Ubuntu Security :: Delete Files Off Journaling File-system?
Feb 19, 2010
I have some very confidental files on my computer that I store such as credit reports, and other things. I always encrypt them with GPG, but there still is that original non-encrypted file left that needs to be deleted. I looked into tools like wipe, and shred but they all say that it really doesn't help on journaling filesystems directly on their man page.
I am not asking how to wipe the whole drive with dd or anything, but I am simply asking if there is a tool that'll delete a single file securely.
I was reading a website about securely wiping data from your hard drive with wipe on the right click menu, when I stumbled across part of the article where it talked about journaling filesystems.Article
There are three types of journaling: journal, ordered and writeback. Using shred, with an ext3 file system presents the user with the problem of secure deletion because it can only really be effectively used with ordered and writeback journals. It also lists ext4 as a journaling file system in the article, so I looked up the wikipedia page on it and I also found this:
Delayed allocationExt4 uses a filesystem performance technique called allocate-on-flush, also known as delayed allocation. It consists of delaying block allocation until the data is going to be written to the disk, unlike some other file systems, which may allocate the necessary blocks before that step. This improves performance and reduces fragmentation by improving block allocation decisions based on the actual file size. So I am confused about this delayed allocation thing. My thoughts are that ext3 and other journaling filesystems are bad to use with secure wipe when they are set on journal mode because that writes the file to the journaling sector as well as to the hard drive. Apparently, in ext3, the default was ordered mode. I would like to know if anyone has any idea if the ext4 file system on karmic 64bit is hazardous to the security of using the wipe command.
It worked fine. While using 11.04 I encountered a serious bug in nvidia 270.41.06, and decided to switch to Kubuntu 10.10. I installed 10.10 on the very same /dev/sda5 (clicking a checkbox to format it). Everything worked fine, grub was installed and pointing to win7, and kubuntu 10.10. I disabled ext4 journaling as above, rebooted, and found, that grub now points to win7 and 11.04, and that system (which should have been removed during installation of 10.10) loads perfectly fine. I checked where 11.04 had been installed - still /dev/sda5. Win7 loads fine as well, so no linux on /dev/sda2 I checked if there was 10.10 kernel in /boot - no. File system on sda5 had no trace of 10.10.
I formatted sda5 with gparted, installed 10.10 again, disabled journaling and situation repeated, whole file system on sda5 changed. Enabling journaling did nothing, 10.10 didn't come back. I deleted sda3, sda5, sda6, made them again, installed 10.10, disabled journaling, and finally had my 10.10 on ext4 without journaling. So this is kind of solved, but I would still like to know that the hell happend? For the moment it looked like two file systems coexistened on one partition.
When I boot up my Ubuntu system I get the following error message:Install Problem The configuration defaults for Gnome Power Management have been installed incorrectlyI found the following posting and this describes what also happesystemhttps://answers.launchpad.net/ubuntu...uestion/111256I've created a recovery disk by using a memory stick from which I can boot. I can mount the old filesystem (HD). When I navigate, with the file browser, into one of the folder on the the HD and try to delete messages I get the following error message - 'Error removing file: Permission denied'.I guess I need to log / tell those files the root password from the system installation as per the version on the HD. But how do I do this?
I have the cowon iAudio7 music player with vfat file system and increasingly running into permission problems when I try to delete files. Unsurprisingly I am now running out of space. I am figuring if I could somehow mount it onto a folder in my home partition I will have full permissions. The problem is the drives name which is exactly with space: So even if try to delete files in the terminal I don't know how to cd into:
Code: /media/I AUDIO7 note the space between I & AUDIO7.
I don't use the Trash bin because it does not really delete things,speaking from a security point Instead, I gotten used to 'shred' and 'secure-delete' .But to move around files, cut-n-paste is very handy.And I was wandering if items from the Clip get stored somewhere ?i realize that they get overwritten again and again in the clipboard but do they also get stored somewhere else?
I hope that I'm posting this thread in the right place. This involves a very unique problem which has caused the .Trash-1000 folder for my external USB drive to become corrupted, to the point of causing massive heat problems which then causes my system to crash, i.e. become completely inoperable, forcing me to do a hard reset.
The scenario: Recently I went through all of my backup data which is what I use that external USB drive for. After finding several GB of data files, some dating back 2 - 3 years from a root server that I used to have, I went ahead and tried to delete all of those files. Well, with exception to 3 folders, containing no more than perhaps 35 files which totalled less than 8 MB in space, everything was deleted properly without a hitch. The files that couldn't be deleted prompted some strange "couldn't delete blahblahblah file due to input/output error" message. One message for each file that couldn't be deleted.
Now mind you, I can open these files, look at them, rename them, copy them, but I cannot delete them. Still being pretty wet as far as Linux is concerned, I tried numerous suggestions that I could find on the internet, all of which had to do with file permissions in one form or another. I've tried everything that made any sense and still can't delete those files.
All of the data is my own, all of the hardware is mine, and I'm the only one using this machine. I'm not attempting to do anything illegal. Then I figured, smart as I am, why don't I just assign ownership of the .Trash folder to myself via the chown -R command, followed by deleting the files afterwards. Okay, the chown command gave me no error, I assumed all was well since it's my USB drive to begin with and since it automounts during every restart anyway. I just figured that this would be something to try. BIG MISTAKE !!!
My system runs just as perfectly as before, with but one exception. NOW, when I attempt to delete those files that I couldn't delete before, I don't get an error message anymore but the CPU starts hyperventilating during the deletion process which goes on endlessly (remember, we're taking about less than 8 MB of data) ... ultimately causing the system to crash, i.e. become totally unresponsive. NOW, if I delete additional files from that USB drive and then attempt to empty the trash, the newly deleted files take substantially longer too now. Not as long as the original "bad files" but still quite long. The drive itself checks out fine and it's not a dual-boot system with Windows. Just did a virus check recently too and everything checks out in that regard as well.
Can someone tell me how to reassign whatever original values there were for that external drive .Trash folder? I think if I could restore those values to whatever they used to be before I used the chown -R command, perhaps then everything would be fine again as far as the crashing is concerned. HELP .... (Please take a look at the screenshots too)
The last screenshots shows "preparing to delete" which takes a very long time. Then it takes anywhere from 15 to 45 seconds PER FILE before that miniscule file is actually supposedly deleted. Eventually, after a few files are deleted, the system crashes. I wrote "supposedly deleted" because after a reboot the files are still there .
I have read in some book that syslogd keeps lots of logs that with the time consume a considerably part of your hard drive. I know this is very nice feature and all that, but sometimes privacy in this competitive world is a matter fact. Here goes the questions: Is it possible to 'auto delete' the syslogd files automatically? May the destruction of the logs make some hangs on my system? May some program need the daemon to function properly?
I'm trying to clean a hard drive and I'm using secure-delete but it just stands there and takes cpu power but nothing happens, I used -r switch first and nothing, so I tried it on single files, small pictures worked as intended but a simple 50MB MPG file just stands there as well and nothing happens.
I left it running for 24 hours and nothing happened but the cpu was working at 90-100% all the time :/
look at this : Uploaded with ImageShack.us how can set permissions in linux like this? I want one user can delete files but can't modify them and ... in linux i have 3 group to assign read write and execute them. is ntfs flexible than linux file system?
I've discovered that after restoring my site's backup this has happened to me again. How to delete the hacked /home/crocbits directory so that I can restore the backup under the same username. When I try to delete /home/crocbits I get this message when logged in as root:
This one being Ubuntu 9.10 (yes, I know I really should upgrade). I keep a number of confidential files in a TrueCrypt container which is a standalone file in my Documents folder. I'd like to delete some of these, but I want to do it as securely as I can, but I believe if I simply hit 'Delete' with the file selected it'll move the file to the Deleted Items folder. This, I assume, means that the file is taken out of the encrypted volume and stored unencrypted in the Deleted folder.
I've been reading a little about the Shred command, and there seems to be some question about whether it works effectively with a journalled file system; and since I have no idea whether I'm using a journalled file system, or how to find out, I'm treating Shred and other over-writing secure deletion tools as ineffective for now.
With this in mind, can anyone advise me how I can protect the file stored in the TrueCrypt volume, and delete it in place, without taking it out of the encrypted area? And, further to that, can anyone tell me whether in fact the file is actually secured while it's in the encrypted volume? For all I know, just opening the volume may result in copies being made somewhere (apart from RAM).
On my RHEL5 system one of my key file in one specific directory gets deleted when I start my application suite (having multiple processes). Is there some way to narrow down which specific process is deleting this file?
I installed wine and now i get the option to open some files with notepad. I know I can delete this entry when I go to the properties of a document and delete it in the tab "open witth". Is there a way to delete notepad for every file in the system?
We had seen some time ago, various tricks to remove the character MS-DOS text files on Linux. Here is a new trick to do this directly from the vim editor. to convert a file opened with vim in UNIX format, simply use the following command code...
I have an external hdd which is formatted with fat for use by both on linux and windows. The issue is that I can't delete some of the files I have which show up with size 0. Also, the modification timestamp (as detected by Krusader, the file manager I am using) is 1935. How can I delete these kind of files without affecting the running fs?
I had some bad luck today when I was trying to fix an account that had trouble with FTP. I decided to remove the user and add him again and reset all configuration. Anyhow, to make things short, I accidently typed rm /* -R -f and without looking hit the enter button, as soon as I realised what I wrote I hit ctrl+c. Too bad the /bin/ folder was gone by this time and standard commands like ls didn't execute anymore.
My question is if there is any way to recover these files by a system repair or something? The server is used to host a heavy loaded site which can't afford any downtime, and silly me didn't make a backup of the whole HDD, just the important folders (not the system files).
Currently I don't have the balls to restart the server as I know this will probably turn into a dissaster. I also don't have straight access to this server since it is located in a datacenter (I can go there if absolutely necessary but I rather don't).
Through various Windows reinstalls and switches within Linux distros, I have a massive amount of duplication within my music archive (on the order of 7+ dupes of each file). Now, I found a lovely program called "fdupes" and was able to build a list of all the duplicate files, and I'm trying to use "xargs" to remove then. However, when I try and run the command "xargs -0 --arg-file="dupes.txt" rm" or "xargs -0 rm < "dupes.txt"" it give me the following error: "xargs: argument line too long".
how perhaps a different way of accomplishing the same thing?
I use Ubuntu 9.04 exclusively on my own machines, but I have a couple of flash drives that got infected by some corrupt windows executable (*.exe) files, probably by somebody's trojan (they are Cruzer 4GB so came with installed fancy programs that I dont need but didnt remove and Windows keeps installing unwanted ini files and other trash every time I use them in somebody elses machine or in an internet cafe). I deleted quite a few files, but some are stubborn. $ sudo chmod +w-X doesnt seem to work. How do I unprotect and remove them? The filesystem is vFAT.
I suspect the files were created by some kind of a trojan as my work requires my flash to be pretty promiscuous. When I 've backed up all the good files I need, I'd be happy to reformat the flash drives as straight vanilla data storage and retrieval, provided I can still use them on a variety of machines running MS windows as well as on my Linux machines. Any guidance on reformatting?
I use Markdown to store all of my source documents. Unfortunately, the .md extension maps to application/x-genesis-rom under Ubuntu. I'm not sure why that would be a system default MIME type, but I'd like to change it.
I've tried using:
Code: gksu assogiate
to modify my file type cache. Unfortunately, even as the SU, I can't modify the entry for this file type. The "Remove" button is inactivated for the entry. (See attachment.)
How can I get rid of this (obsolete?) file association? Alternatively, how can I make my new one (text/x-markdown) take precedence?
I downloaded an ISO of some nes roms and used the archive manager to extract the files. It extracted them but it added a ;1 to the end of the extension. I don't want to go through 3500+ rom files and delete the added ;1 to the nes extension. How can I prevent this in the future?
I am using F14 Xfce and i have installed awn so i do not need my desktop icons anymore, ie home,bin and file system, is there any way to delete/remove them? i have installed gconf-editor and unchecked them in apps-->nautilus-->desktop, but they are still there?
Directories(-entries) are in a EXT2 file system managed in a singly linked list. Delete files in the directory causes Gaps or holes to appear in the linked list of the directory.How does a C-source code look like, which would reorganize this list and remove the gaps or Holes.
I'm only just starting out with the Linux ubunto 10.04 OS after yeas of wasted time on Microsoft os's,I hope I'm posting this request for help in the right forum thread, if not please accept my apologies, I have tried searching everywhere for help in installing a firmware file into the File System / lib / firmware directory and each time I get an access denied result. The file is for a DVB board and I have managed to track down the right Linux fw file for this particular piece of equipment, Could some kind helpful person either explain how to get this firmware file into the Root System directory or even send a link to another site that deals with this sort of problemI've downloaded all the programs via the Ubuntu Software Center that should be able to perform this task however all to no avail.The reason why I posted this thread in this forum board is that it (in my own personal opinion which may be wrong) seems to me to be a security problem
I have 2 external hdd in wich I have all my files. yesterday, I have copied all the files from hdd2 to hdd1 and I want to eliminate duplicates so I used FSLint to find them,now I want to make a shell script to delete all the files/entries (read from the log file) that begin with.