You are root on your system, you do a rm of a file and get a “rm: can not remove` test ‘: Operation not permitted” is this possible?
Yes, if there are any special extended attributes set on your filesystem.
The “interesting” thing is that also some rootkit use these attribute after have changed some binary (ps, netstat) so restoring the originals it’s a bit harder.
But don’t worry in this article i’ll present you the lsattr and chattr commands that will help you in list and manipulate the extended attribute on your Linux box
Continue reading »