7

When using bash with or without sudo there are many traps. For example when logged in as root between

rm -rf ~/bin

and 

rm -rf /bin

there is just one character but this difference can make you quite unhappy.

To protect myself a little bit of such disasters I use this in my /etc/bash.bashrc (systemwide .bashrc):

if [ $UID -ne 0 ]; then
    # ask me before deleting
    alias rm='rm -i'
else
    # do not delete / or prompt if deleting more than 3 files at a time
    alias rm='rm -I --preserve-root'
fi

With this, I at least have to confirm deleting before running into disaster. Maybe there are even more dangerous commands as rm...

What are the most dangerous bash-commands and to protect myself from day-to-day disasters?

WeSee
  • 476
  • 1
  • 4
  • 10
  • You can also add `-i` to `cp` or `mv` to protect against dangerous overwrites. – Tom Hunt Sep 08 '15 at 15:20
  • 8
    Have you tried *not* logging in as root? – ceejayoz Sep 08 '15 at 15:22
  • 1
    You never know when you are going to type `--no-preserve-root` [accidentally](http://serverfault.com/questions/587102/monday-morning-mistake-sudo-rm-rf-no-preserve-root). – kasperd Sep 08 '15 at 15:26
  • @ceejayoz: most of the time I'm not logged in a root. this is why in `/etc/bashrc` bashrc there are aliases specific aliases to the root login. – WeSee Sep 08 '15 at 15:27
  • @ceejayoz Whether you are root or using sudo, the same risks apply. Some things simply require root. Linux has not yet evolved to the point of removing the root account. – Aaron Sep 08 '15 at 15:41
  • 1
    @Aaron I find it a lot easier to remember to check my commands more carefully when using sudo. Easy to forget you're in as root. – ceejayoz Sep 08 '15 at 16:23
  • @ceejayoz I understand what you mean. Another option for that is the bash prompt. If root, make it red. If not root, it is green. This is of course a much more complicated topic that gets into server management philosophies, role based access controls with proper file permissions that reduce the need for root and sysadmin experience and training. You may have the experience and dicipline to use sudo properly, but most do not. They either disable pw checking, or set the token cache so high that they only get prompted once. Many folks also use sudo su - – Aaron Sep 08 '15 at 17:09
  • 1
    @Aaron, "Linux has not yet evolved..." actually, it has: SELinux. I find it easier to just not have to login to machines at all, and just use a configuration management tool to do everything. Also, anyone still using `sudo su -` needs to be given a copy of the `sudo`(8) manpage and a written test. – womble Sep 08 '15 at 19:33
  • @womble I agree entirely. I have been trying very hard to get folks to leave SELinux enabled and create custom policies. I am working on that in my company and I foresee a long uphill challenge, but I will not give up. – Aaron Sep 08 '15 at 19:35
  • @womble: I thought I was the only one who gets frustrated with "sudo su -" – Andy Sep 09 '15 at 09:29

1 Answers1

11

First off, never use root to execute day-to-day commands.

That's the best way to actually expose yourself to disasters.

With that in mind, if you use sudo, you can actually limit commands AND the command options that a user can execute with sudo.

For example, in your sudoers file, you can limit using rm like so:

myuser ALL=(root)   NOPASSWD: rm -r

This would mean that myuser can only use sudo as root and can only execute rm with the -r option.

The sudoers file also support regex so you can really customize what can be executed while using sudo.

A good starting point...

Alex
  • 3,079
  • 20
  • 28
  • 7
    Upvoted for "never use root to execute day-to-day commands." – Jenny D Sep 08 '15 at 15:32
  • I know that folks will disagree with me on this, but folks have been conditioned to believe sudo prevents such mistakes and it simply isn't true. In fact, it makes super-user level mistakes much easier and more common, in my experience of recovering systems that folks have broken. There is a psychological aspect to this topic however and I know that this will continue. – Aaron Sep 08 '15 at 15:47
  • @aaron, I have the exact opposite experience. Since we enforced strict sudo, auditd, sshd and pam settings, the amount of mistakes that are going through has decreased drastically. On top of it it makes it so much easier to know who did what. In turn making it easier to do a rollback in case of problems. – Alex Sep 08 '15 at 17:23
  • 1
    Note: If you specify any arguments to a command in `sudoers`, but did not add a wildcard, then you'll only be able to use the command as you gave it, without additional arguments. The example given will allow `sudo rm -r`, but not `sudo rm -r foo`, or `sudo rm -ri foo`. – muru Sep 08 '15 at 18:04