Home > Developer > Linux

In-depth introduction to Linux Ext3 File System

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

After studying the linux Ext3 file system for a long time, I have accumulated some materials. So I will share it with you. I believe you will surely have a lot of gains after reading this article.

1. How to restore the linux Ext3 file after it is deleted
In the linux Ext3 file system, files are stored in blocks. By default, the size of each block is 1 kb, different blocks are distinguished by block numbers. Each file has a node that contains information such as the file owner, read/write permission, and file type. For a file smaller than 12 blocks, the block number of the file data block is directly stored in the node. If the file contains more than 12 blocks, the node stores the block number of an indirect block after the 12 blocks. In the block corresponding to this indirect block number, each block number in the block number Ext2fs that stores 256 file data blocks occupies 4 bytes, so that the block number that can be stored in a block is 1024/4 = 256 ). If a larger file exists, the second-level indirect block and third-level indirect block appear in the node.

2. Restore the accidentally deleted file
Most Linux distributions provide a debugfs tool for editing Ext3 file systems. However, there is still some work to do before using this tool.
First, Remount the partition where the accidentally deleted file is located in read-only mode. Run the following command: Suppose the file is in the/usr partition)
Mount-r-n-o remount/usr
-R indicates read-only mounting;-n indicates no write to/etc/mtab. this parameter is added if the file on/etc is restored. If the system says xxx partion busy, you can run the fuser command to check which processes use the files in this partition:
Fuser-v-m/usr
If there are no important processes, run the following command to stop them:
Fuser-k-v-m/usr
Then you can remount these file systems.
If all the files are installed in a large partition, you can use linux single to enter the single-user mode at the boot prompt to minimize the chance of system processes writing data to the hard disk, or simply mount the hard disk on another machine. In addition, do not write the data to/to avoid damaging the useful data. If the host has dos/windows, you can write it to these partitions:
Mount-r-n/dev/hda1/mnt/had
Then you can execute debugfs: Suppose Linux is in/dev/hda5)
# Debugfs/dev/hda5
The prompt debugfs appears:
The lsdel command can be used to list the information of many deleted files:
Debugfs: lsdel
Debugfs: 2692 deleted inodes found.
Inode Owner Mode Size Blocks Time deleted
164821 0 100600 8192 1/1 Sun May 13 19:22:46 2001
.............................................................................................
36137 0 100644 4 1/1 Tue Apr 24 10:11:15 2001
196829 0 100644 149500 38/38 Mon May 27 13:52:04 2001
Debugfs:
The first field is the file node number, the second field is the file owner, the third field is the read and write permissions, and the next is the file size, number of blocks, and deletion time. Then we can determine what we need based on the file size and deletion date. For example, we want to restore a file with a node of 196829:
You can first check the file data status:
Debugfs: stat
Inode: 196829 Type: regular Mode: 0644 Flags: 0x0 Version: 1
User: 0 Group: 0 Size: 149500
File ACL: 0 Directory ACL: 0
Links: 0 Blockcount: 38
Fragment: Address: 0 Number: 0 Size: 0
Time: 0x31a9a574 -- Mon May 27 13:52:04 2001
Atime: 0x31a21dd1 -- Tue May 21 20:47:29 2001
Mtime: 0x313bf4d7 -- Tue Mar 5 08:01:27 2001
Dtime: 0x31a9a574 -- Mon May 27 13:52:04 2001
BLOCKS:
594810 594811 594814 594815 594816 ........................................
TOTAL: 38
Then you can use the dump command to restore the file:
Debugfs: dump/mnt/hda/01.sav
In this way, the file is restored. Exit debugfs:
Debugfs: quit
The above describes the Linux Ext3 file system.

  1. Linux Server hacked knowledge points
  2. Multiple methods for restoring linux passwords
  3. Start the informix service in linux
  4. Analysis of Vsftpd fault solutions in Linux (Part 1)
  5. Analyze the differences between the linux make command and Makefile

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More