--- layout: post title: "How to rickroll people that try to run \"rm -rf\" on your system" date: 2016-07-28 16:00:00 +0200 categories: linux --- WARNING: The method showed here could not prevent the actual execution of "rm -rf" if the "UNIX vandal" is clever enough. Proceed at your own risk, and make backups! I like Rick Astley late 80's songs, and you can see them here in my Spotify: ![dQw4w9WgXcQ](https://dl.dropboxusercontent.com/s/t9vywa4yjotxv0o/Screenshot_20160728_154506.png?dl=0) I like rickrolling people myself too, especially if they're trying to delete my entire `/home` directory or, even worse, `/`. Since I learned how to use the `alias` built-in, I wanted a way to prevent that random people tinkering with my laptop (that I may forgot to lock) could delete potentially important stuff, just for fun or boredom. The method that I'll show will lock any `rm` command runned in both recursive and force mode, so `rm -rf`, `rm -f -r` and `rm -r --force` are all blocked, even if they are launched by `sudo`. I'm going to alias the rm command in `/etc/profile` `/etc/bash.bashrc` and in `/etc/zsh/zshrc` (I'm a zsh user) so that the rickroll will be possible from all users, even root and the ones with a brand new `bashrc` or `zshrc`. Here is the code I appended to those files: {% highlight bash %} alias rm=/bin/rmAlias alias sudo='sudo ' # this enables aliases in sudo, see http://askubuntu.com/questions/22037/aliases-not-available-when-using-sudo {% endhighlight %} Since `alias` is not able to control the flags of the aliases (see [here](http://apple.stackexchange.com/questions/50963/how-do-i-add-a-flag-to-an-alias)), we're going to redirect each call of `rm` to `/bin/rmAlias`, that would run the command if it's safe. I didn't use a function because it's a bit tricky to make that work with `sudo`. So, let's see the code I put in `rmAlias`: {% highlight bash %} #! /bin/bash # Rickroll whoever tries to desert this system, even root. # To achieve this, set the appropriate aliases even in /etc/profile and similars. # Video played when rickrolling ROLLVIDEO=/opt/anti-rm/serious-video.mkv # it's just Never Gonna Give You Up on my system, but be free to customize this! rickroll(){ echo "Never gonna desert this system..." xdg-open $ROLLVIDEO 2>&1 & exit 0 } while getopts ":rf-" opt; do # Prevent '--force' to be detected as -r and -f if [ "$opt" = "-" ]; then OPTIND=$OPTIND+1 continue fi if [ "$opt" = "r" ] || [ "$opt" = "f" ]; then if [ "$tmp" = "" ]; then tmp=$opt continue elif [ "$tmp" != "$opt" ]; then rickroll fi fi done for var in "$@" do if [[ "$var" = "--force" && "$tmp" = "r" ]]; then rickroll fi done # If it's safe, just run rm /bin/rm "$@" exit $? {% endhighlight %} It may look messy to a UNIX guy more experienced than me, but it works. The `getopts` built-in sees if both the `-r` and the `-f` flags are used and, if so, it starts `rickroll()`, which opens with `xdg-open` that amazing clip from RickAstleyVEVO. From line 30 and below, the script checks if the `--force` flag is used instead of `-f`. Give execute permissions to the script we've just created: {% highlight bash %} # chmod +x /bin/rmAlias {% endhighlight %} Restart your shell, and enjoy. If you want to test safely, I suggest trying to run `rm -rf` with no folders or one nonexistant, since this script stop even these commands. If you want even more security, you can rename this script to `/bin/rm` and move the original one in some other place, getting rid of all the aliases. I prefer the solution above because it's tidier: you haven't to move anything. In fact, this could be just an AUR package...