Some files are only able to be read by root users. However, I am curious to know if the theory of data recovery can be applied here to force read the file off of the disk. Is it possible to scan the bytes of the file, especially since we know that the file exists? (In contrast to recovery where the bits might be overwritten.)
The process I can think of is as follows:
//Get the starting block location of the file
//Read it
// get the next block location
// read it
// iterate until done...
I have two questions here. Is this possible if the file in question is only readable by users with permissions higher than your own? Even if so, how would I implement this in code?
What you want also requires administrative access. If you try to read or write the raw block device files
/dev/sd*or/dev/hd*on Linux systems, or their equivalents on other Unix systems, or using raw Windows API calls to read block devices, you’ll invariably find that they require administrative privileges. (CAP_SYS_RAWIOon Linux.)Furthermore, if the block device is currently mounted, the data you read that describes the filesystem layout might be changing out from underneath you — making this approach remarkably unreliable for mounted drives.
If you wish to pursue this further, I strongly recommend looking at the
debugfs(8)ext2, ext3, ext4 debugging tool. It implements the ext* family of filesystems entirely in userspace and allows working with block devices at a raw level.