How to Permanently and Securely Delete Files on Linux

Ordinary deletion using the Delete key, trash bin, or rm only removes directory entries, leaving the data hidden on the disk and recoverable by attackers, forensic tools, or data thieves. When files contain sensitive credentials or confidential information, secure erasure is essential.

1. shred – overwrite file contents

The shred command overwrites a file multiple times before optionally deleting it. $ shred -zvu -n 5 passwords.list Options:

-z – overwrite with zeros to hide shredding

-v – show progress

-u – truncate and delete after overwriting

-n – number of overwrite passes (default 3)

See more options with man shred.

2. wipe – secure file deletion

Install wipe first:

$ sudo apt-get install wipe   # Debian/Ubuntu
$ sudo yum install wipe       # RedHat/CentOS

Example to destroy all files in private directory: $ wipe -rfi private/* Flags:

-r – recursive

-f – force deletion, suppress confirmations

-i – show progress

Note: wipe works reliably only on magnetic storage; SSDs require different methods.

3. secure-delete suite (srm)

Install the suite:

$ sudo apt-get install secure-delete   # Debian/Ubuntu
$ sudo yum install secure-delete       # RedHat/CentOS

Securely delete files or directories: $ srm -vz private/* Options used:

-v – verbose

-z – overwrite final pass with zeros

4. sfill – erase free disk/inode space

sfill

fills free space on a partition with random data, preventing recovery of previously deleted files. $ sudo sfill -v /home/username Run on the target partition (e.g., root or a dedicated /home partition). See man sfill for limitations and extra flags.

5. sswap – secure swap area erasure

Before using sswap, disable the swap partition:

$ sudo swapoff /dev/sda6
$ sudo sswap /dev/sda6   # performs ~38 passes

Read man sswap for more details.

6. sdmem – secure RAM erasure

Erase RAM contents securely: $ sudo sdmem -f -v Consult man sdmem for additional options.

These tools together provide a comprehensive approach to permanently removing sensitive data from Linux systems, covering individual files, whole directories, free space, swap partitions, and even volatile memory.