Deleting Files For Real

Deleting files on a computer is often a misnomer. Using the rm command does not delete a file from the harddrive. It merely tells the filesystem that the area of the harddrive that is occupied by that file is now free to be written on. If the freed area has not been overwritten since you “deleted” the file, all the data will still be there and can be easily recovered. So what can you do if you really need to delete a file?

shred

shred is a command that writes random data over the area where a file used to be. If you simply type:

shred filename

It will overwrite the file 25 times with random data, but will not delete it. The file will however be unreadable. A better usage is:

matt@laptop:~/tmp$ shred -u -n 5 -v -z world-forecast-BH.asp
shred: world-forecast-BH.asp: pass 1/6 (random)...
shred: world-forecast-BH.asp: pass 2/6 (000000)...
shred: world-forecast-BH.asp: pass 3/6 (random)...
shred: world-forecast-BH.asp: pass 4/6 (ffffff)...
shred: world-forecast-BH.asp: pass 5/6 (random)...
shred: world-forecast-BH.asp: pass 6/6 (000000)...
shred: world-forecast-BH.asp: removing
shred: world-forecast-BH.asp: renamed to 000000000000000000000
shred: 000000000000000000000: renamed to 00000000000000000000
shred: 00000000000000000000: renamed to 0000000000000000000
shred: 0000000000000000000: renamed to 000000000000000000
shred: 000000000000000000: renamed to 00000000000000000
shred: 00000000000000000: renamed to 0000000000000000
shred: 0000000000000000: renamed to 000000000000000
shred: 000000000000000: renamed to 00000000000000
shred: 00000000000000: renamed to 0000000000000
shred: 0000000000000: renamed to 000000000000
shred: 000000000000: renamed to 00000000000
shred: 00000000000: renamed to 0000000000
shred: 0000000000: renamed to 000000000
shred: 000000000: renamed to 00000000
shred: 00000000: renamed to 0000000
shred: 0000000: renamed to 000000
shred: 000000: renamed to 00000
shred: 00000: renamed to 0000
shred: 0000: renamed to 000
shred: 000: renamed to 00
shred: 00: renamed to 0
shred: world-forecast-BH.asp: removed

The -u will delete the file. The -n 5 tells shred to overwrite the file 5 times (the default is 25, but I’ve put in 5 to keep the output short). The -v displays progress. The -z overwrites the file with zeros on the final pass, so that the area doesn’t look like it’s been written to (at least on a superficial look).

shred will also work on an unmounted partition, such as /dev/hda1.

caveats

shred will not be effective on journaled filesystems, or RAID-based filesystems. Thus, if you are using ext3 or reiserFS, shred may not be effective. However, if you are using ext3, all is not lost. In the case of ext3 file systems, the above disclaimer applies (and shred is thus of limited effectiveness) only in data=journal mode, which journals file data in addition to just metadata. In both the data=ordered (default) and data=writeback modes, shred works as usual. Ext3 journaling modes can be changed by adding the data=something option to the mount options for a particular file system in the /etc/fstab file. But assuming your ext3 filesystem is mounted with the default data=ordered mode, shred should work just fine.