A solution in bash would be to use shell functions and aliases. You could put them in /etc/bashrc or ~/.bashrc if you only want them for specific users. Here's some function and alias definitions you could use to do something like what you asked.
DANGERLIST=/etc/dangerous.paths _dangerouspath() { file=$(readlink -e "$1") [ -z "$" ] && return 1 while read pattern do [[ "$" =~ ^$$ ]] && return 0 done < $ return 1 } _checkpaths() { shift while [ -n "$1" ] do [[ "X$1" =~ ^X[^-].* ]] && _dangerouspath $1 && return 0 shift done return 1 } _saferun() { p="$1" shift if _checkpaths $* then read -p "Are you sure you want to do this? (y/n) " r && [ "$r" = "y" ] && $p $* else $p $* fi } alias chown="_saferun /bin/chown" alias chgrp="_saferun /bin/chgrp" alias chmod="_saferun /bin/chmod"
You'd need to create a list of paths you want to protect in "$DANGERLIST" (/etc/dangerous.paths) which would be something like
/ /home /etc.* /usr/bin.* /bin.*