The lost+found directory included in (Unix) file systems is usually empty. Only used when fsck doesn't know what to do with files that have lost their place in the file system, they stand as a temporary holding place for those rare instances in which fsck can't put everything back together after file systems have become corrupt in some way. If you see files in lost+found, you can expect them to look rather unusual. Take these files found on a Solaris 9 system after a panic and a subsequent fsck:

  -rw-r--r-- 1 johndoe staff 1576 Apr 22 11:26 #00805349
  -rw-r--r-- 1 johndoe staff 4363 Apr 22 11:26 #00805350
  -rw-r--r-- 1 johndoe staff 4566 Apr 22 11:26 #00805351

The names of these files were lost before fsck tried to piece things back together. The directory that had originally contained the salvaged files was, for some reason, not recoverable. And, since filenames are stored in directory files and nowhere else on ufs file systems, what we are able to recover for these files are the various pieces of information stored in the files' inodes — the owners, groups, access permissions and pointers to the files' contents.

To examine one of these files, put quotes around the current names. These represent the inode numbers. For example, #00805349 is the file associated with inode 805349. The command shown below will page through the file contents as would more on any normal file:

  # more "#00805349"

You might also find directories in lost+found. In this case, the parent directories of those directories will also have been lost

  drwxr-xr-x 2 johndoe staff 512 Apr 21 10:26 #00804845
  drwxr-xr-x 2 johndoe staff 512 Apr 21 10:46 #00804854
  drwxr-xr-x 2 johndoe staff 512 Apr 21 10:46 #00804866
  drwxr-xr-x 2 johndoe staff 28160 Apr 22 10:45 #01514211
  drwxr-xr-x 2 johndoe staff 28160 Apr 22 10:48 #01514212
  drwxr-xr-x 2 johndoe staff 30208 Apr 22 11:26 #02383477

If you use a cd command such as this to move into one of these directories, you are not going to see any files:

  # cd "#02383477"
  # ls
  #

While these directories may appear to be empty, however, this is only partly true. The files that once occupied these directories may be among the files now represented only by their inodes. On the other hand,the filenames will still be contained in the directory files and you can extract them if this information is of any value. With no connection to the lost files, I have found directory files in lost+found to be of little value. The revelation that some unknown directory used to contain a file named "install.sh" is not likely to be of significant help in putting the lost files back in place. In the lost+found directory files that I examined, the inode numbers are generally gone and only the scattered file names are easily retrieved. The directory dump shown below, for

• Email
• Print
• Share
  • Slashdot
  • Digg
  • Stumble
  • Reddit
  • Newsvine