Solaris

I'm using Solaris 10. I want to restrict users from executing this dangerous command.

Code:

rm -rf *

But they should be able to perform the below actions:

Code:

rm -rf *.*
rm -rf filename
rm -rf directory

Is it possible? If yes then pls let me know how to do it?

Yes, everyone's nightmare.

Have you seen this before?

Safe-rm

I also remember sometime ago being told about sysadmins creating a file with some escape characters in the name at root (/) which caused rm -r to fall over when executed at that level in the filesystem. Unfortunately, I can't remember how it was done. However, some of the coding/scripting experts on this forum might have something to say about that.

Why would *.* be much safer? That could potentially match . or .. on some systems. Besides, you can't really disable some globbing but not others.

What I usually see done to "safe" rm for root is putting alias rm="rm -i" in root's profile, so rm prompts for every single file removal.

Corona688: If the alias is added then all rm command would prompt the user input, this will affect any scripts that is used to clean the logs/files.

No, they don't, actually. Aliases apply to interactive logins, only interactive logins, and nothing but interactive logins.

If you type 'rm' directly into a root terminal where rm is aliased to rm -i, it will run 'rm -i'.

It does that absolutely nowhere else. Not inside scripts or utilities, even if you run them from that same terminal.

Which is a pretty good reason to use an alias for this, actually, and why you actually see that sort of thing done a lot.

This might help. It's a bit long-winded, but could accomplish what you want by adding a test in the alias command:

Code:

alias rm="[ $(id | cut -d'=' -f2 | cut -d'(' -f1) -ne 0 ] && rm -i"

So if the uid equals 0 (or substitute whichever uid you want to omit from being prompted), then skip prompting, while other users will be prompted.

Hope this helps.

id -u (if available on your machine) might save you all the cutting...