Executable Deleting Itself on linux [closed]

Question

Being a super user , I executed the following command on linux

rm rm

which removes itself. Because when process is in execution , its reference count is not zero.Hence it cannot be deleted. So I am bemused, how and why does it happen?

I tried the same with chown 0000 chown as well.

cp -r Dir1/ Dir2/

In above command also , what happens when i delete the source directory only when copying is in progress???

Answer 1

It is the same as for temporary files.

Recall that a usual way to create some temporary file is to open(2) a file (keeping its file descriptor), then unlink(2) (while still having an open file descriptor). Then the data of the file remains in the file system as long as the process is running and have not close(2)-d that file descriptor.

This is because files really are inodes -not file names in directories. (directories contain entries associating names to inodes).

The kernel manages the set of "used" (or "opened") inodes, and that set contains the inodes executed by processes (actually, the inodes involved in some address mapping like thru mmap(2) or execve(2))

So just after /bin/rm /bin/rm starts, the kernel has one reference to rm binary as the executable of the process.

When it processes the unlink syscall, it has temporarily two references (one being the process in execution, the other the path /bin/rm passed to unlink kernel implementation) and decreases it to one.

^{Of course you should avoid typing /bin/rm /bin/rm but then you usually have some standalone shell like sash to be able to repair your system.}