| Using Filesystems | ||
|---|---|---|
|
Chapter 3. File Types and File Systems |  |
| Using Filesystems | ||
|---|---|---|
|
|
Chapter 3. File Types and File Systems | |
The mount command, and it's cousin umount can be used to mount and unmount filesystems on your Linux system.
An extract from the mount(1) man page:
|
All files accessible in a Unix system are arranged in one big tree, the file hierarchy, rooted at /. These files can be spread out over several devices. The mount command serves to attach the file system found on some device to the big file tree. Conversely, the umount(8) command will detach it again. |
||
| --man mount(1) | ||
Issuing the mount command without any parameters will display the current mounted filesystems, and their status, on your system:
So when you created the filesystems at installation time a relevant device was created in the /dev directory. The devices that were created each have an address that points to a series of datablocks on your hard disk.
As an example let us say that when you were installing the operating system you specified a third filesystem called "database" that you wanted to create as well as the root filesystem and the swap filesystem. A device called database (/dev/database) would be created at that time and a mount point would be created as well called say /database.
Now when you do a listing under root you will see an empty directory called "database". When you attach or mount the filesystem to the empty directory now called a mount-point, then you are able to access the series of datablocks reserved on the hard disk for that filesystem as defined by /dev/database at installation time.
Once mounted the filesystem is now accessible through the mount-point called /database.
debian:~# mount
/dev/hda2 on / type ext2 (rw,errors=remount-ro)
proc on /proc type proc (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
|
Here you can see that there are currently three file systems mounted.
One is your root ("/") file system, which is mounted off "hda2", which you should remember is the second partition on your primary master IDE drive. You can also see that the filesystem is mounted as "read-write", and is of type "ext2" (short for Linux second extended file system)
There are then two special filesystems, proc, and "devpts". The "devpts" filesystem is a simple, virtual filesystem which allows for easy control over the terminal devices and their ownership. We will explain the proc filesystem within the next section.
You can mount additional filesystems, as long as they been defined in your /etc/fstab file, by using the mount command:
In the following example we are going to mount /dev/cdrom on a mount-point called /cdrom:
debian:~# mount
/dev/hdb2 on / type ext2 (rw,errors=remount-ro)
proc on /proc type proc (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
debian:~# mount /cdrom
debian:~# mount
/dev/hdb2 on / type ext2 (rw,errors=remount-ro)
proc on /proc type proc (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/cdrom on /cdrom type iso9660 (ro,noexec,nosuid,nodev)
debian:~#
|
In the example above, we've successfully mounted a CD-ROM onto the /cdrom mount point. You can now change directory into the /cdrom directory and you will have access to the information held on the CDROM itself. Read write access will depend on the capabilities of the CDROM and the permissions of your username.
To unmount it again once we've finished, we can use the unmount command:
debian:~# umount /cdrom
debian:~# mount
/dev/hdb2 on / type ext2 (rw,errors=remount-ro)
proc on /proc type proc (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
debian:~#
|
If you wish to mount a filesystem which isn't configured in your /etc/fstab file, then you can use the following syntax:
SYNTAX:
mount -t <type> -o <options> <device> <mount point>
|
debian:~# mount -t ext2 -o rw /dev/hdb3 /mnt
debian:~# mount
/dev/hdb2 on / type ext2 (rw,errors=remount-ro)
/dev/hdb3 on /mnt type ext2 (rw)
proc on /proc type proc (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
debian:~# umount /mnt
|
As you can see, it takes fields very similar to what you find in /etc/fstab. As a point of interest, the currently mounted filesystem information is kept in a file called /etc/mtab.
debian:~# cat /etc/mtab
/dev/hdb2 / ext2 rw,errors=remount-ro 0 0
proc /proc proc rw 0 0
devpts /dev/pts devpts rw,gid=5,mode=620 0 0
|
Make sure that whether you mount a diskette, cdrom or hard drive filesystem that you un-mount it prior to removing it from the system or prior to shutting down the system.
The /proc filesystem is a special interface to the Linux kernel. It allows you to access various Linux kernel structures as if they were normal files.
Let's take a look:
debian:~# cd /proc
debian:/proc# ls -F
./ 1886/ 2035/ 2110/ 6/ ksyms
../ 1887/ 2068/ 2146/ 7/ loadavg
1/ 1888/ 2069/ 2309/ 8/ locks
1080/ 1908/ 2070/ 2325/ 899/ lvm/
11/ 1940/ 2071/ 2388/ 902/ mdstat
1116/ 1941/ 2072/ 2425/ 961/ meminfo
1254/ 1959/ 2073/ 2426/ acpi/ misc
1283/ 1962/ 2074/ 2427/ asound/ mm
1292/ 1965/ 2075/ 2428/ buddyinfo modules
1300/ 1968/ 2076/ 2439/ bus/ mounts@
1322/ 1984/ 2077/ 3/ cmdline mtrr
1323/ 1986/ 2079/ 3291/ config.gz net/
1435/ 1987/ 2082/ 3342/ cpufreq partitions
1663/ 1989/ 2083/ 3348/ cpuinfo pci
1668/ 1990/ 2084/ 3349/ crypto/ pisch
1719/ 1992/ 2087/ 3350/ devices pisch_version
1752/ 1994/ 2095/ 3351/ dma scsi/
1759/ 1997/ 2096/ 3352/ driver/ self@
1804/ 2/ 2098/ 3517/ execdomains slabinfo
1806/ 2007/ 2100/ 3562/ fb splash
1814/ 2009/ 2101/ 3662/ filesystems stat
1815/ 2013/ 2102/ 3663/ fs/ swaps
1816/ 2015/ 2103/ 3751/ ide/ sys/
1817/ 2017/ 2104/ 3753/ interrupts sysrq-trigger
1818/ 2018/ 2105/ 3754/ iomem sysvipc/
1822/ 2019/ 2106/ 3763/ ioports tty/
1883/ 2021/ 2107/ 386/ irq/ uptime
1884/ 2028/ 2108/ 4/ kcore version
1885/ 2030/ 2109/ 5/ kmsg video/
|
The numbers refer to process IDs, and within those directories you can find out information about that currently running process. The self directory is a symlink to the process that checks it's current PID.
Some useful files in proc are:
This file displays information about the system's CPU(s):
debian:/proc# cat cpuinfo
processor : 0
vendor_id : AuthenticAMD
cpu family : 6
model : 3
model name : AMD Duron(tm) Processor
stepping : 1
cpu MHz : 656.476
cache size : 64 KB
fdiv_bug : no
hlt_bug : no
sep_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 1
wp : yes
flags : fpu vme de pse tsc msr
: mca cmov pat pse36 psn mmxext \
mmx fxsr 3dnowext 3dnow
bogomips : 1307.44
debian:/proc#
|
One of the things that almost all operating systems do not handle very well is running out of disk space. Some applications will fail relatively gracefully, but probably won't be able to save their most recent changes. Other applications, usually the more complicated ones, will only be able to partially save, thus resulting in corrupted file data, which means you're going to have to end up restoring from backups!
You will find the following commands useful for keeping an eye on your filesystems:
The df (disk free) command shows your the amount of free disk space on the currently mounted filesystems:
debian:~# df
Filesystem 1k-blocks Used Available Use% Mounted on
/dev/hdb2 9550788 79056 8986572 1% /
|
You can use the "-h" parameter to tell df to display the values in "human readable" form:
debian:~# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/hdb2 9.8G 81M 9.2G 1% /
|
Specifying the "-i" switch will cause df to display the free inode count, instead of the default free block count:
debian:~# df -i
Filesystem Inodes IUsed IFree IUse% Mounted on
/dev/hdb2 1214400 12043 1202357 1% /
|
The du (disk used) command can be used to determine how much space has been used by directories. This is useful when you're doing some cleaning up and looking for areas that are consuming a lot of space:
debian:~# du -sh /usr
53M /usr
|
The "-s" switch gives us a summary, rather than a listing of each sub directory, and the "-h" switch again gives us the values in "human readable" form, rather than in block sizes.
You can use a combination of these commands to track down disk usage on your filesystems.
A good system administrator should keep an eye on the output of df and note when filesystems are reaching their limit, so that a new disk can be arranged before the system runs out of space!
It's often useful to look for the largest files and directories on a certain drive, as you may be wishing to free up some space quickly. You can use the "du" command together with a few others to achieve this:
debian:~# du -k /usr | sort -n | tail -10
37660 /usr/X11R6
39864 /usr/bin
52704 /usr/share/doc
76588 /usr/local/src/kernel-source-2.4.18/drivers
122336 /usr/lib
154308 /usr/local/src/kernel-source-2.4.18
155456 /usr/local/src
155496 /usr/local
192672 /usr/share
583824 /usr
|
The "-k" switch tells "du" to display the size of everything in kilobytes; it's important for the unit of measurement to be the same so that the "sort" command can order things properly.
The "-n" switch tells "sort" to treat the numbers as values, rather than words.
The "tail -10" command specifies that only the last 10 lines of output should be displayed.
This little one liner can now easily give you the top 10 largest files and directories in a specified path!
We've dealt previously with "chmod", and with the "r", "w" and "x" permission bits. However, there are a few more, which we will deal with now.
The "set user id" (suid) and "set group id" (sgid) on execution bits are denoted by an "s" in the column that would normally have an "x" (execute) character.
For example, the "passwd" command has its suid bit set:
debian:~# ls -l /usr/bin/passwd
-rwsr-xr-x 1 root root 24680 Apr 7 2002 /usr/bin/passwd
|
These bits have the effect of causing the command to be run as the user (suid) and/or as the group (sgid) that owns the file. In the case of "passwd", it means that even if you execute the "passwd" command as a normal user, the kernel will elevate the command's privileges to that of the root user.
In this specific case, it is so that the passwd command can access the /etc/shadow password file, so that it can check and change passwords.
![[Note]](../images/admon/note.png) |
Note |
|---|---|
|
Problems with suid and sgid binaries can very often lead to a system compromise, so it is very important to make sure that you know which files on your system have these bits set, and to make sure that you keep that particular package up to date with security fixes, or perhaps even uninstall it if the package isn't necessary. |
|
You can use the "find" command to locate all the suid and sgid binaries on your system:
debian:~# find / -xdev -perm +4000 -ls
17591 24 -rwsr-xr-x 1 root root 21112 Sep
23 2003 /bin/su
12789 32 -rwsr-xr-x 1 root root 31188 Sep
23 2003 /bin/ping
9736 36 -rwsr-xr-x 1 root audio 36142 Sep
23 2003 /bin/eject
40687 76 -rwsr-xr-x 1 root root 77488 Sep
23 2003 /bin/mount
12790 28 -rwsr-xr-x 1 root root 26996 Sep
23 2003 /bin/ping6
40688 40 -rwsr-xr-x 1 root root 40788 Sep
23 2003 /bin/umount
64765 60 -rwsr-xr-x 1 root root 61396 Sep
24 2003 /opt/kde3/bin/fileshareset
52172 8 -rwsr-xr-x 1 root root 6206 Sep
24 2003 /opt/kde3/bin/artswrapper
64769 16 -rwsr-xr-x 1 root shadow 14134 Sep
24 2003 /opt/kde3/bin/kcheckpass
54971 8 -rwsr-xr-x 1 root root 7946 Sep
24 2003 /opt/kde3/bin/kpac_dhcp_helper
198953 44 -rwsr-xr-x 1 root video 43996 Sep
24 2003 /opt/gnome/sbin/zapping_setup_fb
64521 36 -rwsr-xr-x 1 root root 35196 Sep
23 2003 /usr/bin/at
43724 8 -rwsr-xr-x 2 root root 4572 Sep
24 2003 /usr/bin/man
49943 16 -rwsr-xr-x 1 root root 15488 Sep
23 2003 /usr/bin/rcp
49946 12 -rwsr-xr-x 1 root root 8228 Sep
23 2003 /usr/bin/rsh
69488 228 -rwsr-xr-x 1 root root 229480 Sep
23 2003 /usr/bin/ssh
144705 32 -rwsr-xr-x 1 root trusted 30623 Sep
23 2003 /usr/bin/bing
58745 76 -rwsr-xr-x 3 root shadow 77204 Sep
24 2003 /usr/bin/chfn
58745 76 -rwsr-xr-x 3 root shadow 77204 Sep
24 2003 /usr/bin/chsh
17782 92 -rwsr-xr-x 1 root root 90508 Sep
23 2003 /usr/bin/sudo
49653 16 -rwsr-xr-x 1 lp sys 15206 Sep
23 2003 /usr/bin/lppasswd
202972 16 -rwsr-xr-x 1 root trusted 14880 Sep
23 2003 /usr/bin/vboxbeep
71038 24 -rwsr-xr-x 1 root root 22812 Sep
23 2003 /usr/bin/crontab
58662 60 -rwsr-xr-x 1 root shadow 60944 Sep
24 2003 /usr/bin/chage
43724 8 -rwsr-xr-x 2 root root 4572 Sep
24 2003 /usr/bin/mandb
|
The sticky bit is denoted by a "t" in instead of the group execute permission ("x"). An example is the /tmp directory:
debian:~# ls -ld /tmp
drwxrwxrwt 2 root root 4096 Mar 15 04:35 /tmp
|
The sticky bit only has an affect on directories, not regular files. It turns a directory into an append-only directory. This means that files in this directory can only be removed or renamed by the owner of the file. Thus, it is very useful for directories, which are publically writable, but where you want to protect the user's files from other users.
Again, you can use the "find" command to show you all the sticky-bit directories on your system:
debian:~# find / -xdev -perm +1000 -ls
97153 4 drwxrwxrwt 2 root root 4096 Mar 12 04:35 /tmp
1117249 4 drwxrwxrwt 2 root root 4096 Feb 8 2002 /var/lock
1182017 4 drwxrwxrwt 3 root root 4096 Mar 11 14:22 /var/tmp
|
In addition to the standard Unix file permission scheme, the ext2 file system has the ability to set the following attributes on both files and directories:
When a file or directory with this attribute is accessed for reading or writing, its last access time (atime) will not be updated. This may be useful on files which are accessed very often, but which you're not interested in recording the atime for. An example might be the system man pages.
Files with this attribute set can only be appended to. For directories, this means that you can only add files to it; you cannot delete or rename files.
This prevents the dump(8) backup utility from backing up a file or directory marked with this attributed.
This prevents the file from being modified in any way. Only the root user can set or clear this attribute.
When a file or directory with this attribute is deleted, the space they occupied on the disk is overwritten with zeros before the filesystem entries are removed.
Modifications to files or directories with this bit set are written to disk immediately, without doing any buffering.
You can use the following commands to examine and set ext2 attributes:
The "chattr" command can set and remove attributes on files.
debian:~# ls -l test.txt
-rw-r--r-- 1 root root 9 Mar 15 03:17 test.txt
debian:~# lsattr test.txt
-------------- test.txt
debian:~# chattr +i test.txt
debian:~# lsattr test.txt
---i---------- test.txt
debian:~# rm test.txt
rm: remove write-protected file 'test.txt'? y
rm: cannot unlink 'test.txt': Operation not permitted
debian:~# chattr -i test.txt
debian:~# rm test.txt
|
As you can see, even the root user cannot delete an "immutable" file until the attribute has been removed.
|
|
 |
|
| The layout of a filesystem |  |
Chapter 4. Backups |