As operation and maintenance, we all have a root deletion plot. If we are unhappy, we can delete the root and run away at any time, but it has never been implemented.
The operation and maintenance department often teases itself with rm -rf /, but in fact, rm -rf / does not work under the current security mechanism. You see:
[root@zmedu-17 ~]# rm -rf / rm: stay"/" Recursive operations are dangerous rm: use --no-preserve-root Option skip safe mode
We need to add the following -- no preserve root to skip safe mode to delete it/
However, we want to delete some files on / that are not in use. For example/*
[root@zmedu-17 ~]# rm -rf /* rm: Cannot delete"/boot/efi": Device or resource busy rm: Cannot delete"/dev/hugepages": Device or resource busy rm: Cannot delete"/dev/mqueue": Device or resource busy rm: Cannot delete"/dev/pts/2": Operation not allowed rm: Cannot delete"/dev/pts/1": Operation not allowed rm: Cannot delete"/dev/pts/0": Operation not allowed rm: Cannot delete"/dev/pts/ptmx": Operation not allowed rm: Cannot delete"/dev/shm": Device or resource busy
However, if it is an ordinary file, it will not be so lucky. The ordinary file has been deleted. On the ext4 file system, we can use tools to find the file based on the Inode number, but the empty file can not be recovered.
Although we are very careful, it is still possible to delete files. This is just like a man to a woman. With crime tools, there is always the possibility of committing a crime, unless he becomes a father-in-law.
Today I will introduce a command to you. Its appearance is equivalent to adding a lock to important files while you backup them to ensure that files will not be deleted or modified by mistake.
Command: chatr: lock the file. After locking, it cannot be deleted or modified
Parameters:
+a can only add content to the file, but cannot delete it
-d: Cannot delete
+i: Locked, files cannot be deleted, modified, or moved
View lock: lsattr
Unlock: - i the minus sign here indicates contact
Let's use / etc/passwd
[root@zmedu-17 ~]# lsattr /etc/passwd #View original permissions ---------------- /etc/passwd [root@zmedu-17 ~]# chattr +i /etc/passwd #Lock [root@zmedu-17 ~]# lsattr /etc/passwd #View permissions after locking ----i----------- /etc/passwd [root@zmedu-17 ~]# rm -rf /etc/passwd #Delete test rm: Cannot delete"/etc/passwd": Operation not allowed [root@zmedu-17 ~]# mv /etc/passwd /root/ #Mobile test mv: Unable to"/etc/passwd" Move to"/root/passwd": Operation not allowed [root@zmedu-17 ~]# echo aaa >> /etc/passwd #Modify file content test -bash: /etc/passwd: insufficient privilege
Did you successfully prevent you from deleting files by mistake. Of course, you said to follow the following operation, and then said that you deleted the file by mistake. I also believe it:
[root@zmedu-17 ~]# lsattr /etc/passwd #Check whether it is locked ----i----------- /etc/passwd [root@zmedu-17 ~]# chattr -i /etc/passwd #Remove locking permission [root@zmedu-17 ~]# lsattr /etc/passwd #Check to see if it has been removed ---------------- /etc/passwd [root@zmedu-17 ~]# rm -rf /etc/passwd #Deliberately delete it by mistake
As long as you want to delete it, there will always be a way. Is there a safer way? of course
We can hide chatr
[root@zmedu-17 ~]# which chattr #View command directory /usr/bin/chattr [root@zmedu-17 ~]# mkdir /opt/yc #Create yc directory [root@zmedu-17 ~]# mv /usr/bin/chattr /opt/yc/ #Copy the command [root@zmedu-17 ~]# cd /opt/yc/ #Enter yc directory [root@zmedu-17 yc]# mv chattr h #Hide commands using aliases [root@zmedu-17 ~]# /opt/yc/h +i /etc/passwd #h is the chatr command [root@zmedu-17 ~]# lsattr /etc/passwd ----i----------- /etc/passwd
If you want to restore, just copy it back
[root@zmedu-17 yc]# mv h /usr/bin/chattr [root@zmedu-17 yc]# chattr -i /etc/passwd
epilogue
If you have something to gain after reading this article, I hope you can click a collection or share and forward it. Your support is my biggest motivation to share! If you have any questions, you can also leave a message to communicate with me.
More intuitive with video
Click direct:
Station B video - commands that make rm -rf all headache
This article is from ID: Internet old Xin more content is concerned about the official account of the "geek operation and maintenance home".
