CentOS - Aug 2019 - Giving full administrator privileges through sudo on production systems

On 2019-08-17 08:42, Jonathan Billings wrote:
> On Aug 17, 2019, at 9:25 AM, Valeri Galtsev <galtsev at
kicp.uchicago.edu> wrote:
>> I like this one. Long-long ago it was one of the ?tricky? questions at
the UNIX admin test (exam). Basically, no matter how devastating that may sound,
the command only will remove what is (alphabetically it was that time) before
/dev/[root_device]. Once the device root filesystem lives on is removed from
/dev, no further damage is done. So, you will be able to mount drive on another
machine and get your /etc, /home, /var, /usr/local intact ;-) Asking that
question other people gave me (an them usually) a lot of fun.
> 
> 
> I?m not sure what UNIX systems where that?d actually happen, but on Linux
systems, removing the device in /dev/ would not deter rm from being able to
delete everything else on the mounted filesystems.
> 
> Certainly if you were using some sort of automount system, and the
filesystems hadn?t unmounted, it would be fine.
> 
Thanks, everybody, for confirming that on Linux

rm -rf /

does lead to devastating result. Just for fun I tried the same on 
FreeBSD (12.0 RELEASE - which is latest release):

root at point:/home/valeri # cd
root at point:~ # whoami
root
root at point:~ # rm -rf /
rm: "/" may not be removed

Somebody is really clever in this World ;-) Well, FreeBSD folks made my 
day (again!). Note, that that I did on my live workstation (yes, I did 
test it on throw-away system first ;-) - so I can copy and paste what I 
got to this email.

Valeri
> --
> Jonathan Billings <billings at negate.org>
> 
> 
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
> 
-- 
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++

On Thu, Aug 29, 2019 at 10:25:50AM -0500, Valeri Galtsev
wrote:
> root at point:/home/valeri # cd
> root at point:~ # whoami
> root
> root at point:~ # rm -rf /
> rm: "/" may not be removed
> 
> Somebody is really clever in this World ;-) Well, FreeBSD folks made my day
> (again!). Note, that that I did on my live workstation (yes, I did test it
> on throw-away system first ;-) - so I can copy and paste what I got to this
> email.
GNU coreutils also has that feature, you can't run 'rm -rf /' there
either, you need to run it with --no-preserve-root.  This was added to
Coreutils in 2003.  Be careful in FreeBSD, if you have POSIXLY_CORRECT
defined, it will let you rm -rf /.

-- 
Jonathan Billings <billings at negate.org>

On 2019-08-29 10:53, Jonathan Billings wrote:
> On Thu, Aug 29, 2019 at 10:25:50AM -0500, Valeri Galtsev wrote:
>> root at point:/home/valeri # cd
>> root at point:~ # whoami
>> root
>> root at point:~ # rm -rf /
>> rm: "/" may not be removed
>>
>> Somebody is really clever in this World ;-) Well, FreeBSD folks made my
day
>> (again!). Note, that that I did on my live workstation (yes, I did test
it
>> on throw-away system first ;-) - so I can copy and paste what I got to
this
>> email.
> 
> GNU coreutils also has that feature, you can't run 'rm -rf /'
there
> either, you need to run it with --no-preserve-root.  This was added to
> Coreutils in 2003.  Be careful in FreeBSD, if you have POSIXLY_CORRECT
> defined, it will let you rm -rf /.
Yes, I know... and I'm far from "admiring foolproofness" of which
there
is none... as [on FreeBSD]

rm -rf /*

does remove everything but "immutable" files, directories,... You can 
not make anything fool proof (unless it is android that is actually not 
owned by that fool no matter that the fool thinks it does ;-)

Valeri

-- 
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++