Thursday, April 18, 2019

linux - How do I prevent accidental rm -rf /*?




I just ran rm -rf /* accidentally, but I meant rm -rf ./* (notice the star after the slash).



alias rm='rm -i' and --preserve-root by default didn't save me, so are there any automatic safeguards for this?






I wasn't root and cancelled the command immediately, but there were some relaxed permissions somewhere or something because I noticed that my Bash prompt broke already. I don't want to rely on permissions and not being root (I could make the same mistake with sudo), and I don't want to hunt for mysterious bugs because of one missing file somewhere in the system, so, backups and sudo are good, but I would like something better for this specific case.







About thinking twice and using the brain. I am using it actually! But I'm using it to solve some complex programming task involving 10 different things. I'm immersed in this task deeply enough, there isn't any brain power left for checking flags and paths, I don't even think in terms of commands and arguments, I think in terms of actions like 'empty current dir', different part of my brain translates them to commands and sometimes it makes mistakes. I want the computer to correct them, at least the dangerous ones.


Answer



One of the tricks I follow is to put # in the beginning while using the rm command.



root@localhost:~# #rm -rf /


This prevents accidental execution of rm on the wrong file/directory. Once verified, remove # from the beginning. This trick works, because in Bash a word beginning with # causes that word and all remaining characters on that line to be ignored. So the command is simply ignored.



OR




If you want to prevent any important directory, there is one more trick.



Create a file named -i in that directory. How can such a odd file be created? Using touch -- -i or touch ./-i



Now try rm -rf *:



sachin@sachin-ThinkPad-T420:~$ touch {1..4}
sachin@sachin-ThinkPad-T420:~$ touch -- -i
sachin@sachin-ThinkPad-T420:~$ ls

1 2 3 4 -i
sachin@sachin-ThinkPad-T420:~$ rm -rf *
rm: remove regular empty file `1'? n
rm: remove regular empty file `2'?


Here the * will expand -i to the command line, so your command ultimately becomes rm -rf -i. Thus command will prompt before removal. You can put this file in your /, /home/, /etc/, etc.



OR




Use --preserve-root as an option to rm. In the rm included in newer coreutils packages, this option is the default.



--preserve-root
do not remove `/' (default)


OR



Use safe-rm




Excerpt from the web site:




Safe-rm is a safety tool intended to prevent the accidental deletion
of important files by replacing /bin/rm with a wrapper, which checks
the given arguments against a configurable blacklist of files and
directories that should never be removed.



Users who attempt to delete one of these protected files or
directories will not be able to do so and will be shown a warning

message instead:



$ rm -rf /usr
Skipping /usr


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...