Jump to content

Linux file recovery


Recommended Posts

My gf, who's new to linux, accidentally deleted 80% of her var directory when she was trying to configure her sound card on BT5 R2. So, now its like she can root into the system but the desktop won't load. She tried installing foremost and testdisk using the apt-get cmd. The system apparently can't execute the cmd since the dependencies are missing, which ironically were in the var directory. What would be the best way to recover the lost directory. The videos on on YouTube adv Foremost. The msg boards recommend a USB testdisk/Foremost approach. Whats the best way to back-up the existing files (bkup directory) from the cmdline and re-store the lost directory?

Edited by logicalconfusion
Link to comment
Share on other sites

Should probably start with doing this.

echo "alias rm="echo Not again you!" >> ~/.bashrc

Honestly though, if you've lost that much you're pretty much SOL. You can try booting from a USB live disk and trying to recover from the live disks /var, but you're better off just reformatting and starting clean. You'll spend more time trying to fix what's broken than you would reinstalling everything.

Edited by ShadowBlade72
Link to comment
Share on other sites

Backup important files, format, reinstall, restore important files.

Link to comment
Share on other sites

This is a nightmare! I got two apps from sourceforge, testdisk and extundelete. Both appear as source code files, so it's like I can't compile them with gcc on my BT5 R2. I don't think gcc is a part of the distro. any suggestions? I managed to back up the files using samba...now its time to play recovery.

Edited by logicalconfusion
Link to comment
Share on other sites

I tried to reaching out using apt-get friend. Linux is a system, unlike windows, that gives root way too many privileges w/out warning. Once the var directory 's gone that's it! The system's pretty much dead in the water. Luckily, she toyed enough to create a backdoor on the LAN(pretty primitive backdoor), so I got all her nude pics off the system. Now the hard part is compiling the source. Do you guys know of any pre-compiled solutions. Please help I'm not going to get a good midniteshake until this is back up and running...

Edited by logicalconfusion
Link to comment
Share on other sites

I'm confused, why not compile the source from a live disk? Why are you trying to use your already broken system to fix it?

Also, root does not have too many unwarned privileges. Root isn't supposed to be used as a normal user account. It's for system administration purposes. If you want to avoid accidentally deleting important files as root do an rm -i instead.

Or do this to enable interactive mode by default.

su -

echo alias rm="rm -i" > ~/.bashrc

Edited by ShadowBlade72
Link to comment
Share on other sites

I highly suggest backing up and re-installing as Digip said. Forget trying to restore things, this is just easier to do.

I also suggest that if your gf is new to Linux BT might not be the best place to start. Especially not using the root user.

Setting rm -> rm-i might be a good idea if this is the kind of thing to be likely to happen again.

Anyway, as said: Back up, remember any changes you made to software etc. Re-install.

Link to comment
Share on other sites

Woah! Stop. Take a step back.

The first thing you should do whenever you have a situation where data might have been lost is to STOP USING THE DISK. In most implementations, the 'rm' command works by simply un-linking the files. That is, the data is still on the disk but the references to the data are gone. Since the references are gone, the places where the data is actually written is marked as 'available' and any new files that are created or modified can be written into those locations. So if you want to recover your data, you have to stop writing to the disk and recover it before it gets overwritten.

The best way to do this is by booting up a LiveCD/USB that already has the tools you need (something like SystemRescueCD). The other thing to remember is that you won't be able to recover the files directly onto the source disk, you will need a second hard drive with enough free space to write the recovered files to. (Otherwise the recovered files may overwrite files that haven't been recovered yet.)

The specifics of recovering files may depend on which filesystem you are using and how 'rm' was implemented. If you used a secure 'rm' that immediately overwrites the un-linked files with random bits then you're not going to be able to recover the data with software tools, you'll need special forensic recovery hardware (and even then there is no guarantee).

From skimming this thread, it sounds like the only realistic option you have left at this point is to backup your /home directory and re-install the OS.

Link to comment
Share on other sites

I agree. Its not worth it to run SysRescueCD at this point. I managed to backup most of my files. Its just amazing how linux works when a directory like var gets deleted. I never thought I would be able to use Samba to backup files. I mean, the shit didn't even mount a USB drive from the cmd line or d/l files using a network cmd like apt-get. Now I definitely want to experiment with bkup and recovery utilities just to see how it works behind the scenes. I'll screw around by deleting and attempting to back up files on a VM. You're right, data is never really gone until its over-written( the bytes on the disk have to change). She actually didn't use rm at all. Nautilus can be used to remove system files just like rm by holding down the shift key. I'll write a small blog on recovering files soon. Imagine if D-BAN was implemented at the OS level....file recovery would be a pipe-dream!

Edited by logicalconfusion
Link to comment
Share on other sites

Well, that doesn't sound good at all, just backup whatever you can and re-install everything again.

Link to comment
Share on other sites

I checked distrowatch.com. There's no utility like Hiren's bootdisk for Linux. any recommendations?

One way you can go about backing up the stuff, is using a live CD to boot off your computer, and then once booted, you will need to mount your Linux Partitions and copy all data from the mounted partition into an USB hard drive. And then reinstall the OS again.

Edited by Infiltrator
Link to comment
Share on other sites

I checked distrowatch.com. There's no utility like Hiren's bootdisk for Linux. any recommendations?

http://www.sysresccd.org/SystemRescueCd_Homepage

Or really, any distro's install CD would probably provide all the tools you need. I've used Slackware install CDs to recover Ubuntu systems. Even a stripped-down environment like the Debian or Gentoo net-install discs often have all the tools you need.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...