How to make a file hard to edit on linux

This is not exactly a question about zig (more about the OS), but something I am trying to do in a zig project and don’t know how, and every time I posted a question here I ended up solving the problem with the solutions I got so here we are.

OS is linux (arch) I am trying to make a simple program that blocks websites for certain periods of time (like cold turkey for windows) the mechanism to do that I found works is to change etc/hosts.

However, for the app to work it needs to make it such that the block is difficult to bypass. How do I make it such that it will be hard for me to manually edit hosts and only allow the app to do that? (or if there’s something else like the app detecting the user wanting to scam it by changing etc/hosts and re-applying the changes)

My very off the cuff thoughts are file permissions and hashing are probably the answer? My host file at least doesn’t have default permissions for anything other reading outside of root and if you spin your program up as a small daemon, you can have that deal with the periodic checks for edits and time based updates? Obviously it’s a sudo away from being edited but ultimately everything is one sudo rm -rf away from death haha

I am trying to make it such that I can’t just do “sudo nvim hosts” and start editing. (Or If I do edit it, as soon as I save the program edits it back).

I will have to look up what the rest of the words mean, there’s some new terminology here that I need to understand.

You could just react to updates to the file and override it.

One way would be directly in the app, but then you can just stop the app.

SystemD has a method for running an program if a file changes. You could use this to call your program to override it if the blocked section changed. You can still just disable this, but it’s one extra step, so it might be enough to discourage you

The best way would be to do this on a separate DNS server, but maybe that’s too much for the use case.

I think your problem is non-technical and you are trying to find a technical solution to it.

I don’t understand what you mean. Are you aware of non-technical solutions to this?

You are trying to keep yourself from doing something, instead you need to find a way to change a habit, to another one that doesn’t interfere badly with your life.

Otherwise you are just playing chess against yourself and then wondering why you keep breaking the lock you created and locked yourself.

I guess instead of trying to create a lock you could use an accountability buddy, or a whole bunch of other self improvement techniques. But the underlying problem is the habit and the need behind it, find something better that fulfills the need and gradually change to better and better habits.

But because all of this isn’t really on topic for this forum I would just recommend this guys videos (I haven’t watched much of his content, but the ones I have seen seemed insightful and helpful): James Lim

Oh that’s not what I meant - I thought you meant there’s a way to solve file permissions that wasn’t part of the zig code.

I still think a blocker is the best solution by far. Cold turkey on windows was amazing.

Adding to what @Sze said. I agree what this is non-technical issue but only when you taking it to such degree. I think just making it a little be harder to access websites can go a long way. You don’t need to make it impossible to have an effect on your habits.

You could always
sudo chmod a-w /etc/hosts
It would make it so that your zig code couldn’t edit it too, but it would make it so sudo nvim /etc/hosts wouldnt work.

If you’re a superuser on the machine, I don’t know what to tell you.

There are a few options like people above mentioned, but at the end of the day, something that you set up and have access to, you’ll be able to circumvent one way or the other.

As far as solving the general issue …

1. You could use something that’s browser extension based like Freedom (which I’ve used in the past and would swear by). I’m pretty sure this should work for Linux. This is a great 80% solution.
2. For sites that you log into, you might need to change your password if possible. Write it down but don’t save it in your password manager. Store it somewhere inconvenient. If this won’t work, you might need to change your email account as well so you can’t reset your password, give the paper document to a trusted friend for a month. etc.
3. Only you know yourself and how much of a problem it is for you. You might want to delete these accounts etc entirely.

I highly recommend giving Digital Minimalism a read

Use SELinux. SELinux is a beast to get around. Search the web or ask AI on the commands.

OTOH. Use attributes on files. Change file to immutable,

sudo chattr +i file

Or mutable,

sudo chattr -i file

Put the commands in cron jobs to make the files mutable or immutable at the time of your schedule.

From a quick google search this SELinux seems like it has potential, thank you I will start reading about it more.

The program could expose a VFS which is read-only. You then symlink the hosts from the VFS to /etc

…yeah sure but accountability buddies don’t grow on trees, they need to be created first–by programming, right?

Consider solutions other than modifying the hosts file, such as DNS Sinkhole?

Thank you, I will check it out

Thank you I will also check this out

Just make the file format annoying to edit in a text editor. Use a binary format with loosely ‘encrypted’ strings (XOR them with something?) a checksum. If it fails or the file is missing, make your program just block Everything.

Edit; maybe I misunderstood and thought you needed a custom file to be hard to edit. If you want hosts to be hard to edit, Your program could auto start and overwrite the hosts file from that config regularly.

If you’re hooked on whatever your program is blocking badly enough to bypass that, you probably can’t be helped by a program.