Deleting files more securely in FreeBSD

People use computers to create and store bodies of text, in some format or another, that may contain private information. When these files are not encrypted—an all too common situation—then they can in theory be read by anyone with physical access to the storage medium upon which these files are encoded. But even worse, your files can be read even after you have deleted them.

That is because, simply put, when you instruct your system to delete a file (e.g. by executing “rm /path/to/file.txt”) it doesn’t really “delete” anything, it just makes the address unavailable to the system. Or, to use an analogy, the operating system is like a person who has forgotten where his diary is located. But the diary is still somewhere in his house, and anyone who can physically enter the house and searches thoroughly just might be able to find it. This may not be what you want.

So if you truly want no-one to be able to read your personal diary, then doing so by simply forgetting where you keep the diary makes no more sense in the binary world than it does in the physical universe. Instead, you want to take a big black marker pen and vigorously cross out every page of writing in the diary, preferably a couple of times just to be sure you didn’t miss anything. Something similar can be done to files on your FreeBSD system as well.

In order to securely delete files, you will first need to install the GNU coreutils in /usr/ports/sysutils/:

root@hostname:~ # cd /usr/ports/sysutils/coreutils/
root@hostname:/usr/ports/sysutils/coreutils # make install clean

This will install the GNU shred command, which will be called “gshred” on FreeBSD systems. Using this command, you can safely delete files containing sensitive data. For example, say you want to delete the file “private.txt” in your home directory. Then you would execute something like this:

[user@hostname ~]$ gshred -vuz private.txt

See also “man gshred” for more info.