本节所讲内容:
Linux文件的基本操作
恢复Linux下误删除的文件
创建文件、查看,删除文件
touch
作用:常用来创建空文件
语法: touch 文件名
#touch test.txt
mkdir
作用:创建目录
语法:mkdir 目录名
例: mkdir /tmp/test
[root@xuegod63 ~]# mkdir -p test/a/b/c
-p 连同父目录一起创建
语法:cat 文件名
例:
cat /etc/passwd
复制文件:
cp
作用:复制文件
语法:cp 源文件 目标文件
例:
[root@xuegod63 ~]# cp /etc/passwd /tmp/test/
[root@xuegod63 ~]# ls /tmp/test/passwd
/tmp/test/passwd
[root@xuegod63 ~]# cp -r /boot/grub/ /tmp/test/
-r 包含子目录和文件
删除文件和文件夹
rm -rf 文件名或目录名
-r 递归删除(可以删除目录和目录里面的东西)
-f 强行删除
[root@xuegod63 ~]# rm -rf /tmp/test/
注:以 这种删除后,能不能恢复。 能:1 不能:2
Linux ext4文件系统上删除文件,可以恢复: extundelete
windows恢复误删除的文件: final data v2.0 汉化版 和 easyrecovery
扩展:
Linux文件系统由三部分组成:文件名,inode,block
windows也由这三部分组成。
a.txt -->inode -> block
文件名 存放文件元数据信息 真正存放数据
查看文件文件名:
[root@xuegod63 ~]# cp /etc/passwd a.txt
[root@xuegod63 ~]# ls a.txt
- txt
- 对于系统来说,文件名只是inode号码便于识别的别称或者绰号
Inode节点
存放比如文件的创建者、文件的创建日期、文件的大小等等。这种储存文件元信息的区域就叫做inode
中文译名为"索引节点"。
查看inode号:?
[root@localhost ~]# stat a.txt
File: "a.txt"
Size: 1338 Blocks: 8 IO Block: 4096 普通文件
Device: fd00h/64768dInode: 144331 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2016-09-22 23:07:48.889204926 +0800
Modify: 2016-09-22 23:16:00.433198037 +0800
Change: 2016-09-22 23:16:00.433198037 +0800
block块:真正存储数据的地方 磁盘
逻辑删除:
为什么删除比复制快?
实质删除只是删除了文件名
误删除文件后,第一件事要做什么???
如何避免误删除的文件内容被覆盖???
卸载需要恢复文件的分区或以只读的方式挂载 目的:不在向此分区写入数据避免覆盖之前的数据
注:删除时,只删除了文件名。 另外,我们可以从inode中读出文件名的名字,所以通过inode可以恢复。
准备测试分区:
[root@localhost ~]# fdisk /dev/sdb
Device contains neither a valid DOS partition table, nor Sun, SGI or OSF disklabel
Building a new DOS disklabel with disk identifier 0x3e60339f.
Changes will remain in memory only, until you decide to write them.
After that, of course, the previous content won't be recoverable.
Warning: invalid flag 0x0000 of partition table 4 will be corrected by w(rite)
WARNING: DOS-compatible mode is deprecated. It's strongly recommended to
switch off the mode (command 'c') and change display units to
sectors (command 'u').
Command (m for help): m
Command action
a toggle a bootable flag
b edit bsd disklabel
c toggle the dos compatibility flag
d delete a partition
l list known partition types
m print this menu
n add a new partition
o create a new empty DOS partition table
p print the partition table
q quit without saving changes
s create a new empty Sun disklabel
t change a partition's system id
u change display/entry units
v verify the partition table
w write table to disk and exit
x extra functionality (experts only)
Command (m for help): p
Disk /dev/sdb: 10.7 GB, 10737418240 bytes
255 heads, 63 sectors/track, 1305 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x3e60339f
Device Boot Start End Blocks Id System
Command (m for help): n
Command action
e extended
p primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-1305, default 1):
Using default value 1
Last cylinder, +cylinders or +size{K,M,G} (1-1305, default 1305): +2G
Command (m for help): p
Disk /dev/sdb: 10.7 GB, 10737418240 bytes
255 heads, 63 sectors/track, 1305 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x3e60339f
Device Boot Start End Blocks Id System
/dev/sdb1 1 262 2104483+ 83 Linux
Command (m for help): w
The partition table has been altered!
Calling ioctl() to re-read partition table.
Syncing disks.
[root@xuegod63 ~]# partx -a /dev/sdb #获得新分区表
或
[root@xuegod63 ~]#reboot
[root@localhost ~]# mkfs.ext4 /dev/sdb1
mke2fs 1.41.12 (17-May-2010)
文件系统标签=
操作系统:Linux
块大小=4096 (log=2)
分块大小=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
131648 inodes, 526120 blocks
26306 blocks (5.00%) reserved for the super user
第一个数据块=0
Maximum filesystem blocks=541065216
17 block groups
32768 blocks per group, 32768 fragments per group
7744 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912
正在写入inode表: 完成
Creating journal (16384 blocks): 完成
Writing superblocks and filesystem accounting information: 完成
This filesystem will be automatically checked every 30 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.
使用新的分区表:
[root@xuegod63 /]# mkdir /tmp/sdb1 #创建挂载点
[root@xuegod63 ~]# mount /dev/sdb1 /tmp/sdb1/ #挂载
查看挂载情况
[root@xuegod63 ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda2 9.7G 3.8G 5.5G 41% /
tmpfs 569M 264K 569M 1% /dev/shm
/dev/sda1 194M 28M 157M 15% /boot
/dev/sr0 3.4G 3.4G 0 100% /mnt
/dev/sdb1 1012M 34M 928M 4% /tmp/sdb1
复制一些测试文件,然后把这些文件再删除:
[root@xuegod63 ~]# cp /etc/passwd /tmp/sdb1/
[root@xuegod63 ~]# cp /etc/hosts /tmp/sdb1/
[root@xuegod63 ~]# echo aaa > a.txt
[root@xuegod63 ~]# mkdir -p /tmp/sdb1/a/b/c
[root@xuegod63 ~]# cp a.txt /tmp/sdb1/a/
[root@xuegod63 ~]# cp a.txt /tmp/sdb1/a/b/
[root@xuegod63 ~]# touch /tmp/sdb1/a/b/kong.txt
[root@localhost ~]# tree /tmp/sdb1/
/tmp/sdb1/
├── a
│ ├── a.txt
│ └── b
│ ├── a.txt
│ ├── c
│ └── kong.txt
├── hosts
├── lost+found
└── passwd
删除文件:
[root@xuegod63 ~]# cd /tmp/sdb1/
[root@xuegod63 sda4]# ls
a hosts lost+found passwd
[root@xuegod63 sda4]# rm -rf a hosts passwd
如何避免误删除的文件内容被覆盖???
卸载需要恢复文件的分区:或以只读的方式挂载
[root@localhost ~]# umount /tmp/sdb1
上传extundelete到linux中:
从windows上传extundelete文件到linux,安装xshell 或者CRT
[root@xuegod63 ~]# rpm -ivh /mnt/Packages/lrzsz-0.12.20-27.1.el6.x86_64.rpm
安装后,就有了rz命令和sz命令
rz : 上传windows中的文件到linux
sz :将linux中的文件传到windows
解压并安装extundelet
[root@xuegod63 extundelete-0.2.4]# tar jxvf extundelete-0.2.4.tar.bz2
yum -y install e2fslibs*
[root@xuegod63 ~]# cd extundelete-0.2.4
[root@xuegod63 extundelete-0.2.4]# ls
acinclude.m4 autogen.sh configure depcomp LICENSE Makefile.in README
[root@xuegod63 extundelete-0.2.4]# ./configure #检查系统安装环境
Configuring extundelete 0.2.4
configure: error: Can't find ext2fs library
[root@xuegod64 extundelete-0.2.4]# echo $?
1
一个快捷方式:yum install e2fsprogs-devel -y
[root@localhost extundelete-0.2.4]# ./configure
Configuring extundelete 0.2.4
Writing generated files to disk
[root@localhost extundelete-0.2.4]# echo $?
0
[root@localhost extundelete-0.2.4]# make && make install
make -s all-recursive
Making all in src
extundelete.cc:571: 警告:未使用的参数‘flags’
Making install in src
/usr/bin/install -c extundelete '/usr/local/bin'
[root@localhost extundelete-0.2.4]# echo $?
0
开始恢复:
方法1:通过inode结点恢复
方法二:通过文件名恢复
方法三:恢复某个目录,如目录a下的所有文件:
方法四:恢复所有的文件
[root@xuegod63 test]# extundelete /dev/sdb1 --inode 2
File name | Inode number | Deleted status
. 2
.. 2
lost+found 11
passwd 12 Deleted
hosts 13 Deleted
a 14 Deleted
方法1:通过inode结点恢复
[root@localhost test]# extundelete /dev/sdb1 --restore-inode 12
NOTICE: Extended attributes are not restored.
Loading filesystem metadata ... 17 groups loaded.
Loading journal descriptors ... 62 descriptors loaded.
[root@localhost test]# ls
RECOVERED_FILES
[root@localhost test]# ls RECOVERED_FILES/
file.12
[root@localhost test]# diff /etc/passwd RECOVERED_FILES/file.12
# 没有任何输出,说明一样
方法二,通过文件名恢复
[root@localhost test]# extundelete /dev/sdb1 --restore-file hosts
NOTICE: Extended attributes are not restored.
Loading filesystem metadata ... 17 groups loaded.
Loading journal descriptors ... 62 descriptors loaded.
Successfully restored file hosts
[root@localhost test]# ls RECOVERED_FILES/
file.12 hosts
[root@localhost test]# cat RECOVERED_FILES/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
方法三:恢复某个目录,如目录a下的所有文件:
[root@xuegod63 test]# extundelete /dev/sdb1 --restore-directory a
[root@localhost test]# tree
.
└── RECOVERED_FILES
├── a
│ ├── a.txt
│ └── b
│ └── a.txt
├── file.12
└── hosts
3 directories, 4 files
对比一开始创建的目录结构
[root@localhost ~]# tree /tmp/sdb1/
/tmp/sdb1/
├── a
│ ├── a.txt
│ └── b
│ ├── a.txt
│ ├── c #空目录
│ └── kong.txt #空目录
├── hosts
├── lost+found
└── passwd
空文件或文件夹是不能恢复
方法四:恢复所有的文件
[root@xuegod63 test]# extundelete /dev/sdb1 --restore-all
[root@xuegod64 ~]# tree RECOVERED_FILES/
RECOVERED_FILES/
├── a
│ ├── a.txt
│ ├── a.txt.v1
│ └── b
│ ├── a.txt
│ └── a.txt.v1
├── file.12
├── hosts
├── hosts.v1
└── passwd
2 directories, 8 files
总结:
方法1:通过inode结点恢复 --restore-inode
方法二:通过文件名恢复 --restore-file
方法三:恢复某个目录,如目录a下的所有文件: --restore-directory
方法四:恢复所有的文件 --restore-all
Cd 讲课风格:1