一. 环境
本地华为桌面云服务器环境
Centos 7.6
二. 问题描述:
安装safe-rm,防止rm -rf /命令误删除文件,防止这种误删除操作
三. 解决方案:
1.安装safe-rm
下载并解压safe-rm
wget https://launchpad.net/safe-rm/trunk/0.13/+download/safe-rm-0.13.tar.gz
2.解压在/usr/local文件夹
tar axf safe-rm-0.13.tar.gz
3.复制safe-rm-0.13下的 safe-rm 命令 到/usr/local/bin目录
cp /usr/local/safe-rm-0.13/safe-rm /usr/local/bin/
4.做一个 rm 命令的符号链接
执行 rm 命令就相当于执行 safe-rm
ln -s /usr/local/bin/safe-rm /usr/local/bin/rm
5.配置环境变量
????????vim /etc/profile
????????添加
????????export PATH=/usr/local/bin:/bin:/usr/bin:$PATH
????????保存后使环境变量生效
????????source /etc/profile
# /etc/profile
# System wide environment and startup programs, for login setup
# Functions and aliases go in /etc/bashrc
# It's NOT a good idea to change this file unless you know what you
# are doing. It's much better to create a custom.sh shell script in
# /etc/profile.d/ to make custom changes to your environment, as this
# will prevent the need for merging in future updates.
pathmunge () {
case ":${PATH}:" in
*:"$1":*)
;;
*)
if [ "$2" = "after" ] ; then
PATH=$PATH:$1
else
PATH=$1:$PATH
fi
esac
}
if [ -x /usr/bin/id ]; then
if [ -z "$EUID" ]; then
# ksh workaround
EUID=`/usr/bin/id -u`
UID=`/usr/bin/id -ru`
fi
USER="`/usr/bin/id -un`"
LOGNAME=$USER
MAIL="/var/spool/mail/$USER"
fi
# Path manipulation
if [ "$EUID" = "0" ]; then
pathmunge /usr/sbin
pathmunge /usr/local/sbin
else
pathmunge /usr/local/sbin after
pathmunge /usr/sbin after
fi
HOSTNAME=`/usr/bin/hostname 2>/dev/null`
HISTSIZE=1000
if [ "$HISTCONTROL" = "ignorespace" ] ; then
export HISTCONTROL=ignoreboth
else
export HISTCONTROL=ignoredups
fi
export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE HISTCONTROL
# By default, we want umask to get set. This sets it for login shell
# Current threshold for system reserved uid/gids is 200
# You could check uidgid reservation validity in
# /usr/share/doc/setup-*/uidgid file
if [ $UID -gt 199 ] && [ "`/usr/bin/id -gn`" = "`/usr/bin/id -un`" ]; then
umask 002
else
umask 022
fi
for i in /etc/profile.d/*.sh /etc/profile.d/sh.local ; do
if [ -r "$i" ]; then
if [ "${-#*i}" != "$-" ]; then
. "$i"
else
. "$i" >/dev/null
fi
fi
done
unset i
unset -f pathmunge
export PATH=/usr/local/bin:/bin:/usr/bin:$PATH
6.创建编辑配置文件
把所有根目录(/)下目录加入配置文件中
vi /etc/safe-rm.conf
/bin
/boot
/dev
/etc
/home
/lib
/lib64
/lost+found
/media
/mnt
/opt
/proc
/root
/run
/sbin
/srv
/sys
/tmp
/usr
/var
7.测试
?执行 rm -rf /* 出现问题
[root@iZ2ze61irhf5hraj25r9gvZ local]# rm -rf /*
safe-rm: skipping /bak
safe-rm: skipping /boot
safe-rm: skipping /dev
safe-rm: skipping /erp
safe-rm: skipping /etc
safe-rm: skipping /home
safe-rm: skipping /media
safe-rm: skipping /mnt
safe-rm: skipping /opt
safe-rm: skipping /proc
safe-rm: skipping /root
safe-rm: skipping /run
safe-rm: skipping /srv
safe-rm: skipping /sys
safe-rm: skipping /tmp
safe-rm: skipping /usr
safe-rm: skipping /var
[root@iZ2ze61irhf5hraj25r9gvZ local]# ls
-bash: /usr/bin/ls: /lib64/ld-linux-x86-64.so.2: bad ELF interpreter: 没有那个文件或目录
[root@iZ2ze61irhf5hraj25r9gvZ local]# cat /etc/passwd
-bash: /usr/bin/cat: /lib64/ld-linux-x86-64.so.2: bad ELF interpreter: 没有那个文件或目录
5.给 /?添加特殊权限完美解决问题
[root@iZ2ze61irhf5hraj25r9gvZ local]# chattr +i /
[root@iZ2ze61irhf5hraj25r9gvZ local]# rm -rf /*
safe-rm: skipping /boot
safe-rm: skipping /dev
safe-rm: skipping /etc
safe-rm: skipping /home
safe-rm: skipping /lost+found
safe-rm: skipping /media
safe-rm: skipping /mnt
safe-rm: skipping /opt
safe-rm: skipping /proc
safe-rm: skipping /root
safe-rm: skipping /run
safe-rm: skipping /srv
safe-rm: skipping /sys
safe-rm: skipping /tmp
safe-rm: skipping /usr
safe-rm: skipping /var
/bin/rm: cannot remove ‘/bin’: Permission denied
/bin/rm: cannot remove ‘/lib’: Permission denied
/bin/rm: cannot remove ‘/lib64’: Permission denied
/bin/rm: cannot remove ‘/sbin’: Permission denied
[root@iZ2ze61irhf5hraj25r9gvZ local]#
注释:
注:
#配置文件里面的/etc只能保证执行"rm -rf /etc"命令的时候不能删除,但是如果执行"rm -rf /etc/app",还是可以删除app文件的
|