securely erase unused blocks in a partition

# cd $partition; dd if=/dev/zero of=ShredUnusedBlocks bs=512M; shred -vzu ShredUnusedBlocks
This command securely erases all the unused blocks on a partition. The unused blocks are the "free space" on the partition. Some of these blocks will contain data from previously deleted files. You might want to use this if you are given access to an old computer and you do not know its provenance. The command could be used while booted from a LiveCD to clear freespace space on old HD. On modern Linux LiveCDs, the "ntfs-3g" system provides ReadWrite access to NTFS partitions thus enabling this method to also be used on Wind'ohs drives. NB depending on the size of the partition, this command could take a while to complete.
Sample Output
# Example showing the /boot partition. Note command is run as root.

# cd /boot; dd if=/dev/zero of=ShredUnusedBlocks bs=512M; shred -vzu ShredUnusedBlocks
dd: writing `ShredUnusedBlocks': No space left on device
1+0 records in
0+0 records out
231747584 bytes (232 MB) copied, 8.21679 s, 28.2 MB/s
shred: ShredUnusedBlocks: pass 1/4 (random)...
shred: ShredUnusedBlocks: pass 1/4 (random)...20MiB/222MiB 9%
shred: ShredUnusedBlocks: pass 1/4 (random)...40MiB/222MiB 18%
shred: ShredUnusedBlocks: pass 1/4 (random)...60MiB/222MiB 27%
shred: ShredUnusedBlocks: pass 1/4 (random)...80MiB/222MiB 36%
shred: ShredUnusedBlocks: pass 1/4 (random)...100MiB/222MiB 45%
shred: ShredUnusedBlocks: pass 1/4 (random)...120MiB/222MiB 54%
shred: ShredUnusedBlocks: pass 1/4 (random)...140MiB/222MiB 63%
shred: ShredUnusedBlocks: pass 1/4 (random)...160MiB/222MiB 72%
shred: ShredUnusedBlocks: pass 1/4 (random)...180MiB/222MiB 81%
shred: ShredUnusedBlocks: pass 1/4 (random)...200MiB/222MiB 90%
shred: ShredUnusedBlocks: pass 1/4 (random)...220MiB/222MiB 99%
shred: ShredUnusedBlocks: pass 1/4 (random)...222MiB/222MiB 100%
shred: ShredUnusedBlocks: pass 2/4 (random)...
shred: ShredUnusedBlocks: pass 2/4 (random)...18MiB/222MiB 8%
shred: ShredUnusedBlocks: pass 2/4 (random)...39MiB/222MiB 17%
shred: ShredUnusedBlocks: pass 2/4 (random)...59MiB/222MiB 26%
shred: ShredUnusedBlocks: pass 2/4 (random)...79MiB/222MiB 35%
shred: ShredUnusedBlocks: pass 2/4 (random)...98MiB/222MiB 44%
shred: ShredUnusedBlocks: pass 2/4 (random)...118MiB/222MiB 53%
shred: ShredUnusedBlocks: pass 2/4 (random)...139MiB/222MiB 62%
shred: ShredUnusedBlocks: pass 2/4 (random)...158MiB/222MiB 71%
shred: ShredUnusedBlocks: pass 2/4 (random)...179MiB/222MiB 81%
shred: ShredUnusedBlocks: pass 2/4 (random)...199MiB/222MiB 90%
shred: ShredUnusedBlocks: pass 2/4 (random)...219MiB/222MiB 99%
shred: ShredUnusedBlocks: pass 2/4 (random)...222MiB/222MiB 100%
shred: ShredUnusedBlocks: pass 3/4 (random)...
shred: ShredUnusedBlocks: pass 3/4 (random)...17MiB/222MiB 8%
shred: ShredUnusedBlocks: pass 3/4 (random)...38MiB/222MiB 17%
shred: ShredUnusedBlocks: pass 3/4 (random)...58MiB/222MiB 26%
shred: ShredUnusedBlocks: pass 3/4 (random)...78MiB/222MiB 35%
shred: ShredUnusedBlocks: pass 3/4 (random)...97MiB/222MiB 44%
shred: ShredUnusedBlocks: pass 3/4 (random)...117MiB/222MiB 53%
shred: ShredUnusedBlocks: pass 3/4 (random)...137MiB/222MiB 62%
shred: ShredUnusedBlocks: pass 3/4 (random)...157MiB/222MiB 71%
shred: ShredUnusedBlocks: pass 3/4 (random)...177MiB/222MiB 80%
shred: ShredUnusedBlocks: pass 3/4 (random)...197MiB/222MiB 89%
shred: ShredUnusedBlocks: pass 3/4 (random)...217MiB/222MiB 98%
shred: ShredUnusedBlocks: pass 3/4 (random)...222MiB/222MiB 100%
shred: ShredUnusedBlocks: pass 4/4 (000000)...
shred: ShredUnusedBlocks: removing
shred: ShredUnusedBlocks: renamed to 00000000000000000
shred: 00000000000000000: renamed to 0000000000000000
shred: 0000000000000000: renamed to 000000000000000
shred: 000000000000000: renamed to 00000000000000
shred: 00000000000000: renamed to 0000000000000
shred: 0000000000000: renamed to 000000000000
shred: 000000000000: renamed to 00000000000
shred: 00000000000: renamed to 0000000000
shred: 0000000000: renamed to 000000000
shred: 000000000: renamed to 00000000
shred: 00000000: renamed to 0000000
shred: 0000000: renamed to 000000
shred: 000000: renamed to 00000
shred: 00000: renamed to 0000
shred: 0000: renamed to 000
shred: 000: renamed to 00
shred: 00: renamed to 0
shred: ShredUnusedBlocks: removed

By: mpb
2009-06-21 14:17:22

  • According to tune2fs manual, reserved blocks are designed to keep your system from failing when you run out of space. Its reserves space for privileged processes such as daemons (like syslogd, for ex.) and other root level processes; also the reserved space can prevent the filesystem from fragmenting as it fills up. By default this is 5% regardless of the size of the partition.

    sudo tune2fs -m 1 /dev/sda4
    bassel · 2009-09-14 21:11:55 1
  • this work even if a partition table exist

    echo -e "o\nn\np\n1\n\n\nw\n" | fdisk /dev/sdX
    bunam · 2012-04-05 13:04:40 0
  • Suppose you made a backup of your hard disk with dd: dd if=/dev/sda of=/mnt/disk/backup.img This command enables you to mount a partition from inside this image, so you can access your files directly. Substitute PARTITION=1 with the number of the partition you want to mount (returned from sfdisk -d yourfile.img). Show Sample Output

    INFILE=/path/to/your/backup.img; MOUNTPT=/mnt/foo; PARTITION=1; mount "$INFILE" "$MOUNTPT" -o loop,offset=$[ `/sbin/sfdisk -d "$INFILE" | grep "start=" | head -n $PARTITION | tail -n1 | sed 's/.*start=[ ]*//' | sed 's/,.*//'` * 512 ]
    Alanceil · 2009-03-06 21:29:13 3
  • Creates a temporary ram partition To use: ram 3 to make a 3gb partition (Defaults to 1gb) Show Sample Output

    ram() { mt=/mnt/ram && grep "$mt" < /proc/mts > /dev/null; if [ $? -eq 0 ] ; then read -p"Enter to Remove Ram Partition ";sudo umount "$mt" && echo $mt 0; else sudo mt -t tmpfs tmpfs "$mt" -o size=$(( ${1:-1} * 1024 ))m && echo $mt '-' "${1:-1}"gb; fi; }
    snipertyler · 2013-12-13 05:22:02 0

What Others Think

It looks like you forgot to specify the 'dd' part before if=/dev/zero. Also, be careful when running this on the partition where /home or /tmp is mounted because it can cause weird hangups when applications can no longer create temporary files, like when starting an X session.
bwoodacre · 465 weeks and 5 days ago
@bwoodacre Thanks for pointing out the missing "dd". Fixed now. You are also right about needing to be careful about filling /tmp. Hence the mention of LiveCD.
mpb · 465 weeks and 5 days ago
Doesn't handle slack in the last block of a file. Also other space is probably not overwritten on journalling filesystems.
pixelbeat · 465 weeks and 5 days ago
fwiw dban linux is supposed to be the ultimate shredder...
linuxrawkstar · 465 weeks and 4 days ago
Good point pixelbeat. In more words: in some filesystems, a 10 byte file still takes up (say, for instance) 4069 bytes (4K) of physical disk space. If you want to leave the existing files on the filesystem untouched, then this slack space is unwritable at the filesystem level. Something like ext2 would behave this way, but reiser3 packs many small files into the same block. So expanding a giant file and shredding it is a great start if you want/need to do things in place, but you aren't guaranteed to shred 100% of the unused disk bytes unless you use something at the block-device level like dban.
bwoodacre · 465 weeks and 4 days ago
@pixelbeat Where is the slack? The "dd" creates a single file from all the unused blocks in the partition in a file called "ShredUnusedBlocks". So the end of this file is the end of the last unused block. You can use the "df" command after the "dd" to verify 100% of the space in the partition is used up when the "ShredUnusedBlocks" file is created. Regarding the journal, what do you think the journal will be full of? I think it will be mostly full of writes of random data from the shred command. If the default number of overwrites from shred is not considered enough, it can be increased with the "-n" (or "--iterations=n") option. Example: specifying "-n16" for 16 iterations: cd /boot; dd if=/dev/zero of=ShredUnusedBlocks bs=512M; shred -vzu -n16 ShredUnusedBlocks
mpb · 465 weeks and 4 days ago

