Prevent or recover from rm disasters.
Someday the unthinkable may happen. You're doing some routine maintenance and are distracted by a phone call or perhaps another employee's question. A moment later, you're faced with the awful realization that your fingers typed either arm *or arm -Rin the wrong place, and now a portion of your system has evaporated into nothingness.
Painful thought, isn't it? Let's pause for a moment to catch our breath and examine a few ways to prevent such a scenario from happening in the first place.
Close your eyes and think back to when you were a fresh-faced newbie and were introduced to the omnipotentrmcommand. Return to the time when you actually readman rmand first discovered the-iswitch. "What a great idea," you thought, "to be prompted for confirmation before irretrievably deleting a file from disk." However, you soon discovered that this switch can be a royal PITA. Face it, it's irritating to deal with the constant question of whether you're sure you want to remove a file when you just issued the command to remove that file.
Fortunately, there is a way to request confirmation only when youre about to do something as rash asrm *. Simply make a file called -i. Well, actually, it's not quite that simple. Your shell will complain if you try this:
% touch -i
You see, to your shell, -i looks like the-iswitch, whichtouchdoesn't have. That's actually part of the magic. The reason why we want to make a file called -i in the first place is to fool your shell: when you typerm *, the shell will expand*into all of the files in the directory. One of those files will be named -i, and, voila, you've just given the interactive switch torm.
So, how do we get past the shell to make this file? Use this command instead:
% touch ./-i
The./acts as a sort of separator instruction to the shell. To the left of the./go any options to the commandtouch; in this case, there are none. To the right of the./is the name of the file totouchin "this directory."
In order for this to be effective, you need to create a file called -i in every directory that you would like to protect from an inadvertentrm *.
An alternative method is to take advantage of thermstarshell variable found in thetcshshell. This method will always prompt for confirmation of arm *, regardless of your current directory, as long as you always usetcsh. Since the default shell for the superuser istcsh, add this line to /root/.cshrc:
If you want to take advantage of the protection immediately, force the shell to reread its configuration file:
# source /root/.cshrc
Now you know how to protect yourself fromrm *. Unfortunately, neither method will save you from arm -R. If you do manage to blow away a portion of your directory structure, how do you fix the mess with a minimum of fuss, fanfare, and years of teasing from your coworkers? Sure, you can always restore from backup, but that means filling in a form in triplicate, carrying it with you as you walk to the other side of the building where backups are stored, and sheepishly handing it over to the clerk in charge of tape storage.
Fortunately for a hacker, there is always more than one way to skin a cat, or in this case, to save your skin. That directory structure had to be created in the first place, which means it can be recreated.
When you installed FreeBSD, it created a directory structure for you. The utility responsible for this feat is calledmtree.
To see which directory structures were created withmtree:
% ls /etc/mtree/ ./ BSD.root.dist BSD.x11-4.dist ../ BSD.sendmail.dist BSD.x11.dist BSD.include.dist BSD.usr.dist BSD.local.dist BSD.var.dist
Each of these files is in ASCII text, meaning you can read, and more interestingly, edit their contents. If you're a hacker, I know what you're thinking. Yes, you can edit a file to remove the directories you don't want and to add other directories that you do.
Let's start with a simpler example. Say you've managed to blow away /var. To recreate it:
# mtree -deU -f /etc/mtree/BSD.var.dist -p /var
When you run this command, the recreated files will be echoed to standard output so you can watch as they are created for you. A few seconds later, you can:
% ls /var
That looks a lot better, but don't breathe that sigh of relief quite yet. You still have to recreate all of your log files. Yes, /var/log is still glaringly empty. Remember,mtreecreates a directory structure, not all of the files within that directory structure. If you have a directory structure containing thousands of files, you're better off grabbing your backup tape.
There is hope for /var/log, though. Rather than racking your brain for the names of all of the missing log files, do this instead:
% more /etc/newsyslog.conf
There you go, all of the default log names and their permissions. Simplytouchthe required files and adjust their permissions accordingly withchmod.
Let's get a little fancier and hack themtreehack. If you want to be able to create a homegrown directory structure, start by perusing the instructions in /usr/src/etc/mtree/README.
The one rule to keep in mind is don't use tabs. Instead, use four spaces for indentation. Here is a simple example:
% more MY.test.dist
Note that you can specify different permissions on different parts of the directory structure.
Next, I'll apply this file to my current directory:
# mtree -deU -f MY.test.dist
and check out the results:
# ls -F
As you can see,mtreecan be a real timesaver if you need to create custom directory structures when you do installations. Simply take a few moments to create a file containing the directory structure and its permissions. You'll gain the added bonus of having a record of the required directory structure.
blog comments powered by Disqus