<code>rm</code>, short for remove, is a shell command for removing files (which includes special files such as directories) from the file system. The command may not actually delete a file (release its storage for reuse) since it only unlinks it removes a hard link to a file via the <code>unlink()</code> system call. If a file has multiple links and less than all are removed, then the file remains in the file system; accessible via its other links. When a file's only link is removed, then the file is deleted releasing its storage space for other use.
Generally, a deleted file's former storage space still contains the file's data until it is overwritten with another file's content. The data is not accessible via normal file operations but can be recovered via specialized tools. Since this is considered a security risk in some contexts, a hardened version of may wipe the file's storage area when the file is deleted. Commands such as shred and srm specifically provide data wiping.
Since <code>rm</code> does not provide a fallback to recover a file such as a recycle bin, its use involves the risk of accidentally losing information. Users tend to wrap calls to <code>rm</code> in safety mechanisms to limit accidental deletion. There are undelete utilities that attempts to reconstruct the index and can bring the file back if its storage was not reused.
Originally, developed for Unix, today it is also available on Unix-like and non Unix-like systems, KolibriOS, IBM i, EFI shell. and Windows (via UnxUtils). The <code>del</code> command provides a similar capability in MS-DOS, OS/2, and Command Prompt.
Like , the <code>unlink</code> command also removes (unlinks) files, but only one file at a time.
On some old versions of Unix, the <code>rm</code> command would remove directories if they were empty. This behaviour can still be obtained in some versions of <code>rm</code> with the <code>-d</code> flag, e.g., the BSDs (such as FreeBSD, NetBSD, OpenBSD and macOS) derived from 4.4BSD-Lite2.
The version in GNU Core Utilities was written by Paul Rubin, David MacKenzie, Richard Stallman, and Jim Meyering. This version provides a <code>-d</code> option to help with compatibility. The same functionality is provided by the standard <code>rmdir</code> command.
Options commonly provided by a command implementation:
By default, <code>rm</code> removes specified files, but does not remove a directory. For example, the following removes the file named foo
But that command fails if foo is a directory. To delete directory foo:
The command is often used with xargs to supply a list of files:
To remove all PNG images in all directories below the current one:
On most file systems, removing a file requires write and execute permissions on the containing directory. Some may be confused that permissions on the file to be removed are irrelevant. However, the GNU implementation confirms removing a write-protected file unless the -f option is used.
To remove a directory (using <code>-r</code>), its contents must be removed, recursively. This requires the user to have read, write and execute permissions to the directory (if it's not empty) and any non-empty subdirectories recursively. Read permission is needed to list the contents of the directory. This sometimes leads to an odd situation where a non-empty directory cannot be removed because the user doesn't have write permission to it and so cannot remove its contents, but if the same directory were empty, the user would be able to remove it.
If a file resides in a directory with the sticky bit set, then removing the file requires the user to own the file.
Commands like <code>rm -rf *</code> are relatively risky since they can delete many files in an unrecoverable way. Such commands are sometimes referenced in anecdotes about disastrous mistakes, such as during the production of the film Toy Story 2.
To minimize the risk of accidental file deletions, a common technique is to hide the default command behind an alias or a function that includes the interactive option. For example:
or
Then, by default, requires the user to confirm removing each file by pressing or plus . To bypass confirmation, a user can include the <code>-f</code> option (as the option specified later on the expanded command line "<code>rm -i -f</code>" takes precedence).
Unfortunately this can lead to other accidental removals since it trains users to be careless about the wildcards they hand to <code>rm</code>, as well as encouraging a tendency to mindlessly press and to confirm. Users have even been seen going as far as using <code>yes | rm files</code>, which automatically confirms the deletion of each file.
A compromise that allows users to confirm just once, encourages proper wildcarding, and makes verification of the list easier can be achieved with something like:
Arguably, this function should not be made into a shell script, which would run a risk of it being found ahead of the system <code>rm</code> in the search path, nor should it be allowed in non-interactive shells where it could break batch jobs. Enclosing the definition in the <code>if [ -n "$PS1" ] ; then .... ; fi</code> construct protects against the latter.
Other commands are designed to prevent accidental deletion, including and .
The <code>rm -rf /</code> command, if run by a superuser, causes every file of the file system to be deleted. For safety, Sun Microsystems introduced special protection for this command in Solaris 10 (first released in 2005). The implementation reports that removing is not allowed. Shortly thereafter, the same functionality was introduced into the FreeBSD implementation. The GNU version refuses to execute <code>rm -rf /</code> if the <code>--preserve-root</code> option is included, which has been the default since version 6.4 of GNU Core Utilities. In newer systems, this failsafe is always active, even without the option. To run the command, user must bypass the failsafe by adding the option <code>--no-preserve-root</code>, even if they are the superuser.
The GNU Core Utilities implementation has limits on command line arguments. Arguments are nominally limited to 32 times the kernel's allocated page size. Systems with 4KB page size would thus have a argument size limit of 128KB. For command-line arguments before kernel 2.6.23, the limits were defined at kernel compile time and can be modified by changing the variable <code>MAX_ARG_PAGES</code> in <code>include/linux/binfmts.h</code> file. Newer kernels limit the maximum argument length to 25% of the maximum stack limit (ulimit -s). Exceeding the limit results in an error.