SUMMARY: su - ; \rm -rf *

From: Grzegorz Bakalarski <G.Bakalarski_at_icm.edu.pl>
Date: Tue Apr 26 2005 - 07:27:55 EDT
Dear All,

Recovery finished more or less successfully. Time for summary ...

I've got a lot of replies ... Too many to fully specify auhtors.

At the end of this e-mail you'll find votes statistics.

My short summary/commentary  follows...

There is no real firm way to prevent such disaster i.e. a way
to block accidental recursive removing of whole filesystem by root.

However Solaris10's rm is to forbid to remove recursively
from / (i.e. /bin/rm -rf / will be refused).

Most of you suggested aliasing rm to "rm -i".

Many adviced to use sudo or RBAC ...

Some agreed that creating file named like "-a or -i or -z"
is safe and could be a good trick which may work in limited situations.

Changing root home to /root is common practice but will not
prevent against stupid admin.

Someone suggested to write a kind of wrapper for rm (i.e. change
rm to what_ever_you_like e.g. put rm in /usr/verysecure/bin/rm
and in /usr/bin put a script called rm which would check for id=root
if any of arguments is / or * or /usr or /var or ... and failing
if it is  true; in other case just execute /usr/verysecure/bin/rm).
it looks clever but I'm not sure if is is secure and healthy to OS.
Few of you wisely suggested that training and learning good habits
is the only way to avoid such disaster, e.g admin should never use 
rm & *, admin before any rm should 3 times check pwd etc..

My additional note is that when you do backups on disk it should be
umounted or mounted read_only after doing backup ...

My note #2, for those who suggested cutting fingers, hands etc. You'll
never knows what happens with you in a future ... Sometimes im maybe
a white space between / and tmp/scratch (i.e "rm -r / tmp/scratch" 
instead of "rm -r /tmp/scratch"),  other time you may mismatch 
controller numer of device when doing newfs ... We'll ask then about
your fingers.

Nevertheless: before rm always check pwd, never work in a hurry,
never work very tired, good backup is your friend.

Thanks again & best regards,

GB

------------ 
In addition to my own comments I put a notes from Colin Bigam
who gave most comprehensive reply. Thanks!

From: Colin Bigam <colin_at_west.gecems.com>

[...]  There are several things wrong with your initial
example.

"su -" should (nearly) always be used instead of "su".

\rm escapes any aliasing for the rm command, but doesn't specify where it
is. Specify the full pathname for dangerous binaries, i.e. /bin/rm

Also, your friend apparently didn't check their current path before
issuing the command. I type 'pwd' more times than I can count, when I'm
logged in as (or su - to) root. ALWAYS know what directory you're in when
issuing commands that might modify files.

This wouldn't matter if you replaced the * with a full pathname again, and
not using 'tilde expansion.'
So...

#su -
#pwd
#/bin/rm -rf /home/username

Or possibly;
#su -
#cd /home/username
#pwd
#/bin/rm -rf ./*

Changing root's home directory can have some repurcussions (vipw fails),
and is a debatable subject. Adding the '-z' file to each directory you want
to save won't help much either. If you do "/bin/rm -rf *" in /, it won't
recognise the -z in any subdirectories, such as /var or /usr. Also, it's
dangerous to rely on "tricks" of any sort when you're playing with root.

The only real trick is training. As root, use full pathnames, don't combine
commands, don't use aliases, and don't set up conveniences that are going to
cause harm when you go to work on another system that doesn't have them.

Good luck with the restore.
-------------------      -------------------------------------
------------------- VOTES -------------------------------------
------------------        ----------------------------------

forbid root access
(or in other words "Don't let idiots have the root password.")
+++

Use sudo or RBAC instead of su:
++++++

upgrade to Solaris 10
Solaris 10 has a built-in protection against this calamity:
# rm -fr /
rm of / is not allowed
+

Learn careful work
+

change root's home to /root
++++

allow root logins only on console
+

alias rm to /bin/rm -i
+++++++

never  issue "rm -rf * , use rm -rf absolute_path
+++


train using "-f" only then it is really needed
+

cut out fingers anyone using " \rm -rf * "
+++

alias su 
+

create wrapper for the rm command which can just grep for a *, /*
 or whatever you want and deny the command
+
------------------------------------------------------------------
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Tue Apr 26 07:28:31 2005

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:46 EST