一. 环境
本地华为桌面云服务器环境
Centos 7.6
二. 问题描述:
安装safe-rm,防止rm -rf /命令误删除文件,防止这种误删除操作
三. 解决方案:
1.安装safe-rm
下载并解压safe-rm
wget /safe-rm/trunk/0.13/+download/safe-rm-0.13.tar.gz
2.解压在/usr/local文件夹
tar axf safe-rm-0.13.tar.gz
3.复制safe-rm-0.13下的 safe-rm 命令 到/usr/local/bin目录
cp /usr/local/safe-rm-0.13/safe-rm /usr/local/bin/
4.做一个 rm 命令的符号链接
执行 rm 命令就相当于执行 safe-rm
ln -s /usr/local/bin/safe-rm /usr/local/bin/rm
5.配置环境变量
vim /etc/profile
添加
export PATH=/usr/local/bin:/bin:/usr/bin:$PATH
保存后使环境变量生效
source /etc/profile
# /etc/profile# System wide environment and startup programs, for login setup# Functions and aliases go in /etc/bashrc# It's NOT a good idea to change this file unless you know what you# are doing. It's much better to create a custom.sh shell script in# /etc/profile.d/ to make custom changes to your environment, as this# will prevent the need for merging in future updates.pathmunge () {case ":${PATH}:" in*:"$1":*);;*)if [ "$2" = "after" ] ; thenPATH=$PATH:$1elsePATH=$1:$PATHfiesac}if [ -x /usr/bin/id ]; thenif [ -z "$EUID" ]; then# ksh workaroundEUID=`/usr/bin/id -u`UID=`/usr/bin/id -ru`fiUSER="`/usr/bin/id -un`"LOGNAME=$USERMAIL="/var/spool/mail/$USER"fi# Path manipulationif [ "$EUID" = "0" ]; thenpathmunge /usr/sbinpathmunge /usr/local/sbinelsepathmunge /usr/local/sbin afterpathmunge /usr/sbin afterfiHOSTNAME=`/usr/bin/hostname 2>/dev/null`HISTSIZE=1000if [ "$HISTCONTROL" = "ignorespace" ] ; thenexport HISTCONTROL=ignorebothelseexport HISTCONTROL=ignoredupsfiexport PATH USER LOGNAME MAIL HOSTNAME HISTSIZE HISTCONTROL# By default, we want umask to get set. This sets it for login shell# Current threshold for system reserved uid/gids is 200# You could check uidgid reservation validity in# /usr/share/doc/setup-*/uidgid fileif [ $UID -gt 199 ] && [ "`/usr/bin/id -gn`" = "`/usr/bin/id -un`" ]; thenumask 002elseumask 022fifor i in /etc/profile.d/*.sh /etc/profile.d/sh.local ; doif [ -r "$i" ]; thenif [ "${-#*i}" != "$-" ]; then . "$i"else. "$i" >/dev/nullfifidoneunset iunset -f pathmungeexport PATH=/usr/local/bin:/bin:/usr/bin:$PATH
6.创建编辑配置文件
把所有根目录(/)下目录加入配置文件中
vi /etc/safe-rm.conf
/bin/boot/dev/etc/home/lib/lib64/lost+found/media/mnt/opt/proc/root/run/sbin/srv/sys/tmp/usr/var
7.测试
执行 rm -rf /* 出现问题
[root@iZ2ze61irhf5hraj25r9gvZ local]# rm -rf /*safe-rm: skipping /baksafe-rm: skipping /bootsafe-rm: skipping /devsafe-rm: skipping /erpsafe-rm: skipping /etcsafe-rm: skipping /homesafe-rm: skipping /mediasafe-rm: skipping /mntsafe-rm: skipping /optsafe-rm: skipping /procsafe-rm: skipping /rootsafe-rm: skipping /runsafe-rm: skipping /srvsafe-rm: skipping /syssafe-rm: skipping /tmpsafe-rm: skipping /usrsafe-rm: skipping /var[root@iZ2ze61irhf5hraj25r9gvZ local]# ls-bash: /usr/bin/ls: /lib64/ld-linux-x86-64.so.2: bad ELF interpreter: 没有那个文件或目录[root@iZ2ze61irhf5hraj25r9gvZ local]# cat /etc/passwd-bash: /usr/bin/cat: /lib64/ld-linux-x86-64.so.2: bad ELF interpreter: 没有那个文件或目录
5.给 /添加特殊权限完美解决问题
[root@iZ2ze61irhf5hraj25r9gvZ local]# chattr +i /[root@iZ2ze61irhf5hraj25r9gvZ local]# rm -rf /*safe-rm: skipping /bootsafe-rm: skipping /devsafe-rm: skipping /etcsafe-rm: skipping /homesafe-rm: skipping /lost+foundsafe-rm: skipping /mediasafe-rm: skipping /mntsafe-rm: skipping /optsafe-rm: skipping /procsafe-rm: skipping /rootsafe-rm: skipping /runsafe-rm: skipping /srvsafe-rm: skipping /syssafe-rm: skipping /tmpsafe-rm: skipping /usrsafe-rm: skipping /var/bin/rm: cannot remove ‘/bin’: Permission denied/bin/rm: cannot remove ‘/lib’: Permission denied/bin/rm: cannot remove ‘/lib64’: Permission denied/bin/rm: cannot remove ‘/sbin’: Permission denied[root@iZ2ze61irhf5hraj25r9gvZ local]#
注释:
注:
#配置文件里面的/etc只能保证执行"rm -rf /etc"命令的时候不能删除,但是如果执行"rm -rf /etc/app",还是可以删除app文件的
如果觉得《Centos 7.5安装safe-rm 防止rm -rf /命令误删除文件》对你有帮助,请点赞、收藏,并留下你的观点哦!
