By this time, those who have already been introduced to unix/linux command line would have guessed what this post is about. Well, if you aren’t aware of this, Unix allows you to get things done with its command line and the command here sudo rm -rf / is a dangerous one. I don’t recommend you to run this on a working machine.

Breaking down the command

  • sudo - gives the command Administrator privileges. Required to make some serious damage
  • rm - the program to delete files. remove as rm
  • -rf - -r and -f options combined
    • -r stands for recursive. Go inside all directories recursively and delete all files
    • -f stands for force. Don’t think about important or write-protected files, delete all of them.
  • / - which file to delete ( / stands for home directory which is the root of the entire filesystem )
    As a whole, the command means to delete each and every file present in the partition where the OS is installed including the OS itself. Deadly af, right?

Preparing the lab

I had no idea of trying out this command until a senior gave a view of trying it in a Virtual machine or Docker. Docker is a platform for building and shipping softwares where your software runs inside a container. Causes no harm to the host operating system. If something goes wrong, delete the container and start fresh. Learn more about docker here.
I had docker already installed and I pulled the ubuntu image from docker repository.

Intuition

I thought of the following would happen
The command immediately would start deleting all the files including the kernel.
How it can stop
1.The command stops once it deletes itself ( the rm program )
2.The command crashes once it deletes the kernel code that it relies on.
3.After this, the system may or may not be able to boot depending on the order the files were deleted. As the files needed to boot may not be deleted before it crashed.

Killing with kindness

All set up and nothing stopped me from trying this bad guy. I didn’t use sudo as I was administrator.

rm -rf /

An unexpected thing happened and this rm actually has a failsafe. It knows i’m running it recursively on root directory and it gonna wipe out entire system. The options -rf are already a failsafe for preventing from accidental deletion of directories or important files.
Unlike shown in memes and posts, the command is rm -rf --no-preserve-root / and not sudo rm -rf /. I add --no-preserve-root option and tried again.

no-preserve-root

It quickly stopped and printed lots and lots of messages stating can’t remove as it’s mounted read-only. Pity me, I forgot the thing that kernel will be mounted read-only for preventing other programs from modifying it.

rm -rf /

It deleted files in the bin and so most of the commands didn’t work. But nothing I expected happened as the kernel is mounted as read-only.

Conclusion

The kernel was untouched and most of the system programs ( including /bin/bash ) were deleted making the system unusable.

Highlights

The command is rm -rf --no-preserve-root / and not sudo rm -rf /.
The system will be able to boot, but nothing useful you could do.