Quick take: The shred command overwrites a file's data multiple times to make recovery hard, then can delete it: shred -u -n 3 secret.txt. Note it is less effective on journaling and copy-on-write filesystems.
Introduction
Deleting a file with rm only removes its directory entry — the data often remains on disk and can be recovered. The shred command overwrites the file's contents with random data several times first, making recovery far harder. It is the tool for disposing of sensitive files, with some important filesystem caveats.
Syntax
The basic syntax of the shred command is:
shred [OPTIONS] FILE...Common Options and Parameters
The most useful options and parameters for the shred command:
| Option | Description |
|---|---|
| -u | Remove the file after overwriting it. |
| -n N | Overwrite N times (default is 3). |
| -z | Add a final pass of zeros to hide shredding. |
| -v | Verbose — show progress. |
| -s SIZE | Shred only the first SIZE bytes. |
| -f | Force — change permissions if needed to write. |
Practical Examples
Real shred commands you can run today:
# Overwrite and delete a file
shred -u secret.txt
# Three passes plus a zero pass, then delete
shred -vzn 3 -u secret.txt
# Overwrite without deleting
shred -v private.key
# Shred a whole device (advanced, dangerous)
sudo shred -vn 1 /dev/sdXTips and Best Practices
- shred is most reliable on traditional ext filesystems; on journaling, RAID, or copy-on-write filesystems (Btrfs, ZFS) and SSDs, overwriting may not reach the original blocks.
- For SSDs, prefer the drive's secure-erase feature or full-disk encryption from the start, since wear-levelling defeats per-file overwriting.
- Use
-uto delete after shredding; without it, the (now overwritten) file remains on disk.
Final Thoughts
shred makes deleted files much harder to recover by overwriting their data, then optionally removing them. It is effective on classic filesystems but limited on SSDs and copy-on-write filesystems, where full-disk encryption is the better safeguard. For sensitive data, plan for secure disposal from the start rather than relying on shred alone.
FAQ: shred Command in Linux
How do I securely delete a file in Linux?+
Use shred -u filename, which overwrites the data several times and then removes the file. Add -n to set the number of passes and -z for a final zero pass.
Why is shred not always effective?+
On journaling filesystems, RAID, copy-on-write filesystems like Btrfs and ZFS, and SSDs with wear-levelling, the overwrite may not land on the original physical blocks, leaving data recoverable. shred works best on traditional ext filesystems.
How do I securely wipe an SSD?+
Per-file shredding is unreliable on SSDs. Use the drive's built-in secure-erase command (via hdparm or the manufacturer tool), or rely on full-disk encryption so leftover data is unreadable.
What is the difference between rm and shred?+
rm only unlinks the file, leaving its data on disk until overwritten. shred overwrites the contents first, making recovery much harder before optionally deleting the file.
How many passes does shred do by default?+
Three passes by default. You can change it with -n, though a single pass is usually sufficient on modern drives; the bigger limitation is the filesystem, not the pass count.
Need help with Linux servers or infrastructure?
Work directly with Muhammad Irfan Aslam for Linux, Ubuntu, Docker, DevOps, cloud, CI/CD, or infrastructure support.
Hire Me for Support