Prevent or recover from rm disasters.
Someday the unthinkable may happen. You're doing some routine maintenance and are distracted by a phone call or perhaps another employee's question. A moment later, you're faced with the awful realization that your fingers typed either a rm * or a rm -R in the wrong place, and now a portion of your system has evaporated into nothingness.
Painful thought, isn't it? Let's pause for a moment to catch our breath and examine a few ways to prevent such a scenario from happening in the first place.
Close your eyes and think back to when you were a fresh-faced newbie and were introduced to the omnipotent rm command. Return to the time when you actually read man rm and first discovered the -i switch. "What a great idea," you thought, "to be prompted for confirmation before irretrievably deleting a file from disk." However, you soon discovered that this switch can be a royal PITA. Face it, it's irritating to deal with the constant question of whether you're sure you want to remove a file when you just issued the command to remove that file.
2.11.1 Necessary Interaction
Fortunately, there is a way to request confirmation only when you're about to do something as rash as rm *. Simply make a file called -i. Well, actually, it's not quite that simple. Your shell will complain if you try this:
% touch -i touch: illegal option -- i usage: touch [-acfhm] [-r file] [-t [[CC]Y]MMDDhhmm[.SS]] file ...
You see, to your shell, -i looks like the -i switch, which touch doesn't have. That's actually part of the magic. The reason why we want to make a file called -i in the first place is to fool your shell: when you type rm *, the shell will expand * into all of the files in the directory. One of those files will be named -i, and, voila, you've just given the interactive switch to rm.
So, how do we get past the shell to make this file? Use this command instead:
% touch ./-i
The ./ acts as a sort of separator instruction to the shell. To the left of the ./ go any options to the command touch; in this case, there are none. To the right of the ./ is the name of the file to touch in "this directory."
In order for this to be effective, you need to create a file called -i in every directory that you would like to protect from an inadvertent rm *.
An alternative method is to take advantage of the rmstar shell variable found in the tcsh shell. This method will always prompt for confirmation of a rm *, regardless of your current directory, as long as you always use tcsh. Since the default shell for the superuser is tcsh, add this line to /root/.cshrc:
If you want to take advantage of the protection immediately, force the shell to reread its configuration file:
# source /root/.cshrc
2.11.2 Using mtree
Now you know how to protect yourself from rm *. Unfortunately, neither method will save you from a rm -R. If you do manage to blow away a portion of your directory structure, how do you fix the mess with a minimum of fuss, fanfare, and years of teasing from your coworkers? Sure, you can always restore from backup, but that means filling in a form in triplicate, carrying it with you as you walk to the other side of the building where backups are stored, and sheepishly handing it over to the clerk in charge of tape storage.
Fortunately for a hacker, there is always more than one way to skin a cat, or in this case, to save your skin. That directory structure had to be created in the first place, which means it can be recreated.
When you installed FreeBSD, it created a directory structure for you. The utility responsible for this feat is called mtree.
To see which directory structures were created with mtree:
% ls /etc/mtree/ ./ BSD.root.dist BSD.x11-4.dist ../ BSD.sendmail.dist BSD.x11.dist BSD.include.dist BSD.usr.dist BSD.local.dist BSD.var.dist
Each of these files is in ASCII text, meaning you can read, and more interestingly, edit their contents. If you're a hacker, I know what you're thinking. Yes, you can edit a file to remove the directories you don't want and to add other directories that you do.
Let's start with a simpler example. Say you've managed to blow away /var. To recreate it:
# mtree -deU -f /etc/mtree/BSD.var.dist -p /var
When you run this command, the recreated files will be echoed to standard output so you can watch as they are created for you. A few seconds later, you can:
% ls /var ./ crash/ heimdal/ preserve/ yp/ ../ cron/ lib/ run/ account/ db/ log/ rwho/ at/ empty/ mail/ spool/ backups/ games/ msgs/
That looks a lot better, but don't breathe that sigh of relief quite yet. You still have to recreate all of your log files. Yes, /var/log is still glaringly empty. Remember, mtree creates a directory structure, not all of the files within that directory structure. If you have a directory structure containing thousands of files, you're better off grabbing your backup tape.
There is hope for /var/log, though. Rather than racking your brain for the names of all of the missing log files, do this instead:
% more /etc/newsyslog.conf # configuration file for newsyslog # $FreeBSD: src/etc/newsyslog.conf,v 1.42 2002/09/21 12:07:35 markm Exp $ # # Note: some sites will want to select more restrictive protections than the # defaults. In particular, it may be desirable to switch many of the 644 # entries to 640 or 600. For example, some sites will consider the # contents of maillog, messages, and lpd-errs to be confidential. In the # future, these defaults may change to more conservative ones. # # logfilename [owner:group] mode count size when [ZJB] [/pid_file] [sig_num] /var/log/cron 600 3 100 * J /var/log/amd.log 644 7 100 * J /var/log/auth.log 600 7 100 * J /var/log/kerberos.log 600 7 100 * J /var/log/lpd-errs 644 7 100 * J /var/log/xferlog 600 7 100 * J /var/log/maillog 640 7 * @T00 J /var/log/sendmail.st 640 10 * 168 B /var/log/messages 644 5 100 * J /var/log/all.log 600 7 * @T00 J /var/log/slip.log root:network 640 3 100 * J /var/log/ppp.log root:network 640 3 100 * J /var/log/security 600 10 100 * J /var/log/wtmp 644 3 * @01T05 B /var/log/daily.log 640 7 * @T00 J /var/log/weekly.log 640 5 1 $W6D0 J /var/log/monthly.log 640 12 * $M1D0 J /var/log/console.log 600 5 100 * J
There you go, all of the default log names and their permissions. Simply touch the required files and adjust their permissions accordingly with chmod.
2.11.3 Customizing mtree
Let's get a little fancier and hack the mtree hack. If you want to be able to create a homegrown directory structure, start by perusing the instructions in /usr/src/etc/mtree/README.
The one rule to keep in mind is don't use tabs. Instead, use four spaces for indentation. Here is a simple example:
% more MY.test.dist #home grown test directory structure /set type=dir uname=test gname=test mode=0755 . test1 .. test2 subdir2a .. subdir2b .. subsubdir2c mode=01777 .. .. ..
Note that you can specify different permissions on different parts of the directory structure.
Next, I'll apply this file to my current directory:
# mtree -deU -f MY.test.dist
and check out the results:
# ls -F test1/ test2/ # ls -F test1 # # ls -F test2 subdir2a/ subdir2b/ # ls -F test2/subdir2b subsubdir2c/
As you can see, mtree can be a real timesaver if you need to create custom directory structures when you do installations. Simply take a few moments to create a file containing the directory structure and its permissions. You'll gain the added bonus of having a record of the required directory structure.
2.11.4 See Also