2006-09-03 03:28:32 +04:00
|
|
|
.\" $NetBSD: rm.1,v 1.24 2006/09/02 23:28:32 wiz Exp $
|
1995-03-21 12:01:59 +03:00
|
|
|
.\"
|
2003-02-12 22:27:22 +03:00
|
|
|
.\" Copyright (c) 1990, 1993, 1994, 2003
|
1994-09-20 04:37:13 +04:00
|
|
|
.\" The Regents of the University of California. All rights reserved.
|
1993-03-21 12:45:37 +03:00
|
|
|
.\"
|
|
|
|
.\" This code is derived from software contributed to Berkeley by
|
|
|
|
.\" the Institute of Electrical and Electronics Engineers, Inc.
|
|
|
|
.\"
|
|
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
|
|
.\" modification, are permitted provided that the following conditions
|
|
|
|
.\" are met:
|
|
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
|
|
.\" documentation and/or other materials provided with the distribution.
|
2003-08-07 13:05:01 +04:00
|
|
|
.\" 3. Neither the name of the University nor the names of its contributors
|
1993-03-21 12:45:37 +03:00
|
|
|
.\" may be used to endorse or promote products derived from this software
|
|
|
|
.\" without specific prior written permission.
|
|
|
|
.\"
|
|
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
|
|
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
.\" SUCH DAMAGE.
|
|
|
|
.\"
|
1995-03-21 12:01:59 +03:00
|
|
|
.\" @(#)rm.1 8.5 (Berkeley) 12/5/94
|
1993-03-22 11:04:00 +03:00
|
|
|
.\"
|
2006-09-03 03:28:32 +04:00
|
|
|
.Dd August 25, 2006
|
1993-03-21 12:45:37 +03:00
|
|
|
.Dt RM 1
|
|
|
|
.Os
|
|
|
|
.Sh NAME
|
|
|
|
.Nm rm
|
1994-09-20 04:37:13 +04:00
|
|
|
.Nd remove directory entries
|
1993-03-21 12:45:37 +03:00
|
|
|
.Sh SYNOPSIS
|
1997-10-20 12:50:59 +04:00
|
|
|
.Nm
|
1993-03-21 12:45:37 +03:00
|
|
|
.Op Fl f | Fl i
|
2003-02-12 22:27:22 +03:00
|
|
|
.Op Fl dPRrvW
|
2002-05-02 17:14:23 +04:00
|
|
|
.Ar
|
1993-03-21 12:45:37 +03:00
|
|
|
.Sh DESCRIPTION
|
|
|
|
The
|
1997-10-20 12:50:59 +04:00
|
|
|
.Nm
|
1993-03-21 12:45:37 +03:00
|
|
|
utility attempts to remove the non-directory type files specified on the
|
|
|
|
command line.
|
|
|
|
If the permissions of the file do not permit writing, and the standard
|
|
|
|
input device is a terminal, the user is prompted (on the standard error
|
|
|
|
output) for confirmation.
|
|
|
|
.Pp
|
|
|
|
The options are as follows:
|
|
|
|
.Bl -tag -width flag
|
|
|
|
.It Fl d
|
|
|
|
Attempt to remove directories as well as other types of files.
|
|
|
|
.It Fl f
|
|
|
|
Attempt to remove the files without prompting for confirmation,
|
|
|
|
regardless of the file's permissions.
|
|
|
|
If the file does not exist, do not display a diagnostic message or modify
|
|
|
|
the exit status to reflect an error.
|
|
|
|
The
|
|
|
|
.Fl f
|
|
|
|
option overrides any previous
|
2001-12-20 22:31:48 +03:00
|
|
|
.Fl i
|
1993-03-21 12:45:37 +03:00
|
|
|
options.
|
|
|
|
.It Fl i
|
|
|
|
Request confirmation before attempting to remove each file, regardless of
|
|
|
|
the file's permissions, or whether or not the standard input device is a
|
|
|
|
terminal.
|
|
|
|
The
|
|
|
|
.Fl i
|
|
|
|
option overrides any previous
|
2001-12-20 22:31:48 +03:00
|
|
|
.Fl f
|
1993-03-21 12:45:37 +03:00
|
|
|
options.
|
1994-09-20 04:37:13 +04:00
|
|
|
.It Fl P
|
|
|
|
Overwrite regular files before deleting them.
|
|
|
|
Files are overwritten three times, first with the byte pattern 0xff,
|
2006-09-03 03:28:32 +04:00
|
|
|
then 0x00, and then with random data, before they are deleted.
|
|
|
|
Some care is taken to ensure that the data are actually written to
|
|
|
|
disk, but this cannot be guaranteed, even on traditional filesystems;
|
|
|
|
on log-structured filesystems or if any block-journaling scheme is
|
|
|
|
in use, this option is completely useless.
|
|
|
|
If the file cannot be
|
2006-08-25 15:08:50 +04:00
|
|
|
overwritten, it will not be removed.
|
1993-03-21 12:45:37 +03:00
|
|
|
.It Fl R
|
|
|
|
Attempt to remove the file hierarchy rooted in each file argument.
|
2001-12-20 22:31:48 +03:00
|
|
|
The
|
1993-03-21 12:45:37 +03:00
|
|
|
.Fl R
|
|
|
|
option implies the
|
|
|
|
.Fl d
|
|
|
|
option.
|
|
|
|
If the
|
|
|
|
.Fl i
|
2001-12-20 22:31:48 +03:00
|
|
|
option is specified, the user is prompted for confirmation before
|
1993-03-21 12:45:37 +03:00
|
|
|
each directory's contents are processed (as well as before the attempt
|
|
|
|
is made to remove the directory).
|
|
|
|
If the user does not respond affirmatively, the file hierarchy rooted in
|
|
|
|
that directory is skipped.
|
|
|
|
.Pp
|
|
|
|
.It Fl r
|
|
|
|
Equivalent to
|
|
|
|
.Fl R .
|
2003-02-12 22:27:22 +03:00
|
|
|
.It Fl v
|
|
|
|
Cause
|
|
|
|
.Nm
|
|
|
|
to be verbose, showing files as they are processed.
|
1994-12-28 04:37:49 +03:00
|
|
|
.It Fl W
|
|
|
|
Attempts to undelete the named files.
|
|
|
|
Currently, this option can only be used to recover
|
|
|
|
files covered by whiteouts.
|
1993-03-21 12:45:37 +03:00
|
|
|
.El
|
|
|
|
.Pp
|
|
|
|
The
|
1997-10-20 12:50:59 +04:00
|
|
|
.Nm
|
1993-03-21 12:45:37 +03:00
|
|
|
utility removes symbolic links, not the files referenced by the links.
|
|
|
|
.Pp
|
|
|
|
It is an error to attempt to remove the files ``.'' and ``..''.
|
2004-03-24 14:37:07 +03:00
|
|
|
.Sh EXIT STATUS
|
|
|
|
The
|
|
|
|
.Nm
|
|
|
|
utility exits 0 if all of the named files or file hierarchies were removed,
|
|
|
|
or if the
|
|
|
|
.Fl f
|
|
|
|
option was specified and all of the existing files or file hierarchies were
|
|
|
|
removed.
|
|
|
|
If an error occurs,
|
|
|
|
.Nm
|
|
|
|
exits with a value \*[Gt]0.
|
2004-03-24 09:55:58 +03:00
|
|
|
.Sh EXAMPLES
|
|
|
|
.Nm
|
|
|
|
uses
|
|
|
|
.Xr getopt 3
|
|
|
|
standard argument processing.
|
|
|
|
Removing filenames that begin with a dash
|
2004-03-24 14:37:07 +03:00
|
|
|
.Pq e.g., Ar -file
|
2004-03-24 09:55:58 +03:00
|
|
|
in the current directory which might otherwise be taken as option flags to
|
|
|
|
.Nm
|
|
|
|
can be accomplished as follows:
|
|
|
|
.Pp
|
|
|
|
.Ic "rm -- -file"
|
|
|
|
.Pp
|
|
|
|
or
|
|
|
|
.Pp
|
|
|
|
.Ic "rm ./-file"
|
1993-03-21 12:45:37 +03:00
|
|
|
.Sh SEE ALSO
|
|
|
|
.Xr rmdir 1 ,
|
1994-12-28 04:37:49 +03:00
|
|
|
.Xr undelete 2 ,
|
1993-03-21 12:45:37 +03:00
|
|
|
.Xr unlink 2 ,
|
1994-09-20 04:37:13 +04:00
|
|
|
.Xr fts 3 ,
|
2004-03-24 09:55:58 +03:00
|
|
|
.Xr getopt 3 ,
|
1994-09-20 04:37:13 +04:00
|
|
|
.Xr symlink 7
|
|
|
|
.Sh BUGS
|
|
|
|
The
|
|
|
|
.Fl P
|
|
|
|
option assumes that the underlying file system is a fixed-block file
|
|
|
|
system.
|
2004-01-11 05:13:14 +03:00
|
|
|
FFS is a fixed-block file system, LFS is not.
|
1994-09-20 04:37:13 +04:00
|
|
|
In addition, only regular files are overwritten, other types of files
|
|
|
|
are not.
|
2004-01-11 12:40:36 +03:00
|
|
|
Recent research indicates that as many as 35 overwrite passes with
|
|
|
|
carefully chosen data patterns may be necessary to actually prevent
|
|
|
|
recovery of data from a magnetic disk.
|
|
|
|
Thus the
|
Change behaviour of -P option to conform generally to DoD 5220.22-M
standard. This change inspired by Apple's "Secure Empty Trash" functionality
in MacOS 10.3. However, it is important to understand that this change
does not -- and can not -- actually achieve conformance to the current
revision of the standard. To quote the manual page:
The -P option attempts to conform to U.S. DoD 5220-22.M, "National Indus-
trial Security Program Operating Manual" ("NISPOM") as updated by Change
2 and the July 23, 2003 "Clearing & Sanitization Matrix". However,
unlike earlier revisions of NISPOM, the 2003 matrix imposes requirements
which make it clear that the standard does not and can not apply to the
erasure of individual files, in particular requirements relating to spare
sector management for an entire magnetic disk. Because these
requirements are not met, the -P option does not conform to the standard.
This also makes the -P option a *lot* more expensive than it used to be.
It used to overwrite with 0xff, overwrite with 0x00, overwrite with 0xff,
with an fsync after each write. Now it overwrites with a random character,
overwrites with 0xff, overwrites with 0x00, reads to validate the 0x00
overwrite, then overwrites with random data -- calling sync() after every
operation in an attempt to force seeks that will clear the data from the
cache of disks that lie about whether data has been committed to the
platters. Also, the file's opened with O_SYNC|O_RSYNC to cause metadata
updates on every read/write, which should cause still more seeks.
This is better than it used to be, but it's by no means adequate if you
have data you really don't want read by an adversary who can pull the
disk apart.
2004-01-11 05:04:05 +03:00
|
|
|
.Fl P
|
2004-01-11 12:40:36 +03:00
|
|
|
option is likely both insufficient for its design purpose and far
|
|
|
|
too costly for default operation.
|
|
|
|
However, it will at least prevent the recovery of data from FFS
|
|
|
|
volumes with
|
Change behaviour of -P option to conform generally to DoD 5220.22-M
standard. This change inspired by Apple's "Secure Empty Trash" functionality
in MacOS 10.3. However, it is important to understand that this change
does not -- and can not -- actually achieve conformance to the current
revision of the standard. To quote the manual page:
The -P option attempts to conform to U.S. DoD 5220-22.M, "National Indus-
trial Security Program Operating Manual" ("NISPOM") as updated by Change
2 and the July 23, 2003 "Clearing & Sanitization Matrix". However,
unlike earlier revisions of NISPOM, the 2003 matrix imposes requirements
which make it clear that the standard does not and can not apply to the
erasure of individual files, in particular requirements relating to spare
sector management for an entire magnetic disk. Because these
requirements are not met, the -P option does not conform to the standard.
This also makes the -P option a *lot* more expensive than it used to be.
It used to overwrite with 0xff, overwrite with 0x00, overwrite with 0xff,
with an fsync after each write. Now it overwrites with a random character,
overwrites with 0xff, overwrites with 0x00, reads to validate the 0x00
overwrite, then overwrites with random data -- calling sync() after every
operation in an attempt to force seeks that will clear the data from the
cache of disks that lie about whether data has been committed to the
platters. Also, the file's opened with O_SYNC|O_RSYNC to cause metadata
updates on every read/write, which should cause still more seeks.
This is better than it used to be, but it's by no means adequate if you
have data you really don't want read by an adversary who can pull the
disk apart.
2004-01-11 05:04:05 +03:00
|
|
|
.Xr fsdb 8 .
|
1993-03-21 12:45:37 +03:00
|
|
|
.Sh COMPATIBILITY
|
|
|
|
The
|
1997-10-20 12:50:59 +04:00
|
|
|
.Nm
|
1993-03-21 12:45:37 +03:00
|
|
|
utility differs from historical implementations in that the
|
|
|
|
.Fl f
|
|
|
|
option only masks attempts to remove non-existent files instead of
|
|
|
|
masking a large variety of errors.
|
|
|
|
.Pp
|
|
|
|
Also, historical
|
|
|
|
.Bx
|
|
|
|
implementations prompted on the standard output,
|
|
|
|
not the standard error output.
|
|
|
|
.Sh STANDARDS
|
|
|
|
The
|
1997-10-20 12:50:59 +04:00
|
|
|
.Nm
|
1995-07-25 23:36:36 +04:00
|
|
|
utility is expected to be
|
1993-03-21 12:45:37 +03:00
|
|
|
.St -p1003.2
|
2003-02-12 22:48:18 +03:00
|
|
|
compatible.
|
|
|
|
The
|
2003-02-12 22:27:22 +03:00
|
|
|
.Fl v
|
|
|
|
option is an extension.
|
Change behaviour of -P option to conform generally to DoD 5220.22-M
standard. This change inspired by Apple's "Secure Empty Trash" functionality
in MacOS 10.3. However, it is important to understand that this change
does not -- and can not -- actually achieve conformance to the current
revision of the standard. To quote the manual page:
The -P option attempts to conform to U.S. DoD 5220-22.M, "National Indus-
trial Security Program Operating Manual" ("NISPOM") as updated by Change
2 and the July 23, 2003 "Clearing & Sanitization Matrix". However,
unlike earlier revisions of NISPOM, the 2003 matrix imposes requirements
which make it clear that the standard does not and can not apply to the
erasure of individual files, in particular requirements relating to spare
sector management for an entire magnetic disk. Because these
requirements are not met, the -P option does not conform to the standard.
This also makes the -P option a *lot* more expensive than it used to be.
It used to overwrite with 0xff, overwrite with 0x00, overwrite with 0xff,
with an fsync after each write. Now it overwrites with a random character,
overwrites with 0xff, overwrites with 0x00, reads to validate the 0x00
overwrite, then overwrites with random data -- calling sync() after every
operation in an attempt to force seeks that will clear the data from the
cache of disks that lie about whether data has been committed to the
platters. Also, the file's opened with O_SYNC|O_RSYNC to cause metadata
updates on every read/write, which should cause still more seeks.
This is better than it used to be, but it's by no means adequate if you
have data you really don't want read by an adversary who can pull the
disk apart.
2004-01-11 05:04:05 +03:00
|
|
|
.Pp
|
|
|
|
The
|
|
|
|
.Fl P
|
2004-01-11 12:40:36 +03:00
|
|
|
option attempts to conform to U.S. DoD 5220-22.M, "National Industrial
|
|
|
|
Security Program Operating Manual" ("NISPOM") as updated by Change
|
|
|
|
2 and the July 23, 2003 "Clearing \*[Am] Sanitization Matrix".
|
|
|
|
However, unlike earlier revisions of NISPOM, the 2003 matrix imposes
|
|
|
|
requirements which make it clear that the standard does not and
|
|
|
|
can not apply to the erasure of individual files, in particular
|
|
|
|
requirements relating to spare sector management for an entire
|
|
|
|
magnetic disk.
|
|
|
|
.Em Because these requirements are not met, the
|
|
|
|
.Fl P
|
|
|
|
.Em option does not conform to the standard .
|