CNET también está disponible en español.

Ir a español

Don't show this again


Options for secure file removal in the OS X Terminal

If you need to erase a file's contents in addition to its directory entry, you can do so with a couple of easy commands.

While deleting files in OS X simply involves moving them to the trash and emptying it, this routine does not remove the data of these items, but instead only clears the directory entry for them. The content of the items is kept on disk with the system having no way to access it; as a result, there is potential for the content to be scanned and recovered by data recovery tools.

To prevent this from happening, you can use secure-erase features in OS X, one of which is to securely delete the files in the Finder by choosing this option from the Finder menu, or by holding the Command key when right-clicking the Trash icon in the Dock.

That might be convenient when you are at your system, but if you regularly use the Terminal, either locally or via remote log-in, you might only be familiar with the classic "rm" command for removing files. Unfortunately, like the Finder, the default use of this command only removes the file's directory entry, leaving its contents on disk for potential recovery.

srm command in the Terminal
In this case, the file "DeleteMe" is being removed with the "-s" flag, which will only write a single pass of zeros to its contents (click for larger view). Screenshot by Topher Kessler/CNET

If you are using the Terminal and wish to securely delete a file, two options you can use are the following commands:

rm -P FILE

This command is the same "rm" command Terminal users are familiar with, but the use of the "-P" flag will overwrite the file three times with zeros and ones, ensuring that its contents are gone before the file is finally removed.

srm FILE

This command also overwrites files, but offers more options for doing so. Like the "rm" command above, this command supports a couple of flags for optional behaviors. By default, the "srm" command will perform a 35-pass erase routine, which is overkill for most needs, but if you use the "-s" flag, the command will only write once with random data, or if you use "-m," a seven-pass erase will be used on the targeted file.

With these commands, you will have a number of options for securely deleting files, whether it's in the Terminal application, in a remote SSH session, or when at the OS X Single User command prompt.

Questions? Comments? Have a fix? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.