-   Linux - Newbie (
-   -   Delete files from NTFS disk (using Knoppix 6) (

fgh464 03-06-2009 03:12 PM

Delete files from NTFS disk (using Knoppix 6)
How can I easily DELETE files from an NTFS disk without having to set write permissions for each individual file (which is what it tries to do if you right click the drive and make it write-enabled)?

The disk is pretty much unreadable, but I can mount it about 1 out of 4 attempts after putting it in a freezer to cool it (yes that does work). However, when it tries to set the write permissions on THE WHOLE DRIVE its just too much for it. I only need to delete ONE file.

The drive is a 2.5" SATA (Vista installed) which is connected through a USB adapter, if that helps.

I would also like to know the easiest way to boot Knoppix 6 as superuser. I know about sudo su, 'open current folder as root' etc but these are extra steps that complicate things and working with this almost dead HDD is very time critical.

MS3FGX 03-06-2009 03:48 PM

I am a little confused here...

Why do you need to delete a file off of a dead/dieing drive?

fgh464 03-06-2009 04:05 PM

Because I don't want some ID thieving or blackmailing dumpster diver/underpaid computer tech with better recovery tools than me getting hold of private information.

Also the drive was part of a laptop that is under warranty and that I intend to replace, so I can't just throw it on a fire.

MS3FGX 03-06-2009 04:44 PM

It would be considerably easier to simply destroy the data on the drive by zeroing, for instance by using DBAN, rather than dealing with NTFS security permissions to access the single file, you could just blow everything of any use off of the drive.

From a security aspect, trying to delete the file is essentially useless, as the file will not actually be removed. Deleting a file simply delinks it in the filesystem and allows newer files to write over the ones marked for deletion. As this drive is not going to be used again, there will be no newer files and thus the file will not actually be touched when you delete it.

Also keep in mind that under most warranties the hard drive is considered a user-replaceable component. Meaning you can simply replace the drive yourself (and presumably destroy it) without having to go through the manufacturer at all, and it would not effect your warranty coverage. You would have to get a new drive out of pocket in that case, but with as cheap as HDDs are today it isn't much of a hardship if you are serious about protecting your information.

T74marcell 03-06-2009 04:55 PM

AFAIK Knoppix is never booting as root. The best thing to do is to launch a shell, call a simple su (needs no password usually) and launch your favorite file manager from the commandline as root.

If the NTFS drive is mounted and write-enabled, then run as root the command
chmod -R a+w /your-NTFS-mountpoint/some-directory/*
Since you can not do it for the whole drive, you should try to do it for some of the directories. The fact that you cannot apply this to the whole directory signals what you already know - the disk is dying. Proceeding directory by directory you will at least find which files are on the dying zone.

I'm not exactly sure if it will work as expected, because NTFS has a different concept of privileges then traditional UNIX, and acting on a dying disk just adds to the confusion - it seems that you can not avoid a lot of labour.

The idea of deleting files to avoid ID thieving or blackmailing is good - unfortunately a simple deletion won't be enough to achieve that. You should overwrite the corresponding disk area at least 3 times to make it significantly difficult to recover. This will make things even more complicated for you.

Arch Linux

fgh464 03-06-2009 05:22 PM

I know that deleted files can be recovered quite easily if they have not been overwritten. I have already tried using a 'boot and nuke' tool (not DBAN but something like it) which didn't work presumably due to the instability of the drive. I still figure it is better to delete the file (actually more than one now I think about it) than leaving them in plain view.

I don't want to just swallow the cost of a new drive unless there really is no other option, and I'm pretty sure just by taking the drive out I have already broken the warranty, fortunately this is not detectable unlike replacing the drive.

I suppose the reason I'm still posting here is because I thought it would be EASY to get around software restrictions in linux unless encryption was involved .. isn't there an option to ignore read/write permission?

I will however try your command line based suggestion.

MS3FGX 03-06-2009 09:34 PM

Well to be brutally honest, if it is really this hard for you to even access the drive, I am not sure why you are so worried about this.


The disk is pretty much unreadable, but I can mount it about 1 out of 4 attempts after putting it in a freezer to cool it
Unless you happen to be a world leader or some sort of secret agent, nobody really cares about your identity enough to go through this much trouble to try and possibly recover personal information about you. If it is this hard for you to delete a file off of the drive, who do you think is going to devote this much time into trying to get something off of it?

But at the same time you say your identity isn't worth the cost of a new hard drive...

You have two options here. Spend the money on the new drive and destroy the old one physically (since you clearly are not going to be able to properly wipe the data though software), or realize that you have already personally demonstrated how difficult it would be to recover any data from this drive and forget about it.

akuthia 03-06-2009 10:10 PM

or, find yourself an electro magnet, and make your self a hard drive flambe?

All times are GMT -5. The time now is 01:50 PM.