|
Linux ate my drive (for the 2nd time!)
Hey everybody,
I am a big fan of linux. My friends are sick of my constant praisals of this operating system. Yet I am facing a crisis right now, which may even lead to my abandonning of the penguen power. Few weeks ago, when I ran a df -h to see how much free space I had left on my partitions (and I have lots of them), I was surprised to see 7 gigs of free space on a partiton where free space should have been scarce. I checked the content of the partition with a quick ls, and to my astonishment, most of the files there were gone! I had 8 hours worth of music and a couple of movies there. All gone! At first I was puzzled. I couldn't possibly blame linux for this, the safest os on earth! So I tried to recover as much as I could by using (windows) software. I only could save the names of the files though, since the music was unlistenable (I am still trying to download them!). A similar chaos occured a few moments ago. I mounted a partition which contained the documents that I share with my three operating systems. Just as I was to send a file through mail, linux said that the file couldn't be found. I searched for the file to no avail. I booted up in windows, and with dismay observed that there was 1,49gig of free space on the once-full drive (with a capacity of 1,49gig). Simply the directory structure remained intact. All the files in all the directories were erased! Again I ran EasyRecovery and recovered most of my important files FROM ANOTHER PARTITION (I had copied the old partitions to a new one, I recovered from the old). The filenames on the new partitions (the one linux deleted) were dos names, such as PROGRA~1.JPG. As you see, this is a really serious problem. I prefer having a system that crashes every half an hour, than having a system that doesn't crash but formats partitons every once in a while. I am using Redhat9 with KDE. What shall I do? Since I do not know when this even happens, I can't inform you any more than this. I simply noticed that it happened few minutes after mounting the drive. Can you help me? Or will I have to give up the Penguin power and surrender to some Gates and some Windows? Thanks, first of all for reading, and of course, for helping!! |
Some bits of information may be required here :)
What's the fstab on the machine, what file-system type is the partition you keep losing? And this is the first time I came across such behaviour, and even though I don't think it's impossible I still believe it's very unlikely. I'd suspect user error in such a case. Or malicious activity from outside. Cheers, Tink |
*cough* backup *cough*;)
Hard to say what happened... could be a number of things I would be looking at a good way to back up the stuff I wanted to keep though... It could be something as simple as a rm with the wrong wildcard could be a different partition mounted instead of the one you wanted. Could be the RIAA is after you... :eek: You could set up a simple cron job to watch the size of your music directory something like: * * * * * /home/foo/watch_music 2>/dev/null #change to how often you want to run it... then for the /home/foo/watch_music you have this date +"%D %r `du -h --max-depth=0 /music_folder`" >> /tmp/junk_music.log make sure /home/foo/watch_music is executable to watch the log file and log the size of the music directory. That would at least tell you the times when the file size changes... then when you cat /tmp/junk_music.log you could see 12/08/03 04:33:00 PM 27M /tmp 12/08/03 04:34:00 PM 27M /tmp 12/08/03 04:35:00 PM 27M /tmp 12/08/03 04:36:01 PM 27M /tmp 12/08/03 04:37:00 PM 27M /tmp 12/08/03 04:38:00 PM 27M /tmp (I checked the size of /tmp) Just an idea... |
Just out of curiosity, where are you storing these files?
|
I saw something similar under windows, years ago. i think my brother got a java virus while browsing. the result was a win system with full dir tree, but no files (of course it was not bootable). i had MY files in a linux partition :)
No system can be secure if you run apps/scripts you're not sure about. At least, with linux, other users would take no damage because of the uncauitiousness of one (provided you use a user-capable filesystem ;). To prevent problems, i work as follows: I keep write-seldom data such as home backup, photos and mp3 on a vfat mounted readonly, while i keep changing data and incoming files in my home. Once in a while, I mount data2 rw (as root, umask=022) to move new stuff to the correct place and update backups. This way, i think the most likely risk is a physical disk breakdown. |
This might be not be very related, but what brand and model of hard drive do you have?
|
I'm not 100% sure, i gave that disk to a friend of mine, but i thinkn it was a 10GB seagate. However it can't be an hardware-related problem: disks don't make any difference between directories and file, they simply see blocks of data.
|
Ok thank you all for your replies, and excuse for this massive delay. Due to time zones and school I cannot post very often. I'll try to answer questions about my system first:
I use Redhat9 with AMD Duron 600 on two Seagate Harddrives (one 120 gig and the other 40 gig, yes ezra143, I am storing my files on a harddrive:) ). These singular incidents seem to happen on FAT32 partitions only (I have included the fstab at the end of the post). I do not believe they happened because of a mistake of my part. I do not want to sound too self-confident, but I am generally apt at typing rapidly. I somewhat have some evidence disproving this hypothesis. On the first occasion, part of my mp3 files and few AVI movies have been deleted. I don't know of any commands that does a "random deletion of random files on a random disk." Such a scenario might seem more plausible in the second case. Since the directory structure remained, one might suggest that I accidentally ran a rm -fr command. Yet again, the second time I was entirely on KDE. I used the konsole to simply search for some files. All in all, I believe this conjecture is highly improbable. I do not think that an attacker or a malicious program did that either, although I can never be sure about it. I would also like to thank you for the exquisite advices you sent. Since I have a lot of free space, I am thinking about partitioning it in order to run two duplicates, one being the real and the other a certain read-only "image". The bash-script Blinker_Fluid mentioned also awakened my curiosity. However I couldn't decipher the following line: * * * * * /home/foo/watch_music 2>/dev/null #change to how often you want to run it... Isn't that supposed to direct the output in a "black hole" (/dev/null)?? Some clarification would be quite enlightning. Thanks again for your answers, and I am patiently waiting for more solutions. Until then, I decided to quarantine Linux. I gonna put tux in a cage until he learns how to behave :). Cheers PS: Here is my fstab file: LABEL=/ / ext3 defaults 1 1 LABEL=/boot /boot ext3 defaults 1 2 none /dev/pts devpts gid=5,mode=620 0 0 none /proc proc defaults 0 0 none /dev/shm tmpfs defaults 0 0 /dev/hda7 swap swap defaults 0 0 /dev/cdrom /mnt/cdrom udf,iso9660 noauto,owner,kudzu,ro 0 0 /dev/fd0 /mnt/floppy auto noauto,owner,kudzu 0 0 /dev/hdb7 /mnt/mp3 vfat umask=007,uid=graffiti,gid=graffiti 0 0 //First time here /dev/hda8 /mnt/winE vfat umask=007,uid=graffiti,gid=graffiti 0 0 /dev/hdb5 /mnt/docs vfat umask=007,uid=graffiti,gid=graffiti 0 0 //Then here /dev/scd0 /mnt/cdrom auto ro,noauto,user,exec 0 0 |
the 2>/dev/null just redirects any error message to /dev/null (I was checking the size of /tmp and it was giving me a permissions error)
The script itself is what directs output to the file. |
I think I might have a clue as to the reason of this mysterious problem. I frequently mount the fat drives on /tmp when I need to check something on that partiton. In my thinking, /tmp should be the temporary drive, and thus I can mount whatever I mount there?
Could it be that after my mounting the drive, linux requests a file on that folder, and then somehow deletes it? Just an idea. |
could be your system is configured to periodically delete temp files.
|
yeah it doesn't seem safe to mount the drive as /tmp, cause that's a system folder on my computer and linux could easily be erasing files on the drive thinking they are ordinary temporary system files that can be safely deleted.
|
I have found that a certain tool called tmpwatch runs every day through cron to clean the /tmp folder. It checks the creation date of the files and if it is older than a predefined threshold, it deletes them. Naturally most of the documents and the music I lost was older than that, which unfortunately caused their deletion.
But I have learnt a lesson today. I will never ever mount a drive on /tmp. Moreover I will dedicate a partition to backups, so that even if the universe contracts to a point with infinite density one day, I will still have my music with me. thank you all for your answers |
You should always create your own mountpoints under /mnt unless you have a valid reason to do otherwise. I usually create mountpoints with the name of the partition (hda1, hda2) or with the name of any remote system and the protocol used (smb_hostname_sharename) or similar. On some distributions /tmp is also cleared during boot and every directory that "belongs to the system" shouldn't be used for storage of users files.
|
Ok ,Tysen Takk for that info dude. I am affraid I have learnt it the hard way.
But can I mount these drives anywhere I want? For instance if i create a folder under / called say, /temp, that no program technically uses, can I mount my drives there? Is the purpose of /mnt just, in a sense, gather all these mountpoints? |
yeah...as long as it's not a directory that serves a specific purpose to the system you should be fine.
|
In unix-like systems there are some fixed location where some things are supposed to be. The reason for that is making the filesystem consistent on every machine and thus ease the work for developers. This is called Filesyste Hierarchy Standard, you can find details here: http://www.pathname.com/fhs/
Even if you probably won't get hurt mounting a disk under, e.g., /data or /mp3, an hypotethical utility that deals with user-mounted fs might not behave correctly. The best thing to do is mounting the actual fs under a subdir of /mnt, and symlink it to /data, if you find it handy. Code:
ln -s /mnt/mp3 /mp3Code:
ln -s /mnt/mountpointname/mp3 /mp3*most* programs, when run in recursive mode will not follow symlinks This way you effectively have your /mp3/Dylan directory without violating the FHS, since your actual data will be under /mnt/mp3 |
| All times are GMT -5. The time now is 09:30 AM. |