Provided we have the right file permissions, deleting a file of any type is as easy as running rm :
root:/tmp> rm file1
We might need to delete most of the files in a directory in which case we might prefer to interactively decide who stays and who goes:
root:/tmp/tmp1> rm -i *
rm: remove regular file ‘2resolv.txt’? y
rm: remove regular file ‘security_watchdog.pdf’? n
rm: remove regular file ‘ssh.pdf’? y
rm: remove regular file ‘strace.log’? n
rm: remove regular file ‘test.1’? y
rm: remove regular empty file ‘test123’? n
rm: remove regular file ‘tmp.O7sV4FI8Ms’? Y
In other cases we just might want to wipe out all files and directories beneath without being prompted:
root:/tmp> rm -rf /tmp/case3 → “r” for recursive and “f” for force
If we want to delete empty directories but don’t want to use rm -rf in case they were not really empty, then we can use rmdir:
root:/tmp> rmdir /tmp/case7
If we are pedantic/archaic we can use unlink rather than rm:
root:/tmp> unlink /tmp/test908
It is of the utmost importance to remember that deleting files with the commands above only removes the pointer to the actual data but not the data itself. So if we want/need the data to be unrecoverable we need to use either shred or scrub:
root:/tmp> shred -fuvz /tmp/file9
shred: /tmp/file9: pass 1/4 (random)…
shred: /tmp/file9: pass 1/4 (random)…9.4MiB/9.8MiB 96%
shred: /tmp/file9: pass 1/4 (random)…9.8MiB/9.8MiB 100%
shred: /tmp/file9: pass 2/4 (random)…
shred: /tmp/file9: pass 3/4 (random)…
shred: /tmp/file9: pass 4/4 (000000)…
shred: /tmp/file9: removing
shred: /tmp/file9: renamed to /tmp/00000
shred: /tmp/00000: renamed to /tmp/0000
shred: /tmp/0000: renamed to /tmp/000
shred: /tmp/000: renamed to /tmp/00
shred: /tmp/00: renamed to /tmp/0
shred: /tmp/file9: removed
The example above shreds file9 by overwriting it 3 times with random data (defaults to 3 but can be changed with “-n <number>” option), even if it is not writable (“-f”), does a last pass overwriting all bytes with 0 (“-z”) and then unlinks or removes it (“-u”).
The commands below do the same for a partition and disk but without deleting at the end:
root:/tmp> shred -fz /dev/sbc4
root:/tmp> shred -fz /dev/sbh
We should also remember that shredding data with this command might not work with journaling, log-structured, copy-on-write and versioned filesystems as the written bytes might not actually overwrite old data. And it obviously can’t do anything much about cached data, snapshots or backups!
The scrub command does more or less the same but it is a bit more sophisticated:
• If the argument is a character or block device, it will scrub all of it.
• If the argument is a regular file, its data will be scrubbed and optionally its name in the directory.
• If the argument is a directory, it will be filled up with dummy files and then everything scrubbed.
root:/tmp> scrub /dev/sdf1 → scrub whole partition
scrub: using NNSA NAP14.1C patterns
scrub: please verify that device size below is correct!
scrub: scrubbing /dev/sdf1 1995650048 bytes (~1GB)
scrub: random |…………………………………………|
scrub: random |…………………………………………|
scrub: 0x00 |…………………………………………|
scrub: verify |…………………………………………|
.
root:/tmp> scrub -rf /tmp/file9 -D /tmp/file10 → scrub, delete and rename files
scrub: using NNSA NAP14.1C patterns
scrub: scrubbing /tmp/file9 10240000 bytes (~10000KB)
scrub: random |…………………………………………|
scrub: random |…………………………………………|
scrub: 0x00 |…………………………………………|
scrub: verify |…………………………………………|
scrub: scrubbing directory entry
scrub: 0x32 |…………………………………………|
scrub: 0x4d |…………………………………………|
scrub: 0x32 |…………………………………………|
scrub: 0x4d |…………………………………………|
scrub: 0x32 |…………………………………………|
scrub: 0x4d |…………………………………………|
scrub: unlinking /tmp/file10
Nothing stops us from using faster methods with dd:
root:/tmp> dd if=/dev/zero iflag=nocache oflag=direct of=/dev/sdf1 bs=4096
root:/tmp> dd if=/dev/urandom iflag=nocache oflag=direct of=/dev/sdf1 bs=4096