[BUG] Claude deleted production data

[jhonnasi]

Preflight Checklist

• I have searched existing issues and this hasn't been reported yet
• This is a single bug report (please file separate reports for different bugs)
• I am using the latest version of Claude Code

What's Wrong?

During a Nextcloud server migration task, Claude Code ran rm -rf on a directory that had a live NFS share mounted
inside it, without explicit user approval for that destructive action, and without first verifying the NFS was
unmounted. This resulted in the deletion of production user data from the NAS.

Impact:

• Total loss of production Nextcloud user data from NAS storage.
• Recovery in progress (not including Claude on this- "lack of trust"...)

What Should Happen?

Before running any rm -rf on a directory that may contain or be adjacent to mounted filesystems, Claude should:

1. Explicitly identify the risk to the user.
2. Ask for confirmation before proceeding.
3. Verify all mounts are unmounted before any destructive file operations.
4. Delete the entire data is not part of a Nextcloud upgrade. So, more than one tthing here doen't make any sense.

Error Messages/Logs

Steps to Reproduce

1. Set up a VM with an NFS share mounted inside a web root directory, e.g.:

• NFS export: #######
• Mounted at: /var/www/html/nextcloud/data on the VM

2. Ask Claude Code to migrate web application files from one VM to another. In the process, Claude will need to
   replace the contents of /var/www/html/nextcloud/ with a new version.
3. Claude will write and execute a script via SSH (paramiko) containing:
   cd /var/www/html
   rm -rf nextcloud
   tar -xzf /tmp/new_files.tar.gz
4. without first checking whether any NFS or other filesystems are mounted inside the target directory, and
   without asking the user for confirmation.
5. The rm -rf nextcloud runs as root. With no_root_squash on the NFS export, root on the client has full write
   access to the NAS. The command deletes all files inside the NFS mount before reaching the mountpoint directory
   itself (which fails with EBUSY).
6. The command times out on the paramiko side. Claude then checks for running processes, finds none, sees the
   directory still exists, and incorrectly reports to the user that no data was deleted and the NAS is safe.
7. User discovers data is gone when checking the NFS directory directly.

Claude Model

Sonnet (default)

Is this a regression?

I don't know

Last Working Version

No response

Claude Code Version

2.1.80

Platform

Anthropic API

Operating System

Other Linux

Terminal/Shell

Other

Additional Information

No response

[yurukusa]

This is the same class of incident as #36339 (NTFS junction traversal). A PreToolUse hook can prevent this:

npx cc-safe-setup

Installs 6 safety hooks including a destructive command blocker that catches rm -rf on sensitive paths before execution. Also blocks git reset --hard and git clean -fd.

For NFS-specific protection, you could extend the hook to check for mounted filesystems before allowing rm on any path:

# Check if path has a mount inside it
if mountpoint -q "$TARGET" 2>/dev/null || findmnt -n -o TARGET --submounts "$TARGET" 2>/dev/null | grep -q .; then
    echo "BLOCKED: target contains mounted filesystem" >&2
    exit 2
fi

Source: https://github.com/yurukusa/cc-safe-setup

[github-actions]

Found 3 possible duplicate issues:

1. [BUG] [Windows] rm -rf on pnpm project deleted entire C:\Users via NTFS junction traversal — Claude Code v2.1.51 #36339
2. [BUG] Cowork destroys user files when reorganizing iCloud-offloaded documents (cp + rm -rf on 0-byte stubs) #32637
3. [BUG] Critical Bug: Claude Code executed 'rm -rf' and deleted project files unexpectedly #29082

This issue will be automatically closed as a duplicate in 3 days.

• If your issue is a duplicate, please close it and 👍 the existing issue instead
• To prevent auto-closure, add a comment or 👎 this comment

🤖 Generated with Claude Code