|
|
Linux is as solid an operating system will ever use as you – but that doesn't mean that the hardware where you do it equally sound. Hard drives are file systems are as susceptible to errors. And no matter how stable an OS, you can't prevent accidental deletion of files, folders. But don't despair: Linux is equipped with a number of tools that you can repair deleted file system errors and reclaim.
What tools? To begin, e2fsck, scalpel and lsof get the most. Let us see how each of these can be used to help your file systems, free of errors and share your files from accidental deletion.
Ext2/ext3-/ Ext4 filesystems check with e2fsckThe e2fsck utility takes the original UNIX fsck utility, but uses the ext2/ext3-/ Ext4 family of file systems to check. It is used to verify and repairing filesystems were down, have Uncleanly or otherwise developed errors.
A problem that is most users face, operate the e2fsck tool only to unmounted partitions. This can cause problems when the file system check is also that you are working. Many recommend that your current system to run level 1 command (run as the user with administrative privileges):
Init 1
However, I recommend you take a step further and use a Live distro like Puppy Linux, Knoppix, your distribution live CD, if any. By booting into a live distribution of your hard disks to be mounted and can safely check for errors. However you must ensure that that you want to change 1 and then unmount the partition to run level, you check the live distribution to use. For example, say you want to check partition/dev/sdb1. To do so would 1 first on runlevel (command shown above), and then run the command switch:
Umount/dev/sdb1
They are displayed with the target partition ready to start the check run. Doing this you give the command:
e2fsck-y / dev/sdb1
The option-y assumes the answer "Yes" to all questions, is the command you will present. Depending on the size of the disk and the amount this repair may take quite some time errors on your drive. Once the repair process is complete, you can always lead you to re-examine the command if no errors were missing. If the drive clean can into your normal system restart (if you are running a live CD e2fsck, remember to remove the disk when the live) or remount the unmounted partition.
Restore deleted filesNow let us look at the process of restoring files deleted. The reason for this even is, is that a file is actually only a link to an inode on disk. This inode contains information for the file. If you delete a file literally break the link to the inode, so can the file really only not found. The actual inode itself remains on your hard drive... but only temporarily. Provided as long as a process that deleted file open is the inode for writing available. So, this method has actually a deadline, and pretty quickly at that time. The key to this recovery is the/proc directory. Every process on your system has a directory within / proc, listed by its name. When you run the command ls/proc, you see a bunch of directories with numeric names as well as the directories and files names that trust should look. The most important directories are named numerically. These figures are process IDs (PIDs) of running applications. Use always the PS command to find the PID of the application you are looking for.
After you correct process in / proc found may have to grab the data from the correct directory and save it again. File restored. Take a look at the entire process. This is shown with a fairly simple example that you can pretty easily extend.
We create a file (say, it is a bash script or configuration file) called Test_file. Create this file with the command:
"This is my test document" cat >
View the Original article
