I'm making an application in C++, my purpose is to protect the contenent of a certain directory. Every elements inside this directory cannot be deleted or modified since the application is going on, I tried by using flock/funlock function but they don't provide any protection if I delete the file manualy. Can someone just give me an advice on what I should use? I'm using Windows, but if possible I would like to find a solution which can work on multiple OS.

> I tried by using flock/funlock function but they don't provide any protection if I delete the file manualy.
What's your use-case?

If you achieve protection from normal users, what about someone with admin privileges?

The best you can ever hope for is raising the bar in terms of difficulty for the external agent. But with each notch, it's more time and effort on your part, and for sure, less portability.

How much thread are you tugging at before the idea unravels completely?

On Windows, if you are an admin and are running with admin privilege then you have total control over file administration (although reading/writing contents can be prevented by encryption).

A simple approach is to just mark the files as read-only. This will prevent any accidental deletion.

In Windows you can obtain notification/info when a change to a directory occurs (such as a file deleted). It won't stop the deletion, but you'll know about it. See https://docs.microsoft.com/en-us/windows/win32/fileio/obtaining-directory-change-notifications

Are you looking to stop normal users from making a mistake or troublemakers/hackers? If its just normal users, windows has a way to lock files from being messed with while in use, and ways to make them read-only for non-administrators. There are also ways to serve up copies of the file for user access and the real copy can be unreachable. I don't think most techniques are portable across OS. Putting it on a server and having each OS pull down copies and only your program able to talk to the server is portable, but a bit of trouble...

I'm not sure there's a portable solution to this. On Windows you can lock down the NTFS permissions to allow only the desired access, but other OSes don't care about NTFS permissions. In Linux you can set the security properties of files but root can get at anything regardless of perms. Same should be true of the Mac. Good luck.

The Windows people have taken to using what I call "regressive permissions" on many folders on C: drives. These permissions prevent the Administrators group from taking ownership of files and folders under these folders. This ticks me off as I'm a data recovery expert and anything that gets in the way of legitimate administrators getting at data on computers they *own* ticks me off. The cure is to take the HD in question unto a Linux or Mac machine that has been taught how to deal with NTFS. It works because these OSes don't care about the NTFS perms. You can get at every file. Not that this solves your problem but it shows you what you're up against.

FWIW you HAVE to lock admin and all out of some folders to block persistent programs from screwing things up. Some software on windows, esp if written by M$ or security firms, feels like it can do anything it wants. The users who are locking it up are often doing so in self defense against aggravationware (or they have something to hide, in which case they should encrypt it instead of locking it out, as locking it out isnt terribly hard to get into). You can set it back with a boot disk thumb drive, you don't need to pull the hard drive physically, but you probably knew that. Its annoying (I see it from both sides, as a partial admin and as a user too), but I understand why they do it. I think even on my home system I have 5 or 6 folders that the OS can't access anymore because it kept trying to install junk I didn't want.