From owner-freebsd-hackers@FreeBSD.ORG Sat Oct 2 21:22:55 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3F9DA16A4CE; Sat, 2 Oct 2004 21:22:55 +0000 (GMT) Received: from smtp1.server.rpi.edu (smtp1.server.rpi.edu [128.113.2.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 94F8F43D49; Sat, 2 Oct 2004 21:22:54 +0000 (GMT) (envelope-from drosih@rpi.edu) Received: from [128.113.24.47] (gilead.netel.rpi.edu [128.113.24.47]) by smtp1.server.rpi.edu (8.13.0/8.13.0) with ESMTP id i92LMpfk009461; Sat, 2 Oct 2004 17:22:53 -0400 Mime-Version: 1.0 X-Sender: drosih@mail.rpi.edu Message-Id: In-Reply-To: <20041002175704.GB2230@gothmog.gr> References: <20041002175704.GB2230@gothmog.gr> Date: Sat, 2 Oct 2004 17:22:50 -0400 To: Giorgos Keramidas , Lee Harr From: Garance A Drosihn Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-CanItPRO-Stream: default X-RPI-SA-Score: undef - spam-scanning disabled X-Scanned-By: CanIt (www . canit . ca) cc: freebsd-hackers@freebsd.org Subject: Re: Protection from the dreaded "rm -fr /" X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Oct 2004 21:22:55 -0000 At 8:57 PM +0300 10/2/04, Giorgos Keramidas wrote: >On 2004-10-02 21:23, Lee Harr wrote: > > > John Beck, who works for Sun, has posted an entry in his blog > > > yesterday about "rm -fr /" protection, which I liked a lot: > > > > > > http://blogs.sun.com/roller/page/jbeck/20041001#rm_rf_protection >> > > > > His idea was remarkably simple, so I went ahead and wrote this > > > patch for rm(1) of FreeBSD: > > >> How about: >> >> chflags sunlnk / >> ? > >Setting sunlink on / will only protect the / directory, not its >descendants, so you don't gain much. We could add a new flag "srunlnk", or maybe even "srm-r". The "rm" command will always have to stat() the file it is given (just to see if it is a directory), so it could check to see if this flag is turned on. If it is turned on, then 'rm' could refuse to honor any '-rf' request on that directory. I like the idea of *some* kind of protection for "rm -rf /", but I think it would be better as something more generally useful than protecting against that one single case. While I have typed in a few dozen disastrous "rm -rf" commands, I have never actually typed in "rm -rf /", so this particular seat belt would never have done me any good. By tieing the feature to a settable flag, then I would have the option to protect to other directories (if I wanted to add such protection). -- Garance Alistair Drosehn = gad@gilead.netel.rpi.edu Senior Systems Programmer or gad@freebsd.org Rensselaer Polytechnic Institute or drosih@rpi.edu