Almost 2 years back I wrote about recovering deleted text file with grep command under UNIX or Linux.
Michael Stutz shows us how to recover deleted files using lsof command.
From the article:
There you are, happily playing around with an audio file you’ve spent all afternoon tweaking, and you’re thinking, “Wow, doesn’t it sound great? Lemme just move it over here.” At that point your subconscious chimes in, “Um, you meant mv, not rm, right?” Oops. I feel your pain — this happens to everyone. But there’s a straightforward method to recover your lost file, and since it works on every standard Linux system, everyone ought to know how to do it.
Briefly, a file as it appears somewhere on a Linux filesystem is actually just a link to an inode, which contains all of the file’s properties, such as permissions and ownership, as well as the addresses of the data blocks where the file’s content is stored on disk. When you rm a file, you’re removing the link that points to its inode, but not the inode itself; other processes (such as your audio player) might still have it open. It’s only after they’re through and all links are removed that an inode and the data blocks it pointed to are made available for writing.
This delay is your key to a quick and happy recovery: if a process still has the file open, the data’s there somewhere, even though according to the directory listing the file already appears to be gone.
Read more at Linux.com
However recovering files under Linux is still hard work for new admins. I highly recommend backing up files regularly and storing backup offsite.
32 comment
i think the OS files in my solaris server have been deleted accidentally.i would like to know if there is any way to recover the files.
I delete a whole data in home folder by rm -rf * then
how i recover the data pls reply me
Is is not correct, This is for open-deleted files
I delete a whole folder which having data by rm -rf * then
how i recover the data pls reply me
thx in adv – madan
I accidently deleted a whole folder from my home directory.
How i recover my lost data plz reply
Here I give you a link with a useful tip
http://tips-debian.blogspot.com/2008/04/recover-erased-data-ext2ext3.html
I want recover the deleted files and directory command. Please help me give proceture.
Hi Guys,
Accidentaly I deleted all of my folders using
rm -rf *
It contained some important data. I need those
data back.Can any body help me in this regard.
Thanks in advance,
Manoj.
This is a nice site which can help us in urgent.
Some one destroyed all my vpses now I want to recover data please help me how to recover that data.
System->Administration->Software Sources. From the terminal I installed Foremost:
sudo apt-get install foremost
You need to know your target partition’s path to recover from it. I simply started System-Administration->Partition Editor and saw the the home partition is /dev/sda1.
Let’s recover some JPEG images:
sudo foremost -t jpeg -i /dev/sda1
This command causes Foremost to create a directory called output and put every file it can recover in. This could take a while.
You don’t actually link to the article on Linux.com, it’s here: http://www.linux.com/articles/58142
By mistake i delete my file by rm command, file name is myprog.tgz. This file contains all my programs. Can any one help me for recover this file.
Hi,
I just managed to recover a script, that was still running in an endless loop, but I deleted the File:
./doit &
rm doit
lsof | grep doit (you get the PID, you get the INUM also, but that did not help)
cat /proc//fd/255 (outputs the script)
the editor deleted the PID, use this:
cp /proc/PID/fd/255 recovered
hello
Actually I have deleted a file by using “shift+delete”..
i want to recover it
m using fedora core 10
please help
thank you in advance
Hi Manoj,
If you follow step by step from this site you might recover the file.
http://www.cyberciti.biz/tips/linuxunix-recover-deleted-files.html
That guides to have you in a level than try to search your directory or file either by grep or locate command.
Regards,
I delete a whole data in home folder by rm -rf * then
how i recover the data pls reply me at the earliest possible. I am in mess….
I have moved files from a directory to a computer on the network and have since discovered that the drive they were moved to is bad. It is my sense that moving and deleting are largely the same process, is there a best way to recover the files from the directory they were moved from? THANKS! -jim-
i have deleted one important files on lamp server.
is there any idea to recover that files from server.
plssssss replyyyyyy m n messsss
Hi.
Like some other people I did something very stupid.
I deleted my home directory using the following command:
userdel -r pedro
After I read your article I approached the problem in the following way:
lsof | grep /home/pedro
I receive a four line answer:
bash 4414 root cwd DIR 8,2 0 8085505 /home/pedro (deleted)
lsof 5650 root cwd DIR 8,2 0 8085505 /home/pedro (deleted)
grep 5651 root cwd DIR 8,2 0 8085505 /home/pedro (deleted)
lsof 5652 root cwd DIR 8,2 0 8085505 /home/pedro (deleted)
Is there any possibility to recover the whole directory by setting some values manually.
Please write back,
Pedro
How to recover the Deleted files in linux(edubuntu)
please accidentally i deleted my important folder
hi
i have some files deleted from linux and i want to recover it with orginal names>>
can any one help me to do that?
thanks
i deleted a folder(opt) with command rm -r foldername in linux.now i want bring it back.how can i bring it back?can u help me in this plz…..
Hello all,
All the files in my directory has been accidentally deleted on an SGI server using the rm -r command. None of the files are backed up. Please, can anyone help me out with possibility of recovering my files? It will highly be appreciated and acknowledged. Thanks.
in my centos server configuration files has been deleted due to accident. i want to recover that files tell me how can i recover those files.
Hi Guys,
Accidentaly I deleted all of my file using
rm -rf *
It contained some important data. I need those
data back.Can any body help me in this regard.
Thanks in advance,
Madhukar kumar.
Hi,
You could use TestDisk and PhotoRec for linux distro to recover all data.
download it from : http://www.cgsecurity.org/wiki/TestDisk_Download
Regards,
Hatami.
Hi
Accidentaly I deleted all of my folders using
rm -rf * in suse linux9 environment
It contained some important data. I need those
data back.Can any body help me in this regard.
Thanks in advance,
sai.
Hi
I trash some files and folders from desktop in Linux , I want to restore it then how to do with it.
Plz relpy
Hi Guys,
Accidentaly I deleted all of my folders using
rm -rf ~/
It contained some important data. I need those
data back.Can any body help me in this regard.
Thanks in advance,
Kailash Suthar
Hi,
Thanks a ton! the article helped me a lot.. accidentally deleted a very important file .. recovered like a charm.. Thanks again!