Unable to delete this file as root

Question

I'm unable to delete a file with rm -rf /home/wordpress/testDomain.com from my Linux machine. Instead of the file being deleted, I get an Operation not permitted error. How can I fix this?

$ cd /home/wordpress/testDomain.com/wp-content/plugins/sitepress-multilingual-cms/vendor/otgs
$ sudo rm -f annmanagement
rm: cannot remove 'annmanagement': Operation not permitted
$ ls -al
total 3308
drwxr-xr-x 2 www-data www-data    4096 May 27 13:43 .
drwxr-xr-x 3 www-data www-data    4096 May 27 13:46 ..
-r-------- 1 root     root     3375768 Dec 27  2016 annmanagement

$ sudo find . -inum 535255 -exec rm -i {} \;**
rm: remove regular file './annmanagement'? y
rm: cannot remove './annmanagement': Operation not permitted


$ lsattr
----i---------e----- ./annmanagement

$ stat annmanagement
  File: annmanagement
  Size: 3375768         Blocks: 6600       IO Block: 4096   regular file
Device: fd00h/64768d    Inode: 535255      Links: 1
Access: (0400/-r--------)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2022-05-27 09:02:30.650849241 +0200
Modify: 2016-12-27 10:48:37.000000000 +0100
Change: 2022-03-15 07:59:42.524922372 +0100
 Birth: -

Strace output:

$ sudo strace rm -f annmanagement**
execve("/bin/rm", ["rm", "-f", "annmanagement"], 0x7ffc24e45690 /* 13 vars */) = 0
brk(NULL)                               = 0x55cd820a2000
arch_prctl(0x3001 /* ARCH_??? */, 0x7ffe7894d320) = -1 EINVAL (Invalid argument)
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=42697, ...}) = 0
mmap(NULL, 42697, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f8c5d386000
close(3)                                = 0
openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\300A\2\0\0\0\0\0"..., 832) = 832
pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 784, 64) = 784
pread64(3, "\4\0\0\0\20\0\0\0\5\0\0\0GNU\0\2\0\0\300\4\0\0\0\3\0\0\0\0\0\0\0", 32, 848) = 32
pread64(3, "\4\0\0\0\24\0\0\0\3\0\0\0GNU\0\30x\346\264ur\f|Q\226\236i\253-'o"..., 68, 880) = 68
fstat(3, {st_mode=S_IFREG|0755, st_size=2029592, ...}) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f8c5d384000
pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 784, 64) = 784
pread64(3, "\4\0\0\0\20\0\0\0\5\0\0\0GNU\0\2\0\0\300\4\0\0\0\3\0\0\0\0\0\0\0", 32, 848) = 32
pread64(3, "\4\0\0\0\24\0\0\0\3\0\0\0GNU\0\30x\346\264ur\f|Q\226\236i\253-'o"..., 68, 880) = 68
mmap(NULL, 2037344, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f8c5d192000
mmap(0x7f8c5d1b4000, 1540096, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x22000) = 0x7f8c5d1b4000
mmap(0x7f8c5d32c000, 319488, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x19a000) = 0x7f8c5d32c000
mmap(0x7f8c5d37a000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1e7000) = 0x7f8c5d37a000
mmap(0x7f8c5d380000, 13920, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f8c5d380000
close(3)                                = 0
arch_prctl(ARCH_SET_FS, 0x7f8c5d385580) = 0
mprotect(0x7f8c5d37a000, 16384, PROT_READ) = 0
mprotect(0x55cd80c6a000, 4096, PROT_READ) = 0
mprotect(0x7f8c5d3be000, 4096, PROT_READ) = 0
munmap(0x7f8c5d386000, 42697)           = 0
brk(NULL)                               = 0x55cd820a2000
brk(0x55cd820c3000)                     = 0x55cd820c3000
openat(AT_FDCWD, "/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=3035952, ...}) = 0
mmap(NULL, 3035952, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f8c5ceac000
close(3)                                = 0
ioctl(0, TCGETS, {B38400 opost isig icanon echo ...}) = 0
newfstatat(AT_FDCWD, "annmanagement", {st_mode=S_IFREG|0400, st_size=3375768, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlinkat(AT_FDCWD, "annmanagement", 0)  = -1 EPERM (Operation not permitted)
openat(AT_FDCWD, "/usr/share/locale/locale.alias", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=2996, ...}) = 0
read(3, "# Locale name alias data base.\n#"..., 4096) = 2996
read(3, "", 4096)                       = 0
close(3)                                = 0
openat(AT_FDCWD, "/usr/share/locale/en_US.UTF-8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale/en_US.utf8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale/en_US/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale/en.UTF-8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale/en.utf8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale/en/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale-langpack/en_US.UTF-8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale-langpack/en_US.utf8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale-langpack/en_US/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale-langpack/en.UTF-8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale-langpack/en.utf8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale-langpack/en/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
write(2, "rm: ", 4rm: )                     = 4
write(2, "cannot remove 'annmanagement'", 29cannot remove 'annmanagement') = 29
openat(AT_FDCWD, "/usr/share/locale/en_US.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale/en_US.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale/en_US/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale/en.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale/en.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale/en/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale-langpack/en_US.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale-langpack/en_US.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale-langpack/en_US/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale-langpack/en.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale-langpack/en.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/share/locale-langpack/en/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
write(2, ": Operation not permitted", 25: Operation not permitted) = 25
write(2, "\n", 1
)                       = 1
lseek(0, 0, SEEK_CUR)                   = -1 ESPIPE (Illegal seek)
close(0)                                = 0
close(1)                                = 0
close(2)                                = 0
exit_group(1)                           = ?
+++ exited with 1 +++

Kusalananda · Accepted Answer · 2022-05-27T13:30:28.910

45

The file has the i ("immutable") attribute, according to the output from lsattr that you show.

From the chattr(1) manual (on Ubuntu):

A file with the i attribute cannot be modified: it cannot be deleted or renamed, no link can be created to this file, most of the file's metadata can not be modified, and the file can not be opened in write mode. Only the superuser or a process possessing the CAP_LINUX_IMMUTABLE capability can set or clear this attribute.

This recreates your situation on my local system for the file called file:

$ touch file
$ lsattr file
--------------e----- file
$ sudo chattr +i file
$ lsattr file
----i---------e----- file
$ sudo rm file
rm: cannot remove 'file': Operation not permitted

To remove the file, I first have to unset the immutable attribute as root:

$ sudo chattr -i file
$ rm file

edited May 27 '22 at 13:30

answered May 27 '22 at 13:24

Kusalananda

320,670
36
633
936

Another common (and similar) possibility would be a read-only mounted partition. – Wolfgang May 29 '22 at 14:47
@Wolfgang Yes, but the evidence that the user provided pointed elsewhere in this case. – Kusalananda May 29 '22 at 16:21
1

@Wolfgang for the case of a read-only mount, you get a different (and more descriptive) error message (at least for me at Linux). – thanasisp May 30 '22 at 10:37

Unable to delete this file as root

1 Answers1