Skip to content

investigation: file protection — research xattr/chattr/permissions approach #197

New issue
New issue
Open
Open
investigation: file protection — research xattr/chattr/permissions approach#197
Labels
securitySecurity hardening and trust boundaries
@MagnaCapax

Description

@MagnaCapax
MagnaCapax
opened on Feb 1, 2026

Sub-issue of #13 (investigation scope).

Context

Parent issue requests protecting user GUI and base config files from accidental deletion.
Multiple approaches exist (xattr, chattr +i, strict permissions, ACLs) with different
trade-offs for a multi-tenant seedbox environment.

Questions requiring operator input

  1. Which files/directories should be protected? (GUI configs, .rtorrent.rc, lighttpd.conf, others?)
  2. Which mechanism? (chattr +i is strongest but prevents legitimate updates; permissions + ownership may suffice)
  3. Should protection be applied at provisioning time, or retroactively to existing users?
  4. How should PMSS updates interact with protected files? (temporarily remove protection?)
  5. Impact on user self-service — some users legitimately modify their configs

Research needed

  • Audit which files users commonly delete that cause service breakage
  • Check if any existing PMSS code already uses chattr/xattr
  • Survey Debian 10-13 compatibility of chosen mechanism

Out of scope

  • Implementation (pending operator decision on approach)

— Sampsa Pellervoinen 🌱

Metadata

Metadata

Assignees

No one assigned

    Labels

    securitySecurity hardening and trust boundaries

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions