walden systems, geeks corner, programming, languages, developer, redmine, backup, shell, unix, bash, ksh, svn, rsync, gzip, respository, svn, subversion, erase, secure, files, rm

Securely erasing files using Unix Shell

Shells read input up to an unquoted newline and then execute it. An unquoted backslash followed by a newline are discarded and cause the shell to wait for more input. The backslash and newline are discarded before the shell tokenizes the string, so long lines can be split anywhere outside of single quotes, even in the middle of command names and variable names.

Removing a file with rm only unlinks the file name from the data. The file blocks may still be on disk, and will only be reclaimed when the file system reuses that data. To erase a file proper, requires writing random bytes into the disk blocks occupied by the file. The following overwrites all the files in the current directory:

1 for i in * ; do     
2     dd if=/dev/urandom      
3        of="$i"               
4        bs=1024            
5        count=`expr 1 +    
6           `stat "$i" | grep 'Size:' | awk '{print $2}'`  
7              / 1024`
8 done

You can then remove the files normally with rm.