How to prevent Accidents 'rm -rf *'?


 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users How to prevent Accidents 'rm -rf *'?
# 8  
Old 06-03-2014
Quote:
Originally Posted by deepakwins
Don / Cero, Thanks for your Reply!!!

I was intended to say as what Cero interpreted.
The tool that I use, would invoke a "rm" or "/usr/bin/rm" commands.
Operands will be passed to the 'rm' utility, with the optional arguments of -r / -rf / -f etc as parameters.
Eg for the parameters:

Code:
/usr/bin/rm -rf #folder#/#filepatter#*.csv

rm -f #folder#/#filepatter#*

/bin/rm -rf #folder#/*

cd #directory# ; touch #file(s)# ; rm -rf #file(s)#

During any abnormality, there are chances for the tool to send parameters like #folder# or #file# as empty value.
And we know the impact of it.

I was infact trying the options this morning, similar to what cero was describing in.
I created the alias, and it would work in unix terminal, but not in the tool. Not sure, If i need to bounce the tool to refresh the change in .profile.
So with the help of admins, i tried to create the soft link for the rm command.
/usr/bin
Code:
rm -> /home/dsadm/rm_chck.ksh

And it seems to work for my testing.

And thinking to add more conditions to capture in the script as Don mentioned.

Atleast this way, we can avoid the possibilities of known issues that we far. Hope this would be a right way to proceed.
Aliases are set up differently for different shells; may be disabled or replaced by a user or by a script, and -- as you already know -- won't have any effect if whatever is invoking rm isn't a shell running with the defined alias in its current execution environment.

I wasn't suggesting adding more conditions to an mv filter. I was trying to point out that on an active system, there is no way to reliably do what that script seems to want to do (and even for the simple, static case) there are several errors in this rm filter that could keep it from recognizing that the caller was attempting to recursively remove all files under the root directory, and would also make it impossible to remove some files unless the user knew how to avoid this buggy filter so the unadulterated rm utility could process the operands that the user intended to pass in.

I fully agree with Corona688: Fix, disable, or remove code that is taking input from users or website input fields and transforming it into dangerous commands without performing appropriate input validation. <<getting onto soapbox>> If you have a programmer who is writing code that will be running with super-user privileges, taking a (possibly empty) directory from a website field, adding a /* to that directory, and then invoking rm with the -r and -f options and that modified directory name; fire that programmer. If you are getting code from a 3rd party vendor that contains code like this; demand a refund and remove them from your approved vendor list. <<getting off of soapbox>>
# 9  
Old 06-03-2014
Perhaps the following trick helps: create a file named -i in the current work directory
Code:
 > -i

In most locales -i comes first in the alphabet, so rm * expands to rm -i file1 file2 ....
Another trick is to turn off the shell's wildcard globbing, in .bashrc with
Code:
set -f

or in .cshrc with
Code:
set noglob

This User Gave Thanks to MadeInGermany For This Post:
# 10  
Old 06-04-2014
From experience, if you give people the slightest chance to do something dangerous, then eventually they will do it by accident. Smilie

Experience is a great teacher, if you keep your job long enough to use it. Smilie

I would suggest that the approach is flawed as others have said. You need to find a far more secure way lock down what is removed. Smilie


Can you explain a little more why they might need to delete everything in a particular directory? Are these temporary files perhaps left being by a previous user perhaps? There are better ways of dealing with that issue.




Robin
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Emergency UNIX and Linux Support

How to prevent emails as spam?

If an email is sent from our application server(running on AIX) to an id that is outside of the organization like gmail etc, and if gmail should not treat the mail as spam, what has to be done from unix level? (7 Replies)
Discussion started by: ggayathri
7 Replies

2. Shell Programming and Scripting

How to prevent command from deleted

Hi, I've been searching around for solution, hope that some gurus here can help. I'm using some commands in my shell script and I'd like to protect these command to be moved to another directory. For instance, cp currently in /bin/cp. If I move it to /bin/cpxxx, my script will not be able to... (3 Replies)
Discussion started by: gklntn
3 Replies

3. Shell Programming and Scripting

how to prevent process from being killed

Hi,all.Well,I know someone has already asked this question before,however,It's too long before.So i post a new thread here. Here is the issue.I have a shell script that use awk to calculate something and the script takes about 15 mins,it will use 100% CPU,and the system automatically killed the... (2 Replies)
Discussion started by: homeboy
2 Replies

4. UNIX for Dummies Questions & Answers

How to prevent queues from disabling themselves

I understand that on my HP-UX 11.31 system when print queues can no longer communicate with remote printers, the queue disables itself. How can I configure it to stop disabling itself, or alternatively, to re-enable itself when the remote printer comes back online? I have users in warehouses who... (6 Replies)
Discussion started by: EatenByAGrue
6 Replies

5. UNIX for Advanced & Expert Users

Parallel access - how to prevent

I have one shell script which is being accessed by many jobs at same time. I want to make the script such that , other job should wait for the script if script is being used by some other job. Is there any way to implement it in script level ? Gops (1 Reply)
Discussion started by: Gopal_Engg
1 Replies

6. Programming

How to prevent a class from inheretance?

:(Hi, There is a class in C++ called "CL". It should not participate in inheretance. If some body inherit it it should give errors.....:( (0 Replies)
Discussion started by: krishna_sicsr
0 Replies

7. Shell Programming and Scripting

Prevent output to window

hello, Any suggestion on how to prevent Standard output and Standard Error to window? (3 Replies)
Discussion started by: katrvu
3 Replies

8. Programming

how to prevent deadlock on this...

I am using linux termios structure to configure serial port and read the port by read function. For some reason, if I read the whole buffer, almost every time the buffer does not contain the correct reply message sequence from a device sending reply to my linux PC. So I use... (5 Replies)
Discussion started by: yimab
5 Replies

9. UNIX for Dummies Questions & Answers

Prevent history entry

Is there anyway to prevent a command from being logged in the history file? I share a system with others (log in with same account) and I would like to prevent any passwords from being logged in the history file. Some of the commands that I run require username/password on the command line... (7 Replies)
Discussion started by: here2learn
7 Replies

10. UNIX for Dummies Questions & Answers

Prevent bash from interpretation :

I am using bash shell; my requirement is to run a long command. Now I have split this long command into a number of shell variables. Some of these shell variables contain special character ':' At the end, when the intended long command is executed as a series of small shell variables the ':'... (7 Replies)
Discussion started by: uday
7 Replies
Login or Register to Ask a Question