A A
RSS

Howto Delete Files Permanently and Securely in Linux

Mon, Mar 2, 2009

Tweet this!

Introduction

Note: For Windows, please see my article Howto Delete Files Permanently and Securely in Windows. For Linux, you might want to add a secure-delete option to the file manager in Linux. I’ve also written about secure deletion and filesystem journaling.

Advertisement: Trying to recover deleted data? Try the most powerful PC/Mac data recovery tool – Wondershare Data Recovery

We all know that when you simply delete a file, it’s possible to recover it later. Sometimes this is useful, if you accidentally delete something important; but usually this is a problem, and you really want that file gone forever. This howto will explain how to delete a file in linux securely and permanently, so it can never be recovered.

Hard drives store data magnetically; these tools work by writing lots of random data and zeros over your old file[s], making sure that even the most advanced recovery methods aren’t able to read what was once stored in that part of the hard disk.

Using shred

Most distributions of Linux, Ubuntu included, come installed with the “shred” command. Shred is a basic tool for overwriting a file many times, but is widely available and is effective in most cases. It works by writing random ones and zeros over the file you are shredding; with enough passes (see the “passes and filesystems” section below) it will become impossible to recover the old contents of the file.

The basic format of the shred command is this:

shred [OPTIONS] filename

Common options you’ll want to use when you shred a file are:

Option Is used for…
-n [N] Overwrite a file N times. For example, -n 20 will perform twenty passes over the file’s contents.
-u Remove the file after you’ve shredded it. You’ll probably want to use this option in most cases.
-z After shredding a file with random bits (ones and zeros), overwrite the file with only zeros. This is used to try and hide the fact that the file was shredded.

So, for example, to shred a file “topsecret.txt” with twenty-six iterations (I want to make sure it’s really, really gone!), and delete it afterwards, and hide the fact that it was shredded, I would run:

shred -u -z -n 26 topsecret.txt

For more information on the shred command, and all its various options, you should check out its manual, which can be accessed by running man shred.

The Secure-Delete tools

Shred can only be used to overwrite files, and its use, while effective is relatively basic. What about the copies of data stored in your RAM, or in swap? And what about all the empty space on your hard drive, which was once full of personal, private information? The magnetic traces of that data is still lingering around, and if you’re getting rid of your hard drive, you’ll probably want to make sure it’s wiped before allowing the possibility of it falling into the wrong hands.

The Secure-Delete tools are a particularly useful set of programs that use advanced techniques to permanently delete files. To install the Secure-Delete tools in Ubuntu, run:

apt-get install secure-delete

The Secure-Delete package comes with four commands:

Command Function
srm Secure remove; used for deleting files or directories currently on your hard disk;
smem Secure memory wiper; used to wipe traces of data from your computer’s memory (RAM);
sfill Secure free space wiper; used to wipe all traces of data from the free space on your disk;
sswap Secure swap wiper; used to wipe all traces of data from your swap partition.

srm – secure remove
This tool is basically a more advanced version of the “shred” command. Instead of just overwriting your files with random data, it uses a special process – a combination of random data, zeros, and special values developed by cryptographer Peter Gutmann – to really, really make sure your files are irrecoverable. It will assign a random value for the filename, hiding that key piece of evidence. srm is used like this:

srm myfile.txt

Or, for directories:

srm -r myfiles/

With the “-r” for recursive mode. You can learn more about the srm command from its manual, accessable via man srm.

smem – secure memory wipe
While it’s true that your computer’s RAM is emptied when you power-off your computer, you probably didn’t know that residual traces of data remain in memory, like hard drives, until they are overwritten many times. This means that it’s relatively easy for someone with the right tools to figure out what you had stored in RAM, which may be the contents of important files, internet activity, or whatever else it is you do with your computer.

The basic use of smem is the same as srm, although it is a good deal slower. There are options to speed things up, but they increase the risk by performing fewer overwrite passes. For a complete list of options, read the manual on smem (the man smem command), but its basic use is just running the “smem” command, as such:

smem

sfill – secure free space wipe
sfill follows the same general method as srm. It is used to wipe all the free space on your disk, where past files have existed. This is particularly useful if you are getting rid of a hard disk for good; you can boot a LiveCD, delete everything on the disk, and then use sfill to make sure that nothing is recoverable. You may have to be root in order to use this tool effectively, since regular users might not have write access to certain filesystems, and you might have a quota enabled. sfill usage is as such:

sfill mountpoint/

If you specify a directory that isn’t a mountpoint itself (for example, if you have /home/ on a separate partition, but you select /home/me/fun), sfill will wipe the freespace on which the directory resides (in the above example, the /home partition).

sswap – secure swap wipe
The sswap program is used to wipe your swap partitions, which store the data of running programs when your RAM is filled up. Therefore, feel a need to run smem, it’s probably a good idea to run sswap, too. However, before you use it you must disable your swap partition. You can determine your mounted swap devices by running:

cat /proc/swaps

Or looking in your /etc/fstab file for filesystems of the type “swap”. In my case, my swap partition is /dev/sda5, so to disable it I run:

sudo swapoff /dev/sda5

Once your swap device is disabled, you can wipe it with sswipe. In my case, I run:

sudo sswap /dev/sda5

If you aren’t running this as root (sudo), you’re likely to get a permission denied error. As with any of the above commands, you can get more information while it’s running by adding the “-v” option for verbose mode. Also, don’t forget to re-enable swap when you’re finished! Use the swapon command:

sudo swapon /dev/sda5
Advertisement: Trying to recover deleted data? Try the most powerful PC/Mac data recovery tool – Wondershare Data Recovery
A word on passes and filesystems

Passes
A commonly asked question is, “how many passes does it take before a file can’t possibly be recovered by advanced tools, such as those used by law-enforcement? The answers here vary, and you can get a lot of extra information via google, but the basics are that the US Government’s standard is 7 passes, while data has been known to be recovered from as many as 14 passes. The “shred” tool allows you to specify the number of passes you wish to make, while the Secure-Delete tools use a default of 38 passes (enabling the “fast” and “lessen” options on the secure-delete tools significantly decreases the number of passes, however). Of course, more passes means more time, so there’s a trade-off here; depending on how private the data is, and how much time you have available, you may want to use a fewer or greater of passes.

Filesystems

Another thing to note is that RAID configurations and networked filesystems may affect the performance and effectiveness of these tools. Using a networked filesystem, for example, unless you can SSH into the remote computer, you can’t wipe the machine’s memory and swap. With RAID striping, there are more disks to consider, hence more redundant data traces, so you may want to consider doing a few extra passes. especially using the shred tool.

Conclusion

If you are throwing away an old hard drive (or giving/selling it to someone), have files with personal information you don’t want anyone to be able to access, or are just a paranoid-type in general, it’s important to make sure your deleted files are permanently gone. Using some simple command line tools, you can easily and effectively delete files permanently in Linux. These are simple commands that everyone should know how to use, and can come in handy if your privacy is of concern to you.

You may be interested in: Howto Delete Files Permanently and Securely in Windows. You can also add a secure-delete option to the file manager in Linux.

Like this post?

39 Responses to “Howto Delete Files Permanently and Securely in Linux”

  1. RB says:

    Hi, just like to comment that this was a very easy to read and understand tutorial. Many thanks indeed.

  2. Adrian Demarais says:

    How about sectors containing data that were subsequently marked as bad? How do you clear those?
    I understand that ATA drives have a built-in command to delete all data, INCLUDING on bad sectors – shouldn’t this be included in the secure-delete set?

  3. GC says:

    Very clear and concise, many thanks. This is the way all technical info should be written.

  4. Kava makaveli says:

    Very good info!

  5. Brian says:

    Thanks for the tutorial. Makes using the program easy.

  6. Kristof De Bisschop says:

    i used this tutorial using synaptic in xubuntu. Works fine.
    Thank u for the tutorial

  7. J says:

    Thanks for this useful tutorial

  8. SH says:

    I would like to 2nd RB’s comments. I’m new to Ubuntu and was exactly what I was looking for. Your information is easy to understand and in plain English! Cheers ;)

  9. the Unknown Soldier says:

    A wonderful tutorial. Very clear on its’ information & processes. Anyone should have an easy time following it.

  10. coz says:

    hey guys… on ubuntu10.04 secure-delete installs but there is no smem funtion at least on the 64 bit version.
    any solutions to this?

    coz

  11. Callum says:

    Thanks for the clear and concise walkthrough. It was easy to follow, in plain English, while still technically detailed. Great writing in my opinion.

    I found it remarkably easy to encrypt my whole disk in Ubuntu. I’ve been using an encrypted disk for a couple of years now, so most of these issues don’t affect me. I stumbled upon this article while looking to wipe the free space on an external disk I just bought from a friend.

    I’m now intrigued by the idea of encrypting my RAM though, I’ll investigate that further… :-)

  12. Bill says:

    Many thanks, very neat and clear!

  13. LD says:

    Thanks for the article. very useful. But I just cannot find the secure-delete package for mandriva !!! search a lot unsucesfully…

  14. john says:

    Does secure delete (srm) and shred work on an ext4 filesystem. I read somewhere that due to the journalling of these systems it doesn’t securely delete the data as there is a back up else where??

    • Jonathan DePrizio says:

      Hi John,

      This is a very common question. My understanding is that, by default, ext3 and ext4 /do not/ journal the data; only the metadata is journaled. Data is written directly to the appropriate spot on-disk. File data is /only/ journaled when the ‘data=journal’ option is enabled, which is not the default. You can read more here:

      http://www.mjmwired.net/kernel/Documentation/filesystems/ext4.txt

      That being said, it is entirely possible that a file which now resides at one physical location on-disk previously resided elsewhere, especially if the file undergoes many appends and modifications. Therefore if you truly need to ensure that the data is unrecoverable, you may want to make sure you wipe the drive’s free space (used space having been already overwritten by other data).

      Thanks for the question,
      Jonathan

  15. Brandon says:

    This tutorial was easy to understand, even for a n00b like me. I wish all linux tutorials were this easy to follow.

  16. njain says:

    I formatted my machine with maverick from CD, but due to issues with the cD drive it failed, then I did the same using a bootable USB. So, after formatting twice my machine, I copied the home folder back from an ext hard disk to the machine. and updated my system. when I restarted the machine to complete the update, to my surprise, the dektop of the machine looked very much like the old one and some of the softwares I din’t install were installed, also it prompted for a local keyring authorization, which turns out to be the very first one, I had before the first format..
    is this because of some hidden files present in the /home/^[.].*

  17. olsie says:

    This is well written and easy to apply. I no longer have to wear my tin foil hat 24/7…

  18. JFekete9076 says:

    Hello.

    I’ve also tried these programs.
    The only problem is that they are too slow.
    Is there a way to speed up them without compromising security?

    • Jonathan DePrizio says:

      Hi,

      The reason why the tools are slow are that they need to access the hard disk in order to be effective. Under normal use, the OS will cache data in RAM for quicker access (and to make it appear that disk writes are faster than they actually are). Yet this wouldn’t work for secure deletion – you need to be certain that you actually writing to the disk.

      So the answer is that no – you cannot really speed them up, except using one pass rather than multiple passes, etc… These tools need to bypass the system cache in order to be effective, thus making them slower than what you are generally used to.

  19. Daniel Feenberg says:

    The necessity for multiple overwrites is subject to dispute. See my essay “Can Intelligence Agencies Recover Overwritten Data?” at

    http://www.nber.org/sys-admin/overwritten-data-gutmann.html

  20. vijay says:

    Thanks for this tutorial!!!!!!!!!!

  21. vijay says:

    How to delete the any data form the server permantly. Any command for this in the linux.

  22. sdmem not smem says:

    It’s sdmem (not smem).

  23. Jonathan DePrizio says:

    Test comment

  24. hamzeh naser says:

    i”m Grateful for who created wipe method

    nice tutorial . thank you

  25. Daniel says:

    Hi all, I´m trying to learn about sfill, so I used sfill on a 500 Mb flash drive VFAT type partition. After that I used photorec but lots of data (same as before used sfill) was recovered. Maybe it doesn´t work on VFAT?. Thank you

  26. Jani says:

    Is it the distro or what but my smem is sdmem?

  27. jimmy crocket says:

    If you have physical access to the drive, use an axe and a furnace.

Trackbacks/Pingbacks

  1. Secure-delete | Nocciolo News - 19. Dec, 2009

    [...] http://www.techthrob.com/2009/03/02/howto-delete-files-permanently-and-securely-in-linux/ [...]

  2. مدونة ابو شوق » Blog Archive » حذف الملفات للأبد [ بشكل نهائي ] - 30. Jan, 2010

    [...] Howto Delete Files Permanently and Securely in Linux [...]

  3. Nuking Data and Other Data Deletion Considerations - 07. Jul, 2010

    [...] side, I recommend Eraser, which has free space scrubbing built in. In Linux, the sfill command (and other tools) will do this for you. While I am not a Mac person, a tool called ShreadIt X seems to fit the bill. [...]

  4. Secure delete suite - 29. Sep, 2010

    [...] there… Im using slackware 12.2 and i want to install secure-delete suite for which i read here.. http://techthrob.com/2009/03/02/howt…rely-in-linux/ I found a link to download it here http://www.linux.com/archive/feature/135944 at the right box [...]

  5. Purge system - 18. Oct, 2010

    [...] package (apt-get install secure-delete) Also find articles like this one [ http://techthrob.com/2009/03/02/howt...rely-in-linux/ ]. I hope this helps [...]

  6. securely delete (wipe) a file/partition « The Ubuntu Incident - 01. Jul, 2011

    [...] secure-delete tools (sudo apt-get install secure-delete); more info here [...]

  7. Secure delete: ลบไฟล์อย่างไรให้ปลอดภัยจากการกู้คืน | Computer-Labor : Knowledge Sharing ! - 09. Aug, 2013

    [...] http://techthrob.com/2009/03/02/howto-delete-files-permanently-and-securely-in-linux/ [...]

Leave a Reply

Weekly Poll

What's the best Linux distribution for desktops?

View Results

Loading ... Loading ...

Search TechThrob

Advertisement