shred Command
Intermediate Firewall & Security man(1)Securely overwrite and optionally delete files
👁 11 views
📅 Updated: Mar 15, 2026
SYNTAX
shred [OPTION]... FILE...
What Does shred Do?
shred securely overwrites a file to make recovery difficult. It writes random data over the file multiple times before optionally deleting it, defeating standard file recovery tools.
shred is used for destroying sensitive data: confidential documents, old encryption keys, database dumps, and any files that should not be recoverable from disk.
shred works by overwriting the actual disk blocks. However, on journaling filesystems (ext4), copy-on-write filesystems (btrfs, ZFS), SSDs with wear leveling, and RAID arrays, shred may not be effective because data may be stored in other locations.
shred is used for destroying sensitive data: confidential documents, old encryption keys, database dumps, and any files that should not be recoverable from disk.
shred works by overwriting the actual disk blocks. However, on journaling filesystems (ext4), copy-on-write filesystems (btrfs, ZFS), SSDs with wear leveling, and RAID arrays, shred may not be effective because data may be stored in other locations.
Options & Flags
| Option | Description | Example |
|---|---|---|
| -u | Remove (unlink) file after overwriting | shred -u secret.txt |
| -n | Number of overwrite passes (default 3) | shred -n 7 classified.doc |
| -z | Add final pass of zeros (hide shredding) | shred -uz secret.txt |
| -v | Verbose — show progress | shred -vuz secret.txt |
| -f | Force (change permissions if needed) | shred -fuz readonly_secret.txt |
Practical Examples
#1 Securely delete file
Overwrites 3 times with random data, zeros, then deletes.
$ shred -vuz secret.txt
Output:
shred: secret.txt: pass 1/4 (random)...\nshred: secret.txt: pass 2/4 (random)...\nshred: secret.txt: pass 3/4 (random)...\nshred: secret.txt: pass 4/4 (000000)...\nshred: secret.txt: removed
#2 Extra passes
7 random passes plus a zero pass, then delete.
$ shred -n 7 -uz classified.doc#3 Shred multiple files
Securely destroys all key and certificate files.
$ shred -vuz *.key *.pem#4 Wipe disk partition
Overwrites an entire partition with random data.
$ sudo shred -v -n 1 /dev/sdb1#5 Force shred read-only file
Changes permissions if needed before shredding.
$ shred -fuz protected_file.txtTips & Best Practices
Not effective on SSDs and modern filesystems: shred may not work on SSDs (wear leveling), journaling filesystems (ext4), or CoW filesystems (btrfs/ZFS). Use full disk encryption instead.
-z hides the shredding: -z adds a final pass of zeros, making the file look like it was zeroed rather than shredded.
Full disk encryption is better: For SSD security, use full disk encryption (LUKS). Deleting the encryption key makes all data unrecoverable.
Frequently Asked Questions
How do I securely delete a file?
shred -vuz filename. This overwrites with random data 3 times, zeros, then deletes. Best on traditional HDDs.
Does shred work on SSDs?
Not reliably — SSDs use wear leveling and may keep old data in reserve blocks. Use full disk encryption (LUKS) instead.
How many passes are needed?
1 pass is sufficient for modern drives (NIST SP 800-88). Default 3 passes provide extra assurance.
Related Commands
More Firewall & Security Commands
Master Linux with Professional eBooks
Curated IT eBooks covering Linux, DevOps, Cloud, and more
Browse Books →