Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 2 Oct 2004 17:22:50 -0400
From:      Garance A Drosihn <drosih@rpi.edu>
To:        Giorgos Keramidas <keramida@freebsd.org>, Lee Harr <missive@hotmail.com>
Cc:        freebsd-hackers@freebsd.org
Subject:   Re: Protection from the dreaded "rm -fr /"
Message-ID:  <p06110421bd84c87e063b@[128.113.24.47]>
In-Reply-To: <20041002175704.GB2230@gothmog.gr>
References:  <BAY2-F27PUPeKljq65R00014185@hotmail.com> <20041002175704.GB2230@gothmog.gr>
next in thread | previous in thread | raw e-mail | index | archive | help 
At 8:57 PM +0300 10/2/04, Giorgos Keramidas wrote:
>On 2004-10-02 21:23, Lee Harr <missive@hotmail.com> wrote:
>  > > John Beck, who works for Sun, has posted an entry in his blog
>  > > yesterday about "rm -fr /" protection, which I liked a lot:
>  > >
>  > > http://blogs.sun.com/roller/page/jbeck/20041001#rm_rf_protection
>>  >
>  > > His idea was remarkably simple, so I went ahead and wrote this
>  > > patch for rm(1) of FreeBSD:
>  >
>>  How about:
>>
>>  chflags sunlnk /
>>  ?
>
>Setting sunlink on / will only protect the / directory, not its
>descendants, so you don't gain much.

We could add a new flag "srunlnk", or maybe even "srm-r".  The "rm"
command will always have to stat() the file it is given (just to
see if it is a directory), so it could check to see if this flag
is turned on.  If it is turned on, then 'rm' could refuse to honor
any '-rf' request on that directory.

I like the idea of *some* kind of protection for "rm -rf /", but I
think it would be better as something more generally useful than
protecting against that one single case.  While I have typed in a
few dozen disastrous "rm -rf" commands, I have never actually typed
in "rm -rf /", so this particular seat belt would never have done me
any good.  By tieing the feature to a settable flag, then I would
have the option to protect to other directories (if I wanted to add
such protection).

-- 
Garance Alistair Drosehn            =   gad@gilead.netel.rpi.edu
Senior Systems Programmer           or  gad@freebsd.org
Rensselaer Polytechnic Institute    or  drosih@rpi.edu

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?p06110421bd84c87e063b>