shred command: makes files unrecoverable in Linux

Are you still removing your files containing sensitive information (ssh keys, account password, auth file, etc) using the standard way?

Then you are making it easier for third-party applications to recover. Let’s dig in more; every time you delete files the standard way, they just get unlinked from the filesystem, making the block free for overwriting.

Is it possible to recover deleted data from a Linux system?

If you do not perform any rewrite operations after deleting the file by standard methods, Unlink Block will still hold the data of your file and can be recovered by third-party applications.

How Shredding Works in Linux

To make recovery impossible, you can shred your file by overwriting the block with multiple layers of random data.

Instead of the original data, the block will hold randomly generated data, which will be of no use if recovered by any tool.

shred command in Linux

The shred command is part of the Coreutils package and can help you destroy your files, making them unrecoverable by any application in Linux.

The filesystem block holding your unlinked data will have the copy of randomly generated data overwritten into your file by the shred command.

Is this method suitable? Below are some rare situations where your file might be still available for recovery, making your effort ineffective.

  • A file system that supports journaling (JFS, ReiserFS, etc)
  • A file system that takes a snapshot (BTRFS, NFS)
  • Data getting synched over the network using tools (rsync)
  • A file system that supports caching in temporary memory (NFS v3)

Syntax

$ shred [OPTIONS] [TARGET FILE]
  • [OPTIONS] use to instruct the shredding process by defining the number of overwrites to perform, amount of bytes to shred, hide shredding, etc.
  • [TARGET FILE] is the exact path of your file.

Below is the list of the most commonly used options with the shred command.

Options of shred commandDefinition
-fForcing files to be shredded
-nNumber of overwriting to perform
-sAmount of bytes to shred (suffixes like K, M, G accepted)
-uOverwrite and remove the file
-vShow Progress
-zHide shredding performed on a file
list of known shred command options

Shred (Overwrite) a File

The primary function of the shred command without any options is to overwrite the file with randomly generated data, making it unrecoverable.

Below is the sample file holding the data “HELLO, TREND OCEANS!” text.

$ echo "HELLO, TREND OCEANS!" > file.txt && cat file.txt

Below is the output of the above command.

Creating test file for shredding
Creating test file for shredding

Imagine this file holding sensitive information, and if deleted, anyone can quickly recover it (unless overwritten) for reading.

To overwrite this file, use the shred command with the filename, making a recovery impossible, as shown below.

$ shred file.txt
$ cat file.txt

Below is the output of the above command.

Shredding the file
Shredding the file

Now, if you remove this file with the standard methods and someone recovers it, it will be of no use to them.

Assigning the Number of Times to Overwrite a File

It is possible to perform multiple overwrites to a file, making it even more impossible to recover. This can be done by specifying the number of times to overwrite a file using the “-n” option, as shown below.

$ shred -n 5 file.txt

Below is the output of the above command.

Assigning Number of Times to Overwrite a File
Assigning the Number of Times to Overwrite a File

Above five times, shredding is done to your file to destroy the file content, but it didn’t output anything happening while shredding.

You can use the “-v” option to see the progress of the file being overwritten multiple times using the shred command.

Show the Shredding Progress in Verbose Mode

To see the progress of the file being overwritten, use the “-v” option along with the “-n” option to see the progress of shredding, as shown below.

$ shred -vn 5 file.txt

Below is the output of the above command.

Show the Shredding Progress in Verbose Mode
Show the Shredding Progress in Verbose Mode

Hide Shredding Operation Performed on File

The file content is unrecoverable after shredding, but a shredding operation can be identified on the file. To hide the shredding process on the file, use the “-z” option, as shown below.

$ shred -vzf 5 file.txt

Below is the output of the above command.

Hide Shredding Operation Performed on File
Hide Shredding Operation Performed on File

In the last line, the file’s content is overwritten by the “0” to make it undetectable.

Selectively Shred the Content of the File by Bytes

The “-s” option helps selectively overwrite the file’s content defined in the bytes. You can also specify the size in k (for kilobytes), m (for megabytes), and g (for gigabytes) for shredding.

Below is the text file containing the list of passwords on the different social platforms, and I want to remove the first password. For that, I will specify the number of bytes required to shred the first row, as shown below.

$ shred -s 5 file.txt

Below is the output of the above command.

Selectively Shred the Content of the File by Bytes
Selectively Shred the Content of the File by Bytes

Above, you can see the first row with the password “pass1” holding the 5 byte size data is shredded using the shred command.

Overwrite and remove the file

Until now, you have seen the shredded file is only getting overwritten, but if you want to remove the file after the shredding process is done, you can use the “-u” option along with the “-v” to monitor the changes, as shown below.

$ shred -uv file.txt

Below is the output of the above command.

Removing file after shredding
Removing file after shredding

Above, you see that after the file is shredded, it is removed from the system.

Those are essential things to know. If you wish to explore the shred command more, don’t forget to check its manual page using the man shred command.

Let us know in the comment section if you have any queries regarding this topic.

This Post Has 2 Comments

  1. Masala

    Unfortunately shred and other overwriting commands are totally useless with SSD drives.

Leave a Reply