logo

Home page
Articles for Windows, Linux, OS X
Mac tips and articles
Mac tips
Windows 8 tips and articles
Windows 7 tips and articles
Vista Tips
XP Tips
Linux tips and articles
Read the blog
Online store
Windows, Linux, OS X programs
Links
About

Securely delete files in Linux

Many files on the computer contain sensitive and private information that you would not wish to be made public. For example, you may keep your financial accounts on the computer and they may contain bank details, investments and so on. You may use your home computer for work occasionally and it may contain documents that relate to the business or employees. You might have user names and passwords for online stores and services you subscribe too.

There are lots of differnt types of private information on the computer's hard disk drive and you need to ensure that it cannot get into the wrong hands. This could happen if you sell an old computer or pass it on to someone else to use. You may lend your computer to someone or let them use it for something. What about all those files containing sensitive information?

You should delete them so that they cannot be accessed. This is fine in theory, but in practise deleting a file does not actually remove it from the hard disk drive. When a file is deleted, Linux simply marks the space it occupied as unused. It then adds it to the pool of free space on the disk.

The next time you save a file some of that free space will be used, but it might not be the bit that contained the file you deleted. In fact, that deleted file can stay on the disk for a long time. With the right software you can recover deleted files for this very reason. Simply deleting files is still a security risk and your personal information can still be recovered quite easily.

The solution is to securely overwrite a file one or more times in order to scramble the contents. Then it can be deleted. It can be overwritten with patterns of numbers or simply zeroes, it doesn't matter because once a file has been overwritten it is extremely difficult and probably impossible to recover it.

A brief word here about Peter Gutmann: Back in 1996 he invented a method of securely deleting files by overwriting them 35 times. Modern hard disk drives pack the data so tightly that this is no longer necessary. The method is often included in secure-deletion tools because it is so well known and people think it's necessary. It's not. A couple of overwrites with random data is all that is needed to securely erase a file.

Overwrite and delete
So what we need is a utility that will overwrite a file one or more times with random data to scramble the contents and then delete it. There is a Terminal command in Linux called rm that can be used to remove a file or directory, even if it contains files. It doesn't overwrite them though. However, srm (secure rm) does overwrite the files and it works in exactly the same way as rm. (Take care not to delete things you actually want to keep!)

srm document.txt
srm -r MyDocs

The first example deletes a single file. You must open a Terminal window and change to the folder containing the file first or type the full path in the command. It's safer to cd to the folder. The second example deletes a folder/directory and the -r command line switch means recursively. So any folders within the folder you are deleting will also be deleted.

If you don't have srm then search for it and install it using the distro's package manager. It can also be downloaded from here.

Another command that can be used to securely delete files is shred and you use it like this:

shred document.txt
shred -u -n5 -v -z document.txt

The first example doesn't actually delete a file, at least on my PC. However, it does overwrite the file with random characters so that it can never be accessed again. You could safely delete it afterwards in the usual way, but shred can do this automatically with an extra command line switch. There are lots of them in the second example. Add -u to delete a file after overwriting it, -n5 means overwrite it 5 times (change this number to whatever you want), -v means verbose, which displays the command's progress, and -z means zero the file afterwards. The idea of filling it with zeroes is to make it look like it hasn't been securely deleted, although I'm not sure anyone would be fooled by this. Still, it's a useful extra option.

Wipe is another Terminal command that can be used to securely erase files. Type wipe to see if you have it and if not get it from your package manager or download it from here. It is used in a similar fashion to srm and the following command will remove all files in a folder recursively:

wipe -r MyDocs

You might want to use -q which means quick wipe. It only uses four passes and this is fine for modern disk drives. It can even be used to wipe a whole disk or partion (take care). Read the manual for information on all the command line switches and cd to the folder containing the file or folder to delete, otherwise you have to type in the full path and you can easily make typing mistakes that delete the wrong file or folder!


copyright