[CentOS] Giving full administrator privileges through sudo on production systems

Thu Aug 29 16:05:26 UTC 2019
Valeri Galtsev <galtsev at kicp.uchicago.edu>

On 2019-08-29 10:53, Jonathan Billings wrote:
> On Thu, Aug 29, 2019 at 10:25:50AM -0500, Valeri Galtsev wrote:
>> root at point:/home/valeri # cd
>> root at point:~ # whoami
>> root
>> root at point:~ # rm -rf /
>> rm: "/" may not be removed
>> Somebody is really clever in this World ;-) Well, FreeBSD folks made my day
>> (again!). Note, that that I did on my live workstation (yes, I did test it
>> on throw-away system first ;-) - so I can copy and paste what I got to this
>> email.
> GNU coreutils also has that feature, you can't run 'rm -rf /' there
> either, you need to run it with --no-preserve-root.  This was added to
> Coreutils in 2003.  Be careful in FreeBSD, if you have POSIXLY_CORRECT
> defined, it will let you rm -rf /.

Yes, I know... and I'm far from "admiring foolproofness" of which there 
is none... as [on FreeBSD]

rm -rf /*

does remove everything but "immutable" files, directories,... You can 
not make anything fool proof (unless it is android that is actually not 
owned by that fool no matter that the fool thinks it does ;-)


Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247