So…I did something bad. In Cygwin I wrote a bash script that took in two directories and copied the contents of one into the other. First, it called "rm -rf" to remove the contents of the second directory. I accidentally ran the script with no second argument provided, and it looks like Cygwin took that as the dreaded "rm -rf /".
I'm not sure what the damage is and I'm trying to assess it. As it was running before I stopped it, I saw a lot of "permission denied" messages.
The most visible damage was that my C:\cygwin64 folder was clobbered. All that was left in it was a few empty directories. I believe that there may have been some directories that were alphabetically above cygwin64 that were deleted because I don't remember it being the highest directory in the list, which it now is.
My computer is acting 100% normal and I haven't experienced anything strange yet. I just want to know if anyone has any experience with "rm -rf /" on Cygwin and whether this could clobber your entire drive like it would on Linux.
Part of the puzzle is that the root of Cygwin is beneath the c-drive, but it contains a reference to the c-drive in "cygdrive". I'm wondering if "rm -rf /" would actually go all the way through with deleting all of the contents of "/cygdrive" or if that is protected somehow.
EDIT: On a side note, does anyone know why "rm -rf " would be the same as "rm -rf /". I distinctly remember not supplying a path and leaving that parameter blank, so I don't know why it called rm on the root directory.
Best Answer
EDIT: The command completed and then I rebooted the VM, so I added more photos. Also changed my answer to include the fact that the machine wasn't totally clobbered.
EDIT 2: I still have the VM. Let me know in the comments if you have anything you want me to try on it out of curiosity.
EDIT 3: I decided to experiment a little more. I restored to a snapshot I took right before I ran the command, I put one folder above
C:\cygwin
and one folder below. I then ran the command and didctrl-c
very quickly. The cygwin folder still existed (inside it was mostly empty) but the folder above it was erased. The user generated folder below it was intact as well. Then I restored the state and ran the command again, this time for a little longer beforectrl-c
. Now it erased both the folder above cygwin, cygwin itself, and the folder below.When I ran this on my computer in real life the
C:\cygwin64
folder was intact, implying that everything below it alphabetically was safe. This gives me some peace of mind now knowing for certain that the only folders that were blown out were those aboveC:\cygwin64
, which usually are just temp folders or some other non-essential folders anyways.TLDR: Don't run
rm -rf /*
orrm -rf /
EVER.TLDR2: I created a Windows 10 VM, installed Cygwin, and ran
rm -rf /*
. VM got pretty messed up. To answer my own question: Yes, it would delete everything that it has permission to access on your hard drive. If I hadn't cancelled the command as fast as I did when this happened on my real machine it would have deleted all of my personal files. The general OS would still be intact though.So, I decided to create a Windows 10 VM and try this from scratch. Here's what happened. Cygwin doesn't let you do
rm -rf /
for safety reasons (there's an override option)...butrm -rf /*
is perfectly fine apparently with no warning.I realized that in my original script I was deleting all of the files in a provided directory, so I used
rm -rf $1/*
, so if$1
is empty...the dreaded destroy your hard-drive command is executed, and Cygwin doesn't even warn you!About to hit enter...
cygwin64 is the first to get clobbered
Windows Explorer link is gone
Start Menu is still here
There goes the desktop image!
Notification center is still fine
Cortana Too!
Recycling bin is broken, but now I can access Windows Explorer!
C: Drive Contents, not much has changed here
General UI is still working fine
Start Menu no longer responds
Music lives! It's the only library left standing
The command has completed!
Not much new here in C:
Applications still work if launched from the executable, app data is still intact
I rebooted the machine. No problems booting up and logging in. Programs still work if you click on their direct executable. Still have internet access. It's hard to assess the permanent damage. Start still doesn't open.