Performing Basic File System Administration

2 Performing Basic File System Administration

This chapter describes basic tasks for administering file systems. The chapter also describes how to configure Access Control Lists (ACLs) and how to configure and manage disk quotas.

Building File Systems

The mkfs command syntax enables you to build a file system on a block device:

sudo mkfs [options] device

Typically, the -t fstype and -L label options are used with the mkfscommand. The following example builds an ext4 file system with the label Project:

sudo mkfs -t ext4 -L Projects /dev/sdb1

If you don't specify the file system type, an ext2 file system is created by default.

You can also omit -t fstype and instead use the appropriate full mkfs.<extension> command as listed in /sbin. The following command produces the same result as the previous command:

sudo mkfs.ext4 -L Projects /dev/sdb1

To display the file system type, use the blkid command, for example:

sudo blkid /dev/sdb1

The output of the previous command would be similar to the following:

/dev/sdb1: UUID="ad8113d7-b279-4da8-b6e4-cfba045f66ff" BLOCK_SIZE="512" TYPE="ext4" 
  PARTUUID="PARTUUID="6a0cf5e9-09e5-40cf-ab47-3166e1c60f24" LABEL="Projects"

Each file system type supports several features that you can enable or disable by specifying more options with either the mkfs command format or the full mkfs.<extension> command. For example, you can use the -J option to specify the size and location of the journal that's used by the ext* file system types.

For more information, see the blkid(8), mkfs(8), and mkfs.fstype(8) manual pages.

Mounting File Systems

To access a file system's contents, you need to attach its block device to a mount point in the directory hierarchy. Any directory can be used to function as a mount point.

Typically, you create a directory for a mount point. If you use an existing directory, the contents remain hidden until you unmount the overlying file system.

About the mount Command

You use the mount command to attach the device containing the file system to the mount point as follows:

sudo mount [options] device mount_point

The device can be mounted by referencing its name, UUID, or label. For example, to mount the file system that was created in the previous section to /var/projects, any of the following commands can be used after you create the directory by running the following commands:

sudo mkdir /var/projects

sudo mount /dev/sdb1 /var/projects

sudo mount UUID="ad8113d7-b279-4da8-b6e4-cfba045f66ff" /var/projects

sudo mount LABEL="Projects" /var/projects

Issuing the mount command by itself displays all the mounted file systems. In the following example, an extract of the command's output indicates the following:

/dev/sdb1 with an ext4 file system is mounted on /var/projects for both reading and writing
/dev/mapper/vg_host01-lv_root, an LVM logical volume also with an ext4 file system, is mounted on / for both reading and writing:

sudo mount

The output of the previous command would be similar to the following:

/dev/sdb1 on /var/projects type ext4 (rw)
/dev/mapper/vg_host01-lv_root on / type ext4 (rw)
...

Or, you can use the cat /proc/mounts command to display information about mounted file systems.

The df -h command displays information about file systems and their use of disk space:

Filesystem      Size  Used Avail Use% Mounted on
...
/dev/sda3        46G   18G   29G  39% /
/dev/sda2       795M  452M  344M  57% /boot
/dev/sda1       100M  5.7M   95M   6% /boot/efi
...

To attach or bind a block device at several mount points, use the mount -B command.

You can also remount part of a directory hierarchy, which need not be a complete file system, somewhere else. For example, you would use the following command to mount /var/projects/project1 on /mnt, for example:

sudo mount -B /var/projects/project1 /mnt

Each directory hierarchy acts as a mirror of the other. The same files are accessible in either location. However, any submounts aren't replicated. These mirrors don't provide data redundancy.

To mount a file over another file, you would use the following command:

sudo touch /mnt/foo

sudo mount -B /etc/hosts /mnt/foo

In the previous example, the /etc/hosts and /mnt/foo mount points represent the same file. The existing file that acts as a mount point isn't accessible until you unmount the overlying file.

To include submounts in the mirror, use the -R option to create a recursive bind.

When you use the -B or -R option, the file system mount options remain the same as those for the original mount point. To change, the mount options, use a separate remount command, for example:

sudo mount -o remount,ro /mnt/foo

You can mark the submounts in a mount point as being shared, private, or secondary. You can specify the following options:

mount --make-shared mount_point: Any mounts or unmounts under the specified mount point propagate to any mirrors that you create, and this mount hierarchy reflects mounts or unmount changes that you make to other mirrors.
mount --make-private mount_point: Any mounts or unmounts under the specified mount point don't propagate to other mirrors, nor does this mount hierarchy reflect mounts or unmount changes that you make to other mirrors.
mount --make-slave mount_point: Any mounts or unmounts under the specified mount point don't propagate to other mirrors, but this mount hierarchy does reflect mounts or unmount changes that you make to other mirrors.

To prevent a mount from being mirrored by using the -B or -R options, mark its mount point as being unbindable:

sudo mount --make-unbindable mount_point

To move a mounted file system, directory hierarchy, or file between mount points, use the -M option, for example:

sudo touch /mnt/foo

sudo mount -M /mnt/foo /mnt/bar

To unmount a file system, use the umount command:

sudo umount /var/projects

Or, you can specify the block device if it's mounted on only one mount point.

For more information, see the mount(8) and umount(8) manual pages.

Using More Options of the mount Command

You can identify the mount command behavior by using the -o option to specify options in a comma-separated list. Some of these options are as follows:

Note:

These options can also be entered in the /etc/fstab file.

auto

Causes the file system to be mounted automatically by using the mount -a command.

exec

Causes the execution of any binary files in the file system.

loop

Uses a loop device (/dev/loop*) to mount a file that contains a file system image. See Mounting a File That Contains a File System Image, Creating a File System on a File Within Another File System, and the losetup(8) manual page.

Note:

The default number of available loop devices is 8. You can use the kernel boot parameter max_loop=N to configure up to 255 devices. Or, add the following entry to /etc/modprobe.conf:

options loop max_loop=N

In the previous example, N is the number of loop devices that you require (from 0 to 255), and then reboot the system.

noauto

Prevents the file system from being mounted automatically when mount -a is issued.

noexec

Prevents the execution of any binary files in the file system.

nouser

Prevents any user other than the root user from mounting or unmounting the file system.

remount

Remounts the file system if it's already mounted. You would typically combine this option with another option such as ro or rw to change the behavior of a mounted file system.

ro

Mounts a file system as read-only.

rw

Mounts a file system for reading and writing.

user

Allows any user to mount or unmount the file system.

The following examples show different ways to use the mount -o command syntax.

Mount the /dev/sdd1 file system as /test with read-only access and grant only the root user to mount or unmount the file system:
```
sudo mount -o nouser,ro /dev/sdd1 /test
```
Mount an ISO image file on /mount/cdrom with read-only access by using the loop device:
```
sudo mount -o ro,loop ./Linux-Server-dvd.iso /media/cdrom
```
Remount the /test file system with both read and write access, and prohibit the execution of any binary files that are in the file system:
```
sudo mount -o remount,rw,noexec /test
```

Mounting a File That Contains a File System Image

A loop device lets you access a file as a block device. For example, you can mount a file that contains a DVD ISO image on the directory mount point /ISO as follows:

sudo mount -t iso9660 -o ro,loop /var/ISO_files/V33411-01.iso /ISO

If required, create a permanent entry for the file system in the /etc/fstab file, for example:

/var/ISO_files/V33411-01.iso          /ISO      iso9660    ro,loop     0 0

About the File System Mount Table

The /etc/fstab file contains the file system mount table, which provides all the information that the mount command requires to mount block devices or implement binding of mounts. If you add a file system, you must create the appropriate entry in the /etc/fstab file to ensure that the file system is mounted at boot time. The following are typical entries from this file:

/dev/sda1         /boot   ext4     defaults  1 2
/dev/sda2         /       ext4     defaults  1 1
/dev/sda3         swap    swap     defaults  0 0

The descriptions of each field in the previous output are as follows:

The first field indicates the device to mount, which is specified by the device name, UUID, or device label, or the specification of a remote file system. A UUID or device label is preferable to a device name if the device name could change, for example:
```
LABEL=Projects    /var/projects  ext4  defaults  1 2
```
Note that the first field specifies the path of the file system, directory hierarchy, or file that's to be mounted on the mount point specified by the second field. The third and fourth fields are specified as none and bind.
The second field is either the mount point for a file system or swap to indicate a swap partition. The mount point must be a path to either a file or a directory.
The third field is the file system type, such as ext4 or swap.
The fourth field specifies any mount options.
The fifth column specifies whether the dump command dumps the file system (1) or not (0).
The sixth column identifies the order by which the fsck command performs a file system check at boot time. The root file system has the value 1, while other file systems have 2. A value of 0 skips checking, as is appropriate for swap, for file systems that aren't mounted at boot time, and for binding of existing mounts.

For bind mounts, only the first four fields are specified, for example:

path    mount_point    none     bind

For more information, see the fstab(5) manual page.

Configuring the Automounter

The automounter mounts file systems when they're accessed, rather than maintaining connections for those mounts all the time. When a file system becomes inactive for a certain period, the automounter unmounts it. Using automounting frees up system resources and improves system performance.

The automounter consists of two components: the autofs kernel module and the automount user-space daemon. It also references entries in /etc/auto.master, which is the automounter configuration file.

About the Automounter Configuration File

In the /etc/auto.master configuration file, each map entry specifies a mount point and a map file that contains definitions of the remote file systems that can be mounted, for example:

/-          /etc/auto.direct
/misc       /etc/auto.misc
/net        -hosts

The previous example shows the following types of map entries:

/-: direct map entry. Direct map entries always specify /- as the mount point.
/misc: indirect map entry.
/net: host map entry. Host maps always specify the keyword -hosts instead of a map file.

A direct map contains definitions of directories that are automounted at the specified absolute path. In the example, the auto.direct map file might contain an entry similar to the following:

/usr/man   -fstype=nfs,ro,soft             host01:/usr/man

This entry is a directive to do the following:

Mount the file system /usr/man that's exported by host01 by specifying the ro and soft options.
Create the /usr/man mount point if it doesn't already exist. If the mount point exists , the mounted file system hides any existing files that it contains.

Because the default file system type is NFS, the previous example can be shortened to read as follows:

/usr/man   -ro,soft                        host01:/usr/man

An indirect map contains definitions of directories or keys that are automounted relative to the mount point (/misc) that's specified in the /etc/auto.master file. For example, the /etc/auto.misc map file might contain entries similar to the following:

xyz       -ro,soft                         host01:/xyz
cd        -fstype=iso9600,ro,nosuid,nodev        :/dev/cdrom
abc       -fstype=ext3                           :/dev/hda1
fenetres  -fstype=cifs,credentials=credfile      ://fenetres/c

Note that the /misc directory must already exist; however, the automounter creates a mount point for the keys xyz, cd , and so on, if they don't already exist, and then removes them when it unmounts the file system.

For example, using the ls /misc/xyz command causes the automounter to the mount the /xyz directory, exported by host01 as /misc/xyz.

The cd and abc entries mount the following local file systems: an ISO image from the CD-ROM drive on /misc/cd and an ext3 file system from /dev/hda1 on /misc/abc. The fenetres entry mounts a Samba share as /misc/fenetres.

If a host map entry exists, and a command references an NFS server that's relative to the mount point (/net) by name, the automounter mounts all the directories that the server exports within a subdirectory of the mount point named for the server. For example, the cd /net/host03 command causes the automounter to mount all exports from host03 under the /net/host03 directory. By default, the automounter uses the nosuid,nodev,intr mount options unless you override the options in the host map entry, as follows:

/net        -hosts    -suid,dev,nointr

Note:

The name of the NFS server must be resolvable to an IP address in DNS or the /etc/hosts file.

For more information about NFS administration, see the Using NFS in Oracle Linux chapter in Oracle Linux 8: Managing Shared File Systems Oracle Linux 9: Managing Shared File Systems. See also the hosts.master(5) and auto.master(5) manual pages.

Installing and Enabling the Automounter

Install the autofs package and any other packages that are required to support remote file systems:
```
sudo dnf install autofs
```
Edit the /etc/auto.master configuration file to define map entries that are appropriate to the file systems.

See About the Automounter Configuration File for reference.
Start the autofs service, and configure the service to start following a system reboot:
```
sudo systemctl start autofs
sudo systemctl enable autofs
```

You can configure various settings for autofs in the /etc/sysconfig/autofs file, including the idle timeout value after which a file system is automatically unmounted.

If you change the /etc/auto.master or /etc/sysconfig/autofs file, restart the autofs service to reread these files:

sudo systemctl restart autofs

For more information, see the automount(8) and autofs(5) manual pages.

Creating a File System on a File Within Another File System

Create an empty file of the required size:

sudo dd if=/dev/zero of=/fsfile bs=1024 count=1000000

The output of the previous command would be as follows:

1000000+0 records in
1000000+0 records out
1024000000 bytes (1.0 GB) copied, 8.44173 s, 121 MB/s

Create a file system on the file:

sudo mkfs.ext4 -F /fsfile

The output of the previous command would be as follows:

mke2fs 1.44.6 (5-Mar-2019)
Discarding device blocks: done                            
Creating filesystem with 250000 4k blocks and 62592 inodes
Filesystem UUID: 17ef1d96-c595-4f19-891b-112a56b54c82
Superblock backups stored on blocks: 
	32768, 98304, 163840, 229376

Allocating group tables: done                            
Writing inode tables: done                            
Creating journal (4096 blocks): done
Writing superblocks and filesystem accounting information: done

Mount the file as a file system by using a loop device:

sudo mount -o loop /fsfile /mnt

The file appears as a normal file system when you run the sudo mount command:

...
/fsfile on /mnt type ext4 (rw,loop=/dev/loop0)

sudo df -h

Filesystem            Size  Used Avail Use% Mounted on
...
/fsfile               962M   18M  896M   2% /mnt

If required, create a permanent entry for the file system in /etc/fstab:

/fsfile          /mnt      ext4    rw,loop     0 0

About Access Control Lists

POSIX Access Control Lists (ACLs) provide a richer access control model than traditional UNIX Discretionary Access Control (DAC) that sets read, write, and execute permissions for the owner, group, and all other system users. You can configure ACLs that define access rights for more than a single user or group, and specify rights for programs, processes, files, and directories. If you set a default ACL on a directory, its descendents inherit the same rights automatically. You can use ACLs with the btrfs, OCFS2, ext3, ext4, and XFS file systems, including mounted NFS file systems.

An ACL consists of a set of rules that specify how a specific user or group can access the file or directory with which the ACL is associated. A regular ACL entry specifies access information for a single file or directory. A default ACL entry is set on directories only, and specifies default access information for any file within the directory that doesn't have an access ACL.

Enabling ACL Support

Ensure that the acl package is installed. If not, use the following command:
```
sudo dnf install acl
```
Edit the /etc/fstab file and change the entries for any file systems that you want to use ACLs so that they include the appropriate option that supports ACLs, for example:
```
LABEL=/work      /work       ext4     acl     0 0
```
For mounted Samba shares, use the cifsacl option instead of acl.
Remount the file systems:
```
sudo mount -o remount /work
```

Setting and Displaying ACLs

To add or modify the ACL rules for file, use the setfacl command with the following syntax:

sudo setfacl -m rules file ...

ACL rules accept the following forms:

[d:]u: user[: permissions]: Sets the access ACL for the user specified by name or user ID. The permissions apply to the owner if no user is specified.
[d:]g: group[: permissions]: Sets the access ACL for a group specified by name or group ID. The permissions apply to the owning group if no group is specified.
[d:]m[:][: permissions]: Sets the effective rights mask, which is the union of all permissions of the owning group and all user and group entries.
[d:]o[:][: permissions]: Sets the access ACL for other (everyone else to whom no other rule applies).

The permissions are as follows and are used with the chmod command.

r: read
w: write
x: execute

The d: prefix is used to apply the rule to the default ACL for a directory.

To display a file's ACL, use the getfacl command, for example:

sudo getfacl foofile

The output of this command would be as follows:

# file: foofile
# owner: bob
# group: bob
user::rw-
user::fiona:r--
user::jack:rw-
user::jill:rw-
group::r--
mask::r--
other::r--

If extended ACLs are active on a file, the ls -l command displays a plus sign (+) after the permissions:

-rw-r--r--+ 1 bob bob  105322 Apr 11 11:02 foofile

The following examples show how to set and display ACLs for directories and files:

To grant read access to a file or directory by a user:
```
sudo setfacl -m u:user:r file
```
To display the name, owner, group, and ACL for a file or directory:
```
sudo getfacl file
```
To remove write access to a file for all groups and users by changing the effective rights mask rather than the ACL:
```
sudo setfacl -m m::rx file
```
Note that the -x option removes rules for a user or group.
To remove the rules for a user from the ACL of a file:
```
sudo setfacl -x u:user file
```
To remove the rules for a group from the ACL of a file:
```
sudo setfacl -x g:group file
```
To remove all the extended ACL entries from a file or directory, specify the -b option:
```
sudo setfacl -b file
```

To copy the ACL of file f1 to file f2:

sudo getfacl f1 | setfacl --set-file=- f2

To set a default ACL of read and execute access for other on a directory:
```
sudo setfacl -m d:o:rx directory
```
To promote the ACL settings of a directory to default ACL settings that can be inherited:
```
sudo getfacl --access directory | setfacl -d -M- directory
```
to remove the default ACL from a directory, specify the -k option:
```
sudo setfacl -k directory
```

For more information, see the acl(5), setfacl(1), and getfacl(1) manual pages.

About Disk Quotas

You can set disk quotas to restrict the amount of disk space or blocks that users or groups can use, to limit the number of files or inodes that users or groups can create, and to notify you when usage is reaching a specified limit. A hard limit specifies the maximum number of blocks or inodes that are available to a user or group on the file system. Users or groups can exceed a soft limit for a period, which is known as a grace period.

Oracle Linux 8 doesn't provide support for user and group disk quotas for a Btrfs file system. However, quota support at the subvolume level is available for a Btrfs file system as a technology preview in this release. For more information, see Managing Quotas for Btrfs Subvolumes With Quota Groups.

For information about how to configure quotas for an XFS file system, see Managing Quotas on an XFS File System.

Enabling Disk Quotas on File Systems

Disk quotas are enabled at mount. The following table describes the options that you can specify with the mount command to enable quotas.

Mount Option	Description
`gqnoenforce`	Enable group quotas. Report usage, but do not enforce usage limits.
`gquota`	Enable group quotas and enforce usage limits.
`pqnoenforce`	Enable project quotas. Report usage, but do not enforce usage limits.
`pquota`	Enable project quotas and enforce usage limits.
`uqnoenforce`	Enable user quotas. Report usage, but don't enforce usage limits.
`uquota`	Enable user quotas and enforce usage limits.

Install the quota package on the system, if not already installed:
```
sudo dnf install quota
```
Add the usrquota or grpquota options to the file system's /etc/fstab entry:
```
/dev/sdb1       /home        ext4    usrquota,grpquota   0 0
```
Remount the file system:
```
sudo mount -o remount /home
```
Create the quota database files:
```
sudo quotacheck -cug /home
```
The previous command creates the files aquota.user and aquota.group in the root of the file system, which is /home in this example.

For more information, see the quotacheck(8) manual page.

Assigning Disk Quotas to Users and Groups

For a user, use the following command:
```
sudo edquota username
```
for a group, use the following command:
```
sudo edquota -g group
```
Running the previous command opens a text file opens in the default editor that's defined by the EDITOR environment variable. Therefore, you can specify the limits for the user or group, for example:
```
Disk quotas for user guest (uid 501)
Filesystem  blocks  soft  hard  inodes  soft  hard
 /dev/sdb1   10325     0     0    1054     0     0
```
The blocks and inodes entries reflect the user's current usage on a file system.

Tip:

Setting a limit to 0 disables quota checking and enforcement for the corresponding blocks or inodes category.
Edit the soft and hard block limits for the number of blocks and inodes, then save the changes.

Or, you can use the setquota command to configure quota limits from the command line. The -p option applies quota settings from one user or group to another user or group.

Note that when using XFS file systems, xfs_quota is the preferred tool to manage quota information. See Managing Quotas on an XFS File System for more information.

For more information, see the edquota(8) and setquota(8) manual pages.

Setting Project Quotas

Some file systems enable you to set quotas on individual directory hierarchies, which are known as managed trees. Each managed tree is uniquely identified by a project ID and an optional project name. The ability to control the disk usage of a directory hierarchy is useful if you don't otherwise want to set quota limits for a privileged user, for example, /var/log, or if many users or groups have write access to a directory, for example, /var/tmp.

To define a project and set quota limits for it:

Mount the file system with project quotas enabled.
```
sudo mount -o pquota device mountpoint
```
For example, to enable project quotas for the /myxfs file system, you would use the following command:
```
sudo mount -o pquota /dev/vg0/lv0 /myxfs
```
Define a unique project ID for the directory hierarchy in the /etc/projects file.
```
sudo echo project_ID:mountpoint/directory |sudo tee -a /etc/projects
```
For example, you would set a project ID of 51 for the directory hierarchy /myxfs/testdir as follows:
```
sudo echo 51:/myxfs/testdir |sudo tee -a /etc/projects
```
Create an entry in the /etc/projid file that maps a project name to the project ID.
```
sudo echo project_name:project_ID |sudo tee -a /etc/projid
```
For example, you would map the project name testproj to the project with ID 51 as follows:
```
sudo echo testproj:51 |sudo tee -a /etc/projid
```

For more information, see the projects(5) and projid(5) manual pages.

With the file system mounted to enable project quotas and project IDs set for the directory hierarchy, you can set limits for the project quota using edquota or xfs_quota. Note that when using XFS file systems, xfs_quota is preferred. See Managing Quotas on an XFS File System for more information.

Setting a Grace Period for Soft Limits

Run the following command to set a grace period for soft limits:
```
sudo edquota -t
```
Running the previous command opens a text file in a default text editor, thus enabling you to specify the grace period, as shown in the following example:
```
Grace period before enforcing soft limits for users:
Time units may be: days, hours, minutes, or seconds
  Filesystem     Block grace period     Inode grace period
  /dev/sdb1            7days                  7days 
```
Specify the grace periods for the soft limits on the number of blocks and inodes, then save the changes.

For more information, see the edquota(8) manual page.

Displaying Disk Quotas

To display a user's disk usage, use the quota command without any options or arguments:

sudo quota username

To display a group's disk usage, add the -g option, use the following command:

sudo quota -g group

To display information about file systems, where usage is over the quota limits, add the -q option, for example:

sudo quota -q

Users can also use the quota command to display disk usage for themselves and their group.

For more information, see the quota(1) manual page.

Enabling and Disabling Disk Quotas

To disable disk quotas for all users, groups on a specific file system, use the following command:

sudo quotaoff -guv filesystem

To disable disk quotas for all users, groups, and file systems, use the following command:

sudo quotaoff -aguv

Reactivate disk quotas for all users, groups, and file systems as follows:

sudo quotaon -aguv

For more information, see the quotaon(1) manual page.

Reporting on Disk Quota Usage

To display the disk quota usage for a file system:

sudo repquota filesystem

To display the disk quota usage for all file systems:

sudo repquota -a

For more information, see the repquota(8) manual page.

Maintaining the Accuracy of Disk Quota Reporting

Uncontrolled system shutdowns can lead to inaccuracies in disk quota reports.

The following steps show how to rebuild the quota database for a file system:

Disable disk quotas for the file system:
```
sudo quotaoff -guv filesystem
```
Unmount the file system:
```
sudo umount filesystem
```
Rebuild the quota databases:
```
sudo quotacheck -guv filesystem
```
Mount the file system:
```
sudo mount filesystem
```
Enable disk quotas for the file system:
```
sudo quotaoff -guv filesystem
```

For more information, see the quotacheck(8) manual page.