Deleting files on a computer is often a misnomer. Using the rm command does not delete a file from the harddrive. It merely tells the filesystem that the area of the harddrive that is occupied by that file is now free to be written on. If the freed area has not been overwritten since you “deleted” the file, all the data will still be there and can be easily recovered. So what can you do if you really need to delete a file?
shred
shred is a command that writes random data over the area where a file used to be. If you simply type:
shred filename |
It will overwrite the file 25 times with random data, but will not delete it. The file will however be unreadable. A better usage is:
matt@laptop:~/tmp$ shred -u -n 5 -v -z world-forecast-BH.asp shred: world-forecast-BH.asp: pass 1/6 (random)... shred: world-forecast-BH.asp: pass 2/6 (000000)... shred: world-forecast-BH.asp: pass 3/6 (random)... shred: world-forecast-BH.asp: pass 4/6 (ffffff)... shred: world-forecast-BH.asp: pass 5/6 (random)... shred: world-forecast-BH.asp: pass 6/6 (000000)... shred: world-forecast-BH.asp: removing shred: world-forecast-BH.asp: renamed to 000000000000000000000 shred: 000000000000000000000: renamed to 00000000000000000000 shred: 00000000000000000000: renamed to 0000000000000000000 shred: 0000000000000000000: renamed to 000000000000000000 shred: 000000000000000000: renamed to 00000000000000000 shred: 00000000000000000: renamed to 0000000000000000 shred: 0000000000000000: renamed to 000000000000000 shred: 000000000000000: renamed to 00000000000000 shred: 00000000000000: renamed to 0000000000000 shred: 0000000000000: renamed to 000000000000 shred: 000000000000: renamed to 00000000000 shred: 00000000000: renamed to 0000000000 shred: 0000000000: renamed to 000000000 shred: 000000000: renamed to 00000000 shred: 00000000: renamed to 0000000 shred: 0000000: renamed to 000000 shred: 000000: renamed to 00000 shred: 00000: renamed to 0000 shred: 0000: renamed to 000 shred: 000: renamed to 00 shred: 00: renamed to 0 shred: world-forecast-BH.asp: removed |
The -u will delete the file. The -n 5 tells shred to overwrite the file 5 times (the default is 25, but I’ve put in 5 to keep the output short). The -v displays progress. The -z overwrites the file with zeros on the final pass, so that the area doesn’t look like it’s been written to (at least on a superficial look).
shred will also work on an unmounted partition, such as /dev/hda1.
caveats
shred will not be effective on journaled filesystems, or RAID-based filesystems. Thus, if you are using ext3 or reiserFS, shred may not be effective. However, if you are using ext3, all is not lost. In the case of ext3 file systems, the above disclaimer applies (and shred is thus of limited effectiveness) only in data=journal mode, which journals file data in addition to just metadata. In both the data=ordered (default) and data=writeback modes, shred works as usual. Ext3 journaling modes can be changed by adding the data=something option to the mount options for a particular file system in the /etc/fstab file. But assuming your ext3 filesystem is mounted with the default data=ordered mode, shred should work just fine.