This is one of the "what would happen if that were true?" questions. It has nothing to do with the operating system, the points apply equally to any general purpose computer.

这是“如果那是真的会发生什么？”之一。问题。它与操作系统无关，这些要点同样适用于任何通用计算机。

Imagine that there were a way to somehow create an immutable file.

想象一下，有一种方法可以以某种方式创建一个不可变的文件。

• What's there to stop someone from filling up a file system with an immutable file (or many of them)?

• What if someone were to create immutable files with pathnames the operating system needs (Windows example - NTUSER.DAT for some user, *nix example - /bin/ls, etc.)?

• What if the operating system decides it must move the file (e.g., while defragmenting or otherwise reorganizing the file system)?

• What if a piece of malware replaces a system file with a copy of itself then makes that file immutable to prevent anyone from ever cleaning the system?

• 有什么可以阻止某人用不可变文件（或其中许多）填充文件系统？

• 如果有人使用操作系统需要的路径名创建不可变文件怎么办（Windows 示例 - 某些用户的 NTUSER.DAT，*nix 示例 - /bin/ls 等）？

• 如果操作系统决定它必须移动文件（例如，在对文件系统进行碎片整理或以其他方式重新组织）时怎么办？

• 如果恶意软件用自身的副本替换系统文件然后使该文件不可变以防止任何人清理系统怎么办？

I feel the question is incomplete as it is now. Could you edit it to include more details about the underlying problem you're trying to solve?

我觉得这个问题现在不完整。您能否编辑它以包含有关您要解决的潜在问题的更多详细信息？

You can't do that, for the simple reason that you shouldn't ever be allowed to anyway. As Mihal pointed out, this has the potential to wreak havoc on a computer.

你不能这样做，原因很简单，无论如何你都不应该被允许。正如 Mihal 指出的那样，这有可能对计算机造成严重破坏。

Programming Ethics 101: If your program is going to run on someone else's computer, remember that it's their property, not yours. That means they have the right to modify and/or delete anything they want to. Try to treat the system like your property, and they'll treat your program like malware.

编程道德 101：如果您的程序要在其他人的计算机上运行，​​请记住这是他们的财产，而不是您的财产。这意味着他们有权修改和/或删除他们想要的任何内容。尝试将系统视为您的财产，他们会将您的程序视为恶意软件。

Probably the best solution, if you need to make certain that a file will be available, is Massif's idea to embed it within your program as a resource. That way, nothing short of someone tampering with the EXE will stop you from having it available, and if that doeshappen, you've got bigger problems to worry about anyway.

如果您需要确保文件可用，最好的解决方案可能是 Massif 的想法，将它作为资源嵌入到您的程序中。那样的话，除了有人篡改 EXE 之外，什么都不会阻止您使用它，如果确实发生了这种情况，无论如何您都有更大的问题需要担心。

burn a cd.

刻录光盘。

A way be to sure that these files aren't changed 'behind the scenes' would be to add a signature to the file.

确保这些文件不会在“幕后”更改的一种方法是向文件添加签名。

To sign the file you could for example: Make a string with the whole content of the file + a secret password and calculate an SHA1-Hash of the string. Then add this hash on the first or last line of the file.

例如，要签署文件，您可以：使用文件的全部内容 + 秘密密码创建一个字符串，并计算该字符串的 SHA1-Hash。然后将此哈希添加到文件的第一行或最后一行。

To check the signature: Read the file, remove the line with the hash, add the secret password, recalculte the hash and check if it is the same as the one in the file.

检查签名：读取文件，删除带有散列的行，添加秘密密码，重新计算散列并检查它是否与文件中的相同。

To calculate SHA-1-Hashes with Delphi you can for example use MessageDigests.

例如，要使用 Delphi 计算 SHA-1-Hashes，您可以使用MessageDigests。

Buy a PROM, and a micro controller programmer kit, and burn your file into the ROM...

买一个PROM，和一个微控制器编程器套件，然后把你的文件刻录到ROM中……

you're doomed. Even windows can't prevent me deleting files arbitrarily if I boot into safe mode.

你注定了。如果我启动到安全模式，即使 Windows 也无法阻止我任意删除文件。

How about setting a watcher on the file in question and replacing it with a pristine one should it be changed? Or embedding the file in the resources of the program that needs it?

如何在有问题的文件上设置一个观察者并用一个原始的替换它来改变它？或者将文件嵌入到需要它的程序的资源中？

If I knew how to do this, I'd report it to Microsoft as a bug.

如果我知道如何执行此操作，我会将其作为错误报告给 Microsoft。

Burn it to write-once media.

将其刻录到一次写入媒体。

Raymond Chen from Microsoft just recently wrote an article that's closely related: The way to stop people from copying files to a folder is to use NTFS security, not to block drag/drop. While this one mentions trying to stop someone from copying a file to a specific folder you can use the same solution presented to fix your problem here.

来自微软的 Raymond Chen 最近刚刚写了一篇与之密切相关的文章：阻止人们将文件复制到文件夹的方法是使用 NTFS 安全性，而不是阻止拖放。虽然这个提到试图阻止某人将文件复制到特定文件夹，但您可以使用此处提供的相同解决方案来解决您的问题。

To properly secure the file and prevent tampering you can set the ACLs on the file to have Read permissions but deny Write, Delete and Change permissions. You can set that for a specific user, group, or even everyone! The owner of the file will alwayshave permission to change the permissions, so you can't permenantly lock yourself out (even if you try to deny the CREATOR OWNERspecial object). Keep in mind that to manually set these from the security dialog box, you'll have to enter the advanced permissions area, they aren't available from the standard page. You may also want to break inheritance so that the file has only the permissions you set and none from its parent.

要正确保护文件并防止篡改，您可以将文件上的 ACL 设置为具有读取权限，但拒绝写入、删除和更改权限。您可以为特定用户、组甚至每个人设置它！文件的所有者将始终有权更改权限，因此您不能将自己永久锁定（即使您尝试拒绝CREATOR OWNER特殊对象）。请记住，要从安全对话框手动设置这些，您必须进入高级权限区域，它们在标准页面中不可用。您可能还想中断继承，以便文件只有您设置的权限，而没有来自其父级的权限。

In this case it would be best to leverage options that are already there and so you won't have to try and hack the system to make work. NTFS has robust security and can accomplish what you want without you writing code. You can also work with the security directly through the WINAPI using methods related to File Security and Access Rights (MSDN). You can provide the permissions when you call the first CreateFileor change permissions after the fact by using SetNamedSecurityInfoor SetSecurityInfo.

在这种情况下，最好利用已经存在的选项，这样您就不必尝试破解系统来使其工作。NTFS 具有强大的安全性，无需编写代码即可完成您想要的工作。您还可以使用与文件安全和访问权限 (MSDN)相关的方法直接通过 WINAPI 使用安全性。您可以在调用第一个CreateFile或事后更改权限时提供权限，使用SetNamedSecurityInfo或SetSecurityInfo。

EDIT:To address the concerns of malware, you can even deny SYSTEMaccess so even services running under the system account cannot delete it or write to it. I've actually taken care of one pesky virus in that method. it would keep creating a directory, so I booted PE, emptied out the directory, then denied everyone access to it including the SYSTEMaccount. The virus was unable to propagate while I worked on removing it.

编辑：为了解决恶意软件的问题，您甚至可以拒绝SYSTEM访问，因此即使在系统帐户下运行的服务也无法删除或写入它。我实际上已经用这种方法处理了一种讨厌的病毒。它会继续创建一个目录，所以我启动 PE，清空目录，然后拒绝所有人访问它，包括SYSTEM帐户。在我努力去除它时，病毒无法传播。

Why don't you just encrypt the file and open/close it along with your executable? Or place it in your self-made filesystem?

为什么不加密文件并与可执行文件一起打开/关闭它？或者把它放在你自制的文件系统中？