LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-14-2012, 08:00 PM   #1
YellowSnowIsBad
Member
 
Registered: Oct 2010
Posts: 48

Rep: Reputation: Disabled
rm protection


Is there any way to protect certain directories from deletion as root? Today I just installed a second distro along side arch and without due care I rm -rf * (my current working directory was /, I was half asleep). I was lucky that it didn't remove /boot (which has several kernels) or /home which is shared between distros and has some data that would be a pain in the ass to lose. It prompted me to make some changes to my mount, I now only mount partitions holding windows/arch/distroX/boot/foo as needed and with certain mounts (like boot) I can mount as ro.

There are two issues - the first being that I have a /home mount that is shared across distros. Since i need write access for the distro I have currently booted I cannot mount it as ro. Is there a sysctl setting I can use to mark some directories as read only? is there support in the kernel to do so? is there a patch that does so? The second is just /, it would be at least nice to be asked, first, if you want to rm -rf /, I doubt there are many instance where you would want to do that. Is there any protection available for these issues?

Thanks
 
Old 02-14-2012, 08:51 PM   #2
Dark_Helmet
Senior Member
 
Registered: Jan 2003
Posts: 2,786

Rep: Reputation: 370Reputation: 370Reputation: 370Reputation: 370
Well, I'm going to say some things that are basic philosophy type things.

The primary protections against this sort of thing are:

1. Don't run as root. Now, you don't say you were using root as your user account, but if you were, don't. Precisely what you describe (limiting a specific user's abilities) is why there are non-root accounts. If you weren't running as root, you wouldn't have been able to delete the directory at all. If you were using root to do some administrative things, then don't do those things when you are half-asleep. I know it's hard to pull yourself away--wanting to get that last task done before sleeping, but you shouldn't because being half-asleep will lead to problems like this.

2. Have a backup. That's their purpose: to recover from mistakes and/or hardware failures.



Secondary protections:

Quote:
The second is just /, it would be at least nice to be asked, first, if you want to rm -rf /, I doubt there are many instance where you would want to do that. Is there any protection available for these issues?
1. Alias your rm command (especially root's rm command) to 'rm -i'. In fact, most distros do this by default. This will ask you if you want to remove the file(s). This cannot protect you if you use "rm -f" which means "remove this without asking." So what you're asking for is a command that can read your mind. I'm not trying to be flippant about it by saying it that way. Though, that is basically what you're asking for. Get in the habit of using rm without the -f unless you are absolutely sure you want to delete the files--which is exactly what you told the system: that you were absolutely sure.

2. Mount filesystems that should be left alone as read only. Bear in mind that this won't protect filesystems that are mounted read-write. So, rm -rf * from / will kill everything not mounted as read-only.

Lastly, the chattr command might have something useful for you. Though again, I strongly suggest that you not resort to this but rather change your habits to be more in-line with the approaches listed above.
 
1 members found this post helpful.
Old 02-14-2012, 09:53 PM   #3
malekmustaq
Senior Member
 
Registered: Dec 2008
Location: root
Distribution: Slackware & BSD
Posts: 1,614

Rep: Reputation: 440Reputation: 440Reputation: 440Reputation: 440Reputation: 440
Quote:
Is there any way to protect certain directories from deletion as root?
With great power is equal responsibility. Being root is the privilege of lordship above the system (not below) so, be responsible in every action you propose. For this reason the *nix academy recommends running as $USER not as root for regular tasks.

Most people (like me learn this rule the hard way.

Mounting the / as ro can pose greater problem as /var /tmp /sys etc are constantly changing as system working space. You will need plenty of specified configurations, and so far I have not yet done or heard others doing it.

The shortest way is to switch the read-only inside the brain of the root user. That is-- be responsible to alter anything while root.

Hope it helps.
 
Old 02-15-2012, 07:55 PM   #4
YellowSnowIsBad
Member
 
Registered: Oct 2010
Posts: 48

Original Poster
Rep: Reputation: Disabled
Actually sudo and root can still do the same damage to an extent. I was root for a specific reason. Doesn't matter I have found safe-rm. There is also rm -I as an alias.

Last edited by YellowSnowIsBad; 02-15-2012 at 07:56 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
NX bit protection hamedn Linux - Security 6 10-16-2011 02:50 PM
Protection Knightron Linux - Security 11 02-03-2011 12:50 AM
Memory Protection jaypas Linux - Newbie 3 07-08-2010 12:40 PM
Thermal Protection... Super TWiT Linux - Hardware 5 01-08-2010 09:56 PM
Copy Protection sadafwaqas Linux - Newbie 1 05-16-2006 01:40 PM


All times are GMT -5. The time now is 04:22 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration