Permanently and Securely delete files in Linux
A hard disk uses indexing to organize files. Indexing on a hard disk works similarly to a book. The index page of a book tells the starting page number of each chapter. You do not need to review each page to open a specific chapter. You can learn the starting page number of that chapter from the index page. After that, you can directly go to that page number to open that particular chapter.
A hard disk uses the same method to save and access files. It keeps an index of the location of all files. When the operating system asks the hard disk to open a particular file, the hard disk checks the file's location from the index and uses that location to access the file.

The rm command
The default Linux installation includes the rm command for deleting files and folders. This command removes only index entries. It does not delete the file from the disk. It marks the block containing the actual file as free in the index. When we save a new file, the following happens.
Linux checks the index for free blocks. It uses the first available block to save the file if free blocks are available. If the block contains any data, it overwrites the existing data.
A block marked as free contains old data until the system overwrites it with the new data. Various Data recovery software and techniques take advantage of this default behaviour to retrieve the deleted data from the blocks marked as free in the index. For example, deleting the file e using the #rm e command only deletes the index entry. It does not remove the actual file from the disk.

Since the disk still contains the file's data, an unauthorized user can access it using data recovery software. We must also delete the file from the disk to mitigate all chances of data recovery from a deleted file. For this, the rm command is insufficient.
The shred command
The shred command fills this gap. First, it removes the file's entry from the index. Then, it overwrites the file's data with raw data many times, making it completely inaccessible.

Installing shred utility
The coreutils package provides the shred utility. It is part of the default installation. Since it is part of the default installation, the shred command is also available. For any reason, if not, use the following command to install it.
$sudo apt-get install coreutils

Using shred command
The shred command uses the following syntax: -
$shred [option] file/partition/drive
Essential options
| -f | Perform delete and overwrite operations forcefully. |
| -v | Display the operation's progress. |
| -z | Add a final overwrite with zeros to hide the act of shredding. |
| -n | Perform the overwrite operation times as this option specifies. |
| -u | Delete the file/partition/drive after the overwriting. |
You can check the manual pages for a complete list of options with other details.
$man shred
Examples of the shred command
To demonstrate the examples of the shred command, I added a separate disk /dev/sdb to my test system. This disk contains two partitions: /dev/sdb1 and /dev/sdb2. The /securedrive/digilocker and /securedrive/database directories mount these partitions. The /securedrive/digilocker directory contains a file named credit-card.
Deleting a file
The following command deletes the file credit-card from the /securedirve/digilocker directory.
$sudo shred –vfzu –n 5 /securedirve/digilocker/credit-card

Deleting a partition
With the same command, we can also delete a partition. Replace the file name with the partition number to overwrite and delete the entire partition. For example, the following command overwrites the partition /dev/sdb1 ten times with random data.
$sudo shred -vfzu -n 10 /dev/sdb1
When deleting the entire partition, we must provide the exact partition number. If not, it deletes the whole drive instead of a single partition from the drive. For example, to delete a single partition /dev/sdb1 from the drive /dev/sdb, use /dev/sdb1. To delete the entire drive, use /dev/sdb.
If unsure about the partition number, you can list all partitions from the fdisk command.

Since it overwrites the entire partition, you may get a low disk space warning if running this command in a GUI environment.
Overwriting/deleting the entire drive
We can overwrite the entire drive with random raw data like a file or partition. For example, the following command first overwrites the drive /dev/sdb three times (first two times with random data + one last time with all zeros), renames the drive name using zeros and finally removes all recoverable traces of the drive.
$sudo shred –vfzu –n 2 /dev/sdb

The process may take a long time, depending on the drive size and the number of overwriting steps.
Why does the system not boot after deleting the partition/drive from the shred command?
The shred command only overwrites and deletes the data and indexing information. It does not change the partition table and configuration files that manage storage devices in the system. The boot process uses the configuration file /etc/fstab to mount the storage devices. If we do not update this file after deleting a drive or partition, the boot process tries to mount it. Since the partition or drive has been deleted, it fails to mount it. A mount failure halts the boot process with the following error message.

To solve this issue, when overwriting and deleting the entire partition or drive with the shred command, delete the relative information from the file /etc/fstab.

Compatibility
The manual pages of the shred command provide all necessary information about compatibility.

As stated in the manual, it does not work effectively on the following types of filesystems: -
- Log-structured or journaled filesystems, such as those supplied with AIX and Solaris (and JFS, ReiserFS, XFS, Ext3, etc.)
- Filesystems that write redundant data and carry on even if some writes fail, such as RAID-based filesystems
- Filesystems that make snapshots, such as Network Appliance's NFS server
- Filesystems that cache in temporary locations, such as NFS version 3 clients
- Compressed filesystems
Conclusion
Deleting essential files with the rm command is insufficient. The rm command only removes index entries. It does not delete the file data from the disk. The shred command deletes both. It also overwrites the block containing the deleted file's data with random raw data.
Author Laxmi Goswami Updated on 2026-03-17