Date: Thu, 23 Jan 2003 18:04:19 -0600 From: Pete Ehlke <pde@rfc822.net> To: freebsd-chat@FreeBSD.ORG Subject: Re: recover overwritten file Message-ID: <20030124000419.GC55456@rfc822.net> In-Reply-To: <200301240943.31823.jrhoden@unimelb.edu.au> References: <BA54D6B8.19A6F%list@zettai.net> <200301231600.52211.jrhoden@unimelb.edu.au> <20030123195807.GI60077@rot13.obsecurity.org> <200301240943.31823.jrhoden@unimelb.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jan 24, 2003 at 09:43:31AM +1100, JacobRhoden wrote: > On Friday 24 January 2003 06:58, Kris Kennaway wrote: > > > Is there a particular reason why there are no facilities to 'un' unlink a > > > file in freebsd? (apart from the obvious reaon of - people shouldnt > > > delete files that they want to keep)... > > > The filesystem isn't designed to allow it. > > What would need to be in the filesystem to allow it? Surely there is a simple > solution like a directory which could hold pointers to all 'un' linked files? > (however i have never hacked a file system so I dont know these things). > Wel, it's not strictly impossible, *if* you get the filesystem unmounted before anything else makes use of the inode, and it's a lot easier if the fs is relatively unfragmented. It's not one little bit simple, though, and requires one or more of: deep, deep understanding of ufs internals utter fearlessness with fsdb lots of optimism, patience, coffee, and the fsdb man page a hell of a lot of luck. I got my first paying sysadmin job by having undeleted a file on an AIX machine. I was working at a place that did telephone bill processing for independent phone companies around the US. One of our customers was doing destructive maintenance of some sort or other to their switch, and had uploaded the switch's toll data to us for safekeeping during the maintenance window. You can guess the rest of the story: a couple of fatfingers on their end and on our end, and the only copy of something like US$50,000 worth of toll records was nothing but a smudge on a hard drive. We told the customer what had happened, and our CEO had already agreed to compensate them, when I talked the sysadmin into letting me have the machine for the night. I copied the disk, got an extremely clued-up person from IBM on the phone, and we spent about four hours getting intimate with fsdb. I wish to hell I could remember her name, because she is responsible for my career in systems administration. Some days she deserves a Very Large Beer, and some days... not. :/ -Pete To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030124000419.GC55456>