Deleting a file in Linux or any other operating system does not actually remove the file from the hard drive. The operating system deletes the pointers to the file and marks the occupied space as ready to be written to, while the actual data remains.
A deleted file can be recovered until it is overwritten by other data. The
shred command prevents the recovery of deleted files in Linux by overwriting the deleted file with random data.
In this tutorial, you will learn how to use the
shred command in Linux.
- A system running Linux
- Access to the command line
Linux shred Command Syntax
shred command syntax is:
shred [options] [filename]
Options– Specifies the number of overwrites, file size, output, etc.
File– The name of the file you want to shred.
List of common
shred command options:
|Specifies the number of overwrites.|
|Overwrite and delete.|
|Amount of bytes to shred.|
|Show extended information.|
How to Use shred Command in Linux
shred command is a part of the coreutils package, which comes with Linux out of the box.
Shredding is done by running the
shred command in the terminal and adding flag options to customize the process or output. Shred options can be combined.
shred command conducts a series of overwrite tasks which destroy the data on the disk and significantly reduce the chance for data recovery. Files are not removed after shredding by default because it is common to operate on entire device files like /dev/hda. Users can specify if they want to remove the file as well.
Overwrite a File
The basic function of the
shred command is to overwrite a file several times to destroy the data. To shred a file, use the following syntax:
[filename] with the exact name of the file. If there is a space in the file name, put quotation marks around the file name.
In this example, we used the Linux cat command to display the contents of the passwords test file in the terminal without having to open it for editing.
Designate Number of Times to Overwrite a File
-n option allows users to specify how many times the file is overwritten.
Use the following syntax:
shred -n [number] [filename]
In this example, we specified that we want the file to be overwritten 10 times. We also used the
-z options to get an output of the process in the terminal and to hide the shredding. Note that the 11th pass is to hide the shredding.
Overwrite and Delete a File
-u option to overwrite and then delete a file:
shred -u [filename]
In this example, we combined the
-u option with
-v to get an output of the process.
Note: Learn how to use the rm command to delete a file or directory in Linux.
Selectively Overwrite Bytes of Text
-s option allows you to overwrite a specific portion of a file expressed in bytes. Suffixes like K-kilobytes, M-megabytes, and G-gigabytes are also accepted.
The syntax is:
shred -s [number_of_bytes] [filename]
In this example, the first 10 bytes of the passwords text file are overwritten.
Run shred With Verbose Mode
Verbose mode refers to displaying extended information. Specifically, run the
shred command with the
-v option to see how many times a file is overwritten.
The syntax is:
shred -v [filename]
The output indicates each overwriting instance.
Change Permissions to Allow Writing if Necessary
-f option allows access to files by changing file permissions if necessary.
Follow this format:
shred -f [filename]
Note: Read our article to see how to check and change file permissions in Linux.
-z option to shred a file and overwrite it with zeros to hide shredding from the file system.
The syntax is:
shred -z [filename]
Display shred Basic Details and Version
To check copyright and license details and the shred version installed, run:
To view all
shred command options, app information, and caution notes, run:
Important Considerations When Using the shred Command
shred command revolves around the assumption that the data is overwritten in place. Some file systems and hardware do not follow that rule but instead journal the changes or move the data around for wear-leveling.
shred is ineffective for:
- Log-structured or journaled file systems, such as those supplied on AIX and Solaris (and JFS, ReiserFS, XFS, and Ext3).
- RAID-based file systems and systems that write redundant data and carry on even in case of write failure.
- File systems that support creating snapshots (cloning), such as network appliance’s NFS server.
- File systems that cache in temporary locations, such as NFS version 3 clients.
- Compressed file systems.
shred is a bad option for erasing an SSD. Overwriting specific data blocks on SSDs is not possible due to wear-leveling. In other words,
shred does not necessarily overwrite the same physical memory cells.
Important: When overwriting and deleting a partition, make sure to specify the exact partition number. If no partition number is specified,
shred deletes the entire drive instead of a single partition.
You now know how to use the
shred command in Linux to permanently erase files from a file system. This tutorial showed how to use different options to customize the shredding process and delete a file.