【Linux】ext3grep 誤刪恢復

小亮520cl發表於2016-08-31
Linux
ext3grep能夠恢復透過rm -rf刪除的檔案
模擬實驗恢復
1 分割槽狀況
  1. [root@node2 RESTORED_FILES]# df -h
  2. Filesystem Size Used Avail Use% Mounted on
  3. /dev/mapper/VolGroup00-LogVol00
  4.                       5.7G 4.3G 1.2G 80% /
  5. /dev/sda1 99M 12M 82M 13% /boot
  6. tmpfs 147M 0 147M 0% /dev/shm
  7. /dev/sdb1 5.0G 139M 4.6G 3% /ext3dir     ---目標


2 誤刪操作
  1. [root@node2 ext3dir]#  ls
  2. ib_logfile1 mysqlbin.000001 mysql-bin.000003 mysqlbin.000004 mysqlbin.000006 mysql-bin.index mysqld-relay-bin.index zabbix
  3. ibdata1 lost+found mysql-bin.000002 mysqlbin.000003 mysql-bin.000005 mysqlbin.000007 mysqlbin.index node2.err
  4. ib_logfile0 mysql-bin.000001 mysqlbin.000002 mysql-bin.000004 mysqlbin.000005 mysqlbin.000008 mysqld-relay-bin.000001 node2-slow.log
  5. [root@node2 ext3dir]#  rm -rf /ext3dir/*

3 恢復
  1. 趕快對盤umount,防止重新寫入補刪檔案扇區。,安裝(編譯安裝過程艱辛暫且不表)。

  1. *先執行掃描檔名命令:

    1. [root@node2 ~]# ext3grep /dev/sdb1 --dump-names
    2. Running ext3grep version 0.10.1
    3. Number of groups: 40
    4. Minimum / maximum journal block: 841 / 34478
    5. Loading journal descriptors... sorting... done
    6. The oldest inode block that is still in the journal, appears to be from 1472610198 = Wed Aug 31 10:23:18 2016
    7. Number of descriptors in journal: 82; min / max sequence numbers: 2 / 12
    8. Finding all blocks that might be directories.
    9. D: block containing directory start, d: block containing more directory entries.
    10. Each plus represents a directory start that references the same inode as a directory start that we found previously.

    12. Searching group 0: DD++D++
    13. 。。
    14. abbix/trigger_discovery.frm
      zabbix/triggers.frm
      zabbix/user_history.frm
      zabbix/users.frm
      zabbix/users_groups.frm
      zabbix/usrgrp.frm
      zabbix/valuemaps.frm

  1. *執行檔案恢復命令

    1. 這款軟體不能按目錄恢復檔案,只能執行恢復全部命令:
    2. [root@node2 ~]# ext3grep /dev/sdb1 --restore-all
    3. 。。。
    4. 。。。
    5. 注意:(在哪個目錄下執行ext3grep 命令,恢復的資料檔案就在哪個目錄的RESTORED_FILES目錄下)


    *檢查
    1. 已全部恢復
    2. [root@node2 RESTORED_FILES]# pwd
    3. /root/RESTORED_FILES
    4. [root@node2 RESTORED_FILES]# ls
    5. ?? ib_logfile1 mysqlbin.000001 mysql-bin.000003 mysqlbin.000004 mysqlbin.000006 mysql-bin.index mysqld-relay-bin.index zabbix
    6. ibdata1 lost+found mysql-bin.000002 mysqlbin.000003 mysql-bin.000005 mysqlbin.000007 mysqlbin.index node2.err
    7. ib_logfile0 mysql-bin.000001 mysqlbin.000002 mysql-bin.000004 mysqlbin.000005 mysqlbin.000008 mysqld-relay-bin.000001 node2-slow.log


    *恢復單個檔案
    1. [root@node2 ~]# ext3grep /dev/sdb1 --restore-file mysqlbin.000004
    2. Running ext3grep version 0.10.1
    3. WARNING: EXT3_FEATURE_INCOMPAT_RECOVER is set. This either means that your partition is still mounted, and/or the file system is in an unclean state.
    4. Number of groups: 40
    5. Minimum / maximum journal block: 841 / 34478
    6. Loading journal descriptors... sorting... done
    7. The oldest inode block that is still in the journal, appears to be from 1472610198 = Wed Aug 31 10:23:18 2016
    8. Number of descriptors in journal: 82; min / max sequence numbers: 2 / 15
    9. Loading sdb1.ext3grep.stage2... done
    10. Restoring mysqlbin.000004
    11. [root@node2 ~]# ls RESTORED_FILES/
    12. mysqlbin.000004




後續:ext4檔案系統是否支援還沒測試,待續!
參考文件:

http://blog.sina.com.cn/s/blog_96c3ca3a01014qe6.html

來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/29096438/viewspace-2124248/,如需轉載,請註明出處,否則將追究法律責任。

相關文章