Linux恢复被误删的文件数据、适用于进程占用文件【测试成功】

艺帆风顺 发布于 2025-04-03 21 次阅读

一、需求背景

    linux下存在文件被误删除,但是进程依然在占用该文件,可对进程占用的文件进行恢复。该方法仅适用于被进程占用的文件

二、方法演示

1、模拟删除文件

    [root@JQNode1 ops]# tail -f securityremove.sh # Version:# Created Time: 2015年08月16日 星期日 01时47分37秒#########################################################################
    wget -q http://www.dwhd.org/script/securityremove -O /bin/securityremovechmod 755 /bin/securityremove[ -f /etc/bash.bashrc ] && (sed -i "/securityremove/d" /etc/bash.bashrc && echo 'alias rm="/bin/securityremove"' >> /etc/bash.bashrc && . /etc/bash.bashrc)[ -f /etc/bashrc ] && (sed -i "/securityremove/d" /etc/bashrc && echo 'alias rm="/bin/securityremove"' >> /etc/bashrc && . /etc/bashrc)[ -f /root/.bashrc ] && (sed -i "/alias rm/d" /root/.bashrc && echo 'alias rm="/bin/securityremove"' >> /root/.bashrc && . /root/.bashrc)[[ -f "~/.bashrc" && "$USER" != "root" ]] &&(sed -i "/alias rm/d" ~/.bashrc && echo 'alias rm="/bin/securityremove"' >> ~/.bashrc && . ~/.bashrc)
      [root@JQNode1 ops]# rm securityremove.sh You are going to execute "/bin/rm securityremove.sh",please confirm (yes or no):yYou are going to execute "/bin/rm securityremove.sh",please confirm (yes or no):yes

      2、查看文件进程占用

          lsof | grep delete | grep securityremove.sh

        [root@JQNode1 ops]# lsof | grep delete | grep sectail 2277 root 3r REG 253,0 985 54831155 /ops/securityremove.sh (deleted)

        3、开始恢复文件

            cd /proc/进程ID/fd

          [root@JQNode1 fd]# cd /proc/2277/fd
          [root@JQNode1 fd]# ll总用量 0lrwx------ 1 root root 64 1月 12 15:16 0 -> /dev/pts/0lrwx------ 1 root root 64 1月 12 15:16 1 -> /dev/pts/0lrwx------ 1 root root 64 1月 12 15:16 2 -> /dev/pts/0lr-x------ 1 root root 64 1月 12 15:16 3 -> /ops/securityremove.sh (deleted)lr-x------ 1 root root 64 1月 12 15:16 4 -> anon_inode:inotify

          # cp 3 /ops/3.sh

            [root@JQNode1 fd]# cat /ops/3.sh #!/bin/bash########################################################################## File Name: securityremove.sh# Author: LookBack# Email: admin#dwhd.org# Version:# Created Time: 2015年08月16日 星期日 01时47分37秒#########################################################################
            wget -q http://www.dwhd.org/script/securityremove -O /bin/securityremovechmod 755 /bin/securityremove[ -f /etc/bash.bashrc ] && (sed -i "/securityremove/d" /etc/bash.bashrc && echo 'alias rm="/bin/securityremove"' >> /etc/bash.bashrc && . /etc/bash.bashrc)[ -f /etc/bashrc ] && (sed -i "/securityremove/d" /etc/bashrc && echo 'alias rm="/bin/securityremove"' >> /etc/bashrc && . /etc/bashrc)[ -f /root/.bashrc ] && (sed -i "/alias rm/d" /root/.bashrc && echo 'alias rm="/bin/securityremove"' >> /root/.bashrc && . /root/.bashrc)[[ -f "~/.bashrc" && "$USER" != "root" ]] &&(sed -i "/alias rm/d" ~/.bashrc && echo 'alias rm="/bin/securityremove"' >> ~/.bashrc && . ~/.bashrc)