«   |   »

The power of misused rm command on Ubuntu Linux

Some @##&% posted rm based commands on UF yesterday. The intent was to deliberately nuke new users systems, as the posts were in the beginners section, in unanswered, or 1-2 replies threads.

In addition to be banning the accounts and IPs and removing all the posts, we turned back on a confirmation email registration process. Many thanks to all the regular members who have been helping, placing warning in their sigs, posting in threads and reporting the infamous posts.

It is so frustrating to see this happening. There must be at least 10 pages of reports and infractions sitting around the staff area for the two posting waves we had. Breaking someone else’s system, I just do not see how funny it is. Is it for fame? Power? Out of boredom? See K.Mandla’s blog article for some interesting insights.

In any case, educating the new users is one of the answers we can give. Here is a little tutorial, based on a forum’s post where Aysiu has explained the rm command.

Excerpt from man rm:

NAME
       rm - remove files or directories
-f, --force
              ignore nonexistent files, never prompt
 -r, -R, --recursive
              remove directories and their contents recursively

So any command based on rm -rf will recursively remove files without asking for a confirmation. As everything is a file on Linux (the concept of directories does not really apply, each “directory” is a file) you can wipe everything that is sitting in the “directory” you are running the command from. Guess what happens if you run it in your /home..

Examples – DO NOT RUN THEM

Now, a precise file to delete can be indicated:

rm -rf /home
sudo rm -rf /

The first one will wipe /home, regardless from where the command is running. The second one will wipe the entire root file system (/). Admin privilege is required to access /, gained with sudo on Ubuntu.

Basic recommendations

  • Do not run these commands, unless confirmed by long time members. rm is useful and is sometimes the only solution.
  • Backup, backup and backup again. On at least two separate removable devices for important stuff. The only user I am aware of being caught in the process had everything backed up.
  • Be curious and search for commands you do not understand, either with man or a search on Google or UF. You’ll improve your knowledge and skills at the same time.
  • Read the UF announcement

Oh well.. One of these days.

PS: thanks to Stefano Rivera, see the comments below :)

About these ads

Posted on November 14, 2007 at 13:34 in Ubuntu, Ubuntu [en]   |  RSS feed |   Respond   |   Trackback URL

Tags: , ,

13 Responses to “The power of misused rm command on Ubuntu Linux”

    
  1. dthomasdigital
    November 14, 2007 at 16:52

    I saw your headlines are fix, I’m glad.
    I just read this post, this is really sad that someone would do this.

  2. bapoumba
    November 14, 2007 at 17:09

    I do not think I am violent, I’ve never had urges to hit someone on the head. Last night, I was just ready to bite. As Asyiu said, this is infuriating.

    BTW, thanks for the tip regarding the rss feeds :)

  3. Yann
    November 14, 2007 at 17:17

    Hey bap, I would be happy for some IP and logfiles, as we have the same problem on Ubuntu-fr. If it is the same guy, then we are already looking on legal advice.

  4. bapoumba
    November 14, 2007 at 17:24

    @ Yann: they are behind a proxy..

  5. Stefano Rivera
    November 15, 2007 at 20:04

    > including /home if not installed on a separate partition

    I’m not sure that’s correct. rm -rf will cross mounts.

    It won’t delete ‘/home’ the directory, but it will delete it’s contents.

  6. bapoumba
    November 15, 2007 at 20:12

    Yeah, I had doubts about this, and forgot to check it further, sorry. When I wrote, I had the idea to talk about unmounted partitions but dropped it.
    I’m going to take that part out, an empty /home won’t make any difference to the user.

    Thanks a lot for pointing this out :)

  7. Dr Small
    November 25, 2007 at 1:00

    This is all fine and dandy to post big long articles about not to run these commands, but they can be easily encrypted, so when this new user sees the command he says,

    “Hmm. I’m a newbie. I have no idea what this does, it looks funny, but this guy is more experienced than I. Besides, it doesn’t have any of the commands in it as I was warned not to run, so it must be safe…”

    And really,
    aa="f"; ab="r"; ac="m"; az="/"; ag="o"; ae="u"; af="d"; ad="s";$($ad$ae$af$ag $ab$ac -$ab$aa $az)
    Is as dangerous as,
    sudo rm -rf /

    Only the former is encrypted and the latter one isn’t.

  8. bapoumba
    November 25, 2007 at 13:45

    Yes, I know. The only way we have (in addition to basic moderation tools) is to educate new users, warn them not to blindly run commands etc. Would you see anything to edit/add in the UF announcement? Thanks.

  9. hippie
    April 12, 2008 at 9:58

    Hi!
    I think your article is really good :) I want to translate it to Polish Ubuntu community (http://ubuntu.pl). The article will be placed in http://czytelnia.ubuntu.pl/ website where we publice lots of articles, felietons and news. So there is my question… Can I translate your article and publice it there?

    PS. Link to orginal article will be placed at the end of translation, of course :)

  10. bapoumba
    April 13, 2008 at 7:55

    @ hippie: No problem, please do so :)

  11. lenswipe
    May 18, 2008 at 3:42

    there are some big loosers out ther thats for sure!

Trackbacks

    

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 91 other followers

%d bloggers like this: