[ale] debugfs :: handy utility to debug an ext2 or ext3 file system

Jerry Yu jjj863 at gmail.com
Tue Nov 7 12:29:17 EST 2006 

My apologies :: a quick note to myself ended up posting to the group. Should
any ALEr find it useful,  I'd feel much better about bad grammar and such.

On 11/7/06, Jerry Yu <jjj863 at gmail.com> wrote:
>
> I am learning a useful utility program named 'debugfs'. It is part of
> e2fsprogs package, an essential packages containing axillary programs for
> ext2 and ext3 file system under Linux. For a regular file, you can find an
> inode by any data block the file or dir entry is using. Then you can turn
> around and ask for the name of the inode. This could be handy when some
> mysterious files causing df and du disagree whether the filie system is
> full, or the file system is corrupted or can't mounted to be accessed as
> usual. More advanced file system features are available too.
>
> # to find what inode is claiming a given data block
> # debugfs -R "icheck 12345" /dev/hda1
> debugfs 1.35 (28-Feb-2004)
> Block   Inode number
> 12345   340
>
> # to find the file name given the inode number
> # debugfs -R "ncheck 49153" /dev/hda1
>  debugfs 1.35 (28-Feb-2004)
> Inode   Pathname
> 49153   /usr/share/locale/ar/LC_MESSAGES/libbonobo-2.0.mo
>
> # Print the location of the inode data structure
> # debugfs -R "imap /boot/vmlinuz-2.6.9-42.0.2.EL" /dev/hda1
> debugfs 1.35 (28-Feb-2004)
> Inode 557516 is part of block group 34
>         located at block 1114128, offset 0x0580
>
> # to dump the direntry (filespec, per man page)
> debugfs -R "dump -p /boot/vmlinuz- 2.6.9-42.0.2.EL /tmp/vmlinuz_dumped"
> /dev/hda1
> # md5sum /boot/vmlinuz-2.6.9-42.0.2.EL /tmp/vmlinuz_dumped
> e5c536b539b5ffcaa03b22bd7fcc164a  /boot/vmlinuz-2.6.9-42.0.2.EL
> e5c536b539b5ffcaa03b22bd7fcc164a  /tmp/vmlinuz_dumped
>
> # to get the  contents of a file, assume the fs can't be mounted and
> accessed the usually way.
> # debugfs -R "cat /etc/redhat-release" /dev/hda1
> debugfs 1.35 (28-Feb-2004)
> CentOS release 4.4 (Final)
>
> Noteworthy is, for files under /selinux ( a pseudo fs), it can find inode
> number associated with a data block. However, it couldn't find  the file
> name for the very inode number.
> # debugfs -R "ncheck 8" /dev/hda1
> debugfs 1.35 (28-Feb-2004)
> Inode   Pathname
> 8       <inode not found>
> # find / -inum 8
> /selinux/relabel
> # ls -id /selinux/relabel
> 8 /selinux/relabel
> # debugfs -R "icheck 4567" /dev/hda1
> debugfs 1.35 (28-Feb-2004)
> Block   Inode number
> 4567    8
> # / is on /dev/hda1
> /dev/hda1              8127400   6738524   1306308  84% /
>
> There's a lot of powerful (and dangerous features) such as
>
>    - feature  you can set or clear various file system features in the
>    superblock
>    - freeb to mark data blocks as unallocated  vs. setb
>    - freei to free the inode specified
>    - clri  to clear the contents of the inode
>    - chroot  to chroot to the directory
>    - find_free_block
>    - find_free_inode
>    - init_filesys  to create an ext2 file system
>    - kill_file deallocate the file and its blocks. It doesn't remove
>    any direntry to this inode. not ' rm' or 'unlink'.
>    - logdump to dump the ext3 journal
>    - modify_inode  modify the contents of the inode structure
>    - ls/mkdir/mknod/rm/rmdir
>
> 'debugfs' starts interactively by default, unless you have '-R' to request
> one-time use only. An session would be like below:
> # debugfs
> debugfs 1.35 (28-Feb-2004)
> debugfs:  open /dev/hda1
> debugfs:  icheck 12345
> Block   Inode number
> 12345   340
> debugfs:  ncheck 340
> Inode   Pathname
> 340     /usr/X11R6/lib/xscreensaver/mountain
> debugfs:  close
> debugfs:  quit
>
>
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the Ale mailing list