The safety expansion for FreeBSD rm(1)

Daichi GOTO daichi at freebsd.org
Thu Sep 27 04:37:25 PDT 2007 

Oliver Fromme wrote:
> Daichi GOTO wrote:
>  > Have you any dreams that rm(1) autonomously judges target should
>  > be remove or not?  To complexify system base command is objectionable
>  > behavior but adding some little and simple mechanism to prevent a
>  > issue is acceptable I suppose.
> 
> I think it could cause confusion for some users or admins.
> 
> It could also be dangerous.  I remember an emergency case
> when /home was an NFS mount that was dead, i.e. every
> process that tried to access something in /home just hung
> forever in state "D" (disk wait).  During the emergency
> actions on the serial console I also needed to use the
> rm(1) command ...  Now if it tried to read ~/.rm, it would
> have drawn me mouch deeper into trouble than I already
> were.  :-)   True, the -f option would have prevented it,
> _if_ I remembered before to use it.

We have realized that issue, but do not understand thats
cause still now. Do you know the reason?

> A common precaution against accidental rm is to establish
> a snapshot rotation system.  For example, create hourly
> snapshots (with a cron job) and delete them automatically
> after a while.  So if you accidentally remove something,
> you can copy it back from the latest snapshot.  NetApp
> Filers have such a feature built-in.  You can also easily
> set it up yourself with ZFS, or even with UFS snapshots,
> although the latter are a bit heavyweight, IMHO.

Yes. At the moment ZFS looks a best way of snapshot feature.
I have heard that snapshot of UFS2 is slow under very
mass files and heavy load situation.

> And finally, there is chflags(1).  If you know in advance
> that certain files or directories must not be removed,
> then "chflags schg" or "chflags uchg" them.  That's the
> same effect as creating a ~/.rm file with your patch.

Yes. It is one of the ways :)

> Another advantage of chflags(1) is that it also protects
> against other kinds of damage.  For example when using
> shell redirection ("echo > some/important/file"), cp, dd
> or other commands.  In those cases chflags also offers
> protection (and a snapshot would offer recovery), while
> your patch only protects against rm and nothing else.
> 
> Just my 2 cents.
> 
> Best regards
>    Oliver

-- 
   Daichi GOTO, http://people.freebsd.org/~daichi

More information about the freebsd-current mailing list