檔案刪除，需要進行恢復。 1. lsof   檔案剛剛被刪除，想要恢復，先嚐試lsof.   #lsof |grep data.file1   # cp /proc/xxx/xxx/xx  /dir/data.file1 2.    如果lsof不能看到檔案，那麼就需要使用恢復軟體進行恢復。   要做的第一件事是立刻解除安裝被誤刪除檔案所在的分割槽，或者重新以只讀方式掛載此分割槽。  umount  /dev/part    或    mount -o remount,ro /dev/part   刪除一個檔案，就是將檔案inode(inode 是作業系統尋找檔案的目錄，起到索引作用)   節點中的扇區指標清除，同時，釋放這些資料對應的資料塊，   而真實的檔案還存留在磁碟分割槽中。但是這些被刪除的檔案不一定會一直存留在磁碟中，當這些   釋放的資料塊被作業系統重新分配時，這些被刪除的資料就會被覆蓋。因此要立刻解除安裝分割槽。 3. ext3grep    該工具只能用於ext3檔案系統，操作步驟不詳細介紹.   1> unmount /dev/part   2> ext3grep /dev/part --ls --inode 2        ##列出可恢復檔案資訊   3>ext3grep /dev/part --restore-inode N   4>恢復到 RESTORED_FILES/   更多命令檢視 ext3grep --help 4. extundelete    1>fuser -k /dev/part  && unmunt /dev/part    2>extundelete --inode 2  /dev/part    3>extundelete --restore-inode 13 /dev/part    4>恢復到 RECOVERD_FILES/

[email protected] ~]# extundelete --help Usage: extundelete [options] [--] device-file Options:   --version, -[vV]       Print version and exit successfully.   --help,                Print this help and exit successfully.   --superblock           Print contents of superblock in addition to the rest.                          If no action is specified then this option is implied.   --journal              Show content of journal.   --after dtime          Only process entries deleted on or after 'dtime'.   --before dtime         Only process entries deleted before 'dtime'. Actions:   --inode ino            Show info on inode 'ino'.   --block blk            Show info on block 'blk'.   --restore-inode ino[,ino,...]                          Restore the file(s) with known inode number 'ino'.                          The restored files are created in ./RECOVERED_FILES                          with their inode number as extension (ie, file.12345).   --restore-file 'path'  Will restore file 'path'. 'path' is relative to root                          of the partition and does not start with a '/'                          The restored file is created in the current                          directory as 'RECOVERED_FILES/path'.   --restore-files 'path' Will restore files which are listed in the file 'path'.                          Each filename should be in the same format as an option                          to --restore-file, and there should be one per line.   --restore-directory 'path'                          Will restore directory 'path'. 'path' is relative to the                          root directory of the file system.  The restored                          directory is created in the output directory as 'path'.   --restore-all          Attempts to restore everything.   -j journal             Reads an external journal from the named file.   -b blocknumber         Uses the backup superblock at blocknumber when opening                          the file system.   -B blocksize           Uses blocksize as the block size when opening the file                          system.  The number should be the number of bytes.   --log 0                Make the program silent.   --log filename         Logs all messages to filename. --log D1=0,D2=filename   Custom control of log messages with comma-separated    Examples below:       list of options.  Dn must be one of info, warn, or    --log info,error      error.  Omission of the '=name' results in messages    --log warn=0          with the specified level to be logged to the console.    --log error=filename  If the parameter is '=0', logging for the specified                          level will be turned off.  If the parameter is                          '=filename', messages with that level will be written                          to filename.    -o directory          Save the recovered files to the named directory.                          The restored files are created in a directory                          named 'RECOVERED_FILES/' by default.    看上面的命令就很容易理解，各個引數的作用。  5.note   1> 對於空檔案，不會進行恢復   2> 可以恢復mysql表， 由於myisam是單獨3個檔案，恢復出來就能使用。    3> 建議innodb，設定innodb_file_per_table 為 ON，這樣也就能恢復單表資料。   4> 從上面可以看出，恢復工具這能恢復分割槽，所以，建議為應用軟體單獨劃區進行安裝，       存放資料。