Security and 'rclone delete'

normangl · August 15, 2019, 7:56am

In my last post I learn't about rclone delete, which is a bit worrying.

I have a cloud folder full of many shared folders and the 'remote:' directory is configured to point to the root of my Google Drive by default.
I installed my rclone.conf file onto all of our CI servers.

I'm therefore worried about someone using the following command:
$ rclone delete remote:

Will the above wipe out the whole of my google drive along with all the company shared folders??
If so, what security measures can I setup within rclone to prevent this and is it possible to point 'remote:' to a sub-folder on my Google Drive instead of the root of my Google Drive?

ncw · August 15, 2019, 10:17am

Possibly, yes, depending on the exact permissions. However it puts things in the trash by default...

Yes you can set

  --drive-root-folder-id string   ID of the root folder

or the config file equivalent root_folder_id

You can also oauth read only if you don't want rclone to be able to touch stuff.

system · November 13, 2019, 10:17am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.