I failed to delete the database and run away

One “ practical ” Good command , I have to try ？

Hello everyone , I'm fish skin .

In programming , There is a well-known utility Linux command ：rm -rf / .

It is said that , Once this command is executed successfully , Will bring happiness to people , It's a good command of kindness , So I like to call it Happy command .

ok , Don't put the , In fact, the function of this order is Delete all files on the server ！ It's an extremely dangerous order ！

We may have heard a lot of data deletion and running events before , Some of the culprits are this order .

Remember the first two weeks , I just bought a new cloud server , I'm going to show you how to build an application development environment . It didn't work out , Some friends even encouraged me to input on the spot “ Happy command ”, Want to see what happens .

Something so exciting , I have to try ？

therefore , I turn on the terminal , Connect to server , Enter the happy command . and , If you want to do it, you have to do it absolutely , I even drove at the same time Three client , I'm going to enter commands at the same time , Three times as happy ！

OK, take off ！

But the result , The data has not been deleted , Instead, a warning pops up , It is forbidden to delete ！

I'm sorry , It turns out to be a disappointment ~

In fact, before this line of command , I'm not worried at all , Because I believe Tencent cloud server can't even have this security guarantee .

That's the question , How to prevent the bad effects of happy command ？

Let's share some of the methods I have learned ~

How to prevent rm -rf command ？

There are many ways , I've put together a brief outline ：

Good habit

First , The people who use servers most are definitely ourselves , Therefore, we should first develop good use habits , Protect the server , Starts from me .

Regular backup

To prevent data on the server （ database 、 User files 、 Configuration files, etc ） Deleted by mistake , Important files on the server can be downloaded locally or synchronized to other storage space on a regular basis , Generally, timed scripts are used （crontab Orders, etc ） Or tool automatic timing synchronization .

Override command

To prevent accidents rm The adverse effects of orders , We can use this command as little as possible , Use some other commands instead of deleting .

such as mv command , The function is to move files or change names , You can create a new directory similar to the recycle bin , Then throw in the files you want to delete .

#  New recycle bin directory 
mkdir trash
#  Move files to the recycle bin 
mv file.txt trash

For documents that may be needed in the future , You can add .bak suffix , Represents a backup ：

mv file.txt file.txt.bak

however , Even with good habits , Sometimes you may neglect , Accidentally hit rm command , Accidentally deleted file .

Mo panic , There are other safer ways .

Alias Alias

Linux Medium alias The command is used to alias instructions , It's kind of like a reference to an object .

for instance , Could have used mkdir Command create directory , If I don't think I can recite this command , That would give him an alias ：

alias md=mkdir

then , We can use md Command to create a directory .

Empathy , We can rm The command is set as an alias for other commands , So as to prevent the original deletion function .

In fact, many servers have set some aliases for us to protect the security of system files by default , Let's open it .bashrc file ：

cat /root/.bashrc

You can see the following code ：

# .bashrc

# User specific aliases and functions

alias rm='rm -i'
alias cp='cp -i'
alias mv='mv -i'

The system has been designed for rm The command is configured with an alias , When we type in rm when , What is actually carried out is rm -i, adopt -i Parameter to ask if we want to delete , Only the input y After the confirmation , Delete only .

Manual recycle bin

be based on alias command , We can automatically rm The command is redirected to put the file in the recycle bin directory , The operation is as follows ：

The first change .bashrc file （Linux Next environment configuration file , Used to save some personalized configuration ）：

vim ~/.bashrc

Add the following code at the end of the file ：

#  Create a .trash  Hide directory 
mkdir ~/.trash
#  Use the alias  del  Instead of  rm  
alias rm=del
#  take  rm  The order was changed to  mv 
del()               
{  
  mv [email protected] ~/.trash/  
}

Save and exit , Then enter the following command to make the changes take effect ：

source ~/.bashrc

Be accomplished , And then execute rm command , It will automatically move to the recycle bin directory ！

trash

In addition to writing your own recycle bin scripts manually , You can also use off the shelf open source projects trash,Mac Users can install it directly with one line of command , You can use it happily .

Project address ：https://github.com/ali-rantakari/trash

Rights management

The above way is for personal server users , Generally enough , But if it's team development , Multiple people operating on one server at the same time , It's hard to say who suddenly deleted the file, right .

therefore , It's better to set reasonable permissions for the files on the server , The common ways are as follows .

Modify file permissions

The most direct way , Direct use chmod Command to modify the read of the specified file 、 Write 、 Executive authority , For example, the following command ：

chmod 700 file.txt

The function is to set only the user who creates the file to read and write , Other users do not have access to .

chattr

Linux System native chattr The order is Change Attribute Abbreviation , Change the properties of a file , It can be used to prevent files and directories from being accidentally deleted or modified .

For example, the following command ：

sudo chattr +i file.txt

adopt +i Parameter added to the file “ Do not modify the ” Properties of , This can't be deleted 、 Change of name 、 Set link relationship , At the same time, you can't write or add new content . This parameter is an artifact to improve system security ！

Let's try the effect ：

Sure enough, the deletion failed , Prompt operation not allowed .

If you want to protect the directory , Just one more -R Just parameters ：

sudo chattr -R +i myDir

Set up sudo jurisdiction

sudo yes Linux Common commands , You can use root user （ Super administrator ） The identity of the executive order .

If you give an ordinary user the identity of Super Administrator , He will be able to do anything , It's very dangerous ！

So you can use visudo command , Modified for ordinary users sudo The right to command .

Input visudo, Will enter automatically /etc/sudoers Editor of the document , Try appending a line ：

dog localhost=/bin/rm /file/*

That means , user dog Delete only /file A file in a directory , It can't be deleted at will .

Lshell

Another open source Linux Safety artifact Lshell, Can be used to build a restricted Linux Script execution environment .

Project address ：https://github.com/ghantoos/lshell

After one line of command is installed , You can modify its configuration file /etc/lshell.conf, To manage user behavior .

For example, the following configuration , Prohibit users from yupi Use rm command , Prevent the goods from deleting documents and running away ：

 [yupi] allowed = 'all' - ['rm']

In general , The above measures are enough for protection , It's easier .

But in the end , I want to remind you that , Don't try this command easily . A moment of curiosity, a moment of excitement , I'm going to sleep in the dump tomorrow ！

Finally, I'll send you some more Help me get to the big factory offer Learning resources , the height is 6 T！

ran , leave 6T Resources for ！

How do I teach myself , Get Tencent 、 Byte and other big factories offer Of , You can read this article , No more confusion ！

I studied computer for four years , Mutual encouragement ！

I'm fish skin , give the thumbs-up It's still a request , I wish you all the best 、 Make a fortune 、 Universiade .