Man deletes his entire company
The mind wobbles .... http://www.nydailynews.com/news/national/man-deletes-entire-company-running-... -- Stephen
Most of us have made that same mistake but without the disastrous results. "rm -rf" is a very big gun with a hair trigger. So its easy to shoot yourself in the foot with it and because its so big you may not just lose your foot but a leg or two. Sadly this guy was looking down the barrel when he oops'd. On 04/15/2016 12:28 PM, Stephen wrote:
The mind wobbles ....
http://www.nydailynews.com/news/national/man-deletes-entire-company-running-...
-- Alvin Starr || voice: (905)513-7688 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||
I will admit to doing that once when I first began with Linux. Not a biggie had nothing on that system I wanted. I didn't realize I was in the root directory. Lesson learned. Always double check the path :) On Apr 15, 2016 12:41 PM, "Alvin Starr" <alvin@netvel.net> wrote:
Most of us have made that same mistake but without the disastrous results.
"rm -rf" is a very big gun with a hair trigger. So its easy to shoot yourself in the foot with it and because its so big you may not just lose your foot but a leg or two. Sadly this guy was looking down the barrel when he oops'd.
On 04/15/2016 12:28 PM, Stephen wrote:
The mind wobbles ....
http://www.nydailynews.com/news/national/man-deletes-entire-company-running-...
-- Alvin Starr || voice: (905)513-7688 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||
--- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
Another almost as destructive operation is the chmod -R... One day my boss ran chmod -R firebird:firebird . while thinking he was on /var/lib/firebird. He was on /, ran a cd /var/lib/firebird, mistyped something, and shot the server. He was explaining to me why Firebird was so awesome, and did't realized the command took way more time than it should. When I noticed where he was and told him, he jumped for the keyboard but pressed ^C after chmod finished. Phones started ringing... It was a very long weekend... On those days, we had only one beefy server hosting everything: Web, mail, cvs, a couple databases for several clients, NFS and FTP, LDAP, DNS, and almost everything you could install on a Linux circa 2002. Everything except, well, backup... Mauro http://mauro.limeiratem.com - registered Linux User: 294521 Scripture is both history, and a love letter from God. 2016-04-15 14:46 GMT-03:00 Digiital aka David <digiital@gmail.com>:
I will admit to doing that once when I first began with Linux. Not a biggie had nothing on that system I wanted. I didn't realize I was in the root directory. Lesson learned. Always double check the path :) On Apr 15, 2016 12:41 PM, "Alvin Starr" <alvin@netvel.net> wrote:
Most of us have made that same mistake but without the disastrous results.
"rm -rf" is a very big gun with a hair trigger. So its easy to shoot yourself in the foot with it and because its so big you may not just lose your foot but a leg or two. Sadly this guy was looking down the barrel when he oops'd.
On 04/15/2016 12:28 PM, Stephen wrote:
The mind wobbles ....
http://www.nydailynews.com/news/national/man-deletes-entire-company-running-...
-- Alvin Starr || voice: (905)513-7688 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||
--- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
--- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
On 16-04-15 01:52 PM, Mauro Souza wrote:
Another almost as destructive operation is the chmod -R...
One day my boss ran chmod -R firebird:firebird
You may have meant to type "chown". A chmod using user and group ID's will usually spit out an error message. -- Cheers! Kevin. http://www.ve3syb.ca/ |"Nerds make the shiny things that distract Owner of Elecraft K2 #2172 | the mouth-breathers, and that's why we're | powerful!" #include <disclaimer/favourite> | --Chris Hardwick
| From: Stephen <stephen-d@rogers.com> | http://www.nydailynews.com/news/national/man-deletes-entire-company-running-... About "rm -rf", the article says: The code usually deleted specific parts of a server or computer, but because this code didn't have a specified target, it deleted everything. This isn't true of the rm(1) command. No operand means delete nothing. The story does not ring true for other reasons. But it could be.
The followup discussion sounded doubtful, and the author is probably thinking of very old GCOS systems, where rm really could mean rm * for the (temp) files in your login session. --dave On 15/04/16 12:47 PM, D. Hugh Redelmeier wrote:
| From: Stephen <stephen-d@rogers.com>
| http://www.nydailynews.com/news/national/man-deletes-entire-company-running-...
About "rm -rf", the article says:
The code usually deleted specific parts of a server or computer, but because this code didn't have a specified target, it deleted everything.
This isn't true of the rm(1) command. No operand means delete nothing.
The story does not ring true for other reasons. But it could be. --- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
-- David Collier-Brown, | Always do right. This will gratify System Programmer and Author | some people and astonish the rest davecb@spamcop.net | -- Mark Twain
On 15 April 2016 at 12:47, D. Hugh Redelmeier <hugh@mimosa.com> wrote:
This isn't true of the rm(1) command. No operand means delete nothing.
The following article gives more specifics: <http://www.independent.co.uk/life-style/gadgets-and-tech/news/man-accidentally-deletes-his-entire-company-with-one-line-of-bad-code-a6984256.html> The script actually contained rm -rf {foo}/{bar} The error caused foo and bar to be null so the result was rm -rf / -- Scott
I saw this on Slashdot and on serverfault. He was using Ansible at the time, and all remote backups were mounted at that time, and wiped clean too. Yes, catastrophic mistake, but he could recover almost all data with testdisk. I recovered a disk for a colleague once, could recover almost 95%. A journaled filesystem is very good for recovering things. Mauro http://mauro.limeiratem.com - registered Linux User: 294521 Scripture is both history, and a love letter from God. 2016-04-15 14:09 GMT-03:00 Scott Allen <mlxxxp@gmail.com>:
On 15 April 2016 at 12:47, D. Hugh Redelmeier <hugh@mimosa.com> wrote:
This isn't true of the rm(1) command. No operand means delete nothing.
The following article gives more specifics: < http://www.independent.co.uk/life-style/gadgets-and-tech/news/man-accidental...
The script actually contained rm -rf {foo}/{bar}
The error caused foo and bar to be null so the result was rm -rf /
-- Scott --- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
| From: Mauro Souza <thoriumbr@gmail.com> | I saw this on Slashdot and on serverfault. He was using Ansible at the | time, and all remote backups were mounted at that time, and wiped clean too. ServerFault has declared it to be a hoax and taken it down. <http://meta.serverfault.com/questions/8696/what-to-do-with-the-rm-rf-hoax-question>
On 15/04/16 01:54 PM, D. Hugh Redelmeier wrote:
| From: Mauro Souza <thoriumbr@gmail.com>
| I saw this on Slashdot and on serverfault. He was using Ansible at the | time, and all remote backups were mounted at that time, and wiped clean too.
ServerFault has declared it to be a hoax and taken it down.
<http://meta.serverfault.com/questions/8696/what-to-do-with-the-rm-rf-hoax-question>
The unfortunate part of all this is that it has gone viral and half-truths and outright falsehoods are being spread by those who are either clueless or have an axe to grind. Think of who benefits when the mainstream media picks up this story and the "Linux scary" message is imprinted into the minds of the PHBs and the generally tech-illiterate population. I see so much of this in other spheres, particularly when it comes to anything to do with terrorism, refugees, or Islam, on social media. Stupid algorithms of course will pick up that I used those three words in succession and might further reinforce the biases of those who are constantly beating that drum. Here is a recent example. <https://www.halifaxexaminer.ca/featured/the-chronicle-herald-unfairly-maligns-kids-in-attack-on-refugees/> The usual suspects were all over the original story that the Chronicle Herald ran and it was spread like wildfire by those who are predisposed to look for confirmation of their biases. By the time the article referenced above came out, the damage had already been done. The echo chamber known as "social media" had firmly established the original story as "the truth", not unlike the belief amongst a substantial part of the American population that the 9/11 hijackers entered the Unites States via Canada. The Internet is like a Hydra (from Greek mythology, not Marvel Comics) once stories like this go viral. I'd love to know who started this and what their motivations were. -- Regards, Clifford Ilkay + 1 647-778-8696
On Fri, Apr 15, 2016 at 01:54:32PM -0400, D. Hugh Redelmeier wrote:
| From: Mauro Souza <thoriumbr@gmail.com>
| I saw this on Slashdot and on serverfault. He was using Ansible at the | time, and all remote backups were mounted at that time, and wiped clean too.
ServerFault has declared it to be a hoax and taken it down.
<http://meta.serverfault.com/questions/8696/what-to-do-with-the-rm-rf-hoax-question>
Well other than posting about it and asking for advice, it sure sounded plausible. -- Len Sorensen
On Fri, 15 Apr 2016 14:33:49 -0300 Mauro Souza <thoriumbr@gmail.com> wrote:
I saw this on Slashdot and on serverfault. He was using Ansible at the time, and all remote backups were mounted at that time, and wiped clean too.
Yes, catastrophic mistake, but he could recover almost all data with testdisk. I recovered a disk for a colleague once, could recover almost 95%. A journaled filesystem is very good for recovering things.
I have my backup script set up to create the mount point, mount my backup drive, backup, unmount the backup drive, then delete the mount point. I did this in case I get a destructive cracker. I was _very_ careful when I tested the script. I do so appreciate the rmdir command. Most of my backup recoveries are due to me doing something stupid like the subject of this thread. -- Howard Gibson hgibson@eol.ca howard.gibson@teledyneoptech.com jhowardgibson@gmail.com http://home.eol.ca/~hgibson
On Fri, 15 Apr 2016 14:33:49 -0300 Mauro Souza <thoriumbr@gmail.com> wrote:
I saw this on Slashdot and on serverfault. He was using Ansible at the time, and all remote backups were mounted at that time, and wiped clean too.
Yes, catastrophic mistake, but he could recover almost all data with testdisk. I recovered a disk for a colleague once, could recover almost 95%. A journaled filesystem is very good for recovering things.
There used to be ads on the Linux Journal for something called Buttsaver from Lone Tar software. that recovered deleted UNIX/Linux files. The ads contained some nasty comments about voice mail, and a suggestion that you "call the cowboy". My search for "buttsaver+cowboy" brought up a Stormfront website, among other thing. A search for "buttsaver+lone+tar" brought up something about a women whose job title is "Chief fluffy Butt Saver", plus some very old websites. -- Howard Gibson hgibson@eol.ca howard.gibson@teledyneoptech.com jhowardgibson@gmail.com http://home.eol.ca/~hgibson
Now a UK hosting provider got inspired and did almost the same: http://www.theregister.co.uk/2016/04/18/123reg_titsup_customer_vpss_gone/ Mauro http://mauro.limeiratem.com - registered Linux User: 294521 Scripture is both history, and a love letter from God. 2016-04-17 2:03 GMT-03:00 Howard Gibson <hgibson@eol.ca>:
On Fri, 15 Apr 2016 14:33:49 -0300 Mauro Souza <thoriumbr@gmail.com> wrote:
I saw this on Slashdot and on serverfault. He was using Ansible at the time, and all remote backups were mounted at that time, and wiped clean too.
Yes, catastrophic mistake, but he could recover almost all data with testdisk. I recovered a disk for a colleague once, could recover almost 95%. A journaled filesystem is very good for recovering things.
There used to be ads on the Linux Journal for something called Buttsaver from Lone Tar software. that recovered deleted UNIX/Linux files. The ads contained some nasty comments about voice mail, and a suggestion that you "call the cowboy". My search for "buttsaver+cowboy" brought up a Stormfront website, among other thing. A search for "buttsaver+lone+tar" brought up something about a women whose job title is "Chief fluffy Butt Saver", plus some very old websites.
-- Howard Gibson hgibson@eol.ca howard.gibson@teledyneoptech.com jhowardgibson@gmail.com http://home.eol.ca/~hgibson --- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
On 04/18/2016 09:52 AM, Mauro Souza wrote:
Now a UK hosting provider got inspired and did almost the same: http://www.theregister.co.uk/2016/04/18/123reg_titsup_customer_vpss_gone/
Incorrectly setup HA environments can have the same effect. Two systems talking to a file system as if each owns it will do way more damage then an rm -rf in much less time. -- Alvin Starr || voice: (905)513-7688 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||
I really wanted a contract to recover a ZFS filesystem that happened to: what you can get a a history tree, with some of the most recent branches infested with termites. Kill the termites, grind out the bad spots and copy the (two?) partial subtrees to sepaqrate filesystems on new media. --dave On 18/04/16 10:27 AM, Alvin Starr wrote:
On 04/18/2016 09:52 AM, Mauro Souza wrote:
Now a UK hosting provider got inspired and did almost the same: http://www.theregister.co.uk/2016/04/18/123reg_titsup_customer_vpss_gone/
Incorrectly setup HA environments can have the same effect. Two systems talking to a file system as if each owns it will do way more damage then an rm -rf in much less time.
-- David Collier-Brown, | Always do right. This will gratify System Programmer and Author | some people and astonish the rest davecb@spamcop.net | -- Mark Twain
On Mon, 18 Apr 2016 10:52:59 -0300 Mauro Souza <thoriumbr@gmail.com> wrote:
Now a UK hosting provider got inspired and did almost the same: http://www.theregister.co.uk/2016/04/18/123reg_titsup_customer_vpss_gone/
Mauro
I run a website for a hiking club. One day, that got deleted. I re-uploaded thing from my home computer and I complained to the server. They replied "Oh, you have got it back up again!" That was the closest I got to an explanation. Obviously, the moral of this is that anything maintained on and uploaded from your computer, can easily be recovered if something happens on the server. -- Howard Gibson hgibson@eol.ca howard.gibson@teledyneoptech.com jhowardgibson@gmail.com http://home.eol.ca/~hgibson
Back when I was in college, some colleagues were webdesigners and had a hosting provider. They usually mounted via CIFS the remote directory and worked direct on the server. They said it was more convenient, as they could work anywhere without having to carry the websites around with them. In that case, a remote catastrophic event would wipe out their work too. I had some clients that time too. Sometimes they asked me for quick patches and I usually connected to the provider and edited the file directly. It would be bad too... Let me rsync those sites back here, just in case... Mauro http://mauro.limeiratem.com - registered Linux User: 294521 Scripture is both history, and a love letter from God. 2016-04-18 21:07 GMT-03:00 Howard Gibson <hgibson@eol.ca>:
On Mon, 18 Apr 2016 10:52:59 -0300 Mauro Souza <thoriumbr@gmail.com> wrote:
Now a UK hosting provider got inspired and did almost the same:
http://www.theregister.co.uk/2016/04/18/123reg_titsup_customer_vpss_gone/
Mauro
I run a website for a hiking club. One day, that got deleted. I re-uploaded thing from my home computer and I complained to the server. They replied "Oh, you have got it back up again!" That was the closest I got to an explanation. Obviously, the moral of this is that anything maintained on and uploaded from your computer, can easily be recovered if something happens on the server.
-- Howard Gibson hgibson@eol.ca howard.gibson@teledyneoptech.com jhowardgibson@gmail.com http://home.eol.ca/~hgibson --- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
On 04/15/2016 01:09 PM, Scott Allen wrote:
On 15 April 2016 at 12:47, D. Hugh Redelmeier <hugh@mimosa.com> wrote:
This isn't true of the rm(1) command. No operand means delete nothing. The following article gives more specifics: <http://www.independent.co.uk/life-style/gadgets-and-tech/news/man-accidentally-deletes-his-entire-company-with-one-line-of-bad-code-a6984256.html>
The script actually contained rm -rf {foo}/{bar}
The error caused foo and bar to be null so the result was rm -rf /
The cyrus imap people came up with an elegant solution to people doing this kind of thing to their mail accounts. Expunging the contents of a mailbox will not actually remove the contents till some number of days later. There is something to be said for deletion to trash. I wonder if anybody has hacked the unlink systemcall to provide a safe delete. Something like moving the files to something like a lost_and_found type of directory where it can be cleaned out after some time period or based on free space requirements. As an aside there is an extundelete but I am not sure how well it works. -- Alvin Starr || voice: (905)513-7688 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||
On 04/15/2016 01:44 PM, Alvin Starr wrote:
The cyrus imap people came up with an elegant solution to people doing this kind of thing to their mail accounts. Expunging the contents of a mailbox will not actually remove the contents till some number of days later.
I have my email app configured to only remove email over a week old from the Trash folder. I figure if I don't need it by then, I don't need it. I just wish I could get Outlook to do the same thing on my work computer.
| From: Scott Allen <mlxxxp@gmail.com> | The script actually contained | rm -rf {foo}/{bar} | | The error caused foo and bar to be null so the result was | rm -rf / I don't know what was processing the commands. If it was a normal shell, it ought to have been rm -rf ${foo}/${bar} This is EXACTLY why I start all my shell scripts with set -eu The e means stop on an unexpected non-zero return code. The u means that referenceing an unset variable is an error.
On 2016-04-15 01:46 PM, D. Hugh Redelmeier wrote:
This is EXACTLY why I start all my shell scripts with set -eu The e means stop on an unexpected non-zero return code. The u means that referenceing an unset variable is an error.
Even if the original story was a hoax, it if meant me finding out about 'set -eu', I have learned a lot from it. I have actually done this twice (see, I said in my intro last week that I shouldn't be allowed near sharp things): once on my first linux box (all 40 MB of its system), and once on a work SCO machine that meant days fiddling about with QIC tapes. Both of these were about 20 years ago. Around the same time I allowed the system disc of a VMS machine to become full, something that required several calls to Digital's premium hotlines. DEC UK's tech support team later admitted that they'd never actually had to deal with this issue before. These slips I can chalk up to the ignorance and carelessness of youth. I do despair somewhat of the casual way that sudo is slung around these days. I recently had to decline being the technical reader for a beginners' "Python for Raspberry Pi" book by [publisher redacted], as the author of the book was under the impression that all scripts needed sudo to run, and that it was perfectly okay to run a script as root that executed arbitrary commands from a text file created by a user. cheers, Stewart
| From: Stewart C. Russell <scruss@gmail.com> | I do despair somewhat of the casual way that sudo is slung around these | days. Amen to that. (The rest of your message was interesting too.) I was reading an article about people porting Linux desktops to Windows as a complement to the ubuntu userland that Microsoft will support this summer. <http://www.zdnet.com/article/how-to-run-linux-desktop-apps-on-windows/> Since Ubuntu on WSL automatically runs as root, you don't need to add sudo to the command for it to run. (WSL is Windows Subsystem for Linux, the thing Microsoft provides to support Ubuntu userland.) That's pretty scary. Microsoft still doesn't get Linux.
On 04/15/2016 03:54 PM, D. Hugh Redelmeier wrote:
Since Ubuntu on WSL automatically runs as root, you don't need to add sudo to the command for it to run.
(WSL is Windows Subsystem for Linux, the thing Microsoft provides to support Ubuntu userland.)
That's pretty scary.
Microsoft still doesn't get Linux.
How is that any different from all the Windows users, who insist on running with Admin privileges?
"set -u" won't help in case of foo= bar= rm -rf $foo/$bar On Friday, April 15, 2016 1:46 PM, D. Hugh Redelmeier <hugh@mimosa.com> wrote: | From: Scott Allen <mlxxxp@gmail.com> | The script actually contained | rm -rf {foo}/{bar} | | The error caused foo and bar to be null so the result was | rm -rf / I don't know what was processing the commands. If it was a normal shell, it ought to have been rm -rf ${foo}/${bar} This is EXACTLY why I start all my shell scripts with set -eu The e means stop on an unexpected non-zero return code. The u means that referenceing an unset variable is an error. --- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
| From: William Park <opengeometry@yahoo.ca> | "set -u" won't help in case of foo= bar= rm -rf $foo/$bar Your mail client formats text in a funny way. If I look at the HTML, I see you meant: foo= fbar= rm -rf $foo/$bar No, of course it won't protect you if you actually aim your gun at your foot and pull the trigger. It just prevents some accidental discharges. Can you give a likely situation where you'd write code like that? If foo is to be a directory, the most likely default would be ".", not "". If fbar is to be a filename, "" makes no sense as a default. If fbar is to be a list of filenames, "" makes sense as a default, but then the rm command does not. My experience with retrofitting "set -eu" into other peoples' scripts is that it finds a lot of errors but many don't matter. That's because the other people have mostly debugged the script. On the other hand, the level of testing scripts is typically poor so any new way of testing finds bugs. If I write a script with "set -eu" I find my errors more quickly and thus reduce debugging time. The errors found are really easy to make and are sometimes hard to discover otherwise.
On 16-04-15 01:09 PM, Scott Allen wrote:
The script actually contained rm -rf {foo}/{bar}
The error caused foo and bar to be null so the result was rm -rf /
That is why you test your script and just echo commands like the above to check the script will fill in the details appropriately. The script could also have built a path and stored it in an environment variable then checked the variable contents before use. Also, for this to have deleted everything it would have had to have been run with root privileges. Its one thing for this to happen to a home machine. For a company server you would expect to have more than one backup and never hook up more than one backup to the live servers at a time. As has been suggested, it is likely a hoax. Perhaps an April Fools joke that someone picked up and ran with not realizing it was a joke. -- Cheers! Kevin. http://www.ve3syb.ca/ |"Nerds make the shiny things that distract Owner of Elecraft K2 #2172 | the mouth-breathers, and that's why we're | powerful!" #include <disclaimer/favourite> | --Chris Hardwick
On Fri, Apr 15, 2016 at 02:06:32PM -0400, Kevin Cozens wrote:
That is why you test your script and just echo commands like the above to check the script will fill in the details appropriately. The script could also have built a path and stored it in an environment variable then checked the variable contents before use.
Yep, of course.
Also, for this to have deleted everything it would have had to have been run with root privileges.
And it was.
Its one thing for this to happen to a home machine. For a company server you would expect to have more than one backup and never hook up more than one backup to the live servers at a time.
Of course you should have more than one backup device. As long as it is connected to the live system, it is NOT a backup device. It is only a backup device when it is no longer connected. Seems this person didn't understand that.
As has been suggested, it is likely a hoax. Perhaps an April Fools joke that someone picked up and ran with not realizing it was a joke.
I wish I could believe that, but I suspect it really did happen. Some people should not be designing and running systems. -- Len Sorensen
On 04/15/2016 04:26 PM, Lennart Sorensen wrote:
On Fri, Apr 15, 2016 at 02:06:32PM -0400, Kevin Cozens wrote:
That is why you test your script and just echo commands like the above to check the script will fill in the details appropriately. The script could also have built a path and stored it in an environment variable then checked the variable contents before use. Yep, of course.
Also, for this to have deleted everything it would have had to have been run with root privileges. And it was. For things like system backups you tend to have to run as root.
Its one thing for this to happen to a home machine. For a company server you would expect to have more than one backup and never hook up more than one backup to the live servers at a time. Of course you should have more than one backup device. As long as it is connected to the live system, it is NOT a backup device. It is only a backup device when it is no longer connected. Seems this person didn't understand that. Your backup device often has to be connected to the server. I have yet to see a backup media the magicaly gets data written to it while on the shelf. So once you have plugged in your back up media to backup and your backup program runs wild ... your kind of screwed.
As has been suggested, it is likely a hoax. Perhaps an April Fools joke that someone picked up and ran with not realizing it was a joke. I wish I could believe that, but I suspect it really did happen. Some people should not be designing and running systems.
I kind of think it would be possible to use selinux to insure things like backups or system files cannot be deleted by accident. That would take some work to get right and I believe most systems run with selinux disabled. I know there are more than a few packages that I administer where they outright say the selinux must be disabled. Screwing up backup software is all too easy. I once worked for a computer company the sold systems to banks and for about a 3 month period a bug in the tape driver software was writing blank tapes. It was not discovered till a customer tried to restore something simple. Fortunately nobody needed to do a real restore of important data. This company had a number of VERY smart people doing the coding but still silly errors crept through. -- Alvin Starr || voice: (905)513-7688 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||
On Fri, Apr 15, 2016 at 05:12:40PM -0400, Alvin Starr wrote:
For things like system backups you tend to have to run as root.
Often for some parts.
Your backup device often has to be connected to the server. I have yet to see a backup media the magicaly gets data written to it while on the shelf. So once you have plugged in your back up media to backup and your backup program runs wild ... your kind of screwed.
That's why you have a rotation of backup devices. That way you still have a backup while creating a new one. If your only backup is connected to your system, then you have no backups at all.
I kind of think it would be possible to use selinux to insure things like backups or system files cannot be deleted by accident.
That would take some work to get right and I believe most systems run with selinux disabled. I know there are more than a few packages that I administer where they outright say the selinux must be disabled.
Screwing up backup software is all too easy. I once worked for a computer company the sold systems to banks and for about a 3 month period a bug in the tape driver software was writing blank tapes. It was not discovered till a customer tried to restore something simple. Fortunately nobody needed to do a real restore of important data.
Well it isn't really a backup until it is verified either. Many people skip that step. I certainly have at home in many cases.
This company had a number of VERY smart people doing the coding but still silly errors crept through.
-- Len Sorensen
On 04/15/2016 05:40 PM, Lennart Sorensen wrote:
On Fri, Apr 15, 2016 at 05:12:40PM -0400, Alvin Starr wrote:
For things like system backups you tend to have to run as root. Often for some parts. Its those parts where bad things happening can really hurt. Your backup device often has to be connected to the server. I have yet to see a backup media the magicaly gets data written to it while on the shelf. So once you have plugged in your back up media to backup and your backup program runs wild ... your kind of screwed. That's why you have a rotation of backup devices. That way you still have a backup while creating a new one. If your only backup is connected to your system, then you have no backups at all. Rotating backup media is becoming a thing of the past. A lot of organizations are moving to cloud backup or backing up to some NSA/SAN or other connected device. In an environment where changing disks/tapes is hard like in a data centre then the single backup device is attractive.
I do work for a backup provider and they have a large number of companies who in essence have a single point of failure for their backups. For better or for worse people are moving their backups offsite but into a single location.
I kind of think it would be possible to use selinux to insure things like backups or system files cannot be deleted by accident.
That would take some work to get right and I believe most systems run with selinux disabled. I know there are more than a few packages that I administer where they outright say the selinux must be disabled.
Screwing up backup software is all too easy. I once worked for a computer company the sold systems to banks and for about a 3 month period a bug in the tape driver software was writing blank tapes. It was not discovered till a customer tried to restore something simple. Fortunately nobody needed to do a real restore of important data. Well it isn't really a backup until it is verified either. Many people skip that step. I certainly have at home in many cases. True enough but testing your recovery processes is something that is seldom done. Taking systems offline to do a full recovery is just too big a pain.
You also have to do the recovery testing on a regular basis.
This company had a number of VERY smart people doing the coding but still silly errors crept through.
-- Alvin Starr || voice: (905)513-7688 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||
On Fri, Apr 15, 2016 at 05:59:02PM -0400, Alvin Starr wrote:
Rotating backup media is becoming a thing of the past. A lot of organizations are moving to cloud backup or backing up to some NSA/SAN or other connected device. In an environment where changing disks/tapes is hard like in a data centre then the single backup device is attractive.
I do work for a backup provider and they have a large number of companies who in essence have a single point of failure for their backups.
For better or for worse people are moving their backups offsite but into a single location.
Well at the very least you should use multiple remote instances that you can mount and backup to. If you have a single remote storage pool for backups, then you do in fact have zero backups while doing a new backup. There is no reason you could not have multiple separate storage pools that you only ever mount one of at a time to avoid anything stupid wiping out old backups while doing a new one. But I supose this cloud stuff really is making people stupid. They can't imagine anything could go wrong with the cloud.
True enough but testing your recovery processes is something that is seldom done. Taking systems offline to do a full recovery is just too big a pain.
Yep, but it means you very well might not have a backup. If it really mattered you would have spare hardware for testing and disaster recovery already, in which case the test would not be that hard.
You also have to do the recovery testing on a regular basis.
For sure. Even less likely to be done than testing it once. -- Len Sorensen
On Fri, Apr 15, 2016 at 12:47:49PM -0400, D. Hugh Redelmeier wrote:
About "rm -rf", the article says:
The code usually deleted specific parts of a server or computer, but because this code didn't have a specified target, it deleted everything.
This isn't true of the rm(1) command. No operand means delete nothing.
The story does not ring true for other reasons. But it could be.
It is written wrong. Elsewhere it explained that it was rm -rf ${foo}/${bar} with both environment variables empty which hence means rm -rf / So yes, far from empty arguments to rm. Empty environment variables. -- Len Sorensen
On 04/15/2016 04:23 PM, Lennart Sorensen wrote:
On Fri, Apr 15, 2016 at 12:47:49PM -0400, D. Hugh Redelmeier wrote:
About "rm -rf", the article says:
The code usually deleted specific parts of a server or computer, but because this code didn't have a specified target, it deleted everything.
This isn't true of the rm(1) command. No operand means delete nothing.
The story does not ring true for other reasons. But it could be.
It is written wrong. Elsewhere it explained that it was rm -rf ${foo}/${bar} with both environment variables empty which hence means rm -rf /
So yes, far from empty arguments to rm. Empty environment variables.
Reading through the thread, I've seen no mention, --preserve-root do not remove '/' In modern RHEL/CentOS 7 it's actually on by default. -- Scott Sullivan
On 04/16/2016 01:03 PM, Scott Sullivan wrote:
Reading through the thread, I've seen no mention,
--preserve-root do not remove '/'
In modern RHEL/CentOS 7 it's actually on by default.
Results from my Fedora 23 test VM (where it is already default in the native version of rm, older versions you had to invoke specifically). [root@munchkin ~]# rm -rf ${foo}/${bar} rm: it is dangerous to operate recursively on ‘/’ rm: use --no-preserve-root to override this failsafe [root@munchkin ~]# -- Scott Sullivan
Maybe he was using Windows PowerShell, which has adopted a lot of UNIX-isms including "rm" with recursive and force options. If it behaves anything like DEL with recursive and force options, it will traverse UPWARDS as well as DOWNWARDS in a directory tree (having been burned by that behaviour first-hand a few years ago). On 15 Apr 2016 at 12:47, D. Hugh Redelmeier wrote:
| From: Stephen <stephen-d@rogers.com>
| http://www.nydailynews.com/news/national/man-deletes-entire-company-running-...
About "rm -rf", the article says:
The code usually deleted specific parts of a server or computer, but because this code didn't have a specified target, it deleted everything.
This isn't true of the rm(1) command. No operand means delete nothing.
The story does not ring true for other reasons. But it could be. --- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
Seems like it was all a hoax. https://developers.slashdot.org/story/16/04/16/1646212/that-man-who-deleted-... On Sat, Apr 16, 2016 at 9:34 PM, Paul King <sciguy@vex.net> wrote:
Maybe he was using Windows PowerShell, which has adopted a lot of UNIX-isms including "rm" with recursive and force options. If it behaves anything like DEL with recursive and force options, it will traverse UPWARDS as well as DOWNWARDS in a directory tree (having been burned by that behaviour first-hand a few years ago).
On 15 Apr 2016 at 12:47, D. Hugh Redelmeier wrote:
| From: Stephen <stephen-d@rogers.com>
| http://www.nydailynews.com/news/national/man-deletes-entire-company-running-...
About "rm -rf", the article says:
The code usually deleted specific parts of a server or computer, but because this code didn't have a specified target, it deleted everything.
This isn't true of the rm(1) command. No operand means delete nothing.
The story does not ring true for other reasons. But it could be. --- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
--- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
On 16-04-16 09:34 PM, Paul King wrote:
Maybe he was using Windows PowerShell, which has adopted a lot of UNIX-isms including "rm" with recursive and force options. If it behaves anything like DEL with recursive and force options, it will traverse UPWARDS as well as DOWNWARDS in a directory tree (having been burned by that behaviour first-hand a few years ago).
Can't you just picture Microsoft implementing "rm -r" so that it also does upward recursion as well as downward? That would burn a lot of people. -- Cheers! Kevin. http://www.ve3syb.ca/ |"Nerds make the shiny things that distract Owner of Elecraft K2 #2172 | the mouth-breathers, and that's why we're | powerful!" #include <disclaimer/favourite> | --Chris Hardwick
On Fri, 15 Apr 2016 12:47:49 -0400 (EDT) "D. Hugh Redelmeier" <hugh@mimosa.com> wrote:
About "rm -rf", the article says:
The code usually deleted specific parts of a server or computer, but because this code didn't have a specified target, it deleted everything.
This isn't true of the rm(1) command. No operand means delete nothing.
What they actually showed was "RM-RF", completely harmless, at least until Linux includes a retaliation feature that punishes people for typing in invalid commands. -- Howard Gibson hgibson@eol.ca howard.gibson@teledyneoptech.com jhowardgibson@gmail.com http://home.eol.ca/~hgibson
participants (16)
-
Alvin Starr -
CLIFFORD ILKAY -
D. Hugh Redelmeier -
David Collier-Brown -
Digiital aka David -
Howard Gibson -
James Knott -
Kevin Cozens -
Lennart Sorensen -
Mauro Souza -
Paul King -
Scott Allen -
Scott Sullivan -
Stephen -
Stewart C. Russell -
William Park