Secure Delete utilities for Linux EXT3

[Roger Oberholtzer]

On Fri, 2004-04-16 at 19:47, David A. Bandel wrote:

> Fine.  But what I remember of the TSR program that Norton had, it was
> targetted at not accidentally deleting something via the DOS delete
> command and nothing more.  It wasn't about stopping (or saving)
> temporary files from deletion.  Also, I went to something that could be
> individually done by non-power users if necessary.  Functions are badly
> under-used.  Even RedHat and SuSE want to alias rm to rm -i (extremely
> annoying that) rather than write a saferm function which a cron job
> would clean up after nightly (for files more than 2 weeks or 30 days
> old).

That was the Norton for DOS TSR (of course). I mean a Norton product for
System V. I probably bought the only copy in Europe. The Norton System V
unErase was indeed a Unix device driver for the file system. It
intercepted all delete commands and put the files elsewhere. It worked
from every context. Maybe there was an option to turn it on or off. But
no matter where you did the delete, the function was there, since it was
at the OS level.

> aliases and functions work in almost all shells.  I think you'd be hard
> pressed to find one that won't support it.

But you would have to know about them all and how they do the alias. If
this ever changes or a new shell is used, you have to set that one up.
Can you alias an alias? That is, if you may an alias for rm, and then
someone makes an additional alias (perhaps in a script you did not
investigate), what happens? For example, you make an alias for rm to be
saferm. Then someone want to alias rm (really already an alias) to add
their own favorite options. Do you know that all shells will re-alias
the command so saferm is still ultimately the command done?

> > As an aside, we had a customer ask us if we could stop all file
> > deleting on their systems. After a bit of thought, we decided that
> > this was a bad thing. Their problem is that they collects tons of data
> > in a mobile system. After data backup, they must delete the data that
> > is no longer needed so there is space for new data. If they make a
> > mistake, it costs to recollect the data. We eventually decided that a
> > possible data recollection was better than some strange deletion
> > system. Also, they forgot that the reason they are deleting is that
> > they need the space. So, not removing the files was not an option.
> > Result: no system change. At the time, we looked at options like a
> > user-specific rm command. However, they could not promise to always
> > delete via a shell command. A preload module was the only way to
> > intercede in all delete attempts.
> 
> I wouldn't have entertained this with any more than a "of course you're
> joking" comment.

We did no change. But this was what the customer had requested. They
still grumble that we were uncooperative on this point. The customer is
not always right..