« Back to Frequently Asked Questions

How to securely delete a file and its contents

Let’s say you have a file with sensitive data. You want to delete it, but also be sure that it can’t be retrieve again. Instead of just removing the file with the rm command, there is a better option: shred

Introduction into shred

Shred is a tool meant to clear the contents of a file. Instead of replacing it with zeroes, it uses random data. It does this, by default, with 3 passes. This should normally be enough to really purge any remaining bit of the original data. Optionally, shred can also delete the file.

Knowing about this tool can be helpful when removing sensitive data of your customers, or deleting old data. It could also be an action before doing a full disk wipe, before bringing it to a recycle station.

Shred example

So, how to use shred? Let’s have a look in how easy it is to use the tool. Before you do, only practice on a dummy file first.

Create a test file

The first step is to create a test file.

echo test > test

Let’s have a look what type of data is in our newly created file using the file command.

# file test
test: ASCII text

Nothing exciting yet. Let’s look at some file statistics:

# stat test
  File: test
  Size: 5         	Blocks: 8          IO Block: 4096   regular file
Device: 10303h/66307d	Inode: 22945816    Links: 1
Access: (0664/-rw-rw-r--)  Uid: ( 1000/ michael)   Gid: ( 1000/ michael)
Access: 2024-05-09 19:39:49.903827717 +0200
Modify: 2024-05-09 19:39:49.903827717 +0200
Change: 2024-05-09 19:39:49.903827717 +0200
 Birth: 2024-05-09 19:39:49.903827717 +0200

So our file is 5 bytes in length, just ordinary text, followed by a new line (\n).

Shred the file

Now we use shred to purge the content of the file by overwriting it with random data.

shred test

Is it still normal text?

# file test
test: data

The answer is obvious: due to the random data, it is no longer a piece of ASCII text. Let’s have a look at the file statistics of our altered file.

# stat test
  File: test
  Size: 4096      	Blocks: 8          IO Block: 4096   regular file
Device: 10303h/66307d	Inode: 22945816    Links: 1
Access: (0664/-rw-rw-r--)  Uid: ( 1000/ michael)   Gid: ( 1000/ michael)
Access: 2024-05-09 19:39:49.903827717 +0200
Modify: 2024-05-09 19:39:54.935868836 +0200
Change: 2024-05-09 19:39:54.935868836 +0200
 Birth: 2024-05-09 19:39:49.903827717 +0200

So not only has the contents been changed, it also grew in size. It exactly filled up a full IO block of 4096 bytes.

Another interesting fact is that the data from the file was not even read, as the Access timestamp shows the same information as before.

By using the command, the data and meta-data changed. So Modify and Change will reflect these changes by updating the related timestamps.

Shred and delete

Want to shred the information and also delete it?

shred --remove test

The file is gone.

Relevant commands in this article

Like to learn more about the commands that were used in this article? Have a look, for some there is also cheat sheet available.

  • echo
  • file
  • shred

Feedback

Small picture of Michael Boelen

This article has been written by our Linux security expert Michael Boelen. With focus on creating high-quality articles and relevant examples, he wants to improve the field of Linux security. No more web full of copy-pasted blog posts.

Discovered outdated information or have a question? Share your thoughts. Thanks for your contribution.

Mastodon icon