How prevent system-critical directories from getting deleted with safe-rm

Автор: | 23.05.2018

Sometimes we make mistakes. It’s not a matter of if, but when. The only hope is that the mistake made is recoverable. In the world of the data center, that hope can sometimes seem a bit desperate — especially when you accidentally delete something you shouldn’t have.

Such as the /etc, /usr, or /bin directories on a Linux server.

You might be chuckling to yourself, but it happens. When it does, you better hope you have a bare metal backup to recover from. Or, better yet, you can install a simple application that prevents the accidental deletion of certain system-critical directories. That application is safe-rm. What safe-rm does is whitelist particular directories, causing them to be ignored when the rm command attempts to delete them.

Outside of safe-rm, you could simply add an alias in your user .bashrc file such that the rm command will always run in interactive mode (aka rm -i). That alias would look like:

alias rm='rm -i'

This method, however, doesn’t stop you from saying «yes» to a removal. If you want to avoid that eventuality altogether, your best bet is a simple command named safe-rm. This command whitelists directories and always avoids touching them. The safe-rm command replaces the rm command (via an alias), to help you avoid disaster. With this in place, you could issue the command sudo rm -rf /usr and safe-rm wouldn’t touch that critical directory.

SEE: How to find files in Linux with grep: 10 examples (free PDF) (TechRepublic)

How do you make use of this handy tool? I’m going to show you how you can install and use safe-rm on pretty much any Linux machine (tested on both Ubuntu Server 16.04 and CentOS 7).

Installation

The first thing we must do is download and extract the necessary zip file. If you find your machine doesn’t have zip installed, it can be done with a command like sudo apt install zip or sudo yum install zip. With zip installed, download the file with the command:

wget https://github.com/kaelzhang/shell-safe-rm/archive/master.zip

Extract the file with the command:

unzip master.zip

Change into the newly created directory with the command cd shell-safe-rm-master. Now install with the command:

sudo make && sudo make install

Adding the necessary alias

Now we must add an alias to our .bashrc file. You’ll need to do this for any user that might run the rm command. Open the file with the command nano ~/.bashrc and add the following line (under the some more aliases section):

alias rm='safe-rm'

Configuring safe-rm

The configuration for safe-rm resides in the /etc/safe-rm.conf file. In this file you’ll find nothing but a listing of directories (one per line). Out of the box, all the standard critical directories are included. If you have other directories you want to ensure won’t be deleted, add them here.

Using safe-rm

You use safe-rm as you would the rm command. The only difference is that, should you try to remove a directory that has been whitelisted in /etc/safe-rm.conf, it will be skipped (Figure A).

Figure A

Figure A

The /usr directory is not deleted, thanks to safe-rm.

That’s all there is to using safe-rm.

No more accidental removal

Congratulations! You no longer have to worry that you might, during some random admin all-nighter, accidentally delete a mission-critical directory on your Linux data center servers. That’s a bit of assurance we could all use.

Also see:

Source

Добавить комментарий