I understand that they were intending to unpack from / and they unpacked from /home/ instead. I’m just arguing that the unpack was already a potentially dangerous action, especially if it had the potential to overwrite any system file on the drive. It’s in the category of “don’t run stuff unless you are certain of what it will do”. For this reason it would make sense to have some way of checking it was correct before running it. Any rms to clean up files will need similar steps before running as well. Yes this is slower, but would argue deleting /etc by mistake and fixing it is slower still.

I’m suggesting 3 things:

• Confirm the contents of the tar
• Confirm where you want to extract the contents
• Have backups in case this goes wrong somehow

Check the contents:

• use "tar t’’ to print the contents before extracting, this lists all the files in the tar without extracting the contents. Read the output and check you are happy with it

Confirm where:

• run pwd first, or specify “-C ‘/output-place/’” during extraction, to prevent output to the wrong folder

Have backups:

• Assume this potentially dangerous process of extracting to /etc (you know this because you checked) may break some critical files there, so make sure this directory is properly backed up first, and check these backups are current.

I’m not suggesting that everyone knows they should do this. But I’m saying that problems are only avoidable by being extra careful. And with experience people build a knowledge of what may be dangerous and how to prevent that danger. If pwd is /, be extra careful, typos here may have greater consequences. Always type the full path, always use tab completion and use “trash-cli” instead of rm would be ways to make rm safer.

If you’re going to be overwriting system files as root, or deleting files without checking, I would argue that’s where the error happened. If they want to do this casually without checking first, they have to accept it may cause problems or loss of data.