by mistake i have issued rm -rf command on some off the files in my system, but i requires thoes file urgently, how can i get back thoes files?????

rf -rf when executed in / by the root used will totally hose your system. If someone tricked you into executing it, go and do something vengeful to them.

The easiest thing to do is restore from backup. You do have a backup right?

Matthew is fully right.

Don't do anything that would write to the disk. Data is (in principle) recoverable as long as it is not overwritten. There are file recovery utilities available or you can get the disk to a professional recovery service.

He said "some of files", so he must mean that he deleted a subdirectory in his home directory instead of the system.

If you still have a program that has a lock on the files, you can examine /proc/<proc_id>/fd/ of the program accessing them. Maybe if you had the subdirectory open in konqueror and it hasn't been refreshed, you can recover them that way.

For example:
If I were to rm the SN-122.mp3 file, I could get it back by copying /proc/9331/fd/9. This method has no chance of success if you reboot.

If these files are very important, you should make an image backup of the filesystem and use that to try to recover the files from. You want to make sure you stop using the filesystem so that you don't overwrite the same location that the older files were in. If you google for it, there may be an "undelete" program for the ext2 filesystem. You can try mounting an ext3 filesystem as an ext2 filesystem. This will fail if the journal isn't empty.

There are file recovery live CD distro's on sourceforge. A lot depends on the type of filesystem these files were on. You didn't mention that. The live CD should use a recent kernel. If you have a newer version of some filesystems, you may not be able to mount them.

Another method is to use forensic tools. For this, you need an understanding of the filesystem and the format of the files. With text files, you can use grep to try to locate where on an image certain words are. Many file types start with certain "magic" bytes that identify them. This is what the "file" command uses to identify a file. It would be possible to use the same database of magic bytes that file uses to identify files on an image. This isn't easy, and even if you can find the beginning of a file, you may need to guess it's length, and hope it wasn't fragmented.

jschiwal, I have a question: I don't know much about filesystems but I know that in the old days, when I still was a Windows'er and had my partitions formatted with FAT32, I used to recover deleted files using programs that were probably scanning the whole HD searching for files marked as "deleted" but with at least a part if their contents still existing.
Now, you were speaking about ext2 & 3 and I don't know how it looks with NTFS, but I know that I wasn't able to find anything like that for JFS and ReiserFS. The same applies to disk defragmenters. Do you have a clue if "undelete" programs for those filesystem actually exists? If they don't exist, why? Is it because JFS and ReiserFS belong to the category of "Journaling filesystems"?
Thanks a lot...

When using forensic tools like foremost or photorec (part of the testdisk package), the application looks at headers and footers of files regardless of the file system format. Even if partition information has been changed, as long as the free space created when you removed the files is not used again.
Windows file systems use an "even wear" strategy, where it will keep writing files to the oldest contiguous set of clusters using up all free space on a new drive before writing to free space created by deleting files over time.
Some Mac file systems implement this also, but I believe some if not all Linux file systems allocate files differently where you can overwrite an area recently deleted regardless of the time it became free.
As suggested above, make an image of the drive, once you have an image you can continue using the computer without fear of overwriting recoverable data. The best way to dig for data is to make a copy of the image and work on the copy, and you'll always have the original to fall back on for whatever reason. If you don't have a larger drive to store it on for mounting, you can make the image in slices, like 4GB slices that can be stored on a Fat32 file system which has a 4GB file size limit, or 650MB slices that can be stored on many CDs. There are many applications available that can make the image in slices, then mount them for forensic analysis/data recovery just like mounting the drive in the slave position when booting from another drive. Or you can make the slices with a specialized application and mount them with a mounting application.
One of the best applications that does this is ENCASE, there should be a way to mount slices in Linux that I'm not aware of. So far I've only mounted hard drive images in it's entire size, not slices, I have only read about slices.
Foremost is kind of nice as you can easily customize the configuration file, it has some common file extension header, and in some cases, header and footer (file signatures) information.
When you open a file in a hex editor in HEX mode you would see how the structure of the header and or footer signature is derived in the entry for that file's extension in the foremost configuration file. With that knowledge, you can open a file with a "not so common" file extension in a hex editor to find the signature and add an entry in the configuration file for it.
When files are written contiguous (when all the clusters/blocks are in line one after the other) they are not fragmented. Fragmented data usually does not happen with many file systems until all free space has been written too at least once and there is not much free space on the drive. Because files deleted over time were likely scattered all over the drive, when the system can't find enough contiguous clusters/blocks it writes the files in different areas creating a fragmented file.
De-fragmenting a drive rearranges the placement of many files to store them contiguously so they are not fragmented. This requires overwriting many "free space" clusters/blocks that contain recoverable data. De-fragmenting reduces future file recovery success.

Disk defragmenters are useful for Fat32 partition, but they aren't as necessary for even the NTFS filesystem. Files don't get as fragmented on modern filesystems. The Fat filesystem will store a file to the first available free space regardless of the filesize. Also, modern operating systems aren't single user. Other users and services will be writing to the disk so the head will be going to different parts of the drive anyway. There may be disk caching going on as well, allowing the drive to read the entire sector before handling a different file.

Did you say it was an NTFS partition or something else? For some filesystems there may be a undelete utility on your system. Look in your package system for packages like xfsprogs or ntfstools. A package for JFS has a filesystem editor for example.

Here is a undelete project for ext3: http://freshmeat.net/projects/giis

Thanks jschiwal