Linux recover deleted files with lsof command - howto
Almost 2 years back I wrote about recovering deleted text file with grep command under UNIX or Linux.
Michael Stutz shows us how to recover deleted files using lsof command.
From the article:
There you are, happily playing around with an audio file you've spent all afternoon tweaking, and you're thinking, "Wow, doesn't it sound great? Lemme just move it over here." At that point your subconscious chimes in, "Um, you meant mv, not rm, right?" Oops. I feel your pain -- this happens to everyone. But there's a straightforward method to recover your lost file, and since it works on every standard Linux system, everyone ought to know how to do it.
Briefly, a file as it appears somewhere on a Linux filesystem is actually just a link to an inode, which contains all of the file's properties, such as permissions and ownership, as well as the addresses of the data blocks where the file's content is stored on disk. When you rm a file, you're removing the link that points to its inode, but not the inode itself; other processes (such as your audio player) might still have it open. It's only after they're through and all links are removed that an inode and the data blocks it pointed to are made available for writing.
This delay is your key to a quick and happy recovery: if a process still has the file open, the data's there somewhere, even though according to the directory listing the file already appears to be gone.
Read more at Linux.com
However recovering files under Linux is still hard work for new admins. I highly recommend backing up files regularly and storing backup offsite.
Want to stay up to date with the latest Linux tips, news and announcements? Subscribe to our free e-mail newsletter or RSS feed to get all updates.
You can Email this page to a friend.
You may also be interested in other helpful articles:
- Linux or UNIX Recover deleted files - undelete files
- Why command df and du reports different output?
- Howto: Recover lost files after you accidentally wipe your hard drive
- Linux: Recovering deleted /etc/shadow password file
- PostgreSQL get back storage occupied by deleted tuples or records
Discussion on This Article:
Leave a Reply
We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!
i think the OS files in my solaris server have been deleted accidentally.i would like to know if there is any way to recover the files.
I delete a whole data in home folder by rm -rf * then
how i recover the data pls reply me
Is is not correct, This is for open-deleted files
I delete a whole folder which having data by rm -rf * then
how i recover the data pls reply me
thx in adv - madan
I accidently deleted a whole folder from my home directory.
How i recover my lost data plz reply
Here I give you a link with a useful tip
http://tips-debian.blogspot.com/2008/04/recover-erased-data-ext2ext3.html
I want recover the deleted files and directory command. Please help me give proceture.
Hi Guys,
Accidentaly I deleted all of my folders using
rm -rf *
It contained some important data. I need those
data back.Can any body help me in this regard.
Thanks in advance,
Manoj.
This is a nice site which can help us in urgent.
Some one destroyed all my vpses now I want to recover data please help me how to recover that data.