Hello sun managers,
THE PROBLEM:
Looking for a tool to help recovering data from a corrupted Solaris
file system that is too damaged for fsck to handle.
THE SOLUTION:
get the fsdb program from the BSD distribution.
MORE DETAILS:
A Solaris ufs file system (also known as Unix File System or
Fast File System or BSD file system) is damage badly after a disk crash
and the fsck is not able to fix the problem.
A better fsck program is needed to save some of the data that was not
in the backup tapes.
All replies recommend the fsdb (file system debugger) program.
The sources are available from the BSD distribution. This version
program is written for the BSD version of ufs but some hacking will
fixed it to work with the Solaris ufs.
CREDIT:
Dan Stromberg (strombrg@hydra.acs.uci.edu)
James Coby (James.E.Coby.Jr@cdc.com)
Tino W. Dai (oberoc@chartres.ee.tulane.edu)
CREDIT (parts of the original mails):
=============================================================================
From: Tino W. Dai <oberoc@chartres.ee.tulane.edu>
From: James.E.Coby.Jr@cdc.com (James Coby)
=============================================================================
From: Dan Stromberg - OAC-CSG <strombrg@hydra.acs.uci.edu>
There used to be "fsdb", but it's pretty much gone now. You might be
able to get the sources from one of the *BSD archives. This is
basically "ufs" (aka "ffs") we're talking about, still.
Also, for limited cases, you can recover text files using "dd" and a
text editor.
=============================================================================
Take a look at fsdb man page. Haven't used it and hear it is not
for the faint of heart but may be worth a try.
fsdb(1M) Maintenance Commands fsdb(1M)
NAME
fsdb - file system debugger
SYNOPSIS
fsdb [ -F FSType ] [ -V ] [ - o FSType-specific_options ]
special
AVAILABILITY
SUNWcsu
DESCRIPTION
fsdb is a file system debugger that allows for the manual
repair of a file system after a crash. special is a special
device used to indicate the file system to be debugged.
fsdb is intended for experienced users only. FSType is the
file system type to be debugged. Since different FSTypes
have different structures and hence different debugging
capabilities, the manual pages for the FSType-specific fsdb
should be consulted for a more detailed description of the
debugging capabilities.
OPTIONS
-F Specify the FSType on which to operate. The
FSType should either be specified here or be
determinable from /etc/vfstab by matching the spe-
cial with an entry in the table, or by consulting
/etc/default/fs.
-V Echo the complete command line, but do not exe-
cute the command. The command line is generated
by using the options and arguments provided by the
user and adding to them information derived from
/etc/vfstab. This option may be used to verify
and validate the command line.
-o Specify FSType-specific options.
FILES
/etc/default/fs
default local file system type
/etc/vfstab list of default parameters for each file sys-
tem
SEE ALSO
vfstab(4)
Manual pages for the FSType-specific modules of fsdb.
NOTES
This command may not be supported for all FSTypes.
Sun Microsystems Last change: 14 Sep 1992 1
=============================================================================
-- -- Thanks,Gal Shalif, R&D group
/-----------------------------------------------------------------\ | Gal Shalif | Internet: gal@sd.co.il | | Software Engineer | Voice: +972 9-507102, ext. 209 | | Summit Design (EDA) Ltd | Fax: +972 9-509118 | \-----------------------------------------------------------------/ \ In god we trust, everybody else must pay in cash / ---------------------------------------------------------------
THE FSDB MAN PAGE:
FSDB(8) MAINTENANCE COMMANDS FSDB(8) NAME fsdb - file system debugger SYNOPSIS fsdb [options] special OPTIONS The options available to fsdb are: -? display usage -o override some error conditions -p'string' set prompt to string -w open for write DESCRIPTION Since fsdb reads the disk raw, it is able to circumvent nor- mal file system security. Extreme caution is advised in determining its availability on the system. Suggested per- missions are 600 and owned by bin. Fsdb can be used to patch up a damaged file system after a crash. It has conversions to translate block and i-numbers into their corresponding disk addresses. Also included are mnemonic offsets to access different parts of an inode. These greatly simplify the process of correcting control block entries or descending the file system tree. Fsdb contains several error-checking routines to verify inode and block addresses. These can be disabled if neces- sary by invoking fsdb with the -o option or by the use of the o command. Fsdb reads a block at a time and will therefore work with raw as well as block I/O. A buffer management routine is used to retain commonly used blocks of data in order to reduce the number of read system calls. All assignment operations result in an immediate write-through of the corresponding block. Note that in order to modify any por- tion of the disk, fsdb must be invoked with the -w option. Wherever possible, adb-like syntax was adopted to promote the use of fsdb through familiarity. Numbers are considered hexadecimal by default. However, the user has control over how data is to be displayed or accepted. The base command will display or set the input/output base. Once set, all input will default to this base and all output will be shown in this base. The base can be overriden temporarily for input by preceding hexade- cimal numbers with '0x', preceding decimal numbers with '0t', or octal numbers with '0'. Hexadecimal numbers begin- ning with a-f or A-F must be preceded with '0x' to distin- guish them from commands. Disk addressing by fsdb is at the byte level. However, fsdb offers many commands to convert a desired inode, directory entry, block, superblock etc. to a byte address. Once the address has been calculated, fsdb will record the result in dot (see next paragraph). Several global values are maintained by fsdb: the current base (referred to as base), the current address (referred to as dot), the current inode (referred to as inode), the current count (referred to as count), and the current type (referred to as type). Most commands use the preset value of dot in their execution. For example, > 2:inode will first set the value of dot to 2, ':' will alert the start of a command, and the inode command will set inode to 2. A count is specified after a ','. Once set, count will remain at this value until a new command is encountered which will then reset the value back to 1 (the default). So, if > 2000,400/X is typed, 400 hex longs are listed from 2000, and when com- pleted, the value of dot will be 2000 + 400 * sizeof (long). If a carriage-return is then typed, the output routine will use the current values of dot, count, and type and display 400 more hex longs. A '*' will cause the entire block to be displayed. End of fragment, block and file are maintained by fsdb. When displaying data as fragments or blocks, an error mes- sage will be displayed when the end of fragment or block is reached. When displaying data using the db, ib, directory, or file commands an error message is displayed if the end of file is reached. This is mainly needed to avoid passing the end of a directory or file and getting unknown and unwanted results. An example showing several commands and the use of carriage-return would be: > 2:ino; 0:dir?d or > 2:ino; 0:db:block?d The two examples are synonymous for getting to the first directory entry of the root of the file system. Once there, subsequent carriage-returns (or +, -) will advance to subse- quent entries. Note that > 2:inode; :ls or > :ls / is again synonymous. EXPRESSIONS The symbols recognized by fsdb are: carriage-return update the value of dot by the current value of type and display using the current value of count. # numeric expressions may be composed of +, -, *, and % operators (evaluated left to right) and may use parentheses. Once evaluated, the value of dot is updated. , count count indicator. The global value of count will be updated to count. The value of count will remain until a new command is run. A count specifier of '*' will attempt to show a blocks's worth of information. The default for count is 1. ? f display in structured style with format specifier f (see FORMATTED OUTPUT section). / f display in unstructured style with format specifier f (see FORMATTED OUTPUT section). . the value of dot. +e increment the value of dot by the expression e. The amount actually incremented is dependent on the size of type: dot = dot + e * sizeof (type) The default for e is 1. -e decrement the value of dot by the expression e (see +). *e multiply the value of dot by the expression e. Mul- tiplication and division don't use type. In the above calculation of dot, consider the sizeof ( type) to be 1. %e divide the value of dot by the expression e (see *). < name restore an address saved in register name. name must be a single letter or digit. > name save an address in register name. name must be a single letter or digit. = f display indicator. If f is a legitimate format specifier (see FORMATTED OUTPUT section), then the value of dot is displayed using format specifier f. Otherwise, assignment is assumed (see next item). = [s] [e] assignment indicator. The address pointed to by dot has its contents changed to the value of the expres- sion e or to the ASCII representation of the quoted (") string s. This may be useful for changing direc- tory names or ASCII file information. =+ e incremental assignment. The address pointed to by dot has its contents incremented by expression e. =- e decremental assignment. The address pointed to by dot has its contents decremented by expression e. COMMANDS A command must be prefixed by a ':' character. Only enough letters of the command to uniquely distinguish it are needed. Multiple commands may be entered on one line by separating them by a space, tab or ';'. In order to view a potentially unmounted disk in a reason- able manner, fsdb offers the cd, pwd, ls and find commands. The functionality of these commands substantially matches those of its UNIX counterparts (see individual command for details). The '*', '?', and '[-]' wild card characters are available. base=b display or set base. As stated above, all input and output is governed by the current base. If the '=b' is left off, the current base is displayed. Other- wise, the current base is set to b. Note that this is interpreted using the old value of base, so to ensure correctness use the '0', '0t', or '0x' prefix when changing the base. The default for base is hex- adecimal. block convert the value of dot to a block address. cd dir change the current directory to directory dir. The current values of inode and dot are also updated. If no dir is specified, then change directories to inode 2 ("/"). cg convert the value of dot to a cylinder group. directory If the current inode is a directory, then the value of dot is converted to a directory slot offset in that directory and dot now points to this entry. file the value of dot is taken as a relative block count from the beginning of the file. The value of dot is updated to the first byte of this block. find dir [-name n] [-inum i] find files by name or i-number. find recursively searches directory dir and below for filenames whose i-number matches i or whose name matches pattern n. Note that only one of the two options (-name or -inum) may be used at one time. Also, the -print is not needed or accepted. fill=p fill an area of disk with pattern p. The area of disk is delimited by dot and count. fragment convert the value of dot to a fragment address. The only difference between the fragment command and the block command is the amount that is able to be displayed. inode convert the value of dot to an inode address. If successful, the current value of inode will be updated as well as the value of dot. As a convenient shorthand, if ':inode' appears at the beginning of the line, the value of dot is set to the current inode and that inode is displayed in inode format. ls [-R] [-l] pat1 pat2 ... list directories or files. If no file is specified, the current directory is assumed. Either or both of the options may be used (but, if used, must be speci- fied before the filename specifiers). Also, as stated above, wild card characters are available and multiple arguments may be given. The long listing shows only the i-number and the name; use the inode command with '?i' to get more information. override toggle the value of override. Some error conditions may be overriden if override is toggled on. prompt p change the fsdb prompt to p. p must be surrounded by (")s. pwd display the current working directory. quit quit fsdb. sb the value of dot is taken as a cylinder group number and then converted to the address of the superblock in that cylinder group. As a shorthand, ':sb' at the beginning of a line will set the value of dot to the superblock and display it in superblock format. ! escape to shell INODE COMMANDS In addition to the above commands, there are several com- mands that deal with inode fields and operate directly on the current inode (they still require the ':'). They may be used to more easily display or change the particular fields. The value of dot is only used by the ':db' and ':ib' com- mands. Upon completion of the command, the value of dot is changed to point to that particular field. For example, > :ln=+1 would increment the link count of the current inode and set the value of dot to the address of the link count field. at access time. bs block size. ct creation time. db use the current value of dot as a direct block index, where direct blocks number from 0 - 11. In order to display the block itself, you need to 'pipe' this result into the block or fragment command. For exam- ple, > 1:db:block,20/X would get the contents of data block field 1 from the inode and convert it to a block address. 20 longs are then displayed in hexadecimal (see FORMATTED OUT- PUT section). gid group id. ib use the current value of dot as an indirect block index where indirect blocks number from 0 - 2. This will only get the indirect block itself (the block containing the pointers to the actual blocks). Use the file command and start at block 12 to get to the actual blocks. ln link count. mt modification time. md mode. maj major device number. min minor device number. nm although listed here, this command actually operates on the directory name field. Once poised at the desired directory entry (using the directory com- mand), this command will allow you to change or display the directory name. For example, > 7:dir:nm="foo" will get the 7th directory entry of the current inode and change its name to foo. Note that names cannot be made larger than the field is set up for. If an attempt is made, the string is truncated to fit and a warning message to this effect is displayed. sz file size. uid user id. FORMATTED OUTPUT There are two styles and many format types. The two styles are structured and unstructured. Structured output is used to display inodes, directories, superblocks and the like. Unstructured just displays raw data. The following table shows the different ways of displaying: ? c display as cylinder groups i display as inodes d display as directories s display as superblocks / b display as bytes c display as characters o O display as octal shorts or longs d D display as decimal shorts or longs x X display as hexadecimal shorts or longs The format specifier immediately follows the '/' or '?' character. The values displayed by '/b' and all '?' formats are displayed in the current base. Also, type is appropri- ately updated upon completion. EXAMPLES > 2000+400%(20+20)=D will display 2010 in decimal (use of fsdb as a calculator for complex arithmetic). > 386:ino?i display i-number 386 in an inode format. This now becomes the current inode. > :ln=4 changes the link count for the current inode to 4. > :ln=+1 increments the link count by 1. > :ct=X display the creation time as a hexadecimal long. > :mt=t display the modification time in time for- mat. > 0:file/c displays, in ASCII, block zero of the file associated with the current inode. > 2:ino,*?d displays the first blocks worth of directory entries for the root inode of this file sys- tem. It will stop prematurely if the eof is reached. > 5:dir:inode; 0:file,*/c changes the current inode to that associated with the 5th directory entry (numbered from zero) of the current inode. The first logi- cal block of the file is then displayed in ASCII. > :sb displays the superblock of this file system. > 1:cg?c displays cylinder group information and sum- mary for cylinder group 1. > 2:inode; 7:dir=3 changes the i-number for the seventh direc- tory slot in the root directory to 3. > 7:dir:nm="name" changes the name field in the directory slot to name. > 2:db:block,*?d displays the third block of the current inode as directory entries. > 3c3:fragment,20:fill=0x20 get fragment 3c3 and fill 20 type elements with 0x20. > 2050=0xffff set the contents of address 2050 to 0xffffffff. 0xffffffff may be truncated depending on the current type. > 1c92434="this is some text" will place the ASCII for the string at 1c92434. SEE ALSO fsck(8), dir(4), fs(4). BUGS Extreme caution is advised in determining the availability of fsdb on the system. Suggested permissions are 600 and owned by bin. From: Tino W. Dai <oberoc@chartres.ee.tulane.edu> You could try fsdb which is the "unix wizard's" fsck. =============================================================================
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:10:32 CDT