Essential Safety Checklist for Dangerous Linux Commands in Production

Every year there are headlines about databases being deleted and people running away; in reality, deleting data is easy while escaping the consequences is hard, and operators often shed tears.

These dangerous actions are not always driven by malicious intent, but the commands themselves are hazardous. When working online, stay alert and avoid careless mistakes.

Never log into production servers after drinking alcohol.

Never operate after an argument or emotional upset.

Avoid long overtime before accessing production environments.

Never experiment with unfamiliar commands on live systems.

Always back up critical systems first.

1. Preparation

When executing dangerous commands, take a deep breath. First run

ifconfig

or

ip addr

to confirm you are on the correct server.

<code>$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:16:3e:34:e9:a9 brd ff:ff:ff:ff:ff:ff
    inet 172.19.26.39/20 brd 172.19.31.255 scope global dynamic noprefixroute eth0</code>

Then take another breath and run

pwd

to ensure you are in the correct directory.

<code>$ pwd
/etc/nginx</code>

2. rm -rf command

The

-rf

flag recursively deletes files; a missing space or an extra slash can cause catastrophic data loss. Examples:

<code>rm -rf ./* => rm -rf /
rm -rf abc/ => rm -rf abc /</code>

When typing, move slowly and wait for shell completion before confirming.

In scripts, an unset variable can turn

rm -rf ${p}/*

into

rm -rf /

; always verify variables are not empty before using them.

3. chmod command

chmod changes file and directory permissions; misuse can be as disastrous as rm. A safe recovery method is to back up permissions with

getfacl -R / > chmod.txt

and later restore with

setfacl --restore=chmod.txt

.

4. cat command

Redirect operators can cause data loss; using

cat >> file

appends, but missing a

>

will overwrite the file. Similar risks apply to

echo

redirection.

5. dd command

The

dd if=/dev/zero of=/dev/sda bs=512 count=1

command formats a disk; accidental execution will erase all data.

6. cp command

cp can overwrite files; adding an alias

alias cp='cp -i'

prompts before overwriting. The same applies to

mv -i

.

7. tar command

Using

tar -xf

can overwrite existing files in the current directory; be cautious.

8. vim command

Opening large files with vim may trigger the OOM killer, killing other processes. Typing

:wq

carelessly can corrupt files. Prefer read‑only mode with

view

or use

less

/

more

for inspection.

9. mkfs.* command

Commands like

mkfs.ext4

format disks and should only be run during controlled initialization, never on production servers.

10. MySQL safety

Use

mysql -U

(or

--safe-updates

,

--i-am-a-dummy

) to prevent UPDATE/DELETE without a WHERE clause. Set an alias

alias mysql='mysql -U'

. For critical changes, start a transaction, confirm, then commit. Use

binlog2sql

to roll back DML mistakes. Be careful with DDL; it locks tables, can cause massive I/O, and should be executed during low‑traffic periods, preferably with the

inplace

algorithm.

Online environments are priceless; act with caution, not speed.