rm

Why doesn’t 'rm -rf / --no-preserve-root' delete itself and crash?


rm -rf / --no-preserve-root

This command will remove everything in my disk. But if it removes everything (including the OS), how can the kernel and current processes keep running?


Solution

  • First, it is not clear that it would succeed in removing everything from the your file system. (And certainly, most of the data will still be on disk, and you could get it back if you could run a file recovery tool over the disk / disk image.)

    But the reason things still work is that the rm command is actually using a syscall called unlink to remove files. That syscall will only actually delete a file if the following are true:

    1. There are no other (hard) links to the file in the file system.
    2. Nothing is using it. In this context, "using it" could be reading / writing via a file descriptor ... or executing it.

    When you run rm like that, it won't actually be able to physically delete the OS kernel, the rm executable, the executable for your shell and various system daemons, and many other things that are "in use". Many of these files would be deleted if you were able to cleanly shut down the OS ... but that won't be possible because you have deleted all of the shutdown scripts.

    But it is highly likely that you will end up with a system that won't boot properly any more.