Chapter 12. Filesystem Features : Attributes, Creating, Checking, Mounting

Objectives

• Be familiar with concepts like inodes, directory files and extended attributes
• Create and format filesystems
• Check and fix error on filesystems
• Mount and unmount filesystems

Inodes, directory files and extended attributes

Inodes

Its a data structure that stores information about a given file, such information includes

• Location
• Permissions
• User and group ownership
• Size
• Timestamp (nanosecond)
  • Last access time
  • Last modification time
  • Change time

Note: So far the inode data structure does not contain the name of the file, such information is stored in the Directory file

Directory file

Its a particular type of file that stores these data, for each of its content (or files within such directory)

• filename
• inode

There are two ways to link a filename with an inode

• Hard Link
  • Link points directly to an inode
• Soft Link
  • Link points to a filename that is associated with an inode

Note : It is possible for a file to have more than one name (several Hard Links), but it only have one inode

Extended Attributes

Data about the inode that is used for porpuses like

• security
  • SELinux
• access control lists
  • ACLs

Four namespaces

• user
• trusted
• security
• system

Each of this namespace or type of extended attribute has it own flags, for example for the user namespace

• i
  • immutable : A file with this flag
    • can not be modified
    • can not be renamed
    • can not be deleted
• a
  • append-only : A file with this flag
    • can be opened in append-only mode for writing
• d
  • no-dump : A file with this flag
    • will be ignored by the dump programm 
• A
  • No atime update : A file with this flag
    • will not modify its access time record when the file is accessed
    • will modify its access time when the file is modified

To list the extended attributes

$ lsattr

To change extended attributes (sample addit append only attribute to someFile.txt)

​$ chattr a+ someFile.txt

Creating and Formatting Filesystems

mkfs

Make filesystem (mkfs) its a program to create file systems

$ ls -lh /sbin/mkfs*

-rwxr-xr-x 1 root root  11K Apr 10 03:50 /sbin/mkfs
-rwxr-xr-x 1 root root 181K Oct 15  2012 /sbin/mkfs.btrfs
-rwxr-xr-x 1 root root  26K Apr 10 03:50 /sbin/mkfs.cramfs
-rwxr-xr-x 5 root root  68K Jul 16 15:31 /sbin/mkfs.ext2
-rwxr-xr-x 5 root root  68K Jul 16 15:31 /sbin/mkfs.ext3
-rwxr-xr-x 5 root root  68K Jul 16 15:31 /sbin/mkfs.ext4
-rwxr-xr-x 5 root root  68K Jul 16 15:31 /sbin/mkfs.ext4dev
lrwxrwxrwx 1 root root    7 Dec  6  2011 /sbin/mkfs.msdos -> mkdosfs
lrwxrwxrwx 1 root root   12 Sep 28  2011 /sbin/mkfs.ntfs -> /sbin/mkntfs
lrwxrwxrwx 1 root root    7 Dec  6  2011 /sbin/mkfs.vfat -> mkdosfs

mkfs command format

mkfs [-t fstype] [options] [device-file] 

[device-file] = Usually a device name like /dev/sda5 or /dev/vg/lvm1

Examples

$ sudo mkfs -t ext4 /dev/sda10

Is equals to

$ sudo mkfs.ext4 /dev/sda10

Checking and Fixing Filesystems

fsck

Filesystem check is a program to check filesystems

$ ls -l /sbin/fsck*

​-rwxr-xr-x 1 root root  34680  Apr 10 03:50 /sbin/fsck
-rwxr-xr-x 1 root root  15976  Apr 10 03:50 /sbin/fsck.cramfs
-rwxr-xr-x 5 root root 197352  Jul 16 15:31 /sbin/fsck.ext2
-rwxr-xr-x 5 root root 197352  Jul 16 15:31 /sbin/fsck.ext3
-rwxr-xr-x 5 root root 197352  Jul 16 15:31 /sbin/fsck.ext4
-rwxr-xr-x 5 root root 197352  Jul 16 15:31 /sbin/fsck.ext4dev
lrwxrwxrwx 1 root root      7  Dec  6  2011 /sbin/fsck.msdos -> dosfsck
lrwxrwxrwx 1 root root     13  Sep 28  2011 /sbin/fsck.ntfs -> ../bin/ntfsck
lrwxrwxrwx 1 root root      7  Dec  6  2011 /sbin/fsck.vfat -> dosfsck

fsck command format

fsck [-t fstype] [options] [device-file] 

[device-file] = Usually a device name like /dev/sda5 or /dev/vg/lvm1

Examples

$ sudo fsck -t ext4 /dev/sda10

Is equals to

$ sudo fsck.ext4 /dev/sda10

If we want to make a general filesystem check in the machine

$ sudo touch /forcefsck
$ sudo reboot

​This flag file will disappear after a successful check at the filesystem, it will perform even a root filesystem check

Mounting Filesystems

Linux File system is a hierarchical tree with the "/" root at its top, from it several branches can extend and thus have several other sub branches. Other filesystems can be attached to the filesystem with tools like mount (to attach) and unmount (to detach) filesystems on a given directory or mount point.

$ sudo mount -t ext4 /dev/sdb4 /home

• Mounts an ext4 filesystem
• Located on a specific partition of a hard drive (/dev/sdb4)
• Mounted at /home
• All file under /home will be hidden until the filesystem get unmounted

The best way to mount a block device is by using its block id or UUID (universally unique identifier) for example

$ sudo mount UUID=26d58ee2-9d20-4dc7-b6ab-aa87c3cfb69a /home
$ sudo mount   -U 26d58ee2-9d20-4dc7-b6ab-aa87c3cfb69a /home

Other ways to do so

$ sudo mount /dev/sda2 /home
$ sudo mount LABEL=home /home
$ sudo mount -L home /home

Mount the filesystems listed at /etc/fstab

$ sudo mount -a

Display help for mount command

$ mount --help

Display mounted file systems information

$ mount -l
$ mount

Mount and Unmount can also use information from the /etc/fstab

The mount and umount utilities can use information in /etc/fstab; in such a case one could type

$ sudo mount /usr/src    

instead of

$ sudo mount LABEL=src /usr/src

Because LABEL=src was alreadey specified within /etc/fstab

​Unmounting Filesystems

$ umount [device-file | mount-point]

Samples

$ sudo umount /home
$ sudo umount /dev/sda3

Lab 12.1

1. With your normal user account use touch to create an empty file named /tmp/appendit.

2. Use cat to append the contents of /etc/hosts to /tmp/appendit.

3. Compare the contents of /tmp/appendit with /etc/hosts; there should not be any differences.

4. Try to add the append-only attribute to /tmp/appendit by using chattr. You should see an error here. Why?

5. As root, retry adding the append-only attribute; this time it should work. Look at the file’s extended attributes by using lsattr.

6. As a normal user, try and use cat to copy over the contents of /etc/passwd to /tmp/appendit. You should get an error. Why?

7. Try the same thing again as root. You should also get an error. Why?

8. As the normal user, again use the append redirection operator (>>) and try appending the /etc/passwd file to

   /tmp/appendit. This should work. Examine the resulting file to confirm.

9. As root, set the immutable attribute on /tmp/appendit, and look at the extended attributes again.

10. Try appending output to /tmp/appendit, try renaming the file, creating a hard link to the file, and deleting the file as both the normal user and as root.

11. We can remove this file by removing the extended attributes. Do so. 

Solution

1. $ cd /tmp
   $ touch appendit
   $ ls -l appendit
   -rw-rw-r-- 1 coop coop 0 Oct 23 19:04 appendit

2. $ cat /etc/hosts > appendit

3. $ diff /etc/hosts appendit

4. $ chattr +a appendit
   chattr: Operation not permitted while setting flags on appendit

5. $ sudo chattr +a appendit $ lsattr appendit -----a-------e-- appendit

6. $ cat /etc/passwd > appendit
   bash: appendit: Operation not permitted

7. $ sudo su
   $ cat /etc/passwd > appendit
   bash: appendit: Operation not permitted $ exit

8. $ cat /etc/passwd >> /tmp/appendit $ cat appendit

9. $ sudo chattr +i appendit $ lsattr appendit ----ia-------e- appendit

10. $ echo hello >> appendit
    -bash: appendit: Permission denied
    $ mv appendit appendit.rename
    mv: cannot move ‘appendit’ to ‘appendit.rename’: Operation not permitted
    $ ln appendit appendit.hardlink
    ln: creating hard link ‘appendit.hardlink’ => ‘appendit’: Operation not permitted $ rm -f appendit
    rm: cannot remove ‘appendit’: Operation not permitted

        $ sudo su
         $ echo hello >> appendit
         -bash: appendit: Permission denied
         $ mv appendit appendit.rename
         mv: cannot move ‘appendit’ to ‘appendit.rename’: Operation not permitted
         $ ln appendit appendit.hardlink
         ln: creating hard link ‘appendit.hardlink’ => ‘appendit’: Operation not permitted
         $ rm -f appendit
         rm: cannot remove ‘appendit’: Operation not permitted
         $ exit

11. $ sudo su
    $ lsattr appendit
    ----ia-------e- appendit
    $ chattr -ia /appendit
    $ rm appendit
    rm: remove regular file ‘appendit’? y
    $ ls appendit
    ls: cannot access appendit: No such file or directory 

Lab 12.2

1. Use fdisk to create a new 250 MB partition on your system, probably on /dev/sda. Or create a file full of zeros to use as a loopback file to simulate a new partition.

2. Use mkfs to format a new filesystem on the partition or loopback file just created. Do this three times, changing the block size each time. Note the locations of the superblocks, the number of block groups and any other pertinent information, for each case.

3. Create a new subdirectory (say /mnt/tempdir) and mount the new filesystem at this location. Verify it has been mounted.

4. Unmount the new filesystem, and then remount it as read-only.

5. Try to create a file in the mounted directory. You should get an error here, why?

6. Unmount the filesystem again.

7. Add a line to your /etc/fstab file so that the filesystem will be mounted at boot time.

8. Mount the filesystem.

9. Modify the configuration for the new filesystem so that binary files may not be executed from the filesystem (change defaults to noexec in the /mnt/tempdir entry). Then remount the filesystem and copy an executable file (such as /bin/ls) to /mnt/tempdir and try to run it. You should get an error: why?

When you are done you will probably want to clean up by removing the entry from /etc/fstab. 

Solution

Physical Partition Solution

1. We won’t show the detailed steps in fdisk, as it is all ground covered earlier. We will assume the partition created

   is /dev/sda11, just to have something to show.

        $ sudo fdisk /dev/sda
   

        .....
        w
        $ partprobe -s
   

   Sometimes the partprobe won’t work, and to be sure the system knows about the new partition you have to reboot.

2. $ sudo mkfs -t ext4 -v /dev/sda11 $ sudo mkfs -t ext4 -b 2048 -v /dev/sda11 $ sudo mkfs -t ext4 -b 4096 -v /dev/sda11

   Note the -v flag (verbose) will give the requested information; you will see that for a small partition like this the default is 1024 byte blocks.

3. $ sudo mkdir /mnt/tempdir
   $ sudo mount /dev/sda11 /mnt/tempdir $ mount | grep tempdir

4. $ sudo umount /mnt/tempdir
   $ sudo mount -o ro /dev/sda11 /mnt/tempdir

   If you get an error while unmounting, make sure you are not currently in the directory.

5. $ sudo touch /mnt/tempdir/afile

6. $ sudo umount /mnt/tempdir

7. Put this line in /etc/fstab:

        /dev/sda11 /mnt/tempdir ext4 defaults 1 2
   

8. $ sudo mount /mnt/tempdir
   $ sudo mount | grep tempdir

Change the line in /etc/fstab to: /dev/sda11 /mnt/tempdir ext4 noexec 1 2 Then do:

     $ sudo mount -o remount /mnt/tempdir
     $ sudo cp /bin/ls /mnt/tempdir
     $ /mnt/tempdir/ls

You should get an error here, why? 
 

Loopback File Solution

1. $ sudo dd if=/dev/zero of=/imagefile bs=1M count=250

2. $ sudo mkfs -t ext4 -v
   $ sudo mkfs -t ext4 -b 2048 -v /imagefile $ sudo mkfs -t ext4 -b 4096 -v /imagefile 

   You will get warned that this is a file and not a partition, just proceed.

   Note the -v flag (verbose) will give the requested information; you will see that for a small partition like this the default is 1024 byte blocks. 

3. $ sudo mkdir /mnt/tempdir
   $ sudo mount -o loop /imagefile /mnt/tempdir
   $ mount | grep tempdir

4. $ sudo umount /mnt/tempdir
   $ sudo mount -o ro,loop /imagefile /mnt/tempdir
   If you get an error while unmounting, make sure you are not currently in the directory.

5. $ sudo touch /mnt/tempdir/afile

6. $ sudo umount /mnt/tempdir

7. Put this line in /etc/fstab:
   /imagefile /mnt/tempdir ext4 loop 1 2

8. $ sudo mount /mnt/tempdir
   $ sudo mount | grep tempdir

9. Change the line in /etc/fstab to:
   /imagefile /mnt/tempdir ext4 loop,noexec 1 2 Then do:
   $ sudo mount -o remount /mnt/tempdir
   $ sudo cp /bin/ls /mnt/tempdir
   $ /mnt/tempdir/ls
   You should get an error here, why?