How to prevent a mistaken rm -rf for specific folders

administrationrm

I think pretty much people here mistakenly 'rm -rf'ed the wrong directory, and hopefully it did not cause a huge damage.. Is there any way to prevent users from doing a similar unix horror story?? Someone mentioned (in the comments section of the previous link) that

… I am pretty sure now every unix course or company using unix sets
rm -fr to disable accounts of people trying to run it or stop them
from running it …

Is there any implementation of that in any current Unix or Linux distro? And what is the common practice to prevent that error even from a sysadmin (with root access)?

It seems that there was some protection for the root directory (/) in Solaris (since 2005) and GNU (since 2006). Is there anyway to implement the same protection way to some other folders as well??

To give it more clarity, I was not asking about general advice about rm usage (and I've updated the title to indicate that more), I want something more like the root folder protection: in order to rm -rf / you have to pass a specific parameter: rm -rf --no-preserve-root /.. Is there similar implementations for customized set of directories? Or can I specify files in addition to / to be protected by the preserve-root option?

Best Answer

To avoid a mistaken rm -rf, do not type rm -rf.

If you need to delete a directory tree, I recommend the following workflow:

If necessary, change to the parent of the directory you want to delete.
mv directory-to-delete DELETE
Explore DELETE and check that it is indeed what you wanted to delete
rm -rf DELETE

Never call rm -rf with an argument other than DELETE. Doing the deletion in several stages gives you an opportunity to verify that you aren't deleting the wrong thing, either because of a typo (as in rm -rf /foo /bar instead of rm -rf /foo/bar) or because of a braino (oops, no, I meant to delete foo.old and keep foo.new).

If your problem is that you can't trust others not to type rm -rf, consider removing their admin privileges. There's a lot more that can go wrong than rm.

Always make backups.

Periodically verify that your backups are working and up-to-date.

Keep everything that can't be easily downloaded from somewhere under version control.

With a basic unix system, if you really want to make some directories undeletable by rm, replace (or better shadow) rm by a custom script that rejects certain arguments. Or by hg rm.

Some unix variants offer more possibilities.

On OSX, you can set an access control list on a directory preventing deletion of the files and subdirectories inside it, without preventing the creation of new entries or modification of existing entries: chmod +a 'group:everyone deny delete_child' somedir (this doesn't prevent the deletion of files in subdirectories: if you want that, set the ACL on the subdirectory as well).
On Linux, you can set rules in SELinux, AppArmor or other security frameworks that forbid rm to modify certain directories.

Best Answer

Related Solutions

How to Work with Old Servers in Linux Administration

linux – Recommended Ways to Defend a Remote *nix Install from a Hamfisted Admin

Related Question