防止rm -rf /误删除的方法
概述
rm -rf /意味着擦除根路径/下挂载的所有内容而无需询问。rm -rf /命令在Linux下执行后,就是一场灾难。
警告
☢️☢️☢️请不要在生产环境执行rm -rf /命令!!!!
为了防止这种误删除操作,找了很多办法,有建议回收站机制、也有说给重要目录设置权限等等方法、还有替换rm删除命令的方法;总结了一下,还是觉得禁用rm命令,并设置安全删除命令 safe-rm 和垃圾回收机制trash-cli。
safe-rm安全删除命令
safe-rm,它具有 rm 命令的所有功能,不过 safe-rm 命令可以设置路径黑名单,也就是说在黑名单中的目录或文件将不会被删除;我们把 rm 命令禁用,之后执行 safe-rm 命令,也就不会误删除黑名单中的目录或文件了。
safe-rm 的官网:https://repo.or.cz/w/safe-rm.git
safe-rm README文档
sh
safe-rm - https://launchpad.net/safe-rm
prevention of accidental deletions using a directory blacklist
Copyright (C) 2008-2014 Francois Marier <francois@fmarier.org>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
How to use
-----------
Once you have installed safe-rm on your system (see INSTALL), you will need to
fill the system-wide or user-specific blacklists with the paths that you'd like
to protect against accidental deletion.
The system-wide blacklist lives in /etc/safe-rm.conf and you should probably add
paths like these:
/
/etc
/usr
/usr/lib
/var
The user-specific blacklist lives in ~/.config/safe-rm and could include things like:
/home/username/documents
/home/username/documents/*
/home/username/.mozilla
Other approaches
-----------------
If you want more protection than what safe-rm can offer, here are a few suggestions.
You could of couse request confirmation everytime you delete a file by putting this in
your /etc/bash.bashrc:
alias rm='rm -i'
But this won't protect you from getting used to always saying yes, or from accidently
using 'rm -rf'.
Or you could make use of the Linux filesystem "immutable" attribute by marking (as root)
each file you want to protect:
chattr +i file
Of course this is only usable on filesystems which support this feature.
Here are two projects which allow you to recover recently deleted files by trapping
all unlink(), rename() and open() system calls through the LD_PRELOAD facility:
delsafe
http://homepage.esoterica.pt/~nx0yew/delsafe/
libtrashcan
http://hpux.connect.org.uk/hppd/hpux/Development/Libraries/libtrash-0.2/readme.html
There are also projects which implement the FreeDesktop.org trashcan spec. For example:
trash-cli
http://code.google.com/p/trash-cli/
Finally, this project is a fork of GNU coreutils and adds features similar to safe-rm
to the rm command directly:
http://wiki.github.com/d5h/rmfd/下载
sh
[root@localhost ~]# wget https://launchpad.net/safe-rm/trunk/0.12/+download/safe-rm-0.12.tar.gz解压
sh
[root@localhost ~]# tar -zxvf safe-rm-0.12.tar.gz查看rm存放的路径
sh
[root@localhost ~]# whereis rm
/usr/bin/rm查看PATH环境变量
sh
[root@localhost ~]# echo $PATH
/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin复制safe-rm到$PATH某个目录下
复制safe-rm到/usr/local/bin目录下(将 safe-rm放在 $PATH中比原rm程序靠前的位置):
sh
[root@localhost ~]# cp ~/safe-rm-0.12/safe-rm /usr/local/bin/safe-rm创建配置文件
- 创建
/etc/safe-rm.conf,设置路径黑名单,将重要文件或者目录的完整路径输入进去保存就可以了,每条以回车分隔:
sh
[root@localhost ~]# touch /etc/safe-rm.conf
[root@localhost ~]# cat /etc/safe-rm.conf
/
/bin
/boot
/dev
/etc
/home
/initrd
/lib
/proc
/root
/sbin
/sys
/usr
/usr/bin
/usr/include
/usr/lib
/usr/local
/usr/local/bin
/usr/local/include
/usr/local/sbin
/usr/local/share
/usr/sbin
/usr/share
/usr/src
/var
/etc/safe-rm.conf
[root@localhost ~]#测试删除
- 测试
safe-rm命令,safe-rm会跳过/etc/safe-rm.conf中配置的目录或文件(最好先找个测试目录进行实验,别弄不好成灾难了....):
sh
[root@localhost ~]# echo "/a/b/c" >> /etc/safe-rm.conf
[root@localhost ~]# mkdir -p /a/b/c
[root@localhost ~]# safe-rm -rm /a/b/c
safe-rm: skipping /a/b/ctrash-cli垃圾回收机制
trash-cli是一个使用python开发的软件包,包含trash-put、trash-rm、trash-list、trash-restore、trash、trash-empty等命令,我们可以通过这些命令,将文件移动到回收站,或者还原删除了的文件。
trash-cli提供以下命令:
trash-puttrash files and directories. 将文件或目录移入回收站trash-emptyempty the trashcan(s). 清空回收站trash-listlist trashed files. 列出回收站中的文件trash-restorerestore a trashed file. 还原回收站中的文件trash-rmremove individual files from the trashcan. 删除回收站中的单个文件
参考:https://github.com/andreafrancia/trash-cli
简易安装
依赖:
- Python 2.7 or Python 3
- setuptools
安装命令:
sh
[root@localhost ~]# easy_install trash-cli源码安装
安装命令:
sh
[root@localhost ~]# git clone https://github.com/andreafrancia/trash-cli.git
[root@localhost ~]# cd trash-cli
[root@localhost ~]# python setup.py install使用方法
删除文件:
sh
[root@localhost ~]# trash-put foo列出回收站中的文件:
sh
[root@localhost ~]# trash-list
2008-06-01 10:30:48 /root/bar
2008-06-02 21:50:41 /root/bar
2008-06-23 21:50:49 /root/foo搜索回收站:
sh
[root@localhost ~]# trash-list | grep foo
2007-08-30 12:36:00 /root/foo
2007-08-30 12:39:41 /root/foo恢复回收站中的文件:
sh
[root@localhost ~]# trash-restore
0 2007-08-30 12:36:00 /root/foo
1 2007-08-30 12:39:41 /root/bar
2 2007-08-30 12:39:41 /root/bar2
3 2007-08-30 12:39:41 /root/foo2
4 2007-08-30 12:39:41 /root/foo
What file to restore [0..4]: 4
$ ls foo
foo清空回收站:
sh
[root@localhost ~]# trash-empty删除回收站中<days>天前的文件:
sh
[root@localhost ~]# trash-empty <days>示例:
sh
[root@localhost ~]# date
Tue Feb 19 20:26:52 CET 2008
[root@localhost ~]# trash-list
2008-02-19 20:11:34 /home/einar/today
2008-02-18 20:11:34 /home/einar/yesterday
2008-02-10 20:11:34 /home/einar/last_week
[root@localhost ~]# trash-empty 7
[root@localhost ~]# trash-list
2008-02-19 20:11:34 /home/einar/today
2008-02-18 20:11:34 /home/einar/yesterday
[root@localhost ~]# trash-empty 1
[root@localhost ~]# trash-list
2008-02-19 20:11:34 /home/einar/today仅删除匹配的文件:
[root@localhost ~]# trash-rm *.o
Note: you need to use quotes in order to protect the pattern from shell expansion.(你需要使用引号来保护模式免受shell扩展。)配置~/.bashrc禁用rm命令
在~/.bashrc中重命名rm:
sh
[root@localhost ~]# cat ~/.bashrc|grep 'trash-put'
alias rm='echo -e "Info:\033[31mrm can not be used, please use \033[32msafe-rm\033[0m or \033[32mtrash-put\033[0m\n"'
[root@localhost ~]# source ~/.bashrc
[root@localhost ~]# rm
Info:rm can not be used, please use safe-rm or trash-put禁止所有人使用rm命令
在/etc/bashrc中增加重命名:
sh
[root@localhost ~]# tail -n 5 /etc/bashrc
alias rm='echo -e "Info:\033[31mrm can not be used, please use \033[32msafe-rm\033[0m or \033[32mtrash-put\033[0m\n"'
alias v.='vi ~/.bashrc'
alias s.='source ~/.bashrc && echo "reload OK"'在/etc/bashrc中配置后,使用rm命令就会提示使用safe-rm或trash-put命令进行删除操作。
使用rm命令时的提示如下:
参考文献: