>> Take a good look at that. None of the files have the owner write
>> bit set, which would be the eigth bit I think. The device numbers
>> generally range from 32 to 116. It looks like ASCII text got into
>> your inodes.
>>
>> Why does e2fsck keep the '?' files? They seem completely
>> illegal, at least as far as /bin/ls can tell.
>>
> Umm... It could be that just the permissions were screwed, but the
> data is fine. It's happend to me... I ran a "less" on it, did a
> chmod, and put it back where it belonged.
Maybe a point system -- throw out inodes above a sanity limit.
One point for blocks off the device, one point for strange
permissions, one point for more blocks than size indicates
is possible... Nuke any file with more than X weirdness points.
>> If e2fsck finds several severely corrupt inodes, I think it
>> should go into a suspicious mode that throws out anything
>> with extremely weird permissions. For example, I've never
>> seen ------x-w- on a real file. AFAIK, Linux only uses the
>> sticky bit on directories: any non-directory with that flag
>> is corrupt. Suid and sgid have no meaning for device special
>> files, so those are invalid too.
>
> OTOH, a "suspicious" mode sounds good, but it shouldn't automaticly
> be initated. IMHO, the basic rule of e2fsck is that it should
> recover whatever possible, whenever possible. Perhaps, however,
> e2fsck should set the permissions to 0600 and zero out the
> attributes (unless the data appears to be a valid directory). That
> way, you can always get at the data without going to extreme mesures...
Consider an inode that causes trouble for recovering other inodes.
Cross-linked (in the middle, so not a hard link) with a directory
and using the contents of another directory as indirect block
tables. Of course the disk is full so you can't make a second copy.
SECURITY HOLE: I saw some suid files in that listing. I guess you
could make lost+found mode 700 or prevent logins after fsck.
My lost+found (created by mke2fs last fall) was mode 755.
What about that buggy suid-root program you deleted before the crash?
Perhaps a umask setting is needed. World-writable is bad too.