New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
help! rm -rf destruction, ssh session currently active
apparently a badly written script ran rm -rf on / and bulldozed all the binaries. Now nothing including ls, cp, mv, cat, nano, etc is working.
However, the ssh connection is active(pretty useless though) but new ssh connections return an error.
Is there any way using the active ssh connection that I can retrieve contents of a folder ? I know most will suggest using the backup but there is some active data in that folder I can really use. If only I cud get something like ftp to work ?
Comments
"rm -rf /" = 100% wasted, "but there is some active data in that folder I can really use." <--- its not there anymore it was forced removed. Get it reinstalled and get your brain relaxed!
Without any binaries, the ssh connection is kind of useless. You could do
cat >file
to copy data onto the system, but without chmod you can't make any files executable, and you're probably not going to have success pasting binaries into your ssh connection anyway.I think your best option is probably to boot up with a linux recovery ISO and then use
extundelete
so see if you're able to restore any of the deleted files. Note that every time you write anything to the filesystem, you run the risk of overwriting deleted data, so you will probably want to restore to a ram disk or similar, or a spare partition if you have one.BTW, to navigate the file system using just the shell you can use
echo *
instead ofls
and other builtins likecd
andcat
should all be fine. You might find yourself lucky and find that some files still exist,Both your suggestions are spot on. Luckily Hosthatch has a systemrescue disk as a boot image. So, using that I got few folders back as tar balls.
However, the home directory and other things are gone. For that I will likely use extundelete.
Thanks man (y). excellent advice & i was searching the entire internet for something like echo * before I tried the rescue disk you hit the nail on the head.
If you're lucky, /home was on another partition and you just need to mount that.
unfortunately it wasn't. single disk. But this brings up another point. I had few folders nfs mounted from another vps. I have looked at the other vps and the files there seem intact at first sight but I was wondering if the rm -rf would delete those files too at the source ? technically it shud i guess?
Yes it does.
I'm scared of the US keyboard layout for related reasons, the enter and shift keys have a too similar tactile shape and feel. That keyboard is still in the mail; dunno if I'll manage.
Did the command contain
--no-preserve-root
? This switch guards against this scenario I think.It didnt & it did nothing to the root folder itself but it completely obliterated the home directory and others like bin. So i guess no preserve root also kills the root directory.
Still funny situation when u cant even ls, cat or apt I think there must be fail safes to stop something like this.
"Fail safe" is not running rm with -f
Yeah that makes sense now
there was an article or a reddit post for this situation i saw a few years back, google it thoroughly..
@raza19 's VPS after the rm -rf