How to prevent Linux from executing RM -rf / * commands


I have successfully tested on Debian 9.9. Please take care in combination with the environment of your operating system. Try to use a temporary directory when testing. If the consequences caused by your incorrect operation are irrelevant to me

As we all know, the RM -rf / * command in Linux is a disastrous command Therefore, some operation and maintenance personnel think of some ways to prohibit the execution of this command. Today, I will demonstrate a simple

Today, we use the method of replacing the RM command, and then make a simple configuration so that the system cannot execute RM -rf/*

1. download safe RM

In fact, there is a tool, that is, the safe RM command, which we can use to replace RM. In fact, safe RM is a delete command, but it can do some filtering through the configuration file
Download from the official website
I download version 0.12 directly


2. replace the RM command of the system

tar -zxvf safe-rm-0.12.tar.gz
#Copy the safe RM command to the /usr/local/bin directory of the system
cp safe-rm-0.12/safe-rm /usr/local/bin/
#Create a link to replace rm with safe RM
ln -s /usr/local/bin/safe-rm /usr/local/bin/rm

At this time, the RM command has been replaced. To ensure that the environment variables are valid, we set the /usr/local/bin directory before all path environment variables First change the /etc/profile file and append the following code at the end of the file


After editing, we restart the operating system in order to make the environment variables take effect globally in the whole system Executing the RM command after restart is equivalent to executing safe RM

3. set filter directory

The filter directory will not be deleted. Write /etc/safe-rm Conf file, add the directories you need to filter. The following is a configuration example. In fact, you need to filter the directories according to your needs


/Delegate filtering/
/*Represents filtering / all files below

In the above code, I filter the directory where safe RM is located and the directory where its links are located. In addition, I also filter its configuration files. In this way, security protection can be achieved to a certain extent

If there is a rule like /root/test/123 in the configuration file, the /root/test/123 file will be filtered when it is deleted, but it can be successfully deleted when /root/test is deleted. Therefore, recursive rules are not supported. The configuration file should be written in the following format


4. test

Next is the moment to witness the miracle. Please make sure that your configuration file is written correctly before executing the test. Secondly, your error has nothing to do with me!!! Ha ha ha
As shown below:

How to prevent Linux from executing RM -rf / * commands