A “practical” good command that I can’t try?
Hello, I’m fishskin.
In the programming world, there is a well-known practical Linux command: rm -rf /.
It is said that this command, once successfully executed, will bring happiness to people and is a good and kind command, so I like to call it the Happiness Command.
This command deletes all files on the server. Is an extremely dangerous command!
We’ve probably heard a lot about data erasers and runaways before, and part of the culprit is this command.
Two weeks ago, I just bought a brand new cloud server and showed you how to build an application development environment. To my surprise, some friends even urged me to type the “happiness command” on the spot to see what would happen.
I have to try something so exciting, you know?
So, I open the terminal, connect to the server, and type in the happiness command. And, must do must do absolutely a little bit, I even opened three clients at the same time, intends to input the command at the same time, three times happy!
OK, take off 🛫!
Instead of deleting the data, a warning pops up saying no!
I’m sorry to disappoint you
In fact, before knocking this line command, I was not worried, because I believe that Tencent cloud server can not even this point of security are not.
So, how do you prevent the bad effects of the happiness mandate?
Here’s a simple way to share what I’ve learned
How do I prevent the RM -rf command?
There are a lot of ways to do this. I have a simple outline:
Good habits
First of all, the most people using the server is certainly our own, so we should first develop good use habits, protect the server, start from me.
Regular backup
To prevent data (such as databases, user files, and configuration files) on the server from being deleted, you can periodically download important files on the server to the local PC or synchronize them to other storage Spaces. You can use the crontab command or a tool to automatically synchronize the files.
Alternative command
To prevent the adverse impact caused by the unexpected RM command, you can use this command as little as possible and use other commands instead of deleting the command.
For example, the mv command is used to move files or rename files. You can create a directory similar to the recycle bin and throw the files to it.
#Create a recycle bin directory
mkdir trash
#Move files to the recycle bin
mv file.txt trash
Copy the codeFor files that may be needed later, you can add the suffix.bak to the file to indicate backup.
mv file.txt file.txt.bak
Copy the codeHowever, even if you have developed good habits, sometimes you may be careless and accidentally delete files by typing the RM command.
Don’t panic. There are safer ways.
Alias Alias
The alias command in Linux is used to set aliases for directives, sort of like object references.
For example, I could have created a directory using the mkdir command, but if I found the command difficult to memorize, I could have given it a different name:
alias md=mkdir
Copy the codeWe can then use the MD command to create the directory.
Similarly, we can set the rm command to alias another command to prevent the original delete function.
Bashrc: bashrc: bashrc: bashrc: bashrc: bashrc: bashrc
cat /root/.bashrc
Copy the codeYou can see the following code:
# .bashrc
# User specific aliases and functions
alias rm='rm -i'
alias cp='cp -i'
alias mv='mv -i'
Copy the codeThe system has configured an alias for the rm command. When we enter rm, the actual execution is rm -i. The -i parameter asks us whether to delete the command.
Manual recycle bin
Using the alias command, we can automatically redirect the rm command to put the file in the recycle bin directory as follows:
Start by modifying the.bashrc file:
vim ~/.bashrc
Copy the codeAppend the following code to the end of the file:
# Create a. Trash hidden directory
mkdir ~/.trash
Use the alias del instead of rm
alias rm=del
Change the rm command to mv
del()
{
mv $@ ~/.trash/
}
Copy the codeSave and exit, then type the following command for the changes to take effect:
source ~/.bashrc
Copy the codeThen execute rm command, it will automatically move to the recycle bin directory!
trash
In addition to writing your own manual recycle bin scripts, you can use the off-the-shelf open source project Trash, which Mac users can install with a single command and be happy to use.
Project address: github.com/ali-rantaka…
Rights management
The above method is generally sufficient for individual server users, but if it is a team development, many people are operating on a server at the same time, it is difficult to say who suddenly deleted files and ran away, right?
Therefore, it is best to set reasonable permissions for files on the server. The common ways are as follows.
Modifying file Permissions
In the most direct way, directly use the chmod command to modify the read, write, and execute permissions of specified files, such as the following command:
chmod 700 file.txt
Copy the codeOnly the user who creates the file can read and write the file.
chattr
The Chattr command in Linux is short for Change Attribute, which is used to Change the attributes of a file and prevent files and directories from being deleted or modified accidentally.
For example:
sudo chattr +i file.txt
Copy the codeThe “unmodifiable” attribute is appended to the file using the + I parameter. The file cannot be deleted, renamed, linked, or written to or added to. This parameter can be described as a magic weapon to improve system security!
Let’s try it out:
The deletion failed, indicating that the operation was not allowed.
To protect directories, just add -r:
sudo chattr -R +i myDir
Copy the codeSet the sudo permission
Sudo is a common Linux command that can be executed temporarily as the root user (super administrator).
If you give an ordinary user super administrator status, he can do anything, it is very dangerous ah!
So you can use visudo command to modify the permissions of ordinary users when using sudo command.
Enter Visudo and it will automatically enter the edit of /etc/sudoers file and try to append a line:
dog localhost=/bin/rm /file/*
Copy the codeThis means that user Dog can only delete files in the /file directory, not at will.
Lshell
Another open source Linux security artifact, Lshell, can be used to build a limited Linux script execution environment.
Project address: github.com/ghantoos/ls…
Once installed with a single command, you can modify its configuration file /etc/lshell.conf to manage user behavior.
For example, disable user yupi from using the rm command to prevent the user from deleting files and running away:
[yupi] allowed = 'all' - ['rm']
Copy the codeUnder normal circumstances, the above so many measures are enough protection, but also relatively simple.
But in the end, don’t try this command lightly. I’ll sleep in a junkyard tomorrow!
Finally, I will send you some learning resources to help me get the offer of big factory, up to 6 T!
Gone! Leave 6 terabytes of resources!
How did I get the offer from Tencent, Byte and other big factories through self-study? You can read this article and no longer feel confused!
I learn computer four years, mutual encouragement!
I am fish skin, like or request, I wish you all can be happy, make a fortune, the line of great luck.
