Using Filesystems

mount and unmount

The mount command, and it's cousin umount can be used to mount and unmount filesystems on your Linux system.

An extract from the mount(1) man page:


All files accessible in a Unix system are arranged in one big tree, the file hierarchy, rooted at /. These files can be spread out over several devices. The mount command serves to attach the file system found on some device to the big file tree. Conversely, the umount(8) command will detach it again.

--man mount(1)  

Issuing the mount command without any parameters will display the current mounted filesystems, and their status, on your system:

So when you created the filesystems at installation time a relevant device was created in the /dev directory. The devices that were created each have an address that points to a series of datablocks on your hard disk.

As an example let us say that when you were installing the operating system you specified a third filesystem called "database" that you wanted to create as well as the root filesystem and the swap filesystem. A device called database (/dev/database) would be created at that time and a mount point would be created as well called say /database.

Now when you do a listing under root you will see an empty directory called "database". When you attach or mount the filesystem to the empty directory now called a mount-point, then you are able to access the series of datablocks reserved on the hard disk for that filesystem as defined by /dev/database at installation time.

Once mounted the filesystem is now accessible through the mount-point called /database.

debian:~# mount
/dev/hda2 on / type ext2 (rw,errors=remount-ro)
proc on /proc type proc (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)

Here you can see that there are currently three file systems mounted.

One is your root ("/") file system, which is mounted off "hda2", which you should remember is the second partition on your primary master IDE drive. You can also see that the filesystem is mounted as "read-write", and is of type "ext2" (short for Linux second extended file system)

There are then two special filesystems, proc, and "devpts". The "devpts" filesystem is a simple, virtual filesystem which allows for easy control over the terminal devices and their ownership. We will explain the proc filesystem within the next section.

You can mount additional filesystems, as long as they been defined in your /etc/fstab file, by using the mount command:

In the following example we are going to mount /dev/cdrom on a mount-point called /cdrom:

debian:~# mount
/dev/hdb2 on / type ext2 (rw,errors=remount-ro)
proc on /proc type proc (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
debian:~# mount /cdrom
debian:~# mount
/dev/hdb2 on / type ext2 (rw,errors=remount-ro)
proc on /proc type proc (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/cdrom on /cdrom type iso9660 (ro,noexec,nosuid,nodev)

In the example above, we've successfully mounted a CD-ROM onto the /cdrom mount point. You can now change directory into the /cdrom directory and you will have access to the information held on the CDROM itself. Read write access will depend on the capabilities of the CDROM and the permissions of your username.

To unmount it again once we've finished, we can use the unmount command:

debian:~# umount /cdrom
debian:~# mount
/dev/hdb2 on / type ext2 (rw,errors=remount-ro)
proc on /proc type proc (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)

If you wish to mount a filesystem which isn't configured in your /etc/fstab file, then you can use the following syntax:

mount -t <type> -o <options> <device> <mount point>
debian:~# mount -t ext2 -o rw /dev/hdb3 /mnt
debian:~# mount
/dev/hdb2 on / type ext2 (rw,errors=remount-ro)
/dev/hdb3 on /mnt type ext2 (rw)
proc on /proc type proc (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
debian:~# umount /mnt

As you can see, it takes fields very similar to what you find in /etc/fstab. As a point of interest, the currently mounted filesystem information is kept in a file called /etc/mtab.

debian:~# cat /etc/mtab 
/dev/hdb2 / ext2 rw,errors=remount-ro 0 0
proc /proc proc rw 0 0
devpts /dev/pts devpts rw,gid=5,mode=620 0 0

Make sure that whether you mount a diskette, cdrom or hard drive filesystem that you un-mount it prior to removing it from the system or prior to shutting down the system.


The /proc filesystem is a special interface to the Linux kernel. It allows you to access various Linux kernel structures as if they were normal files.

Let's take a look:

debian:~# cd /proc 
debian:/proc# ls -F
./     1886/  2035/  2110/  6/           ksyms
../    1887/  2068/  2146/  7/           loadavg
1/     1888/  2069/  2309/  8/           locks
1080/  1908/  2070/  2325/  899/         lvm/
11/    1940/  2071/  2388/  902/         mdstat
1116/  1941/  2072/  2425/  961/         meminfo
1254/  1959/  2073/  2426/  acpi/        misc
1283/  1962/  2074/  2427/  asound/      mm
1292/  1965/  2075/  2428/  buddyinfo    modules
1300/  1968/  2076/  2439/  bus/         mounts@
1322/  1984/  2077/  3/     cmdline      mtrr
1323/  1986/  2079/  3291/  config.gz    net/
1435/  1987/  2082/  3342/  cpufreq      partitions
1663/  1989/  2083/  3348/  cpuinfo      pci
1668/  1990/  2084/  3349/  crypto/      pisch
1719/  1992/  2087/  3350/  devices      pisch_version
1752/  1994/  2095/  3351/  dma          scsi/
1759/  1997/  2096/  3352/  driver/      self@
1804/  2/     2098/  3517/  execdomains  slabinfo
1806/  2007/  2100/  3562/  fb           splash
1814/  2009/  2101/  3662/  filesystems  stat
1815/  2013/  2102/  3663/  fs/          swaps
1816/  2015/  2103/  3751/  ide/         sys/
1817/  2017/  2104/  3753/  interrupts   sysrq-trigger
1818/  2018/  2105/  3754/  iomem        sysvipc/
1822/  2019/  2106/  3763/  ioports      tty/
1883/  2021/  2107/  386/   irq/         uptime
1884/  2028/  2108/  4/     kcore        version
1885/  2030/  2109/  5/     kmsg         video/


The numbers refer to process IDs, and within those directories you can find out information about that currently running process. The self directory is a symlink to the process that checks it's current PID.

Some useful files in proc are:


This file displays information about the system's CPU(s):

debian:/proc# cat cpuinfo 
processor          : 0
vendor_id          : AuthenticAMD
cpu family         : 6
model               : 3
model name    : AMD Duron(tm) Processor 
stepping          : 1
cpu MHz         : 656.476
cache size      : 64 KB
fdiv_bug        : no
hlt_bug         : no
sep_bug         : no
f00f_bug        : no
coma_bug        : no
fpu             : yes
fpu_exception   : yes
cpuid level     : 1
wp              : yes
flags           : fpu vme de pse tsc msr 
    : mca cmov pat pse36 psn mmxext \
                        mmx fxsr 3dnowext 3dnow
bogomips   : 1307.44



This displays the amount of time that the system has been up, given in seconds.

debian:/proc# cat uptime 
43736.51 43685.48


This displays the system's load average, the same as the top and "uptime" commands that were covered earlier.

debian:/proc# cat loadavg 
0.00 0.00 0.00 1/22 3448
debian:/proc# _

file system monitoring

One of the things that almost all operating systems do not handle very well is running out of disk space. Some applications will fail relatively gracefully, but probably won't be able to save their most recent changes. Other applications, usually the more complicated ones, will only be able to partially save, thus resulting in corrupted file data, which means you're going to have to end up restoring from backups!

You will find the following commands useful for keeping an eye on your filesystems:


The df (disk free) command shows your the amount of free disk space on the currently mounted filesystems:

debian:~# df
Filesystem           1k-blocks      Used Available Use% Mounted on
/dev/hdb2              9550788     79056   8986572   1% /

You can use the "-h" parameter to tell df to display the values in "human readable" form:

debian:~# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/hdb2             9.8G   81M  9.2G   1% /

Specifying the "-i" switch will cause df to display the free inode count, instead of the default free block count:

debian:~# df -i
Filesystem            Inodes   IUsed   IFree IUse% Mounted on
/dev/hdb2            1214400   12043 1202357    1% /


The du (disk used) command can be used to determine how much space has been used by directories. This is useful when you're doing some cleaning up and looking for areas that are consuming a lot of space:

debian:~# du -sh /usr
53M     /usr

The "-s" switch gives us a summary, rather than a listing of each sub directory, and the "-h" switch again gives us the values in "human readable" form, rather than in block sizes.

You can use a combination of these commands to track down disk usage on your filesystems.

A good system administrator should keep an eye on the output of df and note when filesystems are reaching their limit, so that a new disk can be arranged before the system runs out of space!

It's often useful to look for the largest files and directories on a certain drive, as you may be wishing to free up some space quickly. You can use the "du" command together with a few others to achieve this:

debian:~# du -k /usr | sort -n | tail -10
37660   /usr/X11R6
39864   /usr/bin
52704   /usr/share/doc
76588   /usr/local/src/kernel-source-2.4.18/drivers
122336  /usr/lib
154308  /usr/local/src/kernel-source-2.4.18
155456  /usr/local/src
155496  /usr/local
192672  /usr/share
583824  /usr

The "-k" switch tells "du" to display the size of everything in kilobytes; it's important for the unit of measurement to be the same so that the "sort" command can order things properly.

The "-n" switch tells "sort" to treat the numbers as values, rather than words.

The "tail -10" command specifies that only the last 10 lines of output should be displayed.

This little one liner can now easily give you the top 10 largest files and directories in a specified path!

Advanced file permissions

We've dealt previously with "chmod", and with the "r", "w" and "x" permission bits. However, there are a few more, which we will deal with now.

suid and sgid bits

The "set user id" (suid) and "set group id" (sgid) on execution bits are denoted by an "s" in the column that would normally have an "x" (execute) character.

For example, the "passwd" command has its suid bit set:

debian:~# ls -l /usr/bin/passwd
-rwsr-xr-x    1 root     root        24680 Apr  7  2002 /usr/bin/passwd

These bits have the effect of causing the command to be run as the user (suid) and/or as the group (sgid) that owns the file. In the case of "passwd", it means that even if you execute the "passwd" command as a normal user, the kernel will elevate the command's privileges to that of the root user.

In this specific case, it is so that the passwd command can access the /etc/shadow password file, so that it can check and change passwords.

[Note] Note

Problems with suid and sgid binaries can very often lead to a system compromise, so it is very important to make sure that you know which files on your system have these bits set, and to make sure that you keep that particular package up to date with security fixes, or perhaps even uninstall it if the package isn't necessary.

You can use the "find" command to locate all the suid and sgid binaries on your system:

debian:~# find / -xdev -perm +4000 -ls
17591   24 -rwsr-xr-x   1 root     root        21112 Sep
 23  2003 /bin/su
 12789   32 -rwsr-xr-x   1 root     root        31188 Sep 
 23  2003 /bin/ping
  9736   36 -rwsr-xr-x   1 root     audio       36142 Sep 
  23  2003 /bin/eject
 40687   76 -rwsr-xr-x   1 root     root        77488 Sep
 23  2003 /bin/mount
 12790   28 -rwsr-xr-x   1 root     root        26996 Sep
 23  2003 /bin/ping6
 40688   40 -rwsr-xr-x   1 root     root        40788 Sep
 23  2003 /bin/umount
 64765   60 -rwsr-xr-x   1 root     root        61396 Sep
 24  2003 /opt/kde3/bin/fileshareset
 52172    8 -rwsr-xr-x   1 root     root         6206 Sep
 24  2003 /opt/kde3/bin/artswrapper
 64769   16 -rwsr-xr-x   1 root     shadow      14134 Sep
 24  2003 /opt/kde3/bin/kcheckpass
 54971    8 -rwsr-xr-x   1 root     root         7946 Sep
 24  2003 /opt/kde3/bin/kpac_dhcp_helper
198953   44 -rwsr-xr-x   1 root     video       43996 Sep 
 24  2003 /opt/gnome/sbin/zapping_setup_fb
 64521   36 -rwsr-xr-x   1 root     root        35196 Sep
 23  2003 /usr/bin/at
 43724    8 -rwsr-xr-x   2 root     root         4572 Sep 
 24  2003 /usr/bin/man
 49943   16 -rwsr-xr-x   1 root     root        15488 Sep 
 23  2003 /usr/bin/rcp
 49946   12 -rwsr-xr-x   1 root     root         8228 Sep 
 23  2003 /usr/bin/rsh
 69488  228 -rwsr-xr-x   1 root     root       229480 Sep 
 23  2003 /usr/bin/ssh
144705   32 -rwsr-xr-x   1 root     trusted     30623 Sep 
23  2003 /usr/bin/bing
 58745   76 -rwsr-xr-x   3 root     shadow      77204 Sep 
 24  2003 /usr/bin/chfn
 58745   76 -rwsr-xr-x   3 root     shadow      77204 Sep 
 24  2003 /usr/bin/chsh
 17782   92 -rwsr-xr-x   1 root     root        90508 Sep 
 23  2003 /usr/bin/sudo
 49653   16 -rwsr-xr-x   1 lp       sys         15206 Sep 
 23  2003 /usr/bin/lppasswd
202972   16 -rwsr-xr-x   1 root     trusted     14880 Sep 
23  2003 /usr/bin/vboxbeep
 71038   24 -rwsr-xr-x   1 root     root        22812 Sep 
 23  2003 /usr/bin/crontab
 58662   60 -rwsr-xr-x   1 root     shadow      60944 Sep 
 24  2003 /usr/bin/chage
 43724    8 -rwsr-xr-x   2 root     root         4572 Sep 
 24  2003 /usr/bin/mandb

sticky bit

The sticky bit is denoted by a "t" in instead of the group execute permission ("x"). An example is the /tmp directory:

debian:~# ls -ld /tmp
drwxrwxrwt    2 root     root         4096 Mar 15 04:35 /tmp

The sticky bit only has an affect on directories, not regular files. It turns a directory into an append-only directory. This means that files in this directory can only be removed or renamed by the owner of the file. Thus, it is very useful for directories, which are publically writable, but where you want to protect the user's files from other users.

Again, you can use the "find" command to show you all the sticky-bit directories on your system:

debian:~# find / -xdev -perm +1000 -ls
  97153    4 drwxrwxrwt   2 root     root         4096 Mar 12 04:35 /tmp
1117249    4 drwxrwxrwt   2 root     root         4096 Feb  8  2002 /var/lock
1182017    4 drwxrwxrwt   3 root     root         4096 Mar 11 14:22 /var/tmp

file attributes on the ext2 file system

In addition to the standard Unix file permission scheme, the ext2 file system has the ability to set the following attributes on both files and directories:

no access time (A)

When a file or directory with this attribute is accessed for reading or writing, its last access time (atime) will not be updated. This may be useful on files which are accessed very often, but which you're not interested in recording the atime for. An example might be the system man pages.

append only (a)

Files with this attribute set can only be appended to. For directories, this means that you can only add files to it; you cannot delete or rename files.

no dump (d)

This prevents the dump(8) backup utility from backing up a file or directory marked with this attributed.

immutable (i)

This prevents the file from being modified in any way. Only the root user can set or clear this attribute.

secure deletion (s)

When a file or directory with this attribute is deleted, the space they occupied on the disk is overwritten with zeros before the filesystem entries are removed.

synchronous mode (S)

Modifications to files or directories with this bit set are written to disk immediately, without doing any buffering.

You can use the following commands to examine and set ext2 attributes:


The "lsattr" command displays the attributes.


The "chattr" command can set and remove attributes on files.

debian:~# ls -l test.txt 
-rw-r--r--    1 root     root            9 Mar 15 03:17 test.txt
debian:~# lsattr test.txt 
-------------- test.txt
debian:~# chattr +i test.txt 
debian:~# lsattr test.txt 
---i---------- test.txt
debian:~# rm test.txt 
rm: remove write-protected file 'test.txt&apos;? y
rm: cannot unlink 'test.txt&apos;: Operation not permitted
debian:~# chattr -i test.txt 
debian:~# rm test.txt 

As you can see, even the root user cannot delete an "immutable" file until the attribute has been removed.