Posted: . At: 10:53 AM. This was 8 years ago. Post ID: 8656
Page permalink. WordPress uses cookies, or tiny pieces of information stored on your computer, to verify who you are. There are cookies for logged in users and for commenters.
These cookies expire two weeks after they are set.

Some awesome UNIX tricks. Create a file that is hard to delete.

Here is one for any experimenters out there…

It is possible to create files which simply cannot be deleted from the standard shell. To do this you will have to physically create the file using a script or a text editor, and you will have to use a sequence of control characters which cannot be typed from the shell. Try things like Ctrl-h (this is the code for the delete key). A file created with the file-name Ctrl-h would not be able to be deleted from the shell, unless you used wildcards. So, make it a nice long series of characters, so that to delete the file, the user has no choice but to individually copy all his files elsewhere, then delete everything in his directory, and then copy all his files back. This is one of my favorites… gets them every time!

The following script file is an example which will create a file with the name Ctrl-h. You MUST type this file in using the vi editor or similar. *****If you are not very good with vi, type “man vi” and print the help file…it even contains stuff that I find useful now and then.*****

type the following in vi…

echo'' > 'a^h'

***NOTE…to get the ^h (this really means ctrl-h) from VIM type:

Ctrl v
Ctrl h

The Ctrl-v instructs vi to take the next character as a ASCII character, and not to interpret it.

Change the access on the file you just created and now execute it. It will create a file which looks like it is called a, but try to delete it !. Use wildcards if you really want to delete it.

List the inode numbers of files in a directory.

Use the ls -il command to list the inode numbers of files in a directory.

jason@ubuntu:~/Documents$ ls -il
total 20
405605 -rwxrwxr-x 1 jason jason 8920 Jan 11 15:29 a.out
405685 -rw-rw-r-- 1 jason jason  960 Jan 11 15:29 ip.c
405815 -rw-rw-r-- 1 jason jason 1279 Jan 11 15:22 my.c
405604 -rw-rw-r-- 1 jason jason    0 Jan 11 14:41 my.c~

Then use this command to delete the file by inode number.

find . -inum 405604 -exec rm -i {} \;

This is the best way to delete a file that has a strange file-name, just use the filesystem inode.

jason@ubuntu:~/Documents$ find . -inum 405604 -exec rm -i {} \;
rm: remove regular empty file ‘./my.c~’? y

So, if someone creates a file with a strange name, it can still be easily deleted.

Like this command. This will create a file named -f.

jason@ubuntu:~/Documents$ echo "me" > "-f"

This is evil, but not the end of the world…

jason@ubuntu:~/Documents$ ls -iluh
total 24K
405605 -rwxrwxr-x 1 jason jason 8.8K Jan 11 15:29 a.out
406568 -rw-rw-r-- 1 jason jason    3 Jan 12 10:36 -f
405685 -rw-rw-r-- 1 jason jason  960 Jan 11 15:29 ip.c
405815 -rw-rw-r-- 1 jason jason 1.3K Jan 11 15:21 my.c

This file can still be deleted with this neat trick.

jason@ubuntu:~/Documents$ find . -inum 406568 -exec rm -i {} \;
rm: remove regular file ‘./-f’? y

An even more evil command…

jason@ubuntu:~/Documents$ touch "\+Xy \+\8"

This is still not a barrier. But these are good commands to know, some malicious user might use these commands on your system to create a file that you cannot delete, and it is good to know that these files can be removed easily with the right knowledge.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.