Rm (Unix)


rm, short for re'm'ove, is a shell command for removing files from the file system. The command may not actually delete a file since it only unlinks it removes a hard link to a file via the unlink() system call. If a file has multiple links and less than all are removed, then the file remains in the file system; accessible via its other links. When a file's only link is removed, then the file is deleted releasing its storage space for other use.
Generally, a deleted file's former storage space still contains the file's data until it is overwritten with another file's content. The data is not accessible via normal file operations but can be recovered via specialized tools. Since this is considered a security risk in some contexts, a hardened version of may wipe the file's storage area when the file is deleted. Commands such as shred and srm specifically provide data wiping.
Since rm does not provide a fallback to recover a file such as a recycle bin, its use involves the risk of accidentally losing information. Users tend to wrap calls to rm in safety mechanisms to limit accidental deletion. There are undelete utilities that attempts to reconstruct the index and can bring the file back if its storage was not reused.
Originally, developed for Unix, today it is also available on Unix-like and non Unix-like systems, KolibriOS, IBM i, EFI shell. and Windows. The del command provides a similar capability in MS-DOS, OS/2, and Command Prompt.
Like, the unlink command also removes files, but only one file at a time.

History

On some old versions of Unix, the rm command would remove directories if they were empty. This behaviour can still be obtained in some versions of rm with the -d flag, e.g., the BSDs derived from 4.4BSD-Lite2.
The version in GNU Core Utilities was written by Paul Rubin, David MacKenzie, Richard Stallman, and Jim Meyering. This version provides a -d option to help with compatibility. The same functionality is provided by the standard rmdir command.

Options

Options commonly provided by a command implementation:
  • -r, recursive; remove directories and their content recursively
  • -i, interactive; ask user to confirm deleting each file
  • -f, force; ignore non-existent files and override any confirmation prompts, does not allow removing files from a write-protected directory
  • -v, verbose; log status
  • -d, directory; remove any empty directories
  • --one-file-system, only remove files on the same file system as the argument; ignore mounted file systems

Use

By default, rm removes specified files, but does not remove a directory. For example, the following removes the file named foo

$ rm foo

But that command fails if foo is a directory. To delete directory foo:

$ rm -r foo

The command is often used with xargs to supply a list of files:

$ xargs rm < filelist

To remove all PNG images in all directories below the current one:

$ find. -name '*.png' -exec rm +

Safety

Permissions

On most file systems, removing a file requires write and execute permissions on the containing directory. Some may be confused that permissions on the file to be removed are irrelevant. However, the GNU implementation confirms removing a write-protected file unless the -f option is used.
To remove a directory, its contents must be removed, recursively. This requires the user to have read, write and execute permissions to the directory and any non-empty subdirectories recursively. Read permission is needed to list the contents of the directory. This sometimes leads to an odd situation where a non-empty directory cannot be removed because the user doesn't have write permission to it and so cannot remove its contents, but if the same directory were empty, the user would be able to remove it.
If a file resides in a directory with the sticky bit set, then removing the file requires the user to own the file.

Preventing accidental deletion

Commands like rm -rf * are relatively risky since they can delete many files in an unrecoverable way. Such commands are sometimes referenced in anecdotes about disastrous mistakes, such as during the production of the film Toy Story 2.
To minimize the risk of accidental file deletions, a common technique is to hide the default command behind an alias or a function that includes the interactive option. For example:

alias rm="rm -i"

or

rm

Then, by default, requires the user to confirm removing each file by pressing or plus. To bypass confirmation, a user can include the -f option.
Unfortunately this can lead to other accidental removals since it trains users to be careless about the wildcards they hand to rm, as well as encouraging a tendency to mindlessly press and to confirm. Users have even been seen going as far as using yes | rm files, which automatically confirms the deletion of each file.
A compromise that allows users to confirm just once, encourages proper wildcarding, and makes verification of the list easier can be achieved with something like:

if ; then
rm

fi

Arguably, this function should not be made into a shell script, which would run a risk of it being found ahead of the system rm in the search path, nor should it be allowed in non-interactive shells where it could break batch jobs. Enclosing the definition in the if ; then.... ; fi construct protects against the latter.
Other commands are designed to prevent accidental deletion, including and.

Protection of the filesystem root

The rm -rf / command, if run by a superuser, causes every file of the file system to be deleted. For safety, Sun Microsystems introduced special protection for this command in Solaris 10. The implementation reports that removing is not allowed. Shortly thereafter, the same functionality was introduced into the FreeBSD implementation. The GNU version refuses to execute rm -rf / if the --preserve-root option is included, which has been the default since version 6.4 of GNU Core Utilities. In newer systems, this failsafe is always active, even without the option. To run the command, user must bypass the failsafe by adding the option --no-preserve-root, even if they are the superuser.

Limitations

The GNU Core Utilities implementation has limits on command line arguments. Arguments are nominally limited to 32 times the kernel's allocated page size. Systems with 4KB page size would thus have a argument size limit of 128KB. For command-line arguments before kernel 2.6.23, the limits were defined at kernel compile time and can be modified by changing the variable MAX_ARG_PAGES in include/linux/binfmts.h file. Newer kernels limit the maximum argument length to 25% of the maximum stack limit. Exceeding the limit results in an error.