Warning: All the steps shown in this article are performed in a controlled environment. Please do not follow the same steps in the working environment.
"sudo rm -rf /" will not wipe out your complete system unless you do
*. Read the full article to find out.
Linux file system works differently than the windows system. Unlike Windows, which stores files and configurations inside
E: Drive, Linux stores everything inside the root (/).
What is the Root Directory (/) in Linux?
The root is the parent directory (top in the hierarchy) of all the sub directories inside the Linux system containing files related to the system drives, boot files, configurations, or user directories.
Linux and all Unix-based Operating Systems follow this architecture. You can think of it as a Windows
C: Drive containing all critical files (Users, Program Files, Windows, etc.) for the system functioning.
Removing this directory using the
rm command means permanently erasing every file inside the root directory, paralyzing your system.
The function of rm command
The rm command in the Linux system is used to remove specified files or directories from the command line.
For example, below, I’ve created a directory in my home directory to demonstrate the rm command working in Linux.
$ mkdir mydir
Now in Linux, whenever you try to delete a directory, it will prompt the target “Is a directory” as shown below.
$ rm mydir/
rm: cannot remove 'mydir/': Is a directory
Suggestion for you: What is chattr command in Linux command-line utility.
This prevents users from directly deleting any directory to avoid file loss.
To bypass this limit, use the
-rf option to forcibly remove a directory without prompting for confirmation or showing error messages, as shown below.
$ rm -rf mydir/
Executing the above command will remove the
mydir from your current location without any confirmation or error.
This directory has been created by me and can be deleted by me, but deleting the root directory (/) requires root privileges or a sudo account to prevent an unauthorized user from performing the malicious event.
What will happen if I run “sudo rm -rf /” on Linux?
What happens when you run
rm -rf with
sudo or without if you are a root user, will it delete your system files? Let’s find out by executing.
$ sudo rm -rf /
rm: it is dangerous to operate recursively on '/'
rm: use --no-preserve-root to override this failsafe
As you can see, we were prevented by the system from deleting itself.
This feature is known as the safety lock and it prevents unintentionally deleting the root directory to prevent file loss.
In the output, you can see this can be ignored using the
--no-preserve-root option, deleting your complete system intentionally for any reason, as shown below.
$ sudo rm -rf / --no-preserve-root
Below is the result of the above command.
As you can see, once the command is executed, all the files and directories inside the root directory will start deleting, and icons within the dock will begin disappearing, crashing your complete system.
Suggestion for you: What is sticky bit permission, and how to use it
Some files might not be deleted due to the system process’s use, but your system is still unusable.
How to recover the root directory after deleting using “sudo rm -rf /” command?
This cannot be undone unless your system uses a btrfs file system or any other application for taking snapshots of your operating system.
If you have any queries, feel free to post them in the comment section.
Innovative tech mind with 12 years of experience working as a computer programmer, web developer, and security researcher. Capable of working with a variety of technology and software solutions, and managing databases.