150 likes | 229 Vues
File System Basics. Brandon Checketts. Some terminology. Superblocks Inodes Journaling Hard links Symbolic links Directory entries. The Superblock. Describes the entire file system Block Size Pointer to the root directory Flags (ro, noatime, etc) List of open files
E N D
File System Basics Brandon Checketts
Some terminology • Superblocks • Inodes • Journaling • Hard links • Symbolic links • Directory entries
The Superblock • Describes the entire file system • Block Size • Pointer to the root directory • Flags (ro, noatime, etc) • List of open files • First copy of the superblock is stored near the start of the device • Backup copies are stored throughout the file system
Block Groups • Block groups divide the disk into smaller groups to reduce disk seeking • A Block Group Descriptor is saved near the superblock that describes where each block group is located on disk • Each block group contains a list of blocks and inodes and a flag for whether or not they are used
Inodes • Each file has an inode • Contains meta- information about the file, but does not contain the file name or the file contents • See the Stat() system call • Owner, permissions, timestamps, size, number of links
Inode Structure • Offset Size Use • 0 2 i_mode Permissions • 2 2 i_uid 16-bit User ID • 4 4 i_size 32-bit File Size (lower 32 bits) • 8 4 i_atime Last Accessed Timestamp • 12 4 i_ctime Created Timestamp • 16 4 i_mtime Last modified Timestamp • 20 4 i_dtime deleted Timestamp • 24 2 i_gid 16-big Troup ID • 26 2 i_links_count # Of links to this file • 28 4 i_blocks # Blocks reserved for file • 32 4 i_flags Immutable, compressed, etc • 36 4 i_osd1 • 40 15 x 4 i_block • 100 4 i_generation • 104 4 i_file_acl pointer to block containing ACL • 108 4 i_dir_acl high 32 bits of file size • 112 4 i_faddr • 116 1 2 i_osd2
Directories • A Directory is simply a file that lists the files and directories contained within, and their associated inode • Deleting a file just removes it from the directory, but doesn’t generally delete it from disk • 0 4 inode The inode for this file • 4 2 rec_len offset to the next directory entry • 6 1 name_len[a] length of the file name • 7 1 file_type[b] file type (regular, directory, block , character, symlink, etc) • 8 0-25 name
Hard Links • Each inode represents a single file, not dependent on the file name • A ‘Hard Link’ is when two directories have a file name pointed to the same inode • i_links_count is incremented for each hard link and decremented when a file is ‘deleted’ from a directory • When i_links_count reaches zero, the inode is then deleted
Symbolic Links • A special type of file that references another file • Can span across file systems • I think of it as an HTTP redirect • Symlinks shorter than 60 bytes are stored in the inode itself, and don’t have a data block
Ext3 • Add a journal Logs writes to a file system journal before committing to disk • Increased file system limits • Performance Optimizations
Ext4 • Larger still (File systems up to 1 exabyte and files as large as 16 TB) • Extents for contiguous space • Improved timestamps (to the nanosecond, and for 500 more years)
Experiment • Create a loopback file: • [root@slc1 ~]# dd if=/dev/zero of=/root/loopback-sample bs=1024 count=30720 • 30720+0 records in • 30720+0 records out • 31457280 bytes (31 MB) copied, 0.813375 seconds, 38.7 MB/s
Create an Ext3 filesystem • [root@slc1 ~]# mkfs -t ext3 /dev/loop0 • mke2fs 1.39 (29-May-2006) • Filesystem label= • OS type: Linux • Block size=1024 (log=0) • Fragment size=1024 (log=0) • 7680 inodes, 30720 blocks • 1536 blocks (5.00%) reserved for the super user • First data block=1 • Maximum filesystem blocks=31457280 • 4 block groups • 8192 blocks per group, 8192 fragments per group • 1920 inodes per group • Superblock backups stored on blocks: • 8193, 24577 • Writing inode tables: done • Creating journal (1024 blocks): done • Writing superblocks and filesystem accounting information: done • This filesystem will be automatically checked every 25 mounts or • 180 days, whichever comes first. Use tune2fs -c or -i to override.
Experiment • Mkdir /mnt/loopback • Mount /dev/loop0 /mnt/loopback • Copy some images to it • File system tools on slc1:/usr/local/src/sk/tools/fstools might be fun • ./fsstat /dev/loop0 • Scalpel is cool
References • http://www.nongnu.org/ext2-doc/ext2.html • http://www.linuxleo.com/ • http://www.sleuthkit.org/sleuthkit/desc.php • http://www.digitalforensicssolutions.com/Scalpel/