Of all the Unix tools which can be dangerous, rm tops the list. People who are use to using a “Trash” or “Recycle Bin” can get lulled into a false sense of security. Deleting a file with rm means forever.
But why is this so? Because Unix is spiteful! No, seriously, it is because of inodes. Files in Unix have an inode (also i-node) associated with them, call is short for information-node. This inode contains information relating to the device, the number of links to the file, information on the owner, file size, time information, and an inode number (i-number).
The systems internal name for a file is its i-number – the number of the inode holding the files information. When the command rm is invoked, does not actually remove the inode, it remove directory entries or links. When the last link to a file disappears, the system removes the inode, and hence the file itself. Once the inode is gone, the file is irretrievable – in the words of Kernighan and Pike (The Unix Programming Environment), “Deleted files go into the incinerator, rather than the waste basket, and there is no way to call them back from the ashes”.
Want to find the i-number? Use: stat filename, or ls -il filename
$ stat afile 16777219 25231160 -rw-r--r-- 1 mwirth staff 0 0 "May 27 15:23:05 2015" "May 27 14:48:03 2015" "May 27 14:48:03 2015" "May 27 14:48:03 2015" 4096 0 0 afile $ ls -il afile 25231160 -rw-r--r-- 1 mwirth staff 0 27 May 14:48 afile
In both these cases the i-number is 25231160.
Want to recover it? Unless you have a specific Unix system that supports recovery, forget it. Make sure you back things up. There is no Harry Potter magic that’s going to make that file come back. If it is a life-and-death situation, then you have to stop using the filesystem, like immediately – because *any* write activity may definitely hose the file data that may (only may) remain on disk.