• Clint (unregistered)

    Sadly I've done this exact same thing before... on our production server. luckily for me, I had a data source mounted as /data which was read-only. So when I saw hundreds of 'cannot delete' messages scroll past, and realise something was wrong, I'd only lost the /bin directory. Which was rather easy to recover (relatively speaking).

    Normally when I run that script I do other things and wouldn't have noticed all the error messages scrolling by, but this particular time I was reading a book and could see the screen.

  • Duke of New York (unregistered)

    Hey look at all these files in /lib, I bet I could free up some space by deleting them OH SHI

  • Crusty (unregistered)

    Had a manager on an old AOS/VS box do the delete from root. Had deleted most of the system software by the time he ^C'd out of it. Fortunately the box had an enormous amount of memory in it...40mb...so the OS didn't need to page in anything at that time. So I go to the tapes & restore the sw.

    System worked fine, no production lost. I bounced it at EOD 'cause I didn't want to tempt the fates.

    I imagine today's *xix/linux machines can do the same w/ a lot of memory on hand. Don't know about windows.

    cr

  • Curious George (unregistered) in reply to DLJessup
    DLJessup:
    Dave Carrigan:
    The first rule of shell scripting is set -u

    The second rule of shell scripting is rewrite it in a non-write-only scripting language, such as Python or Ruby.

    FTFY

    I guess it's been a long day. What does "a non-write-only scripting language" mean?

  • Gruntled Postal Worker (unregistered)

    A long time ago I worked with number crunching software in a lab. One of the scripts that glued some of these applications together had the annoying habit of spewing out huge files named '*' (without the quotes) in the directory containing the resulting number crunching data. After a simulation had finished, after several weeks of crunching numbers, a hasty attempt to free up some dist quota by removing this file once freed up a whole lot more space than intended.

  • Jim (unregistered)

    Oups, it's look like this comment has been deleted

  • Anonymous Lurker (unregistered) in reply to Curious George

    http://en.wikipedia.org/wiki/Write-only_language

  • Anonymous Lurker again (unregistered) in reply to Curious George
    Curious George:
    DLJessup:
    Dave Carrigan:
    The first rule of shell scripting is set -u

    The second rule of shell scripting is rewrite it in a non-write-only scripting language, such as Python or Ruby.

    FTFY

    I guess it's been a long day. What does "a non-write-only scripting language" mean?

    http://en.wikipedia.org/wiki/Write-only_language

  • (cs) in reply to Matt
    Matt:
    I could go on and on. But Jakob Nielson has already beat this dead horse deader. If you're a programmer and you've never heard of him or at least Donald Norman, you've got some work to do.
    I can't take a man very seriously who put an enormous photograph on-line showing him having more nose hair than the average feline. Although he seems to have removed it now; Google doesn't bring it up.

    Also great entertainment is mounting /usr on Solaris on a different file system. Hours of fun. Or have they fixed that by now?

  • Curious George (unregistered) in reply to Anonymous Lurker again
    Anonymous Lurker again:
    Curious George:
    DLJessup:
    Dave Carrigan:
    The first rule of shell scripting is set -u

    The second rule of shell scripting is rewrite it in a non-write-only scripting language, such as Python or Ruby.

    FTFY

    I guess it's been a long day. What does "a non-write-only scripting language" mean?

    http://en.wikipedia.org/wiki/Write-only_language

    Ah, thank you. Experienced it, didn't know there was a name for it :)

    On a related note, I always thought that awk & sed pattern matching & manipulation came closest to line noise.

  • Sparky (unregistered)

    Everyone who's see Wargames knows what DEFCON 1 means...

    and how to hack into NORAD with an acoustic coupler

  • Matt (unregistered)

    The funniest part is when you click the link the first page in google is this post.

  • (cs) in reply to pjt33
    pjt33:
    What's an explitive?

    It's a type of Poem. Obviously the Muse had inspired Jerry at the time...

  • Old timer (unregistered) in reply to Duke of New York
    Duke of New York:
    Hey look at all these files in /lib, I bet I could free up some space by deleting them OH SHI

    Back in the earlier days of VMS, due to it's heritage and for backwards compatibility reasons it had multiple directories at the MFD (i.e., root) level of the system disk that were synonym entries (i.e., links).

    Disk space was a real premium back then, and we had a manager who had BYPASS (i.e., root/administrator) privileges on a system his dept. owned (I know, that's a HUGE mistake and I never allowed it after witnessing this).

    Anyway, he was poking in places he shouldn't and noticed that the system disk directories [SYSEXE] and [001004] (IIRC) had the exact same files in them. So, he happily started deleting what he thought were duplicates, proud of himself for freeing up so much disk space.

    On the live system. During the day. With 30-40 people trying to use it.

    Luckily, the system manager at the time had done regular backups. With a cheap backup software (i.e. not the OS-supplied one). Which saved money by using fewer tapes.

    It used fewer tapes because it didn't record all those XOR redundancy records that the VMS OS engineers had found necessary to add to their OS-supplied backup utility.

    And the tapes that these depts. used were the cast-offs from the mainframe operators because they were too old and unreliable.

    I was very fortunate that, being only 1 year out of college, they hadn't found some way to blame it all on me.

  • (cs) in reply to Frank
    Frank:
    pjt33:
    What's an explitive?

    Yes, let's all be pricks about spelling.

    The best thing about noting spelling errors here is that it pisses off the illiterate morons who can neither spell nor resist the urge to call those who can "Spelling Nazis" or "pricks".

    Such fools can't be good programmers: compilers are much more fastidious about spelling than I.

  • fmtaylor (unregistered)

    in the root directory, and any other critical directories "touch -i"

  • gob bluth (unregistered) in reply to Numeromancer
    Numeromancer:
    Frank:
    pjt33:
    What's an explitive?

    Yes, let's all be pricks about spelling.

    The best thing about noting spelling errors here is that it pisses off the illiterate morons who can neither spell nor resist the urge to call those who can "Spelling Nazis" or "pricks".

    Such fools can't be good programmers: compilers are much more fastidious about spelling than I.

    You must be a joy to work with.

  • Patrick (unregistered)

    That's Murphy's law right there. "rm -rf $var1/$var2" just screams to me that at some point, both $var1 and $var2 will both be set to "" and disaster strikes. Someone should have seen that coming.

    Don't try this, but I'm pretty sure Ubuntu will at least require you to type "Yes, Do As I Say" (case sensitive) after an rm -rf /

  • (cs)
    Jasper:
    Bosluis:
    What does SNAFU'd stand for?
    Here you go.

    This page is, ironically, now the number 1 hit on google for that query.

  • Anonymous (unregistered) in reply to evilspoons

    That’s not irony.

  • Jay (unregistered) in reply to TheRider
    TheRider:
    I personally prefer a spelling checker to a spell checker, in view of the fact that I don't have many spells at my disposal, but frequent problems with my spelling...

    I thought a spell checker was an enchanted draught that you place near your keyboard to magically correct typographical errors.

  • Tim Pierce (unregistered) in reply to Joey Stink Eye Smiles

    My sentiments exactly.

  • Reed Hedges (unregistered) in reply to xtremezone

    This is easy to do if you use "set -e":

    test -z "$var1" test -z "$var2"

    And also particularly useful to stick at the beginning of the commands in a make rule that's going to use those variables later on.

    ("set -u" is great advice though, I didn't know about that!)

  • Reed Hedges (unregistered) in reply to Reed Hedges

    (And also particularly useful to stick at the beginning of the commands in a make rule that's going to use those variables later on. "

    In the form: test -z "$$var1" of course)

  • mark mark marklar... (unregistered) in reply to Jay
    Jay:
    EFH:
    [...] I enjoy a good story as much as the next guy, and I like the $var1/$var2 "hook", but I'm thinking this story was invented to go with the hook after somebody thought it up.

    Yes, I just can't believe that any programmer in the history of the world has ever logged in as root rather than take the trouble to get all the permissions set so he could do what he needed to do as an ordinary user. Someone taking a short cut because doing it the right way would be too much trouble? That's just unbelievable.

    Why, next they'll be trying to tell us that employees sometimes call in sick when really they just don't feel like coming to work today, or that there are politicians who don't live up to their campaign promises.

    Yeah, except this sort of cognitive dissonance happens an awful lot in the comments when it's a Mark Bowytz special...

    wee:
    sshing into your own machine is retarded, and I'm not buying it.
    wee:
    Wait a sec.... if the script is ssh'ing into each machine, why is NFS a factor? If it can remotely access files through NFS, why the need to ssh at all? If it can ssh, why bother with NFS?

    Something is fishy.

    Indeed.

    obediah:
    Kudos for bloating a 30 year old one liner into a 800 word snoozefest!

    Maybe tomorrow we can get a 50,000 word set up for "to get to the other side".

    "Joo sed it, man!" Nobody fucks with the Jesus!

    [image]
    zcl:
    Yes ,your article is very good, we have the same belief with you,so let me introduce the area to you.
    Thanks, Juicy! swamp, swamp SWAMP!!!
  • That's not a moon... (unregistered) in reply to Anonymous
    Anonymous:
    That’s not irony.
    QFW!!!
  • hmm (unregistered)

    Somewhat ironically the top goolge hit is for this page

  • capio (unregistered) in reply to evilspoons
    evilspoons:
    Jasper:
    Bosluis:
    What does SNAFU'd stand for?
    Here you go.

    This page is, ironically, now the number 1 hit on google for that query.

    Apparently no one else is stupid enough to try to use it as a verb.

  • Tzafrir Cohen (unregistered)

    'set -u' (err on an unset variable) doesn't sounds like a good idea if you want to allow a variable to be initialized "by the caller". e.g. '. conf.sh'

    IIRC it used to be the default in csh on my old Solaris account at the university, and I recall it causing random login script errors for me.

  • ClaudeSuck.de (unregistered) in reply to akatherder
    akatherder:
    Ken B:
    Someone You Know:
    Congratulations on not getting the DEFCON system backwards!

    Every time I hear someone describe an emergency as "DEFCON 5" I have this urge to slap them with a nuclear warhead.

    Well, if someone tells you that the current emergency is "DEFCON 5", simply treat is as such and go back to sleep.

    We're at DEFCON-6 here people! Go grab a beer and take a nap.

    Here we go until DEFCON 65535 for finer granularity of incident impact

  • Gilbert (unregistered) in reply to Pedantic
    var1='/ ;df -lh'
    var2=';echo "SNAFU"'
    

    You missed the real checks :)

  • me of course (unregistered) in reply to Gilbert

    If the guy was less than two weeks from being done there anyway, just tell them to F off and leave on the spot. I would take a little hit in my finances rather than deal with the BS.

  • Derek Bodner (unregistered) in reply to Stuart

    "One of the cool features of Solaris 10 is that "rm -rf /" refuses to work. The Sun guys said they knew people don't type this deliberately, but often scripts intend to do "rm -rf $var1/$var2" and forget to set var1 and var2. "

    the latest versions of gnu core-utils prevents that as well. It would have to be rm -rf /* (or run it with --no-preserve-root, as preserve-root is now the default).

  • Shinobu (unregistered)

    Whoever keyed in the rm -rf $var1/$var2 should be thrown in jail. Seriously, it's like an architect deciding not to include a central column or something in an apartment complex causing it to collapse. Except of course that a building collapse would probably cause loss of life, I get that. But still, I think there should be higher professional standards for programmers.

  • Anonymous (unregistered) in reply to Zapp Brannigan

    This sure is taking a long time to execu

  • Björn (unregistered) in reply to realmerlyn

    The real wtf source of these problems is the bourne shell itself. Both problems can be easily be avoided by using set -eu. 'e' for exit on error in the cd case, and 'u' to exit on undefined variables.

  • Anone (unregistered) in reply to Stir
    Stir:
    Try the other side of your bed tomorrow.

    Are there really that many people that don't have one of the working sides of their bed up against a wall?

  • Anonymous (unregistered) in reply to Anone
    Anone:
    Stir:
    Try the other side of your bed tomorrow.

    Are there really that many people that don't have one of the working sides of their bed up against a wall?

    I think there are, yes. If both sides of the bed were against the wall then how the hell would our wives get up in the morning?

  • Jerry (unregistered) in reply to snoofle

    The story was paraphrased and some creative license was taken. That is, it is not exactly as I submitted it but all the major points are there and correct.

    There was almost no comments in the script and the two variables which needed to be set were buried deep in the script. There was absolutely no checking that variables or command line inputs there provided/defined or correct.

  • Jerry (unregistered) in reply to campkev
    campkev:
    amischiefr:
    Wow, now THAT would be a great parting gift: remove all data from the entire company. How many of you out there wouldn't mind doing that as YOUR parting gift?

    Actually, I would mind. And, I would like to personally beat the crap out of anyone who has ever intentionally done this when leaving a job.

    I left the company on good terms. I still talk to many of the staff there. I felt horrible that I was leaving them in this state. They were very dependent on the shell script and my only advice was to stop using it.

  • Jerry (unregistered) in reply to Stuart
    Stuart:
    This isn't the first company this has happened to; it must have happened at some of Sun's customers, because they built in anti-rm-rf/ protection in the OS.

    One of the cool features of Solaris 10 is that "rm -rf /" refuses to work. The Sun guys said they knew people don't type this deliberately, but often scripts intend to do "rm -rf $var1/$var2" and forget to set var1 and var2.

    Oddly enough, the IT staff had aliased rm to use rm -i but the creator of the script changed it to /bin/rm -rf to get around that. I'm sure he would have figured a way around the features of Solaris 10 as well.

  • Jerry (unregistered) in reply to EFH
    EFH:
    Y'know, being root on one machine doesn't give you any special access to an drive NFS mounted from another machine. And I can't imagine why the script would become root to do the cleanup. I enjoy a good story as much as the next guy, and I like the $var1/$var2 "hook", but I'm thinking this story was invented to go with the hook after somebody thought it up.

    Network was set up so if you 'sudo su -' you were root EVERYWHERE. This story was not invented. The code was created by an employee who left the company approximately a year before the incident. His 'manager' was a pointy haired type. The code created pretty HTML tables so the manager was happy. My employees used the code and understood how to use it without any knowledge of what it could do. I, stupidly, assumed it had been code reviewed (nope) and had at least the most basic of safe guards. The ability to 'sudo su -' (sudo anything really) was there so we could do maintenance in the system. It was NEVER meant to be used in a script.

    The script became root to do the clean up because the original developer was under pressure to get it working and keep it working. With insufficient time he did what 'worked for now'. I don't know if he every planned on coming back and cleaning it up.

    After the incident, I was asked to explain why it happened (it was suspected sabotage). The manager responsible for the mess had a copy of the scripts so I did a code review. Within seconds of walking the code I found the cleanup.sh with a sudo to root and the /bin/rm -rf $var1/$var2 (it literally was $var1 and $var2). I almost had a heartattack. The person who wrote this was a senior developer with extensive UNIX IT experience.

    I did a find . -name "*" -type f -exec grep 'rm -rf' {} ; and found over a dozen pieces of code that did this.

  • Jerry (unregistered) in reply to wee
    wee:
    Someone doesn't use unix very much.

    First off, nobody calls it "a Bourne shell script". Just call it a shell script, or maybe even a bash script.

    Actually a bash script is not a Bourne shell script. There are things you can do in bash that you cannot do in the original Bourne shell. At the site in question there were scripts written to take advantage of the features of bash. If the script was written to work on the subset of features available on ALL Bourne shells (HP-UX, Solaris, AIX, Xenix, etc.) we called it a Bourne shell. It was just a convention used at that particular shop.

    That's not a flaw in sudo, it's a feature. The flaw is when they set up sudo access, they added a line like "luser ALL = NOPASSWD: ALL", which is braindead beyond belief.

    Agreed. But when management fires/demotes people who cannot do the impossible, you cut corners like this and hope you are gone before the sh!t hits the fan. I missed by 2 weeks.

    A "system set up with NFS" doesn't grant access to the entire network. The people who set up those NFS exports were morons, because they would have had to export / in read-write mode on every single machine affected, with the no_root_squash option no less. Which is braindead beyond belief. In other words, the admins are fucking morons, and they are responsible -- not NFS -- for allowing a remote process to delete the root directory on every server.

    See above.

    Anyone who writes a script that executes "rm -rf $var1/$var2" and fails to check the values of $var1 and $var2 should be fired instantly and never allowed nea ra computer again. His manager should be fired for not requiring code reviews.

    Manager got promoted for getting script written on time and under budget. Employee who wrote the script left to be QA Manager at another company (let's call it Company X). Bizarre thing is my current company's server was down for 2 hours before we get a call from a customer letting us know. The software used to monitor the state of our server and email us if there was trouble was written by Company X.

    sshing into your own machine is retarded, and I'm not buying it.

    If you don't verify your backup plan, you get exactly what you deserve.

    IT manage submitted what was required to properly back up everything. Management told him, "here is your budget (1/10 the money/time needed for a bad backup plan), try again."

  • Jerry (unregistered) in reply to Jamison
    Jamison:
    dpm:
    EFH:
    Y'know, being root on one machine doesn't give you any special access to an drive NFS mounted from another machine.
    But it does get you potential access, which is often enough.
    And I can't imagine why the script would become root to do the cleanup.
    Your imagination needs a great deal more experience, because it clearly has none.
    I enjoy a good story as much as the next guy, and I like the $var1/$var2 "hook", but I'm thinking this story was invented to go with the hook after somebody thought it up.
    Holy good night, why would he have to invent it, it happens frequently. Even if you don't know of the famous incidents --- this one comes to mind http://groups.google.com/group/comp.unix.admin/browse_thread/thread/f1834a4fa74980d4/af2749af87216d18 (many good stories worth reading, but search for "Have you ever" to see the one I'm thinking of) --- and why on earth would you think people don't make stupid mistakes in shell scripts?
    Because they don't. It's not possible. I refuse to believe.
    I don't blame you. I couldn't believe it until I experienced it.
  • Anone (unregistered) in reply to Anonymous
    Anonymous:
    Anone:
    Stir:
    Try the other side of your bed tomorrow.

    Are there really that many people that don't have one of the working sides of their bed up against a wall?

    I think there are, yes. If both sides of the bed were against the wall then how the hell would our wives get up in the morning?

    I had neglected to consider double beds, sure. But then only one side of the bed is available to you in the first place otherwise you'll trample the one you're sharing it with. Even assuming they've already left, you're then both using the one side of the bed, and it can consequently be put up against a wall and not take up valuable room in the middle of the room.

Leave a comment on “Bourne Into Oblivion”

Log In or post as a guest

Replying to comment #:

« Return to Article