153 lines
6.8 KiB
HTML
153 lines
6.8 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
|
|
<HTML>
|
|
<HEAD>
|
|
<META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9">
|
|
<TITLE>Linux Ext2fs Undeletion mini-HOWTO: Introduction</TITLE>
|
|
<LINK HREF="Ext2fs-Undeletion-2.html" REL=next>
|
|
|
|
<LINK HREF="Ext2fs-Undeletion.html#toc1" REL=contents>
|
|
</HEAD>
|
|
<BODY>
|
|
<A HREF="Ext2fs-Undeletion-2.html">Next</A>
|
|
Previous
|
|
<A HREF="Ext2fs-Undeletion.html#toc1">Contents</A>
|
|
<HR>
|
|
<H2><A NAME="s1">1. Introduction</A></H2>
|
|
|
|
<P>This mini-Howto attempts to provide hints on how to retrieve deleted files
|
|
from an ext2 file system. It also contains a limited amount of discussion of
|
|
how to avoid deleting files in the first place.
|
|
<P>I intend it to be useful certainly for people who have just had, shall we say,
|
|
a little accident with <CODE>rm</CODE>; however, I also hope that people read it
|
|
anyway. You never know: one day, some of the information in here could save
|
|
your bacon.
|
|
<P>The text assumes a little background knowledge about UNIX file systems in
|
|
general; however, I hope that it will be accessible to most Linux users. If
|
|
you are an outright beginner, I'm afraid that undeleting files under Linux
|
|
<EM>does</EM> require a certain amount of technical knowledge and persistence, at
|
|
least for the time being.
|
|
<P>You will be unable to recover deleted files from an ext2 file system without
|
|
at least read access to the raw device on which the file was stored. In
|
|
general, this means that you must be root, but some distributions (such as
|
|
<A HREF="http://www.debian.org/">Debian GNU/Linux</A>) provide a
|
|
<CODE>disk</CODE> group whose members have access to such devices. You also need
|
|
<CODE>debugfs</CODE> from the <CODE>e2fsprogs</CODE> package. This should have been
|
|
installed by your distribution.
|
|
<P>Why have I written this? It stems largely from my own experiences with a
|
|
particularly foolish and disastrous <CODE>rm -r</CODE> command as root. I deleted
|
|
about 97 JPEG files which I needed and could almost certainly not recover from
|
|
other sources. Using some helpful tips (see section
|
|
<A HREF="Ext2fs-Undeletion-15.html#sec-credits">Credits and Bibliography</A>) and a great deal of
|
|
persistence, I recovered 91 files undamaged. I managed to retrieve at least
|
|
parts of five of the rest (enough to see what the picture was in each case).
|
|
Only one was undisplayable, and even for this one, I am fairly sure that no
|
|
more than 1024 bytes were lost (though unfortunately from the beginning of the
|
|
file; given that I know nothing about the JFIF file format I had done as much
|
|
as I could).
|
|
<P>I shall discuss further below what sort of recovery rate you can expect for
|
|
deleted files.
|
|
<P>
|
|
<H2><A NAME="ss1.1">1.1 Revision history</A>
|
|
</H2>
|
|
|
|
<P>The various publicly-released revisions of this document (and their
|
|
publication dates) are as follows:
|
|
<P>
|
|
<UL>
|
|
<LI>v1.0 on 18 January 1997
|
|
</LI>
|
|
<LI>v1.1 on 23 July 1997 (see section
|
|
<A HREF="#sec-v1.1">Changes in version 1.1</A>)
|
|
</LI>
|
|
<LI>v1.2 on 4 August 1997 (see section
|
|
<A HREF="#sec-v1.2">Changes in version 1.2</A>)
|
|
</LI>
|
|
<LI>v1.3 on 2 February 1999 (see section
|
|
<A HREF="#sec-v1.3">Changes in version 1.3</A>)
|
|
</LI>
|
|
</UL>
|
|
<P>
|
|
<H3><A NAME="sec-v1.1"></A> Changes in version 1.1</H3>
|
|
|
|
<P>What changes have been made in this version? First of all, the thinko in
|
|
the example of file recovery has been fixed. Thankyou to all those who wrote
|
|
to point out my mistaek; I hope I've learned to be more careful when making up
|
|
program interaction.
|
|
<P>Secondly, the discussion of UNIX file system layout has been rewritten to be, I
|
|
hope, more understandable. I wasn't entirely happy with it in the first place,
|
|
and some people's comments indicated that it wasn't clear.
|
|
<P>Thirdly, the vast uuencoded gzipped tarball of <CODE>fsgrab</CODE> in the middle of the
|
|
file has been removed. The program is now available on
|
|
<A HREF="http://pobox.com/~aaronc/tech/fsgrab-1.2.tar.gz">my website</A>
|
|
and on
|
|
<A HREF="http://metalab.unc.edu/pub/Linux/utils/file/">Metalab</A>
|
|
(and mirrors).
|
|
<P>Fourthly, the document has been translated into the Linux Documentation
|
|
Project SGML Tools content markup language. This markup language can be
|
|
easily converted to any of a number of other markup languages (including
|
|
HTML and LaTeX) for convenient display and printing. One benefit of this is
|
|
that beautiful typography in paper editions is a much more achievable goal;
|
|
another is that the document has cross-references and hyperlinks when viewed
|
|
on the Web.
|
|
<P>
|
|
<H3><A NAME="sec-v1.2"></A> Changes in version 1.2</H3>
|
|
|
|
<P>This revision is very much an incremental change. It's here mainly to
|
|
include changes suggested by readers, one of which is particularly important.
|
|
<P>The first change was suggested by Egil Kvaleberg
|
|
<CODE>
|
|
<A HREF="mailto:egil@kvaleberg.no">egil@kvaleberg.no</A></CODE>,
|
|
who pointed out the <CODE>dump</CODE> command in <CODE>debugfs</CODE>. Thanks again, Egil.
|
|
<P>The second change is to mention the use of <CODE>chattr</CODE> for avoiding deleting
|
|
important files. Thanks to Herman Suijs
|
|
<CODE>
|
|
<A HREF="mailto:H.P.M.Suijs@kub.nl">H.P.M.Suijs@kub.nl</A></CODE>
|
|
for mentioning this one.
|
|
<P>The abstract has been revised. URLs have been added for organisations and
|
|
software. Various other minor changes have been made (including fixing typos
|
|
and so on).
|
|
<P>
|
|
<H3><A NAME="sec-v1.3"></A> Changes in version 1.3</H3>
|
|
|
|
<P>Though it is the first release in 17 months, there is very little that is
|
|
new here. This release merely fixes a few minor errors (typos, dangling
|
|
URLs, that sort of thing -- especially the non-link to the Open Group), and
|
|
updates a few parts of the text that have become hopelessly out-of-date,
|
|
such as the material on kernel versions and on <CODE>lde</CODE>. Oh, and I've
|
|
changed `Sunsite' to `Metalab' throughout.
|
|
<P>This release is anticipated to be the last one before release 2.0, which
|
|
will hopefully be a full Howto. I have been working on some substantial
|
|
changes which will justify an increment of the major version number.
|
|
<P>
|
|
<H2><A NAME="ss1.2">1.2 Canonical locations of this document</A>
|
|
</H2>
|
|
|
|
<P>The latest public release of this document should always be available in
|
|
on the
|
|
<A HREF="http://metalab.unc.edu/LDP/">Linux Documentation Project site</A>
|
|
(and mirrors).
|
|
<P>The latest release is also kept on
|
|
<A HREF="http://pobox.com/~aaronc/">my website</A>
|
|
in several formats:
|
|
<P>
|
|
<UL>
|
|
<LI>
|
|
<A HREF="http://pobox.com/~aaronc/tech/e2-undel/howto.sgml">SGML source</A>.
|
|
This is the source as I have written it, using the SGML Tools package.</LI>
|
|
<LI>
|
|
<A HREF="http://pobox.com/~aaronc/tech/e2-undel/html/">HTML</A>.
|
|
This is HTML, automatically generated from the SGML source.</LI>
|
|
<LI>
|
|
<A HREF="http://pobox.com/~aaronc/tech/e2-undel/howto.txt">Plain text</A>.
|
|
This is plain text, which is also automatically generated from the SGML
|
|
source.</LI>
|
|
</UL>
|
|
<P>
|
|
<P>
|
|
<HR>
|
|
<A HREF="Ext2fs-Undeletion-2.html">Next</A>
|
|
Previous
|
|
<A HREF="Ext2fs-Undeletion.html#toc1">Contents</A>
|
|
</BODY>
|
|
</HTML>
|