rm.c revision 226961
1/*- 2 * Copyright (c) 1990, 1993, 1994 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 4. Neither the name of the University nor the names of its contributors 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 */ 29 30#if 0 31#ifndef lint 32static const char copyright[] = 33"@(#) Copyright (c) 1990, 1993, 1994\n\ 34 The Regents of the University of California. All rights reserved.\n"; 35#endif /* not lint */ 36 37#ifndef lint 38static char sccsid[] = "@(#)rm.c 8.5 (Berkeley) 4/18/94"; 39#endif /* not lint */ 40#endif 41#include <sys/cdefs.h> 42__FBSDID("$FreeBSD: head/bin/rm/rm.c 226961 2011-10-31 08:59:17Z ed $"); 43 44#include <sys/stat.h> 45#include <sys/param.h> 46#include <sys/mount.h> 47 48#include <err.h> 49#include <errno.h> 50#include <fcntl.h> 51#include <fts.h> 52#include <grp.h> 53#include <pwd.h> 54#include <stdio.h> 55#include <stdlib.h> 56#include <string.h> 57#include <sysexits.h> 58#include <unistd.h> 59 60static int dflag, eval, fflag, iflag, Pflag, vflag, Wflag, stdin_ok; 61static int rflag, Iflag; 62static uid_t uid; 63static volatile sig_atomic_t info; 64 65int check(char *, char *, struct stat *); 66int check2(char **); 67void checkdot(char **); 68void checkslash(char **); 69void rm_file(char **); 70int rm_overwrite(char *, struct stat *); 71void rm_tree(char **); 72static void siginfo(int __unused); 73void usage(void); 74 75/* 76 * rm -- 77 * This rm is different from historic rm's, but is expected to match 78 * POSIX 1003.2 behavior. The most visible difference is that -f 79 * has two specific effects now, ignore non-existent files and force 80 * file removal. 81 */ 82int 83main(int argc, char *argv[]) 84{ 85 int ch; 86 char *p; 87 88 /* 89 * Test for the special case where the utility is called as 90 * "unlink", for which the functionality provided is greatly 91 * simplified. 92 */ 93 if ((p = strrchr(argv[0], '/')) == NULL) 94 p = argv[0]; 95 else 96 ++p; 97 if (strcmp(p, "unlink") == 0) { 98 while (getopt(argc, argv, "") != -1) 99 usage(); 100 argc -= optind; 101 argv += optind; 102 if (argc != 1) 103 usage(); 104 rm_file(&argv[0]); 105 exit(eval); 106 } 107 108 Pflag = rflag = 0; 109 while ((ch = getopt(argc, argv, "dfiIPRrvW")) != -1) 110 switch(ch) { 111 case 'd': 112 dflag = 1; 113 break; 114 case 'f': 115 fflag = 1; 116 iflag = 0; 117 break; 118 case 'i': 119 fflag = 0; 120 iflag = 1; 121 break; 122 case 'I': 123 Iflag = 1; 124 break; 125 case 'P': 126 Pflag = 1; 127 break; 128 case 'R': 129 case 'r': /* Compatibility. */ 130 rflag = 1; 131 break; 132 case 'v': 133 vflag = 1; 134 break; 135 case 'W': 136 Wflag = 1; 137 break; 138 default: 139 usage(); 140 } 141 argc -= optind; 142 argv += optind; 143 144 if (argc < 1) { 145 if (fflag) 146 return (0); 147 usage(); 148 } 149 150 checkdot(argv); 151 if (getenv("POSIXLY_CORRECT") == NULL) 152 checkslash(argv); 153 uid = geteuid(); 154 155 (void)signal(SIGINFO, siginfo); 156 if (*argv) { 157 stdin_ok = isatty(STDIN_FILENO); 158 159 if (Iflag) { 160 if (check2(argv) == 0) 161 exit (1); 162 } 163 if (rflag) 164 rm_tree(argv); 165 else 166 rm_file(argv); 167 } 168 169 exit (eval); 170} 171 172void 173rm_tree(char **argv) 174{ 175 FTS *fts; 176 FTSENT *p; 177 int needstat; 178 int flags; 179 int rval; 180 181 /* 182 * Remove a file hierarchy. If forcing removal (-f), or interactive 183 * (-i) or can't ask anyway (stdin_ok), don't stat the file. 184 */ 185 needstat = !uid || (!fflag && !iflag && stdin_ok); 186 187 /* 188 * If the -i option is specified, the user can skip on the pre-order 189 * visit. The fts_number field flags skipped directories. 190 */ 191#define SKIPPED 1 192 193 flags = FTS_PHYSICAL; 194 if (!needstat) 195 flags |= FTS_NOSTAT; 196 if (Wflag) 197 flags |= FTS_WHITEOUT; 198 if (!(fts = fts_open(argv, flags, NULL))) { 199 if (fflag && errno == ENOENT) 200 return; 201 err(1, "fts_open"); 202 } 203 while ((p = fts_read(fts)) != NULL) { 204 switch (p->fts_info) { 205 case FTS_DNR: 206 if (!fflag || p->fts_errno != ENOENT) { 207 warnx("%s: %s", 208 p->fts_path, strerror(p->fts_errno)); 209 eval = 1; 210 } 211 continue; 212 case FTS_ERR: 213 errx(1, "%s: %s", p->fts_path, strerror(p->fts_errno)); 214 case FTS_NS: 215 /* 216 * Assume that since fts_read() couldn't stat the 217 * file, it can't be unlinked. 218 */ 219 if (!needstat) 220 break; 221 if (!fflag || p->fts_errno != ENOENT) { 222 warnx("%s: %s", 223 p->fts_path, strerror(p->fts_errno)); 224 eval = 1; 225 } 226 continue; 227 case FTS_D: 228 /* Pre-order: give user chance to skip. */ 229 if (!fflag && !check(p->fts_path, p->fts_accpath, 230 p->fts_statp)) { 231 (void)fts_set(fts, p, FTS_SKIP); 232 p->fts_number = SKIPPED; 233 } 234 else if (!uid && 235 (p->fts_statp->st_flags & (UF_APPEND|UF_IMMUTABLE)) && 236 !(p->fts_statp->st_flags & (SF_APPEND|SF_IMMUTABLE)) && 237 lchflags(p->fts_accpath, 238 p->fts_statp->st_flags &= ~(UF_APPEND|UF_IMMUTABLE)) < 0) 239 goto err; 240 continue; 241 case FTS_DP: 242 /* Post-order: see if user skipped. */ 243 if (p->fts_number == SKIPPED) 244 continue; 245 break; 246 default: 247 if (!fflag && 248 !check(p->fts_path, p->fts_accpath, p->fts_statp)) 249 continue; 250 } 251 252 rval = 0; 253 if (!uid && 254 (p->fts_statp->st_flags & (UF_APPEND|UF_IMMUTABLE)) && 255 !(p->fts_statp->st_flags & (SF_APPEND|SF_IMMUTABLE))) 256 rval = lchflags(p->fts_accpath, 257 p->fts_statp->st_flags &= ~(UF_APPEND|UF_IMMUTABLE)); 258 if (rval == 0) { 259 /* 260 * If we can't read or search the directory, may still be 261 * able to remove it. Don't print out the un{read,search}able 262 * message unless the remove fails. 263 */ 264 switch (p->fts_info) { 265 case FTS_DP: 266 case FTS_DNR: 267 rval = rmdir(p->fts_accpath); 268 if (rval == 0 || (fflag && errno == ENOENT)) { 269 if (rval == 0 && vflag) 270 (void)printf("%s\n", 271 p->fts_path); 272 if (rval == 0 && info) { 273 info = 0; 274 (void)printf("%s\n", 275 p->fts_path); 276 } 277 continue; 278 } 279 break; 280 281 case FTS_W: 282 rval = undelete(p->fts_accpath); 283 if (rval == 0 && (fflag && errno == ENOENT)) { 284 if (vflag) 285 (void)printf("%s\n", 286 p->fts_path); 287 if (info) { 288 info = 0; 289 (void)printf("%s\n", 290 p->fts_path); 291 } 292 continue; 293 } 294 break; 295 296 case FTS_NS: 297 /* 298 * Assume that since fts_read() couldn't stat 299 * the file, it can't be unlinked. 300 */ 301 if (fflag) 302 continue; 303 /* FALLTHROUGH */ 304 default: 305 if (Pflag) 306 if (!rm_overwrite(p->fts_accpath, NULL)) 307 continue; 308 rval = unlink(p->fts_accpath); 309 if (rval == 0 || (fflag && errno == ENOENT)) { 310 if (rval == 0 && vflag) 311 (void)printf("%s\n", 312 p->fts_path); 313 if (rval == 0 && info) { 314 info = 0; 315 (void)printf("%s\n", 316 p->fts_path); 317 } 318 continue; 319 } 320 } 321 } 322err: 323 warn("%s", p->fts_path); 324 eval = 1; 325 } 326 if (errno) 327 err(1, "fts_read"); 328 fts_close(fts); 329} 330 331void 332rm_file(char **argv) 333{ 334 struct stat sb; 335 int rval; 336 char *f; 337 338 /* 339 * Remove a file. POSIX 1003.2 states that, by default, attempting 340 * to remove a directory is an error, so must always stat the file. 341 */ 342 while ((f = *argv++) != NULL) { 343 /* Assume if can't stat the file, can't unlink it. */ 344 if (lstat(f, &sb)) { 345 if (Wflag) { 346 sb.st_mode = S_IFWHT|S_IWUSR|S_IRUSR; 347 } else { 348 if (!fflag || errno != ENOENT) { 349 warn("%s", f); 350 eval = 1; 351 } 352 continue; 353 } 354 } else if (Wflag) { 355 warnx("%s: %s", f, strerror(EEXIST)); 356 eval = 1; 357 continue; 358 } 359 360 if (S_ISDIR(sb.st_mode) && !dflag) { 361 warnx("%s: is a directory", f); 362 eval = 1; 363 continue; 364 } 365 if (!fflag && !S_ISWHT(sb.st_mode) && !check(f, f, &sb)) 366 continue; 367 rval = 0; 368 if (!uid && !S_ISWHT(sb.st_mode) && 369 (sb.st_flags & (UF_APPEND|UF_IMMUTABLE)) && 370 !(sb.st_flags & (SF_APPEND|SF_IMMUTABLE))) 371 rval = lchflags(f, sb.st_flags & ~(UF_APPEND|UF_IMMUTABLE)); 372 if (rval == 0) { 373 if (S_ISWHT(sb.st_mode)) 374 rval = undelete(f); 375 else if (S_ISDIR(sb.st_mode)) 376 rval = rmdir(f); 377 else { 378 if (Pflag) 379 if (!rm_overwrite(f, &sb)) 380 continue; 381 rval = unlink(f); 382 } 383 } 384 if (rval && (!fflag || errno != ENOENT)) { 385 warn("%s", f); 386 eval = 1; 387 } 388 if (vflag && rval == 0) 389 (void)printf("%s\n", f); 390 if (info && rval == 0) { 391 info = 0; 392 (void)printf("%s\n", f); 393 } 394 } 395} 396 397/* 398 * rm_overwrite -- 399 * Overwrite the file 3 times with varying bit patterns. 400 * 401 * XXX 402 * This is a cheap way to *really* delete files. Note that only regular 403 * files are deleted, directories (and therefore names) will remain. 404 * Also, this assumes a fixed-block file system (like FFS, or a V7 or a 405 * System V file system). In a logging or COW file system, you'll have to 406 * have kernel support. 407 */ 408int 409rm_overwrite(char *file, struct stat *sbp) 410{ 411 struct stat sb; 412 struct statfs fsb; 413 off_t len; 414 int bsize, fd, wlen; 415 char *buf = NULL; 416 417 fd = -1; 418 if (sbp == NULL) { 419 if (lstat(file, &sb)) 420 goto err; 421 sbp = &sb; 422 } 423 if (!S_ISREG(sbp->st_mode)) 424 return (1); 425 if (sbp->st_nlink > 1 && !fflag) { 426 warnx("%s (inode %u): not overwritten due to multiple links", 427 file, sbp->st_ino); 428 return (0); 429 } 430 if ((fd = open(file, O_WRONLY, 0)) == -1) 431 goto err; 432 if (fstatfs(fd, &fsb) == -1) 433 goto err; 434 bsize = MAX(fsb.f_iosize, 1024); 435 if ((buf = malloc(bsize)) == NULL) 436 err(1, "%s: malloc", file); 437 438#define PASS(byte) { \ 439 memset(buf, byte, bsize); \ 440 for (len = sbp->st_size; len > 0; len -= wlen) { \ 441 wlen = len < bsize ? len : bsize; \ 442 if (write(fd, buf, wlen) != wlen) \ 443 goto err; \ 444 } \ 445} 446 PASS(0xff); 447 if (fsync(fd) || lseek(fd, (off_t)0, SEEK_SET)) 448 goto err; 449 PASS(0x00); 450 if (fsync(fd) || lseek(fd, (off_t)0, SEEK_SET)) 451 goto err; 452 PASS(0xff); 453 if (!fsync(fd) && !close(fd)) { 454 free(buf); 455 return (1); 456 } 457 458err: eval = 1; 459 if (buf) 460 free(buf); 461 if (fd != -1) 462 close(fd); 463 warn("%s", file); 464 return (0); 465} 466 467 468int 469check(char *path, char *name, struct stat *sp) 470{ 471 int ch, first; 472 char modep[15], *flagsp; 473 474 /* Check -i first. */ 475 if (iflag) 476 (void)fprintf(stderr, "remove %s? ", path); 477 else { 478 /* 479 * If it's not a symbolic link and it's unwritable and we're 480 * talking to a terminal, ask. Symbolic links are excluded 481 * because their permissions are meaningless. Check stdin_ok 482 * first because we may not have stat'ed the file. 483 */ 484 if (!stdin_ok || S_ISLNK(sp->st_mode) || 485 (!access(name, W_OK) && 486 !(sp->st_flags & (SF_APPEND|SF_IMMUTABLE)) && 487 (!(sp->st_flags & (UF_APPEND|UF_IMMUTABLE)) || !uid))) 488 return (1); 489 strmode(sp->st_mode, modep); 490 if ((flagsp = fflagstostr(sp->st_flags)) == NULL) 491 err(1, "fflagstostr"); 492 if (Pflag) 493 errx(1, 494 "%s: -P was specified, but file is not writable", 495 path); 496 (void)fprintf(stderr, "override %s%s%s/%s %s%sfor %s? ", 497 modep + 1, modep[9] == ' ' ? "" : " ", 498 user_from_uid(sp->st_uid, 0), 499 group_from_gid(sp->st_gid, 0), 500 *flagsp ? flagsp : "", *flagsp ? " " : "", 501 path); 502 free(flagsp); 503 } 504 (void)fflush(stderr); 505 506 first = ch = getchar(); 507 while (ch != '\n' && ch != EOF) 508 ch = getchar(); 509 return (first == 'y' || first == 'Y'); 510} 511 512#define ISSLASH(a) ((a)[0] == '/' && (a)[1] == '\0') 513void 514checkslash(char **argv) 515{ 516 char **t, **u; 517 int complained; 518 519 complained = 0; 520 for (t = argv; *t;) { 521 if (ISSLASH(*t)) { 522 if (!complained++) 523 warnx("\"/\" may not be removed"); 524 eval = 1; 525 for (u = t; u[0] != NULL; ++u) 526 u[0] = u[1]; 527 } else { 528 ++t; 529 } 530 } 531} 532 533int 534check2(char **argv) 535{ 536 struct stat st; 537 int first; 538 int ch; 539 int fcount = 0; 540 int dcount = 0; 541 int i; 542 const char *dname = NULL; 543 544 for (i = 0; argv[i]; ++i) { 545 if (lstat(argv[i], &st) == 0) { 546 if (S_ISDIR(st.st_mode)) { 547 ++dcount; 548 dname = argv[i]; /* only used if 1 dir */ 549 } else { 550 ++fcount; 551 } 552 } 553 } 554 first = 0; 555 while (first != 'n' && first != 'N' && first != 'y' && first != 'Y') { 556 if (dcount && rflag) { 557 fprintf(stderr, "recursively remove"); 558 if (dcount == 1) 559 fprintf(stderr, " %s", dname); 560 else 561 fprintf(stderr, " %d dirs", dcount); 562 if (fcount == 1) 563 fprintf(stderr, " and 1 file"); 564 else if (fcount > 1) 565 fprintf(stderr, " and %d files", fcount); 566 } else if (dcount + fcount > 3) { 567 fprintf(stderr, "remove %d files", dcount + fcount); 568 } else { 569 return(1); 570 } 571 fprintf(stderr, "? "); 572 fflush(stderr); 573 574 first = ch = getchar(); 575 while (ch != '\n' && ch != EOF) 576 ch = getchar(); 577 if (ch == EOF) 578 break; 579 } 580 return (first == 'y' || first == 'Y'); 581} 582 583#define ISDOT(a) ((a)[0] == '.' && (!(a)[1] || ((a)[1] == '.' && !(a)[2]))) 584void 585checkdot(char **argv) 586{ 587 char *p, **save, **t; 588 int complained; 589 590 complained = 0; 591 for (t = argv; *t;) { 592 if ((p = strrchr(*t, '/')) != NULL) 593 ++p; 594 else 595 p = *t; 596 if (ISDOT(p)) { 597 if (!complained++) 598 warnx("\".\" and \"..\" may not be removed"); 599 eval = 1; 600 for (save = t; (t[0] = t[1]) != NULL; ++t) 601 continue; 602 t = save; 603 } else 604 ++t; 605 } 606} 607 608void 609usage(void) 610{ 611 612 (void)fprintf(stderr, "%s\n%s\n", 613 "usage: rm [-f | -i] [-dIPRrvW] file ...", 614 " unlink file"); 615 exit(EX_USAGE); 616} 617 618static void 619siginfo(int sig __unused) 620{ 621 622 info = 1; 623} 624