Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 25 Sep 2007 20:00:47 +0200 (CEST)
From:      Oliver Fromme <olli@lurza.secnetix.de>
To:        freebsd-current@FreeBSD.ORG, Masanori OZAWA <ozawa@ongs.co.jp>, Masanori OZAWA <ozawa@ongs.co.jp>
Subject:   Re: The safety expansion for FreeBSD rm(1)
Message-ID:  <200709251800.l8PI0lof013108@lurza.secnetix.de>
In-Reply-To: <46F905FD.9060208@freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Daichi GOTO wrote:
 > Have you any dreams that rm(1) autonomously judges target should
 > be remove or not?  To complexify system base command is objectionable
 > behavior but adding some little and simple mechanism to prevent a
 > issue is acceptable I suppose.

I think it could cause confusion for some users or admins.

It could also be dangerous.  I remember an emergency case
when /home was an NFS mount that was dead, i.e. every
process that tried to access something in /home just hung
forever in state "D" (disk wait).  During the emergency
actions on the serial console I also needed to use the
rm(1) command ...  Now if it tried to read ~/.rm, it would
have drawn me mouch deeper into trouble than I already
were.  :-)   True, the -f option would have prevented it,
_if_ I remembered before to use it.

A common precaution against accidental rm is to establish
a snapshot rotation system.  For example, create hourly
snapshots (with a cron job) and delete them automatically
after a while.  So if you accidentally remove something,
you can copy it back from the latest snapshot.  NetApp
Filers have such a feature built-in.  You can also easily
set it up yourself with ZFS, or even with UFS snapshots,
although the latter are a bit heavyweight, IMHO.

And finally, there is chflags(1).  If you know in advance
that certain files or directories must not be removed,
then "chflags schg" or "chflags uchg" them.  That's the
same effect as creating a ~/.rm file with your patch.

Another advantage of chflags(1) is that it also protects
against other kinds of damage.  For example when using
shell redirection ("echo > some/important/file"), cp, dd
or other commands.  In those cases chflags also offers
protection (and a snapshot would offer recovery), while
your patch only protects against rm and nothing else.

Just my 2 cents.

Best regards
   Oliver

-- 
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606,  Geschäftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün-
chen, HRB 125758,  Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart

FreeBSD-Dienstleistungen, -Produkte und mehr:  http://www.secnetix.de/bsd

"It combines all the worst aspects of C and Lisp:  a billion different
sublanguages in one monolithic executable.  It combines the power of C
with the readability of PostScript."
        -- Jamie Zawinski, when asked: "What's wrong with perl?"



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200709251800.l8PI0lof013108>