logicalconfusion Posted January 13, 2013 Share Posted January 13, 2013 (edited) My gf, who's new to linux, accidentally deleted 80% of her var directory when she was trying to configure her sound card on BT5 R2. So, now its like she can root into the system but the desktop won't load. She tried installing foremost and testdisk using the apt-get cmd. The system apparently can't execute the cmd since the dependencies are missing, which ironically were in the var directory. What would be the best way to recover the lost directory. The videos on on YouTube adv Foremost. The msg boards recommend a USB testdisk/Foremost approach. Whats the best way to back-up the existing files (bkup directory) from the cmdline and re-store the lost directory? Edited January 13, 2013 by logicalconfusion Quote Link to comment Share on other sites More sharing options...
ShadowBlade72 Posted January 13, 2013 Share Posted January 13, 2013 (edited) Should probably start with doing this. echo "alias rm="echo Not again you!" >> ~/.bashrc Honestly though, if you've lost that much you're pretty much SOL. You can try booting from a USB live disk and trying to recover from the live disks /var, but you're better off just reformatting and starting clean. You'll spend more time trying to fix what's broken than you would reinstalling everything. Edited January 13, 2013 by ShadowBlade72 Quote Link to comment Share on other sites More sharing options...
digip Posted January 13, 2013 Share Posted January 13, 2013 Backup important files, format, reinstall, restore important files. Quote Link to comment Share on other sites More sharing options...
no42 Posted January 13, 2013 Share Posted January 13, 2013 You can always try http://extundelete.sourceforge.net There is no guarantee, this will be successful! Fairly good walkthrough http://garbers.co.za/2010/12/15/recovering-recently-deleted-files-from-an-ext3ext4-with-journaling-partition/ Quote Link to comment Share on other sites More sharing options...
logicalconfusion Posted January 14, 2013 Author Share Posted January 14, 2013 Thanks for the links. The hard part now is configuring vsftp via cmdline to backup existing files. I'll give it a shot... Quote Link to comment Share on other sites More sharing options...
logicalconfusion Posted January 15, 2013 Author Share Posted January 15, 2013 (edited) This is a nightmare! I got two apps from sourceforge, testdisk and extundelete. Both appear as source code files, so it's like I can't compile them with gcc on my BT5 R2. I don't think gcc is a part of the distro. any suggestions? I managed to back up the files using samba...now its time to play recovery. Edited January 15, 2013 by logicalconfusion Quote Link to comment Share on other sites More sharing options...
no42 Posted January 15, 2013 Share Posted January 15, 2013 apt-get build-essentials ??? Quote Link to comment Share on other sites More sharing options...
logicalconfusion Posted January 15, 2013 Author Share Posted January 15, 2013 (edited) I tried to reaching out using apt-get friend. Linux is a system, unlike windows, that gives root way too many privileges w/out warning. Once the var directory 's gone that's it! The system's pretty much dead in the water. Luckily, she toyed enough to create a backdoor on the LAN(pretty primitive backdoor), so I got all her nude pics off the system. Now the hard part is compiling the source. Do you guys know of any pre-compiled solutions. Please help I'm not going to get a good midniteshake until this is back up and running... Edited January 16, 2013 by logicalconfusion Quote Link to comment Share on other sites More sharing options...
ShadowBlade72 Posted January 15, 2013 Share Posted January 15, 2013 (edited) I'm confused, why not compile the source from a live disk? Why are you trying to use your already broken system to fix it?Also, root does not have too many unwarned privileges. Root isn't supposed to be used as a normal user account. It's for system administration purposes. If you want to avoid accidentally deleting important files as root do an rm -i instead. Or do this to enable interactive mode by default. su - echo alias rm="rm -i" > ~/.bashrc Edited January 16, 2013 by ShadowBlade72 Quote Link to comment Share on other sites More sharing options...
Sebkinne Posted January 16, 2013 Share Posted January 16, 2013 I highly suggest backing up and re-installing as Digip said. Forget trying to restore things, this is just easier to do. I also suggest that if your gf is new to Linux BT might not be the best place to start. Especially not using the root user. Setting rm -> rm-i might be a good idea if this is the kind of thing to be likely to happen again. Anyway, as said: Back up, remember any changes you made to software etc. Re-install. Quote Link to comment Share on other sites More sharing options...
logicalconfusion Posted January 16, 2013 Author Share Posted January 16, 2013 yea! why bother. I think i'll just re-install. I'll test exundelete on the new system. Thanks! :D Quote Link to comment Share on other sites More sharing options...
Sitwon Posted January 16, 2013 Share Posted January 16, 2013 Woah! Stop. Take a step back. The first thing you should do whenever you have a situation where data might have been lost is to STOP USING THE DISK. In most implementations, the 'rm' command works by simply un-linking the files. That is, the data is still on the disk but the references to the data are gone. Since the references are gone, the places where the data is actually written is marked as 'available' and any new files that are created or modified can be written into those locations. So if you want to recover your data, you have to stop writing to the disk and recover it before it gets overwritten. The best way to do this is by booting up a LiveCD/USB that already has the tools you need (something like SystemRescueCD). The other thing to remember is that you won't be able to recover the files directly onto the source disk, you will need a second hard drive with enough free space to write the recovered files to. (Otherwise the recovered files may overwrite files that haven't been recovered yet.) The specifics of recovering files may depend on which filesystem you are using and how 'rm' was implemented. If you used a secure 'rm' that immediately overwrites the un-linked files with random bits then you're not going to be able to recover the data with software tools, you'll need special forensic recovery hardware (and even then there is no guarantee). From skimming this thread, it sounds like the only realistic option you have left at this point is to backup your /home directory and re-install the OS. Quote Link to comment Share on other sites More sharing options...
logicalconfusion Posted January 16, 2013 Author Share Posted January 16, 2013 (edited) I agree. Its not worth it to run SysRescueCD at this point. I managed to backup most of my files. Its just amazing how linux works when a directory like var gets deleted. I never thought I would be able to use Samba to backup files. I mean, the shit didn't even mount a USB drive from the cmd line or d/l files using a network cmd like apt-get. Now I definitely want to experiment with bkup and recovery utilities just to see how it works behind the scenes. I'll screw around by deleting and attempting to back up files on a VM. You're right, data is never really gone until its over-written( the bytes on the disk have to change). She actually didn't use rm at all. Nautilus can be used to remove system files just like rm by holding down the shift key. I'll write a small blog on recovering files soon. Imagine if D-BAN was implemented at the OS level....file recovery would be a pipe-dream! Edited January 17, 2013 by logicalconfusion Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted January 17, 2013 Share Posted January 17, 2013 Well, that doesn't sound good at all, just backup whatever you can and re-install everything again. Quote Link to comment Share on other sites More sharing options...
logicalconfusion Posted January 17, 2013 Author Share Posted January 17, 2013 I checked distrowatch.com. There's no utility like Hiren's bootdisk for Linux. any recommendations? Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted January 18, 2013 Share Posted January 18, 2013 (edited) I checked distrowatch.com. There's no utility like Hiren's bootdisk for Linux. any recommendations? One way you can go about backing up the stuff, is using a live CD to boot off your computer, and then once booted, you will need to mount your Linux Partitions and copy all data from the mounted partition into an USB hard drive. And then reinstall the OS again. Edited January 18, 2013 by Infiltrator Quote Link to comment Share on other sites More sharing options...
Sitwon Posted January 18, 2013 Share Posted January 18, 2013 I checked distrowatch.com. There's no utility like Hiren's bootdisk for Linux. any recommendations? http://www.sysresccd.org/SystemRescueCd_Homepage Or really, any distro's install CD would probably provide all the tools you need. I've used Slackware install CDs to recover Ubuntu systems. Even a stripped-down environment like the Debian or Gentoo net-install discs often have all the tools you need. Quote Link to comment Share on other sites More sharing options...
logicalconfusion Posted January 18, 2013 Author Share Posted January 18, 2013 Neat! I didn't know that this particular distro was available. Looks like its worth adding to my arsenal. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.