Post

Stop Reaching for rm -rf

Posted
By Kevin Panko
2 min read
Stop Reaching for rm -rf

If your muscle memory for deleting a directory is rm -rf, you’re doing what most Unix users do—and you’re taking on risk you don’t need.

-f doesn’t mean “force, but safely.” It means disable the guardrails.

(See the official documentation: rm(1))

It suppresses prompts, ignores permissions, and hides information that would otherwise tell you you’re about to do something dumb.

A safer default is:

1

rm -r some-directory

If—and only if—that fails for a reason you understand, then consider adding -f.

What -f Actually Takes Away

rm -f removes signals that are useful precisely when you’re operating on large or unfamiliar directory trees:

  • Permission errors: Files owned by another user or protected by mode bits should stop you. That pause is a feature, not friction.
  • Write-protected files: The prompt is often the last chance to notice you’re deleting something you didn’t mean to.
  • Nonexistent paths: -f happily hides typos. rm -r log vs rm -r logs is a real foot-gun.

Unix tools are designed to complain when something is unusual. -f tells them to shut up.

Symlinks are one of the easiest ways to get surprised:

  • rm -r removes the symlink itself.
  • But when combined with shell globbing or poorly understood directory layouts, it’s easy to misunderstand what you’re actually deleting.

If a directory contains symlinks into places you care about, a failed deletion is a useful moment to stop and inspect the tree (see ln(1) and symlink(7)):

1
2

ls -l
find . -type l

Silencing errors removes that moment.

Mixed Ownership and Shared Systems

On multi-user systems (servers, build machines, CI runners — see chmod(1) and chown(1)):

  • A directory may contain files owned by other users.
  • rm -r will stop and tell you.
  • rm -rf will plow ahead where it can, leaving you with a half-deleted, inconsistent state.

That’s not just dangerous—it’s harder to debug afterward.

Filesystems Lie (Sometimes)

There are failure modes that -f hides but shouldn’t (see mount(8) and nfs(5)):

  • Read-only mounts
  • Stale NFS handles
  • Permission changes mid-operation
  • Immutable attributes (chattr +i) — see chattr(1)

When rm -r stops, it’s telling you something about the environment. When rm -rf ignores it, you lose that information and keep going blind.

The Better Habit

  1. Start with:

    1

    rm -r target
  2. Read the error.
  3. Decide whether the error is expected.
  4. Add -f only if you understand why it’s safe.

If you want extra safety (see rm(1) on -i):

1

rm -ri target

Yes, it’s slower. That’s the point.

“But I Know What I’m Doing”

Everyone who’s ever nuked the wrong directory also thought that.

Unix gives you sharp tools, but it also gives you feedback. Don’t throw that away by default. Let the command fail first. It will save you from yourself.

software
unix