?
Solved

How to ensure a file is deleted permanently

Posted on 2004-10-01
9
Medium Priority
?
312 Views
Last Modified: 2013-12-27
How do you ensure a file is deleted permanently on sun solaris.
We are trying to ensure the files data can not be recovered by any means
0
Comment
Question by:inzaghi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 40

Accepted Solution

by:
jlevie earned 500 total points
ID: 12199595
To ensure that a reasonable effort can't recover data from a file you need to overwrite the file with at least three passes (all zeros, all ones, and a random pattern). Then the file can be safely deleted. There are tools for doing this sort of thing like UniShred (http://www.lat.com/Our_Products.html)
0
 
LVL 10

Assisted Solution

by:Nukfror
Nukfror earned 500 total points
ID: 12205406
As jlevie said "reasonable effort" ... but you said "by any means" which means you must phsyically degause the media and then smash it to bits.  Don't laugh - I've worked at places where this is a regular practice.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 12205621
Nukfor is correct. If you really mean "by any means" the only option becomes physical destruction of the disk drive(s). And that means dropping them into a hammer mill or a furnace hot enough to melt the platters down. Nothing less than this will suffice if that requirement must be met.
0
Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

 
LVL 4

Expert Comment

by:Otetelisanu
ID: 12214737
echo " " >file_name
0
 

Expert Comment

by:jcarnevale
ID: 12248369
If we are dealing with a single file than the easiest way to make sure that it can no longer be read is to simply delete it (rm -rf <filename>) and then create the same file again with nothing in it  (touch <filename>).  I'm guessing you don't want to destroy your HDD and you certainly don't want to wipe out your partition.

Another option would be to create a new file system, mv the file to it, then blow out the file system.

Neither of these options really cover the "by any means" qualification but I don't know anyone who would be able to find that file or the contents of it if you follow either of these methods.  Good luck.
0
 
LVL 3

Expert Comment

by:Mike R.
ID: 12252342
After removing a file with “rm”, writing null data again to the same file name does not necessarily guarantee the data will be nullified from the disk, as the “new” file may not point to the same physical location on the disk (inode).  To make sure the actual magnetic media section of the disk on which the file resided is wiped, you would have to access the area by inode.

-You can use "ls -i" to obtain the inode number of the file.
-Look into "man clri" (man on "clear inodes" command) to see about clearing the data at the inode (however, I believe this permanently removes the data area from usability.)
-Look into obtaining “debugfs” for modifying data by inode (not sure if its avail for Solaris though.)
-This link has some good info about UNIX file systems and inodes...
http://www.unix.org.ua/orelly/networking/puis/ch05_01.htm

…if you are looking to clear the entire hard drive without destroying it…do the following…

1.      Boot to the Solaris install disk
2.      When it starts the install GUI, open a terminal window (don’t start the install)
3.      In the terminal window, type “format”
4.      Select the appropriate disk from the menu which will appear
5.      From the next menu, select “Analyze”

This will do a four pass read/write to the entire drive…writing zeros to the disk.  This should SUFFICIENTLY clear the data.  This is acceptable for most DoD level security…however, again, the ONLY way to guarantee the data is unrecoverable is to destroy the platter.

Best of Luck!
M
0
 
LVL 40

Expert Comment

by:jlevie
ID: 12254560
A four pass overwrite is only acceptable for data at the DoD Secret level or below. Above that destruction is the only acceptable method. And there are caveats for sanitization relating to bad block replacement at the Secret level. Chapter 8 of the NISPOM covers this for non-government agencies.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

My previous tech tip, Installing the Solaris OS From the Flash Archive On a Tape (http://www.experts-exchange.com/articles/OS/Unix/Solaris/Installing-the-Solaris-OS-From-the-Flash-Archive-on-a-Tape.html), discussed installing the Solaris Operating S…
I have been running these systems for a few years now and I am just very happy with them.   I just wanted to share the manual that I have created for upgrades and other things.  Oooh yes! FreeBSD makes me happy (as a server), no maintenance and I al…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question