WARNING: The method showed here could not prevent the actual execution of "rm -rf" if the "UNIX vandal" is clever enough. Proceed at your own risk, and make backups!

I like Rick Astley late 80's songs, and you can see them here in my Spotify:

My Spotify with a bunch of Rick Astley songs

I like rickrolling people too, especially if they are trying to delete my entire /home directory or, even worse, /. Since I learned how to use the alias built-in, I wanted a way to prevent that random people tinkering with my laptop (that I may forgot to lock) could delete potentially important stuff, just for fun or boredom.

The method that I will show will lock any rm command runned in both recursive and force mode, so rm -rf, rm -f -r and rm -r --force are all blocked, even if they are runned with sudo. I am going to alias the rm command in /etc/profile, /etc/bash.bashrc and in /etc/zsh/zshrc (I am a zsh user) so that the rickroll will be possible from all users, even root and the ones with a brand new .bashrc or .zshrc. Here is the code I appended to those files: 

alias rm=/bin/rmAlias
alias sudo='sudo ' # this enables aliases in sudo, see http://askubuntu.com/questions/22037/aliases-not-available-when-using-sudo

Since alias is not able to control the flags of the aliases (see here, we are going to redirect each call of rm to /bin/rmAlias, that would run the command if it is safe. I did not use a function because it is a bit tricky to make that work with sudo. So, let's see the code I put in rmAlias: 

#! /bin/bash
# Rickroll whoever tries to desert this system, even root.
# To achieve this, set the appropriate aliases even in /etc/profile and similars.

# Video played when rickrolling
ROLLVIDEO=/opt/anti-rm/serious-video.mkv # it's just Never Gonna Give You Up on my system, but be free to customize this!

rickroll(){
  echo "Never gonna desert this system..."
  xdg-open $ROLLVIDEO 2>&1 &
  exit 0
}

while getopts ":rf-" opt; do
  # Prevent '--force' to be detected as -r and -f
  if [ "$opt" = "-" ]; then
    OPTIND=$OPTIND+1
    continue
  fi
  if [ "$opt" = "r" ] || [ "$opt" = "f" ]; then
    if [ "$tmp" = "" ]; then
      tmp=$opt
      continue
    elif [ "$tmp" != "$opt" ]; then
      rickroll
    fi
  fi
done

for var in "$@"
do
  if [[ "$var" = "--force" && "$tmp" = "r" ]]; then
    rickroll
  fi
done

# If it's safe, just run rm
/bin/rm "$@"
exit $?

It may look messy to a UNIX guy more experienced than me, but it works. The getopts built-in sees if both the -r and the -f flags are used and, if so, it starts rickroll(), which opens with xdg-open that amazing clip from RickAstleyVEVO. From line 30 and below, the script checks if the --force flag is used instead of -f.

Let's give execution permissions to the script we have just created: 

# chmod +x /bin/rmAlias

Restart your shell, and enjoy. If you want to test safely, I suggest trying to run rm -rf with no folders or a nonexistant one, since this script stops even these commands.

If you want even more security, you can rename this script to /bin/rm and move the original one in some other place, getting rid of all the aliases. I prefer the solution above because it's tidier: you haven't to move anything. In fact, this could be just an AUR package...