This is the 8th day of my participation in Gwen Challenge
Delete the library is impossible to delete the library, this life is impossible to delete the library, delete the root ok? To meet you:
[root@zmgaosh ~]# rm -rf /Rm:"/"Rm: Skip safe mode using --no-preserve-root [root@zmgaosh ~]#
Copy the code
Today we will not delete the database, we will talk about how to delete files by mistake can not recover?
- 能
- Can’t
Which one do you choose? The answer is yes, and if you say no, then we need to start with principle
Mechanism of Deleting files in Linux
A Linux file system consists of three parts: the file name, the inode, and the block
Zmedu. TXT –>inode –> block file name stores file metadata information Stores real data
Files are stored on a hard disk in a unit called a Sector. Each sector stores 512 bytes (equivalent to 0.5KB).
When the operating system reads disks, it does not read disks one by one, which is inefficient. Instead, the operating system reads disks consecutively, that is, one block at a time. This “block”, composed of multiple sectors, is the smallest unit of file access. The most common size of a block is 4KB, that is, eight sectors in a row constitute a block.
File data is stored in “chunks,” so obviously we have to find a place to store the file’s “meta-information,” such as who created the file, the date it was created, the size of the file, and so on. The area where the meta information is stored is called an inode, or “index node” in Chinese.
For any data we access, we first find the inode and then use the inode to find the location of the corresponding hard drive. Without the inode, you can’t find the data on the hard drive.
Where is this inode?
[root@zmgaosh ~]# ls -i b.txt
262170 b.txt
Copy the code
The inode number of B. xt is 262170
– Meta information contained in the inode is as follows:
- Size Indicates the number of bytes in the file
- Uid User ID of the file owner
- Gid Group ID of a file
- Change indicates the time when the inode last changed. Modify indicates the time when the file content last changed. Access indicates the time when the file was last opened
- Links Number of Links, i.e. how many file names point to the inode
- Inode File data block location
- Blocks Blocks
- IO Blocks Block size
- Device Device number
We can also view information about inodes via stat
[root@zmgaosh ~]# stat b.txtFile:"b.txt"Size: 25 Blocks: 8 I/O blocks: 4096 Common file device: FD01H /64769d Inode: 262170 Hard link: 1 Permission: (0644/ -RW-r --r--) Uid: (0 / root) Gid: (0 / root) Recently accessed: 2020-06-19 20:55:34.924697772 +0800 2020-06-19 20:55:34.924697772 +0800 926697790 +0800 Create time: -Copy the code
Knocking on the board: In Linux, file names are simply convenient nicknames for inode numbers, which are used by operating systems to identify files, not file names.
As a user we open a file and the internal flow of the system looks like this:
- The system finds the inode number corresponding to the file name
- Obtain inode information by inode number
- According to the inode information, locate the block where the file data resides and read the data
The same Linux system controls file deletion by the number of links. Deletion means that the link between the file name and the inode is removed, but the file’s block on disk is not removed.
Therefore, if we want to restore, we only need to restore the corresponding inode node number to restore the data, but on the premise that the data is not overwritten. Which begs the question: What’s the first thing we do when we delete a file by mistake?
- Quit to run way
- Unmount the file partition that you want to restore
- The partition to be restored is mounted read-only
Running is not possible running, not in this life!
What do we do if we delete files or data by mistake?
Now that it has happened, as operations we can only handle it, fortunately I encountered it. extundelete
Download it at sourceforge.net/
Experimental ideas:
- Add a new hard disk to the VIRTUAL machine (this hard disk is used to create data, delete data, restore data simulation)
- Partition, format, and mount the new hard disk SDB
- Create data on the new disk, and then delete data
- Restore data
1. Add a hard disk
2. Partition
[root@gaosh63 /]# fdisk /dev/sdb # Partition SDB
Command (m for help): n Create a new partition
Command action
e extended
p primary partition (1-4)
p Create a primary partition
Selected partition 1
Last cylinder, +cylinders or +size{K,M,G} (1428-2610, default 2610): +1G # specify partition size
Command (m for help): w # save
Copy the code
[root@gaosh63 ~]#reboot or [root@gaosh63 ~]# partx -a /dev/sdb
3. Use the new partition table, format and mount:
[root@gaosh63 /]# mkdir/TMP/SDB
[root@gaosh63 ~]Ext4 /dev/sb1
[root@gaosh63 ~]# mount /dev/sdb1/tmp /sdb/
Copy the code
4. Copy some test files, delete them, and demonstrate recovery:
[root@gaosh63 ~]# cp /etc/passwd /tmp/sdb1/
[root@gaosh63 ~]# cp /etc/hosts /tmp/sdb/
[root@gaosh63 ~]# echo aaa > a.txt
[root@gaosh63 ~]# mkdir -p /tmp/sdb/a/b/c
[root@gaosh63 ~]# cp a.txt /tmp/sdb/a/
[root@gaosh63 ~]# cp a.txt /tmp/sdb/a/b/
[root@gaosh63 ~]# touch/TMP/SDB /a/b/text.txt # create an empty file and see if the empty file can be recovered
Copy the code
Start deleting files:
[root@gaosh63 ~]# cd /tmp/sdb/
[root@gaosh63 sdb]# ls
a hosts lost+found passwd
[root@gaosh63 sdb]# rm -rf a hosts passwd
Copy the code
If a file is deleted by mistake, we need to unmount the partition immediately or mount it in read-only mode:
[root@localhost ~]#cd /root
[root@localhost ~]# umount /tmp/sdb
Copy the code
5. Install Extundelet to restore files
1) Upload extundelete to Linux:
2) Unpack and install Extundelte
[root @ gaosh63 extundelete - 0.2.4]# tar JXVF extundelete - 0.2.4. Tar..bz2
[root@gaosh63 ~]# CD extundelete - 0.2.4
[root@gaosh63]# yum install e2fsprogs-devel[root @ gaosh63 extundelete - 0.2.4]#./configure # check the installation environment[root @ gaosh63 extundelete - 0.2.4]# make -j 4[root @ gaosh63 extundelete - 0.2.4]# make install #
Copy the code
3) Try recovery
Method 1: Restore using inode nodes method 2: Restore using file names Method 3: restore a directory, for example, all files in directory A. Method 4: Restore all files
[root@gaosh63 ~]Create a directory to store the restored data
[root@gaosh63 ~]# cd test/
Copy the code
First we need to find the deleted file name through the inode node:
[root@gaosh63 test]# extundelete /dev/sdb1 --inode 2
. 2
lost+found 11
passwd 12 Deleted
hosts 13 Deleted
a 7313 Deleted
Copy the code
Then we started to recover:
Method 1: Restore through the inode node
[root@gaosh63 test]# extundelete /dev/sdb1 --restore-inode 12
NOTICE: Extended attributes are not restored.
Loading filesystem metadata ... 9 groups loaded.
Loading journal descriptors ... 63 descriptors loaded.
[root@gaosh63 test]# ls
RECOVERED_FILES
Copy the code
Check to see if it is the same as the source file:
[root@gaosh63 test]Diff /etc/passwd RECOVERED_FILES/file.12
Copy the code
Method 2: Restore by file name
[root@gaosh63 test]# extundelete /dev/sdb1 --restore-file passwd
[root@gaosh63 test]# diff /etc/passwd RECOVERED_FILES/passwd # diff /etc/passwd RECOVERED_FILES
Copy the code
Method 3: Restore all files in a directory, such as directory A:
[
root@gaosh63 test]# extundelete /dev/sdb1 --restore-directory a
[root@localhost ~]# tree RECOVERED_FILES/RECOVERED_FILES / ├ ─ ─ a │ ├ ─ ─ a.t xt │ └ ─ ─ b │ └ ─ ─ a.t xt ├ ─ ─ file. 12 └ ─ ─ hostsCopy the code
Here is the original directory structure:
├── ── ── ── ── ── ── ── ── ── ── ── ── ── ── ──Copy the code
An empty file cannot be recovered.
Method 4: Restore all files
[root@gaosh63 test]# extundelete /dev/sdb1 --restore-all
Copy the code
Bottom line: Backup data is king
What do you do when data is lost due to data deletion (usually caused by physical file corruption or data deletion caused by RM)?
- If there is abackup, you can use mysqldump+binlog for full restore and xtrabackup for incremental restore
- Without a backup but with a master-slave synchronization, or dual-master structure, you can restore data by promoting the slave to the master
- If your company does not have a backup and does not have a slave library, extunDelete can be used to restore the data.
Bear in mind: any remedial measures are accidents, and will not appear to be too noble. The noble operation and maintenance should do a good job in online and offline operation and maintenance standards to ensure that no operation and maintenance accidents occur.