File System Basics - University of Georgia

Download Report

Transcript File System Basics - University of Georgia 

File System Basics
Brandon Checketts
Some terminology






Superblocks
Inodes
Journaling
Hard links
Symbolic links
Directory entries
The Superblock







Describes the entire file system
Block Size
Pointer to the root directory
Flags (ro, noatime, etc)
List of open files
First copy of the superblock is
stored near the start of the device
Backup copies are stored
throughout the file system
Block Groups



Block groups divide the disk into
smaller groups to reduce disk
seeking
A Block Group Descriptor is saved
near the superblock that describes
where each block group is located
on disk
Each block group contains a list of
blocks and inodes and a flag for
whether or not they are used
Inodes




Each file has an inode
Contains meta- information about
the file, but does not contain the
file name or the file contents
See the Stat() system call
Owner, permissions, timestamps,
size, number of links
Inode Structure



















Offset Size Use
0
2
2
2
4
4
8
4
12
4
16
4
20
4
24
2
26
2
28
4
32
4
36
4
40
15 x 4
100
4
104
4
108
4
112
4
116
1 2
i_mode
Permissions
i_uid
16-bit User ID
i_size
32-bit File Size (lower 32 bits)
i_atime
Last Accessed Timestamp
i_ctime
Created Timestamp
i_mtime Last modified Timestamp
i_dtime
deleted Timestamp
i_gid
16-big Troup ID
i_links_count # Of links to this file
i_blocks # Blocks reserved for file
i_flags
Immutable, compressed, etc
i_osd1
i_block
i_generation
i_file_acl pointer to block containing ACL
i_dir_acl high 32 bits of file size
i_faddr
i_osd2
Directories


A Directory is simply a file that lists the
files and directories contained within,
and their associated inode
Deleting a file just removes it from the
directory, but doesn’t generally delete it
from disk

0
4
6
7

8



4 inode
The inode for this file
2 rec_len
offset to the next directory entry
1 name_len[a] length of the file name
1 file_type[b]
file type (regular, directory, block
, character, symlink, etc)
0-25 name
Hard Links




Each inode represents a single file, not
dependent on the file name
A ‘Hard Link’ is when two directories
have a file name pointed to the same
inode
i_links_count is incremented for each
hard link and decremented when a file is
‘deleted’ from a directory
When i_links_count reaches zero, the
inode is then deleted
Symbolic Links




A special type of file that
references another file
Can span across file systems
I think of it as an HTTP redirect
Symlinks shorter than 60 bytes are
stored in the inode itself, and don’t
have a data block
Ext3

Add a journal
Logs writes to a file system journal
before committing to disk

Increased file system limits
Performance Optimizations

Ext4



Larger still (File systems up to 1
exabyte and files as large as 16
TB)
Extents for contiguous space
Improved timestamps
(to the nanosecond, and for 500
more years)
Experiment





Create a loopback file:
[root@slc1 ~]# dd if=/dev/zero
of=/root/loopback-sample bs=1024
count=30720
30720+0 records in
30720+0 records out
31457280 bytes (31 MB) copied,
0.813375 seconds, 38.7 MB/s
Create an Ext3
filesystem




















[root@slc1 ~]# mkfs -t ext3 /dev/loop0
mke2fs 1.39 (29-May-2006)
Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
7680 inodes, 30720 blocks
1536 blocks (5.00%) reserved for the super user
First data block=1
Maximum filesystem blocks=31457280
4 block groups
8192 blocks per group, 8192 fragments per group
1920 inodes per group
Superblock backups stored on blocks:
8193, 24577
Writing inode tables: done
Creating journal (1024 blocks): done
Writing superblocks and filesystem accounting information: done
This filesystem will be automatically checked every 25 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.
Experiment






Mkdir /mnt/loopback
Mount /dev/loop0 /mnt/loopback
Copy some images to it
File system tools on
slc1:/usr/local/src/sk/tools/fstools
might be fun
./fsstat /dev/loop0
Scalpel is cool
References




http://www.nongnu.org/ext2doc/ext2.html
http://www.linuxleo.com/
http://www.sleuthkit.org/sleuthkit/de
sc.php
http://www.digitalforensicssolutions
.com/Scalpel/