add rm -i to the 03-working-with-files lesson

[ryanpeek]

Showing rm -i in the lesson would be a nice option instead of just rm. Many users learning rm for the first time probably get the be very very careful spiel (hopefully). Mention the slight safety net associated with rm -i before showing the rm -r backup.

I'll try to file a PR after the workshop but wanted to get this in as a reminder.

Thanks!

R

[raynamharris]

Alternatively, why are we teaching rm on day 1 in the first place? I have always found it quite strange that in many lessons (SWC and DC both) we have people create and delete things really quickly. When things are deleted, it is impossible for a learner to go back and see what they did during a lesson. I would argue that rm shouldn't be taught until Day 2.

[jsgro]

File deletion warning

Continuing on these old remarks for Working with Files and Directories that might be useful to add in the Instructor Notes as a Warning: Using Docker rather than AWS may lead to deleting files on host computer regardless of file permissions.
To mimic AWS instance (shown as Ubuntu 14.04.3 LTS on splash screen of lesson 01 I used an Ubuntu Docker session. I then verified the issue on Alpine as well as CentOS 7 Docker sessions. In all sessions I created a non-root user dcuser into which I could log-in. All sessions shared a directory from the host computer (Macintosh.) In all session file permissions set to -r--r--r-- did not prevent rm to actually remove the file! This was true even if the file was created on the Macintosh, and given -r--r--r-- on the Macintosh side. Hence, user files can be removed!
Of note, a redirect > command that would overwrite the file was not allowed with these permissions, confirming that it is indeed the rm command that ignores the permissions.

Conclusion:

Strong caution should be taken if teaching users that file permissions alone and by themselves would be protective. To quote @ryanpeek first post it would be best to talk about rm -i at this point.

Verify yourself:

If you want to recreate this you can use these commands to share the current directory: (requires that docker be installed.)

docker run -it --rm -v ${PWD}:/home ubuntu
docker run -it --rm -v ${PWD}:/home alpine
docker run -it --rm -v ${PWD}:/home centos:7

User can be created by useradd if present (CentOS, Ubuntu) or created with careful manual editing of /etc/passwd, /etc/shadow, and /etc/group. A password can be added with command passwd.The login command can be used to login as thenon root user.

While this might be a peculiar behavior of Docker instances, it is nevertheless a lesson that file privileges are not absolute. I also have experience with file permissions being "just appearances" in Linux systems sharing very large disk space (assembled to appear as one gigantic disk by systems such as Isilon for example: in this case the permissions seen by the Linux user was just a pale idea of the truth i.e. the real file permissions.

[aschuerch]

Thanks @jsgro, I agree that it's useful to have this information in the Instructor notes. Are you up to put in a pull request?

[jsgro]

I was so baffled by this (above comment: "File deletion warning") that I opened an issue on the Docker Github and the gist of it is that on a Mac, a Docker-Linux instance will remove the file and not ask if it is OK. That is the problem that in the end I find disturbing. (There are "deep" explanation on the issue (5944) to explain why that is.)

On the Working with Files and Directories,lesson 03, having the file permission set to -r--r--r-- is in fact equivalent to using rm -i when wanting to delete the file(s). This would be a better choice. The only difference is in the question asked:

• rm: remove regular file ‘note.txt’? if permissions are -rw-r--r--
• rm: remove write-protected regular file ‘note.txt’? if permissions are -r--r--r--

I would like to point out that the student might think that the file will be protected from being removed, even if we eventually remove it with y. Since a question was ask, it is safe (well no!)
However, with Docker-Mac the file will be removed without asking!
And if the rm command is a rather global command like rm abc*.* then all will be removed without a single question (instead of a one question per file.) Point: this is "false feeling of security".

TO SECURE files from being deleted, it is a better practice to change the permissions of the directory containing the file(s) to make the directory read-only which will prevent file deletion.

In addition, rm -r is a dangerous command and care should be taken to give ample warning to the students.
In my own classes (not Carpentries) I have purposefully NOT included rm -r in the printed text but I teach it to them and have them write the command "by hand" on their hand-out in order to take the time to give the necessary cautious warning. I call it "the dangerous command."