30
4
I've seen some questions on here where people accidentally do rm -rf --no-preserve-root or rm -rf *, wiping out most or all of their file system before they can react.
Is there ever a reason to use --no-preserve-root, whether in normal use, as a developer or as an administrator?
Nzall
Posted 2014-04-16T08:20:28.570
Reputation: 2 585
31
IMPORTANT: Modern UEFI systems mount the firmware under the /sys directory and make it available to the OS. DO NOT run this command on a modern system since it will remove this firmware, essentially bricking your machine.
The simplest scenario I can think of is someone wanting to delete all the data from their drive. There can be perfectly legitimate reasons to do this and the simplest way I can think of is
rm -rf --no-preserve-root /
Turns out this one is actually given as an example in info rm:
`--no-preserve-root'
Do not treat `/' specially when removing recursively. This option
is not recommended unless you really want to remove all the files
on your computer.
Another perfectly good reason is that you want to delete a mounted file system that you've chroot-ed into. In that case, rm -rf --no-preserve-root / will delete the system in the chroot environment but will leave yours intact.
I am sure there are more possible reasons, but in general it seems a very reasonable approach that my system allows me to do whatever I want with it. It's my job to be careful, the system should only enable me to do what it is that I want done. If what I want is stupid, that's my problem and not the OS's.
Anyway, this is a relatively new restriction, it was added in the 7th version of the POSIX specification (the previous one is here), before that rm -rf / was a perfectly valid command. On a historical note, the . and .. directories have always been protected from rm, ever since 1979, when rm first acquired the ability to delete directories. More on that here.
terdon
Posted 2014-04-16T08:20:28.570
Reputation: 45 216
23DO NOT USE THIS TO DELETE ALL DATA IF YOUR SYSTEM IS UEFI (new computers) .Doing this deletes all the the firmware variables and causes the motherboard to be as useless as a brick – Suici Doga – 2016-03-20T10:52:28.893
6@SuiciDoga: Source, or further explanation? Motherboard firmware shouldn't be stored on the HDD, otherwise they'd be lost if you yank the drive. – Tarka – 2016-04-14T19:51:24.453
15
@Tarka: /sys/firmware/efi/efivars/ might be mounted and deleting recursively may remove those vars. It really shouldn't brick a system, but might. See http://thenextweb.com/insider/2016/02/01/running-a-single-delete-command-can-permanently-brick-laptops-from-inside-linux/
– cyanic – 2016-04-14T23:17:36.6134@Tarka they're not stored on the HDD and yanking the drive wouldn't affect them. However, for reasons I have yet to understand, they are mounted so are actually accessible under /. – terdon – 2016-04-15T08:20:27.313
21The correct way to blank a drive is to reformat its partitions (or repartition it altogether). Not all filesystems are hard disks, so using rm -rf / you may blank a remote machine over someone's NFS/CIFS/SSHFS mount for example. – Score_Under – 2017-12-14T01:40:15.767
If I want to wipe a disk sda to prepare it for use by a non-Linux operating system, I find it faster and more effective to wipe it as a block device. (Some esoteric installers complain if they can't recognize the existing disk configuration.) If you're in a hurry, you don't need to let this finish since it will wipe the partition table in a fraction of a second: dd if=/dev/zero of=/dev/sda bs=1M – durette – 2018-08-17T15:56:00.453
13
The existence of the --no-preserve-root switch is not to add additional functionality but to override a very sane reduction in functionality. This switch is likely based on the philosophy that the computer should do what it's told and that commands should be available to express any desired action. This switch pre-dates UEFI, and based on my experience, I say it's now obsolete.
In modern practice, without this switch, the rm command avoids the accidental deletion of the root directory when using an uninitialized variable or a stray space.
rm -rf /${my_directory}
rm -rf / var/log/httpd/*
Fun footnote: Protection was not its intention. Per a Sun Microsystems blog, removing the / directory will implicitly remove the current working directory, a violation of the special consideration already made for the . and .. directories. This is why their standards committee allowed this special exception--not for preventing an accident. This change was first introduced with Solaris 10 build 36.
durette
Posted 2014-04-16T08:20:28.570
Reputation: 243
Thanks for the link! Was hoping that historical tid bit would be cited as I was wondering what the reason for the change was. – Cameron Gagnon – 2018-10-08T21:58:47.913
Interesting additional info - thanks – Mark – 2018-10-31T13:12:06.430
1
Perhaps this is not an answer that original asker wants, but there is a use case that needs to delete all files recursively from the root directory. Although it's not through the rm command, it's part of switch_root(8) process during the booting of your (non-embedded) Linux system.
Explorer09
Posted 2014-04-16T08:20:28.570
Reputation: 276
1It is there as a possible weapon to be used for when SkyNet takes over. – Mitch Dart – 2019-08-06T13:18:07.567
4I can't imagine any useful case… I think this option just exists to obtain orthogonality of the UNIX principle (in terms of keeping same things same without exceptions). You most probably want the exception in case of
/, but the »general case« still is represented. In other words: »It's not my computer's job to tell me what to do.« And it shouldn't be. – Andreas Wiese – 2014-04-16T12:05:35.987