What is a File?
Files are collection of data items stored on disk. Or it’s device which can store the information, data, music (mp3), picture, movie, sound, book etc. In fact what ever you store in computer it must be in form of file. Files are always associated with devices like hard disk ,floppy disk etc. File is the last object in your file system tree.
Following are general rules for both Linux. BSD, Unix like systems:
* File names are case sensitive. So filename soumya.doc Soumya.doc SOUMYA.doc all are three different files.
*You can use upper and lowercase letters, numbers, “.” (dot), and “_” (underscore) symbols.
* You can use other special characters such as blank space, but they are hard to use and it is better to avoid them.
* In shot, filenames may contain any character except /, which is reserved as the separator between files and directories in a pathname.
* No need to use . (dot) in a filename. Some time dot improves readability of filenames. And you can use dot based filename extension to identify file. For example
.sh = Shell file
.tar.gz = Compressed archive
* Most modern Linux and UNIX limit filename to 255 characters. However, some older version of UNIX system limits filenames to 14 characters only.
* A filename must be unique inside its directory. For example, inside /home/soumya directory you cannot create demo.txt file and demo.txt directory name. However, other directory may have files with the same names. For example, you can create demo.txt directory in /tmp.
What is a directory?
Directory is group of files. Directory is divided into two types:
Root directory – Strictly speaking, there is only one root directory in your system, which is denoted by / (forward slash). It is root of your entire file system and can not be renamed or deleted.
Sub directory – Directory under root (/) directory is subdirectory which can be created, renamed by the user.
Directories are used to organize your data files, programs more efficiently.
Linux supports numerous file system types
Ext2: This is like UNIX file system. It has the concepts of blocks, inodes and directories.
Ext3: It is ext2 filesystem enhanced with journalling capabilities. Journalling allows fast file system recovery. Supports POSIX ACL (Access Control Lists).
POSIX-”Portable Operating System Interface” is the collective name of a family of related standards specified by the IEEE to define the application programming interface (API) for software compatible with variants of the Unix operating system.
Isofs (iso9660): Used by CDROM file system.
Sysfs: It is a ram-based filesystem initially based on ramfs. It is use to exporting kernel objects so that end user can use it easily.
Procfs: The proc file system acts as an interface to internal data structures in the kernel. It can be used to obtain information about the system and to change certain kernel parameters at runtime using sysctl command.
[sysctl is used to modify kernel parameters at runtime. The parameters available are those listed under /proc/sys/.
For example you can find out cpuinfo with following command:
# cat /proc/cpuinfo
Or you can enable or disable routing/forwarding of IP packets between interfaces with following command:
# cat /proc/sys/net/ipv4/ip_forward
# echo “1" > /proc/sys/net/ipv4/ip_forward
# echo “0" > /proc/sys/net/ipv4/ip_forward
NFS: Network file system allows many users or systems to share the same files by using a client/server methodology. NFS allows sharing all of the above file system.
Linux also supports Microsoft NTFS, vfat, and many other file systems.
You can find out what type of file systems currently mounted with mount command:
$ mount
OR
$ cat /proc/mounts
What is a UNIX/Linux File system?
A UNIX file system is a collection of files and directories stored. Each file system is stored in a separate whole disk partition. The following are a few of the file system:
/ - Special file system that incorporates the files under several directories including /dev, /sbin, /tmp etc
/usr - Stores application programs
/var - Stores log files, mails and other data
/tmp - Stores temporary files
But what is in a File system?
Again file system divided into two categories:
User data - stores actual data contained in files
Metadata - stores file system structural information such as superblock, inodes, directories
In general, many new Linux sys admin create only two partitions / (root) and swap for entire hard drive. This is really a bad idea. You always need to consider following points:
(1) Performance
(2) Security
(3) Stability
(4) Backup
Let us assume you have 120 GB SCSI hard disk with / and swap partitions only. One of user (may be internal or external or cracker user) runs something which eats up all hard disk (DoS attack).
[SCSI- Short for small computer system interface, a parallel interface standard used by Apple Macintosh computers, PCs, and many UNIX systems for attaching peripheral devices to computers. SCSI interfaces provide for faster data transmission rates (up to 80 megabytes per second) than standard serial and parallel ports. In addition, you can attach many devices to a single SCSI port, so that SCSI is really an I/O bus rather than simply an interface.]
For example, consider following tiny script that user can run in /tmp directory:
#!/bin/sh
man bash > $(mktemp)
$0
mktemp – make temporary filename (unique)
Anyone can run above script via cron (if allowed), or even with nohup command:
$ nohup bad-script &
nohup – run a command immune to hangups, with output to a non-tty
tty is a Unix command that prints to standard output the name of the file connected to standard input. The name of the program comes from teletypewriter, abbreviated “TTY”.
When the program is run, it will produce something like this:
% tty
/dev/pts/5
Result is disaster as the entire file system comes under Denial of Service attack. It will even bypass the disk quota restriction. If we create only two partition, later poorly written application eats up all space in /var/log/. Bottom line- create partition as follows:
/ – Root partition
/home – Users home directory
/usr – Linux/BSD binary programs are installed here
/tmp – Temporary files partition
/var – Stores files which keep changing size, e.g. log, or squid caching files
If you don’t have partitions like this then following attack can take place:
1) Denial of Service attack against disk space
2) Users can download or compile SUID(Set User ID) programs in /tmp or even in /home
3) Performance tunning is not possible
4) Mounting /usr as read only not possible to improve security
All of this attack can be stopped by adding following option to /etc/fstab file:
nosuid – Do not set SUID/SGID access on this partition
nodev – Do not character or special devices on this partition
noexec – Do not set execution of any binaries on this partition
ro – Mount file system as readonly
quota – Enable disk quota
================================
root@2red [~]# cat /etc/fstab
/dev/sda4 / ext3 defaults,usrquota 1 1
/dev/sda1 /boot ext3 defaults 1 2
none /dev/pts devpts gid=5,mode=620 0 0
none /proc proc defaults 0 0
none /dev/shm tmpfs defaults 0 0
/dev/sda3 /tmp ext3 defaults,noexec,nosuid,nodev 1 2
/dev/sda2 swap swap defaults 0 0
/dev/sdb1 /backup ext3 defaults 1 2
==============================
[fstab stand's for File System TABle. It is where the system administrator can tell the OS about any filesystems the machine may have access to. It also allows default parameters to be provided for each filesystem.
fsck (the filesystem check utility) ]
Please note that above options can be set only if you have separate partitions. Make sure you create partition as above with special option set on each partition
/home – Set option nosuid, and nodev with diskquota option
/usr – Set option nodev
/tmp – Set option nodev, nosuid, noexec option must be enabled
For example entry in /etc/fstab for /home should read as follows:
/dev/sda1 /home ext3 defaults,nosuid,nodev 1 2
Here is mount command output from red server:
===============
root@2red [~]# mount
/dev/sda4 on / type ext3 (rw,usrquota)
none on /proc type proc (rw)
none on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/sda1 on /boot type ext3 (rw)
none on /dev/shm type tmpfs (rw)
/dev/sda3 on /tmp type ext3 (rw,noexec,nosuid,nodev)
/dev/sdb1 on /backup type ext3 (rw)
/tmp on /var/tmp type none (rw,noexec,nosuid,bind)
===============
