Image of the glider from the Game of Life by John Conway
Skip to content

rm -rf /

DISCLAIMER: This works on Debian testing, Debian unstable, Ubuntu 8.04 and Ubuntu 8.10. I have not verified it to work on other systems. If you hose your box, because you gave it a try, and it didn't work, don't blame me. You're the stupid one for trying it out on a production machine. If you're curious, but unsure, just take my word for it, or install a virtual machine.

I came across an interesting post today, so I thought I'd give it a go on a virtual machine that I didn't mind thrashing. The subject of the post is in the title, namely as root, running 'rm -rf /'. Have you tried this on the Ubuntu or Debian? It won't work:

root@host ~# rm -rf /
rm: cannot remove root directory `/'
root@host ~# echo #?
1

If you're nervous about running the above command, then pass the interactive switch to rm, (rm -ri /) to force rm to ask you on every last item to remove (you can answer no, or cancel with Ctrl-c). Why is rm refusing to remove the root directory? From the man page:

--no-preserve-root
do not treat ‘/’ specially

--preserve-root
do not remove ‘/’ (default)

Running 'rm -rf /' is the same as running 'rm -rf --preserve-root /', which of course makes no sense. Has this always been the case for rm? No. First off, Solaris made this a standard in Solaris 10. Second, --preserve-root as default has been the default of Ubuntu since 8.04, as it came upstream from Debian, and I'm guessing further upstream from GNU coreutils (probably v6.10, although I can't verify).

Preserving root as default prevents easy mistakes, such as missing the assignment of variables:

root@host ~#: FOO="/home/aaron/tmp" rm -rf $FOO/
rm: cannot remove root directory `/'

Notice, I forgot to end my variable statement with a semicolon, so FOO never got assigned, and rm proceeds forth with removing / instead of /home/aaron/tmp like it should have. How about another example:

root@host ~#: rm -rf / tmp/*
rm: cannot remove root directory `/'

In this case, I wish to delete all the contents of the /tmp directory, but I typed too fast, and put a space between / and tmp/*, and thus, rm attempts to remove the root directory which is not what I wanted at all!

Good to see this implemented in the latest versions of Debian and Ubuntu.

{ 30 } Comments

  1. Erik | January 7, 2009 at 8:02 am | Permalink

    I kept meaning to try this sort of thing for myself. Definitely an example of a good time to protect the user from themselves!

  2. jonathan | January 7, 2009 at 8:21 am | Permalink

    Nice, but rm -rf /tmp/something * is my favorite 🙂

  3. Shane | January 7, 2009 at 8:31 am | Permalink

    My stepfather tried rm -rf / on an old machine running hpux back in the day and it removed everything until it came across the rm command and it just quit. His system was hosed, but all the files weren't deleted. 🙂

  4. Aaron | January 8, 2009 at 7:21 am | Permalink

    That's odd. Unix and Linux both will saw off the very branch they're sitting on. 'rm' should be loaded into RAM, so it should take out the entire system regardless.

  5. Tom | January 8, 2009 at 9:35 am | Permalink

    He probably hit Ctrl+C. Or someone else logged in with privileges saw their files disappear and ran 'killall rm' or equivalent. It's very doubtful it stopped for the reason Shane says.

  6. Kirrus | January 7, 2009 at 9:46 am | Permalink

    Great! That would have saved me from myself once :/

    Now all we need is to add the same sort of thing to find - this command is equally as destructive:

    find / -ctime +60 -exec rm {} ;

    (note the '/' instead of '.')

  7. Aaron | January 8, 2009 at 7:23 am | Permalink

    The 'rm -rf /' is to keep typos from happening. The find command above is very specific, and apparently, the user knows exactly what he wants to do. We shouldn't keep the user from doing destructive things, as maybe this is what he wants to do, but we should keep the user from doing something destructive from a simple typo, like those described in my post.

  8. Jef Spaleta | January 7, 2009 at 10:11 am | Permalink

    Fedora 10: rm from coreutils-6.12-18.fc10 package
    uses the preserve-root defaults.

    Fedora 9: has coreutils-6.10-18.fc9
    I suspect preserve-root is default there but have not tested.

    Centos 5.2: coreutils-5.97-14.el5
    no-preserve-root is the default

    I think I'm going to go ahead and add --preserve-root to the system wide rm alias on my centos 5.2 system.....

  9. web123 | January 7, 2009 at 2:07 pm | Permalink

    Fedora 8 :
    # rm -rfi /
    rm: cannot remove root directory `/'
    # rm --help | grep -- --preserve-root
    --preserve-root do not remove `/' (default)

  10. lefty.crupps | January 7, 2009 at 10:30 pm | Permalink

    "it removed everything until it came across the rm command"
    Interesting; the command that you run is usually loaded into memory, so that even after removing the executable, it should still be running...

  11. atc | January 8, 2009 at 5:05 am | Permalink

    I'm pleased to see this. Makes a lot of sense to me.

  12. Shane | January 8, 2009 at 6:20 am | Permalink

    @lefty: Maybe HP-UX is looney or my stepfather is.

  13. giulivo navigante | January 8, 2009 at 6:28 am | Permalink

    but

    cd / && rm -rf *

    will still work
    this strange preserve option seems to me just a stupid idea

  14. Aaron | January 8, 2009 at 7:25 am | Permalink

    You don't understand the difference between files and directories if you're presenting this as an argument. In this case, run:

    'rm -rf /*'

    You're not removing the root directory, but everything beneath it. --preserve-root doesn't take effect, because you're not removing root. You're removing nested directories.

  15. Andrew | January 8, 2009 at 6:45 am | Permalink

    Actually, this is quite silly. Distros in NO way should dictate what they think you should or should not run, regardless of their effect. A classic example of debian's mindset, sadly.

  16. Aaron | January 8, 2009 at 7:27 am | Permalink

    Again, this came upstream from Debian. This came from GNU itself. While I agree with you that distributions should not dictate what a user should and should not run, safety nets are in place all over for security and safety. Why do you have to be root to run the command? Is the distribution dictating who can run it? Your mindset is the silly one, no one else's I'm afraid.

  17. Tom | January 8, 2009 at 10:13 am | Permalink

    The change was made to coreutils way back in 2006, it just took this long to percolate through.

    Here's the git: http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=aff5a4f2ab86f2a51db8f1d1d734406dc4bd8fb3

  18. Aaron | January 8, 2009 at 10:28 am | Permalink

    Yeah. That's the exact problem with frozen releases on distributions.

  19. Tom | January 8, 2009 at 9:31 am | Permalink

    "which of course makes no sense. "

    Was the 'no' a typo? Or what don't you think makes sense, exactly?

  20. Aaron | January 8, 2009 at 10:28 am | Permalink

    rm -rf --preserve-root /

  21. Martin Barrett | January 8, 2009 at 9:59 am | Permalink

    I don't understand why "you're" and "your" are so constantly confused. Here's one way to remember which is which.

    "you're" has an apostrophe in it, which signifies something has been omitted. What in this case? The "a" in "are", of course: "you're" means "you are". That means it is the other form, "your", that is the possessive form, as in "your mindset"...

  22. Tom | January 8, 2009 at 10:19 am | Permalink

    Most people who make this mistake don't make it because they don't know the difference, but because they were typing quickly, are auditory thinkers/learners, and failed to re-read their post.

    The only you're/your mistake up until your post is Aaron's reply in thread 11. This is Aaron's blog, and he's used it correctly everwhere else. Your post is unnecessary and you're irritating.

  23. Aaron | January 8, 2009 at 10:30 am | Permalink

    I'm fully aware of your versus you're. What you caught was a simple typo. Thanks for the English lesson, however. I'm sure some other readers appreciate it.

  24. Mohan | January 8, 2009 at 10:11 am | Permalink

    This is very good, as some idiot won't post it in a forum as a solution and some poor sap does it and erases his whole install.

  25. Robert Ames | January 8, 2009 at 10:39 am | Permalink

    How about preventing:

    rm -rf ~

    ...can easily make same typo mistakes.

  26. Aaron | January 8, 2009 at 11:31 am | Permalink

    Removing your home directory doesn't hose your system. You just lose your data, and if you have a backup (you do have a backup of your data, don't you?), you restore, and move forward. No big deal.

  27. F-Ubuntu | January 8, 2009 at 12:14 pm | Permalink

    This is stupid!

    Now they are going to limit to what we do on our own machines?

    Ubuntu is turning into Mircosoft...

  28. Aaron | January 8, 2009 at 1:55 pm | Permalink

    Ubuntu, Fedora, openSUSE, Debian, Arch, FreeBSD, Solaris, Even your beloved Mac OS X must all be stupid. Stupid, stupid, stupid. We're all doomed now that we're becoming like Microsoft. Doomed, I say! DOOMED!!

    Now come out of your coma, and look at the technical advantages things brings to the table. Your ignorance is overwhelming.

  29. Ebrahim | January 9, 2009 at 10:23 am | Permalink

    find / -delete

  30. Aaron | January 9, 2009 at 11:26 am | Permalink

    Again, as already mentioned in previous posts, the command you present is a very deliberate command. As mentioned in the post, 'rm -rf /' could happen as the result of a careless typo. There's nothing from stopping you to 'dd if=/dev/zero of=/dev/sda' either, but, that command is very specific and deliberate.

{ 2 } Trackbacks

  1. [...] adesso m -rf non è più così pericoloso. Guardate cosa succede in una installazione recente di Debian/Ubuntu (>=8.04, ma sembra che la [...]

  2. [...] Aaron Toponce : rm -rf / [...]

Post a Comment

Your email is never published nor shared.