The "Don't Do This" Guide🔗
Part of Day One
This is the seventh and final article in the Day One: Getting Started series. Read this before making any changes to a production server.
You've learned what to do on a production server. Now let's talk about what not to do.
These aren't hypothetical dangers. Every rule here exists because someone (often a very smart someone) made this mistake and caused an outage. Learn from their pain.
Read this before you do anything with sudo.
The Cardinal Rules🔗
Rule 1: Don't Run Commands You Don't Understand🔗
Someone in a forum says "just run this":
| DO NOT RUN THIS | |
|---|---|
Never do this. You're downloading and executing unknown code with root privileges.
Even if the command looks harmless, understand what it does before running it:
rmdeletes things>overwrites fileschmod 777makes everything writable by everyoneddcan destroy disks
When in doubt: Ask someone. Look it up. Don't just run it.
Rule 2: Don't Make Changes Without Understanding Impact🔗
Before changing anything, ask:
- What does this change do?
- What could go wrong?
- How do I undo it?
- Is anyone else affected?
If you can't answer these questions, you're not ready to make the change.
Rule 3: Test in Lower Environments First🔗
The hierarchy of environments exists for a reason:
Never test changes in production if you have staging available.
The Dangerous Commands🔗
rm - Delete With Extreme Prejudice🔗
rm doesn't move files to trash. It destroys them. Forever.
| DANGEROUS - DO NOT RUN | |
|---|---|
- Deletes EVERYTHING.
- Also deletes EVERYTHING.
- Deletes all user data.
- Deletes everything in the current directory.
The -rf Flags
-r= Recursive (delete directories and contents)-f= Force (no confirmation prompts)
Together, they delete everything without asking. One typo and you've lost data.
Safer alternatives:
| Safer Deletion | |
|---|---|
- Check what you're about to delete first.
-rstill recurses into directories, but dropping-fand adding-imakesrminteractive — it prompts before deleting each file. Slower, but it catches mistakes before they happen.- Use
trash-cliif available — moves to a trash folder instead of destroying.
chmod 777 - The Security Disaster🔗
- Anyone can read/write/execute.
- Security nightmare.
777 means: owner, group, AND everyone else can read, write, and execute.
What's wrong with this?
- Any user on the system can modify your files
- Attackers who get minimal access can now modify everything
- Some applications refuse to run with 777 permissions (SSH keys, for example)
What to do instead:
| Proper Permissions | |
|---|---|
- Make file readable by owner and group.
- Make directory accessible.
- If you're not sure, check current permissions and ask what they should be.
Restarting Services in Production🔗
These commands cause downtime. Even "restart" has a brief interruption.
Before restarting anything:
- Is this production?
- What depends on this service?
- Is there a maintenance window?
- Have you told anyone?
- Is there a rollback plan?
Better approach:
- Ask: "Is it okay to restart nginx on prod?"
- Check if there's an on-call procedure
- Schedule a maintenance window if needed
- Use
reloadinstead ofrestartwhen possible (zero-downtime config reload)
- Reloads config without dropping connections.
- Full restart, connections dropped.
Writing to System Files🔗
| DANGEROUS - DO NOT RUN | |
|---|---|
- Truncates the log file.
The > operator overwrites files. The >> operator appends. One wrong character and you've destroyed a critical system file.
Before writing to any file:
- Is this a system file?
- Do you have a backup?
- Are you using
>or>>? - Have you tested this command?
Safer approach:
| Safer File Editing | |
|---|---|
- Make a backup first.
- Edit safely —
sudoeditopens a temp copy in your preferred editor. - Verify the change.
dd - The Disk Destroyer🔗
dd is powerful and dangerous. It writes raw data to devices.
| WILL DESTROY YOUR DISK | |
|---|---|
- Wipes the primary disk.
If you see dd in a command, be extremely careful about the of= target. A wrong target destroys data instantly with no confirmation.
Things That Seem Safe But Aren't🔗
Editing Config Files Directly🔗
| RISKY | |
|---|---|
This isn't dangerous by itself, but:
- One syntax error can break the service
- You might accidentally save a half-finished edit
- Your preferred editor may not be vim
The right tool: sudoedit
sudoedit (also spelled sudo -e) is the correct way to edit system files. It:
- Makes a temporary copy of the file
- Opens it in your user's default editor (set by your
$EDITORenvironment variable — nano, vim, whatever you prefer) - Only writes back to the original if you save and exit cleanly
If you abort or make an error and don't save, the original file is untouched.
| The Safe Way to Edit System Files | |
|---|---|
Set your preferred editor (add to your ~/.bashrc or ~/.zshrc):
| Set Your Editor | |
|---|---|
- Or
vim,micro, etc. — whichever editor you prefer.
After editing, test and reload:
- Test the config.
- Only reload if the test passes.
Running Scripts Without Reading Them🔗
| RISKY | |
|---|---|
Always read the script first:
Look for rm, dd, chmod, service restarts, or anything you don't understand.
Copying Commands from the Internet🔗
That Stack Overflow answer might be:
- Outdated
- Written for a different Linux distribution
- Missing context
- Malicious (rare but possible)
Always understand before running:
- What does each part of the command do?
- Is this appropriate for your system?
- What's the worst that could happen?
Production Safety Checklist🔗
Before making any change in production:
| Check | Question |
|---|---|
| ✅ | Do I understand what this command does? |
| ✅ | Have I tested this in a lower environment? |
| ✅ | Do I have a rollback plan? |
| ✅ | Have I made a backup (if applicable)? |
| ✅ | Does anyone else need to know? |
| ✅ | Is there a change management process I should follow? |
| ✅ | Am I comfortable explaining this to my team lead? |
If any answer is "no", stop and get help.
Practice Problems🔗
Problem 1: Safe Config Edit Workflow
You need to check the worker_processes setting in /etc/nginx/nginx.conf. Walk through the safe approach: backup, view, verify — without actually changing anything.
Hint: Three steps — backup the file, read it, validate the syntax.
Answer
| Safe Config Inspection Workflow | |
|---|---|
- Make a backup (even before read-only inspection, if you might edit later).
- Read the config (safe, read-only).
- Validate current syntax (before touching anything).
If you did edit and broke something:
Problem 2: The Pre-Change Checklist
Your team lead asks you to restart the mysql service on a production server. Before touching the keyboard, what questions do you need answers to?
Answer
Work through the production safety checklist:
- Do I understand what
systemctl restart mysqldoes? — Brief downtime. All active connections will drop. - Have I tested this in staging? — Is there a staging server to verify first?
- Do I have a rollback plan? — If MySQL doesn't come back up, what's the procedure?
- Does anyone else need to know? — Is anyone currently using the database? Alert the team first.
- Is there a change management process? — Does this require a ticket, approval, or maintenance window?
- Am I comfortable explaining this to my team lead? — If not, ask before acting.
If any answer is "no" or "I don't know" — stop and ask before proceeding.
When Things Go Wrong🔗
You made a mistake. Something broke. Now what?
Don't Panic🔗
Seriously. Panic leads to worse mistakes.
Stop Making Changes🔗
Don't try to "fix" it with more commands. You might make it worse.
Document What Happened🔗
What command did you run? What time? What server?
Ask for Help🔗
Tell your team immediately. The longer you wait, the worse it gets.
"Hey, I ran [command] on [server] and [symptom]. I need help."
Much better than trying to fix it alone and making it worse.
Learn from It🔗
Every outage is a learning opportunity. Post-mortems exist to prevent repeats, not to assign blame.
The Escape Hatches🔗
Ctrl+C - Stop Current Command🔗
If a command is running and you want to stop it:
Undo Recent File Edit🔗
If you just edited a file and the service is broken:
| Restore Backup | |
|---|---|
Check What Changed🔗
| Diff Against Backup | |
|---|---|
Quick Reference: Safe vs Dangerous🔗
| Safe (Read-Only) | Dangerous (Modifies) |
|---|---|
ls, cat, less |
rm, mv, cp |
grep, find |
chmod, chown |
ps, top |
kill, pkill |
systemctl status |
systemctl restart/stop |
df, du |
dd, mkfs |
git log, git status |
git push, git reset |
The Golden Rules Summary🔗
- Understand before you run — Don't blindly execute commands
- Test in staging first — Production is not for experiments
- Make backups — Before changing any config file
- Ask if unsure — It's okay not to know everything
- Communicate — Tell people before and after changes
- Have a rollback plan — Know how to undo
- Stay calm — Panic makes mistakes worse
Further Reading🔗
Command References🔗
man cp— Understand the-pflag to preserve file permissions and timestamps when making backupsman diff— Compare two files side-by-side to verify what changed before and after an editman chmod— Understand permission notation before changing it
Deep Dives🔗
- Google SRE Book - Managing Risk — Production safety from a site reliability engineering perspective; free online
- The Art of Unix Programming — Classic Unix philosophy including the principle of least surprise
Related Articles🔗
- Understanding Your Permissions — Know what you're allowed to do before you do it
- Reading Logs — When something goes wrong, logs are how you figure out what happened
- Day One Overview — Recap of the complete Day One series
You've Completed Day One!🔗
Congratulations! You now know how to:
- ✅ Connect to a server via SSH
- ✅ Orient yourself on a new system
- ✅ Understand your permissions
- ✅ Explore safely
- ✅ Read logs like a pro
- ✅ Find documentation and understand what's running
- ✅ Avoid dangerous mistakes
What's next?
If you're a developer who just needed to work safely on Linux, you're done — come back when you need more.
If you're an IT professional who wants to actually own Linux — sysadmin, platform engineer, SRE — the Essentials track is where the real work starts: filesystem layout, permissions management, user accounts, process control, pipes, and grep. Built for IT professionals, not beginners.