Yesterday, we got hit by a cryptoware
infection. Since we had a lot of affected files, scattered throughout our
filesystem AND we wanted to keep the non-affected files as they were, we
couldn't really do a complete restore using rdiff-backup.
So we instead managed to delete all
affected files and then ran an rsync tailored so it would only restore
missing files. We used our rdiff-backup storage as source and this restored
the file content perfectly, so thanks already for that.
However, all files are stored as nouser:nogroup
by rdiff-backup, so we had to restore those separately. We quickly found
the mirror-metadata files in the rdiff-backup repository which at first
glance seemed to contain the information we needed.
However, a smallish number of files
are listed in there as having Uname ':' or Gname ':', literally just a
colon, and I have no clue whatsoever why or what it means...
I can sort of imagine it might mean
'look in another file' since I'm only looking at the latest metadata snapshot,
but if anyone could help me out, I'd appreciate it