1,环境准备
OS :Centos 5.7 x86
安装gcc e2fsprogs-libs
2下载安装ext3grep
http://ext3grep.googlecode.com/files/ext3grep-0.10.2.tar.gz
tar zxvf ext3grep-0.10.2.tar.gz
cd ext3grep-0.10.2
make
make install
3,测试删除重要文件
虚拟机上添加一块硬盘测试,删除新创建的文件
Fdisk /dev/sdb
mkfs.ext3 /dev/sdb1
mount /dev/sdb1 /ext3grep
echo "aa" >> /ext3grep/aa.txt
echo "bb" >> /ext3grep/bb.txt
echo "cc" >> /ext3grep/cc.txt
rm –f /ext3grep/*
4,恢复,其中—indoe 2 中的2是目录ID,可以用ls -id /ext3grep/ 查询到
(查询)
[root@hasee-pc /]# ext3grep /dev/sdb1 --ls --inode 2
Running ext3grep version 0.10.2
WARNING: EXT3_FEATURE_INCOMPAT_RECOVER is set. This either means that your partition is still mounted, and/or the file system is in an unclean state.
Number of groups: 23
Loading group metadata... done
Minimum / maximum journal block: 689 / 17091
Loading journal descriptors... sorting... done
The oldest inode block that is still in the journal, appears to be from 1328114530 = Thu Feb 2 00:42:10 2012
Number of descriptors in journal: 60; min / max sequence numbers: 8 / 31
Inode is Allocated
Loading sdb1.ext3grep.stage2... done
The first block of the directory is 683.
Inode 2 is directory "".
Directory block 683:
.-- File type in dir_entry (r=regular file, d=directory, l=symlink)
| .-- D: Deleted ; R: Reallocated
Indx Next | Inode | Deletion time Mode File name
==========+==========+----------------data-from-inode------+-----------+=========
0 1 d 2 drwxr-xr-x .
1 end d 2 drwxr-xr-x ..
2 3 r 11 D 1328116412 Thu Feb 2 01:13:32 2012 rrw-r--r-- aa.txt
3 4 r 12 D 1328116412 Thu Feb 2 01:13:32 2012 rrw-r--r-- bb.txt
4 end r 13 D 1328116412 Thu Feb 2 01:13:32 2012 rrw-r--r-- cc.txt
恢复指定文件:
[root@hasee-pc /]# ext3grep /dev/sdb1 --restore-file aa.txt
Running ext3grep version 0.10.2
Number of groups: 23
Minimum / maximum journal block: 689 / 17091
Loading journal descriptors... sorting... done
The oldest inode block that is still in the journal, appears to be from 1328114530 = Thu Feb 2 00:42:10 2012
Number of descriptors in journal: 56; min / max sequence numbers: 8 / 32
Loading sdb1.ext3grep.stage2... done
Restoring aa.txt
[root@hasee-pc /]# ext3grep /dev/sdb1 --restore-file bb.txt
Running ext3grep version 0.10.2
Number of groups: 23
Minimum / maximum journal block: 689 / 17091
Loading journal descriptors... sorting... done
The oldest inode block that is still in the journal, appears to be from 1328114530 = Thu Feb 2 00:42:10 2012
Number of descriptors in journal: 56; min / max sequence numbers: 8 / 32
Loading sdb1.ext3grep.stage2... done
Restoring bb.txt
[root@hasee-pc /]# ext3grep /dev/sdb1 --restore-file cc.txt
Running ext3grep version 0.10.2
Number of groups: 23
Minimum / maximum journal block: 689 / 17091
Loading journal descriptors... sorting... done
The oldest inode block that is still in the journal, appears to be from 1328114530 = Thu Feb 2 00:42:10 2012
Number of descriptors in journal: 56; min / max sequence numbers: 8 / 32
Loading sdb1.ext3grep.stage2... done
Restoring cc.txt
恢复全部文件:
[root@hasee-pc /]# ext3grep /dev/sdb1 --restore-all
Running ext3grep version 0.10.2
Number of groups: 23
Minimum / maximum journal block: 689 / 17091
Loading journal descriptors... sorting... done
The oldest inode block that is still in the journal, appears to be from 1328114530 = Thu Feb 2 00:42:10 2012
Number of descriptors in journal: 56; min / max sequence numbers: 8 / 32
Loading sdb1.ext3grep.stage2... done
Restoring .kk.txt.swp
Restoring aa.txt
Restoring bb.txt
Restoring cc.txt