How to securely delete a file and its contents
How to securely delete a file and its contents?
Run the shred command and tell it to remove the file as well.
shred --remove FILELet’s say you have a file with sensitive data. You want to delete it, but also be sure that it can’t be retrieve again. Instead of just removing the file with the rm command, there is a better option: shred
Introduction into shred
Shred is a tool meant to clear the contents of a file. Instead of replacing it with zeroes, it uses random data. It does this, by default, with 3 passes. This should normally be enough to really purge any remaining bit of the original data. Optionally, shred can also delete the file.
Knowing about this tool can be helpful when removing sensitive data of your customers, or deleting old data. It could also be an action before doing a full disk wipe, before bringing it to a recycle station.
Shred example
So, how to use shred? Let’s have a look in how easy it is to use the tool. Before you do, only practice on a dummy file first.
Create a test file
The first step is to create a test file.
echo test > test
Let’s have a look what type of data is in our newly created file using the file command.
# file test
test: ASCII text
Nothing exciting yet. Let’s look at some file statistics:
# stat test
File: test
Size: 5 Blocks: 8 IO Block: 4096 regular file
Device: 10303h/66307d Inode: 22945816 Links: 1
Access: (0664/-rw-rw-r--) Uid: ( 1000/ michael) Gid: ( 1000/ michael)
Access: 2024-05-09 19:39:49.903827717 +0200
Modify: 2024-05-09 19:39:49.903827717 +0200
Change: 2024-05-09 19:39:49.903827717 +0200
Birth: 2024-05-09 19:39:49.903827717 +0200
So our file is 5 bytes in length, just ordinary text, followed by a new line (\n).
Shred the file
Now we use shred to purge the content of the file by overwriting it with random data.
shred test
Is it still normal text?
# file test
test: data
The answer is obvious: due to the random data, it is no longer a piece of ASCII text. Let’s have a look at the file statistics of our altered file.
# stat test
File: test
Size: 4096 Blocks: 8 IO Block: 4096 regular file
Device: 10303h/66307d Inode: 22945816 Links: 1
Access: (0664/-rw-rw-r--) Uid: ( 1000/ michael) Gid: ( 1000/ michael)
Access: 2024-05-09 19:39:49.903827717 +0200
Modify: 2024-05-09 19:39:54.935868836 +0200
Change: 2024-05-09 19:39:54.935868836 +0200
Birth: 2024-05-09 19:39:49.903827717 +0200
So not only has the contents been changed, it also grew in size. It exactly filled up a full IO block of 4096 bytes.
Another interesting fact is that the data from the file was not even read, as the Access timestamp shows the same information as before.
By using the command, the data and meta-data changed. So Modify and Change will reflect these changes by updating the related timestamps.
Shred and delete
Want to shred the information and also delete it?
shred --remove test
The file is gone.