File System Basics Brandon Checketts Some terminology n
File System Basics Brandon Checketts
Some terminology n n n Superblocks Inodes Journaling Hard links Symbolic links Directory entries
The Superblock n n n n Describes the entire file system Block Size Pointer to the root directory Flags (ro, noatime, etc) List of open files First copy of the superblock is stored near the start of the device Backup copies are stored throughout the file system
Block Groups n n n Block groups divide the disk into smaller groups to reduce disk seeking A Block Group Descriptor is saved near the superblock that describes where each block group is located on disk Each block group contains a list of blocks and inodes and a flag for whether or not they are used
Inodes n n Each file has an inode Contains meta- information about the file, but does not contain the file name or the file contents See the Stat() system call Owner, permissions, timestamps, size, number of links
Inode Structure n n n n n Offset Size Use 0 2 2 2 4 4 8 4 12 4 16 4 20 4 24 2 26 2 28 4 32 4 36 4 40 15 x 4 100 4 104 4 108 4 112 4 116 1 2 i_mode Permissions i_uid 16 -bit User ID i_size 32 -bit File Size (lower 32 bits) i_atime Last Accessed Timestamp i_ctime Created Timestamp i_mtime Last modified Timestamp i_dtime deleted Timestamp i_gid 16 -big Troup ID i_links_count # Of links to this file i_blocks # Blocks reserved for file i_flags Immutable, compressed, etc i_osd 1 i_block i_generation i_file_acl pointer to block containing ACL i_dir_acl high 32 bits of file size i_faddr i_osd 2
Directories n n A Directory is simply a file that lists the files and directories contained within, and their associated inode Deleting a file just removes it from the directory, but doesn’t generally delete it from disk n 0 4 6 7 n 8 n n n 4 inode The inode for this file 2 rec_len offset to the next directory entry 1 name_len[a] length of the file name 1 file_type[b] file type (regular, directory, block , character, symlink, etc) 0 -25 name
Hard Links n n Each inode represents a single file, not dependent on the file name A ‘Hard Link’ is when two directories have a file name pointed to the same inode i_links_count is incremented for each hard link and decremented when a file is ‘deleted’ from a directory When i_links_count reaches zero, the inode is then deleted
Symbolic Links n n A special type of file that references another file Can span across file systems I think of it as an HTTP redirect Symlinks shorter than 60 bytes are stored in the inode itself, and don’t have a data block
Ext 3 n n n Add a journal Logs writes to a file system journal before committing to disk Increased file system limits Performance Optimizations
Ext 4 n n n Larger still (File systems up to 1 exabyte and files as large as 16 TB) Extents for contiguous space Improved timestamps (to the nanosecond, and for 500 more years)
![Experiment n n n Create a loopback file: [root@slc 1 ~]# dd if=/dev/zero of=/root/loopback-sample](http://slidetodoc.com/presentation_image_h2/e4493696ac129f008be85970563c8682/image-12.jpg "Experiment n n n Create a loopback file: [root@slc 1 ~]# dd if=/dev/zero of=/root/loopback-sample")
Experiment n n n Create a loopback file: [root@slc 1 ~]# dd if=/dev/zero of=/root/loopback-sample bs=1024 count=30720+0 records in 30720+0 records out 31457280 bytes (31 MB) copied, 0. 813375 seconds, 38. 7 MB/s
![Create an Ext 3 filesystem n n n n n [root@slc 1 ~]# mkfs](http://slidetodoc.com/presentation_image_h2/e4493696ac129f008be85970563c8682/image-13.jpg "Create an Ext 3 filesystem n n n n n [root@slc 1 ~]# mkfs")
Create an Ext 3 filesystem n n n n n [root@slc 1 ~]# mkfs -t ext 3 /dev/loop 0 mke 2 fs 1. 39 (29 -May-2006) Filesystem label= OS type: Linux Block size=1024 (log=0) Fragment size=1024 (log=0) 7680 inodes, 30720 blocks 1536 blocks (5. 00%) reserved for the super user First data block=1 Maximum filesystem blocks=31457280 4 block groups 8192 blocks per group, 8192 fragments per group 1920 inodes per group Superblock backups stored on blocks: 8193, 24577 Writing inode tables: done Creating journal (1024 blocks): done Writing superblocks and filesystem accounting information: done This filesystem will be automatically checked every 25 mounts or 180 days, whichever comes first. Use tune 2 fs -c or -i to override.
Experiment n n n Mkdir /mnt/loopback Mount /dev/loop 0 /mnt/loopback Copy some images to it File system tools on slc 1: /usr/local/src/sk/tools/fstools might be fun. /fsstat /dev/loop 0 Scalpel is cool
References n n http: //www. nongnu. org/ext 2 doc/ext 2. html http: //www. linuxleo. com/ http: //www. sleuthkit. org/sleuthkit/d esc. php http: //www. digitalforensicssolutions. com/Scalpel/
- Slides: 15