If you rum rm command accidentally and deleted important a file, recovery becomes critical under Linux and/or UNIX oses.
Since Linux is multiuser and multitasking operating system other users/process can overwrite deleted file disk space. So you need to take down system to single user mode.
First use wall (only the super-user can write on the terminals of users) command write a message to all users, then use init (process control initialization) command to take system to single user mode.
Following are generic steps to recover text files.
First use wall command to tell user that system is going down in a single user mode:
System is going down to .... please save your work.
Press CTRL+D to send message.
Next use init 1 command to take system to a single user mode:
# init 1
Using grep (traditional UNIX way) to recover files
Use following grep syntax:
grep -b ‘search-text’ /dev/partition > file.txt
grep -a -B[size before] -A[size after] ‘text’ /dev/[your_partition] > file.txt
- -i : Ignore case distinctions in both the PATTERN and the input files i.e. match both uppercase and lowercase character.
- -a : Process a binary file as if it were text
- -B Print number lines/size of leading context before matching lines.
- -A: Print number lines/size of trailing context after matching lines.
To recover text file starting with “nixCraft” word on /dev/sda1 you can try following command:
# grep -i -a -B10 -A100 'nixCraft' /dev/sda1 > file.txt
Next use vi to see file.txt. This method is ONLY useful if deleted file is text file. If you are using ext2 file system, try out recover command. .
- See Recover homepage for more information
🐧 Get the latest tutorials on Linux, Open Source & DevOps via:
|Category||List of Unix and Linux commands|
|Firewall||Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04|
|Network Utilities||dig • host • ip • nmap|
|OpenVPN||CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04|
|Package Manager||apk • apt|
|Processes Management||bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time|
|Searching||grep • whereis • which|
|User Information||groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w|
|WireGuard VPN||Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04|