views:

138

answers:

3

In VMS one may tell the file system to write junk over the existing contents of a file when it is deleted. Here is the DCL command to identify the file for this kind of treatment:

 $ SET FILE/ERASE_ON_DELETE SAMPLE.TXT

This allows the policy to be set at one point in time then later users of the file do not have to handle that detail of security. A standard delete which takes the file name out of the directory and frees the space for another file to use will also modify the existing contents to prevent the next user from reading it. The normal delete:

$ DELETE SAMPLE.TXT.*

What is Linux for this?

A: 

I am not sure if this is what you are looking for:

dd if=/dev/urandom of=FILE

It writes random bytes to FILE.

Alan Haggai Alavi
Not quite the same thing, but it's probably as close as you're going to get in standard Linux.
Paul Tomblin
Oh I see. Thanks for letting me know, Paul.
Alan Haggai Alavi
+4  A: 

This is supported only by some Linux filesystems:

chattr +s sample.txt

may (or may not) do what you want.

From "man chattr":

NAME
       chattr - change file attributes on a Linux second extended file system
...
       When a file with the ‘s’ attribute set is deleted, its blocks are
       zeroed and written back to the disk.  Note: please make sure to read
       the bugs and limitations section at the end of this document.
...
BUGS AND LIMITATIONS
       The  ‘c’, ’s’, and ‘u’ attributes are not honored by the ext2
       and ext3 filesystems as implemented in the current mainline Linux
       kernels. These attributes may be implemented in future versions of
       the ext2 and ext3 filesystems.

I do not know which specific mainline kernel versions (if any) implement this.

Employed Russian
Wow, you learn something new every day. Does xfs or zfs implement this flag?
Paul Tomblin
+1  A: 

Note that with current technology you'll sometimes have no control over that. With SSD disks each write can be in done in different location, keeping old data... and this cannot be overriden by OS, filesystem or anything in software. More on http://www.anandtech.com/printarticle.aspx?i=3531.

liori