BEWARE WITH SUDO RM

Question

Level 1

120 points

BEWARE WITH SUDO RM

I've noticed this going around quite a bit and I'll give out fair warning that this is NOT SOMETHING TO MESS AROUND WITH. If you are a beginner to terminal, this includes Linux too, be VERY CAREFUL with what you do with commands that source from sudo. Research what the command means before running it. These are very powerful root operations that are unforgiving. The most popular "joke" command if you like, is sudo rm -r or -rf, followed by the routed directory. Let me break down what this command means to explain the severity of it. SUDO (superuser essentially) means that you basically get full read-write permissions to everything. rm means in short 'remove.' The '-rf' means means 'recursive' and 'forced' which means that it's going to delete all files in the set directory regardless of ownership. YES THAT MEANS SYSTEM FILES. So essentially, it has the ability to corrupt your entire system. If you do however get this for some reason, there are some ways to get a portion of your data back.

- Firstly, DO NOT REBOOT UNDER ANY CIRCUMSTANCES.
- Secondly, do not open or close any programs as these access the Application support folder in the users/library and once this happens, it may overwrite some of the remaining code from the command.
- Next what you have to do is go and download a data recovery program such as Phoenix Mac recovery or Disk warrior. DO NOT download this on the effected Mac. Download it on another machine and save and run the program off external media. DO NOT COPY THE PROGRAM as this can also over-write corrupted data.
- After the recovery process, reinstall OS X and copy your data back.

These are merely guidelines and may not work. Post up any queries you may have and I'll try my best to help out.

MacBook Pro 17" 2.6GHz 6GB 500GB 512MB 8600M GT GDDR3, Mac OS X (10.6.2), 23" Cinema Display, G5 Quad, 1GHz Titanium, iPod Touch 32GB, MacBook Pro 2.4GHz

Posted on Feb 16, 2010 10:12 PM

Reply

Answer 1

Best reply

Bill Scott

Level 6

11,459 points

Feb 16, 2010 10:54 PM in response to A Yilmaz

Sometimes I wonder if everyone should own a computer.

Reply

Answer 2

A Yilmaz Author

Level 1

120 points

Feb 16, 2010 11:31 PM in response to Bill Scott

I really don't like people who put up crap that is potentially dangerous. You wouldn't believe where I saw this today. There was a forum asking what the script was for the ASCII Star Wars on Terminal. That's the one with "telnet towels.blinkenlights.nl". One of the replies posted was that exact script. I was absolutely furious. So I just wanted to make it clear for people who are new to terminal.

Reply

Answer 3

Feb 17, 2010 3:04 PM in response to A Yilmaz

Was this on the Apple forum? If so, report the post to the moderators.

Reply

Answer 4

A Yilmaz Author

Level 1

120 points

Feb 18, 2010 1:47 AM in response to Keith Barkley

No thankfully. They do a good job keeping these forums clean so I'm happy with that. However I think there should be a more severe consequence for posting up material like this. It's just something very dangerous that shouldn't be messed with. I actually also blame Apple partly for this because if you notice, the only thing that comes in between the code and the execution is the password. Apple have not put any kind of warning about what the code does, which actually drives me mad a little bit. They should actually add this into terminal to warn what the outcome will be. ESPECIALLY with sudo.

Reply

Answer 5

Tony T1

Level 6

10,232 points

Feb 18, 2010 5:59 AM in response to A Yilmaz

A Yilmaz wrote:
I actually also blame Apple partly for this because if you notice, the only thing that comes in between the code and the execution is the password. Apple have not put any kind of warning about what the code does, which actually drives me mad a little bit. They should actually add this into terminal to warn what the outcome will be. ESPECIALLY with sudo.

I disagree, but in any event, the 1st time sudo is run, the following warning is given.

We trust you have received the usual lecture from the local System Administrator.
It usually boils down to these two things:

#1) Respect the privacy of others.
#2) Think before you type

Reply

Answer 6

Bill Scott

Level 6

11,459 points

Feb 18, 2010 6:22 AM in response to A Yilmaz

Many of us buy Apple computers for an operating system (unix) that it sufficiently powerful and flexible that it can potentially cause great damage if used incorrectly. "sudo" is not unique to Apple or Darwin; it works on any unix platform, and is routinely supplied with debian linux distributions (eg Ubuntu). It is a safe alternative to enabling a root account, but it does so at the price of giving an administrative user root access via his or her own password.


sudo /bin/bash

spawns a root terminal session, and you can alter or delete any and all system files. The best protection is to have a backup, and Apple provides Time Machine. Apple hides Terminal.app from the naive users, and there is no reason why anyone would have to use it or the command line. But many of us, particularly from scientific and technical backgrounds, would find our computers as useless as Windoze machines if Apple were to institute the kind of arbitrary parental supervision you seem to want to suggest. Frankly, if someone owns a computer, they need to use a bit of judgement and personal responsibility.

Reply

Answer 7

A Yilmaz Author

Level 1

120 points

Feb 18, 2010 6:52 AM in response to Bill Scott

Just a warning going out to those who are inexperienced and play around with commands without knowing exactly what they do, along with a few tips on how to get back as much of your files in the event that something like this should occur. I also realise that terminal is not controlled by Apple. I'm merely mentioning that it should be something in there for warning purposes. It won't/shouldn't effect the function in anyway, just give fair warning that's all. But then again, case of point being, no one in their right mind should go and put in commands they don't know about.

Reply

Answer 8

Bill Scott

Level 6

11,459 points

Feb 18, 2010 11:58 AM in response to A Yilmaz

As others mentioned, it DOES issue the warning, the one quoted above. It also is configured to require you to enter your administrator's password, which should be a tip-off to most people that they are attempting to do something to the file system for which they do not normally have write-access.

Reply

Answer 9

A Yilmaz Author

Level 1

120 points

Feb 18, 2010 12:31 PM in response to Bill Scott

Hmmm interesting. Never ran into anything like that with sudo on my mbp, ever! Oh well, maybe it's just mine then. 🙂 I only get admin password. I got something interesting though. I tried this on a fresh install of SL on a 2.0 MacBook yesterday for experimental purposes. The only things I change however were booting up into single user console instead and running sudo rm -rf ./* . Here you get the usual run through of all data on the disk but something interesting happened that I WAS NOT expecting. I logged out after the process (exit), and went to turn on the machine. It appeared to have done something to the boot sequence on the machine as it would do a constant startup cycle sometimes not even allowing the chime to finish. I performed a PMU and PRAM reset and the machine followed through with a flashing folder icon. A final reboot powered the machine up perfectly and I noticed that the filesystem remained UNTOUCHED, along with all user folders but they had nothing in them of course. What was really interesting was however, the boot time was halved to something around 10 seconds. From chime to desktop. This was on a 5400rpm stock drive!

Reply

Answer 10

Tony T1

Level 6

10,232 points

Feb 21, 2010 11:36 AM in response to A Yilmaz

I'm merely mentioning that it should be something in there for warning purposes.

It is. Nothing Apple (nor I) can do if someone does not read or listen.
For example, this is the 2nd time that I'm saying this, however, you still repeat that you think there should be a warning. There is. Read #2 of the warning (above) that is issued when sudo is first run.

....maybe Apple should add this to .bash_profile 🙂


PS1='h:w u Think before you type $ '

Reply

Answer 11

Tony T1

Level 6

10,232 points

Feb 21, 2010 11:33 AM in response to Bill Scott

sudo /bin/bash

or sudo -s

This was just in Macworld yesterday Customize the root shell's prompt in Terminal

Reply

Answer 12

A Yilmaz Author

Level 1

120 points

Feb 22, 2010 2:06 AM in response to Tony T1

Yes I was just mentioning. I know it cannot be done by Apple obviously. It's something built into Terminal. I have lots of experience with Terminal so I know what can and can't be done. My primary reason for this post was BECAUSE there was nothing there in the first place and it was meant to be a point where people could come for solutions.


PS1='h:w u Think before you type $ '

Haha nice!

Reply

Answer 13

Feb 22, 2010 2:32 PM in response to A Yilmaz


sudo -K;sudo awk '/WARNING/,/abort/' /usr/bin/sudo

The warning can be turned on in /etc/sudoers to be shown every time you use sudo. The default is to show the message the first time you use sudo or when you remove the user's timestamp in /var/db/sudo. Try reading the manual.

Reply