Protect from rm /

UNIX for Advanced & Expert Users
1

We recently had an accidental delete from /. I hold the root password but others are allowed to sudo over to root to perform admin tasks. The only way I want to permit deletion from / is by physically being root (su -).

I'd like to add a line to the sudoers file which would permit all commands except rm from the / directory.

Could I use something like the following?

OPS ALL = !/usr/bin/rm / *,!/usr/bin/rm /usr *,!/usr/bin/rm /opt *

Thanks.

2

Hi,

I wrote an rm script to force all time rm -i.
This You can set as variable in .profile.
At first will asked the enviroment, so the user will asked all time.
The same You can do for mv und cp. If any file exists, the command will asked the user before overwriting.

Best regards
Dieter