rm -rf /

I'm just curious as to who has made this classic admin mistake before.

Me personally, I haven't done that, but some years ago I once did a "mv * root" while in the root directory. That moved everything into the root user's home directory. At that point my system was completely hosed, because trying to run ls would throw errors about not being able to load the libc libraries out of the (now moved) /lib directory.

It was a fresh install, and this was back in the days when Linux rescue boot disks didn't really exist (mid-90s), so I ended up just reinstalling. :P

41 Replies

In my early linux type days, before i learnt to MAN everything that was suggested to me.. I was in a help channel trying to stop RM prompting me to y/n every file..

Someone jokily said Alias rm='rm -rf /' and me in my new egerness to try did it.. Consiquently my system went down pretty quickly.. Learnt that lesson :)

The worst I've done is in my homedir, a

rm -rf * php

Yeah. That sucked. :(

"rm -rf /" is a standard command to run at the end of a training course; let's see how well the OS will kill itself :-)

Solaris does pretty well. HP/UX 10.20 would refuse to delete lots of stuff. Windows XP equivalent would barf pretty quickly.

Hmmm… I'm actually considering setting up a virtual machine with Linux and run that command, just to see how things grind to a halt.

@NeonNero:

Hmmm… I'm actually considering setting up a virtual machine with Linux and run that command, just to see how things grind to a halt.

I'd love to see a video of that. :lol:

That reminds me, I once tried doing a kill -9 1 (the init process) to see what would happen. Turns out init is apparently resistant to all signals. Heh.

I rdiffed backwards once. That was a mess. Ended up having to boot Finnix and fix stuff.

I never ran 'rm -rf /' by accident but have done it intentionally.

My worst screw up was when my default PXE config was to run a tools menu with the default being a DBAN autonuke session. I was testing some new systems and didn't realize they were set to boot first over the network and ended up destroying them before I even realized it was happening. I wept quietly in the corner for a few minutes. It all worked out well though as it gave me a chance to do it again and to do it better.

For the record, I still have DBAN autonuke set as my default PXE profile because I never did get around to changing it.

IIRC, back on "Slackware 95", i was trying to rm a local dir. It must have been usr or lib. Out of habit i hit the solidus first and hosed my system. Almost as bad as when i tried upgrading from libc5 to libc 6 manually.

I've done rm -rf ./* while thinking I was in a particular directory but painfully realizing I was in the wrong one. It has never been the root dir yet though.

A friend of mine just learned about file permissions and did a "chmod 000 /* -R" to secure his system. "It took a while to finish, and then I got loads of error messages when trying to do anything. How do I restore the previous permissions?" :).

@dmuth:

Me personally, I haven't done that, but some years ago I once did a "mv * root" while in the root directory. That moved everything into the root user's home directory. At that point my system was completely hosed, because trying to run ls would throw errors about not being able to load the libc libraries out of the (now moved) /lib directory.

Actually, it's not too hard to fix that, at least on most systems. Don't know about your 90's vintage system.

Just do (for example):

LDLIBRARYPATH=/root/lib /root/lib/ld-linux.so.2 /root/bin/mv /root/* /

Basically, you just have to tell it explicitly where everything is, since none of it is where it's supposed to be.

I did that once. Intentionally, as I was about to decommission a VPS from a different hosting company. It was actually rather anti-climactic. I did remember to do rm -rfv / so that I could watch its progress! After a while I got back to the shell prompt, and of course I couldn't run any commands. I don't know though,

-bash: ls: command not found

wasn't as exciting as I had hoped. I was kinda expecting to see sparks or something.

@aaronpk:

-bash: ls: command not found

wasn't as exciting as I had hoped. I was kinda expecting to see sparks or something.

I don't know about sparks, but if you cat /vmlinux to /dev/audio, you'll hear the voice of God!

@dmadole:

LDLIBRARYPATH=/root/lib /root/lib/ld-linux.so.2 /root/bin/mv /root/* /

This is a glibc feature and thus present on most Linux systems which use glibc. Other operating systems may not (probably don't) have this functionality.

friend of mine did this by accident on his old slackware box at his house one day years ago (2000ish?)

He had qmail running and was cleaning out some directories for the queues….

he was a noob to scripting then so he was doing rm -rf a/ (enter) rm -rf b/ (enter)

eventually it came to rm -rf / d (enter)

took a few seconds.. he stared at it

"NOOOO!" SLAM CONTROL C

deleted everything up to /dev then stopped.

he sighed, saw his home directories etc were safe and went to go reinstall everything else.

"shutdown -r now"

but because passwd was gone, uid 0 didnt exist anymore. Linux had and has some very interesting error messages

told him and i shit you not "You do not exist here. Go away."

Tried this on a VM earlier:

http://zombie-slaughter.co.uk/phpbb3/vi … ?f=7&t=123">http://zombie-slaughter.co.uk/phpbb3/viewtopic.php?f=7&t=123

Also, the Windows "equivalent":

http://zombie-slaughter.co.uk/phpbb3/vi … ?f=7&t=124">http://zombie-slaughter.co.uk/phpbb3/viewtopic.php?f=7&t=124

I was a super noob, although I still consider myself a noob a decade later. I was trying to delete a whole directory and I was trying different commands. I was copy and pasting from a text editor and I accidentally added a space after the /. I knew something was wrong when it took a while to respond and I all of a sudden got file locked errors for some mysql stuff. Luckily there was a backup from the night before.

I've never done the classic rm -rf /, but I have done the following:

in Windows, formatted the wrong partition.

With Norton Ghost, ghosted in the wrong direction. You'd be surprised at how easy this is to do with Ghost, considering the only information it gives you is the drive model and capacity. If they're the same drive type and same drive capacity, you can figure out how that can be a pain…

I've actually done the Ghost thing on a couple of occasions. I got better at backing up my ghost image files after that.

On Solaris I always found that the fmthard command was scary. It overwrites a disk toc in one effortless movement. I dont think there is anything in Linux which is that easy…

If rm -rf ever takes longer the 10ms to come back to the shell prompt I instinctively do a control-c.

Yes (only experimentally). Good thing coreutils was patched at the time.

Well, one time, while logged in as root, I was trying to chown some of the hidden "dot files" in a directory, and did something like "chown -R foo:bar .*", and wondered why it was taking so long… only to discover that everything on the system was getting assigned to that user and group, and it was destroying some of the other permissions, such as the sticky bits. What a nightmare.

Luckily I had the system doing a nightly rsync, and it wasn't hard to write a script to compare permissions and ownerships against the two disks and make corrections.

yum remove glibc

After running the above, pretty much nothing works. Commands that might be useful in this situation like yum and rpm and wget no longer function. The error message for any of these commands is "/lib/ld-linux.so.2: bad ELF interpreter: No such file or directory". Fortunately the install is only a few days old, but it looks like the only possible solution is to start over from scratch. :(

Here's a classic video of what happens:

http://www.youtube.com/watch?v=wWOjmvWPRvQ

I've done that command on sub directories getting excited and tab complete didn't find the right area. Took over a minute before I realized it should be done by now and I screwed up.

I also did this with a chmod command when I was new. I was mostly upset with the system and did 'chmod -R 777 /' to stop getting permission errors. I wiped the machine after that didn't even stop the message.

Anyone ran "find / -delete" ? I luckily read about them before someone told me to run that kind of commands as a bad joke.

The closest I've ever come was when I set the immutable bit on every file on my filesystem, because from a backup script I invoked a subshell that ran

> chattr -R +i /$BACKUP_DIR

but forgot to export $BACKUP_DIR, so in the subshell it evaluated to the empty string.

Oppsss wrong cast…

I thought its rm -rf, but then I noticed its rm -rf / (nevr ran this one).

I am using rm- rf /path/ when I have to delete a certain directory with subfolders.

@SelfishMan:

I never ran 'rm -rf /' by accident but have done it intentionally.
Me too - decommisioning an old server :P

It was quite an anti-climax and boring actually. The system keeps running, but you just can't do a whole lot with it.

@fukawi2:

@SelfishMan:

I never ran 'rm -rf /' by accident but have done it intentionally.
Me too - decommisioning an old server :P

It was quite an anti-climax and boring actually. The system keeps running, but you just can't do a whole lot with it.

For that, I prefer 'cat /dev/zero > /dev/hda' myself ;)

adds that to the bucket list :P

I haven't done it myself, but I have an "rm -rf" related story to tell.

Back in 1992 I got my first programming job in University. It was writing perl scripts to generate reports from the logs of the various server systems that ran on campus (this was at CMU and back then they had a distributed computing system called "Andrew" that ran on various Unix systems). I was given root access to a variety of servers so that I could install and run scripts with access to the logs.

After my very first day on the job I had a hardware lab as part of a digital design class I was taking. I had a friend who was a lab partner with me and I thought I was so cool because I had root on some of the campus' most important servers. So I went over to a VT100 terminal in the lab (those were the days!) and said "watch this". I proceeded to telnet to one of the servers (those were the days!) and log in as root. I thought my friend would be impressed. He immediately threw his hands to the keyboard and typed "rm -rf /". I think he meant it only as a joke and didn't meant to press enter. But I think that the muscle memory of hitting enter after every command, combined with the fact that I jostled him as I tried to push him away from the keyboard once I saw what he had typed, caused him to actually press enter.

I hit Ctrl-C as quickly as I could but … the damage was done. Files had been removed.

I was so afraid that I was going to lose my job over this mistake. I was embarrassed and contacted my boss immediately to let him know what happened. Thankfully, he was very understanding and managed to recover the lost files from a similar system that was running elsewhere in the hardware lab.

And I didn't lose my job. I felt very lucky and relieved and believe me, I never made a mistake like that again! I have always treated a root shell with alot of respect ever since.

That story is a great lesson for the kids out there.

I'm really surprised you didn't get fired. I have to ask: did the boss who was so understanding know that this was a result of horsing around as opposed to an accident?

@Xan:

That story is a great lesson for the kids out there.

I'm really surprised you didn't get fired. I have to ask: did the boss who was so understanding know that this was a result of horsing around as opposed to an accident?

Yes, he knew the full story of what happened. Of course, he was a student also - I guess I was a little in accurate when I said 'boss', he was actually the student leading the project, but our real 'boss' never found out about it. I think as a student he was a bit more understanding than someone older would have been.

How fitting that my intro post is in this thread. I was lurking over here last week while I setup my server, so can I blame some subconscious memory of 'rm -rf /' from the forum? Nah, more like trying to multitask on a lack of sleep.

So I've been on Linodes for about a week, really loving it. Hosting my game clan's website. It isn't a big site, but I enjoy the freedom of a VPS and like having the power to spare. Last machine was in bad shape, so I was looking forward to calling it quits.

So, last night I pull down my last backups, check them for completeness, and then alt-tab to the terminal. Hey, didn't I read about someone rm -rf /'ing an old VPS to decommission it? Yeah, that sounds fun. Until about 10 seconds later when I see the hostname and realize I'm nuking my Linode. Oy

Wound up killing the OS, of course - also my MySQL DB and half of my web root. Latest backup was only about 24hrs old, so not too bad. Learning experience, I guess.

Y'know, I think it was karma taking me down a notch. I was just riding a high from the fact that I started my Linode on Ubuntu and decided the evening before that I'd prefer Debian. Provision a new node, configure, copy files, swap IPs.. Hardly any downtime. I was all sorts of proud of my new Debian install and how quickly I set it up. Well, now I get to practice setting it up again.

Right after I get some turkey..

Happy Thanksgiving folks

edit – I jest, but the trauma must still be there. I hit Submit and my eyes skimmed over the post as it went away. Had an "Oh crap!" second as I saw 'rm -rf /' :shock:

Hello,

I never done "rm -rf /" but I've leaned some lessons :) … fo instance, my local backup is done to a external image mounted as "/.backup".

"rm -rf /" won't eat the dot!!!

@nfn:

"rm -rf /" won't eat the dot!!!
"rm -rf /" will. Dot protects you from "rm -rf *".

I had a "rm -rf dir /" moment, but managed to notice and ^C it before it finished with "dir". Whew.

What I regret much more was a local damage… I was tired, finished a piece of code after many hours… and, don't ask me how, it must have been the gremlins or something… I typed "cp filename.ext{.bak,}" instead of "cp filename.ext{,.bak}"…

Re-coding previous two hours of work in this state of mind took most of the night.

On some old servers, there used to be a command called "ci". I've always been a fan of the "vi" editor. I don't remember what "ci" was supposed to do, but I do know that whenever I typed "ci filename", it would wipe out the file. Then I was left digging through my backups. Needless to say, I shortly deleted the "ci" executable.

I have run rm -rf / intentionally. It was fun.

The biggest mistake I've made is attempting to install Filezilla on my server when I meant to do it on my home computer. Thankfully, the dependency list was enough warning. It wasn't exactly a big mistake, now that I mention it.

I suppose the real mistake was running ssh in the same terminal window as a local shell.

@BarkerJr:

On some old servers, there used to be a command called "ci". I've always been a fan of the "vi" editor. I don't remember what "ci" was supposed to do, but I do know that whenever I typed "ci filename", it would wipe out the file. Then I was left digging through my backups. Needless to say, I shortly deleted the "ci" executable.

ci is like an ancient version of CVS (http://www.cs.colostate.edu/helpdocs/RCS.html)

@earfolds:

I suppose the real mistake was running ssh in the same terminal window as a local shell

I make my shells different colours for local and remote

@obs:

@earfolds:

I suppose the real mistake was running ssh in the same terminal window as a local shell

I make my shells different colours for local and remote
I've learned to check the hostname in my prompt, which is easiest because of the number of servers that I administer. On my servers, root in the prompt is bold red, too, so I know to double check before carriage return.

@jed:

I've learned to check the hostname in my prompt, which is easiest because of the number of servers that I administer. On my servers, root in the prompt is bold red, too, so I know to double check before carriage return.

Mine's pink!!!…no idea why it's just the default…honest.

I've run 'rm -rf /' a few times to trash chroot jails. I've never hosed a system by accident with it.

I find the fact Linux rm has a –no-preserve-root option rather sad but I can see why they added it.

Installing a new prolog based system on our lone linode that runs production for a small commercial product. The data on the server has lots of turnover so it's hard to have current backups.

The engineer doing the install thinks he's in some directory and types

sudo rm -r lib

ooops….. he was in /

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct