Network World
Nov 20, 2018
video
Linux tip: Learn to use the shred command
In this Linux tip, we look at the shred command, which removes a file from a disk in a manner that is far more thorough than the rm (remove) command.
Similar
Comments
Hi, this is Sandra Henry-Stocker, author of the “Unix as a Second Language” blog on NetworkWorld.
In this quick Linux tip, we’re going to look at the shred command. It’s a command that removes a file from a disk in a manner that is far more thorough than the rm (remove) command does. As the name implies, shred’s effect is in some ways like putting a paper document through a paper shredder.
Keep in mind that the rm command removes a file only by deleting the reference to it from the directory that contains the file. A directory is, after all, really just a special type of file. The rm command doesn’t actually remove the data from the disk and that leaves the file content in a state that allows it to be recovered if you use the right tool –such as the foremost command. In contrast, the shred command overwrites the file in multiple passes and then optionally removes the file as well. The content that remains on the disk will no longer resemble the original file, will in fact not look like a file at all, and will not be salvageable.
Say you had a file containing plain text passwords and suddenly realized that this really wasn’t such a bright idea, so you want to remove it from your system, but you want to be really sure that it can’t be recovered. So, instead of using the rm command, you might use a shred command like this one:
The arguments provided here include -z (make a final pass overwriting the file with zeroes), -v (run the task verbosely so you can get some feedback while it’s running), -u (truncate and remove the file after shredding it) and -n (specify the number of passes to make while overwriting the file). The default is 3.
As you can see, using the parameters we included in this command, 5 passes were made over the file – 4 plus the extra zeroes pass – and the file has been removed. I wouldn’t suggest getting too carried away with the number of passes. The default is probably more than adequate. Once a file has been shredded, even commands that try to scrape data off of the disk and identify content won’t find the deleted file or its former contents.
That’s your 2-minute Linux tip on shredding files. If you liked this video, please hit the like and share buttons. For more Linux tips, be sure to follow us on Facebook, YouTube and NetworkWorld.com.
In this quick Linux tip, we’re going to look at the shred command. It’s a command that removes a file from a disk in a manner that is far more thorough than the rm (remove) command does. As the name implies, shred’s effect is in some ways like putting a paper document through a paper shredder.
Keep in mind that the rm command removes a file only by deleting the reference to it from the directory that contains the file. A directory is, after all, really just a special type of file. The rm command doesn’t actually remove the data from the disk and that leaves the file content in a state that allows it to be recovered if you use the right tool –such as the foremost command. In contrast, the shred command overwrites the file in multiple passes and then optionally removes the file as well. The content that remains on the disk will no longer resemble the original file, will in fact not look like a file at all, and will not be salvageable.
Say you had a file containing plain text passwords and suddenly realized that this really wasn’t such a bright idea, so you want to remove it from your system, but you want to be really sure that it can’t be recovered. So, instead of using the rm command, you might use a shred command like this one:
The arguments provided here include -z (make a final pass overwriting the file with zeroes), -v (run the task verbosely so you can get some feedback while it’s running), -u (truncate and remove the file after shredding it) and -n (specify the number of passes to make while overwriting the file). The default is 3.
As you can see, using the parameters we included in this command, 5 passes were made over the file – 4 plus the extra zeroes pass – and the file has been removed. I wouldn’t suggest getting too carried away with the number of passes. The default is probably more than adequate. Once a file has been shredded, even commands that try to scrape data off of the disk and identify content won’t find the deleted file or its former contents.
That’s your 2-minute Linux tip on shredding files. If you liked this video, please hit the like and share buttons. For more Linux tips, be sure to follow us on Facebook, YouTube and NetworkWorld.com.
Featured
