13

I was wondering if using rm $(ls) to delete files(or rm -r $(ls) to delete directories as well) was safe? Because in all the websites, people give other ways to do this even though this command seems much easier than other commands.

Sergiy Kolodyazhnyy
  • 105,154
  • 20
  • 279
  • 497
posixKing
  • 1,133
  • 3
    Basic answer, no. ls can't handle special characters. I can write an answer in a bit to explain this in more detail – Sergiy Kolodyazhnyy Sep 03 '16 at 01:42
  • 5
    touch 'foo -r .. bar' ; rm $(ls); where'd my parent directory go? Also, what kind of alternatives are you seeing that are even more complicated than this? rm * is far easier to type and think about, and safer (but not perfectly safe; see Dennis's answer). – Peter Cordes Sep 03 '16 at 09:15
  • 1
    In addition to the excellent answers, be aware that ls can vary between implementations, and therefore is non-standard. Depending on what you need, consider alternatives such as find and stat. You should use ls only for human consumption, never for use by other commands or in scripts. – Paddy Landau Sep 06 '16 at 10:35

2 Answers2

26

No, it is not safe, and the commonly used alternative rm * isn't a lot safer.

There are many problems with rm $(ls). As others have already covered in their answers, the output of ls will be split at characters present in the internal field separator.

Best case scenario, it simply doesn't work. Worst case scenario, you intended to remove only files (but not directories) – or selectively remove some files with -i – but there's a file with the name c -rf in the current directory. Let's see what happens.

$ mkdir a
$ touch b
$ touch 'c -rf'
$ rm -i $(ls)
$ ls
c -rf

The command rm -i $(ls) was supposed to remove only files and ask before removing each one, but the command that was ultimately executed read

rm -i a b c -rf

so it did something else entirely.

Note that rm * is only marginally better. With the directory structure as before, it will behave as intended here, but if you have a file called -rf, you're still out of luck.

$ mkdir a
$ touch b
$ touch ./-rf
$ rm -i *
$ ls
-rf

There are several better alternatives. The easiest ones involve only rm and globbing.

  • The command

    rm -- *

    will work exactly as intended, where -- signals that everything after it should not be interpreted as an option.

    This has been part of the POSIX utility syntax guidelines for over two decades now. It's widespread, but you shouldn't expect it to be present everywhere.

  • The command

    rm ./*

    makes the glob expand differently and thus requires no support from the called utility.

    For my example from above, you can see the command that will ultimately be executed by prepending echo.

    $ echo rm ./*
rm ./a ./b ./-rf

    The leading ./ prevents rm from accidentally treating any of the filenames like options.

Dennis
  • 1,839
  • 1
    Very good point , filenames with - after expansion become flags to rm. +1 – Sergiy Kolodyazhnyy Sep 03 '16 at 04:43
  • 1
    Even nastier: touch 'foo -rf .. bar. I don't think an attacker can get any higher than the parent directory, unless we can produce a path separator in ls's output. – Peter Cordes Sep 03 '16 at 09:23
  • @Peter attacker would have to have write permissions to remove patent directory in the first place, no ? – Sergiy Kolodyazhnyy Sep 03 '16 at 16:36
  • 1
    @PeterCordes I'm not sure if all versions of rm have this failsafe, but on Ubuntu, openSUSE, and Fedora, it says rm: refusing to remove '.' or '..' directory: skipping '..' or something similar when trying to remove the parent directory. – Dennis Sep 03 '16 at 17:11
  • @Serg: the attacker just sends you a .zip with that filename in it and lets you shoot yourself in the foot by extracting it and then trying to delete the contents. Or by creating that filename in /var/tmp or something. – Peter Cordes Sep 03 '16 at 18:56
  • @Dennis correct, Just tried that: $ rm -rf .. rm: refusing to remove '.' or '..' directory: skipping '..' – Sergiy Kolodyazhnyy Sep 03 '16 at 19:00
7

What this is intended to do?

  • ls lists files in current directory
  • $(ls) substitutes output of ls places that as argument for rm
  • Essentially rm $(ls) is intended to delete all files in current directory

What's wrong with this picture ?

ls cannot properly handle special characters in filename. Unix users generally advised to use different approaches. I've also showed that in a related question about counting filenames. For instance:

$ touch file$'\n'name                                                                                                    
$ ls                                                                                                                     
file?name
$ rm $(ls)
rm: cannot remove 'file': No such file or directory
rm: cannot remove 'name': No such file or directory
$

Also, as properly mentioned in Denis's answer, a filename with leading dashes, could be interpreted as argument to rm after substitution, which defeats the purpose of removing filename.

What works

You want to delete files in current directory. So use glob rm *:

$ ls                                                                                                                     
file?name
$ rm $(ls)
rm: cannot remove 'file': No such file or directory
rm: cannot remove 'name': No such file or directory
$ rm *
$ ls
$

You can use find command. This tool is frequently recommended for more than just current directory - it can recursively traverse entire directory tree, and operate on files via -exec . . .{} \; 

$ touch "file name"                                
$ find . -maxdepth 1 -mindepth 1                                                                                         
./file name
$ find . -maxdepth 1 -mindepth 1 -exec rm {} \;                                                                          
$ ls
$

Python doesn't have issue with special characters in filenames, so we could employ that as well(note that this one is for files only, you will need to use os.rmdir() and os.path.isdir() if you want to operate on directories):

python -c 'import os; [ os.remove(i) for i in os.listdir(".") if os.path.isfile(i) ]'

In fact, the command above could be turned into function or alias in ~/.bashrc for brevity. For example,

rm_stuff()
{
    # Clears all files in the current working directory
    python -c 'import os; [ os.remove(i) for i in os.listdir(".") if os.path.isfile(i) ]'

}

Perl version of that would be

perl -e 'use Cwd;my $d=cwd();opendir(DIR,$d); while ( my $f = readdir(DIR)){ unlink $f;}; closedir(DIR)'
Community
  • 1
Sergiy Kolodyazhnyy
  • 105,154
  • 20
  • 279
  • 497
  • 1
    Your "$(ls)" example only works if there's only one file in the directory. You might as well just use tab-completion to expand the filename since it's the only completion. – Peter Cordes Sep 03 '16 at 09:20
  • @PeterCordes indeed, for an odd reason it only works with one file. That's one more argument against using ls then :) I'll edit it out – Sergiy Kolodyazhnyy Sep 03 '16 at 15:26
  • I wouldn't call it an odd reason: you either quote $(ls) to disable word splitting, or you let word-splitting happen (with disastrous results). The only clean way to pass around a list of multiple strings without treating data as code is with array variables, or with \0 as a separator, but the shell itself can't do that. Still IFS=$'\n' is the least dangerous, but can't match find -print0 | xargs -0. Or grep -l --null. Or you avoid the whole issue with things like find -exec rm {} +. (Note the + to pass multiple args to each invocation of rm; WAY more efficient). – Peter Cordes Sep 03 '16 at 15:32
  • @PeterCordes Yup, totally agreed there. But IFS=$'\n' will fail in this case ,too, since I've newline in filename, so wordsplitting will treat it as two filenames instead of one. The odd reason , however, is the fact that with default IFS which is space,tab,newline , original rm "$(ls)" should also fail, it should treat like i said the filename as two separate ones, but it didn't. Typically I use find with -exec , or find . . .-print0 | while IFS= read -d'' FILENAME ; do . . . done structure to deal with filenames. Or one could use python , I've added example of that. – Sergiy Kolodyazhnyy Sep 03 '16 at 15:52
  • "$(ls)" always expands to one arg because the quotes protect the expansion of $(ls) from word-splitting. Just like they protect "$foo". – Peter Cordes Sep 03 '16 at 16:09
  • @PeterCordes so you're saying rm would treat "$(ls)" as one argument , even if there were multiple filenames ? I know quoting protects from word splitting , not the first time using it , but "$(ls)" should be expanding to multiple arguments. What you originally said is correct though - there occurs word splitting, and for filenames with newlines, shell will do word splitting – Sergiy Kolodyazhnyy Sep 03 '16 at 16:21
  • The output of ls is a string, command substitution doesn't change that. $(ls) is just a flat string. And it's the shell that chooses whether to treat "$(echo foo bar)" as one arg or not, not rm. – Peter Cordes Sep 03 '16 at 16:25
  • @PeterCordes ah , I see what you're saying. Yup, exactly right. – Sergiy Kolodyazhnyy Sep 03 '16 at 16:26
  • The Bash FAQ (linked in the accepted answer to this question) explains it pretty well. – Peter Cordes Sep 03 '16 at 16:26
  • Oh, there's plenty material on that online. I usually refer to the article I've linked in my answer, since even that wiki that accepted answer has linked references it. Personally i just avoid dealing with filenames in bash. Other programs like find address bash pitfalls a bit better – Sergiy Kolodyazhnyy Sep 03 '16 at 16:41