It happens to all of us, today it happened to me. Conveniently on a production system. Instead of
rm -Rf ./* I typed
rm -Rf /*, and lots of stuff was gone.
Note that this will only help you if you’ve noticed that something is wrong before the command wiped your entire system and canceled it. I’m not sure where exactly the point of no return is, but I expect it to be at
Also, for this to work, you’ll need a backup of your system, preferably in a place you can make accessible from the web.
In my case, I had deleted everything up to and including
/etc/, which of course caused my SSHd do not accept connections anymore, so do not close your SSH session. What I did to restore the system was based on the fact that I still hat
/usr/bin, where lots of nice tools reside.
Namely, I used the following tools:
whichto check if you’re screwed or not
echowhich is part of bash
tarwhich I had to restore too
Step 1 - Check if you’re screwed
wget. If any of those commands doesn’t work, you’ll have to find another way to save your system.
Step 2 - Recover
First of all, we need to create the necessary directories, but we don’t have
mkdir, so we’ll need to use
perl (or something similar):
$ echo "mkdir '/bin', 0777;" | perl
This will create your
/bin directory. The unrestrictive permissions are probably unnecessary, but you can change them later when you have full control again.
Now you need to get to your backup system and find the
tar executable, and execute (assuming that you are inside the directory where the executable is located):
$ cat ./tar | base64 yv66vgAAAAIBAAAHgAAAAwAAEAAAAE5QAAAADAAAAAcAAAADAABgAAAATfAAAAAMAAAAAA...
Copy the output from that command to the shell of your broken system, like this:
$ echo -n "