被删的进程文件恢复
(找 FD 恢复)
以 / var/log/messages 为例:
- [root@localhost ~]# lsof |grep messages
- rsyslogd 5764 root 6w REG 8,3 240631 17815676 /var/log/messages
- in:imjour 5764 5777 root 6w REG 8,3 240631 17815676 /var/log/messages
- rs:main 5764 5778 root 6w REG 8,3 240631 17815676 /var/log/messages
- ## 可以看出 pid 为 5764,FD 为 6
- ## 试验时最好做好备份
- [root@localhost ~]# rm -fr /var/log/messages
- [root@localhost ~]# lsof |grep messages
- rsyslogd 5764 root 6w REG 8,3 240631 17815676 /var/log/messages (deleted)
- in:imjour 5764 5777 root 6w REG 8,3 240631 17815676 /var/log/messages (deleted)
- rs:main 5764 5778 root 6w REG 8,3 240631 17815676 /var/log/messages (deleted)
- ## 显示删除状态
- [root@localhost ~]# cd /proc/5764/fd
- [root@localhost fd]# ls
- 0 1 10 2 3 4 5 6 7 8 9
- # 查看内容是否一致
- [root@localhost fd]# cat 6
- ..........
- illed)
- Mar 21 21:42:11 localhost systemd: Reached target Sound Card.
- Mar 21 21:43:09 localhost chronyd[5453]: Selected source 5.79.108.34
- Mar 21 21:45:19 localhost chronyd[5453]: Selected source 173.255.246.13
- Mar 21 21:52:21 localhost dhclient[5616]: DHCPREQUEST on eth0 to 192.168.20.254 port 67 (xid=0x1c5abf1e)
- Mar 21 21:52:21 localhost dhclient[5616]: DHCPACK from 192.168.20.254 (xid=0x1c5abf1e)
- Mar 21 21:52:24 localhost dhclient[5616]: bound to 192.168.20.128 -- renewal in 890 seconds.
- Mar 21 21:54:43 localhost systemd: Starting Cleanup of Temporary Directories...
- Mar 21 21:54:43 localhost systemd: Started Cleanup of Temporary Directories.
- ##cp 到 / var/log/messages 就行了
- [root@localhost fd]# cp /proc/5764/fd/6 /var/log/messages
- [root@localhost fd]# tail /var/log/messages
- Mar 21 21:40:14 localhost systemd: Created slice User Slice of root.
- Mar 21 21:40:14 localhost systemd: Started Session 1 of user root.
- Mar 21 21:40:14 localhost systemd-logind: New session 1 of user root.
- Mar 21 21:40:14 localhost systemd-udevd: worker [2639] /devices/pci0000:00/0000:00:11.0/0000:02:03.0/sound/card0 is taking a long time
- Mar 21 21:42:03 localhost chronyd[5453]: Selected source 78.46.102.180
- Mar 21 21:42:11 localhost systemd-udevd: worker [2639] /devices/pci0000:00/0000:00:11.0/0000:02:03.0/sound/card0 timeout; kill it
- Mar 21 21:42:11 localhost systemd-udevd: seq 3926 '/devices/pci0000:00/0000:00:11.0/0000:02:03.0/sound/card0' killed
- Mar 21 21:42:11 localhost systemd-udevd: worker [2639] terminated by signal 9 (Killed)
- Mar 21 21:42:11 localhost systemd: Reached target Sound Card.
- Mar 21 21:43:09 localhost chronyd[5453]: Selected source 5.79.108.34
提示: 希望你们都用不着 (提前备份)
来源: http://www.bubuko.com/infodetail-2995807.html