48
13
I need to securely erase some files. I have used shred on linux systems before, so I looked around and found that shred is part of the coreutils package in macports. I did port install coreutils to install coreutils, but I still can't find shred in the command line.
How can I get shred to work on my mac's command line? If it matters, I'm using Mac OS X 10.7.5 (Lion)
inspectorG4dget
Posted 2013-07-09T15:23:27.310
Reputation: 1 153
30
port install coreutils adds a g prefix to the names of binaries, so shred is /opt/local/bin/gshred.
Lri
Posted 2013-07-09T15:23:27.310
Reputation: 34 501
11brew install coreutils makes gshred available for those using Homebrew. – davidjb – 2017-04-20T03:35:18.603
60
OSX has a built in command srm to securely remove files. See https://developer.apple.com/legacy/library/documentation/Darwin/Reference/ManPages/man1/srm.1.html. You can also use rm -P to overwrite the files with sequences of bytes three times.
With sierra or later, macOS no longer includes srm. But users can install it with homebrew:
brew install homebrew/dupes/srm && brew link --force homebrew/dupes/srm
Lily Hahn
Posted 2013-07-09T15:23:27.310
Reputation: 1 215
2+1 Excellent answer. I didn't know the srm command existed. It overwrites, renames and truncates the file before deleting it. That, plus the 7 US DoD compliant passes (0xF6, 0x00, 0xFF, random, 0x00, 0xFF, random) (-m option) guarantee the file is irrecoverable. – Tulains Córdova – 2014-09-23T00:19:41.057
3As of macOS Sierra, srm is no longer included. – y3sh – 2016-09-22T19:16:46.983
1macOS users can install srm with brew command brew install homebrew/dupes/srm. – hd.deman – 2016-12-20T22:45:51.063
1homebrew/dupes is now deprecated. Seems that srm was removed and not migrated to homebrew-core. – davidjb – 2017-04-20T03:32:10.960
1srm was moved from homebrew-dupes to homebrew-core then removed entirely. There's a 3rd party tap for it here; install with brew install khell/homebrew-srm/srm then srm secrets.txt, etc.
Better to not though.. see this my answer. – Molomby – 2017-05-14T05:14:19.450
I have spindle, usb sticks, ssd, etc that I attach ... srm is a good tool for some of them. – Rondo – 2019-05-17T22:16:29.813
1Sure, but shred lets me set the number of overwrites. These tools don't. Any ideas on how to get that functionality? – inspectorG4dget – 2013-07-09T15:37:29.447
You can use the -m option for seven overwrites or -s for only one, but I don't think you can specify a specific number. – Lily Hahn – 2013-07-09T15:40:56.917
21
@user495470's answer is correct for the question posed. The problem is neither srm or shred really make sense for modern systems.
This is mostly due to SSDs. Unlike magnetic disks, modern TRIM-enabled disks automatically clear deleted data in the background.
SSD's also perform wear leveling. This makes attempts to "over-write" a file both futile (you'll be writting to a different physical location) and undesirable (it needlessly contributes to disk wear).
All Macs that come with an SSDs have TRIM enabled.
The other problem the file system, specifically journaled file systems, which can keep a copy of data elsewhere before it's written out.
Even on magnetic media this can cause problems for both srm:
All users [..] should be aware that srm will only work on file systems that overwrite blocks in place. In particular, it will NOT work on [..] the vast majority of journaled file systems.
And shred:
[..] shred relies on a very important assumption: that the file system overwrites data in place. [..] many modern file system designs do not satisfy this assumption. Exceptions include: Log-structured or journaled file systems [..]
HFS Plus volumes are journaled by default since Mac OS X v10.3.
These days, the best way to securely "deleted" files is to enable FileVault (so they're never write disk unencrypted in the first place) then just delete them and let TRIM sort it out.
If, by stroke of misfortune, you're on a magnetic medium, have journalling disabled and, for some reason, can't encrypt the disk, you're options are:
rm -P which overwrites files with 0xff, then 0x00, and then 0xff againcoreutils for gshred (ie. brew install coreutils && gshred secrets.txt)srm has been removed from homebrew-dupes and homebrew-core but someone's published a tap here that works (ie. brew install khell/homebrew-srm/srm && srm secrets.txt)
Molomby
Posted 2013-07-09T15:23:27.310
Reputation: 1 486
But I guess shred is still fine if you shred the whole partition or the whole disk. – Konstantin – 2017-10-28T07:11:55.973
You mean like shred /dev/hda? Yeah, I guess so. The blocks being addressed by the OS are still abstracted from the physical memory though and are potentially being remapped during the shred. I wonder if any wear leveling and reserve space is implementations could cause this to not always work.. – Molomby – 2017-10-28T12:02:08.847
2+1 for the explanation about why shredding is pointless on SSDs and the suggestion to use FileVault. Is APFS journaled or do we know how it handles file deletion? (Should probably be a separate thread!) – Stuart H – 2019-03-29T15:06:31.870
1There seems to be the assumption here that secure deleting is needed only for 'internal' drives. Attached drives come in all forms and srm would be appropriate for some of them. – Rondo – 2019-05-17T22:14:53.343
Note the security of
shreddepends on the filesystem being used, I don't know how effective it is on HFS. – Flimm – 2015-07-09T09:06:12.3901shred is not effective on journaled file systems that is why it is not available. SRM also was found to not be effective. Just delete normally and pray seems to be the only hope on hfs+ journaled filesystems – Kevin Johnson – 2016-10-15T18:36:17.823
Really?! Could you please talk about why it is not effective? – inspectorG4dget – 2016-10-15T20:30:00.887
1
Journaled filesystems record the changes that will be made before the write to the disk. It can be used to recover from file corruption, or recover data you wish had been shreded. See https://en.wikipedia.org/wiki/Journaling_file_system
– Alex Mooney – 2016-11-07T18:01:00.670