61

I need to securely erase some files. I have used shred on linux systems before, so I looked around and found that shred is part of the coreutils package in macports. I did port install coreutils to install coreutils, but I still can't find shred in the command line.

How can I get shred to work on my mac's command line? If it matters, I'm using Mac OS X 10.7.5 (Lion)

inspectorG4dget
  • 1,413
  • 5
  • 14
  • 21
  • Note the security of `shred` depends on the filesystem being used, I don't know how effective it is on HFS. – Flimm Jul 09 '15 at 09:06
  • 1
    shred is not effective on journaled file systems that is why it is not available. SRM also was found to not be effective. Just delete normally and pray seems to be the only hope on hfs+ journaled filesystems – Kevin Johnson Oct 15 '16 at 18:36
  • Really?! Could you please talk about why it is not effective? – inspectorG4dget Oct 15 '16 at 20:30
  • 1
    Journaled filesystems record the changes that will be made before the write to the disk. It can be used to recover from file corruption, or recover data you wish had been shreded. See https://en.wikipedia.org/wiki/Journaling_file_system – Alex Mooney Nov 07 '16 at 18:01

3 Answers3

71

OSX has a built in command srm to securely remove files. See https://developer.apple.com/legacy/library/documentation/Darwin/Reference/ManPages/man1/srm.1.html. You can also use rm -P to overwrite the files with sequences of bytes three times.

With sierra or later, macOS no longer includes srm. But users can install it with homebrew:

brew install homebrew/dupes/srm && brew link --force homebrew/dupes/srm
Kamal
  • 176
  • 3
Lily Hahn
  • 1,485
  • 3
  • 17
  • 22
  • 1
    Sure, but shred lets me set the number of overwrites. These tools don't. Any ideas on how to get that functionality? – inspectorG4dget Jul 09 '13 at 15:37
  • You can use the `-m` option for seven overwrites or `-s` for only one, but I don't think you can specify a specific number. – Lily Hahn Jul 09 '13 at 15:40
  • 2
    +1 Excellent answer. I didn't know the `srm` command existed. It overwrites, renames and truncates the file before deleting it. That, plus the 7 US DoD compliant passes (0xF6, 0x00, 0xFF, random, 0x00, 0xFF, random) (-m option) guarantee the file is irrecoverable. – Tulains Córdova Sep 23 '14 at 00:19
  • 5
    As of macOS Sierra, `srm` is no longer included. – Josh Hibschman Sep 22 '16 at 19:16
  • 1
    macOS users can install `srm` with brew command `brew install homebrew/dupes/srm`. – hd.deman Dec 20 '16 at 22:45
  • 1
    `homebrew/dupes` is now deprecated. [Seems](https://github.com/Homebrew/homebrew-dupes/blob/master/tap_migrations.json) that `srm` was removed and not migrated to `homebrew-core`. – davidjb Apr 20 '17 at 03:32
  • 1
    `srm` was moved from `homebrew-dupes` to `homebrew-core` then removed entirely. There's a 3rd party [tap for it here](https://github.com/khell/homebrew-srm); install with `brew install khell/homebrew-srm/srm` then `srm secrets.txt`, etc. Better to not though.. see this [my answer](https://superuser.com/a/1208987/160743). – Molomby May 14 '17 at 05:14
  • I have spindle, usb sticks, ssd, etc that I attach ... srm is a good tool for some of them. – Rondo May 17 '19 at 22:16
  • Btw, `rm -P` the `man rm` tells: `-P This flag has no effect. It is kept only for backwards compatibility with 4.4BSD-Lite2.` on MacOs Ventura 13.1 – Tonsic Jan 30 '23 at 20:41
37

port install coreutils adds a g prefix to the names of binaries, so shred is /opt/local/bin/gshred.

Lri
  • 40,894
  • 7
  • 119
  • 157
34

@user495470's answer is correct for the question posed. The problem is neither srm or shred really make sense for modern systems.

This is mostly due to SSDs. Unlike magnetic disks, modern TRIM-enabled disks automatically clear deleted data in the background.

SSD's also perform wear leveling. This makes attempts to "over-write" a file both futile (you'll be writting to a different physical location) and undesirable (it needlessly contributes to disk wear).

All Macs that come with an SSDs have TRIM enabled.

The other problem the file system, specifically journaled file systems, which can keep a copy of data elsewhere before it's written out.

Even on magnetic media this can cause problems for both srm:

All users [..] should be aware that srm will only work on file systems that overwrite blocks in place. In particular, it will NOT work on [..] the vast majority of journaled file systems.

And shred:

[..] shred relies on a very important assumption: that the file system overwrites data in place. [..] many modern file system designs do not satisfy this assumption. Exceptions include: Log-structured or journaled file systems [..]

HFS Plus volumes are journaled by default since Mac OS X v10.3.

These days, the best way to securely "deleted" files is to enable FileVault (so they're never write disk unencrypted in the first place) then just delete them and let TRIM sort it out.

If, by stroke of misfortune, you're on a magnetic medium, have journalling disabled and, for some reason, can't encrypt the disk, you're options are:

  • Use rm -P which overwrites files with 0xff, then 0x00, and then 0xff again
  • Install coreutils for gshred (ie. brew install coreutils && gshred secrets.txt)
  • srm has been removed from homebrew-dupes and homebrew-core but someone's published a tap here that works (ie. brew install khell/homebrew-srm/srm && srm secrets.txt)
  • Physical destruction of the medium :)
Molomby
  • 1,805
  • 1
  • 17
  • 15
  • But I guess shred is still fine if you shred the whole partition or the whole disk. – Konstantin Oct 28 '17 at 07:11
  • You mean like `shred /dev/hda`? Yeah, I guess so. The blocks being addressed by the OS are still abstracted from the physical memory though and are potentially being remapped _during_ the shred. I wonder if any wear leveling and reserve space is implementations could cause this to not always work.. – Molomby Oct 28 '17 at 12:02
  • 2
    +1 for the explanation about why shredding is pointless on SSDs and the suggestion to use FileVault. Is APFS journaled or do we know how it handles file deletion? (Should probably be a separate thread!) – Sera H Mar 29 '19 at 15:06
  • 1
    There seems to be the assumption here that secure deleting is needed only for 'internal' drives. Attached drives come in all forms and srm would be appropriate for some of them. – Rondo May 17 '19 at 22:14
  • 1
    On macOS Ventura, `rm -P`'s documentation says: This flag has no effect. It is kept only for backwards compatibility with 4.4BSD-Lite2. – Fernando Correia Mar 11 '23 at 19:18