5 Linux commands you should never run (and why)

One important thing you need to know about Linux and its ancestor, Unix, is Unix developer Terry Lambert’s famous quote: “It is not Unix’s job to stop you from shooting your foot. If you so choose to do so, then it is Unix’s job to deliver Mr. Bullet to Mr Foot in the most efficient way it knows.” 

Also: The Linux file system structure explained

That’s exactly how both operating systems work.

You don’t have to worry about this possibility if you use graphical Linux applications on desktops such as GNOME, KDE, or Cinnamon. These desktops come with safety belts and shoulder straps. You’d have to try really hard to wreck your Linux machine from a graphical user interface. 

If, however, you’re a Linux administrator or power user, and you often use shell commands and/or write shell scripts, then, my friend, you can wreck your computer’s day with the wrong command at the wrong time. 

Remember, never try these commands at home, the office, or on a production system. 

1. The big one: rm -rf /

This is the command every Linux administrator knows — or should know, anyway — to avoid. 

By itself, rm is very handy. It enables you to delete even the most stubborn files. But when you combine rm with those two flags: -r, which forces recursive deletion through all subdirectories, and -f, which forces deletion of read-only files without confirmation, you’re asking for trouble. 

Also: Linus Torvalds muses about maintainer gray hairs and the next ‘King of Linux’

If you run it against the / root directory, you’ll wipe every last bit of data on your entire drive. 

Although used as a punchline for jokes about system administrator mistakes, people still do this in real life. As one user confessed, “One of my worst mistakes was to accidentally press the space bar while typing rm –r /this/is/my/folder/[ACCIDENTAL_SPACE]* and unbelievably, I did not realize it even when pressing the enter key.” 

In this case, everything in that directory was deleted because he’d used the “*” wildcard. Bye, files! There is no recycle bin in the shell to save you. 

Most modern systems warn you in big letters before you make this blunder. However, you can type your system into a black hole if you are busy or distracted as you pound away on the keyboard. I’ve seen it done and then had to restore entire systems from tape (which you never want to do, trust me).

2. dd stands for disk destroyer

Not really, but it sure seems that way. dd is used to make digital copies of, well, pretty much anything on a computer. Used correctly, it’s powerful, useful and fast. But when used incorrectly, it can destroy file systems in the blink of an eye. 

Also: Linux kernel 6.11 is out – with its own BSOD

I’ve heard far more examples of dd wreaking havoc on drives and files than rm. That’s because dd has a unique command syntax. If finger memory leads you to put in the wrong flags, you can find yourself doing terrible things to your file system. Indeed, open-source co-founder and hacker Eric S. Raymond has speculated that dd‘s command syntax, which looks far more like IBM JCL than it does typical Unix/Linux command syntax, “was clearly a prank.”

Unfortunately, if it’s a joke, it’s a bad one that lives on. So, for example, the command:

dd if=/dev/zero of=/dev/hda

pulls its data from the special file, which outputs an infinity of zeros, and pours them all over the hard drive. 

This may sound silly, but /dev/zero has real uses. For example, you can use it to clear unused space in a partition with zeros. This makes the partition image much smaller if you need to transfer or back up a partition. 

It doesn’t have to be zeros. dd will happily replace good data on your drive with bad in any number of entertaining ways. This command can be helpful, but it’s like trying to fix a watch with a sledgehammer: Quick, efficient, and devastating.

Also: How to run a Windows app on Linux with Wine

A more modern way to blast away data from a Solid-State Drive (SSD) is the blkdiscard command, which is used to discard device sectors, along with any data on the drive. It’s not just old commands like dd, which just turned 50, that can cause messes. 

3. The process proliferator: :(){ :|:& };:

I know it looks like a typo, but this command is the infamous Bash fork bomb. It is a Denial of Service (DoS) attack that will fill Linux’s process table. The exact results depend on the system limit setting and who’s running it, but all too often, it pegs out your processor, and the only way back is to reboot your system. 

Usually, you’ll find someone stumbling into this blunder in programming classes while they’re learning how to use forks. I’ve also seen malicious shell scripts which had this command hidden inside them to screw someone over. Before running a shell script that sounds useful, it’s good practice to read it and run it in a sandbox to ensure it’s not hiding anything suspect. 

Also: The most popular programming languages in 2024

I’ve seen gullible system administrators grabbing a potentially useful script with a command such as:

wget https://ImSureThisIsASafe/GreatScript.sh -O- | sh

This command downloads the script and sends it off to the shell to run. No fuss, no muss, right? Wrong. 

That script may be poisoned with malware. Sure, Linux is safer than most operating systems by default, but anything can happen if you run unknown code as root. The danger is not only in maliciousness; the script author’s potential mistakes are equally as harmful. You can be bitten by someone else’s undebugged code because you didn’t take the time to check it out thoroughly. 

4. The permission pulverizer: chmod -R 777 /

Chmod -R 777 / is the command equivalent of leaving your front door wide open in a high-crime neighborhood. Chmod is used to recursively change all file and directory permissions to give everyone read, write, and execute access to everything on your system. It’s a hacker’s dream and a system administrator’s nightmare.

Also: This is my new favorite default email client for Linux

More commonly, versions of this are used to help a user run a program they wouldn’t otherwise be able to. Folks, there’s usually a good reason someone doesn’t have the right to run a program.

I see a variation of this command abused the most in containerized apps. By default, Docker containers run with limited privileges to mitigate risks and improve security. But, all too often, lazy programmers build containers where the user is root. Just like the chmod -R 777 command, that means everything is run as root, which is just asking for security trouble. 

5. The disk formatter: mkfs.ext4 /dev/sda

Last but not least, we have mkfs.ext4 /dev/sda. This command formats whatever drive or partition you aim it at and creates a new ext4 filesystem. It’s like using a flamethrower to clear your desk; it’ll eliminate the clutter, but you might lose a few important things in the process.

Also: 10 Linux apps I can’t do without – and why

Of course, sometimes you want to format a drive. The problem is if you fat-finger the destination, say sda2, which holds all your home directories, instead of the new sda3 SSD drive, you just zapped your and all your users’ personal files. 

The Linux way

Remember, with great power comes great responsibility. Linux gives you the freedom to do almost anything with your system — including accidentally destroying it. Always double-check your commands, especially when working with system-critical operations.

As a technology journalist who has been using Unix since the 1970s and covering Linux since Linus Torvalds was just a Finnish university student with a hobby project, I can’t stress enough the importance of understanding the commands you’re using. 

Also: 5 best Linux commands for troubleshooting problems

These five are just the tip of the iceberg when it comes to potentially dangerous Linux commands. The next time you’re tempted to copy and paste a command from a sketchy online forum, take a moment to research what it actually does. Your data, your system, and your sanity will thank you.