you are an ubuntu user, you can add sudo before the command to modify it
# 为 file.sh 文件增加 i 标识 chattr +i file.sh # 为 file.sh 文件去除 i 标识 chattr -i file.sh # 为 file.sh 增加 i, a 两个标识 chattr +ia file.sh # 为 file.sh 文件移除 i, a 两个标识 chattr -ia file.sh
Actual operation
From the above we know that when the file sets any attribute of i and a, we cannot delete the file, then we first remove the i, a attributes, and then perform the deletion:
# 移除 i, a 属性 chattr -ia file.sh # 查看是否移除成功 lsattr file.sh # 移除文件 rm -rf file.sh
If the file has not been deleted If successful, we need to consider whether the i or a attribute is set in the folder to which the file belongs (this is really difficult to find)
# 退回上一级 cd .. # 直接使用 lsattr 命令,这样可以列出当前文件夹下所有文件和文件夹的属性 # 不要使用 lsattr 文件夹 这样的语法,这样是列出该文件夹下的文件的属性
lsattr
If the folder is If set, perform a removal operation on the attributes of the folder, and then delete the files in the folder
harvest
Although lsattr and chattr are used to remove viruses this time It was discovered during the process, but by understanding the file attributes, we found that in actual work, we can use file attributes to protect important files from being accidentally deleted, and to ensure that files can be recovered after accidental deletion.
If there is still no effect after operating the file, we can try to solve it from the folder.
The above is the detailed content of What to do if Linux cannot delete files. For more information, please follow other related articles on the PHP Chinese website!