对于Unix/Linux程序员来说,"rm -rf /"一直被认为是一个极度危险的操作,因为直接把根目录给删除了,整个操作系统也就崩溃了。但实际上会是这样的吗?呵呵,请看图:
啊哈,世界并没有安静,一如既往地喧嚣。怎么回事儿?让我们来扒一扒源代码,
01 - 下载源代码(coreutils-8.30)
root# cd /tmp root# wget https://download.fedoraproject.org/pub/fedora/linux/updates/29/Everything/SRPMS/Packages/c/coreutils-8.30-7.fc29.src.rpm root# mkdir /tmp/coreutils root# rpm -ivh --define '_topdir /tmp/coreutils' coreutils-8.30-7.fc29.src.rpm root# cd /tmp/coreutils/SOURCES root# ls -l *.xz -rw-rw-r--. 1 root root 5359532 Jul 2 2018 coreutils-8.30.tar.xz root# tar Jxf coreutils-8.30.tar.xz
02 - 查看rm -rf /的运行轨迹
1 root@intel-sharkbay-dh-02:/# strace rm -rf / 2 execve("/usr/bin/rm", ["rm", "-rf", "/"], 0x7ffde6de8960 /* 43 vars */) = 0 3 brk(NULL) = 0x558b0cb0f000 4 ...<snip>... 5 lstat("/", {st_mode=S_IFDIR|0555, st_size=224, ...}) = 0 6 newfstatat(AT_FDCWD, "/", {st_mode=S_IFDIR|0555, st_size=224, ...}, AT_SYMLINK_NOFOLLOW) = 0 7 openat(AT_FDCWD, "/usr/share/locale/en_US.UTF-8/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory) 8 ...<snip>... 9 openat(AT_FDCWD, "/usr/share/locale/en/LC_MESSAGES/coreutils.mo", O_RDONLY) = -1 ENOENT (No such file or directory) 10 write(2, "rm: ", 4rm: ) = 4 11 write(2, "it is dangerous to operate recur"..., 45it is dangerous to operate recursively on '/') = 45 12 write(2, " ", 1 13 ) = 1 14 write(2, "rm: ", 4rm: ) = 4 15 write(2, "use --no-preserve-root to overri"..., 48use --no-preserve-root to override this failsafe) = 48 16 write(2, " ", 1 17 ) = 1 18 lseek(0, 0, SEEK_CUR) = -1 ESPIPE (Illegal seek) 19 close(0) = 0 20 close(1) = 0 21 close(2) = 0 22 exit_group(1) = ? 23 +++ exited with 1 +++
注意第5行和11行:
5 lstat("/", {st_mode=S_IFDIR|0555, st_size=224, ...}) = 0 11 write(2, "it is dangerous to operate recur"..., 45it is dangerous to operate recursively on '/') = 45
03 - 查看rm对应的源代码
03.01 main() in rm.c
/* coreutils-8.30/src/rm.c#209 */ 208 int 209 main (int argc, char **argv) 210 { 211 bool preserve_root = true; ... 229 while ((c = getopt_long (argc, argv, "dfirvIR", long_opts, NULL)) != -1) 230 { 231 switch (c) 232 { ... 237 case 'f': 238 x.interactive = RMI_NEVER; 239 x.ignore_missing_files = true; 240 prompt_once = false; 241 break; ... 255 case 'r': 256 case 'R': 257 x.recursive = true; 258 break; ... 341 } 342 343 if (x.recursive && preserve_root) 344 { 345 static struct dev_ino dev_ino_buf; 346 x.root_dev_ino = get_root_dev_ino (&dev_ino_buf); 347 if (x.root_dev_ino == NULL) 348 die (EXIT_FAILURE, errno, _("failed to get attributes of %s"), 349 quoteaf ("/")); 350 } ... 370 enum RM_status status = rm (file, &x); 371 assert (VALID_STATUS (status)); 372 return status == RM_ERROR ? EXIT_FAILURE : EXIT_SUCCESS; 373 }
在第346行,调用了函数get_root_dev_info(), 用以获取 root设备信息。
346 x.root_dev_ino = get_root_dev_ino (&dev_ino_buf);
其中,get_root_dev_info()实现如下:
/* coreutils-8.30/lib/root-dev-ino.c */ 25 /* Call lstat to get the device and inode numbers for '/'. 26 Upon failure, return NULL. Otherwise, set the members of 27 *ROOT_D_I accordingly and return ROOT_D_I. */ 28 struct dev_ino * 29 get_root_dev_ino (struct dev_ino *root_d_i) 30 { 31 struct stat statbuf; 32 if (lstat ("/", &statbuf)) 33 return NULL; 34 root_d_i->st_ino = statbuf.st_ino; 35 root_d_i->st_dev = statbuf.st_dev; 36 return root_d_i; 37 }
第32行调用了lstat(), 这和我们在前面看到的strace rm -rf /的输出正好对应。
5 lstat("/", {st_mode=S_IFDIR|0555, st_size=224, ...}) = 0
rm.c的第370行调用了函数rm(), 这是我们接下来要重点分析的函数。
370 enum RM_status status = rm (file, &x);
03.02 rm() in remove.c
/* coreutils-8.30/src/remove.c#576 */ 574 /* Remove FILEs, honoring options specified via X. 575 Return RM_OK if successful. */ 576 enum RM_status 577 rm (char *const *file, struct rm_options const *x) 578 { 579 enum RM_status rm_status = RM_OK; 580 581 if (*file) 582 { ... 590 FTS *fts = xfts_open (file, bit_flags, NULL); 591 592 while (1) 593 { ... 596 ent = fts_read (fts); ... 607 enum RM_status s = rm_fts (fts, ent, x); ... 610 UPDATE_STATUS (rm_status, s); 611 } ... 618 } 619 620 return rm_status; 621 }
在第607行,函数rm()调用了函数rm_fts()。
03.03 rm_fts() in remove.c
/* coreutils-8.30/src/remove.c#418 */ 417 static enum RM_status 418 rm_fts (FTS *fts, FTSENT *ent, struct rm_options const *x) 419 { 420 switch (ent->fts_info) 421 { ... 438 /* Perform checks that can apply only for command-line arguments. */ 439 if (ent->fts_level == FTS_ROOTLEVEL) 440 { ... 454 /* POSIX also says: 455 If a command line argument resolves to "/" (and --preserve-root 456 is in effect -- default) diagnose and skip it. */ 457 if (ROOT_DEV_INO_CHECK (x->root_dev_ino, ent->fts_statp)) 458 { 459 ROOT_DEV_INO_WARN (ent->fts_path); 460 fts_skip_tree (fts, ent); 461 return RM_ERROR; 462 } ... 571 } 572 }
在第457行和459行,分别调用了宏函数。其中,L457的宏是把当前操作目录与根(/)做比较。
457 if (ROOT_DEV_INO_CHECK (x->root_dev_ino, ent->fts_statp))
而L459是打印警告信息。
459 ROOT_DEV_INO_WARN (ent->fts_path);
03.04 ROOT_DEV_INO_WARN() in lib/root-dev-info.h
/* coreutils-8.30/lib/root-dev-ino.h#33 */ 33 # define ROOT_DEV_INO_WARN(Dirname) 34 do 35 { 36 if (STREQ (Dirname, "/")) 37 error (0, 0, _("it is dangerous to operate recursively on %s"), 38 quoteaf (Dirname)); 39 else 40 error (0, 0, 41 _("it is dangerous to operate recursively on %s (same as %s)"), 42 quoteaf_n (0, Dirname), quoteaf_n (1, "/")); 43 error (0, 0, _("use --no-preserve-root to override this failsafe")); 44 } 45 while (0)
第37行和43行打印的信息,和我们执行rm -rf /之后看到的信息完全一致。
root@intel-sharkbay-dh-02:/# rm -rf / rm: it is dangerous to operate recursively on '/' rm: use --no-preserve-root to override this failsafe
03.05 ROOT_DEV_INO_CHECK() in lib/root-dev-info.h
/* coreutils-8.30/lib/root-dev-ino.h#30 */ 30 # define ROOT_DEV_INO_CHECK(Root_dev_ino, Dir_statbuf) 31 (Root_dev_ino && SAME_INODE (*Dir_statbuf, *Root_dev_ino))
宏SAME_INODE的实现如下:
/* coreutils-8.30/lib/same-inode.h#42 */ 42 # define SAME_INODE(a, b) 43 ((a).st_ino == (b).st_ino 44 && (a).st_dev == (b).st_dev)
到此为止,我们就完全看明白了为什么"rm -rf /"会被拒绝执行,因为现代版的rm命令已经已经针对野蛮的"rm -rf /"行为做了安全性检查。
结论:
- 在现代的Unix/Linux系统中,"rm -rf /"不再危险,因为rm命令本身做了相应的安全检查。也就是说,不但"rm -rf /"不危险,而且"rm -rf //"和"rm -rf /tmp/../"之类的也不危险。
- 虽然"rm -rf /"已经不再危险,但是"rm -rf /*"还是很危险滴,因为通配符'*'的存在。如好奇,请在你的虚拟机中予以尝试 。但是,本人强烈不推荐这么做! 否则,如下类似的输出就会泛洪于你的终端之上,即使你立即按CTRL+C也于事无补,至少常见的系统命令诸如ls, rm是立马不见了。。。
root@hp-moonshot-03-c31:/# id -un root root@hp-moonshot-03-c31:/# rm -rf /* rm: cannot remove '/boot/efi': Device or resource busy rm: cannot remove '/dev/mqueue': Device or resource busy rm: cannot remove '/dev/hugepages': Device or resource busy rm: cannot remove '/dev/pts/1': Operation not permitted ...<snip>... rm: cannot remove '/proc/63/mountstats': Operation not permitted rm: cannot remove '/proc/63/clear_refs': Operation not permitted ^C root@hp-moonshot-03-c31:/# root@hp-moonshot-03-c31:/# ls bash: /usr/bin/ls: No such file or directory
因为
root# rm -rf /* 等价于 root# rm -rf /bin /boot /dev /etc /home /lib /lib64 /lost+found /media /misc /mnt /net /nfs /opt /proc /root /run /sbin /srv /sys /tmp /usr /var
所以
!!! NEVER TRY "rm -rf /*" !!!