Linux – Protection from ourselves (Root)

administrationbashlinuxroot

I love Linux and everything she stands for; however, unfortunately I grew up with Windows. Thusly so I have learned very bad practices (such as NT Authority will protect me). I have several Linux VPS's for personal and educational uses and I manage all of them from the command line. Through the management of these servers I have learned very painful lessons of the power of the Root user. Such as:

  • rm -d -R /*
  • chown www-user:www-user -R /*
  • Etc.

I've only removed my root directory twice, but just last week I changed the permission of the whole drive – effectively locking the Root out.

Now I know that I should never be logged in as Root, but most of the time I have to deal with files that only the Root owns so I sudo and run the command.

So my question is, is there a way to prompt the user (who is root, or sudo'ed) when a potentially hazardous command is executed, so the user may rethink their decision? Possibly through scripts in Bash, or a different sudo wrapper.

Or (I ask this hopefully, and very simplified) is there a way to set up permissions where instead of a two tier user system (Root user, regular user) there is a three tier system like in Windows (NT Authority, Administrator, other User). Basically is there a way to keep the ability of System administration, but restrict access to some system files.

Best Answer

Get in the habit of doing an ls before you issue a command meant to work recursively or one that is dangerous. You can then see what files will be affected before proceeding.

rm supports the -i switch (causing it to prompt you) as well as --preserve-root (makes it fail on root) which should give you a small margin of safety. Other commands may have similar options. You can have these always be present with an alias rm=rm -i --preserve-root command, and may want to put that in your ~/.profile or ~/.bashrc so it is there every time you invoke your root shell.

Related Question