Updated: August 22, 2009
When you delete a file on your hard drive, the deletion operation merely dereferences the data physically stored from the system indexes that catalog and manage the inventory of all files and folders on your machine. This means that people with right skills and right tools can retrieve potentially important, secret, private, or embarrassing information from your hard disks long after you have thought to have deleted them.
If you fear this kind of scenario and miss hours of sleep pondering one paranoiac scenario after another, then you should start using specialized tools that should help you maintain the integrity and privacy of your data.
These tools include encryption and secure deletion of contents. We will talk about encryption in another article. Today, we will focus on secure deletion - or shredding.
In conventional terms, shredding is tearing large bits of paper (and such) into small bits. Some of you may have done this rather addicting ritual once or twice - slide a wad of papers into the maws of a grinder and watch it spit out spaghetti at the other end. You can even do this in the comfort of your home, using small, portable shredders that cost a blasting fortune.
This is what were going to do today - use the electronic version of the paper shredder to get rid of files that you do not wish anyone else to see. For instance, you've just severed your relationship with your mistress and it turned ugly and now you need to get rid of those seven thousand emails in a hurry, oh-oh ... Anyhow.
Most Linux distribution come with secure deletion tools already installed. If not, they are one click away in the repositories. Ubuntu or Linux Mint save you the hassle of the extra installation. shred is already included, in the multipurpose package called coreutils, which includes tens of utilities.
So all that is left is to start using shred.
shred is a command utility. It is run against files or folders, with certain flags. For example, we will do the following:
What do we have here?
- -f change permissions to allow writing if necessary
- -u truncate and remove file after overwriting
- -v be verbose (detailed) and show progress
- -z add a final overwrite with zeros to hide shredding
That's it basically. Now, let's see a real example:
The process is much longer than normal deletion, especially if you have many, large files you need to get rid of. But it works - and it works well. Still, there's one problem. Running shred from the command line is a very geeky procedure. Few people would want to do this on a daily basis. There must be an easier way ...
There is. It's called integrating shred into the Nautilus context menu.
Add shred to Nautilus context menu
For those who do not know what Nautilus is - it's the official file manager for the Gnome desktop. Just like you have Konqueror or Dolphin for KDE or Windows Explorer in Microsoft Windows. Context menu is what you see when you right-click on an object inside the file manager. It's called the context menu because the options change based on what object you clicked. In other words, it's contextual.
Normally, context menus contain basic functions like copy, paste, delete, send, open with, and others. Shred is not normally there, so we will add it.
Install Nautilus actions
To do this, we need a package called nautilus-actions, which allows you to edit the context menu by adding and removing entries or changing the existing ones.
After you install the utility, run it and click Add to create a new entry.
Creating a new entry requires some attention, so you do not want to create automated right-click tasks that run out of control. Therefore, be careful, especially when entering the command path and options, even more so with destructive commands like shred.
So we have quite a few fields to fill, let's see what they are:
Label, tooltip and icon are rather self-explanatory. I suggest you use meaningful names and hints so that other users - or yourself in distant future - will know what you meant when you created the entry.
Action is the really important bit. Path is specifies the command you wish to run. As you can see, I did not enter an absolute path (/usr/bin/shred) because shred is already part of my user's environment path.
You can check this by typing the command name (any one) or part thereof in the Terminal and hitting the Tab button for name completion. If the command exists in one of the several directories that are exported in your environment path, you will see the command name completed.
You can check what directories are queries for binary execution by typing the following in your terminal windows:
You will see that /usr/bin is part of this environment variable ($PATH), hence all commands that are located there can be executed without typing the full, absolute path.
All this said, it is always a good idea to use absolute paths, because you can never be sure if the environment variable is going to be altered somehow, a different version of the tool be used or installed - or any other unforeseen change happen.
If you're not sure, click the Browse button and search for the binary you need.
The other critical bit to pay attention is the Parameters field. Here, you specify what your command will do - and against which target. Therefore, you need to be aware of the different parameters and how they affect the execution of the command.
We saw earlier what -f -u -v -z do. By the way, you can use them as one string (-fuvz). Regardless, I warmly recommend that you spend time reading the manual pages on each and every command you wish to do add to Nautilus. For more about shred, check this man page.
%M seems a little strange, but it's actually how Nautilus interprets the command line. Click Legend for explanations. Indeed, we can see %M means a space-separated list of files and folders with their full paths. Excellent.
Now, move on to the next tab - Conditions.
This tab defines when (in which context) will the command appear in the right-click menu. In this case, we can all files. Match case is relevant only if you use specific file extensions, like .pdf, because in Linux, a cAse-sensitive operating system .pdf and .PDF is not the same.
Mimetypes is a geeky feature. It identifies files by their type rather than extension or name. For instance, you can use video/mpeg and then all files that are video files encoded as mpeg will show shed in the context menu.
In the bottom section, we want shred to appear both for files and folders and even when multiple objects are selected.
On the last tab, Advanced Conditions, we can configure the type of files we want shred to work with. Local files seems like the best option, but there are many others available.
And we're done.
Now, all we have to do is right-click on any folder/file and send it to oblivion.
There you go, now you know how to secure shred your files - and in a lazy way too, without going to the command line and typing geeky commands. Of course, 'tis a double-edged sword, because you will have to be very careful when deleting files this way. Shredding will remove them, permanently, irrevocably. You will not be able to undelete them once they're gone, so take this into consideration.
I hope you liked this tutorial. It may help you, especially if you have to use sensitive files on easily stolen devices, like laptops, and then get rid of them securely. shred is an easy and efficient way of doing it.
Many, many thanks to Ocky for inspiring this article!