How to securely delete files in Linux with srm

Don't entrust the deletion of sensitive data to the standard tools. Install this handy data wipe command for a more secure removal.

How to securely delete files in Linux with SRM

Do you have sensitive data on your Linux server drives that needs to be securely deleted? Maybe it's configuration files or client data. Regardless of what information is to be found in those files, you need the means to get rid of it.

With the Linux platform, there are a few possible tools for this process, some of which cannot be depended on for deleting such information and some which only reliably work on magnetic drives. So if your servers work with SSDs, you need to make sure to use a tool that's up for the task. One such tool is the Secure-delete Toolkit.

SEE: Windows 10 security: A guide for business leaders (Tech Pro Research)

Secure-delete Toolkit is a collection of file deletion tools, which includes the srm command (for secure remove). I want to walk you through the process of installing and using srm on Ubuntu Server 18.04. The toolkit can be easily installed on just about any Linux distribution, from within the standard repositories, so getting this up and running on your distribution of choice will be done in similar fashion.

The srm command deletes file in such a way that they cannot be recovered. The deletion process is:

  1. 1 pass with 0xff.
  2. 5 random passes.
  3. 27 passes with special values.
  4. 5 random passes.
  5. File rename.
  6. File truncation.

The above process is based on the paper "Secure Deletion of Data from Magnetic and Solid-State Memory," by Peter Gutmann.


The installation of the Secure-delete Toolkit is simple. Open a terminal window and issue the command:

sudo apt-get install secure-delete -y

Once the installation completes, you're ready to go.

Deleting files

Now it's time to delete some files. Let's create test files for deletion. First, create a file with random data. This can be done using the head command like so:

head -c 10MB </dev/urandom > testfile

The above command will create a binary file, named testfile, which is filled with 10 Mb of random data. Now, let's delete that file. We're going to use two options:

  • v - for verbose output.
  • z - to wipe the last write with zeros instead of random data.

Our command will look like this:

srm -vz testfile

Because we created a smallish file, the wipe process will happen in about one-to-two minutes. Should you have to delete a much larger file, prepare for srm to take some time. Allow it to finish, otherwise the wipe process will fail, and your data remain intact (even if only partially).

Once the command completes, your data will have been safely removed (Figure A).

Figure A

Figure A: The file deletion in progress.

When the process is complete, srm will inform you it is done. Issue the ls command to verify the file is gone (Figure B).

Figure B

Figure B: A flight of angels has sung this file to rest.

Deleting directories

If you need to securely delete entire directories, srm has you covered. Create a test directory with the command:

mkdir ~/TEST

Now create a file with random data in the same manner you did above:

head -c 10MB </dev/urandom > ~/TEST/testfile

With the test file and directory in place, they can be securely deleted with the command:

srm -r ~/TEST

Mission accomplished

And that's all there is to securely deleting data files with the srm command. Don't trust those need-to-be-deleted sensitive files to the standard removal process. Put this command in your toolkit for a security mission accomplished.

Also see

Image: Jack Wallen

By Jack Wallen

Jack Wallen is an award-winning writer for TechRepublic, The New Stack, and Linux New Media. He's covered a variety of topics for over twenty years and is an avid promoter of open source. For more news about Jack Wallen, visit his website jackwallen....