作者:cnh4wk
来源:老鹰天下
工作中遇见了,查了网上文章,发现没几个实际能通过的,实在是怒。自己找了软件做了一次实战操作,基本可以保证稳定恢复。
测试环境
[root@localhost ~]# uname -a
Linux localhost.localdomain 2.6.18-8.el5 #1 SMP Fri Jan 26 14:15:21 EST 2007 i686 i686 i386 GNU/Linux
Linux localhost.localdomain 2.6.18-8.el5 #1 SMP Fri Jan 26 14:15:21 EST 2007 i686 i686 i386 GNU/Linux
碧轩附注:其实什么版本的系统无所谓 !
所需的相关库
[root@localhost ~]# rpm -qa |grep e2fsprogs
e2fsprogs-libs-1.39-8.el5
e2fsprogs-1.39-8.el5
e2fsprogs-devel-1.39-8.el5
e2fsprogs-libs-1.39-8.el5
e2fsprogs-1.39-8.el5
e2fsprogs-devel-1.39-8.el5
碧轩附注:必须要有e2fsprogs-libs,不然在后面ext3grep的安装会有问题。
分区情况:
[root@localhost ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
6.2G 1.8G 4.2G 30% /
/dev/sda1 99M 11M 83M 12% /boot
/dev/mapper/VolGroup00-LogVol02
1008M 34M 924M 4% /data
tmpfs 125M 0 125M 0% /dev/shm
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
6.2G 1.8G 4.2G 30% /
/dev/sda1 99M 11M 83M 12% /boot
/dev/mapper/VolGroup00-LogVol02
1008M 34M 924M 4% /data
tmpfs 125M 0 125M 0% /dev/shm
需要软件
http://code.google.com/p/ext3grep/downloads/list
先下载软件
[root@localhost ~]# cd /root/src/
[root@localhost src]# wget http://ext3grep.googlecode.com/files/ext3grep-0.6.0.tar.gz src
[root@localhost src]# ls
ext3grep-0.6.0.tar.gz
[root@localhost src]# tar xfvz ext3grep-0.6.0.tar.gz
[root@localhost ext3grep-0.6.0]# ./configure
[root@localhost ext3grep-0.6.0]# make install
[root@localhost ext3grep-0.6.0]# ext3grep
Running ext3grep version 0.6.0
[root@localhost src]# wget http://ext3grep.googlecode.com/files/ext3grep-0.6.0.tar.gz src
[root@localhost src]# ls
ext3grep-0.6.0.tar.gz
[root@localhost src]# tar xfvz ext3grep-0.6.0.tar.gz
[root@localhost ext3grep-0.6.0]# ./configure
[root@localhost ext3grep-0.6.0]# make install
[root@localhost ext3grep-0.6.0]# ext3grep
Running ext3grep version 0.6.0
编译然后测试可以使用了,一切做好了以后开始我们的恢复过程。
我的目录是/data分区,我先格式化了分区,我放一个文件在根目录下和一个子目录下的文件。
/dev/mapper/VolGroup00-LogVol02 1008M 34M 924M 4% /data
碧轩附注:
其实这里用什么分居无所谓,你也可以模拟一个出来:
PLAIN TEXT
SHELL:
1.
mkdir /bixuan/
2.
cd /bixuan/
3.
dd if=/dev/zero of=disk10 count=2048000
4.
mkfs.ext3 disk10
5.
mkdir -p /dfs/a
6.
mount -o loop /bixuan/disk10 /dfs/a
SHELL:
1.
mkdir /bixuan/
2.
cd /bixuan/
3.
dd if=/dev/zero of=disk10 count=2048000
4.
mkfs.ext3 disk10
5.
mkdir -p /dfs/a
6.
mount -o loop /bixuan/disk10 /dfs/a
拷贝点文件过去
[root@localhost ~]# ]# cp /bin/ls /data/
[root@localhost ~]# ]# cp -rf /bin /data/
[root@localhost ~]# ]# ls -la /data/
total 136
drwxr-xr-x 4 root root 4096 Apr 21 17:37 .
drwxr-xr-x 25 root root 4096 Apr 21 17:11 ..
drwxr-xr-x 2 root root 4096 Apr 21 17:37 bin
drwx—— 2 root root 16384 Apr 21 17:15 lost+found
-rwxr-xr-x 1 root root 93560 Apr 21 17:37 ls
[root@localhost ~]#
[root@localhost ~]# ]# cp -rf /bin /data/
[root@localhost ~]# ]# ls -la /data/
total 136
drwxr-xr-x 4 root root 4096 Apr 21 17:37 .
drwxr-xr-x 25 root root 4096 Apr 21 17:11 ..
drwxr-xr-x 2 root root 4096 Apr 21 17:37 bin
drwx—— 2 root root 16384 Apr 21 17:15 lost+found
-rwxr-xr-x 1 root root 93560 Apr 21 17:37 ls
[root@localhost ~]#
一个子目录一个可执行文件
现在删除ls文件和bin下面的zcat
[root@localhost ~]# rm /data/ls
rm: remove regular file `/data/ls’? y
[root@localhost ~]# rm /data/bin/zcat
rm: remove regular file `/data/bin/zcat’? y
[root@localhost ~]# ls -la /data/ls /data/bin/zcat
ls: /data/ls: No such file or directory
ls: /data/bin/zcat: No such file or directory
rm: remove regular file `/data/ls’? y
[root@localhost ~]# rm /data/bin/zcat
rm: remove regular file `/data/bin/zcat’? y
[root@localhost ~]# ls -la /data/ls /data/bin/zcat
ls: /data/ls: No such file or directory
ls: /data/bin/zcat: No such file or directory
文件没有了然后我们来恢复
首先umount掉分区
[root@localhost ~]# umount /dev/mapper/VolGroup00-LogVol02
[root@localhost ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
6.2G 1.8G 4.2G 30% /
/dev/sda1 99M 11M 83M 12% /boot
tmpfs 125M 0 125M 0% /dev/shm
[root@localhost ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
6.2G 1.8G 4.2G 30% /
/dev/sda1 99M 11M 83M 12% /boot
tmpfs 125M 0 125M 0% /dev/shm
确认卸载,然后使用ext3grep来恢复。
[root@localhost ~]# ext3grep/dev/mapper/VolGroup00-LogVol02 --ls --inode 2
这里会创建扫描分区
碧轩附注:注意这里的–inode 2ext3grep.jpg
[root@localhost ~]# ext3grep /dev/mapper/VolGroup00-LogVol02 --ls --inode 2
[root@localhost ~]# ext3grep /dev/mapper/VolGroup00-LogVol02 --restore-file ls
Running ext3grep version 0.6.0
WARNING: I don’t know what EXT3_FEATURE_COMPAT_EXT_ATTR is.
Number of groups: 8
Minimum / maximum journal block: 585 / 8787
Loading journal descriptors… sorting… done
Number of descriptors in journal: 58; min / max sequence numbers: 2 / 5
Loading VolGroup00-LogVol02.ext3grep.stage2… done
Restoring ls
[root@localhost ~]# ext3grep /dev/mapper/VolGroup00-LogVol02 --restore-file bin/ls
Running ext3grep version 0.6.0
WARNING: I don’t know what EXT3_FEATURE_COMPAT_EXT_ATTR is.
Number of groups: 8
Minimum / maximum journal block: 585 / 8787
Loading journal descriptors… sorting… done
Number of descriptors in journal: 58; min / max sequence numbers: 2 / 5
Loading VolGroup00-LogVol02.ext3grep.stage2… done
Restoring bin/ls
[root@localhost ~]# ls -la RESTORED_FILES/
total 124
drwxr-xr-x 3 root root 4096 Apr 21 18:01 .
drwxr-x— 5 root root 4096 Apr 21 17:55 ..
-rwxr-xr-x 1 root root 93560 Apr 21 17:48 ls
[root@localhost ~]# ext3grep /dev/mapper/VolGroup00-LogVol02 --restore-file bin/zcat
Running ext3grep version 0.6.0
WARNING: I don’t know what EXT3_FEATURE_COMPAT_EXT_ATTR is.
Number of groups: 8
Minimum / maximum journal block: 585 / 8787
Loading journal descriptors… sorting… done
Number of descriptors in journal: 58; min / max sequence numbers: 2 / 5
Loading VolGroup00-LogVol02.ext3grep.stage2… done
Restoring bin/zcat
[root@localhost ~]# ls -la RESTORED_FILES/bin/
total 188
drwxr-xr-x 2 root root 4096 Apr 21 18:01 .
drwxr-xr-x 3 root root 4096 Apr 21 18:01 ..
-rwxr-xr-x 1 root root 62136 Apr 21 17:48 zcat
[root@localhost ~]# ext3grep /dev/mapper/VolGroup00-LogVol02 --restore-file ls
Running ext3grep version 0.6.0
WARNING: I don’t know what EXT3_FEATURE_COMPAT_EXT_ATTR is.
Number of groups: 8
Minimum / maximum journal block: 585 / 8787
Loading journal descriptors… sorting… done
Number of descriptors in journal: 58; min / max sequence numbers: 2 / 5
Loading VolGroup00-LogVol02.ext3grep.stage2… done
Restoring ls
[root@localhost ~]# ext3grep /dev/mapper/VolGroup00-LogVol02 --restore-file bin/ls
Running ext3grep version 0.6.0
WARNING: I don’t know what EXT3_FEATURE_COMPAT_EXT_ATTR is.
Number of groups: 8
Minimum / maximum journal block: 585 / 8787
Loading journal descriptors… sorting… done
Number of descriptors in journal: 58; min / max sequence numbers: 2 / 5
Loading VolGroup00-LogVol02.ext3grep.stage2… done
Restoring bin/ls
[root@localhost ~]# ls -la RESTORED_FILES/
total 124
drwxr-xr-x 3 root root 4096 Apr 21 18:01 .
drwxr-x— 5 root root 4096 Apr 21 17:55 ..
-rwxr-xr-x 1 root root 93560 Apr 21 17:48 ls
[root@localhost ~]# ext3grep /dev/mapper/VolGroup00-LogVol02 --restore-file bin/zcat
Running ext3grep version 0.6.0
WARNING: I don’t know what EXT3_FEATURE_COMPAT_EXT_ATTR is.
Number of groups: 8
Minimum / maximum journal block: 585 / 8787
Loading journal descriptors… sorting… done
Number of descriptors in journal: 58; min / max sequence numbers: 2 / 5
Loading VolGroup00-LogVol02.ext3grep.stage2… done
Restoring bin/zcat
[root@localhost ~]# ls -la RESTORED_FILES/bin/
total 188
drwxr-xr-x 2 root root 4096 Apr 21 18:01 .
drwxr-xr-x 3 root root 4096 Apr 21 18:01 ..
-rwxr-xr-x 1 root root 62136 Apr 21 17:48 zcat
看看都恢复在RESTORED_FILES目录下,大小也一样
碧轩附注:这个RESTORED_FILES目录是执行ext3grep的当前目录下!