With OS X El Capitan (10.11) the Finder has gained a handy new feature, called Delete Immediately… .
To immediately delete one or more files or folders select them in the Finder, then hold down the Option and Command key and press Backspace. (⌥⌘⌫)
Alternatively you can choose the command in the Finder’s File menu, while holding down the Option (⌥) key.
Delete Immediately… does what it says: it deletes the item, rather than putting it into the Trash (⌘⌫). As such it accomplishes the same what formerly only was available through the Terminal command rm1
To find out if it really does the same as rm I tested both commands against various file protection methods:
|File Security2||Deletable with ⌥⌘⌫||Deletable with rm|
|Flag: UF_IMMUTABLE||No3||Yes, as sudo|
|Flag: UF_APPEND||No||Yes, as sudo|
|ACL: deny delete||Yes, with password||Yes, as sudo|
|Parent folder’s flag: UF_IMMUTABLE||No||No|
|Parent folder’s flag: UF_APPEND||No||No|
|Parent folder’s flag: SF_IMMUTABLE||No||No|
|Parent folder’s flag: SF_APPEND||No||No|
|Parent folder’s permissions: 444 or 000||No||No|
|Parent folder’s owner:group: root:wheel||Yes, with password||Yes, as sudo|
|Parent folder’s ACL: deny delete_child||Yes, with password||Yes, as sudo|
We see that rm and ⌥⌘⌫ indeed behave almost identical, with one exception: If any of the user flags UF_IMMUTABLE (user immutable) or UF_APPEND (user append-only) is set ⌥⌘⌫ refuses to delete the file whereas sudo rm still deletes it.
Selectively Emptying the Trash
With ⌥⌘⌫ you can also delete files that are already sitting in the Trash can. In practice this means that now you can selectively empty the Trash, something that was impossible in the Finder prior to El Capitan.
You may have noticed that in El Capitan Apple has removed the Secure Empty Trash feature. This is because of flash storage drives becoming more and more widespread. (See CVE-2015-5901.) With flash drives it is virtually impossible to securely delete (i.e. overwrite) data.4
It is important to understand that Delete Immediately… is not a replacement for the disappeared Secure Empty Trash! It just erases the catalog entry of the file, the same what happens when you non-securely empty the Trash.
So what can you do if you really need to securely delete a file?
If the file is on an unencrypted flash drive, you just can’t enforce a secure deletion. However if the file is on an “old-fashioned” hard disk (that is, no SSD, flash drive or Fusion Drive) you can use either of these Terminal commands:
- rm -P /path/to/the/file (will overwrite 3 times)
- the srm command, which has various options. For example srm -m /path/to/the/file will overwrite 7 times.
If you don’t know how to use the Terminal, here’s a nice introduction. If you are a LaunchBar user you are lucky, because you can use my Delete Action which adds various secure-delete commands to the LaunchBar GUI.
Please keep in mind that these overwrite commands only make sense if the data is not on a flash or Fusion Drive!
If want to work with sensible data on a flash drive you have to make sure beforehand that the data never touches the drive in unencrypted form. You could for example activate File Vault (on the startup drive), or you could store and edit the files exclusively on an encrypted disk image (.dmg)5 or inside a secure application like 1Password.
- Or rm -R for folders.
- Flag: ‘BSD File Flag’; ACL: ‘POSIX Access Control List’; Permissions: ‘UNIX Permissions’. Complete reference (Apple).
- Can be unlocked in the Finder’s Info window.
- Flash drives try to distribute writes, in order to keep the wear level even. So it is almost guaranteed that each “overwrite” pass will write to a new location – and not to the one where the original data is located.
- An encrypted 7z archive or something similar won’t help, since upon expansion the unencrypted data will get stored on the drive.