Some awesome UNIX tricks. Create a file that is hard to delete.

Posted: January 12, 2016. At: 10:53 AM. This was 2 years ago. Post ID: 8656

Here is one for any experimenters out there…

It is possible to create files which simply cannot be deleted from the standard shell. To do this you will have to physically create the file using a script or a text editor, and you will have to use a sequence of control characters which cannot be typed from the shell. Try things like Ctrl-h (this is the code for the delete key). A file created with the file-name Ctrl-h would not be able to be deleted from the shell, unless you used wildcards. So, make it a nice long series of characters, so that to delete the file, the user has no choice but to individually copy all his files elsewhere, then delete everything in his directory, and then copy all his files back. This is one of my favorites… gets them every time!

The following script file is an example which will create a file with the name Ctrl-h. You MUST type this file in using the vi editor or similar. *****If you are not very good with vi, type “man vi” and print the help file…it even contains stuff that I find useful now and then.*****

type the following in vi…

echo'' > 'a^h'

***NOTE…to get the ^h (this really means ctrl-h) from VIM type:

Ctrl v
Ctrl h

The Ctrl-v instructs vi to take the next character as a ASCII character, and not to interpret it.

Change the access on the file you just created and now execute it. It will create a file which looks like it is called a, but try to delete it !. Use wildcards if you really want to delete it.

List the inode numbers of files in a directory.

Use the ls -il command to list the inode numbers of files in a directory.

[email protected]:~/Documents$ ls -il
total 20
405605 -rwxrwxr-x 1 jason jason 8920 Jan 11 15:29 a.out
405685 -rw-rw-r-- 1 jason jason  960 Jan 11 15:29 ip.c
405815 -rw-rw-r-- 1 jason jason 1279 Jan 11 15:22 my.c
405604 -rw-rw-r-- 1 jason jason    0 Jan 11 14:41 my.c~

Then use this command to delete the file by inode number.

find . -inum 405604 -exec rm -i {} \;

This is the best way to delete a file that has a strange file-name, just use the filesystem inode.

[email protected]:~/Documents$ find . -inum 405604 -exec rm -i {} \;
rm: remove regular empty file ‘./my.c~’? y

So, if someone creates a file with a strange name, it can still be easily deleted.

Like this command. This will create a file named -f.

[email protected]:~/Documents$ echo "me" > "-f"

This is evil, but not the end of the world…

[email protected]:~/Documents$ ls -iluh
total 24K
405605 -rwxrwxr-x 1 jason jason 8.8K Jan 11 15:29 a.out
406568 -rw-rw-r-- 1 jason jason    3 Jan 12 10:36 -f
405685 -rw-rw-r-- 1 jason jason  960 Jan 11 15:29 ip.c
405815 -rw-rw-r-- 1 jason jason 1.3K Jan 11 15:21 my.c

This file can still be deleted with this neat trick.

[email protected]:~/Documents$ find . -inum 406568 -exec rm -i {} \;
rm: remove regular file ‘./-f’? y

An even more evil command…

[email protected]:~/Documents$ touch "\+Xy \+\8"

This is still not a barrier. But these are good commands to know, some malicious user might use these commands on your system to create a file that you cannot delete, and it is good to know that these files can be removed easily with the right knowledge.

No comments have been made. Use this form to start the conversation :)

Leave a Reply