Should We Abolish User Access to rm?
Lately, I've been hearing system administrators and managers ask about solutions to keep people from accidentally removing their data. These are very smart and dedicated people asking for a solution so that data isn't lost either by accident or on purpose. A wild idea I've heard to solve the problem is getting rid of user access to the rm command. Is this truly a crazy idea?
Administrators who have users who either accidentally, or sometimes absentmindedly, remove data. The problem they are facing is that the user removes the data, most likely using rm, and then realizes they actually needed the data.
Please tell me the best solution to sort out this problem...???
If small losses are acceptable, I think a good backup strategy would be better.
Preventing users from deleting anything will make them angry, and they will always find ways to delete things (for instance with mv or file managers).
Another strategy could be to use a system where every change does not actually remove anything, but just adds up data and metadata.
In such a system, a delete command does not actually destroys any data, it just marks it as deleted, and data can still be restored.
For instance, the open-source ECM Alfresco can be configured in such a way.
Regular backups, which are also regularly tested as restores, and a clearly-understood retention policy.
I've also found an informal policy of gently mocking people who ask for restores to be helpful in keeping the number of restores down; hence my distinction (when it comes to backup policies) between what I call disaster recovery and moron recovery. Anything that makes users think a bit before hitting <CR> or clicking "yes" is the best possible medicine against accidental removal, in the long run.
I've heard of people doing this. My feeling is that there'd be too many edge cases and you'd be increasing your support overhead, since you'll be baking in file hoarding. It's hard enough to get users not to pile up tons of useless files without them having to ask you to delete stuff for them.
You could, for instance, rename rm
and wrap it in a script that displays the list of files about to be deleted and makes people type a random 5-letter word from /usr/dict/words
to confirm, but bear in mind that whatever speedbumps you put in the way, people can be remarkably ingenious when it comes to circumventing them. Be prepared for unforseen consequences :)