How to Securely Delete Files on Linux

I recently moved servers, so wanted to safely delete files on the one one, once all the files were moved safely across. To achieve this, I used the shred utility on AlmaLinux.

The shred command in Linux is a powerful tool designed to securely overwrite files, making it extremely difficult to recover their original contents. But use caution and test the commands on a non-critical data. Data erased with shred is intended to be irrecoverable.

Install the shred app:

sudo yum install shred

Running the Command:

shred -uvz file.ext

When using shred in this context, several options are crucial:

• -u or --remove: This is essential. After shredding the file’s contents, this option will also delete the file. Without -u, the shredded file (now filled with random data) will remain.
• -v or --verbose: Displays the progress of the shredding operation, showing which files are being processed. This can be helpful for large directories.
• -z or --zero: After the shredding passes, this option adds a final overwrite with zeros. This can help hide the fact that shred was used.
• -n N or --iterations=N: Specifies the number of times to overwrite the file. The default is usually 3, which is generally considered sufficient. Increasing this number will take significantly longer.

Shredding a Directory

The shred utilitiy does not directly operate on directories. To apply shred to all files within a directory and its subdirectories, you need to use it in conjunction with other commands, typically find.

find /path/to/your/directory -type f -exec shred -uvz file.ext {} \;

Important Caveats and Considerations:

• Filesystem Types: shred relies on the assumption that the filesystem overwrites data in place. This is not always true for all filesystems, especially journaling filesystems (like ext3, ext4, XFS) or copy-on-write filesystems (like Btrfs, ZFS). On these systems, shred might not be as effective because the new data might be written to a new location, leaving the old data intact (though unreferenced).
• Solid State Drives (SSDs): shred is generally not effective for securely erasing data on SSDs. SSDs use wear-leveling algorithms that distribute writes across the drive, meaning the overwriting operations of shred may not occur on the same physical memory cells that stored the original data. For SSDs, it’s better to use the drive’s built-in secure erase commands (often accessible via BIOS/UEFI or manufacturer utilities) or specialized SSD sanitization tools.
• Backups and Snapshots: If you have backups or filesystem snapshots, shredding the original files on the live system will not affect the data stored in those backups or snapshots.
• Permissions: You need write permissions for the files you are trying to shred and typically execute permissions on the directories being traversed.
• Test Carefully: Before running shred commands on important data or entire directories, always double-check your command and test it on a non-critical sample directory. Data erased with shred is intended to be irrecoverable.