RFC: preventing accidental deletion of system directories - Debian

This is a discussion on RFC: preventing accidental deletion of system directories - Debian ; (Please CC me on your reply) Having recently deleted my /usr/lib by mistake (and gone through the pain of reinstalling all of my packages), I wrote a little Perl script which I have now aliased to "rm" in my .bashrc. ...

+ Reply to Thread
Results 1 to 19 of 19

Thread: RFC: preventing accidental deletion of system directories

  1. RFC: preventing accidental deletion of system directories

    (Please CC me on your reply)

    Having recently deleted my /usr/lib by mistake (and gone through the pain of
    reinstalling all of my packages), I wrote a little Perl script which I have
    now aliased to "rm" in my .bashrc.

    Basically, the wrapper (see attached file) has a blacklist which contains
    directories like /usr/lib, /home, /etc and removes those before passing its
    arguments to the real 'rm' command.

    I'm probably not the only person to have made this mistake and who wants to
    avoid doing it again. So I'm thinking of turning it into something that's
    useful to other people (probably packaging it in some form). If you have
    some ideas regarding things like:

    - how to get this script to be picked up before 'rm' in the PATH (including
    when using sudo) or whether it should be an alias in all of the shell
    global config files (like /etc/bash.bashrc)

    - where to find a good list of directories which should never be deleted

    - how to effectively disable it if one really wants to delete a system dir
    (for an alias, '\rm' does the trick, for a command in the path, maybe an
    environment variable?)

    - ways to detect directories expressed like "../../../usr/lib/../../usr/bin"

    - any other comments/suggestions you may have about the idea or the script

    Francois

    P.S. I realize that 'rm' is a low-level command which should do what it's
    told, but the reality is that a lot of people use it directly on a daily
    basis and can accidently hose their system. I don't want to implement a
    "command-line trashcan", but I'm looking for a way to prevent me from doing
    things I should never ask for (like 'rm -rf /usr/lib/').


  2. Re: RFC: preventing accidental deletion of system directories

    On Sat, Mar 22, 2008, Francois Marier wrote:
    > P.S. I realize that 'rm' is a low-level command which should do what it's
    > told, but the reality is that a lot of people use it directly on a daily
    > basis and can accidently hose their system. I don't want to implement a
    > "command-line trashcan", but I'm looking for a way to prevent me from doing
    > things I should never ask for (like 'rm -rf /usr/lib/').


    Should the solution be in rm? What about chattring the tree, or
    keeping a cp -aled version, or a backup?

    --
    Loďc Minier


    --
    To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  3. Re: RFC: preventing accidental deletion of system directories

    Hi,

    On Sat, 2008-03-22 at 22:16 +1300, Francois Marier wrote:
    > Basically, the wrapper (see attached file) has a blacklist which
    > contains
    > directories like /usr/lib, /home, /etc and removes those before
    > passing its
    > arguments to the real 'rm' command.


    While I'm sorry for you having to reinstall your system, I think that
    having such a wrapper as a default feature in Debian is absolutely
    ludicrous and should be avoided at all costs.

    Maybe asking "Are you sure you want to do this", but outright refusing
    to do something seems quite ridiculous to me.

    Also, what you would do is dpkg-divert /bin/rm, and then
    call /bin/rm.coreutils or whatever.

    William

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.6 (GNU/Linux)

    iD8DBQBH5NuioB+26npOQg4RApw8AJ0Y6UZFdk9vUIbk898cx4 msZI6oWACePFFQ
    MR0O6fLhdKuF8p/MGnaLApk=
    =wiDf
    -----END PGP SIGNATURE-----


  4. Re: RFC: preventing accidental deletion of system directories

    On Sat, Mar 22, 2008 at 05:12:50AM -0500, William Pit**** wrote:
    > On Sat, 2008-03-22 at 22:16 +1300, Francois Marier wrote:
    > > Basically, the wrapper (see attached file) has a blacklist which
    > > contains
    > > directories like /usr/lib, /home, /etc and removes those before
    > > passing its
    > > arguments to the real 'rm' command.

    >
    > While I'm sorry for you having to reinstall your system, I think that
    > having such a wrapper as a default feature in Debian is absolutely
    > ludicrous and should be avoided at all costs.
    >
    > Maybe asking "Are you sure you want to do this", but outright refusing
    > to do something seems quite ridiculous to me.


    Except, the question WAS ALREADY ASKED (kind of). The system does protect
    such directories pretty well already, by making them removable only by root.

    If you do file management as root, "rm -r" is likely to be used only if:
    * you herd vservers/chroots
    * you're restoring/messing with backups
    * you're moving directory hierarchies to another filesystem


    To get those Vistaesque questions, "alias rm='rm -i'" is surely not worth a
    package. It's slightly larger in scope, but only slightly, as removing
    files as root means you mess with system directories, right?

    --
    1KB // Microsoft corollary to Hanlon's razor:
    // Never attribute to stupidity what can be
    // adequately explained by malice.


    --
    To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  5. Re: RFC: preventing accidental deletion of system directories

    On Sat, Mar 22, 2008 at 05:12:50AM -0500, William Pit**** wrote:
    > Hi,
    >
    > On Sat, 2008-03-22 at 22:16 +1300, Francois Marier wrote:
    > > Basically, the wrapper (see attached file) has a blacklist which
    > > contains
    > > directories like /usr/lib, /home, /etc and removes those before
    > > passing its
    > > arguments to the real 'rm' command.

    >
    > While I'm sorry for you having to reinstall your system, I think that
    > having such a wrapper as a default feature in Debian is absolutely
    > ludicrous and should be avoided at all costs.
    >

    ditto

    > Maybe asking "Are you sure you want to do this", but outright refusing
    > to do something seems quite ridiculous to me.
    >

    Of course, knowing that I do such things on occasion, I have aliased
    'rm' to 'rm -i', so it will ask unless I pass '-f' along.

    > Also, what you would do is dpkg-divert /bin/rm, and then
    > call /bin/rm.coreutils or whatever.
    >

    This is only reasonable if it won't break things like 'make uninstall'
    or other scripts that expect that rm will be well behaved and do what it
    is told.

    Regards,

    -Roberto


    --
    Roberto C. Sánchez
    http://people.connexer.com/~roberto
    http://www.connexer.com

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.6 (GNU/Linux)

    iD8DBQFH5QZR5SXWIKfIlGQRAnciAKC19SLDsNhokrSqdBtN3B VCUPMH3QCfcdUT
    JpOiArKhyfCGaoGWepbAlnA=
    =tN2a
    -----END PGP SIGNATURE-----


  6. Re: RFC: preventing accidental deletion of system directories

    Hi,

    On Sat, 2008-03-22 at 13:51 +0100, Adam Borowski wrote:
    > To get those Vistaesque questions, "alias rm='rm -i'" is surely not
    > worth a
    > package. It's slightly larger in scope, but only slightly, as
    > removing
    > files as root means you mess with system directories, right?


    Yes, that's what I mean: what's wrong with making rm -i the default
    behaviour? We could do that by simply patching coreutils.

    William

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.6 (GNU/Linux)

    iD8DBQBH5XEYoB+26npOQg4RAl+aAKDClhQQvlwC7443mUN+t5 4+X2wWzACfZSej
    Ub6Tfqb2B763WN5OayJ0O88=
    =jL1V
    -----END PGP SIGNATURE-----


  7. Re: RFC: preventing accidental deletion of system directories

    On Sat, Mar 22, 2008 at 10:16 AM, Francois Marier wrote:
    > Having recently deleted my /usr/lib by mistake (and gone through the pain of
    > reinstalling all of my packages), I wrote a little Perl script which I have
    > now aliased to "rm" in my .bashrc.


    At one point I set my system up so that several key directories had
    the immutable bit set do you couldn't change them. Ofcourse, I still
    wanted upgrades to work so I used APT hooks to remove the bits prior
    to installing and add them back afterwards.

    It was a proofof concept, but it worked.

    Have a nice day,
    --
    Martijn van Oosterhout http://svana.org/kleptog/


    --
    To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  8. Re: RFC: preventing accidental deletion of system directories

    William Pit**** wrote:
    > Hi,
    >
    > On Sat, 2008-03-22 at 13:51 +0100, Adam Borowski wrote:
    >> To get those Vistaesque questions, "alias rm='rm -i'" is surely not
    >> worth a
    >> package. It's slightly larger in scope, but only slightly, as
    >> removing
    >> files as root means you mess with system directories, right?

    >
    > Yes, that's what I mean: what's wrong with making rm -i the default
    > behaviour? We could do that by simply patching coreutils.
    >
    > William


    And, after this change, each system script that uses rm will ask user
    for the confirmation?

    --
    Eugene V. Lyubimkin aka JackYF, Ukrainian C++ developer.


    --
    To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  9. Re: RFC: preventing accidental deletion of system directories

    William wrote:
    >
    >On Sat, 2008-03-22 at 13:51 +0100, Adam Borowski wrote:
    >> To get those Vistaesque questions, "alias rm='rm -i'" is surely not
    >> worth a
    >> package. It's slightly larger in scope, but only slightly, as
    >> removing
    >> files as root means you mess with system directories, right?

    >
    >Yes, that's what I mean: what's wrong with making rm -i the default
    >behaviour? We could do that by simply patching coreutils.


    Christ, no. If you want Fedora you know where to find it.

    --
    Steve McIntyre, Cambridge, UK. steve@einval.com
    "This dress doesn't reverse." -- Alden Spiess


    --
    To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  10. Re: RFC: preventing accidental deletion of system directories

    Hi,

    On Sun, 2008-03-23 at 00:08 +0000, Steve McIntyre wrote:
    > Christ, no. If you want Fedora you know where to find it.


    I was being sarcastic. But it's certaintly better than making some
    script the default.

    Optimally no change to rm is best unless you opt in.

    William

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.6 (GNU/Linux)

    iD8DBQBH5eJGoB+26npOQg4RAkWUAJ0TIbwkdXyj1AkkMEcFvB 7Q3sqhQACgivAs
    gRCcW0bq5fh7V3iBLpGhxHg=
    =ofMn
    -----END PGP SIGNATURE-----


  11. Re: RFC: preventing accidental deletion of system directories

    On Sat, Mar 22, 2008 at 03:50:32PM -0500, William Pit**** wrote:
    > Hi,
    >
    > On Sat, 2008-03-22 at 13:51 +0100, Adam Borowski wrote:
    > > To get those Vistaesque questions, "alias rm='rm -i'" is surely not
    > > worth a
    > > package. It's slightly larger in scope, but only slightly, as
    > > removing
    > > files as root means you mess with system directories, right?

    >
    > Yes, that's what I mean: what's wrong with making rm -i the default
    > behaviour? We could do that by simply patching coreutils.


    Or we could enforce most system directories to be mounted read-only, and
    have dpkg remount then rw when it needs write access.

    Mike


    --
    To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  12. Re: RFC: preventing accidental deletion of system directories

    On Sat, 22 Mar 2008 22:16:12 +1300,
    Francois Marier wrote:
    > - how to get this script to be picked up before 'rm' in the PATH (including
    > when using sudo) or whether it should be an alias in all of the shell
    > global config files (like /etc/bash.bashrc)


    Call the script directly.

    > - where to find a good list of directories which should never be deleted


    This should be configurable by the user.

    > - how to effectively disable it if one really wants to delete a system dir
    > (for an alias, '\rm' does the trick, for a command in the path, maybe an
    > environment variable?)


    Call rm directly.

    > - ways to detect directories expressed like "../../../usr/lib/../../usr/bin"


    realpath in Cwd.pm may be what you want.

    > - any other comments/suggestions you may have about the idea or the script


    The script should handle options of rm rather than assume all arguments
    are file names. I want to do rm -r some_dir.

    --
    Oohara Yuuma

    If we know when, can we do it right?
    --- TAITO "Ray Crisis"


    --
    To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  13. Re: RFC: preventing accidental deletion of system directories

    * William Pit**** [080322 21:49]:
    > Yes, that's what I mean: what's wrong with making rm -i the default
    > behaviour? We could do that by simply patching coreutils.


    The biggest problem with rm -i is that there is no switch reverting it.
    There is -f, but that means deleting everything, and does not switch
    back to the current default, which is to make possible dangerous things
    interactive (deleting ro, ...) while normal deletions are not made
    harder.

    -i by default is a very bad decision, as -i asks even for single file
    deletions, so people are trained to answer y every time they do
    something, so will also answer y without reading the message when they
    do something. (or to always do rm -f)

    Switching to a bad default without adding a way to revert to a sane
    default just means everyone will hate you.

    Hochachtungsvoll,
    Bernhard R. Link


    --
    To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  14. Re: RFC: preventing accidental deletion of system directories

    On Sat, Mar 22, 2008 at 09:14:57AM -0400, Roberto C. Sánchez wrote:
    > Of course, knowing that I do such things on occasion, I have aliased
    > 'rm' to 'rm -i', so it will ask unless I pass '-f' along.


    Speaking from experience, this kind of behavior makes people use "rm -f" all
    the time, which means that you won't get a warning when you _really_ want it
    (for instance, a read-only file).

    Security by dialog boxes: It's not the way to go.

    /* Steinar */
    --
    Homepage: http://www.sesse.net/


    --
    To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  15. Re: RFC: preventing accidental deletion of system directories

    On Sat, Mar 22, 2008 at 03:50:32PM -0500, William Pit**** wrote:
    > Hi,
    >
    > On Sat, 2008-03-22 at 13:51 +0100, Adam Borowski wrote:
    > > To get those Vistaesque questions, "alias rm='rm -i'" is surely not
    > > worth a
    > > package. It's slightly larger in scope, but only slightly, as
    > > removing
    > > files as root means you mess with system directories, right?

    >
    > Yes, that's what I mean: what's wrong with making rm -i the default
    > behaviour? We could do that by simply patching coreutils.
    >
    > William


    Go away and learn: there have been whole flamewars on this subject

    Red Hat (if I remember correctly) used to alias rm automatically to rm
    -i . The savvy users used to unalias rm before using it.

    If, when you run as root, rm always asks - you get used to it. You move
    to a different system where there is no alias or someone has turned it
    off - and suddenly rm MEANS rm with no breathing space.

    Much better, in my opinion which is shared by some others, to _always_
    have rm as rm. There's nothing to stop the cautious explicitly calling
    rm as rm -i anyway - but when you need to delete large numbers of files,
    rm -i is a _real_ nuisance.

    AndyC


    --
    To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  16. Re: RFC: preventing accidental deletion of system directories

    On 23/03/2008, Andrew M.A. Cater wrote:
    > On Sat, Mar 22, 2008 at 03:50:32PM -0500, William Pit**** wrote:
    > > Hi,
    > >
    > > On Sat, 2008-03-22 at 13:51 +0100, Adam Borowski wrote:
    > > > To get those Vistaesque questions, "alias rm='rm -i'" is surely not
    > > > worth a
    > > > package. It's slightly larger in scope, but only slightly, as
    > > > removing
    > > > files as root means you mess with system directories, right?

    > >
    > > Yes, that's what I mean: what's wrong with making rm -i the default
    > > behaviour? We could do that by simply patching coreutils.
    > >
    > > William

    >
    > Go away and learn: there have been whole flamewars on this subject
    >
    > Red Hat (if I remember correctly) used to alias rm automatically to rm
    > -i . The savvy users used to unalias rm before using it.
    >
    > If, when you run as root, rm always asks - you get used to it. You move
    > to a different system where there is no alias or someone has turned it
    > off - and suddenly rm MEANS rm with no breathing space.
    >
    > Much better, in my opinion which is shared by some others, to _always_
    > have rm as rm. There's nothing to stop the cautious explicitly calling
    > rm as rm -i anyway - but when you need to delete large numbers of files,
    > rm -i is a _real_ nuisance.
    >
    > AndyC
    >
    >


    I've made my mistakes with rm - and tried to learn from them. I see
    no reason why we should default to rm -i . The alias is easy enough
    to set up if one needs it and one can still royally muck things up
    with rm -rf or \rm.

    I agree that it could create problems for those used to rm -i when
    they encounter a pure rm machine but I think it is therefore better
    that people learn to alias commands and the limitations and get
    arounds of that alisasing.

    In *nix based systems rm has always meant rm - deleting files does just that.
    The KDE Desktop provides the option to keep this functionality or have
    temporary trash can on the desktop. However, you don't get the option
    of a trashcan on the command line - unless you want to write your own
    script for it.

    Regards

    Lesley


    --
    To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  17. Re: RFC: preventing accidental deletion of system directories

    I demand that Andrew M.A. Cater may or may not have written...

    > On Sat, Mar 22, 2008 at 05:12:50AM -0500, William Pit**** wrote:

    [snip]
    >> Maybe asking "Are you sure you want to do this", but outright refusing
    >> to do something seems quite ridiculous to me.


    > Of course, knowing that I do such things on occasion, I have aliased 'rm'
    > to 'rm -i', so it will ask unless I pass '-f' along.


    You have another option, "\rm", which will always give you unaliased "rm".

    [snip]
    --
    | Darren Salt | linux or ds at | nr. Ashington, | Toon
    | RISC OS, Linux | youmustbejoking,demon,co,uk | Northumberland | Army
    |

    As easy as 3.14159265358979323846264338327950288419716...


    --
    To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  18. Re: RFC: preventing accidental deletion of system directories

    On Sun, Mar 23, 2008 at 04:55:52PM +0000, Lesley Binks wrote:
    > In *nix based systems rm has always meant rm - deleting files does just that.
    > The KDE Desktop provides the option to keep this functionality or have
    > temporary trash can on the desktop. However, you don't get the option
    > of a trashcan on the command line - unless you want to write your own
    > script for it.


    There were some libraries which can be "activated" with LD_PRELOAD.
    Two of them:
    http://homepage.esoterica.pt/~nx0yew/delsafe/
    http://hpux.connect.org.uk/hppd/hpux....2/readme.html


    --
    To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  19. Re: RFC: preventing accidental deletion of system directories

    On Sun, 2008-03-23 at 18:54 +0100, Milan P. Stanic wrote:
    > On Sun, Mar 23, 2008 at 04:55:52PM +0000, Lesley Binks wrote:
    > > In *nix based systems rm has always meant rm - deleting files does justthat.
    > > The KDE Desktop provides the option to keep this functionality or have
    > > temporary trash can on the desktop. However, you don't get the option
    > > of a trashcan on the command line - unless you want to write your own
    > > script for it.

    >
    > There were some libraries which can be "activated" with LD_PRELOAD.



    Even "better": add them to /etc/ld.so.preload and they apply
    system-wide.

    I would say filesystem snapshots are the neatest way to allow undoing
    deletion, though.

    Ben.

    --
    Ben Hutchings
    Teamwork is essential - it allows you to blame someone else.

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.6 (GNU/Linux)

    iD8DBQBH7FcE79ZNCRIGYgcRAnuyAJwLuQaSd/Ex/ZwY0tFDGiqCoBBcBQCgzN0M
    dn2TIbNqWkas6aJWFsiyabg=
    =NJ1X
    -----END PGP SIGNATURE-----


+ Reply to Thread