ext3grepでrm -rf 誤操作削除されたファイルを復元
1.ext3grepのインストール
[root@localhost ~]# rpm -qa|grep e2fs
e2fsprogs-devel-1.39-23.el5_5.1
e2fsprogs-libs-1.39-23.el5_5.1
e2fsprogs-1.39-23.el5_5.1
e2fsprogs-libs-1.39-23.el5_5.1
2.ext3grepパッケージのインストール
wget http://code.google.com/p/ext3grep/downloads/detail?name=ext3grep-0.10.2.tar.gz
3.解凍、コンパイル、インストール
tar zxf ext3grep-0.10.2.tar.gz
cd ext3grep-0.10.2
./configure –prefix=/usr/local/ext3grep
make
make install
4.rm -rf データを削除
[root@localhost ~]# mkdir /disk
[root@localhost ~]# mkdir /virtual
[root@localhost ~]# dd if=/dev/zero of=/virtual/disk1 conut=102400
[root@localhost ~]# mkfs -t ext3 /vittual/disk1
[root@localhost ~]# mount -o loop /virtual/disk1 /disk
[root@localhost ~]# echo “this is a ext3grep test,thank you” >/disk/ext3grep-test.txt
rm –rf /disk/*
5.復元されたファイルを保存するための特別なディレクトリを作成
mkdir restore
cd restore
6.ファイルを復元する手順
[root@localhost restore]# /usr/local/ext3grep/bin/ext3grep /virtual/disk –ls –inode 2
.– File type in dir_entry (r=regular file, d=directory, l=symlink)
| .– D: Deleted ; R: Reallocated
Indx Next | Inode | Deletion time Mode File name
==========+==========+—————-data-from-inode——+———–+=========
0 1 d 2 drwxr-xr-x .
1 end d 2 drwxr-xr-x ..
2 end d 11 D 1340620814 Mon Jun 25 18:40:14 2013 drwx—— lost+found
3 end r 12 D 1340620814 Mon Jun 25 18:40:14 2013 rrw-r–r– ext3grep-test.txt
7.復元開始
[root@localhost restore]# /usr/local/ext3grep/bin/ext3grep /virtual/disk –restore-file ext3grep-test.txt
Running ext3grep version 0.10.2
WARNING: I don’t know what EXT3_FEATURE_COMPAT_EXT_ATTR is.
Number of groups: 7
Minimum / maximum journal block: 16616 / 20729
Loading journal descriptors… sorting… done
The oldest inode block that is still in the journal, appears to be from 1340620763 = Mon Jun 25 18:39:23 2013
Number of descriptors in journal: 20; min / max sequence numbers: 2 / 5
Writing output to directory RESTORED_FILES/
Loading disk.ext3grep.stage2… done
Restoring ext3grep-test.txt