Even after the inode link count is 0, if a process still has the file open, it still remains on disk; that's the root of this trick. However, that is not sufficient; you also need a way to get access to the file so you can copy the data out of it before the process closes it. That is the interesting part of this trick — a way to use the /proc filesystem to get at the file.

cp /proc/322/fd/3 savedfile is a lot easier than fiddling around with fsdb on a mounted filesystem.

copying the file from /proc creates a copy. fsdb allows you to map a name to an inode (er.. inode to a name). this is quite handy if the file is being written to. and fsdb is frequently available where proc is not.