[CentOS] In A UEFI World, "rm -rf /" Can Brick Your System

Mon Feb 1 23:04:09 UTC 2016
Valeri Galtsev

On Mon, February 1, 2016 4:23 pm, Gordon Messmer wrote:
> On 02/01/2016 01:48 PM, Valeri Galtsev wrote:
>> I just discovered that I couldn't even re-cite alphabet correctly today:
>> it is /bin that you loose, but /etc alphabetically goes after /dev, so
>> will not even loose your /etc,
> I'm pretty sure none of that is correct.  Once "rm" launches, all of the
> libraries and files that it needs are memory mapped and reference
> counted, so they're going to remain available while it removes the
> entire filesystem structure.

All true, except for: to actually write stuff permanently to hard drive
(that is modify whatever the content of hard drive is) the system needs to
access /dev/sda1 (I call from now /dev/sda1 device which "/" filesystem
lives on), and once /dev/sda1 is deleted there will be no further hard
drive write operations. There will be no way for system to access anything
under /, which will cause "rm" command to fail fataly. I will kickstart
install centos 7 in a moment and will do exactly this:

cd /

rm -rf /

(the first command is to avoid even "can not get CWD", which shouldn't
matter ;-)

So, I'll see in a moment how much I'll loose on the drive, and will it or
will it not be sufficient to rsync /boot from "twin" box, and restore /bin
symlink. Will get back with either "crap, indeed I was wrong", or "yes,
even on latest CentOS 7 system it is still so". Whatever the result is,
I'll enjoy this experiment. Thanks for giving me incentive to do it!

Incidentally, let me know if there is anything I should change in my
experiment for that to give us more definite answers that just "oh, look,
I still have /etc, /home, /usr... intact on hard drive". What specifically
should I do to learn that in a course of this command /sys was never
touched? Any ideas?


