How to use sudo rm -rf safely

Last Updated 2022-11-19

[.inline-code]sudo rm -rf[.inline-code] is a highly destructive action. Typically, the meaning of [.inline-code]sudo rm-rf[.inline-code] is that you are force-deleting all directories and files as a superuser. We are going to break down this command and understand what each step does. Understanding its components can help you create a safer, simpler command - or make sure you only run it in the most controlled environments.

[#sudo-rm-usage][.inline-code]sudo[.inline-code] and [.inline-code]rm[.inline-code] usage[#sudo-rm-usage]

The first part of the command is [.inline-code]sudo[.inline-code], [.inline-code]sudo[.inline-code] allows us to execute a command as another user. By default [.inline-code]sudo[.inline-code] will run anything after [.inline-code]sudo[.inline-code] as the [.inline-code]root[.inline-code] super user. Running as the root user means that this command can pretty much do anything as it has access to all files on the file system. 

The second part of the command is [.inline-code]rm[.inline-code]. [.inline-code]rm[.inline-code] is used to delete files and directories on the file system. How does [.inline-code]rm[.inline-code] work? Let’s look at an example:

 $ touch test.txt
 $ rm test1.txt
 $ mkdir test
 $ rm test
 rm: hello: is a directory

As we can see, we can successfully delete files, but we cannot use the plain [.inline-code]rm[.inline-code] command to delete directories. Let’s see how we can delete directories using the [.inline-code]rm[.inline-code] command.

 $ rm -r test
 $ ls
 # test directory should be deleted

Above, we show that we can delete directories by passing the [.inline-code]-r[.inline-code] flag.

Let’s have a look at an example of what using the [.inline-code]-f[.inline-code] flag means.

 # change to root user
 $ sudo su -
 $ touch cannotdelete.txt
 # check it’s owned by root
 $ ls -al cannotdelete.txt
 -rw-r--r--    1 root       root        0 12 Nov 21:43 cannotdelete.txt
 # switch to normal user
 $ exit 
 $ rm cannotdelete.txt 
 override rw-r--r-- root/root for cannotdelete.txt?
 $ rm -f cannotdelete.txt
 # file is deleted without confirmation

[.inline-code]-f[.inline-code] is the force flag, it attempts to remove files without any prompt regardless of permissions.

[#deleting-mult-files-and-directories]Deleting multiple files and directories[#deleting-mult-files-and-directories]

 # delete multiple files
 $ touch test1.txt test2.txt test3.txt

 # delete only txt files using glob wildcard, *.txt resolves to all files ending with .txt
 $ rm *.txt

 # delete files and directories
 $ touch test1.txt test2.txt test3.txt 
 $ mkdir test1 test2 test3
 $ rm -rf *

 # delete only files in directory
 $ mkdir test1 

 # don’t want any prompts
 $ sudo rm -rf test1/*

 # delete the directory
 $ rm -r test1

The examples above illustrate when we should use [.inline-code]-r[.inline-code] and when we should use [.inline-code]-f[.inline-code]. Essentially, [.inline-code]-rf[.inline-code] is us saying “I don’t care if it’s files or directories; just delete it”. 

[#be-careful]Be Careful With its Usage[#be-careful]

So when does it turn destructive? When using [.inline-code]rm[.inline-code], the feedback from the terminal is minimal when a file is deleted. It is very easy to delete files, meaning you can end up deleting important files by mistake.

Here’s an example of a particularly scary command:

 $ sudo rm -rf /

 # This is just as bad
 $ sudo rm -rf /*

On Unix systems, the operating system is on the [.inline-code]/[.inline-code] path. If someone runs the above command, [.inline-code]rm[.inline-code] will attempt to delete ALL files and directories under the root of your filesystem. Since [.inline-code]sudo[.inline-code] has been passed, the command is run as the superuser, typically [.inline-code]root[.inline-code]. This means that all your system files, applications and binaries will be deleted without any prompts, silently. The only way to recover is to restore from a backup or snapshot. Be extra wary and make sure to avoid using [.inline-code]sudo rm -rf[.inline-code] within any scripts or automation - especially when the path argument is parameterized.