Week 4 - Filesystem Types Flashcards
What are the recommended default file systems for W/L?
NTFS for Windows
ext4 for Linux
What file system supports reading and writing to all 3 major OS?
FAT 32
What’s the downside of FAT 32? 2
Files can’t be larger than 4GB
File system can’t be larger than 32 GB
What file system is the successor of FAT 32? What does it stand for?
exFAT
Extensible File Allocation Table
What does FAT stand for?
File allocation table
What does ASCII stand for?
American Standard Code for Information Interchange
What does GPT stand for?
GUID partition table
What does GUID stand for?
Globally Unique Identifier
What does MBR stand for?
Master Boot Record
What is a partition?
a piece of a disk you can manage
A storage disk can be divided into _____
partitions
Why would someone want to have 2 partitions on their disk?
For different OS
Can you add different filesystems on different partitions of a disk?
Yes
When you format a filesystem on a partition, it becomes a ____
volume
What is a partition table? What are 2 things a table would tell you?
A partition table tells the OS how a disk is partitioned
- How much disk space is allocated on that partition
- Which partitions you can boot from
What are the 2 main partition table schemes? L/W
MBR - Master Boot Record
GPT - GUID Partition Table
What are the 3 main characteristics of an MBR partition table?
MBR table:
1. 2TB max volume size
2. 4 primary partitions allowed
3. Uses Primary > Extended > Logical partitions
What are the 3 characteristics of a GPT?
GPT:
1. >2TB volume size
2. 1 single type of partition
3. Unlimited partitions
What partition table does the disk need to use to boot UEFI?
GUID partition table
What is the disk management utility? W
a great Windows native tool for disk partitioning
How to get to the disk management utility via GUI? W
Right Click “This PC” > Manage > Disk Management under Storage group
In disk partitioning, what is allocation unit size? KNIFE
The size of the chunks the partition will be chopped into
(small files = small chunks, large files = large blocks)
What’s the difference between quick and full format for disk partitioning?
A full format is when Windows will search for any errors or bad sectors and takes a little longer
What are the 8 steps to partition/reformat a disk on Windows?
- Diskpart
- list disk
- select disk 1
- clean
- create partition primary
- select partition 1
- active
- format FS=NTFS label=my-usb-drive
_____ is a disk partitioning utility on the Windows operating system
Diskpart
What are the 3 main divisions of storage you’ll find on a drive?
- Cluster (allocation unit size) - minimum size a file can take up (size chunks)
- Volume - single file system in a single storage area (can be multi-disk)
- Partition - creates unique spaces on the hard disk
What is a cluster?
the minimum amount of space a file can take up in a volume or drive
What does it mean to mount something?
To make it accessible to the computer
What command do you use to partition a disk on Linux?
parted
(fdisk)
How do you see what disks are connected to a computer using Linux?
sudo parted -l
How do you select the /dev/sdb USB drive to start the partition? This also enters interactive mode
sudo parted /dev/sdb
enters interactive mode
How do you get out of interactive mode in parted?
quit
How do you set a disc label while partitioning on Linux?
mklabel (partition table name)
In Interactive Mode, how do you see disk information on Linux?
What 4 things does mkpart need to know?
- what type of partition we want
- what type of file system we want to format
- the start of the disk
- the end of the disk
What are the 8 steps to partition and format a FS on Linux? (Not mounted yet)
(sudo parted -l to see disks available)
- sudo parted /dev/sda
- mklabel (partition table we want)
- mkpart primary ext4 1MiB 5GiB (partition disk in 2)
- quit
- sudo mkfs -t ext4 /dev/sda1 to format partition with FS
- sudo parted -l
In Linux, how do we select the partition table we want in interactive mode?
mklabel (partition table)
In Linux, how do we partition a disk that’s already been assigned a partition table in interactive mode?
mkpart (partitiontype) (FS) (Start) (End)
In Linux, how do we format a filesystem on a disk that’s already been partitioned?
Out of interactive mode:
sudo mkfs -t (FS type) /dev/sda1
How do you unmount a filesystem in Linux?
sudo umount (directory name)
or
sudo umount /dev/(name)
What is UUID?
Universally unique ID
unique device IDs
What command shows us the UUID of block devices on Linux?
sudo blkid
What does the /etc/fstab directory show? 3
- UUIDs list of unique device IDs
- mount points
- what type of file system they are
What happens to the mount point we used to mount a file system to a directory when we turn off the computer?
it disappears (we have the option to permanently mount a disk though)
What command is used to mount/unmount file systems in Linux? Manually and Automatically
Unmount Manually:
sudo umount directory
sudo umount /dev/sdb1
Mount/Unmount automatically:
fstab
What is a mount point? Linux
The location in a file system table (fstab) where you connect a physical storage device to
What is mounting?
When you connect a physical storage device to a location
What does fstab mean? Linux
File system table
used to mount/unmount file systems (automation)
What are the 6 columns of the file system configuration table (fstab) for the automation of mounting/unmounting devices? Linux
- Device - UUID or name of device (sda1,etc)
- Mount Point - directory location
- File system type
- Options - mounting options separated by a comma
- Backup operation/dump - outdated, not used (1 backups on, 0 backups off)
- File system check (fsck) order or Pass - order mounted device to be checked (0 no fs check, 1 mounted device is root file system check first, 2 device is partition check after root)
What are the different options for the file system check/Pass when automating mounting/unmounting devices? 3
0 = no file system check
1 = mounted device is a root file system check first
2 = mounted device is a partition check after the root file system
Command to check fstab manual page for the file system in use? Linux
man fstab
As an IT pro, what do you do when you install a new hard drive but the Linux server does not seem to recognize the drive? 5
Linux has detected the new hardware but doesn’t know how to display info about the drive
IT will need to add an entry in the fstab table so that Linux will know how to mount it and display its entry within the fs
- format the drive (fdisk) and/or create a partition same command
- find which block devices (storage device registered as a file in /dev) Linux assigned to the new drive (lsblk)
- use gedit to open fstab file
- add new fs partition
- reboot the computer and check the (/mnt/mystorage) directory for the new partition
What does a device file provide? Linux
The device file provides an interface between the system and the attached device for read-write processes.
When combined with fdisk, what command do you use to find the list of block devices connected to the system? Linux
lsblk
What are the 7 columns in the output from the lsblk command?
- Name - of devices
- Maj/Min - major minor code numbers for device
- RM - removable?
- Size - storage available on device
- RO - file permissions read-write, read only?
- Type - of device
- Mountpoint - location of mounted device
In a block device list, what does MAJ:MIN mean and what are the differences?
Major # is the driver type used for device communication (like RAM, SCSI hard drive, IDE hard drive, RAID metadisk)
Minor # is the ID number used to describe the Major # like partition number, if it’s the physical drive
What are the 6 columns of a fstab file when opened using an editor like gedit? Linux
- device - add new fs device name (/dev/sdb1)
- mount point - for new partition (make easy to find for users)
- file system - enter fs used for the new partition
- options
- dump - set to 0
- pass - set to 2 for a partition, 1 for root file, 0 for off (it’s a 2 in this case)
What are the 5 steps to add an entry in the fstab table so Linux can mount a drive and display it properly in the fs? (mounting error, drive not recognized but detected)
- format the drive (fdisk) select Linux fs, and/or create a partition same command
- find which block devices (storage device registered as a file in /dev) Linux assigned to the new drive (lsblk)
- use gedit to open fstab file
- add new fs partition
- reboot the computer and check the (/mnt/mystorage) directory for the new partition
What is virtual memory? W
how our OS provides the physical memory available on our computer (RAM,etc) to the applications that run on the computer
What 2 things does virtual memory help us with? W
- handles the logistics to aid applications in accessing memory by creating a mapping of virtual to physical addresses
- allows computer to use more memory than we physically have installed (with pages)
What are pages? W 2
blocks of data that get copied and evicted out of memory to the hard drive when not in use to supplement a system’s RAM capacity
also used for system crash dumps/extend computer’s commit charge
What does Windows use to handle virtual memory?
Windows OS uses a program called memory manager
What does the memory manager in Windows do?
handles the mapping of virtual to physical memory and manages pages
In Windows, where are pages saved to?
Pages are stored in a special hidden file on the root partition of a volume called pagefile.sis
Where do we go if we want to modify page files? W
control panel > system and security > system > advanced system settings > advanced > settings in Performance > Advanced > Virtual Memory
What is the system commit limit? W
total of RAM + the amount of disk space reserved for paging files
Helps to avoid overpromising on available RAM
What are 3 things an IT specialist can do if disk space is low especially if needing space for paging files? W
- add more ram
- more hard drive storage
- offload non-system files to network or cloud
What happens if the system commit limit is exceeded? W
Windows or applications may stop functioning properly
The system commit charge must be ___ or ____ the system commit limit
W
must be = or < the system commit limit
If there’s no page file, the system commit limit is ___ RAM amount
W
less than
In what directory are modified page files stored? W
(to be stored on hard drive)
\Memory\Modified Page List Bytes
3 ways to check if a page file is too small? W
- \Memory\Available MBytes indicates more physical memory is needed.
- A significant amount of memory exists in the modified page list.
- \Paging Files(*)% Usage (existing page files) are almost full.
What does a complete memory dump do? W
records system memory when computer stops randomly
requires paging file on boot volume, able to hold physical RAM +1MB for header
What does a small memory dump do? W
saves the minimum amount of troubleshoot information of a crash
needs at least 2MB HD space allocated on boot volume
Where is the small memory dump stored? W
%SystemRoot%\Minidump
Where is the complete memory dump stored?
%SystemRoot%\Memory.dmp
by default
Are paging files necessary in systems with a large amount of RAM?
No
What are 3 ways paging files are used in Windows?
- Offloads data from RAM not being used to hard drive to be accessed later
- Used for system crash dumps
- Extends system commit charge when computer is in peak usage
What is swap space?
the dedicated area of the hard drive used for virtual memory
How do you make a swap space/swap partition? Linux 7 steps
How to make swap space/swap partition (manual)
- select target device with sudo parted /dev/sdb
- mkpart primary linux-swap 5GiB 100%
- quit
- specify it’s a swap space with sudo mkswap /dev/sdb2
- enable swap on device with sudo swapon /dev/sdb2
- auto mount swap space will need an entry in the fs table
Distributing ___ ___ over ___ ___ ___ also improves ___ performance
Linux
Distributing swap space over multiple storage devices also improves swap performance
What is the master file table (MFT) used by? W
NTFS to organize files
How does NTFS store and represent the files we’re working with? W
Uses the MFT (master file table) to organize
What’s the index of a file’s entry in the MFT (master file table) called?
File Record Number (FRN)
What are symbolic links? NTFS
A shortcut to an entry/file in the MFT but it’s treated as the original file not as a shortcut
(no scrambled words)
How do you create a symbolic link for file_1.txt? What program do you use? W
mklink file_1_symlink file_1.txt
use command prompt cmd.exe
What are hard links? NTFS
Hard links reference —> File Record Number (not by name)
file system representation of a file (more than one path references a single file in the same volume)
What happens if a hard link file name changes? NTFS
The hard link will still point to the same file (the link will still work)
What’s a soft link/junction? W
the (storage) objects it references are separate directories
What is an inode? L
the structure used to organize files and metadata for a Linux system
(similar to Windows Master File Table)
Where are inodes stored? L
stored in an inode table to help manage files (like MFT)
What are sim links/soft links in Linux? Why can it be bad?
Similar to symbolic links for Windows, they point to another file as a shortcut but if something gets moved and a link is broken for one all other ones are broken
What type of data does an inode store/organize? What does it not store? L
inodes store metadata but not the file name or file contents itself
What are hard links on linux?
they point to a physical location on a file system (to an inode stored in an inode table)
hard links are the clones that don’t take up more space, point to the same location
What happens when the hard link count of a file reaches zero? L
the file is completely removed from the computer
How do you create a soft link/sim link on Linux?
ln -s important_file important_file_softlink
- -s for soft link
How do you create a hard link on Linux?
ln important_file important_file_hardlink
- no -s this time
- ls -l filename to check hard link count
Why are hard links good to use?
If you need to store the same file in different places without taking up additional space on the volume
What command on Windows allows us to print out disk usage, how many files it has?
disk usage
can also go to disk management
make sure to download DU tool sys internals
How does defragmentation make life easier for rotating hard drives?
the actuator arm has to travel less to read data
What is defragmentation?
reorganizes all files on a disk into neighboring locations
What does trim do for SSDs? How?
Windows
reclaims unused portions of the SSD by erasing unused data blocks
(disk cleanup for SSDs)
Is defragmentation done manually or automatically?
every so often the OS defragments the drive automatically on a schedule
you can manually do it if needed
How to run disk cleanup from command line? W
c:\windows\SYSTEM32\cleanmgr.exe /dDrive
Drive = enter drive here
How to view disk usage on Linux?
du -h
- if no directory is specified, it defaults to the current one
- -h means in human-readable form
How to view free disk space with command on Linux?
df -h
shows you the free space available in your entire machine
What’s a data buffer? W Where is it located?
A region of the RAM used to temporarily store data while it’s being moved around
(since RAM is faster than hard drives, data needs to sit somewhere for drives to catch up)
What are 3 causes of data corruption? W
- Power outages
- System failures, software bugs
- Removing a drive without ejecting it
What is journaling? NTFS
Windows
NTFS logs are kept on changes made to a file’s metadata
What is the self-healing NTFS feature? What does it do? W
Makes changes to minor problems/corruption on the disk in the background automatically
How to run the check disk utility tool (serious disk corruption)
chkdsk /F D:
in the command prompt
- by default runs in read-only mode, no changes made
- can tell it to fix any problems it finds with /F flag
How to check the status of NTFS self-healing feature?
command prompt
fsutil repair query C:
How does the check disk utility on Windows repair corruption automatically?
If it detects corruption/bad sectors, it sets a bit in the metadata file to indicate that. On system boot, chkdsk utility will check for this bit and will execute to try to repair the broken bits in the file system from the NTFS log
To repair a file system, make sure the file system isn’t ____
Linux
make sure the file system isn’t mounted (it’ll damage it)
On Linux, what command to repair a file system?
make sure the file system isn’t mounted (it’ll damage the file system)
sudo fsck /dev/sda
What does i-nodes stand for? Linux
index nodes
(every file in Linux has its i-node identifier)
What does the i-node store?
stores metadata about the storage block and fragment locations where each file is stored
What are 5 symptoms of data corruption? L
- system suddenly shuts down
- software won’t launch or crashes when opening corrupted file (or gives errors file not recognized)
- corrupted files/folders no longer appear in the file system
- OS reports bad sectors when it fails to execute commands
- Hard drives with platters are damaged and make clicking sounds/unusual vibrations
What are 3 causes of data corruption? L, Part B
- Software errors (viruses, malware, antivirus damages files, interferes with r/w HD operations)
- Hardware malfunctions (larger files more likely to have a bad sector, hard drives with moving parts wear out/get damaged like damaged heads or platters)
- Electrical damage (power failure while writing data to hard drive)
What’s the critical first step when you have identified or suspected data corruption? L
shut down the affected hard drives to prevent data recovery from becoming more difficult from the corruption activity continuing
What’s the second step in data corruption repair? L 2 options
Minimize read/write operations on the disk other than those produced by data recovery tools
- corrupted Linux boots from external device or network (PXE boot)
- or attach corrupted HD to a healthy Linux as an external drive using an adapter or docking station*
*automount must be disabled
What’s the third step in data corruption repair? L
disable the automount service if connecting a corrupted drive to a healthy system as fsck won’t repair corruption on a mounted file system
2 instances where the fsck command must NOT be used? L
- on a hard drive that was a member of a RAID array
- on a mounted file system (must be unmounted)
What command displays disk volume, and can be paired with other tools for disk repair? W
chkdsk
How do you create a symbolic link called “almond” to a file named “nuts.txt”? W
mklink almond nuts.txt
What are blocks?
Blocks are a layer of storage devices that allow individual access to each independently.
They allow programs to access storage without worrying about whether the underlying hardware device is a hard drive, solid state drive, flash drive, etc.
How to display an output in human-readable format? Linux
-h flag
What are two ways to see disks mounted on a system? Linux commands
- df -h
- disk free, usually used to see how much free space in the file system. -h for human readable format. - lsblk
- lists block devices
What minor numbers in the MAJ:MIN column are used to indicate the physical drives? 3 hard drives
Linux
1st physical hard drive: 0 MIN #
2nd physical hard drive: 16 MIN #
3rd physical hard drive: 32 MIN #
What are the 4 MAJOR numbers used to identify the driver type in the MAJ:MIN column? Linux
1 = RAM
3 = IDE Hard Drive
8 = SCSI Hard Drive
9 = RAID metadisk
