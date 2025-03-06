Deleting a file on a storage disk does not wipe or overwrite the data. Instead, it marks the location as available for the system to use when writing other files. This approach isn't typically a problem on a daily basis, but it becomes an issue when disposing of disks or repurposing storage media.

Whether donating systems to charity, selling a used computer or throwing out that old, outdated hard disk drive, it is important to carefully wipe the data on it. That's also true if you're repurposing an old desktop from the sales department to the kiosk in the front lobby, for example.

Linux relies on two primary tools to overwrite data securely: shred and dd. They offer similar functionality but have a few different configuration options. Let's examine how to use shred and dd commands, and discuss how to use them to manage old storage devices that might contain information you want covered up.

How to use the shred command The Linux shred command obfuscates data by overwriting it with random information or zeros. All you have to do is target a file or storage area and define any additional features. Shred takes care of the rest. Be aware that shred can take a long time to run on today's massive storage devices. Install shred Begin by verifying shred is installed on your distribution. Not all Linux distributions include it. Type shred without options or arguments to see if it's installed. If it's not installed, use the DNF package manager on your Red Hat-derived distribution to add it. sudo dnf install -y shred If you're using a Debian-derived distro, such as Ubuntu, type the following. sudo apt install -y shred It's also part of the GNU Coreutils package, which most distributions have. You can add the Coreutils package using your package manager. sudo dnf install -y coreutils

sudo apt install -y coreutils Be careful with shred. Remember, it is designed to make data unrecoverable. Be sure of your target device or file before running this command. Common shred options The following are some of the most common shred options: -n defines the number of passes (overwrites) for the target. More is better, but the process takes longer.

defines the number of passes (overwrites) for the target. More is better, but the process takes longer. -v displays progress information.

displays progress information. -f forces shred to overwrite files with read-only permissions.

forces shred to overwrite files with read-only permissions. -z adds a final overwrite job consisting of zeros.

adds a final overwrite job consisting of zeros. -u overwrites the data and then deletes the file for an extra layer of security. Use shred --help to display all options. Example 1. Shred a file The shred command is straightforward. You don't even need any options. To shred a single file using default settings, type the following. shred filename.txt Define a custom number of overwrites by using the -n option. In this case, there are 10 overwrites. shred -n 10 filename.txt It's advisable to conduct a final overwrite with zeros. Use the -z option for that feature, as seen here. shred -z filename.txt As with other Linux commands, you can combine options for increased functionality. Example 2. Shred a partition You can direct shred to a volume by using the device path instead of a file name. For example, to apply shred to the sdb1 partition with five overwrites, a final pass with zeros and then deleting the file, type the following. shred -n 5 -uvz /dev/sdb1 Recall that shred may take a long time on large storage devices.

How to use the dd command The Linux dd command is quite versatile. One of its capabilities is securely overwriting data on a storage disk. It also copies and converts file system trees. Be careful using dd on production systems. It overwrites existing data, making it difficult to recover from any mistakes. The syntax for dd is different from most Linux commands you're familiar with. It includes specifications for the input and output files. Think of these files as the source and target of the content you're writing. if={input-file}

of={output-file} The input file can be a file, file system or special source device, such as /dev/zero or /dev/random. You also define the block size by using the bs option. Larger block sizes speed up processing. Install dd Like shred, dd is part of the GNU Coreutils package, so you probably already have access to it. You can use both commands if you installed the Coreutils package, as seen in the shred section above. Like shred, dd irrevocably overwrites information, so be careful when using it in production. Check your commands carefully. Using the dd command To sanitize a disk using dd, overwrite existing data with random content sourced from the /dev/random special device. Begin by unmounting the storage space and then running the dd command. umount /dev/sdb

dd if=/dev/urandom of=/dev/sdb bs=1M status=progress When the process completes, add a new file system using the mkfs command. You can then mount the file system and begin using the overwritten space for new data.

Comparing shred and dd commands Both tools are essential, so it benefits you to know when to use each. The following lists compare attributes of each and when to use each tool: Attributes Shred is usually better for individual files. Shred overwrites data multiple times, ensuring greater effectiveness. Shred can overwrite data with random numbers and then conduct a final pass of zeros to hide the shredding process. Dd is usually faster than shred for partitions and disks. Dd can use larger block sizes for greater efficiency. Dd provides a single pass, so you may need to run it multiple times.

Use shred in the following situations: You need to delete files or directories securely. You want multiple passes during the overwriting process. You want to preserve the file system but securely delete the files.

Use dd in the following situations: You need to wipe a partition or drive. Speed is more important than multiple passes.

The shred and dd utilities are not necessarily an either-or decision. Instead, you use each tool for specific circumstances.