Removing files and formatting disks is a common task for users. And Linux provides a number of utilities to delete files and folders from the command line.
The most common command to delete files and folders is
rmdir, respectively. You can read in detail about the
rm command here.
In this blog post, we will study a new command known as
shred which helps us to wipe out disks and clear files in a secure way.
What is the Linux
The shred command helps to overwrite the data in place several times. This makes it harder for third party software and hardware probing to recover the data. That is why it's commonly used to securely remove data.
Syntax of Linux shred command:
According to the
man page, some of the [OPTIONS] you can use with
Instead of the default (3) times, overwrite the data N times.
Add a final overwrite with zeros to hide shredding.
Force the permissions to allow writing if necessary.
Show progress in detail.
Truncate and remove file after overwriting.
In the example above, replace the path with your disk path.
shred different from
rm removes the pointer to the filesystem. The actual data might still be there. So there is a possibility for data recovery.
But when you use the
shred command, the file is overwritten a specified number of times in a way that the actual content is unrecoverable. We'll see that in examples later on.
Another difference is the speed of execution. Usually,
rm is faster than
shred. This is because
shred overwrites the file a couple of times before deleting it. Depending on the number of iterations and file/disk size,
shred can take longer. Whereas
rm simply removes the pointer to file system.
How does the
shred command work?
shred command makes the file go through three passes by default. The three passes ensure that the file is overwritten three times. The default pass value can be changed as well by using the
When to use the
You use the shred command to erase sensitive data, which ensures security as well. It can be used by sys admins, digital forensics teams, or information security specialists to enforce security standards.
⚠️ Before running any of the examples on your system, ensure that your file and filesystem is properly backed-up. Please be careful, as contents are not recoverable.
How to overwrite and delete a file with
We have a sample file
poem.txt whose contents are shared below:
Let's overwrite its contents using the default three passes:
Let's check out the contents of the shredded file:
Now we can safely remove the file using
However, we can use the shred command more efficiently where we can overwrite, hide shredding, and remove the file in a single command. Let's modify and run the command below:
shred -vzu -n5 poem.txt
-vstands for verbose and gives detailed output.
-zreplaces the final pass with zeros to hide shredding.
-uremoves the file after shredding. We don't need to remove file afterwards using
rmwith this flag.
-nchanges the number of passes. We have set it to 5.
In the output below, the file is overwritten 5 times. In the final pass, the file is overwritten with all zeros. In the file removal steps, the file name is also mutated so it is non-discoverable.
How to wipe a disk or partition with
Suppose you are selling your disks or you need to erase your portable drive. You can use
shred to wipe your drive using the command below:
-vgives detailed output.
-fforces the write permissions if missing.
-zwrites zeros in the final pass.
You can also use
shred on RAID partitions.
shred -vfz -n 10 /dev/md1
When is shred not effective? ️ ️
There are certain cases when
shred is not effective. According to the man pages, below are some of the cases:
- Log-structured or journaled file systems, such as those supplied with AIX and Solaris (and JFS, ReiserFS, XFS, Ext3, and so on)
- File systems that write redundant data, such as RAID-based file systems.
- File systems that make snapshots. Examples include: Network Appliance's NFS server.
- File systems that support caching in temporary locations, such as NFS version 3 clients.
- Compressed file systems.
shred command ensures that the data in a file is not recoverable. Although there are some exceptions,
shred is still a better and safer option than
I hope you found this tutorial helpful.
Share your thoughts on Twitter!
You can read my other posts here.