理论+实操:深入理解Linux文件系统与日志分析

发布时间:2020-07-30 17:02:18 作者:wx5d8b05ec4cbc3
来源:网络 阅读:256

前言:

一 :inode和block概述

1.1 概述

元信息>>>>>>>inode

数据>>>>>>>>>block

一个文件必须占用一个inode,但至少占用一个block

对于磁盘而言,物理层面一个单元的表示形式是扇区

​ 逻辑层面一个单元的表示形式是单元格

删除文件删的是inode,而不是block,当一个新文件的重新写入磁盘,覆盖到被删除文件的block时,才意味着文件的实际删除,所以当误删文件时,第一件事就是不要再在磁盘写入文件,通过数据恢复有可能找回到误删文件

1.2 inode的内容

[root@localhost ~]# cd /opt 
[root@localhost opt]# ls
rh
[root@localhost opt]# touch abc.txt
[root@localhost opt]# vim abc.txt 
[root@localhost opt]# ls -i '查看元信息'
35889299 abc.txt   1420654 rh
[root@localhost opt]# stat abc.txt  ''查看文件详细元信息
  文件:"abc.txt"
  大小:13         块:8          IO 块:4096   普通文件
设备:fd00h/64768d Inode:35889299    硬链接:1
权限:(0644/-rw-r--r--)  Uid:(    0/    root)   Gid:(    0/    root)
环境:unconfined_u:object_r:usr_t:s0
最近访问:2019-11-16 17:57:53.373111661 +0800
最近更改:2019-11-16 17:57:53.373111661 +0800
最近改动:2019-11-16 17:57:53.375111659 +0800
创建时间:-
[root@localhost opt]# df -i '查看挂载点元信息'
文件系统                   Inode 已用(I)  可用(I) 已用(I)% 挂载点
/dev/mapper/centos-root 10485760  125297 10360463       2% /
devtmpfs                  250006     386   249620       1% /dev
tmpfs                     253986       1   253985       1% /dev/shm
tmpfs                     253986     620   253366       1% /run
tmpfs                     253986      16   253970       1% /sys/fs/cgroup
/dev/sda1                3145728     328  3145400       1% /boot
/dev/mapper/centos-home  5242880     286  5242594       1% /home
tmpfs                     253986       9   253977       1% /run/user/42
tmpfs                     253986      16   253970       1% /run/user/0
/dev/sr0                       0       0        0        - /run/media/root/CentOS 7 x86_64
tmpfs                     253986      16   253970       1% /run/user/1000
//192.168.254.10/linuxs        0       0        0        - /aaa

innode 从一定意义上可以代表有多少个文件

全盘恢复数据原理:即在inode不在的情况下,去直接扫描block信息

1.3 文件存储小结

理论+实操:深入理解Linux文件系统与日志分析

permission denied 权限拒绝之意

1.4 inode的大小

1.5 inode的特殊作用

1.6 链接文件

软连接(符号链接) 硬链接
删除原始文件后 失效 仍旧可用
适用范围 适用于文件或目录 只可用于文件
保存位置 与原始文件可以位于不同的文件系统中 必须与原始文件在同一个文件系统(xfs系统,或者ext4等)中,如一个Linux分区内

二、文件恢复

2.1恢复EXT类型的文件

extundelete软件包只能在centos-6或者centos-5使用,因为centos-6的默认文件系统类型是ext4,centos-5的默认文件类型是ext3

2.2 恢复XFS类型的文件

xfsdump --help
xfsdump——帮助
xfsdump: version 3.1.4 (dump format 3.0)
xfsdump:版本3.1.4(转储格式3.0)
xfsdump: usage: xfsdump [ -a (dump DMF dualstate files as offline) ]
xfsdump:用法:xfsdump[-(转储DMF双状态文件为离线)]
[ -b <blocksize> ]
[-b <块大小>]
[ -c <media change alert program> ]
[-c <媒体变更警报程序>]
[ -d <dump media file size> ]
[-d <转储媒体文件大小>]
[ -e (allow files to be excluded) ]
[-e(允许文件被排除)]
[ -f <destination> ...
[-f <目的>…]
]
]
[ -h (help) ]
[-h(帮助)]
[ -l <level> ]
[-l <level>]
[ -m (force usage of minimal rmt) ]
[-m(最低rmt的武力使用)]
[ -o (overwrite tape) ]
[-o(覆写带)]
[ -p <seconds between progress reports> ]
[-p < >进度报告之间的秒数]
[ -q <use QIC tape settings> ]
[-q <使用QIC磁带设置>]
[ -s <subtree> ...
[-s <子树>…]
]
]
[ -t <file> (use file mtime for dump time ]
[-t <文件>(使用文件mtime作为转储时间)]
[ -v <verbosity {silent, verbose, trace}> ]
[-v <verbosity {silent, verbose, trace}>]
[ -z <maximum file size> ]
[-z <最大文件大小>]
[ -A (don't dump extended file attributes) ]
[-(不要转储扩展文件属性)]
[ -B <base dump session id> ]
[-B <基本转储会话id>]
[ -D (skip unchanged directories) ]
[-D(跳过未更改的目录)]
[ -E (pre-erase media) ]
[-E(预删除媒体)]
[ -F (don't prompt) ]
[-F(不要提示)]
[ -I (display dump inventory) ]
[-I(显示转储库存)]
[ -J (inhibit inventory update) ]
[-J(禁止存货更新)]
[ -K (generate format 2 dump) ]
[-K(生成格式2转储)]
[ -L <session label> ]
[-L <会话标签>]
[ -M <media label> ...
[-M <媒体标签>…]
]
]
[ -O <options file> ]
[-O <选项文件>]
[ -R (resume) ]
[-R(简历)]
[ -T (don't timeout dialogs) ]
[-T(不要超时对话框)]
[ -Y <I/O buffer ring length> ]
[-Y <I/O缓冲环长度>]
[ - (stdout) ]
[-(标准版)]
[ <source (mntpnt|device)> ]
[<源(mntpnt|设备)>]

2.3 xfsduymp使用限制

三、日志文件

3.1 日志能功能

3.2 日志文件的分类

理论+实操:深入理解Linux文件系统与日志分析

[root@localhost httpd]# cat access_log '再次查看访问日志,有记录了'
192.168.139.1 - - [16/Nov/2019:20:49:35 +0800] "GET / HTTP/1.1" 403 4897 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36"
192.168.139.1 - - [16/Nov/2019:20:49:35 +0800] "GET /noindex/css/bootstrap.min.css HTTP/1.1" 200 19341 "http://192.168.139.153/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36"
192.168.139.1 - - [16/Nov/2019:20:49:35 +0800] "GET /noindex/css/open-sans.css HTTP/1.1" 200 5081 "http://192.168.139.153/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36"
192.168.139.1 - - [16/Nov/2019:20:49:35 +0800] "GET /images/apache_pb.gif HTTP/1.1" 200 2326 "http://192.168.139.153/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36"
192.168.139.1 - - [16/Nov/2019:20:49:35 +0800] "GET /images/poweredby.png HTTP/1.1" 200 3956 "http://192.168.139.153/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36"
192.168.139.1 - - [16/Nov/2019:20:49:35 +0800] "GET /noindex/css/fonts/Bold/OpenSans-Bold.woff HTTP/1.1" 404 239 "http://192.168.139.153/noindex/css/open-sans.css" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36"
192.168.139.1 - - [16/Nov/2019:20:49:35 +0800] "GET /noindex/css/fonts/Light/OpenSans-Light.woff HTTP/1.1" 404 241 "http://192.168.139.153/noindex/css/open-sans.css" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36"
192.168.139.1 - - [16/Nov/2019:20:49:35 +0800] "GET /favicon.ico HTTP/1.1" 404 209 "http://192.168.139.153/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36"
192.168.139.1 - - [16/Nov/2019:20:49:35 +0800] "GET /noindex/css/fonts/Light/OpenSans-Light.ttf HTTP/1.1" 404 240 "http://192.168.139.153/noindex/css/open-sans.css" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36"
192.168.139.1 - - [16/Nov/2019:20:49:35 +0800] "GET /noindex/css/fonts/Bold/OpenSans-Bold.ttf HTTP/1.1" 404 238 "http://192.168.139.153/noindex/css/open-sans.css" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36"
::1 - - [16/Nov/2019:20:49:43 +0800] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (CentOS) (internal dummy connection)"
::1 - - [16/Nov/2019:20:49:44 +0800] "OPTIONS * HTTP/1.0" 200 - "-" "Apache/2.4.6 (CentOS) (internal dummy connection)"

3.3 日志保存位置

3.4 主要日志文件介绍

理论+实操:深入理解Linux文件系统与日志分析

四、内核及系统日志

4.1 由系统服务 rsyslogd 统一管理

4.2 日志消息的级别

级别 严重程度 解释
0 EMERG(紧急) 会导致主机系统不可用的情况(基本上已经没得救了,开机都开不了,服务器瘫痪这样的严重程度)
1 ALERT(警告) 必须马上采取措施解决的问题(兵临城下,需要立刻解决的)
2 CRIT(严重) 比较严重的情况(严重的错误,比如需要重新安装服务)
3 ERR(错误) 运行出现错误(一般级别都设置在这个位置)
4 WARNING(提醒) 可能会影响系统功能的事件(勤快的都设置在这)
5 NOTICE(注意) 不会影响系统但值得注意
6 INFO(信息) 一般信息
7 DEBUG(调试) 程序或系统调试信息等(做测试使用这个级别)

4.3 日志记录的一般格式

理论+实操:深入理解Linux文件系统与日志分析

五、 用户日志分析

5.1 保存了用户登录、推出系统等相关信息

5.2 分析工具

​ 如果文件未予指定,则使用/var/run/utmp,/var/log/wtmp 是通用的相关文件。

​ -a, --all 等于-b -d --login -p -r -t -T -u 选项的组合
​ -b, --boot 上次系统启动时间
​ -d, --dead 显示已死的进程
​ -H, --heading 输出头部的标题列
​ -l,--login 显示系统登录进程
​ --lookup 尝试通过 DNS 查验主机名
​ -m 只面对和标准输入有直接交互的主机和用户
​ -p, --process 显示由 init 进程衍生的活动进程
​ -q, --count 列出所有已登录用户的登录名与用户数量
​ -r, --runlevel 显示当前的运行级别
​ -s, --short 只显示名称、线路和时间(默认)
​ -T, -w, --mesg 用+,- 或 ? 标注用户消息状态
​ -u, --users 列出已登录的用户
​ --message 等于-T
​ --writable 等于-T
​ --help 显示此帮助信息并退出
​ --version 显示版本信息并退出

[root@localhost httpd]# last
root     pts/0        :0               Sat Nov 16 17:57   still logged in   
gsy      :1           :1               Fri Nov 15 09:45   still logged in   
root     pts/0        :0               Fri Nov 15 09:30 - 17:56 (1+08:26)   
root     :0           :0               Fri Nov 15 09:29   still logged in   
reboot   system boot  3.10.0-693.el7.x Fri Nov 15 09:20 - 20:58 (1+11:38)   
root     pts/0        :0               Fri Nov 15 08:50 - 09:19  (00:28)    
root     :0           :0               Fri Nov 15 08:50 - down   (00:29)    
reboot   system boot  3.10.0-693.el7.x Fri Nov 15 08:49 - 09:19  (00:29)    
root     pts/0        :0               Fri Nov 15 08:32 - 08:47  (00:14)    
root     :0           :0               Fri Nov 15 08:32 - crash  (00:16)    
reboot   system boot  3.10.0-693.el7.x Fri Nov 15 08:31 - 09:19  (00:47)    
reboot   system boot  3.10.0-693.el7.x Thu Nov 14 20:18 - 08:24  (12:06)    
root     pts/0        :0               Thu Nov 14 19:46 - 20:17  (00:31)    
root     :0           :0               Thu Nov 14 19:46 - down   (00:31)    
reboot   system boot  3.10.0-693.el7.x Thu Nov 14 19:45 - 20:17  (00:32)    
root     pts/1        :1               Thu Nov 14 19:11 - 19:42  (00:31)    
root     :1           :1               Thu Nov 14 19:10 - crash  (00:34)    
gsy      pts/1        :0               Thu Nov 14 17:33 - 17:33  (00:00)    
gsy      pts/0        :0               Thu Nov 14 17:26 - 19:42  (02:15)    
gsy      pts/0        :0               Fri Nov  1 08:58 - 08:59  (00:00)    
gsy      pts/0        :0               Wed Oct 23 13:46 - 13:46  (00:00)    
gsy      :0           :0               Wed Oct 23 13:44 - crash (22+06:00)  
reboot   system boot  3.10.0-693.el7.x Wed Oct 23 13:42 - 20:17 (22+06:35)  

wtmp begins Wed Oct 23 13:42:11 2019

5.4 由相应的应用程序独立进行管理

5.5 分析工具

5.6 日志管理策略

日志文件的作用:可以用来判断服务器是否故障、用于备份的作用

小结:

六、实操

6.1:xfs 恢复

新加一块测试盘

理论+实操:深入理解Linux文件系统与日志分析


[root@localhost ~]# init 6  '关机重启'
[root@localhost ~]# fdisk /dev/sdb  '给磁盘分区'
[root@localhost ~]# mkfs.xfs /dev/sdb1  '格式化磁盘'
meta-data=/dev/sdb1              isize=512    agcount=4, agsize=1310656 blks
         =                       sectsz=512   attr=2, projid32bit=1
         =                       crc=1        finobt=0, sparse=0
data     =                       bsize=4096   blocks=5242624, imaxpct=25
         =                       sunit=0      swidth=0 blks
naming   =version 2              bsize=4096   ascii-ci=0 ftype=1
log      =internal log           bsize=4096   blocks=2560, version=2
         =                       sectsz=512   sunit=0 blks, lazy-count=1
realtime =none                   extsz=4096   blocks=0, rtextents=0

[root@localhost ~]# mkdir /ceshi    '创建测试挂载点'
[root@localhost ~]# vim /etc/fstab  '编辑挂载点配置文件'

/dev/mapper/centos-swap swap                    swap    defaults        0 0
/dev/sdb1       /ceshi  xfs     defaults        0       0
:wq
[root@localhost ~]# mount -a    '重新挂载'
[root@localhost ~]# df -Th  '查看'
文件系统                类型      容量  已用  可用 已用% 挂载点
/dev/mapper/centos-root xfs        20G  4.5G   16G   23% /
devtmpfs                devtmpfs  977M     0  977M    0% /dev
tmpfs                   tmpfs     993M     0  993M    0% /dev/shm
tmpfs                   tmpfs     993M  9.0M  984M    1% /run
tmpfs                   tmpfs     993M     0  993M    0% /sys/fs/cgroup
/dev/sda1               xfs       6.0G  161M  5.9G    3% /boot
/dev/mapper/centos-home xfs        10G   57M   10G    1% /home
tmpfs                   tmpfs     199M  4.0K  199M    1% /run/user/42
tmpfs                   tmpfs     199M   20K  199M    1% /run/user/0
/dev/sr0                iso9660   4.3G  4.3G     0  100% /run/media/root/CentOS 7 x86_64
/dev/sdb1               xfs        20G   33M   20G    1% /ceshi '已挂载上'
[root@localhost ~]# cd /ceshi   '切换到测试挂载点'
[root@localhost ceshi]# cp /etc/passwd /etc/shadow ./   '复制账号文件到/ceshi下'
[root@localhost ceshi]# ls
passwd  shadow
[root@localhost ceshi]# mkdir test  '创建一个test目录'
[root@localhost ceshi]# mv sh* test '把shadow移动到test内'
[root@localhost ceshi]# ls
passwd  test
[root@localhost ceshi]# ls test
shadow
[root@localhost ceshi]# xfsdump -f /opt/xfs_dump /ceshi '备份文件到/opt/下,名为xfs_dump'
xfsdump: using file dump (drive_simple) strategy
xfsdump: version 3.1.4 (dump format 3.0) - type ^C for status and control

 ============================= dump label dialog ==============================

please enter label for this dump session (timeout in 300 sec)
 -> xfs_dump
session label entered: "xfs_dump"   '输入会话标签为xfs_dump'

 --------------------------------- end dialog ---------------------------------

xfsdump: level 0 dump of localhost.localdomain:/ceshi
xfsdump: dump date: Sat Nov 16 21:50:26 2019
xfsdump: session id: c175a633-fd65-433f-ac2e-a1a18ae5f686
xfsdump: session label: "xfs_dump"
xfsdump: ino map phase 1: constructing initial dump list
xfsdump: ino map phase 2: skipping (no pruning necessary)
xfsdump: ino map phase 3: skipping (only one dump stream)
xfsdump: ino map construction complete
xfsdump: estimated dump size: 29952 bytes
xfsdump: /var/lib/xfsdump/inventory created

 ============================= media label dialog =============================

please enter label for media in drive 0 (timeout in 300 sec)
 -> /ceshi
media label entered: "/ceshi"   '输入媒体标签'

 --------------------------------- end dialog ---------------------------------

xfsdump: creating dump session media file 0 (media 0, file 0)
xfsdump: dumping ino map
xfsdump: dumping directories
xfsdump: dumping non-directory files
xfsdump: ending media file
xfsdump: media file size 27128 bytes
xfsdump: dump size (non-dir files) : 4160 bytes
xfsdump: dump complete: 62 seconds elapsed
xfsdump: Dump Summary:
xfsdump:   stream 0 /opt/xfs_dump OK (success)
xfsdump: Dump Status: SUCCESS   '反馈成功'
[root@localhost ceshi]# ls /opt/
abc.txt  rh  xfs_dump   '备份文件已做好'
[root@localhost ceshi]# rm -fr *    '删掉源文件'
[root@localhost ceshi]# ls
[root@localhost ceshi]# xfsrestore -f /opt/xfs_dump /ceshi  '把在/opt/下面的备份文件xfs_dump还原'
xfsrestore: using file dump (drive_simple) strategy
xfsrestore: version 3.1.4 (dump format 3.0) - type ^C for status and control
xfsrestore: searching media for dump
xfsrestore: examining media file 0
xfsrestore: dump description: 
xfsrestore: hostname: localhost.localdomain
xfsrestore: mount point: /ceshi
xfsrestore: volume: /dev/sdb1
xfsrestore: session time: Sat Nov 16 21:50:26 2019
xfsrestore: level: 0
xfsrestore: session label: "xfs_dump"
xfsrestore: media label: "/ceshi"
xfsrestore: file system id: 30939ae0-e0df-4561-b8bc-fc4ebe99c7f2
xfsrestore: session id: c175a633-fd65-433f-ac2e-a1a18ae5f686
xfsrestore: media id: c4244361-30d3-4df5-9197-e6712eb8d8bd
xfsrestore: using online session inventory
xfsrestore: searching media for directory dump
xfsrestore: reading directories
xfsrestore: 2 directories and 3 entries processed
xfsrestore: directory post-processing
xfsrestore: restoring non-directory files
xfsrestore: restore complete: 0 seconds elapsed
xfsrestore: Restore Summary:
xfsrestore:   stream 0 /opt/xfs_dump OK (success)
xfsrestore: Restore Status: SUCCESS     '反馈成功'
[root@localhost ceshi]# ls
passwd  test        '查看发现存在'
[root@localhost ceshi]# 

6.2 EXT4 文件恢复

依旧是创建一块新磁盘,重新启动

理论+实操:深入理解Linux文件系统与日志分析


[root@gsy ~]# df -Th    '查看yum私有仓库是否挂载'
Filesystem              Type     Size  Used Avail Use% Mounted on
/dev/sda2               ext4      20G  3.2G   16G  18% /
tmpfs                   tmpfs    996M  224K  996M   1% /dev/shm
/dev/sda1               ext4     5.8G  168M  5.4G   3% /boot
/dev/sda3               ext4     9.7G  150M  9.0G   2% /home
/dev/sr0                iso9660  3.6G  3.6G     0 100% /media/RHEL_6.5 x86_64 Disc 1
//192.168.254.10/linuxs cifs     455G   90G  366G  20% /linuxs
/dev/sr0                iso9660  3.6G  3.6G     0 100% /yumcangku

[root@gsy Packages]# rpm -ivh e2fsprogs-libs-1.41.12-18.el6.x86_64.rpm  '安装环境包'
warning: e2fsprogs-libs-1.41.12-18.el6.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEY
Preparing...                ########################################### [100%]
    package e2fsprogs-libs-1.41.12-18.el6.x86_64 is already installed
[root@gsy Packages]# rpm -ivh libcom_err-devel-1.41.12-18.el6.x86_64.rpm 
warning: libcom_err-devel-1.41.12-18.el6.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEY
Preparing...                ########################################### [100%]
    package libcom_err-devel-1.41.12-18.el6.x86_64 is already installed

[root@gsy Packages]# rpm -ivh e2fsprogs-devel-1.41.12-18.el6.x86_64.rpm 
warning: e2fsprogs-devel-1.41.12-18.el6.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEY
Preparing...                ########################################### [100%]
    package e2fsprogs-devel-1.41.12-18.el6.x86_64 is already installed
[root@gsy Packages]# mkdir /linuxs  '创建挂载点'
[root@gsy Packages]# mount //192.168.254.10/linuxs /linuxs  
'源地址是我的共享文件夹,想知道如何配置共享文件夹可以去看我的博客,我会在评论中附上对应博客地址'
[root@gsy Packages]# cd /linuxs
[root@gsy linuxs]# ls
apr-1.4.6.tar.gz       extundelete-0.2.4.tar.bz2  john-1.8.0.tar.gz
apr-util-1.4.1.tar.gz  httpd-2.4.2.tar.gz
[root@gsy linuxs]# tar xjvf extundelete-0.2.4.tar.bz2  -C /mnt  '解压extundelete'
[root@gsy linuxs]# cd /mnt
[root@gsy mnt]# ls
extundelete-0.2.4
[root@gsy mnt]# cd extundelete-0.2.4/   '切换到解压包内'
[root@gsy extundelete-0.2.4]# ls
acinclude.m4  config.h     config.status  depcomp     Makefile     missing  stamp-h2
aclocal.m4    config.h.in  configure      install-sh  Makefile.am  README
autogen.sh    config.log   configure.ac   LICENSE     Makefile.in  src
[root@gsy extundelete-0.2.4]# yum install gcc gcc-c++ -y    '安装手工编译安装工具'
[root@gsy extundelete-0.2.4]# ./configure   '配置'
Configuring extundelete 0.2.4
Writing generated files to disk
[root@gsy extundelete-0.2.4]# make  
make -s all-recursive
Making all in src
[root@gsy extundelete-0.2.4]# make install  '编译'
Making install in src
  /usr/bin/install -c extundelete '/usr/local/bin'
[root@gsy extundelete-0.2.4]# fdisk /dev/sdb    '创建磁盘分区,默认即可'
[root@gsy extundelete-0.2.4]# mkfs -t ext4 /dev/sdb1    '格式化,磁盘格式为ext4'
mke2fs 1.41.12 (17-May-2010)
文件系统标签=
操作系统:Linux
块大小=4096 (log=2)
分块大小=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
1310720 inodes, 5241198 blocks
262059 blocks (5.00%) reserved for the super user
第一个数据块=0
Maximum filesystem blocks=4294967296
160 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks: 
    32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, 
    4096000

正在写入inode表: 完成                            
Creating journal (32768 blocks): 完成
Writing superblocks and filesystem accounting information: 完成

This filesystem will be automatically checked every 29 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.
[root@gsy extundelete-0.2.4]# mkdir /data   '创建磁盘挂载点'
[root@gsy extundelete-0.2.4]# mount /dev/sdb1 /data
[root@gsy extundelete-0.2.4]# df -Th
Filesystem              Type     Size  Used Avail Use% Mounted on
/dev/sda2               ext4      20G  3.2G   16G  18% /
tmpfs                   tmpfs    996M  224K  996M   1% /dev/shm
/dev/sda1               ext4     5.8G  168M  5.4G   3% /boot
/dev/sda3               ext4     9.7G  150M  9.0G   2% /home
/dev/sr0                iso9660  3.6G  3.6G     0 100% /media/RHEL_6.5 x86_64 Disc 1
//192.168.254.10/linuxs cifs     455G   90G  366G  20% /linuxs
/dev/sr0                iso9660  3.6G  3.6G     0 100% /yumcangku
/dev/sdb1               ext4      20G  172M   19G   1% /data
[root@gsy extundelete-0.2.4]# cd /data
[root@gsy data]# ls
lost+found
[root@gsy data]# echo a>a
[root@gsy data]# echo a>b   '创建测试文件'
[root@gsy data]# echo c>c
[root@gsy data]# ls
a  b  c  lost+found
[root@gsy data]# rm -rf b   '删掉一个'
[root@gsy data]# ls 
a  c  lost+found

[root@gsy data]# cd ../
[root@gsy /]# umount /data  '先取消挂载,不要再再里面写东西,以免覆盖'
[root@gsy /]# extundelete /dev/sdb1 --restore-all   '全盘恢复'
NOTICE: Extended attributes are not restored.
Loading filesystem metadata ... 160 groups loaded.
Loading journal descriptors ... 29 descriptors loaded.
Searching for recoverable inodes in directory / ... 
0 recoverable inodes found.
Looking through the directory structure for deleted files ... 
0 recoverable inodes still lost.    
No files were undeleted.    ''没有恢复成功
[root@gsy /]# cd
[root@gsy ~]# mount /dev/sdb1 /data '再次挂载'
[root@gsy ~]# ls
anaconda-ks.cfg  install.log.syslog  模板  图片  下载  桌面
install.log      公共的              视频  文档  音乐
[root@gsy ~]# ls /data
a  c  lost+found
[root@gsy ~]# rm -rf /data/a /data/c    '再次删除测试'
[root@gsy ~]# ls /data
lost+found
[root@gsy ~]# umount /data
[root@gsy ~]# extundelete /dev/sdb1 --restore-all
NOTICE: Extended attributes are not restored.
Loading filesystem metadata ... 160 groups loaded.
Loading journal descriptors ... 30 descriptors loaded.
Searching for recoverable inodes in directory / ... 
2 recoverable inodes found. '这次有反应了'
Looking through the directory structure for deleted files ... 
0 recoverable inodes still lost.
[root@gsy ~]# ls    '查看家目录'
anaconda-ks.cfg  install.log.syslog  公共的  视频  文档  音乐
install.log      RECOVERED_FILES     模板    图片  下载  桌面
[root@gsy ~]# ls RECOVERED_FILES/   '切换到恢复文件目录中'
a  c
[root@gsy ~]# cd RECOVERED_FILES/
[root@gsy RECOVERED_FILES]# cp a c /mnt '把文件拷贝到/mnt'
[root@gsy RECOVERED_FILES]# ls /mnt
a  c  extundelete-0.2.4 '成功,回复数据也是有几率,不是百分百成功的'
[root@gsy RECOVERED_FILES]# 
推荐阅读:
  1. MySQL——全量、增量备份与恢复(理论+实操)
  2. 理论+实操 :源码编译安装LAMP

免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。

linux 文件系统 备份教学

上一篇:Python-函数式编程介绍 (上)

下一篇:如何使用php将bmp转jpg格式

相关阅读

您好,登录后才能下订单哦!

密码登录
登录注册
其他方式登录
点击 登录注册 即表示同意《亿速云用户服务条款》