A friend of mine panicked to see his /home partition being corrupted badly as described by fsck program( he got lot of warnings/ questions while the fsck program was running asking "whether you want to fix this inode" etc.) Having faced similar situation earlier(5 semester of my B.Tech, when I was experimenting with LVM(large volume management)) I thought I might be impossible to get the data back easily.
When this friend finally gave up the thought of getting his data the new problem he faced was how to get his system to boot as their seemed some problem in /home which stuck the booting process.
Just before trying to format the partition containing /home, we gave a look at Lost+Found directory( after booting system in rescue mode) of the home partition. I was surprized to see that the directory had lot of content. While trying some simple grep include * etc we realized some of the things in the Lost+Found directory were actually directories.
The interesting things begin to happen then, We somehow discovered one directory with name like #109093 on cd-ing which we found lots of mp3 songs. That was it, As Anurag just told us, the data was probably all there. With more trying we got directories containing Movies, C/Java programs, Gnome, KDE setting files etc.
That just lead me to search for working of e2fsck program. Got the source from sourceforge, but wasn't able to get much in first look. So started Googling, for some basics of the program, unfortanely there were no good results. Luckily I got this link of origanal paper describing the EXT2 file system, ext2fs. This link is a great read. At the bottom of the page there is some data on Lost+Found, it say "during third pass of the fsck, the .. entry in each directory is checked, if some particular directory cannot be traced back to / then it is put in to Lost+Found".
In pass 4, e2fsck checks the reference counts for all inodes, by iterating over all the inodes and comparing the link counts (which were cached in pass 1) against internal counters computed during passes 2 and 3. Any undeleted files with a zero link count is also linked to the /lost+found directory during this pass.
It would be interesting to making some kind of recovery tool based on the values of inode tables etc which makes it simple for user to search for his lost files/directories from Lost+Found. Yes more study on fsck is needed and sought for....
No comments:
Post a Comment