Musings of an anonymous geek

December 7, 2005

Blow away your disk partitions? Maybe not!

Filed under: Linux — m0j0 @ 12:13 pm

I did something kind of dopy today in my pre-coffee hours. Luckily, my officemate helped me find some clarity in dealing with a bit of a dodgy issue: partition tables.

Operating systems like Linux keep track of where different partitions start on your drive by placing “super blocks” at the beginning of each partition that tell the system how big the partition is, and what the physical boundaries of the partition are on the disk. Linux also stores a main partition table as a summary of this information to keep from having to scan the entire disk for partitions every time you boot. It uses the partition table instead to figure out how to mount the various partitions on your drive…. unless the partition table gets blown away – which happens. I know. I’ve seen me do it.

So then what? Well, in my case, I figured “all I want to do is mount the drive, it’s not important what the system thinks the partition is on the disk”. I thought this because I thought that I only had one huge partition on the drive anyway, so call it whatever you want. So I just ran fdisk on the drive, named a partition that was the size of the entire hard drive, and I was able to mount the drive. It looked like everything was there – because all of the mount points were there. But when I went to the home directories to recover the data, it was empty!! I thought it was gone, but had no idea how. I couldn’t figure out how I could’ve lost this data, but the machines I’ve been playing with have been prone to these sorts of failure, so…

My officemate reminded me that if I just created one huge partition and wrote it to the partition table, then the superblock at the beginning of the device probably says “this first partition goes up to here”. That superblock is from the old installation of the OS, for the first partition on the drive, which was the “/” directory, which holds all of my mount points. The superblock says “it goes up to here”, and so that’s all I got. It wasn’t able to address any of the other data that lived in other partitions, because there are other superblocks on the disk that define the length of those partitions, and I didn’t know where they were. So I got to see everything that was in “/”, but nothing that was mounted *under* “/” from other partitions — like the “/home” directory.

I downloaded “gpart”, which is a tool that will scan your hard drive for superblocks, and come up with an educated guess based on the superblock information as to where your partitions live. It’ll then show you all of this information, allow you to edit it, and/or write it back out to a partition table on the device. It found my other partition, wrote out a partition table, and I was immediately able to mount the partition and copy the data back into place.

Advertisements

1 Comment »

  1. Hey — nice recovery!

    –GG

    Comment by Gye Greene — December 10, 2006 @ 9:58 am | Reply


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: