|
How to keep Unix from ERASING you entire hard drive??
okay, so my "friend" opens up terminal...tells me he has this funny thing to show me. He types this crazy string, presses enter, and everything on my hard drive begins to be erased!!
I wasn't logged in as a super user...i was using the admin accoun(not the root), and the guy didn't know my password. fortunately i was able to stop the process without much loss. But how do you prevent some savvy unix user from killing my hard drive? |
what was the string??
Was any part of it 'sudo'? |
i'm not sure what hte string was...i don't know unix. What does sudo mean?
|
Did you kick his ass for being such a turd?
Doesn't sound like much of a friend. Maybe you could slash his tires as a "joke." |
Re: How to keep Unix from ERASING you entire hard drive??
Quote:
|
Quote:
|
Quote:
su and sudo are "substitute user" facilities. root being a user to substitute and run a command as. from man sudo... "sudo allows a permitted user to execute a command as the superuser or another user, as specified in the sudoers file." while su is only accessible to users in groups wheel or admin, the sudo utility is controlled by entries in the file /etc/sudoers, which, by default in OSX, allows group admin to sudo to root, but doesn't have to. sudo has granularity down to allow/disallow user, runas, group, host, command see man 5 sudoers -- yes, nick, i am the man hound from hell, nipping at your heels :D |
so basically...if i leave my computer unguarded for even a second then i can potentially lose everything...password or not.
there is absolutely no way to prevent this? |
Why don't you find out what the string was or is it a state secret???
|
If your "friend" didn't know your password, then he can't have used the 'sudo' command. Hence he only had permission to delete whatever you would normally have permission to delete.
So whatever command he ran couldn't have been erasing *all* of your files - it might just have been erasing some of them (and giving error messages about not having permission to delete the others). Yes, someone can delete your stuff if they have access to the Terminal. But someone can delete your stuff if they have access to the Finder: select all, move to trash, empty trash. It's no different. And by the way, did you know that if you turn your back for a second, your "friend" could use a secret maneuver that would result in your whole computer being thrown out the window? |
I personally tend to be a bit hysterical about my computer in the lab (which I frequently leave alone). So I just set up a "hot corner" (which starts the screen saver immediately when you move the mouse to that corner) and made the screen saver ask for my password (both are in the screen saver system preferences). Secure enough for me...
cheers, pink |
Was there some kind of message you saw like "Erasing harddrive ..."? If so, your friend probably just played a joke with you, writing a little script on the command line that displays some fake "Erasing harddrive"-message with a progress indicator or something to scare you.
If it really deleted stuff, then he probably typed in "rm -rf * which would delete almost everything in your home directory and some stuff in other directories if executed at the root (/) level of the directory tree. In this case you'd be well advised not to let this "friend" anywhere near your computer (or your home as a matter of things) any more! It's always a good idea to turn on a password-protected screensaver or log out any time you leave your computer alone in an environment that can be accessed by others. |
Quote:
|
Quote:
|
And they could just pull the plug, and restart in single user mode, where they'd have the power of root. merv said it best:
i am the man hound from hell, nipping at your heels Wait, not that one. Here's where merv said it best: zealously guard access to your scooby snacks Meaning keep your machine in a locked closet. In a bunker. 4 miles under the ocean. On a remote planet. Or you can just do what I do. I have a powerbook, which I keep down my trousers at all times. That helps keep others from trying to use my computer too :D |
Hello,
If your so call friend opened a terminal window, the default directory is your user directory; therefore he has permission to delete everything in it. It would be the same as opening your home folder selecting all and throwing in trash. What can you do to protect? Very simple, turn off auto-login and whenever you leave your computer log out (apple shift Q). They could still get in through other ways (like single user mode), but he'd have to be mac savvy for that. If you're really paranoid, then there is a firmware updater that disables single user mode and starting up with external drives or CDs. That coupled with turning off auto-login and logging out would make it alot harder. Vonleigh P.D: there are much more evil things you can do than erasing all the files ^^ |
Firstly I would like to repeat what has been said before: No sudo without your password.
Secondly, here is a pretty common way to protect accidential deletion of files: Create a file named -i (preferably with no righs for anyone) in each directory you wish to protect, e.g. Code:
touch /Users/yourname/temp/\-iThat would at least have given you some time to yank your "friend" from your keyboard at prevented the operation from continuing after that. And yes, slash his tires as a joke. Alex |
Hello,
You know, I tried that tip when I read it in UGU a few days ago and couldn't get it to work as described. I dont think it works on the same on OS X. I got a prompting of the shell alright, but it was because of the chmod, not because of the flag (which isn't being recognized as one). For that I prefer adding a -i switch as an alias to rm. Vonleigh |
Quote:
the touch ./\-i trick is a good one. beware, it can cause some problems when processing directories with some commands. vonleigh, works here... Code:
$ touch ./\-i |
Hi vonleigh,
the -i file works well on Mac OS X, what happened on your machine? Why I don't like the alias command is because that usually requires setting the rm -i alias for all shells for all users (if I am not mistaken), if you wish to be sure. Granted, the -i file may cause some weird behavior for other commands, that may be the lesser evil depending on what your goal is. Alex |
MT,
My methodology wasn't quite right while testing, upon further tests it does work as described (I was deleting whole dirs that contained the switch); d'oh. Vonleigh |
it's generally considered bad form to alias a true command, i.e., mask it's canonical name.
with rm, doubly so, because one gets false-confidence, and when one is su'd or sudo'd to another account, or remote'd to another machine, and has the bad habit instilled in their mind that they're safe and protected, this will bite. you'll usually hear a loud "Oh ****!" followed by denial, weeping, anger, fear, flop-sweat, chagrin, the whole gamut. another trick and good habit. never use a naked rm without seeing its results first. you can do this by proceeding rm with echo... Code:
$ lsyou can use this trick most anywhere as it merely expands the glob term and spits it to stdout. |
just a little comment on the sudo thing.. you don't have to know the sudo password, if it's already been entered into that terminal window. if your friend somehow got you to enter your password while helping you do someother stuff, and then ran that script later.. you left yourself wide open.
|
for 5 minutes...
% man sudo
... "Once a user has been authenticated, a timestamp is updated and the user may then use sudo without a password for a short period of time (5 minutes unless overridden in sudoers)..." % sudo -k # expire sudo timeout now (kill) % sudo -v # renew sudo timeout for another N minutes (validate) |
Heads up!
Just as a warning about using the magical "touch ./\-i" trick, it does NOT work if you have a file in the directory whose name begins with a space. In fact, I imagine that it wont work if you have ANY file with a character that is sorted in "before" the "-". When this is the case, "rm -rf *" merely deletes everything, including the "-i" file.
Sorry if this isnt formatted nicely enough for you, but its my first reply. |
thanks, gowmc. yep. there are quite a few chars that collate before '-' in the roman ascii context...
Code:
040 sp 041 ! 042 " 043 # 044 $ 045 % 046 & 047 'some of these chars should not be used in filenames at all. e.g., if you use an odd number of ticks in a filename, you're going to have a lot of trouble getting that sucker thru filters. and none of them should be characters that you start your filenames with! if you want filenames to collate before alpha names, use a number scheme. |
make the -i file start with spaces
I haven't tried this - but it seems to me that you could ensure that the -i file trick described above will always work if you create the file with a bunch of spaces before the -i in its name.
|
| All times are GMT -5. The time now is 06:13 PM. |
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Site design © IDG Consumer & SMB; individuals retain copyright of their postings
but consent to the possible use of their material in other areas of IDG Consumer & SMB.