Guide - Part 3: File Systems

Question 1

How are disks, partitions, and volumes different from one another?

Answer 1

Disks are the actual storage hardware; partitions are logical divisions of a disk used to define the storage space; and volumes, contained inside partitions, are used to define how the individual files and folders are saved to the storage.

Question 2

What are the two primary partition schemes for Mac- formatted disks? What are their differences?

Answer 2

GUID Partition Table is the default partition scheme on Intel- based Mac computers, and Apple Partition Map is the default partition scheme on PowerPC-based Mac computers.

Question 3

What two volume formats are supported for an OS X system volume?

Answer 3

The volume formats supported as system volumes for OS X are Mac OS Extended (Journaled) and Mac OS Extended (Journaled, Encrypted).

Question 4

How does file system journaling work?

Answer 4

File system journaling records which file operations are in progress at any given moment. This way, if a power failure or system crash occurs, after the system restarts, it will be able to quickly verify the integrity of the volume by “replaying” the journal.

Question 5

What is Core Storage, and what two major OS X features are implemented via Core Storage?

Answer 5

Core Storage is a file system management layer that’s used by OS X to provide disk encryption as used by FileVault, and combine separate disks as used by Fusion Drive.

Question 6

What are the four erase options available in Disk Utility? How are they all different?

Answer 6

The four erase options in Disk Utility are:
• Fastest, which simply replaces the volume’s directory
structure
• A second choice, which provides good security by writing zeroes on top of all the previous disk data
• A third choice, which provides even better security by writing three separate passes of information on top of the previous disk data
• Most Secure, which provides the best security by writing seven separate passes of information on top of the previous disk data

Question 7

How does the Secure Empty Trash feature in Finder work?

Answer 7

Secure Empty Trash will perform a 7-pass erase on the contents of the Trash folder.

Question 8

How can you ensure that previously deleted items are securely erased?

Answer 8

From the Erase tab in Disk Utility, you can choose to securely erase the free space of a disk or volume. This securely erases any previously deleted files on the selected disk or volume.

Question 9

How can you encrypt a disk without losing its contents?

Answer 9

From the Finder, you can encrypt a disk without losing its contents by secondary (or Control-) clicking the disk and choosing Encrypt from the shortcut menu.

Question 10

What four methods can be used to eject a volume or disk

from the Finder?

Answer 10

The four methods used to eject a volume or disk from the Finder are:
• Drag the disk icon to the Trash in the Dock
• Press and hold the Eject key for a few moments to
unmount and eject optical media
• Select the volume you want to eject and choose Eject from the File menu
• In the Finder sidebar, click the small Eject button next to the volume you want to unmount and eject

Question 11

What’s the potential side effect of improperly unmounting or ejecting a disk or volume?

Answer 11

Improperly unmounting or ejecting a drive or volume may cause data corruption. The system automatically verifies and repairs an improperly unmounted or ejected volume the next time it becomes available to the Mac.

Question 12

How does FileVault protect a user’s data?

Answer 12

FileVault protects the entire system volume and all its data by using strong XTS-AES 128 encryption. During system startup, a FileVault-enabled user must enter a password to decrypt the system volume.

Question 13

What are the system requirements for using FileVault?

Answer 13

To enable FileVault, OS X systems must have the hidden OS X Recovery HD volume on the system disk. Also, any Legacy FileVault accounts must be decrypted and returned to normal accounts before FileVault can be enabled.

Question 14

Which users are allowed to unlock a FileVault-protected system?

Answer 14

Any user who’s FileVault enabled is allowed to unlock a FileVault-protected system. This includes any local or cached network user account that was enabled when FileVault 2 was set up or created after FileVault 2 was enabled. Further, administrators may return to Security & Privacy preferences to enable additional accounts.

Question 15

How can you unlock a FileVault-protected system when all user accounts have lost their passwords?

Answer 15

A FileVault-protected system can be unlocked using the recovery key that was generated during the FileVault setup
process. This key can be entered during system startup and will allow you to reset the user’s account password.

Question 16

How do you identify the ownership and permissions of a file or folder in the Finder?

Answer 16

An item’s ownership and permissions can be identified using the Info or Inspector windows in the Finder.

Question 17

How do ACLs differ from standard UNIX file system permissions?

Answer 17

Standard UNIX file system permissions allow for permissions to be set only for one owner, one group, and all others. ACLs, on the other hand, allow for an essentially unlimited list of permissions entries.

Question 18

What’s the locked file flag?

Answer 18

The locked file flag prevents anyone, including the item’s owner, from editing an item. Only the item’s owner can unlock the item to then allow modification.

Question 19

Why is the root, or beginning, level of a user’s home folder

visible to other users?

Answer 19

The root level of a user’s home folder is visible to other users so they can navigate to the Public shared folder.

Question 20

How does the default organization of the file system allow users to safely share local files and folders?

Answer 20

Every home folder contains a Public folder that other users can read and a Drop Box folder that other users can write to. All other subfolders in a user’s home folder (except the optional Sites folder) have default permissions that don’t allow access to other users. The Shared folder is also set for all users to share items.

Question 21

What’s unique about the permissions of the /Users/Shared folder?

Answer 21

The Shared folder is set up to allow all users to read and write files, but only the user who owns an item can delete it from the Shared folder. This is accomplished using the sticky bit permissions setting.

Question 22

What does it mean when you choose the option to “ignore volume ownership” in the Finder? What are the security ramifications of ignoring volume ownership?

Answer 22

You can choose to ignore ownership on any nonsystem volume. This will ignore any ownership rules and grant any
logged-on user unlimited access to the contents of the volume. It’s a potential security risk because it will allow any local user account to have full access to the volume, even if that user didn’t originally mount the volume.

Question 23

Which two built-in OS X applications can be used to gather information about storage devices?

Answer 23

Disk Utility and System Information can both be used to gather information about storage devices.

Question 24

What does the Disk Utility Verify and Repair feature do?

Answer 24

The Disk Utility Verify and Repair feature is used to verify or repair the partition scheme and directory structure of a volume. These elements contain the information used to locate files and folders on the volume.

Question 25

What is target disk mode and how is it engaged?

Answer 25

Target disk mode is a Mac-specific hardware feature that, when engaged, will share the Mac computer’s internal disks through the FireWire ports. Target disk mode can be engaged from Startup Disk preferences or by holding down the T key as you turn on the Mac.

Question 26

Which permissions are modified by the Disk Utility Repair Permissions feature?

Answer 26

The Disk Utility Repair Permissions feature repairs only the ownership and permissions for items installed by Apple. However, this may resolve issues with third-party products.

Question 27

How can you reset a user’s home folder permissions?

Answer 27

A user’s home folder permissions can be reset from the Reset Password application on OS X Recovery.