Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

how to see which /dev/ device has been modified?

Status
Not open for further replies.
sedawk

sedawk

Programmer
Feb 5, 2002
247
US
As said in my previous post, I need to recover some files/folders in my Linux system. I have a dual boot FC7/WinXP system. How do I know which /dev folder contains the deleted folders/files? I do a 'mount' shows me this (after I umount /dev/sda2 because I suspect sda2 is the one)

[root@localhost dev]# mount
/dev/mapper/VolGroup00-LogVol00 on / type ext3 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
tmpfs on /dev/shm type tmpfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
 
Sort by date Sort by votes
I'm pretty sure that it is sda2 also. What you are showing is in a file called /etc/fstab. A quick way to check is to have fdisk show you the partition table. To do that just do the fllowing:

fdisk /dev/sda (Tells fdisk which hard drive to work with)

p (prints the partition table to the screen)

q (quits fdisk without doing anything)


It should also list your Windows partition and may call it sda3 if it is on the same physical drive. It could also list it as sda1 which would mean your linux partitons are sda2 and sda3. As far as folders go, you may have noticed that linux doesn't use letters to name drives or partitions. It uses mount points for the devices. This of mount points as the folders in windows. For example, you can mount the Windows partiton so it can be accessed from linux. Rather than use the mount command each time though, you would make the entry in /etc/fstab. Let's say it's on /dev/sda3. You would add a line something like this to fstab:

/dev/sda3 /windows ntfs defaults 1 1

Now you would create the mount point called windows. Note that a mount point is nothing more that what you are calling a folder. Any time you wanted to access or refer to the Windows drive you just use /windows. I'm not sure that is the exact line you would use in fstab but I was just using it as an illustration.
 
Upvote 0 Downvote
This is what I got when using 'p' in 'fdisk'. sda3 is the Windows partition partitioned by PartitionMagic. So it is also labeled as "Linux LVM". So I am pretty sure sda2 is the one for Linux and know where it starts/stops. Can I recover everything from sda2 start/stop block? Basically I just wish I can recover files there and don't mind need to re-install the system again later on.

Command (m for help): p

Disk /dev/sda: 74.0 GB, 74000000000 bytes
255 heads, 63 sectors/track, 8996 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot Start End Blocks Id System
/dev/sda1 * 1 4937 39656421 7 HPFS/NTFS
/dev/sda2 4938 4950 104422+ 83 Linux
/dev/sda3 4951 8996 32499495 8e Linux LVM
 
Upvote 0 Downvote
Oh, one thing is confusing on what file system it is using:

When booting up, it displays "ext2" but 'mount' tells it is 'ext3'. Am I mis-reading the booting message?
 
Upvote 0 Downvote
What it says to me is /dev/sda1 is your Windows partition. Notice how small /dev/sda2 is? That is your /boot partition. The /dev/sda3 partition is "/" or your root partition. Back in the olden days, drives were very small and operating systems could only handle small partitions. Hence it was very common to have several partitions like /boot, /usr, /home, /etc, /var and so on. Nowadays you just need three, /boot, / and /swap. The root partition now holds all the others but are just seen as directories under the root partition. This is where your files are. The LVM stands for Large Volume Manager and is designed to handle large drives and can also make several smaller drives act as one. That is what this line is all about:

dev/mapper/VolGroup00-LogVol00 on / type ext3 (rw)


Your files are on this LVM drive (sda3)

 
Upvote 0 Downvote
I thought /dev/sda1 is the boot partition because there is a "*" next to it. Also, I recall PartitionMagic used Linux as the boot loader. Am I wrong?

I also tried to use ext3grep to recover from dev/mapper/VolGroup00-LogVol00. I could see something there, e.g., /username/Documents directory etc. But when I tried to do the same thing on /dev/sda3, it didn't create similar file structure. Should I use

dev/mapper/VolGroup00-LogVol00

or

dev/sda3

for whatever recover tools I would use later on?
 
Upvote 0 Downvote
Most of the time, the boot loader is installed on the MBR. However, in some cases, people choose to install it onto the first sector of the first primary drive. In either case it will show as being on the first partition. As for the tools you may use to recover your data, they will identify the partitions themselves. Whatever they call the third one is what you want. I know that sounds a little hoakie but software that gets down to that level doesn't bother with stuff mangement software has to say. They get it from the machine or device itself.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

cloudytechi147
  • Locked
  • Question
Karma test fails to connect to launched 'chrome' instance
Replies
1
Views
125
Mike Lewis
Mike Lewis
andrew72788
  • Locked
  • Question
How do I set Arlo camera Offline with a computer?
Replies
0
Views
115
andrew72788
andrew72788
javierdlm001
  • Locked
  • Question
How to identify in which drive is Windows?
Replies
2
Views
127
kjv1611
kjv1611
connan23
  • Locked
  • Question
Anyone willing to show how to convert ZEN bootable cd to USB?
Replies
4
Views
104
ChrisHirst
ChrisHirst
bithead9
  • Locked
  • Question
possible to use TLS to encrypt desktop connections? 1
Replies
4
Views
120
ChrisHirst
ChrisHirst

Part and Inventory Search

Sponsor

Back
Top