Linux : How to delete file securely

Recently we had lot of discussion regarding this issue. How to remove files securely so that it cannot be undeleted. Peter Gutmann paper “Secure Deletion of Data from Magnetic and Solid-State Memory” has very good information. Here are some commands/tools available under Debian GNU/Linux (it should work with other Linux distributions) to delete file securely.

srm: Securely remove files or directories

This command is a replacement for rm command. It works under Linux/BSD/UNIX-like OSes. It removes each specified file by overwriting, renaming, and truncating it before unlinking. This prevents other people from undelete or recovering any information about the file from the command line. Because it does lots of operation on file/directory for secure deletion, it also takes lot of time to remove it. Download srm from http://sourceforge.net/projects/srm (RPM file is also available for RPM based Linux distributions)

i) Untar and install the srm:

# ./configure
# make
# make install

ii) How to use srm?
srm syntax is like rm command. Read man srm. Here is simple example:

$ srm privateinfo.doc

wipe: It is a secure file wiping utility

Download wipe from http://wipe.sourceforge.net/
i) Untar and install the wipe

# ./configure
# make
# make install

ii) How to use wipe?

$ wipe filename

Read man page of wipe for information.

shred: Delete a file securely, first overwriting it to hide its contents.

It is available on most of Linux distributions including Debian GNU/Linux. To remove file called personalinfo.tar.gz :

$ shred -n 200 -z -u  personalinfo.tar.gz

Where,

-n: Overwrite N (200) times instead of the default (25)
-z: Add a final overwrite with zeros to hide shreddin
-u: Truncate and remove file after overwriting

Read the man page of shred(1) for more information. Most of these utilities are not effective (read as useless) only if :

File system is log-structured or journaled filesystems, such as JFS, ReiserFS, XFS, Ext3 etc
Your filesystems is RAID-based, compressed filesystem etc
In addition, file system backups and remote mirrors may contain copies of the file that cannot be removed by these utilities.

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+.

7 comment

Anonymous says:
August 1, 2005 at 12:17 pm
That’s cool!
…but how to delete a file called ‘/’ ?
…one that’s accidentally been created with vi? Anybody know?
Reply Report comment
1. Noufal Ibrahim says:
  December 24, 2010 at 10:27 am
  Which OS are you on? Most unix filesystems consider the
```
NULL
```
  and
```
/
```
```
 characters illegal for filenames.
```
  Reply Report comment
kvz says:
August 3, 2007 at 10:55 pm
@ Anonymous: try escaping it with a backslash
Reply Report comment
AdminGuru says:
July 3, 2009 at 8:05 am
@ Anonymous
Read this
http://www.cyberciti.biz/tips/delete-remove-files-with-inode-number.html
Reply Report comment
felipe1982 says:
February 3, 2010 at 6:11 am
>but how to delete a file called â€˜/â€™ ?
>one thatâ€™s accidentally been created with vi? Anybody know?
$> rm — /
That is backslash-forward slash (not a “Vee”)
Reply Report comment
Faisal Rehman says:
July 29, 2013 at 9:38 am
this is very good site
Reply Report comment
ARJUN says:
May 8, 2016 at 10:22 am
HOW TO DELETE THE ARCH FILE FROM THE NUMBER OF FILES AND HOW TO RECOVER THOSE FILE IF REQUIRED OR IN CASE OF ANY MISTAKE?
Reply Report comment

nixCraft