I wanted to move directory to /usr/local but instead mv -r typed rm -r.
Is there any way to recover deleted data on Ubuntu 12.04?
Any suggestions?
Update:
I understand that this losing not so difficult. But what about the future.
Is any way to safe removed files (as at Windows for ex. - all deleted files gona trash) and would recover them if deleted accidentally?
Or better use backup and it protects this really weak place at ubuntu?
If you need to recover deleted files, it's imperative that you immediately shut down the newly installed system and not use it. You can run from a live CD provided that swap is disabled. See the guidelines here.
However, most of the time, its better to replace the contents of /usr/local then to attempt recovery. At least if you were using /usr/local in a normal way.
Ordinarily, /usr/local is used for installing software that you've compiled yourself from source code. If you have only (or mostly) used it for this purpose, then you should just reinstall the software (i.e., re-create /usr/local and build and install the programs and/or libraries like you built and installed them before).
This will very probably be less work, and take less time, than trying to recover the contents. And it will definitely be more reliable. Data recovery is appropriate when you have lost information that you want to retrieve--like the contents of a document that has not been backed up. But it will not reliably give you back exactly all the files you had before, where you had them before.
If you used /usr/local in the usual way, then you should just rebuild its contents.
If you don't remember what was there, that might make it hard for you to rebuild it. But it would make it even harder for you to recover it; it's very difficult (often, impossible) to recover deleted files if you don't know much about them).
If you never used it at all, then there's probably nothing of consequence there. So if you don't remember ever using /usr/local for anything, you can just recreate it with sudo mkdir /usr/local and do nothing else. (Its subfolders will still be missing, but anything that uses them will typically create them if they are found not to exist, so that's usually not a problem.)
This addresses the updated portion of the question.
The feature you're looking for would probably be more similar to System Restore in Windows, than to the Windows recycle bin. After all, when you delete files on the desktop in Ubuntu, they are sent to the trash (unless you indicate that they are to be permanently deleted, for example by pressing Shift+Delete). In the trash, they can be deleted for real (by emptying the trash) or they can be taken out of the trash. This behavior is identical to the recycle bin in Windows.
In both Windows and Ubuntu, when you delete files from the command-line, they are truly deleted. (That doesn't mean they are unrecoverable, but it usually means they are hard to recover and likely have unrecoverable parts.)
While Ubuntu and Windows both have a logical storage area for files that are marked for deletion (the trash and the recycle bin), Ubuntu does not have any feature that corresponds to System Restore in Windows.
If you need to safeguard against losing any data, your guess is totally right: backups are the correct solution. However, this is not a particularly "weak place" in Ubuntu; you can severely damage any part of your system by running rm -r as root! (Running deltree as an administrator in Windows is similarly dangerous.)
Moving or renaming system directories is rare and usually unnecessary. I recommend avoiding performing any action on a top-level system directory unless you need to, especially if you cannot tolerate breakage.
-r Except When Necessary (there is no such thing as mv -r)Unlike the rm command, the mv command does not have any -r flag (see man mv for details). You do not need such a flag, even to move a non-empty directory. If you avoid using -r for commands where it's not needed, and be extra-careful in the minority of instances where you do use -r, you may be able to reduce your risk of data loss or other undesirable changes to your system.
gksudo nautilus (carefully!) if you want to trash instead of delete system files.You can open a root file browser window by running gksudo nautilus. (In some later versions of Ubuntu, gksudo is not always installed. You can get it by installing the package gksu, or you can use sudo -H in its place. You should not use plain sudo to run graphical programs.) This gives you a graphical file-browsing interface with essentially unlimited power.
This carries its own dangers, and I don't think it's really safer than the command line. However, when you remove a file, it should go to the trash rather than being truly deleted. It will go to the root user's trash--not your regular user account's trash can. You can access the root user's trash from within that same root file browser window.
Sending files to the trash as root is not a very common operation, so I recommend making sure it works with an unimportant file (perhaps one you create for testing), and that you can restore the test file, before relying on this behavior of the system.
If you choose to use a root file browser window, please remember that, like when running commands with sudo, a mistake can have systemwide consequences. Also, any program you run from a root file browser window will itself run as root. For these reasons, I recommend always closing a root file browser window immediately, once you are doing using it.
Take a look at Is there any way to recover files in /usr/local directory on Ubuntu? on Server Fault.
In summary: LapTop006 pointed out that Ubuntu packages should not install anything in /usr/local. One way to find out if they have is to run grep '/usr/local/' /var/lib/dpkg/info/*.list. This lists any that have (so its output is usually blank).
If you do want to try to recover data, wzzrd suggested trying ext3grep.
testdisk / photorec is much better than ext3grep based on my past data recovery experiences.
– Terry Wang
Aug 14 '13 at 02:16
In addition to Eliah's answer.
If you have another similar 12.04 (same up to date) installation, you may try to use tar or rsync to restore/copy (or rebuild) the directory structure. As explained, it is mainly for software compiled from source (default prefix).
rsync example (on the broken host, copy the /usr/local from the good host via SSH, broken root partition is mounted to /mnt/broken_root):
rsync -axAX --progress --stats root@GOOD_HOST:/usr/local /mnt/broken_root/usr
NOTE: Be careful with trailing slash when using rsync.
/usr/local (as its name suggests) is for files that are local to the system, and typically it contains software that the user has manually compiled and installed. As vfbsilva's answer (and one of the answers on the Server Fault question to which it refers) says, Ubuntu packages should not, and virtually never do, install any files inside /usr/local. Two machines running 12.04 will not generally have similar /usr/local folders.
– Eliah Kagan
Aug 13 '13 at 22:20
rsync way only works if nothing is compiled from source.
– Terry Wang
Aug 13 '13 at 23:17
sudo mkdir /usr/local is sufficient. (There may be empty subdirectories, but they are recreated when files that have been built from source are installed into them.)
– Eliah Kagan
Aug 13 '13 at 23:43
tomcat7– catch23 Aug 13 '13 at 22:06tomcat7from source, you can do so again. – Eliah Kagan Aug 13 '13 at 22:08