UNIX Power Tools

UNIX Power ToolsSearch this book
Previous: 23.8 Safe Delete: Pros and Cons Chapter 23
Removing Files
Next: 23.10 Deletion with Prejudice: rm -f
 

23.9 delete: Protecting Files from Accidental Deletion

The problem of protecting users from accidental file deletion is one that many people have encountered, and therefore there are many solutions of different types already implemented and available. Which solution you choose depends on the features you want it to have and on how you want it to do its job. Many people do not use the shell-script solutions described above (23.8), because they are too slow or too unreliable or because they don't allow deleted files to be recovered for long enough.

For example, Purdue University runs a large network of many different machines that utilize some local file space and some NFS (1.33) file space. Their file recovery system, entomb, replaces certain system calls (for example, open(2), unlink(2)) with entomb functions that check to see if a file would be destroyed by the requested system call; if so, the file is backed up (by asking a local or remote entomb daemon to do so) before the actual system call is performed.

The advantages of this system are that you don't have to create any new applications to do safe file removal - the standard rm program will automatically do the right thing, as will mv and any other programs that have the potential of erasing files. Even cat a b > a is recoverable.

A disadvantage of this system is that you have to have the source code for your UNIX system and be able to recompile its utilities in order to link them against the entomb libraries. Furthermore, if you wish to install this system on your machines, you have to be able to install it on all of them. If someone learns entomb on a machine you manage and then wants to use it on a workstation in a private lab for which you do not have source code, it can't be done. Also, there is a danger of people getting used to entomb being there to save them if they make mistakes, and then losing a file when they use rm or mv on a system that doesn't have entomb.

If you don't have strict control over all the machines on which you want to have file-deletion protection, or if you don't have source code and therefore can't use something like entomb, there are several other options available. One of them is the delete package, written at MIT.

delete
delete overcomes several of the disadvantages of entomb. It is very simple, compiles on virtually any machine, and doesn't require any sort of superuser access to install. This means that if you learn to use delete on one system and then move somewhere else, you can take it with you by getting the source code and simply recompiling it on the new system. Furthermore, delete intentionally isn't named rm, so that people who use it know they are using it and therefore don't end up believing that files removed with rm can be recovered. However, this means that users have to be educated to use delete instead of rm when removing files.

delete works by renaming files with a prefix that marks them as deleted. For example, delete foo would simply rename the file foo to .#foo. Here's an example of the delete, undelete, lsdel, and expunge commands in action:











-A 




























The directory starts with three files:

% ls
a       b       c  

One of the files is deleted:

% delete a

The deleted file doesn't show up with normal ls because the name
now starts with a dot (.). However, it shows up when files starting with .
are listed or when the lsdel command is used:

% ls
b       c
% ls -A
.#a     b       c
% lsdel
a


Bringing the file back with undelete leaves us back where we started:

% undelete a
% ls
a       b       c

We can delete everything:

% delete *
% lsdel
a  b  c

We can expunge individual files or the current working directory:

% expunge a
% lsdel
b  c
% expunge

After the last expunge, there are no files left at all:

% lsdel
% ls -A
%

The technique used by delete has some advantages and some disadvantages. The advantages include:

Disadvantages include:

entomb and delete represent the two main approaches to the problem of protection from accidental file erasure. Other packages of this sort choose one or the other of these basic techniques in order to accomplish their purposes.

- JIK


Previous: 23.8 Safe Delete: Pros and Cons UNIX Power ToolsNext: 23.10 Deletion with Prejudice: rm -f
23.8 Safe Delete: Pros and Cons Book Index23.10 Deletion with Prejudice: rm -f

The UNIX CD Bookshelf NavigationThe UNIX CD BookshelfUNIX Power ToolsUNIX in a NutshellLearning the vi Editorsed & awkLearning the Korn ShellLearning the UNIX Operating System