srm - Man Page
securely remove files or directories
Examples (TL;DR)
- Remove a file after a single-pass overwriting with random data:
srm -s path/to/file
- Remove a file after seven passes of overwriting with random data:
srm -m path/to/file
- Recursively remove a directory and its contents overwriting each file with a single-pass of random data:
srm -r -s path/to/directory
- Prompt before every removal:
srm -i \*
Synopsis
srm [OPTION]... FILE...
Description
srm removes each specified file by overwriting, renaming, and truncating it before unlinking. This prevents other people from undeleting or recovering any information about the file from the command line. By default srm uses the simple mode to overwrite the file's contents. You can choose a different overwrite mode with --dod, --doe, --openbsd, --rcmp, --gutmann. If you specify more than one mode option, the last option is used.
You can use srm to overwrite block devices. The device node is not removed after overwriting. This feature is available on Linux. Files with multiple hard links will be unlinked but not overwritten.
srm, like every program that uses the getopt function to parse its arguments, lets you use the -- option to indicate that all following arguments are non-options. To remove a file called `-f' in the current directory, you could type either
rm -- -f
or
rm ./-f
Options
- -d, --directory
ignored (for compatibility with rm(1))
- -f, --force
ignore nonexistent files, never prompt
- -i, --interactive
prompt before any removal
- -r, -R, --recursive
remove the contents of directories recursively
- -x, --one-file-system
when removing a hierarchy recursively, skip any directory that is on a file system different from that of the corresponding command line argument. (Not supported on Windows)
- -s, --simple
Overwrite the file with a single pass of 0x00 bytes. This is the default mode.
- -P, --openbsd
OpenBSD compatible rm. Files are overwritten three times, first with the byte 0xFF, then 0x00, and then 0xFF again, before they are deleted.
- -D, --dod
US Dod compliant 7-pass overwrite.
- -E, --doe
US DoE compliant 3-pass overwrite. Twice with a random pattern, finally with the bytes "DoE". See http://cio.energy.gov/CS-11_Clearing_and_Media_Sanitization_Guidance.pdf for details.
- -G, --gutmann
Use the 35-pass Gutmann method. See http://en.wikipedia.org/wiki/Gutmann_method for details.
- -C, --rcmp
Royal Canadian Mounted Police compliant 3-pass overwrite. First pass writes 0x00 bytes. Second pass writes 0xFF bytes. Third pass writes "RCMP". See https://www.cse-cst.gc.ca/en/node/270/html/10572 for details.
- -v, --verbose
explain what is being done. Specify this option multiple times to increase verbosity.
- -h, --help
display this help and exit.
- -V, --version
output version information and exit.
Signals
- SIGINFO, SIGUSR2
show current write position and filename handled.
Entire Hard Disks
srm can write to block devices on Linux. You can use srm to securely delete an entire hard disk, however you should only do this for classic magnetic drives. The modern solid state disks (SSD) have a faster and better way to erase all contents, Secure Erase. For a Linux operating system see https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase
Notes
srm can not remove write protected files owned by another user, regardless of the permissions on the directory containing the file.
Development and discussion of srm is carried out at https://sourceforge.net/projects/srm/ which is also accessible via http://srm.sourceforge.net/. See http://en.wikipedia.org/wiki/Data_remanence for a general discussion about overwriting data.
See Also
- rm(1)
http://www.gnu.org/software/coreutils/manual/coreutils.html#rm-invocation
- shred(1)
http://www.gnu.org/software/coreutils/manual/coreutils.html#shred-invocation
- wipe(1)
- secure-delete
- scrub(1)