Valeri Galtsev
2019-Aug-29 15:25 UTC
[CentOS] Giving full administrator privileges through sudo on production systems
On 2019-08-17 08:42, Jonathan Billings wrote:> On Aug 17, 2019, at 9:25 AM, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote: >> I like this one. Long-long ago it was one of the ?tricky? questions at the UNIX admin test (exam). Basically, no matter how devastating that may sound, the command only will remove what is (alphabetically it was that time) before /dev/[root_device]. Once the device root filesystem lives on is removed from /dev, no further damage is done. So, you will be able to mount drive on another machine and get your /etc, /home, /var, /usr/local intact ;-) Asking that question other people gave me (an them usually) a lot of fun. > > > I?m not sure what UNIX systems where that?d actually happen, but on Linux systems, removing the device in /dev/ would not deter rm from being able to delete everything else on the mounted filesystems. > > Certainly if you were using some sort of automount system, and the filesystems hadn?t unmounted, it would be fine. >Thanks, everybody, for confirming that on Linux rm -rf / does lead to devastating result. Just for fun I tried the same on FreeBSD (12.0 RELEASE - which is latest release): root at point:/home/valeri # cd root at point:~ # whoami root root at point:~ # rm -rf / rm: "/" may not be removed Somebody is really clever in this World ;-) Well, FreeBSD folks made my day (again!). Note, that that I did on my live workstation (yes, I did test it on throw-away system first ;-) - so I can copy and paste what I got to this email. Valeri> -- > Jonathan Billings <billings at negate.org> > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >-- ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
Jonathan Billings
2019-Aug-29 15:53 UTC
[CentOS] Giving full administrator privileges through sudo on production systems
On Thu, Aug 29, 2019 at 10:25:50AM -0500, Valeri Galtsev wrote:> root at point:/home/valeri # cd > root at point:~ # whoami > root > root at point:~ # rm -rf / > rm: "/" may not be removed > > Somebody is really clever in this World ;-) Well, FreeBSD folks made my day > (again!). Note, that that I did on my live workstation (yes, I did test it > on throw-away system first ;-) - so I can copy and paste what I got to this > email.GNU coreutils also has that feature, you can't run 'rm -rf /' there either, you need to run it with --no-preserve-root. This was added to Coreutils in 2003. Be careful in FreeBSD, if you have POSIXLY_CORRECT defined, it will let you rm -rf /. -- Jonathan Billings <billings at negate.org>
Valeri Galtsev
2019-Aug-29 16:05 UTC
[CentOS] Giving full administrator privileges through sudo on production systems
On 2019-08-29 10:53, Jonathan Billings wrote:> On Thu, Aug 29, 2019 at 10:25:50AM -0500, Valeri Galtsev wrote: >> root at point:/home/valeri # cd >> root at point:~ # whoami >> root >> root at point:~ # rm -rf / >> rm: "/" may not be removed >> >> Somebody is really clever in this World ;-) Well, FreeBSD folks made my day >> (again!). Note, that that I did on my live workstation (yes, I did test it >> on throw-away system first ;-) - so I can copy and paste what I got to this >> email. > > GNU coreutils also has that feature, you can't run 'rm -rf /' there > either, you need to run it with --no-preserve-root. This was added to > Coreutils in 2003. Be careful in FreeBSD, if you have POSIXLY_CORRECT > defined, it will let you rm -rf /.Yes, I know... and I'm far from "admiring foolproofness" of which there is none... as [on FreeBSD] rm -rf /* does remove everything but "immutable" files, directories,... You can not make anything fool proof (unless it is android that is actually not owned by that fool no matter that the fool thinks it does ;-) Valeri -- ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
Possibly Parallel Threads
- Giving full administrator privileges through sudo on production systems
- Giving full administrator privileges through sudo on production systems
- Giving full administrator privileges through sudo on production systems
- Giving full administrator privileges through sudo on production systems
- Giving full administrator privileges through sudo on production systems