az-lock

Create a read-only subscription level lock

$ az lock create [[-n|--name]] [lock_name] [[-t|--lock-type]] ReadOnly

$ az lock create [[-n|--name]] [lock_name] [[-g|--resource-group]] [group_name] [[-t|--lock-type]] ReadOnly

$ az lock delete [[-n|--name]] [lock_name]

$ az lock delete [[-n|--name]] [lock_name] [[-g|--resource-group]] [group_name]

$ az lock list

$ az lock show [[-n|--name]] [lock_name]

Since `az-lock` is not a standalone command, here are the common synopses for managing Azure locks using the `az` CLI:

Creating a lock:
`az lock create --name <lock_name> --resource-group <group_name> --lock-type {CanNotDelete|ReadOnly} [--notes <notes>]`
`az lock create --name <lock_name> --resource <resource_name> --resource-group <group_name> --namespace <provider_namespace> --parent <parent_resource_path> --resource-type <resource_type> --lock-type {CanNotDelete|ReadOnly}`
`az lock create --name <lock_name> --subscription <subscription_id> --lock-type {CanNotDelete|ReadOnly}`

Deleting a lock:
`az lock delete --name <lock_name> [--resource-group <group_name> | --resource <resource_name>]`
`az lock delete --ids <lock_id>`

Listing locks:
`az lock list [--resource-group <group_name> | --resource <resource_name> | --subscription <subscription_id>]`

Showing a lock:
`az lock show [--name <lock_name> --resource-group <group_name>] | --ids <lock_id>`

--name <lock_name>
    Name of the lock.

--lock-type {CanNotDelete|ReadOnly}
    Type of lock. CanNotDelete prevents deletion. ReadOnly prevents deletion and modification.

--resource-group <group_name>
    Name of the resource group to apply the lock to.

--resource <resource_name>
    Name of the specific resource to apply the lock to.

--namespace <provider_namespace>
    Resource provider namespace (e.g., 'Microsoft.Compute'). Required for resource-level locks.

--parent <parent_resource_path>
    The parent path if the resource is a nested resource (e.g., 'virtualMachines/myVM').

--resource-type <resource_type>
    Type of the resource (e.g., 'virtualMachines').

--subscription <subscription_id>
    ID of the subscription to apply the lock to.

--notes <notes>
    Optional text notes about the lock.

--ids <lock_id>
    One or more resource IDs (space-separated) of the locks to target.

The term az-lock does not refer to a standard, standalone Linux command. Instead, it typically refers to the management of Azure resource locks using the Azure Command-Line Interface (Azure CLI), which is often installed and used on Linux systems.

Azure resource locks are a feature within Microsoft Azure that prevents users from accidentally deleting or modifying critical resources (like virtual machines, databases, or resource groups). These locks apply across all users and roles and are enforced at the management plane level, not at the operating system level.

While `az-lock` itself is not a command, operations to create, delete, list, or show Azure locks are performed using subcommands under the `az lock` umbrella within the Azure CLI. A user might potentially create an alias or a script named `az-lock` on their Linux system to simplify specific Azure locking operations.

`az-lock` is not a native, standalone Linux command. It refers to functionalities primarily provided by the Azure CLI to manage Azure resource locks. To use these functionalities, the Azure CLI must be installed and configured on your Linux system, and you must be authenticated to an Azure subscription. The locks managed by `az lock` commands are Azure-specific management locks, not Linux file system or process locks.

• CanNotDelete: Users can still read and modify a resource, but they cannot delete it.
• ReadOnly: Users can only read a resource. They cannot delete or modify it. This lock type is typically applied to critical production environments where accidental changes are to be strictly avoided.

Locks can be applied at different scopes: subscription, resource group, or individual resource. A lock applied at a higher scope (e.g., resource group) is inherited by all resources within that scope.

To create or manage locks, you need appropriate permissions, such as `Microsoft.Authorization/locks/*`. Typically, users with "Owner" or "User Access Administrator" roles have these permissions.

Azure resource locks were introduced as part of Azure Resource Manager's governance capabilities to enhance control and prevent unintended modifications or deletions of critical cloud resources. Their development has been driven by the need for robust operational safety and compliance within cloud environments, evolving alongside other Azure governance features like policies and blueprints. The `az lock` command set within the Azure CLI provides a programmatic interface for managing these locks, complementing the Azure portal.

az(1), flock(1), fuser(1), lslocks(8)