Hide

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again.

Delete that bloated snippets file you've been using and share your personal repository with the world. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.


If you have a new feature suggestion or find a bug, please get in touch via http://commandlinefu.uservoice.com/

Get involved!

You can sign-in using OpenID credentials, or register a traditional username and password.

First-time OpenID users will be automatically assigned a username which can be changed after signing in.

Hide

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for:

Hide

News

2011-03-12 - Confoo 2011 presentation
Slides are available from the commandlinefu presentation at Confoo 2011: http://presentations.codeinthehole.com/confoo2011/
2011-01-04 - Moderation now required for new commands
To try and put and end to the spamming, new commands require moderation before they will appear on the site.
2010-12-27 - Apologies for not banning the trolls sooner
Have been away from the interwebs over Christmas. Will be more vigilant henceforth.
2010-09-24 - OAuth and pagination problems fixed
Apologies for the delay in getting Twitter's OAuth supported. Annoying pagination gremlin also fixed.
Hide

Tags

Hide

Functions

Commands tagged recovery from sorted by
Terminal - Commands tagged recovery - 8 results
mount -o sb=98304 /dev/sda5 /mnt/data5
sudo dumpe2fs /dev/sda1 | grep superblock
ls -l /proc/*/fd/* | grep 'deleted'| grep "\/proc.*\file-name-part"
2012-09-13 09:54:16
User: totti
Functions: grep ls
0

Accidentally deleted some file while used by a program ? (Eg: a song)

Use this command to find the file handle and recover using

cp /proc/pid/fd/filehandle /new/recoverd-file.ext
dvdisaster -vr --defective-dump . --internal-rereads 5 --raw-mode 20 --read-attempts 1-23 --read-raw --speed-warning 12 --adaptive-read --auto-suffix --read-medium 2 && dvdisaster -vc -mRS02 --raw-mode 20 --read-raw --auto-suffix
sudo foremost -i /dev/sda -o /recovery
2010-08-19 22:27:41
User: vlan7
Functions: sudo
2

The above command assumes the lost data is on /dev/sda and you previously issued the following command to mount _another_ disk or partition (/dev/sdb1) on /recovery

sudo mount /dev/sdb1 /recovery

If you don't do this, the data could be overwrited!

foremost is a very powerful carving tool. By default foremost recovers all known file types. If you want to reduce the amount of files that are recovered you can specify the file type you are looking for. Read the man page to know the available file types.

i.e to recover JPEG pictures append to foremost the switch -tjpg

grep -a -B 25 -A 100 'some string in the file' /dev/sda1 > results.txt
2010-08-19 20:07:42
User: olalonde
Functions: grep
22

grep searches through a file and prints out all the lines that match some pattern. Here, the pattern is some string that is known to be in the deleted file. The more specific this string can be, the better. The file being searched by grep (/dev/sda1) is the partition of the hard drive the deleted file used to reside in. The ?-a? flag tells grep to treat the hard drive partition, which is actually a binary file, as text. Since recovering the entire file would be nice instead of just the lines that are already known, context control is used. The flags ?-B 25 -A 100? tell grep to print out 25 lines before a match and 100 lines after a match. Be conservative with estimates on these numbers to ensure the entire file is included (when in doubt, guess bigger numbers). Excess data is easy to trim out of results, but if you find yourself with a truncated or incomplete file, you need to do this all over again. Finally, the ?> results.txt? instructs the computer to store the output of grep in a file called results.txt.

Source: http://spin.atomicobject.com/2010/08/18/undelete?utm_source=y-combinator&utm_medium=social-media&utm_campaign=technical

lomount -diskimage /path/to/your/backup.img -partition 1 /mnt/foo
4

Instead of calculating the offset and providing an offset option to mount, let lomount do the job for you by just providing the partition number you would like to loop mount.

INFILE=/path/to/your/backup.img; MOUNTPT=/mnt/foo; PARTITION=1; mount "$INFILE" "$MOUNTPT" -o loop,offset=$[ `/sbin/sfdisk -d "$INFILE" | grep "start=" | head -n $PARTITION | tail -n1 | sed 's/.*start=[ ]*//' | sed 's/,.*//'` * 512 ]
6

Suppose you made a backup of your hard disk with dd:

dd if=/dev/sda of=/mnt/disk/backup.img

This command enables you to mount a partition from inside this image, so you can access your files directly.

Substitute PARTITION=1 with the number of the partition you want to mount (returned from sfdisk -d yourfile.img).