Open Source

Securely delete files with shred

If you want to delete sensitive data and make sure that it can't be recovered, the Linux rm command may not be enough. For deletion and file scrubbing, try the shred command, which overwrites data with gibberish before deleting it.

There are two utilities on a typical Linux box that can be used to delete files. Most users are familiar with the rm command. Most of the time, this command is sufficient for routine deletion, but for files that contain sensitive data, you might need to scrub them so that they cannot be recovered later with other data retrieval tools.

To delete files with sensitive content, rm is not sufficient. Instead, consider using the shred command, which not only deletes a file, but deletes it in such a way that it cannot be recovered. Shred overwrites the file multiple times with garbage prior to deleting it, ensuring that if anything does get retrieved, it isn't your top-secret data.

For instance:

$ echo "this is private data" >private.txt
$ cat private.txt
this is private data
$ ls -l private.txt
-rw-r—r— 1 vdanen vdanen 21 Mar  4 09:36 private.txt

To illustrate how shred works, call it without any command-line options so that the garbage in the file can be viewed:

$ shred private.txt
$ cat private.txt
?9?-?w?K?=???l;b8SƉ?b???????@,?18!??DM??P?
...
$ ls -l private.txt
-rw-r—r— 1 vdanen vdanen 4096 Mar  4 09:36 private.txt

The rest of the output is removed as it is binary gibberish. You can also see the file size has changed.

To delete the file after overwriting it with garbage, use the -u option. To see what shred is actually doing, give it the verbose -v option:

$ shred -u -v private.txt
shred: private.txt: pass 1/25 (random)...
shred: private.txt: pass 2/25 (cccccc)...
shred: private.txt: pass 3/25 (111111)...
shred: private.txt: pass 4/25 (000000)...
shred: private.txt: pass 5/25 (999999)...
shred: private.txt: pass 6/25 (aaaaaa)...
shred: private.txt: pass 7/25 (924924)...
shred: private.txt: pass 8/25 (b6db6d)...
shred: private.txt: pass 9/25 (6db6db)...
shred: private.txt: pass 10/25 (888888)...
shred: private.txt: pass 11/25 (492492)...
shred: private.txt: pass 12/25 (db6db6)...
shred: private.txt: pass 13/25 (random)...
shred: private.txt: pass 14/25 (ffffff)...
shred: private.txt: pass 15/25 (bbbbbb)...
shred: private.txt: pass 16/25 (777777)...
shred: private.txt: pass 17/25 (444444)...
shred: private.txt: pass 18/25 (dddddd)...
shred: private.txt: pass 19/25 (333333)...
shred: private.txt: pass 20/25 (555555)...
shred: private.txt: pass 21/25 (222222)...
shred: private.txt: pass 22/25 (eeeeee)...
shred: private.txt: pass 23/25 (666666)...
shred: private.txt: pass 24/25 (249249)...
shred: private.txt: pass 25/25 (random)...
shred: private.txt: removing
shred: private.txt: renamed to 00000000000
shred: 00000000000: renamed to 0000000000
shred: 0000000000: renamed to 000000000
shred: 000000000: renamed to 00000000
shred: 00000000: renamed to 0000000
shred: 0000000: renamed to 000000
shred: 000000: renamed to 00000
shred: 00000: renamed to 0000
shred: 0000: renamed to 000
shred: 000: renamed to 00
shred: 00: renamed to 0
shred: private.txt: removed

As you can see, shred overwrites the file 25 times with garbage. After this, it renames the file 11 times before deleting it.

Shred can also be used to overwrite entire disks instead of just files. If you wished to overwrite the contents of an entire hard drive, a process which would definitely take a fair amount of time, use:

# shred -u -n 30 /dev/hda

This will overwrite the data on the drive with garbage using 30 passes. The drive will need to be re-formatted after this as even the filesystem structure will be destroyed.

About

Vincent Danen works on the Red Hat Security Response Team and lives in Canada. He has been writing about and developing on Linux for over 10 years and is a veteran Mac user.

Editor's Picks