作業系統版本:CentOS release 6.4 (Final) 軟體版本:extundelete-0.2.4.tar.bz2
PS:該軟體恢復檔案系統僅支援ext2/ext3/ext4
1.使用rz命令上傳extundelete-0.2.4.tar.bz2到/tmp資料夾下並解壓軟體。
[root@localhost tmp]# tar -jxvf extundelete-0.2.4.tar.bz2
2.進入到extundelete解壓的目錄下面,執行編譯安裝。
[root@localhost test]# cd /tmp [root@localhost tmp]# ls extundelete-0.2.4 lrzsz-0.12.20 pulse-0Wu68Rqve4hx extundelete-0.2.4.tar.bz2 lrzsz-0.12.20.tar.gz virtual-root.b6Z0Gt [root@localhost tmp]# cd extundelete-0.2.4 [root@localhost extundelete-0.2.4]# ./configure Configuring extundelete 0.2.4 configure: error: Can`t find ext2fs library #根據提示找到ext2fs庫檔案進行安裝,執行yum -y install e2fsprogs e2fsprogs-libs e2fsprogs-devel [root@localhost extundelete-0.2.4]# ./configure Configuring extundelete 0.2.4 Writing generated files to disk
[root@localhost extundelete-0.2.4]# make make -s all-recursive Making all in src [root@localhost extundelete-0.2.4]# make install Making install in src /usr/bin/install -c extundelete `/usr/local/bin`
3.新新增一塊硬碟/dev/sdb1並劃分割槽格式化掛載到/test,新建檔案和目錄如下。
[root@localhost /]# tree test
test
├── 1.txt
├── a
│ ├── a.txt
│ └── b
│ ├── a.txt
│ └── c
│ ├── a.txt
│ └── d
├── a.txt
├── hosts
├── kong.txt
├── lost+found
└── passwd
5 directories, 8 files
4.進入到掛載目錄/test,然後刪除掛載點裡面的檔案並解除安裝磁碟。
[root@localhost /]# rm -rf a a.txt 1.txt hosts kong.txt passwd
[root@localhost /]# ls /test
lost+found
[root@localhost /]# umount /test
5.使用extundelete檢視/dev/sdb1目錄和檔案的inode號。
[root@localhost ~]# extundelete /dev/sdb1 --inode 2 NOTICE: Extended attributes are not restored. Loading filesystem metadata ... 41 groups loaded. Group: 0 Contents of inode 2: 0000 | ed 41 00 00 00 10 00 00 f4 6e 9d 5a f2 6e 9d 5a | .A.......n.Z.n.Z 0010 | f2 6e 9d 5a 00 00 00 00 00 00 03 00 08 00 00 00 | .n.Z............ 0020 | 00 00 00 00 00 00 00 00 39 03 00 00 00 00 00 00 | ........9....... 0030 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 0040 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 0050 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 0060 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 0070 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 0080 | 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 0090 | bd 68 9d 5a 00 00 00 00 00 00 00 00 00 00 00 00 | .h.Z............ 00a0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00b0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00c0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00d0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00e0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00f0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ Inode is Allocated File mode: 16877 Low 16 bits of Owner Uid: 0 Size in bytes: 4096 Access time: 1520266996 Creation time: 1520266994 Modification time: 1520266994 Deletion Time: 0 Low 16 bits of Group Id: 0 Links count: 3 Blocks count: 8 File flags: 0 File version (for NFS): 0 File ACL: 0 Directory ACL: 0 Fragment address: 0 Direct blocks: 825, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 Indirect block: 0 Double indirect block: 0 Triple indirect block: 0 File name | Inode number | Deleted status . 2 .. 2 lost+found 11 1.txt 12 Deleted a 8017 Deleted hosts 13 Deleted passwd 14 Deleted a.txt 15 Deleted kong.txt 16 Deleted
6.使用extundelete命令進行檔案和目錄的恢復。
(1)通過inode號恢復(檔名會有變更);
[root@localhost test]# extundelete /dev/sdb1 --restore-inode 12 NOTICE: Extended attributes are not restored. Loading filesystem metadata ... 41 groups loaded. Loading journal descriptors ... 101 descriptors loaded. [root@localhost test]# ls RECOVERED_FILES [root@localhost test]# cd RECOVERED_FILES/ [root@localhost RECOVERED_FILES]# ls file.12 [root@localhost RECOVERED_FILES]# cat file.12 1111
(2)通過檔名恢復;
[root@localhost RECOVERED_FILES]# extundelete /dev/sdb1 --restore-file passwd NOTICE: Extended attributes are not restored. Loading filesystem metadata ... 41 groups loaded. Loading journal descriptors ... 101 descriptors loaded. Successfully restored file passwd [root@localhost RECOVERED_FILES]# cd RECOVERED_FILES/ [root@localhost RECOVERED_FILES]# cat passwd root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
(3)通過目錄名稱恢復(空目錄是不會被恢復的);
[root@localhost test]# extundelete /dev/sdb1 --restore-directory a
NOTICE: Extended attributes are not restored.
Loading filesystem metadata ... 41 groups loaded.
Loading journal descriptors ... 101 descriptors loaded.
Searching for recoverable inodes in directory a ...
13 recoverable inodes found.
Looking through the directory structure for deleted files ...
7 recoverable inodes still lost.
[root@localhost test]# ls
RECOVERED_FILES
[root@localhost test]# cd RECOVERED_FILES/
[root@localhost RECOVERED_FILES]# ls
a
[root@localhost RECOVERED_FILES]# tree a
a
├── a.txt
└── b
├── a.txt
└── c
└── a.txt
2 directories, 3 files
(4)恢復所有檔案和目錄,不包括空檔案和空目錄;
[root@localhost test]# extundelete /dev/sdb1 --restore-all NOTICE: Extended attributes are not restored. Loading filesystem metadata ... 41 groups loaded. Loading journal descriptors ... 101 descriptors loaded. Searching for recoverable inodes in directory / ... 13 recoverable inodes found. Looking through the directory structure for deleted files ... 1 recoverable inodes still lost. [root@localhost test]# ls RECOVERED_FILES [root@localhost test]# cd RECOVERED_FILES/ [root@localhost RECOVERED_FILES]# ls 1.txt a a.txt hosts kong.txt passwd [root@localhost RECOVERED_FILES]# tree . ├── 1.txt ├── a │ ├── a.txt │ └── b │ ├── a.txt │ └── c │ └── a.txt ├── a.txt ├── hosts ├── kong.txt └── passwd