关于云计算:Linux恢复删除后数据文件

简介

在应用Linux零碎时，有时候会不小心误删除数据，因为Linux零碎也没有与Windows零碎下回收站相似的性能，个别会认为该文件将无奈找回。
本文次要以CentOS7操作系统为例，介绍如何应用开源工具Extundelete疾速复原被误删除掉的数据。

原理

在Linux下，基于开源的数据恢复工具有很多，常见的有debugfs、R-Linux、ext3grep、extundelete等，比拟罕用的有ext3grep和extundelete，这两个工具的复原原理根本一样，只是extundelete性能更加弱小。

Extundelete是基于linux的开源数据恢复软件，可能利用inode信息联合日志去查问该inode所在的block地位，以次来查找和复原所需的数据，该工具最给力的一点就是反对ext3/ext4双格局分区复原，基于整个磁盘的复原性能较为弱小。

在数据被误删除后，第一工夫要做的是卸载被删除数据所在的磁盘或磁盘分区。因为将文件删除后，仅仅是将文件的inode结点中的扇区指针清零，理论文件还存储在磁盘上，如果磁盘以读写模式挂载，这些已删除的文件的数据块就可能被操作系统重新分配进来，在这些数据块被新的数据笼罩后，这些数据就真的失落了，复原工具也回力无天。所以，以只读模式挂载磁盘能够尽量升高数据块中数据被笼罩的危险，以进步复原数据胜利的几率。

在理论线上复原过程中，切勿将extundelete装置到您误删的文件所在硬盘，这样会有肯定几率将须要复原的数据彻底笼罩，切记操作前做好快照备份。

装置依赖包

yum -y install  bzip2  e2fsprogs-devel  e2fsprogs  gcc-c++  make

部署extundelete工具

wget  http://zy-res.oss-cn-hangzhou.aliyuncs.com/server/extundelete-0.2.4.tar.bz2tar -xvjf extundelete-0.2.4.tar.bz2cd extundelete-0.2.4                                #进入程序目录./configure                                         #如下图示意装置胜利make && make install

默认文件装置在usr/local/bin

创立文件

[root@ecs-prod-wiki extundelete-0.2.4]# mkdir /testDeleteFile[root@ecs-prod-wiki extundelete-0.2.4]# cd /testDeleteFile[root@ecs-prod-wiki testDeleteFile]#  touch helloWorld.txt[root@ecs-prod-wiki testDeleteFile]# echo "hello world" > helloWorld.txt[root@ecs-prod-wiki testDeleteFile]# cat helloWorld.txthello world

记录文件的md5值

md5sum helloWorld.txt6f5902ac237024bdd0c176cb93063dc4  helloWorld.txt

删除文件

[root@ecs-prod-wiki testDeleteFile]# rm helloWorld.txt  -f

来到磁盘

[root@ecs-prod-wiki testDeleteFile]# cd[root@ecs-prod-wiki ~]#

卸载磁盘

完结应用某分区的过程树，保障磁盘没过程应用

[root@ecs-prod-wiki ~]# fuser -k /testDeleteFile/[root@ecs-prod-wiki ~]#

卸载磁盘

[root@ecs-prod-wiki ~]# umount /dev/vdb[root@ecs-prod-wiki ~]#

任何的文件复原工具，在应用前，均要将要复原的分区卸载或挂载为只读，避免数据被笼罩应用

应用Extundelete工具复原文件

• 查找删除的文件

[root@ecs-prod-wiki ~]# extundelete --inode 2 /dev/vdbNOTICE: Extended attributes are not restored.Loading filesystem metadata ... 160 groups loaded.Group: 0Contents of inode 2:0000 | ed 41 00 00 00 10 00 00 74 bd 89 5c 23 be 89 5c | .A......t..\#..\0010 | 23 be 89 5c 00 00 00 00 00 00 03 00 08 00 00 00 | #..\............0020 | 00 00 08 00 0a 00 00 00 0a f3 01 00 04 00 00 00 | ................0030 | 00 00 00 00 00 00 00 00 01 00 00 00 21 24 00 00 | ............!$..0040 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................0050 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................0060 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................0070 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................0080 | 1c 00 00 00 c8 05 c3 b3 c8 05 c3 b3 ac 60 11 00 | .............`..0090 | 0a bc 89 5c 00 00 00 00 00 00 00 00 00 00 00 00 | ...\............00a0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................00b0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................00c0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................00d0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................00e0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................00f0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................Inode is AllocatedFile mode: 16877Low 16 bits of Owner Uid: 0Size in bytes: 4096Access time: 1552530804Creation time: 1552530979Modification time: 1552530979Deletion Time: 0Low 16 bits of Group Id: 0Links count: 3Blocks count: 8File flags: 524288File version (for NFS): 0File ACL: 0Directory ACL: 0Fragment address: 0Direct blocks: 127754, 4, 0, 0, 1, 9249, 0, 0, 0, 0, 0, 0Indirect block: 0Double indirect block: 0Triple indirect block: 0File name                                       | Inode number | Deleted status.                                                 2..                                                2lost+found                                        11helloWorld.txt                                    12             Deleted

为查找某i节点中的内容，应用2则阐明为整个分区搜寻，如果须要进入目录搜寻，只须要指定目录I节点即可。这是能够看到删除的文件名和inode

• 复原文件

[root@ecs-prod-wiki ~]# /usr/local/bin/extundelete  --restore-inode 12  /dev/vdbNOTICE: Extended attributes are not restored.Loading filesystem metadata ... 160 groups loaded.Loading journal descriptors ... 58 descriptors loaded.

此时会在执行命令的同级目录下呈现RECOVERED_FILES目录，查看是否复原。

[root@ecs-prod-wiki ~]# ll RECOVERED_FILES/总用量 4-rw-r--r-- 1 root root 12 3月  14 10:42 file.12

• 通过md5值查看文件是否一样

[root@ecs-prod-wiki ~]# md5sum RECOVERED_FILES/file.16f5902ac237024bdd0c176cb93063dc4  RECOVERED_FILES/file.12  ## helloWorld.txt文件的md5值请参阅 3.3.4节，其具体值为:  6f5902ac237024bdd0c176cb93063dc4  helloWorld.txt

--restore-inode 12 # --restore-inode 按指定的I节点复原
--extundelete --restore-all # --restore-all 全副复原

原创作者：爱折腾的邦邦

本文由博客群发一文多发等经营工具平台 OpenWrite 公布