Is there any way to protect certain directories from deletion as root? Today I just installed a second distro along side arch and without due care I rm -rf * (my current working directory was /, I was half asleep). I was lucky that it didn't remove /boot (which has several kernels) or /home which is shared between distros and has some data that would be a pain in the ass to lose. It prompted me to make some changes to my mount, I now only mount partitions holding windows/arch/distroX/boot/foo as needed and with certain mounts (like boot) I can mount as ro.

There are two issues - the first being that I have a /home mount that is shared across distros. Since i need write access for the distro I have currently booted I cannot mount it as ro. Is there a sysctl setting I can use to mark some directories as read only? is there support in the kernel to do so? is there a patch that does so? The second is just /, it would be at least nice to be asked, first, if you want to rm -rf /, I doubt there are many instance where you would want to do that. Is there any protection available for these issues?

Thanks

Well, I'm going to say some things that are basic philosophy type things.

The primary protections against this sort of thing are:

1. Don't run as root. Now, you don't say you were using root as your user account, but if you were, don't. Precisely what you describe (limiting a specific user's abilities) is why there are non-root accounts. If you weren't running as root, you wouldn't have been able to delete the directory at all. If you were using root to do some administrative things, then don't do those things when you are half-asleep. I know it's hard to pull yourself away--wanting to get that last task done before sleeping, but you shouldn't because being half-asleep will lead to problems like this.

2. Have a backup. That's their purpose: to recover from mistakes and/or hardware failures.



Secondary protections:

1. Alias your rm command (especially root's rm command) to 'rm -i'. In fact, most distros do this by default. This will ask you if you want to remove the file(s). This cannot protect you if you use "rm -f" which means "remove this without asking." So what you're asking for is a command that can read your mind. I'm not trying to be flippant about it by saying it that way. Though, that is basically what you're asking for. Get in the habit of using rm without the -f unless you are absolutely sure you want to delete the files--which is exactly what you told the system: that you were absolutely sure.

2. Mount filesystems that should be left alone as read only. Bear in mind that this won't protect filesystems that are mounted read-write. So, rm -rf * from / will kill everything not mounted as read-only.

Lastly, the chattr command might have something useful for you. Though again, I strongly suggest that you not resort to this but rather change your habits to be more in-line with the approaches listed above.

1 members found this post helpful.

With great power is equal responsibility. Being root is the privilege of lordship above the system (not below) so, be responsible in every action you propose. For this reason the *nix academy recommends running as $USER not as root for regular tasks.

Most people (like me learn this rule the hard way.

Mounting the / as ro can pose greater problem as /var /tmp /sys etc are constantly changing as system working space. You will need plenty of specified configurations, and so far I have not yet done or heard others doing it.

The shortest way is to switch the read-only inside the brain of the root user. That is-- be responsible to alter anything while root.

Hope it helps.

Actually sudo and root can still do the same damage to an extent. I was root for a specific reason. Doesn't matter I have found safe-rm. There is also rm -I as an alias.