Dear All, Recovery finished more or less successfully. Time for summary ... I've got a lot of replies ... Too many to fully specify auhtors. At the end of this e-mail you'll find votes statistics. My short summary/commentary follows... There is no real firm way to prevent such disaster i.e. a way to block accidental recursive removing of whole filesystem by root. However Solaris10's rm is to forbid to remove recursively from / (i.e. /bin/rm -rf / will be refused). Most of you suggested aliasing rm to "rm -i". Many adviced to use sudo or RBAC ... Some agreed that creating file named like "-a or -i or -z" is safe and could be a good trick which may work in limited situations. Changing root home to /root is common practice but will not prevent against stupid admin. Someone suggested to write a kind of wrapper for rm (i.e. change rm to what_ever_you_like e.g. put rm in /usr/verysecure/bin/rm and in /usr/bin put a script called rm which would check for id=root if any of arguments is / or * or /usr or /var or ... and failing if it is true; in other case just execute /usr/verysecure/bin/rm). it looks clever but I'm not sure if is is secure and healthy to OS. Few of you wisely suggested that training and learning good habits is the only way to avoid such disaster, e.g admin should never use rm & *, admin before any rm should 3 times check pwd etc.. My additional note is that when you do backups on disk it should be umounted or mounted read_only after doing backup ... My note #2, for those who suggested cutting fingers, hands etc. You'll never knows what happens with you in a future ... Sometimes im maybe a white space between / and tmp/scratch (i.e "rm -r / tmp/scratch" instead of "rm -r /tmp/scratch"), other time you may mismatch controller numer of device when doing newfs ... We'll ask then about your fingers. Nevertheless: before rm always check pwd, never work in a hurry, never work very tired, good backup is your friend. Thanks again & best regards, GB ------------ In addition to my own comments I put a notes from Colin Bigam who gave most comprehensive reply. Thanks! From: Colin Bigam <colin_at_west.gecems.com> [...] There are several things wrong with your initial example. "su -" should (nearly) always be used instead of "su". \rm escapes any aliasing for the rm command, but doesn't specify where it is. Specify the full pathname for dangerous binaries, i.e. /bin/rm Also, your friend apparently didn't check their current path before issuing the command. I type 'pwd' more times than I can count, when I'm logged in as (or su - to) root. ALWAYS know what directory you're in when issuing commands that might modify files. This wouldn't matter if you replaced the * with a full pathname again, and not using 'tilde expansion.' So... #su - #pwd #/bin/rm -rf /home/username Or possibly; #su - #cd /home/username #pwd #/bin/rm -rf ./* Changing root's home directory can have some repurcussions (vipw fails), and is a debatable subject. Adding the '-z' file to each directory you want to save won't help much either. If you do "/bin/rm -rf *" in /, it won't recognise the -z in any subdirectories, such as /var or /usr. Also, it's dangerous to rely on "tricks" of any sort when you're playing with root. The only real trick is training. As root, use full pathnames, don't combine commands, don't use aliases, and don't set up conveniences that are going to cause harm when you go to work on another system that doesn't have them. Good luck with the restore. ------------------- ------------------------------------- ------------------- VOTES ------------------------------------- ------------------ ---------------------------------- forbid root access (or in other words "Don't let idiots have the root password.") +++ Use sudo or RBAC instead of su: ++++++ upgrade to Solaris 10 Solaris 10 has a built-in protection against this calamity: # rm -fr / rm of / is not allowed + Learn careful work + change root's home to /root ++++ allow root logins only on console + alias rm to /bin/rm -i +++++++ never issue "rm -rf * , use rm -rf absolute_path +++ train using "-f" only then it is really needed + cut out fingers anyone using " \rm -rf * " +++ alias su + create wrapper for the rm command which can just grep for a *, /* or whatever you want and deny the command + ------------------------------------------------------------------ _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Tue Apr 26 07:28:31 2005
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:46 EST