Solved

Restrict "rm -rf *" command in Linux/Unix ?

Posted on 2009-05-06
6
1,949 Views
Last Modified: 2013-12-16
Hi All,

Can anyone suggest me how to restrict the "rm -rf *" command.

I want to restrict some users accidently typing the "rm -rf *" command from a login at unintended directory. (Say if i want to delete log files in log directory and uses "rm -rf *" command and later found out that i was in HOME ?????)

I tried <<alias rm "rm -i">>. The above command interactively asks me before deleting.
But the problem comes when the -f option is used. It overrides others and just deletes.

Just needs to know, how i can restrict this command.

Thanks for your valuable suggestions...
0
Comment
Question by:satishex
6 Comments
 
LVL 15

Expert Comment

by:Haris Djulic
Comment Utility
maybe you can try with the sudo command + sudoers file... i that file you can restrict/allow commands per user, group, host.

more details can be found here

http://linux.about.com/od/commands/l/blcmdl8_sudo.htm

0
 
LVL 29

Expert Comment

by:fosiul01
Comment Utility
Hi yah
normal user who does not have root priviligies would not able to delete any log file , he would only able to delete his own home directory file and the file he created

so all those user you are talking about, are the root priviligies user ?? in that case you would not be able to restrict them

only way to use sudo file as samo4fun said
0
 
LVL 5

Accepted Solution

by:
0ren earned 30 total points
Comment Utility
you can create a script named rm and replace the original rm.
inside the new script create if condition that check and pass the flags to the rm.

0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 14

Assisted Solution

by:small_student
small_student earned 20 total points
Comment Utility
There are some othe solutions you might make use of

1- use the sticky bit , it will prevent any one from deleting a file if he is not he owner , even if the file had rwx for other

chmod 1777 /pubdir

2- use extended attributes imune bit, it prevents a file from being modified , deleted or linked

chattr +i filename

0
 
LVL 30

Expert Comment

by:Kerem ERSOY
Comment Utility
It seesm to me that all users are logging on using the same account. If this is the case try to create separate accounts for all the users and try further restrict  their file owning rights.

Make sure that they go root using su / sudo only but not login as root.

Make use od Sticky bit if a directory contains files from different users.

Apart from that feed them with enuogh coffee to ensure that they have at least RDA amount of caffeine and kept awake during their shift :)
0
 

Author Comment

by:satishex
Comment Utility
Thanks all for your valuable replies :-)
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
Have you ever been frustrated by having to click seven times in order to retrieve a small bit of information from the web, always the same seven clicks, scrolling down and down until you reach your target? When you know the benefits of the command l…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now