Restore objects accidentally deleted by rm-rf with ext3grep

Source: Internet
Author: User
As an enterprise-level server, Linux is crucial to data security. accidental deletion of any valuable data is intolerable and may even cause a major disaster! As a linux system administrator, you must have the data protection function. you must not only back up data, but also restore important data after accidental deletion. here we will introduce an open-source data recovery tool ext3grep, which can restore files deleted by rm & ndash; rf by mistake. 1. principle of ext3grep: Using ex Linux as an enterprise-level server, data security is crucial. any accidental deletion of valuable data is intolerable and may even cause a big disaster! As a linux system administrator, you must have the data protection function. you must not only back up data, but also restore important data after accidental deletion. here we will introduce an open-source data recovery tool ext3grep, which can restore files accidentally deleted by rm-rf.
I. principle of ext3grep:
Restoring a file using ext3grep does not depend on any file format. first, ext3grep uses the root inode to obtain all file information in the file system, including existing or deleted files, the information includes the file name, inode number, and then the inode is used in combination with the system log to query the location of the block where the inode is located, including the information of direct and indirect blocks, finally, use the dd command to back up the data information to restore the data!
After the file is deleted by mistake, the first thing to do is to immediately unmount the partition where the file is located or mount the partition in read-only mode, because after the file is deleted, the data in the file is retained on the disk. Unless the system allocates the block where the data is located, it will always exist, the first thing to do is to unload the partition where the file is located,
As for the root partition, you can restart the system, then enter the system in single-user mode, and mount the root partition in read-only mode:
Mount-o ro, remount/
II. ext3grep installation
Before installation, check whether e2fsprogs software has been installed. if you do not need to download and install e2fsprogs software, or else an error will be reported when you install ext3greep!
[Root @ localhost ~] # Rpm-qa | grep e2fs
E2fsprogs-devel-1.39-23.el5_5.1
E2fsprogs-libs-1.39-23.el5_5.1
E2fsprogs-1.39-23.el5_5.1
E2fsprogs-libs-1.39-23.el5_5.1
You can download the ext3grep source code package from the Internet:
Wget http://code.google.com/p/ext3grep/downloads/detail? Name1_ext3grep-0.10.2.tar.gz
Decompress, compile, and install
Tar zxf ext3grep-0.10.2.tar.gz
Cd ext3grep-0.10.2
./Configure-prefix =/usr/local/ext3grep
Make
Make install
3. use ext3grep to restore data deleted by rm-rf
First, we simulate a disk partition and create a virtual device.
[Root @ localhost ~] # Mkdir/disk create a mount point
[Root @ localhost ~] # Mkdir/virtual
[Root @ localhost ~] # Dd if =/dev/zero of =/virtual/disk1 conut = 102400
[Root @ localhost ~] # Mkfs-t ext3/vittual/disk1
[Root @ localhost ~] # Mount-o loop/virtual/disk1/disk
[Root @ localhost ~] # Echo "this is a ext3grep test, thank you">/disk/ext3grep-test.txt
Use rm-rf to delete the file you just created
Rm-rf/disk /*
Check that the file has been deleted.
3. use ext3grep to restore the deleted file
Create a directory dedicated to storing recovered files
Mkdir restore
Cd restore
IV. file recovery process
Run
View deleted files
[Root @ localhost restore] #/usr/local/ext3grep/bin/ext3grep/virtual/disk -- ls -- inode 2
. -- File type in dir_entry (r = regular file, d = directory, l = symlink)
|. -- D: Deleted; R: Reallocated
Indx Next | Inode | Deletion time Mode File name
================= + -------------- Data-from-inode ------ + ----------- + ======== =
0 1 d 2 drwxr-xr-x.
1 end d 2 drwxr-xr-x ..
2 end d 11 D 1340620814 Mon Jun 25 18:40:14 2012 drwx ------ lost + found
3 end r 12 D 1340620814 Mon Jun 25 18:40:14 2012 rrw-r -- ext3grep-test.txt
Start restoring the [root @ localhost restore] #/usr/local/ext3grep/bin/ext3grep/virtual/disk -- restore-file ext3grep-test.txt
Running ext3grep version 0.10.2
WARNING: I don't know what EXT3_FEATURE_COMPAT_EXT_ATTR is.
Number of groups: 7
Minimum/maximum journal block: 16616/20729
Loading journal descriptors... sorting... done
The oldest inode block that is still in the journal, appears to be from 1340620763 = Mon Jun 25 18:39:23 2012
Number of descriptors in journal: 20; min/max sequence numbers: 2/5
Writing output to directory RESTORED_FILES/
Loading disk. ext3grep. stage2... done
Restoring ext3grep-test.txt
The ext3grep-test.txt file has been restored successfully. a RESTORED_FILES directory is generated under the current directory, and the recovered files are placed there.
[Root @ localhost RESTORED_FILES] # ls
Ext3grep-test.txt
Summary: Although this tool can restore files deleted by the rm-rf command, as a system administrator, you should have a concept of backing up data every moment in your mind, after all, backup is King!
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.