Ch 3 Essential File Mgmt Tools Flashcards
What is the layout of the Linux file system defined by?
The FHS - Filesystem Hierarchy Standard
Where can you find documentation for the FHS?
man 7 file-hierarchy
Name the most significant directories to know for the FHS
“bdrm shoves trump” or “dumb mothers rsvp”
/
/b - boot
/r - root
/o - opt
/s - sys
/e - etc
/m - mnt
/s - srv
/m - media
/r - run
/p - proc
/h - home
/d - dev
/t - tmp
/u - usr
/v - var
What is the / directory?
root directory, where the file system tree starts
What is the /boot directory?
it contains all files and directories needed to boot the Linux kernel
What is the /dev directory?
it contains device files that are used for accessing physical devices. This is essential during boot (need to see the hard drive, /dev/sda!)
What is the /etc directory for?
it contains confgiuration files that are used by programs and services on your server. essential during boot
What is the /home directory for?
user for local user home directories, e.g. /home/elise, home/leelemur
What is the /media or /mnt directory for?
cntain directories that are used for mounting devices in the file system tree (like a CD player)
What is the /opt directory for?
Used for optional packages that may be installe don your server
What is the /proc directory for?
used by the proc file system. This is a file system structure that gives access to kernel informaiton
What is the /root directory for?
specifies the home directory of the root user
What is the /run directory for?
Contains process and user-specific information that has been created since the last boot
What is the /srv directory for?
May be used for data by services like NFS, FTP, and HTTP
What is the /sys directory for?
Virtual Filesystem:
The /sys directory is part of the sysfs virtual filesystem, which is managed by the kernel.
Device Information:
It contains information about devices, including their drivers, configuration, and status.
Kernel Subsystem Access:
/sys provides access to various kernel subsystems, allowing users to read and potentially modify their configuration.
Not a Replacement for /dev:
While /sys provides device information, it’s not meant to be a replacement for the /dev directory, which provides access to devices through device nodes.
Forensic Tool:
The /sys directory can be valuable for forensic investigations, offering insights into kernel operations and hardware configurations, according to Medium.
What is the /tmp directory for?
Purpose:
/tmp provides a location for programs to store temporary files, such as intermediate results, cached data, or files created during the execution of a process.
Temporary Nature:
Files in /tmp are not intended to be preserved across reboots, so they are typically cleared during system startup.
Memory-Based Storage:
Many Linux systems mount /tmp as a tmpfs, which means files are stored in RAM, making access very fast but also ensuring they are lost on reboot.
Common Use Cases:
Programs may use /tmp to store data while they are running, then delete it when the program is finished. For example, an application might use /tmp to store temporary files during a long operation, such as an image processing task.
Difference from /var/tmp:
While both /tmp and /var/tmp are used for temporary storage, /var/tmp is often backed by physical storage and is more likely to retain files across reboots, making it suitable for data that should be preserved through a system restart.
What is the /usr directory for?
History:
Originally, /usr was intended to hold user home directories, but it evolved to its current role.
Purpose:
It’s designed to store files not required for the system’s fundamental functionality, often used for applications installed by users or the system administrator.
Structure:
/usr contains several subdirectories, each with a specific purpose:
/usr/bin: Contains executable user programs.
/usr/lib: Holds shared libraries.
/usr/share: Stores shared data, like documentation and fonts.
/usr/include: Contains header files for compiling software.
Relationship to other directories:
While /bin and /sbin contain basic system binaries, /usr/bin, /usr/sbin, and /usr/local/bin hold additional user and system-specific executables, respectively.
What is the /var directory for?
Contains files that may change in size dynamically, such as log files, mail boxes, and spool files (aaaah so var maybe like “variable size”)
What is a mount?
a mount is a connection between a device and a directory
The linux filesystem hierarchy, starting at the /, may be distributed across many different devices and even many different computer systems….how?
These devices are mounted into the root directory
What is involved in the mounting process?
a device connects to a specific directory. Once this has happened (it has been mounted), the device’s contents are accessible
Linux lets you use multiple mounts (and therefore potentially different filesystems) on a filesystem. What’s a drawback of all files being on just one filesystem?
1) high activity in one area may fill the entire filesystem, which hurts the processes running
2) if all files are on the same devices, its harder to secure and determine security of different areas of the file system. When you mount a separate file system, you can add mount options that can add extra security
3) it’s harder to add addnl storage space if a file system is already filled
How does linux avoid the pitfalls of everything being on one filesystem?
organize the filesystem into
1. diff devices
2. diff shares on other computers
3. logical volumes
4. disk partitions
What directories are commonly mounted on dedicated devices?
/boot, /boot/EFI, /var, /home, /usr
Why is /boot often on a separate device?
Separating this partition provides advantages such as reducing bootloader complexity and preventing accidental deletion of boot files when modifying other partitions
Why is /boot often a separate partition?
Bootloader Requirements:
The bootloader (like GRUB) needs to be able to read and access the kernel and initrd during the initial boot process. Separating /boot allows for simpler bootloader implementations.
Dual-Booting:
If you have multiple operating systems installed, keeping /boot as a separate partition prevents accidental deletion of the bootloader when one of the operating systems is modified or deleted.
File System Complexity:
Having /boot as a separate partition simplifies the overall file system structure, making it easier to manage and maintain.
Kernel Updates:
During kernel updates, the new kernel is typically installed in the /boot partition. This separation ensures that the boot process can continue even if there’s a problem with other parts of the file system.
Security:
Boot files are often considered critical for system integrity, and keeping them separate can enhance system security.
Why does /boot/EFI sometimes need to be on its own device?
If the system uses EFI when booting (extensible firmware interface), then a dedicated mount is required for boot, to give access to all files required in the earliest stages of booting
Why does the /var directory sometimes go on its own device?
because it grows dynamically and in an uncontrolled way – like with log files. Having it stored separately from the rest of the file system keeps the rest of the filesystem from being filled
Why is /home sometimes on its own device?
for security reasons
by being on a separate device, it can get mounted with options like noexec and nodev
its also beneficial when reinstalling a the OS, because then you can reuse that home directory in the new filesystem
Why is the /usr directory sometimes on its own device?
because it contains OS files only, which users dont need write access for. by making it on a separate device, admins can more easily make it a read-only mount
What command gives you an overview of all devices and their mount points?
mount
What is /proc/mounts and what is it for
It’s for the mount command.
the kernel writes to this file, and it shows everything that is mounted
it also shows kernel interfaces
it also shows the mount options with the mount
What does the df -Th command do?
shows all available disk space on mounted devices – includes most system mounts
-h flag gives human-readable output
-T flag shows which file system TYPE is used on diff mounts
What does findmnt do?
shows mounts and the relationships that exist between them
is more abbreviated and less overwhelming than the mount command
What default byte size is the output of the df command?
kibibytes
What flag is needed to modify the df command to display a different size than kibibytes?
-m for mebibytes
-h to see human readable format (KiB, MiB, GiB, TiB, PiB
What is the ? for in context to file mgmt?
match any one character, e.g. ls c?t will show output of cut and cat
What is the [auo] for in the context of file mgmt?
ls c[auo]t would match cat, cut, cot
What’s a command that can be used to remove a directory that isn’t rm -rf?
rmdir
What does ls -l do?
lists with file properties, like creation date and permissions
ls -a
show hidden files too
ls -lrt
=t show commands sorted based on mod date
show most recent files last with the -r
ls -R
list recursively from this location
cp -R
copy recursively
cp -a
preserve original permissions when copying (a for archive mode)
what files don’t get copied over with a regular cp command?
hidden files
what are three ways to ensure hidden files are copied over?
- cp /somedir/.* /tmp
copy all files starting with a dot
- cp -a /somedir/ .
copies the entire directory of /somedir to the current directory. This creates a sudirectory called /somedir in the current directory
- cp -a /somedir/. .
copies all files to the current dir (this is a dot space dot, not a dot dot)
Why does the rm -rf command prompt the user to confirm the delete?
because rm is an alias to rm -i, because of the /root/.bashrc config. The -f flag removes that alia from the bashrc
however, for safety, it’s good to have the prompt
What’s a way to cd to your home directory, using an environmental variable?
cd /home/$USER
What are links for files, broadly?
They are like aliases but for a file
What types of links are there?
hard links and symbolic links (symlinks)
What is an inode?
It’s where administrative data about a file is stored
Is there an inode for every file in linux?
yes
What data is stored in the inode, specifically?
- the data block where the file contents are stored
- the creation, access, and modification date
- permissions
- file owners
What impt info is NOT stored in an inode?
the name of the file
What does an inode know instead of knowing its filename?
It konws how many names are associated with it (or rather, hard links)
Every file has what, instead of a name?
a hard link – but really, this is used as the name
When you name a file, what is that name?
a hard link to that file
Can a file have more than one hard link?
yes
What’s the advantage of multiple hard links for one file/inode?
This allows you to have a file available in multiple locations
a change made in the file in one location changes it at all the other hard link locations!!!
Every hard link for the same inode, points to the same…
data block
What are three restrictions for hard links?
- they must exist on the same device (or partition, or logical volume, etc)
- you can’t hardlink a directory
- when the last name/hard link is removed from a file, the access to the file’s data is also removed
if one hard link to a file is removed, what happens to other hard links for the same file?
they are unaffected
What’s another name for a symlink?
A symbolic link or a hard link
How does a symlink relate to an inode?
it does not link directly to an inode, only the name of a file
What’s a disadvantage of symlinks?
when the original file is removed, the symlink becomes invalid and stops working
What’s an advantage of symlinks?
they can link to files on other devices and on directories (unlike hardlinks)
What command is used to make links?
ln
cp, ln, and mv all use what order for files?
source name first, then destination name,
What is the command for making a soft link?
ln -s
What restriction is there for creating a hard link?
you have to be the own of the item you want ot link to
what does ln /etc/hosts . do?
Creates a hard link to /etc/hosts in the current directory
what does ln -s /etc/hosts do?
create a symlink to the file /etc/hosts in the current directory (points to the hardlink)
what does ln -s /home /tmp do?
creates a sym link to the directory /home in the directory /tmp
How do you find out if a file is a hardlink or a softlink?
ls -l
What’s the first character in a file property if it’s a soft link?
l
What does ls -l show for a soft link?
the name of the item it links to, after the filename
What does ls -l show for a hard link?
a counter for the number of hard links an inode has
What is the \ doing in the command \ls -l ?
the \ means that the alias form of ls isn’t used
What file creates an archive of files?
tar
What was the tar command originally designed for?
to stream files to a tape without any compression of the files – and so it still doesn’t compress anything by default
What must be paired to tar to get it to actually compress files?
1) use a specific compression tool
2) specify an option that compresses the archive while it is created
What is the tar command an acronym for?
The Tape ARchiver
what’s the current utility of tar?
to write file to an archive file
what four things must you be able to do with tar on the RHCSA exam?
1) create an archive
2) list contents of an archive
3) extract an archive
4) compress and uncompress archives
What is the command to create an archive?
tar -cf archivename.tar /files-you-want-to-archive
What permissions are needed to archive files?
you need read permissions for the files and execute permissions on the directory the file is in
What does the command tar -cvf /root/ homes.tar/home do? (run as root)
Write the contents of the /home directory and everything below it to the /root directory
Is order of flag options in the tar command important?
yes
Is the - necessary in tar flag options?
no
What tar flag allows you to add a file to an existing archive?
-r
What does
tar -rvf /root/homes.tar /etc/hosts
(run as root)
do?
add /etc/hosts to the /root/homes.tar archive
tar uses what template?
tar [dest] [source]
What tar flag is used to update an existing archive file?
-u
What does
tar -uvf /root/homes.tar /home
do?
write newer versions of all files in /home to the /root/homes.tar archive
What does the tar -t flag do?
shows contents of the archive
What does the command
tar -tvf /root/homes.tar
do?
lists the contents of the archive file
Does an archive file need to end in .tar?
No, but it is wise to, so that you know you’re dealing with an archive file
How can you find out if a file is an archive file if it doesn’t have a .tar ending?
the file command
What tar command extracts contents of an archive?
tar -xvf /root/homes.tar
What tar flag extracts?
-x
What are two ways you can make sure an archive’s contents go exactly where you want them to (and not your current working directory) when you extract an archive?
- before extracting, cd to where you want it to extract to
- use the -C flag. e.g., -C /targetdir
What does the command
tar -xvf homes.tar -C /tmp
do?
extract (verbosely) the homes archive and plop its contents into the /tmp directory
What is the star command for?
the star utility was designed to offer support for archiving nondefault file attributes, such as access control lists (permissions mgmt…) or SELinux file content
Should star or tar be used for archiving?
Now tar can do everything star can do and more now, and star is no longer included in default installs
What if you only wanted to extract one file out of an archive?
use a command like
tar -xvf /archivename.tar file-you-want-to-extract
following the pattern
tar -extract [archive] [file from archive]
What does the command
tar -xvf /root/etc.tar /etc/hosts
do?
extracts the file /etc/hosts from the /root/etc.tar archive (Which you could run after running tar -t to get contents of the archive)
How do compression algorithms work, broadly?
They take advantage of the redundancy in files
Does the tar command automatically compress files?
no, not unless you specify compression
With the old version of tar, if you wanted to compress the archive, what did you do?
follow the archive creation with a compression algorithm command, like gzip or bzip2,
thus creating an archive.tar.gz file
What are three compression algs/commands?
bzip2, gzip, xz
What command uses bzip2 decompression?
bunzip2
What command uses gzip decompression?
gunzip
what are the tar flag options for bzip2, gzip, and xz? (to use for compression, not decompression)
-j (bzip2)
-z (gzip)
-J (xz)
What flags are used for tar and decompression?
flags are not necessarily as tar automatically recognizes compressed content
What is this flag for tar?
-c
create an archive
What is this flag for tar?
-v
show verbose output for tar
What is this flag for tar?
-t
show the content of an archive
What is this flag for tar?
-z
compress/decompress the archive while creating is using GZIP
What is this flag for tar?
-j
compress/decompress the archive while creating it using BZIP2
What is this flag for tar?
-J
compress/deconompress the archive using xz
What is this flag for tar?
-x
extract an archive
What is this flag for tar?
-u
update an archive – only newer files will be written to the archive
What is this flag for tar?
-C
change the working directory before running the command
What is this flag for tar?
-r
append a file to an archive
/usr/include
Contains header files for compiling software.
/usr/share
Stores shared data, like documentation and fonts.
/usr/lib
Holds shared libraries
/usr/bin
Contains executable user programs.
How are /opt and /usr distinct?
In Linux, /usr and /opt serve distinct purposes for managing software installations. /usr typically houses system-wide applications and libraries, often installed by the system’s package manager, while /opt is designed for storing optional, add-on, or self-contained software packages, usually provided by third-party vendors.
/usr:
This directory contains system-wide applications, libraries, and other files that are essential for the operation of the Linux system. It’s often mounted read-only and is managed by the system’s package manager. Files within /usr are generally distributed as part of the operating system itself or through official repositories.
/opt:
This directory is intended for installing optional, add-on software that isn’t part of the main operating system distribution. It’s commonly used for installing pre-packaged software bundles or applications that come with their own directory structure. /opt is often used for software that doesn’t rely on the standard system libraries and is designed to be self-contained.
What makes /sys distinct from /dev?
SHORT
/dev directory allows access to the device via the device files (or device nodes)
/sys directory allows the viewing of the device information and details
LONG
The /sys filesystem (sysfs) contains files that provide information about devices: whether it’s powered on, the vendor name and model, what bus the device is plugged into, etc. It’s of interest to applications that manage devices.
The /dev filesystem contains files that allow programs to access the devices themselves: write data to a serial port, read a hard disk, etc. It’s of interest to applications that access devices.
A metaphor is that /sys provides access to the packaging, while /dev provides access to the content of the box.
The files in /sys are not device nodes, but symbolic links and regular files. Those regular files are special in that reading or writing to them invokes file-specific functions in the kernel, like device nodes. The difference is that files in /sys work this way because of the filesystem they are on, whereas device nodes work this way due to their device node characteristics (the file type indicating a (block or character) device, and the device major and minor number indicating which device it is).
The reason for /dev existing independently of /sys is partly historical: /dev dates back to the dawn of Unix, while /sys is a much more recent invention. If Linux was designed today with no historical background, /dev/sda might be /sys/block/sda/content.
Example path in /sys
/sys/block/*/device/serial (with * replaced by nvme0n1 or sda or hda
What makes /proc distinct from /sys?
The /proc and /sys filesystems in Linux are both pseudo-filesystems that provide access to kernel data, but they differ in their primary purpose and content. /proc primarily focuses on providing information about processes running on the system, including their status, resources, and other relevant details. /sys, on the other hand, offers a window into the kernel’s hardware configuration and exposes settings that can be modified to manage the system.
Here’s a more detailed comparison:
/proc:
Focus: Process information.
Content: Each running process has a subdirectory under /proc named after its process ID (PID). This subdirectory contains files that provide information about that process, such as its current working directory, memory usage, and other details.
Example: The ps command uses /proc to retrieve process information.
Purpose: To query real-time information about processes running on the system.
/sys:
Focus:
Hardware configuration and kernel settings.
Content:
/sys exposes various files and directories that represent hardware devices, drivers, and kernel settings.
Example:
You can use /sys to check the status of a USB device or configure its parameters.
Purpose:
To allow administrators and applications to interact with and manage the hardware and kernel.
In essence, /proc is a snapshot of the running processes, while /sys provides a means to interact with and configure the system’s hardware and kernel.
Example subdirectories in /sys
findmnt –fstab -t nfs
What does this command do?
findmnt –fstab -t nfs Prints all NFS filesystems defined in /etc/fstab. findmnt –fstab /mnt/foo Prints all /etc/fstab filesystems where the mountpoint directory is /mnt/foo. It also prints bind mounts where /mnt/foo is a source.
