The shred command is a good option for removing files from a Linux system in a way that makes them virtually impossible to recover.
The most obvious way to remove a file on a Linux system is to simply use the rm (remove) command. However, even though you will no longer see the file once it’s been deleted, this doesn’t mean that the file’s contents have been so thoroughly wiped from the disk that they can’t be recovered. Content will often sit on the disk until the space is used by a new file.
Another option – one that overwrites the file and optionally deletes it too – is called “shred”. As the name implies, the shred command will repeatedly change and rearrange the file’s data so that it can’t be recovered. It will also delete the file if you request that it do so.
To determine if shred is installed on your system, use the which command.
$ which shred /usr/bin/shred
To shred a file, but leave it in place, you can use a command like this:
$ shred guitar.png
The two files below show a png file that was shredded (the first) and a copy of it that was preserved in its original format. Note that you need to have write permission to shred a file.
$ ls -l guitar* -rw-r--r--. 1 shs shs 40960 Apr 14 19:13 guitar.png -rw-r--r--. 1 shs shs 39121 Apr 14 19:12 guitar.png-save
Notice that the file lengths are not identical after the shredding and, when we ask about the file with the file command, it shows a dramatic difference, including file format details.
$ file guitar* guitar.png: data guitar.png-save: JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=5, xresolution=74, yresolution=82, resolutionunit=2, software=GIMP 2.10.8, datetime=2019:02:04 18:48:41], progressive, precision 8, 512x512, components 3
The shredded file is described simply as “data” while the copy of the original file describes the file’s content with all the numerous details about its format that you would normally expect to see.
By default, the shred command will overwrite a file three times, but you can change this by using the -n option (e.g., shred -n 25 guitar.png). The process is surprisingly fast, even if you decide to shred it many times.
If you want to shred a file numerous times and get some feedback on what is happening, add the -v option as shown below.
$ shred -vn 10 guitar.png shred: guitar.png: pass 1/10 (random)... shred: guitar.png: pass 2/10 (aaaaaa)... shred: guitar.png: pass 3/10 (ffffff)... shred: guitar.png: pass 4/10 (249249)... shred: guitar.png: pass 5/10 (db6db6)... shred: guitar.png: pass 6/10 (random)... shred: guitar.png: pass 7/10 (000000)... shred: guitar.png: pass 8/10 (492492)... shred: guitar.png: pass 9/10 (555555)... shred: guitar.png: pass 10/10 (random)...
Use the -u option if you want shred to remove the file from your file system. It will deallocate and remove the file after overwriting it. Only the un-shredded copy of the file is still available.
$ shred -u smiley.jpg $ ls -l smiley* -r--r--r--. 1 shs shs 14120 Apr 15 14:05 smiley.jpg-save
If you want, you can even shred only a specified number of bytes in a file. Here’s an example, starting with a little story:
$ cat story Once upon a time, a long time ago, there was a clever witch who decided to use the Linux shred command to get rid of her competitor's spells on a shared computer.
When the story is shredded with the argument below, the requested number of bytes are affected.
$ shred -s 12 story $ cat story XJ'▒t▒!4▒mtime, a long time ago, there was a clever witch who decided to use the Linux shred command to get rid of her competitor's spells on a shared computer.
Notice how the first twelve bytes of the file have been modified.
Wrap-up
The shred command is a good option for removing files from a Linux system in a way that makes them virtually impossible to recover.