7

When using bash with or without sudo there are many traps. For example when logged in as root between

rm -rf ~/bin

and 

rm -rf /bin

there is just one character but this difference can make you quite unhappy.

To protect myself a little bit of such disasters I use this in my /etc/bash.bashrc (systemwide .bashrc):

if [ $UID -ne 0 ]; then
    # ask me before deleting
    alias rm='rm -i'
else
    # do not delete / or prompt if deleting more than 3 files at a time
    alias rm='rm -I --preserve-root'
fi

With this, I at least have to confirm deleting before running into disaster. Maybe there are even more dangerous commands as rm...

What are the most dangerous bash-commands and to protect myself from day-to-day disasters?

WeSee
  • 496

1 Answers1

11

First off, never use root to execute day-to-day commands.

That's the best way to actually expose yourself to disasters.

With that in mind, if you use sudo, you can actually limit commands AND the command options that a user can execute with sudo.

For example, in your sudoers file, you can limit using rm like so:

myuser ALL=(root)   NOPASSWD: rm -r

This would mean that myuser can only use sudo as root and can only execute rm with the -r option.

The sudoers file also support regex so you can really customize what can be executed while using sudo.

A good starting point...

Alex
  • 3,129
  • 23
  • 28