【Linux】ext3grep 誤刪恢復

1. [root@node2 RESTORED_FILES]# df -h
   
2. Filesystem Size Used Avail Use% Mounted on
   
3. /dev/mapper/VolGroup00-LogVol00
   
4.                       5.7G 4.3G 1.2G 80% /
   
5. /dev/sda1 99M 12M 82M 13% /boot
   
6. tmpfs 147M 0 147M 0% /dev/shm
   
7. /dev/sdb1 5.0G 139M 4.6G 3% /ext3dir     ---目標

1. [root@node2 ext3dir]#  ls
   
2. ib_logfile1 mysqlbin.000001 mysql-bin.000003 mysqlbin.000004 mysqlbin.000006 mysql-bin.index mysqld-relay-bin.index zabbix
   
3. ibdata1 lost+found mysql-bin.000002 mysqlbin.000003 mysql-bin.000005 mysqlbin.000007 mysqlbin.index node2.err
   
4. ib_logfile0 mysql-bin.000001 mysqlbin.000002 mysql-bin.000004 mysqlbin.000005 mysqlbin.000008 mysqld-relay-bin.000001 node2-slow.log
   
5. [root@node2 ext3dir]#  rm -rf /ext3dir/*

1. 趕快對盤umount，防止重新寫入補刪檔案扇區。，安裝（編譯安裝過程艱辛暫且不表）。
   

1. *先執行掃描檔名命令：

1. 1. [root@node2 ~]# ext3grep /dev/sdb1 --dump-names
      
   2. Running ext3grep version 0.10.1
      
   3. Number of groups: 40
      
   4. Minimum / maximum journal block: 841 / 34478
      
   5. Loading journal descriptors... sorting... done
      
   6. The oldest inode block that is still in the journal, appears to be from 1472610198 = Wed Aug 31 10:23:18 2016
      
   7. Number of descriptors in journal: 82; min / max sequence numbers: 2 / 12
      
   8. Finding all blocks that might be directories.
      
   9. D: block containing directory start, d: block containing more directory entries.
      
   10. Each plus represents a directory start that references the same inode as a directory start that we found previously.
       
   11. 
       
   12. Searching group 0: DD++D++
   13. 。。
   14. abbix/trigger_discovery.frm
       zabbix/triggers.frm
       zabbix/user_history.frm
       zabbix/users.frm
       zabbix/users_groups.frm
       zabbix/usrgrp.frm
       zabbix/valuemaps.frm
       
       

1. *執行檔案恢復命令

1. 1. 這款軟體不能按目錄恢復檔案，只能執行恢復全部命令：
      
   2. [root@node2 ~]# ext3grep /dev/sdb1 --restore-all
   3. 。。。
   4. 。。。
   5. 注意：（在哪個目錄下執行ext3grep 命令，恢復的資料檔案就在哪個目錄的RESTORED_FILES目錄下）
   
   
   *檢查
   
   1. 已全部恢復
   2. [root@node2 RESTORED_FILES]# pwd
      
   3. /root/RESTORED_FILES
      
   4. [root@node2 RESTORED_FILES]# ls
      
   5. ?? ib_logfile1 mysqlbin.000001 mysql-bin.000003 mysqlbin.000004 mysqlbin.000006 mysql-bin.index mysqld-relay-bin.index zabbix
      
   6. ibdata1 lost+found mysql-bin.000002 mysqlbin.000003 mysql-bin.000005 mysqlbin.000007 mysqlbin.index node2.err
      
   7. ib_logfile0 mysql-bin.000001 mysqlbin.000002 mysql-bin.000004 mysqlbin.000005 mysqlbin.000008 mysqld-relay-bin.000001 node2-slow.log
   
   
   *恢復單個檔案
   
   1. [root@node2 ~]# ext3grep /dev/sdb1 --restore-file mysqlbin.000004
   2. Running ext3grep version 0.10.1
      
   3. WARNING: EXT3_FEATURE_INCOMPAT_RECOVER is set. This either means that your partition is still mounted, and/or the file system is in an unclean state.
      
   4. Number of groups: 40
      
   5. Minimum / maximum journal block: 841 / 34478
      
   6. Loading journal descriptors... sorting... done
      
   7. The oldest inode block that is still in the journal, appears to be from 1472610198 = Wed Aug 31 10:23:18 2016
      
   8. Number of descriptors in journal: 82; min / max sequence numbers: 2 / 15
      
   9. Loading sdb1.ext3grep.stage2... done
      
   10. Restoring mysqlbin.000004
       
   11. [root@node2 ~]# ls RESTORED_FILES/
       
   12. mysqlbin.000004