Hi,
I made a serious mistake, typed a space before '*" accidently when using the "rm" comman - the entire directory got deleted - lost some really important files. - 6 months work!!

Please if anyone knows anyway to recover the files I'd be incredibly thankful.

I am running RedHat 7.2 - (ext3)

I looked through google and found "tct" (http://www.fish.com/security/tct or http://www.porcupine.org/forensics/tct.html) - but I tried this and while "unrm" works (but it only took 15 mins when its meant to take prob hour or so) the output file generated can't be opened. I keep getting I/O error.

Anyway so is there any other way anyone knows to recover deleted files.

thanks

might want to try this if you can, I think it works on ext3 fs's, redhat uses that one I think.

http://recover.sourceforge.net

>Please if anyone knows anyway to recover the files I'd be incredibly thankful.
You can't. The UNIX filesystem uses a free list of disk blocks that aren't in use. When you remove a file, the directory entry is removed and the inode is added to the free list of inodes (if there aren't any links to the file) and the datablocks to the free list. Since UNIX is a multitasking system, by the time you start wanting the file back, somebody else is probably using the blocks you told the system you didn't need anymore. So...if you don't have backups, you have my condolences. :(

p.s. Be more careful next time. For example, create an alias or remember to use the -i option to rm. That way you'll be prompted before anything is actually removed. It's a nice hedge against disaster that I highly recommend. Say you have that alias:

alias srm 'rm -i \!*'

If you really really want to snuff out everything, you can pipe through the yes program that will answer the constant prompts:

% yes | del *

If it was a text files you might be able to get some data back by looking at data in dev/hda1(or the device you deleted the file from) You will probably have to use some combination of dd to do this.

You could also have an alias that will move your "rm" arguments into /tmp or any directory that you may want to use as your recycle bin.

But don't fotget to clean this directory sometimes. I recomend a cronjob that will archive your bin every day and another one that will delete archives older than a certain amount of days/weeks.

You could also have a cronjob that make a backup of all your files every day/week so you could recover from that kind of mistake.

A good habit is to make backup of your work or at least use some tools to do it for you...

Cheers,
Twisgabak

I remember the time when I decided to delete the folder that held my Windows partition. I hadn't realized that the partition was still mounted. I hit Cntrl + C as soon as I realized what was happening. Everything seemed to be fine when I logged onto Windows because I had originally hibernated the computer (everything was reloaded from the hard drive). When I restarted from a fresh boot, I got a message saying ntoskrnl was missing!