Linux file system

1. Devices, partitions and inodes
2. File permissions
3. Links

• A block device is usually /dev/sda, /dev/sdb or so. A device name refers to the entire disk.
• Block devices files are found in /dev along with all other system peripherals.
• Block devices can be divided into one or more logical units called partitions.

• The device name for a partition is the name of the block device followed by the partition number
• For example, /dev/sda1 is the first partition on the first hard disk in the system.
• This division is recorded in the partition table, usually found in sector 0 of the disk.

# print partition table for the first hard disk
lsblk -fmo +TYPE /dev/sda
NAME   FSTYPE LABEL UUID                                 FSAVAIL FSUSE% MOUNTPOINT      SIZE OWNER GROUP MODE       TYPE
sda                                                                                     127G             brw-rw---- disk
├─sda1 vfat         796D-9597                             505.9M     1% /boot/efi       512M             brw-rw---- part
├─sda2 ext4         5c50c063-4450-4a72-b428-02b2e1cf3d54  112.3G     1% /             122.5G             brw-rw---- part
└─sda3 swap         9660d4c3-30ef-4c99-b24e-22b31798e046                [SWAP]            4G             brw-rw---- part

• Every partition has its own file system (see FSTYPE column above).

• In a file system, a file is represented by an inode containing metadata about the file.
• The only informations not included in an inode are file name and directory (those are stored in special "directory" files).
• An application can retrieve this metadata using stat, which returns a stat structure.
• Inode is useful at least so that the owner and group are not stored inside the file ...
• Sample inode details :

stat /home/admin/some_file
     File: /home/admin/some_file
     Size: 1503            Blocks: 8          IO Block: 4096   regular file
 Device: 802h/2050d      Inode: 6041138     Links: 1
 Access: (0644/-rw-r--r--)  Uid: ( 1001/admin)   Gid: ( 1001/admin)
 Access: 2021-05-08 19:24:12.399088300 +0200
 Modify: 2021-05-06 22:07:37.869491910 +0200
 Change: 2021-05-06 22:07:37.873491926 +0200
 Birth: -

• Use ls to display file type attributes :

  -	Regular file
  d	Directory
  l	Symlink
  c	Character device
  b	Block device
  s	Socket
  p	Named pipe

• Use ls -F to display file type suffixes :

  /	Directory
  *	Executable
  @	Symlink
  %	Whiteout
  =	Socket
  |	Pipe FIFO

• 3 types of permissions exist : read, write, execute ("executing" a directory means cd into it).

• Owner Uid: r,w,x
• Group Gid: r,w,x
• Others: = r,w,x

Note : Owner and group are stored into the file's inode (see above).

• Each new regular file has default permissions of 666.
• Each new directory has default permissions of 777.
• The file creation mode mask for the current user is then subtracted from the default permissions (see umask).
• For example, umask 0022 means that write permissions are removed for Gid and others.

• Those flags are set when any user has to be able to run the program using another user (SUID) or group (GUID) permissions.
• When set, the "execute" bit for owner (SUID) or group (GUID) is set to s instead of x in the permissions.
• For instance, this commands prints all files for which either SUID or UID is set in /usr/bin :

ls -l /usr/bin/* | grep -E "^-(.{2}s|.{5}s).*$" -

• Linux links are the equivalent of Windows shortcuts and can be of 3 types :

• 2 or more file names are given the same inode number, thus point to the same blocks on the disk.
• Inode numbers are unique for a partition, so a hard link can only point to a file on the same partition.
• Each regular file is in principle a hard link.

• A file that contains the path to the target file.
• Inodes are not used in this system, so a symlink can point to a file to a different partition.

• Those are only interpreted by GUI and are seen as a normal file by the kernel and the shell.