Solved

Restrict "rm -rf *" command in Linux/Unix ?

Posted on 2009-05-06
6
1,962 Views
Last Modified: 2013-12-16
Hi All,

Can anyone suggest me how to restrict the "rm -rf *" command.

I want to restrict some users accidently typing the "rm -rf *" command from a login at unintended directory. (Say if i want to delete log files in log directory and uses "rm -rf *" command and later found out that i was in HOME ?????)

I tried <<alias rm "rm -i">>. The above command interactively asks me before deleting.
But the problem comes when the -f option is used. It overrides others and just deletes.

Just needs to know, how i can restrict this command.

Thanks for your valuable suggestions...
0
Comment
Question by:satishex
6 Comments
 
LVL 15

Expert Comment

by:Haris Djulic
ID: 24323060
maybe you can try with the sudo command + sudoers file... i that file you can restrict/allow commands per user, group, host.

more details can be found here

http://linux.about.com/od/commands/l/blcmdl8_sudo.htm

0
 
LVL 29

Expert Comment

by:fosiul01
ID: 24323164
Hi yah
normal user who does not have root priviligies would not able to delete any log file , he would only able to delete his own home directory file and the file he created

so all those user you are talking about, are the root priviligies user ?? in that case you would not be able to restrict them

only way to use sudo file as samo4fun said
0
 
LVL 5

Accepted Solution

by:
0ren earned 30 total points
ID: 24323322
you can create a script named rm and replace the original rm.
inside the new script create if condition that check and pass the flags to the rm.

0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 14

Assisted Solution

by:small_student
small_student earned 20 total points
ID: 24325024
There are some othe solutions you might make use of

1- use the sticky bit , it will prevent any one from deleting a file if he is not he owner , even if the file had rwx for other

chmod 1777 /pubdir

2- use extended attributes imune bit, it prevents a file from being modified , deleted or linked

chattr +i filename

0
 
LVL 30

Expert Comment

by:Kerem ERSOY
ID: 24325948
It seesm to me that all users are logging on using the same account. If this is the case try to create separate accounts for all the users and try further restrict  their file owning rights.

Make sure that they go root using su / sudo only but not login as root.

Make use od Sticky bit if a directory contains files from different users.

Apart from that feed them with enuogh coffee to ensure that they have at least RDA amount of caffeine and kept awake during their shift :)
0
 

Author Comment

by:satishex
ID: 24327119
Thanks all for your valuable replies :-)
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
Have you ever been frustrated by having to click seven times in order to retrieve a small bit of information from the web, always the same seven clicks, scrolling down and down until you reach your target? When you know the benefits of the command l…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now