Secure Remove Files & Directories from Mac OS X with the Command Line

Jun 9, 2013 - 5 Comments

Terminal logo Need to securely delete a file, group of files, or an entire directory, insuring that it’s quite literally never recoverable by any known possible means? You can do this easily from the command line with the help of an incredibly powerful tool called srm. srm, as you may have guessed, stands for ‘secure removal’, and is a secure version of the commonly used ‘rm’ command that exists in virtually every flavor of unix, Mac OS X included. Be advised this utility is not for everyone and certainly not for novice users, srm should be considered an advanced tool, and it’s best used by those who are comfortable with the command line and understand the data repercussions of secure delete functions.

How secure is srm? Well, the default for secure remove is the incredibly secure 35-pass method which uses the “35-pass Gutmann algorithm”, that basically means that first the data is removed, then written over 35 times using randomly generated patterns, making recovery quite literally impossible. For some comparison on how secure that is, srm also has a “medium” option setting which uses 7-pass security, and 7-pass meets the US Department of Defense standard for securely erasing data… thus, theoretically at least, the 35 pass method is 7 times more secure than what the US DoD accepts as their standard for secure data removal. We’re not going to focus on the medium option though, we’re going to use srm as it was intended to be used, with full 35-pass data removal.

For Advanced Users Only

This isn’t called “secure remove” for no reason, it’s called that because if a file has been deleted with secure remove, you will quite literally never be able to recover that file from the drive. Period. This is going far beyond the basic tricks of emptying the Trash or even forcibly trashing and removing files that way. Users who are not comfortable with the command line but who want to retain secure file removal options should consider using a simple method of secure deletion, or by using the “Always Secure Empty Trash” option that is available to the Mac OS X Finder instead. You have been warned, proceed with caution!

Secure Remove a File with srm

At it’s most simple, the srm command is used just by pointing it at a file or file path:

srm /path/to/file

Because the default option uses 35-pass, file removal can take a moment or two, and larger files will take longer to delete because passes of equal size are being used to overwrite the file and prevent recovery.

Secure Delete an Entire Directory

The -r flag can be applied to srm to make it delete recursively, thereby applying to directories and their contents:
srm -r /path/to/directory/

Again, deleting may take a moment or two because everything is being overwritten 35 times after it’s been deleted.

Force Secure Delete Anything

The -f flag adds force removal to srm. This is one of the more ‘dangerous’ commands because it’s like ‘rm -rf’ on steroids, meaning it will forcibly delete everything it’s pointed out, without any prompt, except that the addition of secure deletion insures that the removed file is absolutely never recoverable. Use with extreme caution.

srm -rf /file/to/destroy/from/everything

Because of the immense strength behind the -rf flag combination, it should only be used by advanced users and with absolute precision.

Forcibly & Securely Remove a Locked or Owned File with Super User

By prefixing sudo to the above -rf flag variation of srm you can apply super user (root) privileges to the forced file and directory removal process, thereby overwriting any ownership issues or file locking. This is as secure and as ‘dangerous’ as it gets because of the superuser access. Use with extreme caution and do not use this is unless you know what you’re doing and why you’re doing it:

sudo srm -rf /path/to/something/to/obliterate/from/existence/

Again, this is for advanced users only and should be limited with precise file and directory paths.

What About Securely Deleting Everything?

Though srm accepts wildcards, there is obviously giant potential for mistakes with such an approach, and it doesn’t format the drive. Thus, if you’re looking to securely delete every single thing on a computer, from an internal boot disk to an external drive of any type, you would be much better served using the secure format tools for an entire drive that are bundled within Disk Utility, which provide the option of 35-pass secure formatting.

.

Related articles:

Posted by: Paul Horowitz in Command Line, Mac OS, Tips & Tricks

5 Comments

» Comments RSS Feed

  1. Christopher Anderton says:

    SRM don’t work. Never did actually. The SRM project was quite dead back in 1999. Apple removed it in Sierra because of this.

  2. John says:

    There is also a GUI version of SecureRemove. It is a commercial product and supports 10 wiping algorithms.

    It is integrated in Finder and for that reason very easy to securely erasing your files. It also supports drag-n-drop.

    http://www.secureremove.com

  3. sudo says:

    > What About Securely Deleting Everything?
    > Though srm accepts wildcards, there is obviously giant potential for
    > mistakes with such an approach, and it doesn’t format the drive.
    > Thus, if you’re looking to securely delete every single thing on a
    > computer, from an internal boot disk to an external drive of any type,
    > you would be much better served using the secure format tools for an
    > entire drive that are bundled within Disk Utility, which provide the
    > option of 35-pass secure formatting.

    Or you can simply run ‘sudo srm -rf /’ to do it the “hardcore” way *evilgrin*

    • webkenny says:

      Ironically, if you did that, it wouldn’t actually erase everything because OS X is a GUI; not a pure shell. Even if you were to SSH into the box, you’d inadvertently remove sshd and be booted out of the session with a wholly unusable piece of garbage that you can no longer even SSH to.

      So it is hardcore, no doubt. Ha. In the way that you’d want to convert your Mac to a steaming pile of aluminum.

  4. amiss says:

    Thanks for the info!

    Tried to remove Apple Remote Desktop using the sudo command suggested in support.apple.com/kb/ht2577. But it prompted me for a password? which is neither my user or administrator log-in passwords. Which password is this refering to?

    I am using Macbook Air, June 2012, and this is my personal Mac. Appreciate some advice as I have been experiencing some “funny” things in the last few weeks… thanks!

Leave a Reply

 

Shop on Amazon.com and help support OSXDaily!

Subscribe to OSXDaily

Subscribe to RSS Subscribe to Twitter Feed Follow on Facebook Subscribe to eMail Updates

Tips & Tricks

News

iPhone / iPad

Mac

Troubleshooting

Shop on Amazon to help support this site