2017-01-17 12:05 PM
Due to special requirements to delete files on the filer via NFS mounts and ensure they are not recoverable even at the block level, we are evaluating Linux tools such as srm and shred. My questions are:
1. Is there a better way to delete specific files to meet the requirements and ensure they are unrecoverable?
2. After deleting the files, they can still be recovered via snapshots. Is there a difference between
a. remove all snapshots first and then delete the files vs.
b. delete files first and then remove all snapshots?
I am concerned about if deleting files first, since snapshots are still holding the data blocks, the data blocks may still be intact even after snapshots are removed (assuming removing snapshots is just freeing up the pointers, not touching the data blocks).
2017-01-17 01:17 PM
Securely deleting files from ONTAP is not as simple as you might expect. Remember that ONTAP does not overwrite blocks until needed and when a block is "deleted" it's not zeroed until sometime later. Additionally, doing something like a "shred" on it will only cause WAFL to mark the original blocks as no longer in use (and eventually re-zero them) and new blocks to be written with the random data.
If you haven't already I would highly recommend you reach out to your account team and discuss these requirements. They can point you at the tools you need. This could be as simple as helping you with disk sanitization or volume level encryption (in ONTAP 9.1), or as complex as working with your security team to determine the requirements and what the best course of action is.
Regarding question number 2, you do want to remove the snapshots first. If snapshots exist the data will be retained in them until they are deleted (either manually or via an automated process).
Hope that helps.