These days security and anonymity concerns are forcing even average computer users to put extra thought on how they store and delete their data. Just deleting a file with a right-click or using the rm command isn't sufficient for sensitive data. When you delete a file using these normal methods the data is not destroyed. These methods are simply removing the reference to the file on the disk. They are basically telling the operating system to ignore them. However, the deleted information still resides on the disk and can be easily recovered using widely available software.
Enter the shred command. This simple tool is part of the GNU Core Utilities package and is available on almost any Linux and UNIX system. The shred command overwrites the target file repeatedly to make it extremely difficult or impossible to be recovered. The shred command can be used to overwrite single files, multiple files, partitions, and even an entire disk.
In this article we will show you the basic usage of the shred command along with some useful command-line options.
NOTE: The shred command does have it's limitations and only overwrites the data in place. Depending on the system configuration, there could be other copies of the data. Before you use this be sure you understand these limitations and how to account for them. You can find more information in the resources section at the end of this article.
Basic Syntax of Shred Command
Here is the basic syntax of the shred
command:
$ shred option <file_or_device>
The “device” can be any partition or disk.
Using the Shred Command
Using the shred command without any command-line options overwrites the files repeatedly, which is three times by default. Here we will show an example of what the shred command does by creating a sample file and then overwriting it using shred.
Let’s create a sample file and add some text in it.
[mcherisi@putor ~]$ echo “this is sample text” > sample.txt
After creating the file, note its size using the ls command. It will be used later for comparing it against with the size of the overwritten file.
[mcherisi@putor ~]$ cat sample.txt
“this is sample text”
[mcherisi@putor ~]$ ls -l sample.txt
-rw-rw-r--. 1 mcherisi mcherisi 26 Jul 18 08:25 sample.txt
Now we will use the shred command so that it overwrites the file and make it unusable. To do so, simply type shred followed by the file name as follows:
[mcherisi@putor ~]$ shred sample.txt
The shred command will overwrite this file three times. If you view this file with the cat command, you will see only garbage like this:
Now again view the file size. You will see the size of the file has changed now.
[mcherisi@putor ~]$ ls -l sample.txt
-rw-rw-r--. 1 mcherisi mcherisi 4096 Jul 18 08:30 sample.txt
The reason for the increase in disk size is because shred now fills a whole disk block (our file was smaller than the default block size). The size now matched the block size of the disk.
[mcherisi@putor ~]$ sudo blockdev --getbsz /dev/sda1
4096
NOTE: The default behavior of shred is to round the file size up to the full block. You can override this behavior using the --exact
or -x
options.
[mcherisi@putor ~]$ echo “this is sample text” > sample.txt
[mcherisi@putor ~]$ ls -l sample.txt
-rw-rw-r--. 1 mcherisi mcherisi 26 Jul 18 08:57 sample.txt
[mcherisi@putor ~]$ shred -x sample.txt
[mcherisi@putor ~]$ ls -l sample.txt
-rw-rw-r--. 1 mcherisi mcherisi 26 Jul 18 08:57 sample.txt
[mcherisi@putor ~]$ cat sample.txt
��נ��L5��a�{�����_���[mcherisi@putor ~]$
Command Line Options
The shred command provides a lot of options for expanding its usefulness. Let's take a look at some of the options and how to use them.
Verbose Output
To see what the shred command is doing in the background, you can use the --verbose
or -v
option as follows:
[mcherisi@putor ~]$ shred -v sample.txt
shred: sample.txt: pass 1/3 (random)...
shred: sample.txt: pass 2/3 (random)...
shred: sample.txt: pass 3/3 (random)...
NOTE: Now for all the further outputs, I will use the -v
(verbose) option to show you the results.
Overwrite Multiple Files
With the shred command, you can shred multiple files at once using a single command. To shred multiple files, specify the file names (separated by space) as an argument. You can also use wildcards and globbing to select specific target files, such as all files having the same extension.
[mcherisi@putor ~]$ shred -v *.txt
shred: sample1.txt: pass 1/3 (random)...
shred: sample1.txt: pass 2/3 (random)...
shred: sample1.txt: pass 3/3 (random)...
shred: sample2.txt: pass 1/3 (random)...
shred: sample2.txt: pass 2/3 (random)...
shred: sample2.txt: pass 3/3 (random)...
shred: sample3.txt: pass 1/3 (random)...
shred: sample3.txt: pass 2/3 (random)...
shred: sample3.txt: pass 3/3 (random)...
Shred All Data on Entire Partition or Drive
Shred can also be used to overwrite partitions and even full drives. For instance, the following command will overwrite all the data on the partition /dev/sda2
.
[mcherisi@putor ~]$ sudo shred -v /dev/sda2
shred: /dev/sda2: pass 1/3 (random)...
shred: /dev/sda2: pass 2/3 (random)...
shred: /dev/sda2: pass 3/3 (random)...
Delete File after Overwriting
By default, the shred command only overwrites the file. If you want to delete the file(s) after overwriting, you can use the --remove
or -u
option. Using this option will also rename the file several times before removing it for extra obscurification.
[mcherisi@putor ~]$ shred –u -v sample.txt
shred: sample.txt: pass 1/3 (random)...
shred: sample.txt: pass 2/3 (random)...
shred: sample.txt: pass 3/3 (random)...
shred: sample.txt: removing
shred: sample.txt: renamed to 00000000000
shred: 00000000000: renamed to 0000000000
shred: 0000000000: renamed to 000000000
shred: 000000000: renamed to 00000000
shred: 00000000: renamed to 0000000
shred: 0000000: renamed to 000000
shred: 000000: renamed to 00000
shred: 00000: renamed to 0000
shred: 0000: renamed to 000
shred: 000: renamed to 00
shred: 00: renamed to 0
shred: sample.txt: removed
Overwrite with zeros
After overwriting the file with random numbers, the shred command also allows you to do a final overwrite with zeros to hide the act of shredding. To do so, use the --zero
or -z
option as follows:
[mcherisi@putor ~]$ shred -z -v sample.txt
shred: sample.txt: pass 1/4 (random)...
shred: sample.txt: pass 2/4 (random)...
shred: sample.txt: pass 3/4 (random)...
shred: sample.txt: pass 4/4 (000000)...
Overwrite n Times
By default the shred command overwrites the file three times. You can change this default behavior by changing the number of times the file is overwritten using the --iterations
or -n
option followed by the number of times you want to overwrite it. For instance, the following command will overwrite the sample.txt file 4 times:
[mcherisi@putor ~]$ shred –n 4 -v sample.txt
shred: sample.txt: pass 1/4 (random)...
shred: sample.txt: pass 2/4 (ffffff)...
shred: sample.txt: pass 3/4 (000000)...
shred: sample.txt: pass 4/4 (random)...
Overwrite Only First n Bytes
By default, the shred command overwrites the entire file. However, if you want to shred only first n bytes, you can do so using the --size
or -s
option followed by the number of bytes to shred. Bytes can be specified in K, M, or B to specify multiples.
For example, the following command will shred only the first 8 bytes of the specified file:
[mcherisi@putor ~]$ shred -s8 sample.txt
[mcherisi@putor ~]$ cat sample.txt
�n�ʖ���is sample text. it contains sample values.”
From the above output, you can see that the shred command has only shredded the few initial bytes. It has not altered the rest of the file.
View Help on the Command Line
You can find more helpful information regarding shred command using the --help
option as follows:
$ shred --help
Conclusion
So there you have it, the basics of shred command. In this article, we have explained how to securely delete files, partitions, and disks to make it extremely hard to recover them. It is fairly a simple command and we have covered the most common options. If you have any questions or comments we would love to hear them below.