Why is it possible to delete the entire file system?

command-line rm

After committing the infamous mistake of deleting my entire file system via sudo rm -rf /*, recovering from the horrendous damage that I had done and coping with the fact that I just lost 6 years off my lifespan, I started wondering why is it even possible to do that, and what could be done to prevent this mistake from happening.

One solution that was suggested to me is revoking root access from my account, but that is inconvenient, because a lot of commands require root access and when you have to run a few dozen commands every day, that gets annoying.

Backing up your system is the obvious way to go. But restoring a backup also requires some downtime, and depending on your system that downtime could be days or weeks, which could be unacceptable in some cases.

My question is: Why not implement a confirmation when the user tries to delete their filesystem? So that when you actually want to do that, you just hit Y or enter, and if you don't at least you don't lose everything.


Meet safe-rm, the “wrapper around the rm command to prevent accidental deletions”:

safe-rm prevents the accidental deletion of important files by replacing rm with a wrapper which checks the given arguments against a configurable blacklist of files and directories which should never be removed.

Users who attempt to delete one of these protected files or directories will not be able to do so and will be shown a warning message instead. (man safe-rm)

If the installation link above doesn’t work for you just use sudo apt install safe-rm instead. The default configuration already contains the system directories, let’s try rm /* for example:

$ rm /*
safe-rm: skipping /bin
safe-rm: skipping /boot
safe-rm: skipping /dev
safe-rm: skipping /etc
safe-rm: skipping /home
safe-rm: skipping /lib
safe-rm: skipping /proc
safe-rm: skipping /root
safe-rm: skipping /sbin
safe-rm: skipping /sys
safe-rm: skipping /usr
safe-rm: skipping /var
…

As you see, this would prevent you from deleting /home, where I suppose your personal files are stored. However, it does not prevent you from deleting ~ or any of its subdirectories if you try deleting them directly. To add the ~/precious_photos directory just add its absolute path with the tilde resolved to safe-rm’s config file /etc/safe-rm.conf, e.g.:

echo /home/dessert/precious_photos | sudo tee -a /etc/safe-rm.conf

For the cases where you run rm without sudo1 and the -f flag it’s a good idea to add an alias for your shell that makes rm’s -i flag the default. This way rm asks for every file before deleting it:

alias rm='rm -i'

A similarly useful flag is -I, just that it only warns “once before removing more than three files, or when removing recursively”, which is “less intrusive than -i, while still giving protection against most mistakes”:

alias rm='rm -I'

The general danger of these aliases is that you easily get in the habit of relying on them to save you, which may backfire badly when using a different environment.

1: sudo ignores aliases, one can work around that by defining alias sudo='sudo ' though


Confirmation is already there, the problem is the -f in the command, that is --force; When user forces an operation it is supposed they know what they're doing (obviously a mistake could always append).

An example:

 rm -r ./*
 rm: remove write-protected regular file './mozilla_mvaschetto0/WEBMASTER-04.DOC'? N
 rm: cannot remove './mozilla_mvaschetto0': Directory not empty
 rm: descend into write-protected directory './pulse-PKdhtXMmr18n'? n
 rm: descend into write-protected directory './systemd-private-890f5b31987b4910a579d1c49930a591-bolt.service-rZWMCb'? n
 rm: descend into write-protected directory './systemd-private-     890f5b31987b4910a579d1c49930a591-colord.service-4ZBnUf'? n
 rm: descend into write-protected directory './systemd-private-890f5b31987b4910a579d1c49930a591-fwupd.service-vAxdbk'? n
 rm: descend into write-protected directory './systemd-private-890f5b31987b4910a579d1c49930a591-minissdpd.service-9G8GrR'? 
 rm: descend into write-protected directory './systemd-private-890f5b31987b4910a579d1c49930a591-ModemManager.service-s43zUX'? nn
 rm: descend into write-protected directory './systemd-private-890f5b31987b4910a579d1c49930a591-rtkit-daemon.service-cfMePv'? n
 rm: descend into write-protected directory './systemd-private-890f5b31987b4910a579d1c49930a591-systemd-timesyncd.service-oXT4pr'? n
 rm: descend into write-protected directory './systemd-private-890f5b31987b4910a579d1c49930a591-upower.service-L0k9rT'? n

It is different with --force option: I will not get any confirmation and files are deleted.

The problem is to know the command and its parameters, navigate more in the man of a command (also if the command is found in a tutorial) for examples: the first time I saw the command tar xzf some.tar.gz I'm asking myself, "what does xzf mean?"

Then I read the tar manpage and discovered it.

Related

BIOS contains WGDS but no WRDS, Ubuntu 19.04
Ubuntu 18.04 how to show date in top bar [duplicate]
How do I digitally sign PDFs in 2019?
Is there a Unity / Compiz shortcut key to move a window to your other monitor (not workspace)? [duplicate]
What is the best video editor on Ubuntu for editing multi-format/multi-eco?
Can Wine and its programs be set to use Ubuntu file manager instead of Wine Explorer?
Switch between nvidia-current and nouveau without a reboot?
Does Ubuntu plan to move to btrfs as default filesystem?
Mount LUKS encrypted hard drive at boot
What's the fairest way to monitor total CPU time - per user?
Monoid as a single object category
"Why do I always get 1 when I keep hitting the square root button on my calculator?"