if a process still holds the file in memory you can recover the deleted file.
# create a file with some data, tail and follow it, leaving the process running.
[root@localhost ~]# touch daniels.a
[root@localhost ~]# echo "hello" > daniels.a
[root@localhost ~]# tail -f daniels.a
hello
# now remove the file from another session.
[root@localhost ~]# ls
anaconda-ks.cfg bin daniels.a install.log install.log.syslog scripts sysctl-adds
[root@localhost ~]# rm -rf daniels.a
# locate the open process still holding the inode.
[root@localhost ~]# ps ax| grep tail
12254 pts/1 S+ 0:00 tail -f daniels.a
# lsof shows the inode(3) and process id(12254), and the pointer to the removed file.
[root@localhost ~]# lsof | grep daniels.a
tail 12254 root 3r REG 253,0 6 491553 /root/daniels.a (deleted)
[root@localhost ~]# ls daniels.a
ls: daniels.a: No such file or directory
# locate the inode using process and inode to build a recovery file.
[root@localhost ~]# ls -l /proc/12254/fd/3
lr-x------ 1 root root 64 Oct 3 19:40 /proc/12254/fd/3 -> /root/daniels.a (deleted)
[root@localhost ~]# cat /proc/12254/fd/3
hello
[root@localhost ~]# ls
anaconda-ks.cfg bin install.log install.log.syslog scripts sysctl-adds
[root@localhost ~]# cp /proc/12254/fd/3 daniels.b
[root@localhost ~]# cat daniels.b
hello
enjoy...
No comments:
Post a Comment