Query with mv linux command - linux

I used the following linx command :
mv RegisteredOutputs.msg registered_outputs.tcl
My intention was to achieve the following :
mv RegisteredOutputs.msg registered_outputs.msg
The directory in which I issued the command already had a file named registered_outputs.tcl .
So by far you might have figured out what my issue is. registered_outputs.tcl got overwritten. Is there any way of recovering it ?

First thing you always do: Boot a live CD/USB so that your partition is mounted read-only, to avoid those spaces on the drive being re-used. Once another file uses that platter space, the data is gone.
Because of how Linux ext3 file system works, it actually zeroes out inode data on delete, making recovery impossible. This is for delete however, and I don't know if the same could apply to overwriting existing files. Hope you're feeling lucky.
See this guide on how to recover deleted files on ext3
source:
recovery of overwritten file

Related

how does all the existing directories get mounted at the mount point when using FUSE?

I'm trying to build a new filesystem with deduplication using FUSE.
I tried running the fusexmp_fh.c provided in the example section of the FUSE. However after mounting the filesystem at a mount point, I can see all the existing directories inside the mount point. I dont need those directories. I want the mounted filesystem to be empty.
I tried searching through fusexmp_fh.c but could not find out where the existing directories get added.
Can someone explain to me how this works?
Also
can fusexmp_fh.c be taken as a base for building the filesystem?
Does it have all the basic functionalities?
Are you saying that you mounted the file system over a non-empty directory, and you can see the previous contents of the directory? (In which case, the answer is "don't mount to a non-empty mount point". Usually it throws an error to tell you not to do that.)
If what you're seeing is the directories and files in the directory that you are using as your base directory, that's the normal behavior for a loopback file system, which is what fusexmp_fh.c is. The example file system takes a mount point, and passes all commands on that mount point through to a backing directory. If you use a backing directory that has files in it, you will now see those files in two places, the original location and the mounted fuse directory.
If you want to understand how the directory filling works, start by taking a look at readdir, and see how the stat items that it returns are constructed. Each of those is a single directory entry.
Yes, you can use fusexmp_fh.c as the basis for a basic file system, it's got all the necessary pieces, although extended metadata isn't supported. (But adding it is fairly trivial for a loopback.)

Once you mount a file system, how do you use it?

I understand that a file system can be visualized as a "tree" of files and directories. I also understand that "mounting" a file system means to placing or rooting that tree within an existing directory. https://askubuntu.com/questions/20680/what-does-it-mean-to-mount-something
With that said, I have mounted an implementation of python fuse that is similar to this one. When I run my implementation, it runs to the end of the init method and then just shows a blinking cursor. So fuse is getting mounted. I know that fuse is mounted because of what happens when I run $mount
$mount
...
FuseHandler on /home/memsql/mount
So now that I've mounted fuse, how do I access the files.
The linked tutorial says
You will see all files in /your/dir under /mnt/point and be able to
manipulate them exactly as if they were in the original filesystem.
How exactly do you do this? Can somebody show me, syntactically, how to instantiate and query Fuse? How do you perform a read or write? What does code that performs those operations look like?
As l4mpi notes, you’ve now mounted a file system, so it will respond to the standard Unix file system API, and FUSE will handle the file system operations. You can cd to it, ls in it, read or creat files in it, etc.

How to estimate a file size from header's sector start address?

Suppose I have a deleted file in my unallocated space on a linux partition and i want to retrieve it.
Suppose I can get the start address of the file by examining the header.
Is there a way by which I can estimate the number of blocks to be analyzed hence (this depends on the size of the image.)
In general, Linux/Unix does not support recovering deleted files - if it is deleted, it should be gone. This is also good for security - one user should not be able to recover data in a file that was deleted by another user by creating huge empty file spanning almost all free space.
Some filesystems even support so called secure delete - that is, they can automatically wipe file blocks on delete (but this is not common).
You can try to write a utility which will open whole partition that your filesystem is mounted on (say, /dev/sda2) as one huge file and will read it and scan for remnants of your original data, but if file was fragmented (which is highly likely), chances are very small that you will be able to recover much of the data in some usable form.
Having said all that, there are some utilities which are trying to be a bit smarter than simple scan and can try to be undelete your files on Linux, like extundelete. It may work for you, but success is never guaranteed. Of course, you must be root to be able to use it.
And finally, if you want to be able to recover anything from that filesystem, you should unmount it right now, and take a backup of it using dd or pipe dd compressed through gzip to save space required.

Checksum of a loop device file exactly reproducible?

how can I mount and unmount a file as loop device and have exactly the same MD5 checksum afterwards? (Linux)
Here's the workflow:
I take a fresh copy of a fixed template file which contains a prepared
ext2 root file system.
The file is mounted with mount -t ext2 <file> <mountpoint> -o loop,sync,noatime,nodiratime
( Here, some files will be added in future--but ignore this for a moment and focus on mount / umount )
umount
Take the MD5 sum of the file.
I expect the same, reproducible checksum every time I perform exactly the same steps.
However, when I repeat the process (remember: taking a fresh copy of the template file), I always get a different checksum.
I assume on the one hand that still some timestamps are set internally (I tried to avoid this with the noatime option) or, on the other hand, Linux manages the file system on its own way where I have no influence. That means: the files and timestamps inside might might be the same, but the way the file system is arranged inside the file might be differnt and therefore kind of random.
In comparison, when I create a zip file of a file tree, and I touched all files with a defined timestamp, the checksum of the zip file is reproducible.
Is there a way to keep the mount or file access that controlled as I need at all?
it depends on the file system on disk format. I believe ext2 keep sat the least the mount count counter - how many time the file system was mounted. I don't remember any mount option to tell it not to write that counter (and perhaps other data items) but you can:
a. mount the file system read only. Then the checksum will not change of course.
b. Change the ext2 file system kernel driver to add an option to not change the counter and possible other data bits.
The more interesting question is why you are interested is such an option. I think there is probably a better way to achieve what you are trying to do - whatever it is.

How can I make a copy of device/socket file

I can know inode of device/socket with stat, so seems like I can somehow "copy" this file for backup. Of course the solution is "dd", but I have no idea what can I do if the device is infinity (like the random one). And can I just copy the inode somehow?
These are referred to as "special files" or "special nodes". Copying their contents doesn't make sense, as the contents are generated in one way or another programatically by the kernel as needed.
Programs like "tar" know how to copy the contents of the inode, which will refer to the portion of the kernel that support each of these different nodes. See the documentation of the "mknod" command for some more details.
And if you need one-liner to copy device nodes with tar, here it is:
cd /dev && tar -cpf- sda* | tar -xf- -C /some/destination/path/
Found out the major and minor number of the device file you need to copy then use mknod to create the device file with the same major and minor number. Major number is used for a program to access to kernel device switch table and calling the proper kernel function (usually device drive). Minor number is used as a parameter for calling those functions (like different density, disk, .... etc).
24 July 2022
There is one legitimate use case for copying (archiving) a socket.
I have a program that gathers and summarizes attribute data in a file system tree. In order to regression test, I created a directory that contains one example of every type of file the program might encounter. I run my program on this directory to test it whenever I alter the code.
It is necessary to backup this directory along with other more valuable data, and it is necessary to restore it, should the storage device fail.
tar is the program of choice, and of course tar can not archive a socket. Doing so in most situations is senseless - any program that uses the socket will have to delete it and recreate it before use.
In the case of the test directory, there is one named socket, for it is possible that my program will encounter such things and it needs to correctly gather attributes for a complete summary.
As noted by others, that socket is not useful for anything directly. It does, however, occupy a little storage space, much as an empty file occupies storage space. That is why you can see it in the directory listing.
You can copy it successfully with the command:
cp -ar --parents <path> <backup_device_directory>
and restore it with:
cp -ar --parents <backup_device_directory>/<path> <directory>
The socket is not useful for anything except probing its attributes with a program during a regression test.
Archiving it saves the trouble of having to remember to recreate it after a restoration. The extra nuisance of archiving the sockets is easily codified in a script and forgotten. That is what we all want - easy to use solutions whose implementation you can ignore after you have solved the problem.
You can copy from a working system as below to some shared location between the machines and copy from the shared location to the other system.
Machine A
cp -rf /dev/SRC shared_directory
Machine B
cp -rf shared_directory /dev/

Resources