Solved

How to ensure a file is deleted permanently

Posted on 2004-10-01
9
308 Views
Last Modified: 2013-12-27
How do you ensure a file is deleted permanently on sun solaris.
We are trying to ensure the files data can not be recovered by any means
0
Comment
Question by:inzaghi
9 Comments
 
LVL 40

Accepted Solution

by:
jlevie earned 125 total points
ID: 12199595
To ensure that a reasonable effort can't recover data from a file you need to overwrite the file with at least three passes (all zeros, all ones, and a random pattern). Then the file can be safely deleted. There are tools for doing this sort of thing like UniShred (http://www.lat.com/Our_Products.html)
0
 
LVL 10

Assisted Solution

by:Nukfror
Nukfror earned 125 total points
ID: 12205406
As jlevie said "reasonable effort" ... but you said "by any means" which means you must phsyically degause the media and then smash it to bits.  Don't laugh - I've worked at places where this is a regular practice.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 12205621
Nukfor is correct. If you really mean "by any means" the only option becomes physical destruction of the disk drive(s). And that means dropping them into a hammer mill or a furnace hot enough to melt the platters down. Nothing less than this will suffice if that requirement must be met.
0
Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

 
LVL 4

Expert Comment

by:Otetelisanu
ID: 12214737
echo " " >file_name
0
 

Expert Comment

by:jcarnevale
ID: 12248369
If we are dealing with a single file than the easiest way to make sure that it can no longer be read is to simply delete it (rm -rf <filename>) and then create the same file again with nothing in it  (touch <filename>).  I'm guessing you don't want to destroy your HDD and you certainly don't want to wipe out your partition.

Another option would be to create a new file system, mv the file to it, then blow out the file system.

Neither of these options really cover the "by any means" qualification but I don't know anyone who would be able to find that file or the contents of it if you follow either of these methods.  Good luck.
0
 
LVL 3

Expert Comment

by:Mike R.
ID: 12252342
After removing a file with “rm”, writing null data again to the same file name does not necessarily guarantee the data will be nullified from the disk, as the “new” file may not point to the same physical location on the disk (inode).  To make sure the actual magnetic media section of the disk on which the file resided is wiped, you would have to access the area by inode.

-You can use "ls -i" to obtain the inode number of the file.
-Look into "man clri" (man on "clear inodes" command) to see about clearing the data at the inode (however, I believe this permanently removes the data area from usability.)
-Look into obtaining “debugfs” for modifying data by inode (not sure if its avail for Solaris though.)
-This link has some good info about UNIX file systems and inodes...
http://www.unix.org.ua/orelly/networking/puis/ch05_01.htm

…if you are looking to clear the entire hard drive without destroying it…do the following…

1.      Boot to the Solaris install disk
2.      When it starts the install GUI, open a terminal window (don’t start the install)
3.      In the terminal window, type “format”
4.      Select the appropriate disk from the menu which will appear
5.      From the next menu, select “Analyze”

This will do a four pass read/write to the entire drive…writing zeros to the disk.  This should SUFFICIENTLY clear the data.  This is acceptable for most DoD level security…however, again, the ONLY way to guarantee the data is unrecoverable is to destroy the platter.

Best of Luck!
M
0
 
LVL 40

Expert Comment

by:jlevie
ID: 12254560
A four pass overwrite is only acceptable for data at the DoD Secret level or below. Above that destruction is the only acceptable method. And there are caveats for sanitization relating to bad block replacement at the Secret level. Chapter 8 of the NISPOM covers this for non-government agencies.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A metadevice consists of one or more devices (slices). It can be expanded by adding slices. Then, it can be grown to fill a larger space while the file system is in use. However, not all UNIX file systems (UFS) can be expanded this way. The conca…
Using libpcap/Jpcap to capture and send packets on Solaris version (10/11) Library used: 1.      Libpcap (http://www.tcpdump.org) Version 1.2 2.      Jpcap(http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/index.html) Version 0.6 Prerequisite: 1.      GCC …
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question