暂无图片
暂无图片
暂无图片
暂无图片
暂无图片
首页 / Linux恢复被误删的文件数据、适用于进程占用文件【测试成功】

Linux恢复被误删的文件数据、适用于进程占用文件【测试成功】

巴韭特锁螺丝 2024-04-25
83

一、需求背景

    linux下存在文件被误删除,但是进程依然在占用该文件,可对进程占用的文件进行恢复。该方法仅适用于被进程占用的文件

二、方法演示

1、模拟删除文件

    [root@JQNode1 ops]# tail -f securityremove.sh 
    # Version:
    # Created Time: 2015年08月16日 星期日 01时47分37秒
    #########################################################################


    wget -q http://www.dwhd.org/script/securityremove -O bin/securityremove
    chmod 755 bin/securityremove
    [ -f etc/bash.bashrc ] && (sed -i "/securityremove/d" etc/bash.bashrc && echo 'alias rm="/bin/securityremove"' >> etc/bash.bashrc && . etc/bash.bashrc)
    [ -f etc/bashrc ] && (sed -i "/securityremove/d" etc/bashrc && echo 'alias rm="/bin/securityremove"' >> etc/bashrc && . etc/bashrc)
    [ -f root/.bashrc ] && (sed -i "/alias rm/d" /root/.bashrc && echo 'alias rm="/bin/securityremove"' >> /root/.bashrc && . /root/.bashrc)
    [[ -f "~/.bashrc" && "$USER" != "root" ]] &&(sed -i "/alias rm/d" ~/.bashrc && echo 'alias rm="/bin/securityremove"' >> ~/.bashrc && . ~/.bashrc)


      [root@JQNode1 ops]# rm securityremove.sh 
      You are going to execute "/bin/rm securityremove.sh",please confirm (yes or no):y
      You are going to execute "/bin/rm securityremove.sh",please confirm (yes or no):yes


      2、查看文件进程占用

          lsof | grep delete | grep securityremove.sh

        [root@JQNode1 ops]# lsof | grep delete | grep sec
        tail      2277                root    3r      REG              253,0       985   54831155 /ops/securityremove.sh (deleted)


        3、开始恢复文件

            cd /proc/进程ID/fd

          [root@JQNode1 fd]# cd /proc/2277/fd


          [root@JQNode1 fd]# ll
          总用量 0
          lrwx------ 1 root root 64 1月  12 15:16 0 -> /dev/pts/0
          lrwx------ 1 root root 64 1月  12 15:16 1 -> /dev/pts/0
          lrwx------ 1 root root 64 1月  12 15:16 2 -> /dev/pts/0
          lr-x------ 1 root root 64 1月  12 15:16 3 -> /ops/securityremove.sh (deleted)
          lr-x------ 1 root root 64 1月  12 15:16 4 -> anon_inode:inotify


          # cp 3 /ops/3.sh

            [root@JQNode1 fd]# cat /ops/3.sh 
            #!/bin/bash
            #########################################################################
            # File Name: securityremove.sh
            # Author: LookBack
            # Email: admin#dwhd.org
            # Version:
            # Created Time: 2015年08月16日 星期日 01时47分37秒
            #########################################################################


            wget -q http://www.dwhd.org/script/securityremove -O /bin/securityremove
            chmod 755 /bin/securityremove
            [ -f /etc/bash.bashrc ] && (sed -i "/securityremove/d" /etc/bash.bashrc && echo 'alias rm="/bin/securityremove"' >> /etc/bash.bashrc && . /etc/bash.bashrc)
            [ -f /etc/bashrc ] && (sed -i "/securityremove/d" /etc/bashrc && echo 'alias rm="/bin/securityremove"' >> /etc/bashrc && . /etc/bashrc)
            [ -f /root/.bashrc ] && (sed -i "/alias rm/d" /root/.bashrc && echo 'alias rm="/bin/securityremove"' >> /root/.bashrc && . /root/.bashrc)
            [[ -f "~/.bashrc" && "$USER" != "root" ]] &&(sed -i "/alias rm/d" ~/.bashrc && echo 'alias rm="/bin/securityremove"' >> ~/.bashrc && . ~/.bashrc)





            linux系统root
            文章转载自巴韭特锁螺丝,如果涉嫌侵权,请发送邮件至:contact@modb.pro进行举报,并提供相关证据,一经查实,墨天轮将立刻删除相关内容。

            评论