Shred command

Where Penguins and Daemons chill together in the warmth of the Sun.

Moderators: SecretSquirrel, notfred

Shred command

Postposted on Sat Dec 13, 2008 7:40 am

I want to shred some personal files and wonder if there is any way to shred a directory and its subdirectories recursively?

The error I get when I try the command below under Ubuntu 8.10 is "shred: filename/: failed to open for writing: Is a directory"
Code: Select all
shred -n 3 -vuz filename
Last edited by Dirge on Sat Dec 13, 2008 7:50 am, edited 2 times in total.
FDISK /MBR
Dirge
Gerbil Jedi
 
Posts: 1552
Joined: Thu Feb 19, 2004 3:08 am
Location: New Zealand

Re: Shred commcand

Postposted on Sat Dec 13, 2008 7:48 am

To answer my own question it seems shred doesn't suppport recursion. http://www.slac.stanford.edu/comp/unix/secure-erase.html#EraseFiles

In case anyone cares.. scary thing I just found is this warning from the same site.

Warning: shred follows symbolic links, which can have surprising and probably unintended results. Make sure you only list regular files on the command line.
FDISK /MBR
Dirge
Gerbil Jedi
 
Posts: 1552
Joined: Thu Feb 19, 2004 3:08 am
Location: New Zealand

Re: Shred command

Postposted on Sat Dec 13, 2008 10:55 am

shred is probably not going to do what you want it to do as I suspect you are running a modern file system.
manpage wrote:CAUTION: Note that shred relies on a very important assumption: that
the file system overwrites data in place. This is the traditional way
to do things, but many modern file system designs do not satisfy this
assumption. The following are examples of file systems on which shred
is not effective, or is not guaranteed to be effective in all file sys‐
tem modes:

* log-structured or journaled file systems, such as those supplied with
AIX and Solaris (and JFS, ReiserFS, XFS, Ext3, etc.)
notfred
Grand Gerbil Poohbah
 
Posts: 3736
Joined: Tue Aug 10, 2004 10:10 am
Location: Ottawa, Canada

Re: Shred command

Postposted on Sat Dec 13, 2008 1:14 pm

As notfred notes, shred probably isn't doing what you think it is if you're running a journaling file system (ext3, jfs, ntfs, etc.) To be truly effective at removing all traces of the sensitive data, you would need to shred the entire raw partition and reformat.

If you're intent on using it anyway, using the find command to recurse through the directory tree and invoke shred is the way to do it. But all you'd really be doing is giving yourself a false sense of security.
(this space intentionally left blank)
just brew it!
Administrator
Gold subscriber
 
 
Posts: 37739
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Shred command

Postposted on Sat Dec 13, 2008 5:17 pm

Thanks for the heads up before I start wasting my time with that command. I don't want to compromise myself with a false sense of security either. I found shred mentioned in Linux Server Hacks, Volume Two but saw no mention of the drawbacks.
FDISK /MBR
Dirge
Gerbil Jedi
 
Posts: 1552
Joined: Thu Feb 19, 2004 3:08 am
Location: New Zealand

Re: Shred command

Postposted on Sat Dec 13, 2008 5:45 pm

If you really want to be sure that something is gone then I would DBAN the drive (after backing up anything that you cared about on that drive). I do that on any old hard drives before I recycle them.
notfred
Grand Gerbil Poohbah
 
Posts: 3736
Joined: Tue Aug 10, 2004 10:10 am
Location: Ottawa, Canada

Re: Shred command

Postposted on Sat Dec 13, 2008 5:57 pm

Yup I have a copy of DBAN for just such an occasion.
FDISK /MBR
Dirge
Gerbil Jedi
 
Posts: 1552
Joined: Thu Feb 19, 2004 3:08 am
Location: New Zealand

Re: Shred command

Postposted on Sun Dec 14, 2008 12:00 pm

Looks like notfred and I may have jumped the gun a bit. If you're using ext3 with default settings, shred may still be of some value:
shred man page wrote:In the case of ext3 file systems, the above disclaimer applies (and shred is thus of limited effectiveness) only in data=journal mode, which journals file data in addition to just metadata. In both the data=ordered (default) and data=writeback modes, shred works as usual. Ext3 journaling modes can be changed by adding the data=something option to the mount options for a particular file system in the /etc/fstab file, as documented in the mount man page (man mount).
(this space intentionally left blank)
just brew it!
Administrator
Gold subscriber
 
 
Posts: 37739
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer


Return to Linux, Unix, and Assorted Madness

Who is online

Users browsing this forum: No registered users and 1 guest