I have fallen victim to sudo rm -rf /*
Posted by Artemis-Arrow-795@reddit | linux | View on Reddit | 149 comments
God I wish this was a joke post, but feel free to laugh at it all you want, I deserve that
I was showing Linux to my friend, and he asked me about that command, I wrote it to explain how it works and what it does, after I was done I mistakenly pressed enter rather than ctrl+c
it took a day's work to recover my system to as it was before, luckily it didn't manage to reach my home files by the time I powered off my PC
moral of the story: don't try to explain sudo rm -rf /* to your friends, otherwise they might get a live demo
jchristianh@reddit
Interestingly enough, typing
rm -rf /presents a message informing you have to add--no-preserve-root, but add that*and no such warning.Goes without saying, but always keep backups!
turtle_mekb@reddit
why is
--no-preserve-rooteven a thing? why would there ever be a use case for that?qwesx@reddit
Because when creating an absolute path, e.g. in a script (looking at you, Nvidia), it's kind of easy to accidentally end up with a space after the first
/which would end up deleting way more than intended. Sormwas changed to treat/as a special directory and will refuse to run unless--no-preserve-rootis added as well.turtle_mekb@reddit
yeah, but why does
--no-preserve-rootlet you bypass it anyway?SkunkySammy@reddit
I recently sold an ssd and had to wipe it obviously. Very satisfying to no preserve root and see everything break in real time
IncidentalIncidence@reddit
for when you actually want to bypass it
qwesx@reddit
Because when you DO actually want to delete all files.
turtle_mekb@reddit
ohhhh thanks lmao
Ran_Cossack@reddit
Because if that's really what you want to do... it's your computer.
madjic@reddit
rm -rf /$VARif you expectVARto be setJeSuisAnhil@reddit
But also please use
set -euo pipefailif you write bash scripts.tuxbass@reddit
Not a fan of
-epersonally, but to each their own.hi65435@reddit
My reasoning is the following: I leave a job and now I need to clear my disk.
Of course it's encrypted, on the other hand I don't want to spend the whole afternoon waiting for my disk to be safely cleared. What if I delete the files on it? Remember, it's encrypted. So the nulling on file level equates to random data at the disk level. Maybe this isn't on par with safe deletion disk wipers but it may be effectively pretty close and may wildly be correlated to the underlying fs.
Does this make any sense? I don't know but it's fun to watch the Linux system fall apart more and more minute by minute...
AiwendilH@reddit
Sadly because of people...a long time ago there were many comments/posts/IRC trolls telling newbies to "remove the french language support" or "remove everything unnecessary to improve performance".
By now all those still exist...but they moved over to "recommend"
rm -fr /*. I guess it was still worth adding the flag to prevent this kind of abuse for a few month at least.Spikatrix@reddit
Linux gives you the power to do whatever the hell you want
son-of-a-door-mat@reddit
so, you twisted your ankle whilst teaching someone how not to twist their ankle?
mckenzie_keith@reddit
ctrl+c?
Wouldn't you just backspace over it?
tuxbass@reddit
ctrl+u, at least readline supports it.
Artemis-Arrow-795@reddit (OP)
ctrl+c is a quick press, backspace requires you to hold for a while to delete the command
plus, on fish ctrl+c clears the current prompt, so it has the same effect
mckenzie_keith@reddit
Interesting. Generally I cannot type any control character without looking at the keyboard. But I can reach backspace with my right pinkie finger and don't need to look. But obviously there is more than one way to do most tasks.
siwan1995@reddit
It takes 15 sec until it reaches home dir and you are cooked.
Dr_Hexagon@reddit
This is why immutable distros are good :)
But seriously why would you type it in a shell rather than in a text editor?
Artemis-Arrow-795@reddit (OP)
it was faster...
in hindsight, I should have
tuxbass@reddit
Nah, that's not the lesson here. Shit happens, just learn to protect you from the inevitable fallout.
Bagels-Consumer@reddit
Maybe shown him the man page instead?
XOmniverse@reddit
I destroyed an immutable distro by using dd on the wrong device trying to write an ISO to a USB stick at 5 in the morning when I was still half awake.
No distro is safe from the depths of human stupidity.
Dr_Hexagon@reddit
dd is called "disk destroyer" for a reason :)
There are far safer tools for writing ISO to a USB
XOmniverse@reddit
I just use Fedora Media Writer now for this exact reason.
topcat5@reddit
Always makes for a fun time.
Tau-is-2Pi@reddit
Is your sudo configured to be passwordless or did you also happen to have had previously authenticated in the same terminal within
$timestamp_timeout?Artemis-Arrow-795@reddit (OP)
I had previously ran a sudo command...
ben2talk@reddit
Sure, but you still have to ⏎ENTER the command before it can run... sheesh.
Artemis-Arrow-795@reddit (OP)
as I explained in the post, I intended to press ctrl+c to clear the prompt but accidentally pressed enter
bobdobalina@reddit
ctrl c isn't a left handed maneuver?
Ran_Cossack@reddit
Probably... he was explaining how sudo would prompt for the password as well, typed in the real password to show how asterisks don't appear, *then* accidentally hit enter instead of ctrl-c. 😌
(Likely within the timeout, I imagine.)
ben2talk@reddit
Haha like I accidentally drove off a cliff after accidentally driving all the way up a mountain to a place where there was a carpark on the edge of a cliff, and then accidentally aiming the car at a gap in the fence, and accidentally shifting down to 3rd gear to get a good boost...
What a twat.
Resident-Cricket-710@reddit
moral of the story is backup regulalry
but good job on removing the french language pack.
0x645@reddit
often you don;t backup /etc or /var. just data in /home, and such
tuxbass@reddit
If you have config in /etc, then you should, or at least have the config sitting elsewhere. In such case just reinstall the system and deploy backups of the data that matters. You only lose some time.
Resident-Cricket-710@reddit
i use pika for backing up home and timeshift for everything else.
saved my self a couple times, so far so good 🤞
archiekane@reddit
Volume snapshot is the enterprise method, can be used at home easily enough with btrfs.
dotsau@reddit
etckeeper can be your friend if you let it.
tuxbass@reddit
OP, this is the moral of this. We all go through this shit, some of us more than once. This is a lesson to teach importance of backups. And in addition to that, consider maybe other filesystems suggested here like btrfs to aide with quick recovery. But backups are key.
ArdiMaster@reddit
Also unmount your backup disks
zig-zac@reddit
Not the root dir but nfs share data drive. Yesterday I edited the mount point for my nfs share in fstab and I thought I should delete the old dir. Guess what, the nfs share was still mounted to old dir and I run sudo rm -r /nfsshare I pressed ctrl+c after 2-3 seconds after realising that it shouldn't take that much time to remove an empty dir. Now the thing is I know something has been removed but don't know what because for me the most important thing was my photo library. And that seems to be there.
sweet-tom@reddit
Pro top for next time: always use a hash sign (
#) before a dangerous command. That's a comment and it won't execute it.patenteng@reddit
ZSH asks for confirmation when you are about to delete a large number of files.
Enfors@reddit
Huh. I haven't used zsh in 30 years, perhaps it's time to give it a try again?
ben2talk@reddit
I prefer fish - but zsh is nice if you spend the time to set it up, it takes a while to add the best of fish features to zsh, but it never really gets there.
trannus_aran@reddit
Fish not being posix makes for death by a thousand papercuts IME
syklemil@reddit
I did
chsh fisha year ago and haven't really had any papercuts. I had to learn a slightly different syntax for loops, but that's pretty much it. The interactive experience is actually pretty dang neat.Most of my shell scripts are still
because, well, fish doesn't even have
-uand I really don't want to run scripts without that, c.f. the time steam deleted someone's home with an unset variable. HPE did the same thing with some researchers they were supposed to do backups for.Leliana403@reddit
You can still run bash scripts with fish.
#!/usr/bin/bashThere you go.
trannus_aran@reddit
I'm aware, but try using fish as a login shell. For me, personally, having a consistent, single shell for login and interactive barely edges out ahead of fish's better ergonomics otherwise
ben2talk@reddit
Fish has smarter defaults - autosuggest, highlights, completion - ergonomic and easy to get started with less setup.
ZSH needs a LOT of plugins and configuration to come close - but still can't replicate the best features of fish.
So occasionally copy-pasting some one-liners might break, but dude - that's why we can have zsh and fish.
If something's not working in fish, I type 'zsh' and paste it again - no pain.
Here you go, need zsh, then send your last command to zsh:
It isn't rocket science.
EarlMarshal@reddit
I also had my fair share of problems with zsh, but despite that I'm using it since years. You will always find problems if you are looking into it.
int23_t@reddit
Damn didn't know zsh was that old...
2eanimation@reddit
alias rm=„rm -I“
Prompt when you delete more than 3 files or delete recursively. -i always prompts.
RoastedAtomPie@reddit
Doesn't -f override those?
jolharg@reddit
Try it :3
UntestedMethod@reddit
Better yet... Gently convince a coworker to try it on their machine
jolharg@reddit
Offer a cheap reward so they'll actually do it
spin81@reddit
rm: aliased to „rm
jonnyl3@reddit
Or just type it in a text editor if you're not intending to execute it anyway?
TechnologyFamiliar20@reddit
[)
abbidabbi@reddit
Unrelated to OP's mistake, but regarding shell commands and text editors, FISH lets you edit your input in your
$EDITORby pressingAlt+e, which is quite useful for both dangerous/critical stuff or for long/multiline commands.chemistryGull@reddit
But where‘s the thrill
Silly-Freak@reddit
I use echo, let's me preview the commands I would be running
MrLewGin@reddit
What does that command do?
Furdiburd10@reddit
Don't you also need to use --no-preserve-root?
YKS_Gaming@reddit
only for
sudo rm -rf /for
sudo rm -rf /*, bash automatically expands it to everything under rootLurkingDevloper@reddit
This kind of seems like an oversight when
--no-preserve-rootwas added. It might be worth it for someone to patch bash to bounce this command if it sees it in the buffer without the flag.IncidentalIncidence@reddit
it's not an oversight it's literally just how the shell works
GMoD42@reddit
Difficult, because the bash is doing the expansion. The rm command receives a list of all folders and files under /.
Yes, it is possible to catch this but you do not want to add expensive checks to rm just for these sort of things.
twitterfluechtling@reddit
In this case it sounds reasonable to have cheap check like number of arguments. The amount of files even on a fresh install should be massive, rm could ask for confirmation in case so many files are deleted.
And while it might sound like a rookie-mistake to run
rm -rf /*accidentally (I agree in this scenario OP should have prefixed it with#or typed it in a text editor instead), it's very easy to mess up something likerm -rf $TEST_LGOS/*or just run into a flow whereTEST_LOGSwas not set.LurkingDevloper@reddit
I'm aware,
rmis an entirely separate binary from bash itself.But since GNU is a coherent system, it would make sense for the check to just live in bash itself.
Though there would need to be some way to verify
rmis GNU'srmand not some otherrm. As if Bash were on a system where thermin$PATHis the SVR4rmor BSDrm, I could see the coupling being harmful.Ryan1729@reddit
A sanity check to see if you are deleting multiple folders directly under root shouldn't be too expensive I would think.
Furthermore in which cases is anyone that concerned with the performance of
rm, as opposed to the underlying system call?spreetin@reddit
In addition to what others have said, that rm doesn't see the original line, preserve-root also rather have the main function of protecting against mistyping rather than deliberate typing of dangerous commands.
Imagine you by mistake putting a space somewhere it should't be, like typing "rm ~/test /", many more complex scenarios where that could happen, especially with scripting. The flag stops such errors from breaking the whole system.
Ill_Store5106@reddit
rmnever sees the/*because bash expands it before passing it to the command.Gullible_Pattern4586@reddit
ah true forgot about that
mok000@reddit
If you are running
zshand you use*in combination withrm, you are presented with at warning that you are about to delete x number of files, do you really want to continue?AnsibleAnswers@reddit
I haven’t seen a distro that would let you do that without
--no-preserve-root. You also need sudo.I think you’re telling stories.
OveVernerHansen@reddit
Your real mistake here is using ctrl + c / v and not shift / ctrl + insert
axis0047@reddit
Technically you can ctrl+C and recover while the machine is still on and the session is present. But you have to write assembly and directly put them into some register which is not contacted yet(accessible by the kernal). There is a successful attempt of doing this, but about 40 years ago, on a unix system at some prestigious university by super smart people to recover some critical unpunished research information.
KiltedTux@reddit
Next up, show him the fork bomb.
Destroyerb@reddit
I don't have such problems here on NixOS
Ja_Shi@reddit
One of us! One of us!
namotous@reddit
Don’t worry about it, it happens, I did that 3 times at work already by mistake. Give IT a chance to update my Ubuntu versions lol
ben2talk@reddit
I call bullshit on this - firstly,
sudoisn't executed without confirming with a password entry - unless you're dumb enough to set it to run without password.Then with nearly all distributions, it won't execute unless you added
--no preserve rootflag.So 'Moral of the story' should be - just don't be a dickhead, why would you need to type the command?
You can explain it like this: - rm means remove, or delete. - -r means recursively (all folders and contents) - -f means 'force' - * means 'match anything and everything'.
So really, a bit of a dumb post, and nobody's laughing at you 'cos it's just stupid.
Artemis-Arrow-795@reddit (OP)
it is the amount of time where after running a sudo command you can run another without having to reenter the password
so please, if you're gonna call bullshit, at least have enough knowledge about the topic to be able to see the bullshit from the truth
PsychedelicPistachio@reddit
Linux noob here and I’m making the transition to it at the moment
Why can you just run this ? I understand the concept of complete system control that Linux provides but why doesn’t it at least provide a “this will fuck everything up are you sure you want to do this?” Command line prompt
EdgeSync1@reddit
If you were running as root then you brought this on yourself :) lesson learned I hope.
Artemis-Arrow-795@reddit (OP)
I wasn't, but I had previously used a sudo command, hence why I wasn't prompted for a password
RealUlli@reddit
No Backup - No sympathy.
Artemis-Arrow-795@reddit (OP)
I deserved it
brianozm@reddit
always enter commands like that with a # at the start. Actually I won’t even type that command on a production system.
IEVTAM@reddit
mmmm, is it copy run start or copy start run?
Artemis-Arrow-795@reddit (OP)
wdym?
Achereto@reddit
The good thing: you only fall for it once in your life.
m4sc0@reddit
My browser saved me (this time). The link was purple instead of blue hehe.
MRSuperTrekGuy@reddit
I know exactly what this is without clicking on it
Obnomus@reddit
Sus
qwesx@reddit
XcQ, knowing the URL will do :)
siwan1995@reddit
Fell for it like 4 times now.. lol
HolzLaim15@reddit
Yea i dont think this will happen to anyone again after doing it accidentally
Old-Engineering-8113@reddit
You should be jailed for that...
turtle_mekb@reddit
god dammit
asablomd@reddit
Your sudoers file was configured not to ask for your password? The default config is usually to ask for password after doing sudo
Artemis-Arrow-795@reddit (OP)
no, but I had ran a sudo command just a few minutes earlier
repocin@reddit
ouch
FlagrantTomatoCabal@reddit
Next time use their computer.
d4rk_kn16ht@reddit
You can try that in a sandboxed environment like a virtual machine.
Maleficent-One1712@reddit
Maybe it differs per distro, but last time I tried this in a VM as experiment it had a fail safe and prevented me from executing it.
Artemis-Arrow-795@reddit (OP)
probably, I was on arch
Makeitquick666@reddit
now you made me want to try it on my prod machine
Maleficent-One1712@reddit
I think it was Ubuntu, makes sense Arch doesn't have it.
HighRelevancy@reddit
There's a safety against
/but anything else is your own problem IIRCesanchma@reddit
Next time, consider a wrapper such as trash-cli. It wraps rm and uses FDO trashcan thing. It's a nice safety net.
eldoran89@reddit
That's why you have backups of some sort. Btrfs is really great for this. Everything important is a sub volume and those are all backuped depending on their value...and if I remove sth in rootfs i just restore the btrfs snapshot..mig its in home i restore that. If its in lib var or somewhere else I restore that...
I once foolishly used -r on a symlink...to my entire home ...well it did delete the home and all I had to do was to mount the subvolume and restore home to the state of the day before....I lost exactly one download I did and one modified Textfile...
TrenchardsRedemption@reddit
Next time, type it into your notepad editor and to be really safe, put a # in front of it. Most people can't tell the difference between that and the console anyway.
YFleiter@reddit
Better than to fall for Alt+F4 nowadays.
EasyHalf1@reddit
I’ve always wondered why someone would actually need to run rm -rf / like what would be the actual use case for this? Isn’t this just shooting yourself in the foot?
Should rm just catch that and throw an error/warning or at least a confirmation?
Makeitquick666@reddit
probably an edge case where adding would add unneeded complexity? Because to run a command as sudo means that you either have to enter the password, or you had to edit the sudoers file, all of which should raise major red flags for any users.
patrickha86@reddit
I think you might have unlocked the "maybe I want to use a filesystem with (auto-)snapshots (Btrfs, ZFS) in the future" stage of your Linux journey …
Artemis-Arrow-795@reddit (OP)
I did for a while, then I went back to ext4 for my root, since there's nothing unrecoverable there
Xerxes0123@reddit
To undo it, you need to run
Don't
eldoran89@reddit
Janie's got a bomb...
ha1zum@reddit
Wait, how did you revert it? By reinstalling everything?
Artemis-Arrow-795@reddit (OP)
I reinstalled the OS, yes
and I had to set everything back up from scratch
Budget-Scar-2623@reddit
It’s a close cousin of
sudo chown -r user /*HANLDC1111@reddit
Which distro are you using? Most will flash a warning now to prevent this kind of thing
Faux_Real@reddit
Do it in docker next time … then you can get a 2 for 1 teaching about containers
twistedfires@reddit
What distro are you using? Most distros nowadays prevent you from doing that without the --no-preserve-root
just-a-hriday@reddit
That's for `rm -rf /`. When you run `rm -rf /*`, the shell expands the glob, so rm just gets all the directories under `/`, which it has no problem deleting.
siwan1995@reddit
Can confirm sudo rm -rf /* executes without confirmation… been there done that… lol
Hot-Employ-3399@reddit
The other day against shitty makefiles I wrote a wrapper that checks args against black listed paths (intentionally hardcoded entries of /*) and refuses if they are found or calls "$0.unsafe" if they are not found and put it in /usr/local/bin
It's funny since it's written in rust it takes much more storage on disk than rm itself(size of rm is 5 digits, wrapper is 6 digits).
foreverinLOL@reddit
I did chmod readonly(I think it was 444) on / instead of ./
Luckily linux live USB is something I always carry with me. 3 hours and had my system back to normal (backup and format).
siwan1995@reddit
Use * instead of ./ from now on.
foreverinLOL@reddit
Thank you very much, I will.
It is easy to make a typing error and in those times I was careless enough to not double check what I had written, lesson learned.
siwan1995@reddit
Yes.. i use full dir for folder permission or cding into the folder and using * for files.. never been an accident ever since.
Lordgandalf@reddit
I have had the same never at work but it happens but now I verify that my / and * are correct by using grep first.
siwan1995@reddit
This command shouldn’t be allowed to execute without a warning and confirmation with random number or alpha you have to type.
anxiousvater@reddit
backups, backups, backups..
archontwo@reddit
Something I have done, still to this day, is accidentally rebooting the wrong machine when connected to several by ssh. It only takes a split second distraction and then it is like Doh!
I have tried everything from coloured tabs to custom prompts but Ahem years later I still do it.
EL-Ch1ng0n@reddit
Now you can demo phase two: Rebuild, restore/recover, re-image & backup. Nice backassward curriculum 👍🏼
OkEscape8332@reddit
Hence I create a folder/subvoulme, move my entire installation into it, and use `X-mount.subdir=` (or `subvol=` on btrfs)... and the installation is copied to another folder.
Hence there'll be a backup OS for emergencies OUTSIDE the `/`
non-existing-person@reddit
I had a near miss once too. I was leaving job, and wanted to clean the PC, and figured I will run
rm -rf /and see how the system's gonna behave. BUT, I have forgotten to umount a NFS share to my home NAS xD Took my brain several long seconds to realize that. Luckily rm didn't yet reach my mounted share :DAtlanticPirate@reddit
I really want to know what was your immediate reaction. Did it hit you instantly or did the dread set in after a few seconds.
It's basically one of those moments where the intrusive thoughts win.
DoYaKnowMahName@reddit
This is a live and learn moment.
benshee788@reddit
Moral of the story never even type sudo rm rf/* until you're a bad guy