rm.c revision 272372
1/*- 2 * Copyright (c) 1990, 1993, 1994 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 4. Neither the name of the University nor the names of its contributors 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 */ 29 30#if 0 31#ifndef lint 32static const char copyright[] = 33"@(#) Copyright (c) 1990, 1993, 1994\n\ 34 The Regents of the University of California. All rights reserved.\n"; 35#endif /* not lint */ 36 37#ifndef lint 38static char sccsid[] = "@(#)rm.c 8.5 (Berkeley) 4/18/94"; 39#endif /* not lint */ 40#endif 41#include <sys/cdefs.h> 42__FBSDID("$FreeBSD: stable/10/bin/rm/rm.c 272372 2014-10-01 16:18:40Z gjb $"); 43 44#include <sys/stat.h> 45#include <sys/param.h> 46#include <sys/mount.h> 47 48#include <err.h> 49#include <errno.h> 50#include <fcntl.h> 51#include <fts.h> 52#include <grp.h> 53#include <pwd.h> 54#include <stdint.h> 55#include <stdio.h> 56#include <stdlib.h> 57#include <string.h> 58#include <sysexits.h> 59#include <unistd.h> 60 61static int dflag, eval, fflag, iflag, Pflag, vflag, Wflag, stdin_ok; 62static int rflag, Iflag, xflag; 63static uid_t uid; 64static volatile sig_atomic_t info; 65 66static int check(const char *, const char *, struct stat *); 67static int check2(char **); 68static void checkdot(char **); 69static void checkslash(char **); 70static void rm_file(char **); 71static int rm_overwrite(const char *, struct stat *); 72static void rm_tree(char **); 73static void siginfo(int __unused); 74static void usage(void); 75 76/* 77 * rm -- 78 * This rm is different from historic rm's, but is expected to match 79 * POSIX 1003.2 behavior. The most visible difference is that -f 80 * has two specific effects now, ignore non-existent files and force 81 * file removal. 82 */ 83int 84main(int argc, char *argv[]) 85{ 86 int ch; 87 char *p; 88 89 /* 90 * Test for the special case where the utility is called as 91 * "unlink", for which the functionality provided is greatly 92 * simplified. 93 */ 94 if ((p = strrchr(argv[0], '/')) == NULL) 95 p = argv[0]; 96 else 97 ++p; 98 if (strcmp(p, "unlink") == 0) { 99 while (getopt(argc, argv, "") != -1) 100 usage(); 101 argc -= optind; 102 argv += optind; 103 if (argc != 1) 104 usage(); 105 rm_file(&argv[0]); 106 exit(eval); 107 } 108 109 Pflag = rflag = xflag = 0; 110 while ((ch = getopt(argc, argv, "dfiIPRrvWx")) != -1) 111 switch(ch) { 112 case 'd': 113 dflag = 1; 114 break; 115 case 'f': 116 fflag = 1; 117 iflag = 0; 118 break; 119 case 'i': 120 fflag = 0; 121 iflag = 1; 122 break; 123 case 'I': 124 Iflag = 1; 125 break; 126 case 'P': 127 Pflag = 1; 128 break; 129 case 'R': 130 case 'r': /* Compatibility. */ 131 rflag = 1; 132 break; 133 case 'v': 134 vflag = 1; 135 break; 136 case 'W': 137 Wflag = 1; 138 break; 139 case 'x': 140 xflag = 1; 141 break; 142 default: 143 usage(); 144 } 145 argc -= optind; 146 argv += optind; 147 148 if (argc < 1) { 149 if (fflag) 150 return (0); 151 usage(); 152 } 153 154 checkdot(argv); 155 if (getenv("POSIXLY_CORRECT") == NULL) 156 checkslash(argv); 157 uid = geteuid(); 158 159 (void)signal(SIGINFO, siginfo); 160 if (*argv) { 161 stdin_ok = isatty(STDIN_FILENO); 162 163 if (Iflag) { 164 if (check2(argv) == 0) 165 exit (1); 166 } 167 if (rflag) 168 rm_tree(argv); 169 else 170 rm_file(argv); 171 } 172 173 exit (eval); 174} 175 176static void 177rm_tree(char **argv) 178{ 179 FTS *fts; 180 FTSENT *p; 181 int needstat; 182 int flags; 183 int rval; 184 185 /* 186 * Remove a file hierarchy. If forcing removal (-f), or interactive 187 * (-i) or can't ask anyway (stdin_ok), don't stat the file. 188 */ 189 needstat = !uid || (!fflag && !iflag && stdin_ok); 190 191 /* 192 * If the -i option is specified, the user can skip on the pre-order 193 * visit. The fts_number field flags skipped directories. 194 */ 195#define SKIPPED 1 196 197 flags = FTS_PHYSICAL; 198 if (!needstat) 199 flags |= FTS_NOSTAT; 200 if (Wflag) 201 flags |= FTS_WHITEOUT; 202 if (xflag) 203 flags |= FTS_XDEV; 204 if (!(fts = fts_open(argv, flags, NULL))) { 205 if (fflag && errno == ENOENT) 206 return; 207 err(1, "fts_open"); 208 } 209 while ((p = fts_read(fts)) != NULL) { 210 switch (p->fts_info) { 211 case FTS_DNR: 212 if (!fflag || p->fts_errno != ENOENT) { 213 warnx("%s: %s", 214 p->fts_path, strerror(p->fts_errno)); 215 eval = 1; 216 } 217 continue; 218 case FTS_ERR: 219 errx(1, "%s: %s", p->fts_path, strerror(p->fts_errno)); 220 case FTS_NS: 221 /* 222 * Assume that since fts_read() couldn't stat the 223 * file, it can't be unlinked. 224 */ 225 if (!needstat) 226 break; 227 if (!fflag || p->fts_errno != ENOENT) { 228 warnx("%s: %s", 229 p->fts_path, strerror(p->fts_errno)); 230 eval = 1; 231 } 232 continue; 233 case FTS_D: 234 /* Pre-order: give user chance to skip. */ 235 if (!fflag && !check(p->fts_path, p->fts_accpath, 236 p->fts_statp)) { 237 (void)fts_set(fts, p, FTS_SKIP); 238 p->fts_number = SKIPPED; 239 } 240 else if (!uid && 241 (p->fts_statp->st_flags & (UF_APPEND|UF_IMMUTABLE)) && 242 !(p->fts_statp->st_flags & (SF_APPEND|SF_IMMUTABLE)) && 243 lchflags(p->fts_accpath, 244 p->fts_statp->st_flags &= ~(UF_APPEND|UF_IMMUTABLE)) < 0) 245 goto err; 246 continue; 247 case FTS_DP: 248 /* Post-order: see if user skipped. */ 249 if (p->fts_number == SKIPPED) 250 continue; 251 break; 252 default: 253 if (!fflag && 254 !check(p->fts_path, p->fts_accpath, p->fts_statp)) 255 continue; 256 } 257 258 rval = 0; 259 if (!uid && 260 (p->fts_statp->st_flags & (UF_APPEND|UF_IMMUTABLE)) && 261 !(p->fts_statp->st_flags & (SF_APPEND|SF_IMMUTABLE))) 262 rval = lchflags(p->fts_accpath, 263 p->fts_statp->st_flags &= ~(UF_APPEND|UF_IMMUTABLE)); 264 if (rval == 0) { 265 /* 266 * If we can't read or search the directory, may still be 267 * able to remove it. Don't print out the un{read,search}able 268 * message unless the remove fails. 269 */ 270 switch (p->fts_info) { 271 case FTS_DP: 272 case FTS_DNR: 273 rval = rmdir(p->fts_accpath); 274 if (rval == 0 || (fflag && errno == ENOENT)) { 275 if (rval == 0 && vflag) 276 (void)printf("%s\n", 277 p->fts_path); 278 if (rval == 0 && info) { 279 info = 0; 280 (void)printf("%s\n", 281 p->fts_path); 282 } 283 continue; 284 } 285 break; 286 287 case FTS_W: 288 rval = undelete(p->fts_accpath); 289 if (rval == 0 && (fflag && errno == ENOENT)) { 290 if (vflag) 291 (void)printf("%s\n", 292 p->fts_path); 293 if (info) { 294 info = 0; 295 (void)printf("%s\n", 296 p->fts_path); 297 } 298 continue; 299 } 300 break; 301 302 case FTS_NS: 303 /* 304 * Assume that since fts_read() couldn't stat 305 * the file, it can't be unlinked. 306 */ 307 if (fflag) 308 continue; 309 /* FALLTHROUGH */ 310 311 case FTS_F: 312 case FTS_NSOK: 313 if (Pflag) 314 if (!rm_overwrite(p->fts_accpath, p->fts_info == 315 FTS_NSOK ? NULL : p->fts_statp)) 316 continue; 317 /* FALLTHROUGH */ 318 319 default: 320 rval = unlink(p->fts_accpath); 321 if (rval == 0 || (fflag && errno == ENOENT)) { 322 if (rval == 0 && vflag) 323 (void)printf("%s\n", 324 p->fts_path); 325 if (rval == 0 && info) { 326 info = 0; 327 (void)printf("%s\n", 328 p->fts_path); 329 } 330 continue; 331 } 332 } 333 } 334err: 335 warn("%s", p->fts_path); 336 eval = 1; 337 } 338 if (!fflag && errno) 339 err(1, "fts_read"); 340 fts_close(fts); 341} 342 343static void 344rm_file(char **argv) 345{ 346 struct stat sb; 347 int rval; 348 char *f; 349 350 /* 351 * Remove a file. POSIX 1003.2 states that, by default, attempting 352 * to remove a directory is an error, so must always stat the file. 353 */ 354 while ((f = *argv++) != NULL) { 355 /* Assume if can't stat the file, can't unlink it. */ 356 if (lstat(f, &sb)) { 357 if (Wflag) { 358 sb.st_mode = S_IFWHT|S_IWUSR|S_IRUSR; 359 } else { 360 if (!fflag || errno != ENOENT) { 361 warn("%s", f); 362 eval = 1; 363 } 364 continue; 365 } 366 } else if (Wflag) { 367 warnx("%s: %s", f, strerror(EEXIST)); 368 eval = 1; 369 continue; 370 } 371 372 if (S_ISDIR(sb.st_mode) && !dflag) { 373 warnx("%s: is a directory", f); 374 eval = 1; 375 continue; 376 } 377 if (!fflag && !S_ISWHT(sb.st_mode) && !check(f, f, &sb)) 378 continue; 379 rval = 0; 380 if (!uid && !S_ISWHT(sb.st_mode) && 381 (sb.st_flags & (UF_APPEND|UF_IMMUTABLE)) && 382 !(sb.st_flags & (SF_APPEND|SF_IMMUTABLE))) 383 rval = lchflags(f, sb.st_flags & ~(UF_APPEND|UF_IMMUTABLE)); 384 if (rval == 0) { 385 if (S_ISWHT(sb.st_mode)) 386 rval = undelete(f); 387 else if (S_ISDIR(sb.st_mode)) 388 rval = rmdir(f); 389 else { 390 if (Pflag) 391 if (!rm_overwrite(f, &sb)) 392 continue; 393 rval = unlink(f); 394 } 395 } 396 if (rval && (!fflag || errno != ENOENT)) { 397 warn("%s", f); 398 eval = 1; 399 } 400 if (vflag && rval == 0) 401 (void)printf("%s\n", f); 402 if (info && rval == 0) { 403 info = 0; 404 (void)printf("%s\n", f); 405 } 406 } 407} 408 409/* 410 * rm_overwrite -- 411 * Overwrite the file 3 times with varying bit patterns. 412 * 413 * XXX 414 * This is a cheap way to *really* delete files. Note that only regular 415 * files are deleted, directories (and therefore names) will remain. 416 * Also, this assumes a fixed-block file system (like FFS, or a V7 or a 417 * System V file system). In a logging or COW file system, you'll have to 418 * have kernel support. 419 */ 420static int 421rm_overwrite(const char *file, struct stat *sbp) 422{ 423 struct stat sb, sb2; 424 struct statfs fsb; 425 off_t len; 426 int bsize, fd, wlen; 427 char *buf = NULL; 428 429 fd = -1; 430 if (sbp == NULL) { 431 if (lstat(file, &sb)) 432 goto err; 433 sbp = &sb; 434 } 435 if (!S_ISREG(sbp->st_mode)) 436 return (1); 437 if (sbp->st_nlink > 1 && !fflag) { 438 warnx("%s (inode %ju): not overwritten due to multiple links", 439 file, (uintmax_t)sbp->st_ino); 440 return (0); 441 } 442 if ((fd = open(file, O_WRONLY|O_NONBLOCK|O_NOFOLLOW, 0)) == -1) 443 goto err; 444 if (fstat(fd, &sb2)) 445 goto err; 446 if (sb2.st_dev != sbp->st_dev || sb2.st_ino != sbp->st_ino || 447 !S_ISREG(sb2.st_mode)) { 448 errno = EPERM; 449 goto err; 450 } 451 if (fstatfs(fd, &fsb) == -1) 452 goto err; 453 bsize = MAX(fsb.f_iosize, 1024); 454 if ((buf = malloc(bsize)) == NULL) 455 err(1, "%s: malloc", file); 456 457#define PASS(byte) { \ 458 memset(buf, byte, bsize); \ 459 for (len = sbp->st_size; len > 0; len -= wlen) { \ 460 wlen = len < bsize ? len : bsize; \ 461 if (write(fd, buf, wlen) != wlen) \ 462 goto err; \ 463 } \ 464} 465 PASS(0xff); 466 if (fsync(fd) || lseek(fd, (off_t)0, SEEK_SET)) 467 goto err; 468 PASS(0x00); 469 if (fsync(fd) || lseek(fd, (off_t)0, SEEK_SET)) 470 goto err; 471 PASS(0xff); 472 if (!fsync(fd) && !close(fd)) { 473 free(buf); 474 return (1); 475 } 476 477err: eval = 1; 478 if (buf) 479 free(buf); 480 if (fd != -1) 481 close(fd); 482 warn("%s", file); 483 return (0); 484} 485 486 487static int 488check(const char *path, const char *name, struct stat *sp) 489{ 490 int ch, first; 491 char modep[15], *flagsp; 492 493 /* Check -i first. */ 494 if (iflag) 495 (void)fprintf(stderr, "remove %s? ", path); 496 else { 497 /* 498 * If it's not a symbolic link and it's unwritable and we're 499 * talking to a terminal, ask. Symbolic links are excluded 500 * because their permissions are meaningless. Check stdin_ok 501 * first because we may not have stat'ed the file. 502 */ 503 if (!stdin_ok || S_ISLNK(sp->st_mode) || 504 (!access(name, W_OK) && 505 !(sp->st_flags & (SF_APPEND|SF_IMMUTABLE)) && 506 (!(sp->st_flags & (UF_APPEND|UF_IMMUTABLE)) || !uid))) 507 return (1); 508 strmode(sp->st_mode, modep); 509 if ((flagsp = fflagstostr(sp->st_flags)) == NULL) 510 err(1, "fflagstostr"); 511 if (Pflag) 512 errx(1, 513 "%s: -P was specified, but file is not writable", 514 path); 515 (void)fprintf(stderr, "override %s%s%s/%s %s%sfor %s? ", 516 modep + 1, modep[9] == ' ' ? "" : " ", 517 user_from_uid(sp->st_uid, 0), 518 group_from_gid(sp->st_gid, 0), 519 *flagsp ? flagsp : "", *flagsp ? " " : "", 520 path); 521 free(flagsp); 522 } 523 (void)fflush(stderr); 524 525 first = ch = getchar(); 526 while (ch != '\n' && ch != EOF) 527 ch = getchar(); 528 return (first == 'y' || first == 'Y'); 529} 530 531#define ISSLASH(a) ((a)[0] == '/' && (a)[1] == '\0') 532static void 533checkslash(char **argv) 534{ 535 char **t, **u; 536 int complained; 537 538 complained = 0; 539 for (t = argv; *t;) { 540 if (ISSLASH(*t)) { 541 if (!complained++) 542 warnx("\"/\" may not be removed"); 543 eval = 1; 544 for (u = t; u[0] != NULL; ++u) 545 u[0] = u[1]; 546 } else { 547 ++t; 548 } 549 } 550} 551 552static int 553check2(char **argv) 554{ 555 struct stat st; 556 int first; 557 int ch; 558 int fcount = 0; 559 int dcount = 0; 560 int i; 561 const char *dname = NULL; 562 563 for (i = 0; argv[i]; ++i) { 564 if (lstat(argv[i], &st) == 0) { 565 if (S_ISDIR(st.st_mode)) { 566 ++dcount; 567 dname = argv[i]; /* only used if 1 dir */ 568 } else { 569 ++fcount; 570 } 571 } 572 } 573 first = 0; 574 while (first != 'n' && first != 'N' && first != 'y' && first != 'Y') { 575 if (dcount && rflag) { 576 fprintf(stderr, "recursively remove"); 577 if (dcount == 1) 578 fprintf(stderr, " %s", dname); 579 else 580 fprintf(stderr, " %d dirs", dcount); 581 if (fcount == 1) 582 fprintf(stderr, " and 1 file"); 583 else if (fcount > 1) 584 fprintf(stderr, " and %d files", fcount); 585 } else if (dcount + fcount > 3) { 586 fprintf(stderr, "remove %d files", dcount + fcount); 587 } else { 588 return(1); 589 } 590 fprintf(stderr, "? "); 591 fflush(stderr); 592 593 first = ch = getchar(); 594 while (ch != '\n' && ch != EOF) 595 ch = getchar(); 596 if (ch == EOF) 597 break; 598 } 599 return (first == 'y' || first == 'Y'); 600} 601 602#define ISDOT(a) ((a)[0] == '.' && (!(a)[1] || ((a)[1] == '.' && !(a)[2]))) 603static void 604checkdot(char **argv) 605{ 606 char *p, **save, **t; 607 int complained; 608 609 complained = 0; 610 for (t = argv; *t;) { 611 if ((p = strrchr(*t, '/')) != NULL) 612 ++p; 613 else 614 p = *t; 615 if (ISDOT(p)) { 616 if (!complained++) 617 warnx("\".\" and \"..\" may not be removed"); 618 eval = 1; 619 for (save = t; (t[0] = t[1]) != NULL; ++t) 620 continue; 621 t = save; 622 } else 623 ++t; 624 } 625} 626 627static void 628usage(void) 629{ 630 631 (void)fprintf(stderr, "%s\n%s\n", 632 "usage: rm [-f | -i] [-dIPRrvWx] file ...", 633 " unlink file"); 634 exit(EX_USAGE); 635} 636 637static void 638siginfo(int sig __unused) 639{ 640 641 info = 1; 642} 643