1. 12
  1.  

  2. 25

    And/or trolled stack exchange.

    1. 2

      Or perhaps “guerrilla marketing operation”.

      1. 7

        This is fake. Not only is that not the correct Bash variable expansion syntax, the post is tagged centos, meaning they are using GNU rm, which would require –no-preserve-root to be specified for exactly this reason.

        What is most interesting to me about this post is that non-technical journalists have begun using Server Fault as a source.

        1. 1

          I thought it was Ansible variable syntax. But you’re probably right, and it looks as though Server Fault agrees.

        2. [Comment removed by author]

          1. 16

            In bash, set -o errexit causes the script to exit if any command fails. As well, set -o nounset prevents unset variables from expanding to nothing.

            1. [Comment removed by author]

              1. 25

                Bash strict mode:

                set -e # stop the script on errors
                set -u # unset variables are an error
                set -o pipefail # piping a failed process into a successful one is an arror
                

                Additionally, install and run shellcheck on every bash script you write, and fix all the warnings.

                1. 6

                  Wow. I didn’t know about pipefail – that’s really useful.

                  1. 4

                    these are very helpful, thanks! I was only aware of set -e

                  2. 3

                    Be aware that there are a number of subtleties with set -e – see http://mywiki.wooledge.org/BashFAQ/105 for some examples. As demonstrated toward the bottom of that page, some regard these subtleties as reasons to avoid set -e; others don’t. I’m in the latter camp, personally (i.e. I usually use it), but it’s not quite as simple and awesome as it might look at first.

                2. 6

                  I think the real solution here is to use a real programming language even for your one-off throwaway scripts.

                3. 5

                  Bash script with a rm -rf {foo}/{bar}

                  was the culprit apparently - wasn’t that the code that steam used to delete its users?

                  More importantly where is his backups?

                  1. 3

                    he said his backups were mounted, despite saying he also uses rsync

                    1. 3

                      I use rsync to do backups to a drive mounted via smb. How else would you do it? Despite the name rsync is very useful when working “locally” on mounted things.

                      1. 4

                        The rsync protocol is likely to be much more efficient for that use.

                        1. 1

                          True enough - in this specific case my NAS is set up for smb already and it’s good enough that I don’t feel the need to try to set up rsync access if that’s even an option.

                        2. 2

                          rsync over ssh

                          1. 1

                            How else would you do it?

                            LVM snapshots, mounted read-only. You can then backup the read-only directory using rsync (push), instead of mounting a remote server read-write.

                            1. 1

                              I don’t understand. The place where you’re writing the backup has to be writeable, because you’re… writing it. No?

                              1. 1

                                Just because something is mounted on the filesystem read-only doesn’t mean you can’t write to it without using the filesystem; it means that malicious scripts can’t traverse that filesystem boundary to delete all your backups.

                                1. 1

                                  Sure you can write via not-the-filesystem, such as by rsyncing to a server that you mount read-only from. I don’t see how LVM fits in though - if you’re talking about LVM snapshots you’re talking about having them locally, surely?

                      2. 3

                        Lets be honest, this is shocking because it could happen to any one of us in the right circumstances. Where’s Devops Borat…

                        Patch Ansible to throw an error for undefined/null varianles?

                        1. 7

                          To make error is human. To propagate error to all server in automatic way is #devops.

                          https://mobile.twitter.com/devops_borat/status/41587168870797312

                          1. 3

                            Heavy ansible user here. The default is to fail for undefined variables. He must have had them set to empty strings.

                          2. 2

                            I’m no bash expert, but obviously the strings should have been checked first. I saw an assert library for bash the other day which could be another goood solution.

                            1. 2

                              Heh. Ansible.