2 Performing Basic File System Administration
This chapter describes basic tasks for administering file systems. The chapter also describes how to configure Access Control Lists (ACLs) and how to configure and manage disk quotas.
Building File Systems
The mkfs command syntax enables you to build a file system on a block device:
sudo mkfs [options] device
Typically, the -t
fstype
and -L
label
options are used with
the mkfscommand. The following example builds
an ext4
file system with the label Project:
sudo mkfs -t ext4 -L Projects /dev/sdb1
If you don't specify the file system type, an ext2
file system is created
by default.
You can also omit -t fstype
and instead use the appropriate full mkfs.<extension>
command as listed in /sbin
. The following command produces the same result as
the previous command:
sudo mkfs.ext4 -L Projects /dev/sdb1
To display the file system type, use the blkid command, for example:
sudo blkid /dev/sdb1
The output of the previous command would be similar to the following:
/dev/sdb1: UUID="ad8113d7-b279-4da8-b6e4-cfba045f66ff" BLOCK_SIZE="512" TYPE="ext4" PARTUUID="PARTUUID="6a0cf5e9-09e5-40cf-ab47-3166e1c60f24" LABEL="Projects"
Each file system type supports several features that you can enable or disable by specifying
more options with either the mkfs command format or the full
mkfs.<extension> command. For example, you can use the
-J option to specify the size and location of the journal that's used
by the ext*
file system types.
For more information, see the blkid(8)
,
mkfs(8)
, and mkfs.fstype(8)
manual pages.
Mounting File Systems
To access a file system's contents, you need to attach its block device to a mount point in the directory hierarchy. Any directory can be used to function as a mount point.
Typically, you create a directory for a mount point. If you use an existing directory, the contents remain hidden until you unmount the overlying file system.
About the mount Command
You use the mount command to attach the device containing the file system to the mount point as follows:
sudo mount [options] device mount_point
The device can be mounted by referencing its name, UUID, or
label. For example, to mount the file system that was created in
the previous section to /var/projects
, any of
the following commands can be used after you create the
directory by running the following commands:
sudo mkdir /var/projects
sudo mount /dev/sdb1 /var/projects
sudo mount UUID="ad8113d7-b279-4da8-b6e4-cfba045f66ff" /var/projects
sudo mount LABEL="Projects" /var/projects
Issuing the mount command by itself displays all the mounted file systems. In the following example, an extract of the command's output indicates the following:
-
/dev/sdb1
with anext4
file system is mounted on/var/projects
for both reading and writing -
/dev/mapper/vg_host01-lv_root
, an LVM logical volume also with anext4
file system, is mounted on/
for both reading and writing:
sudo mount
The output of the previous command would be similar to the following:
/dev/sdb1 on /var/projects type ext4 (rw) /dev/mapper/vg_host01-lv_root on / type ext4 (rw) ...
Or, you can use the cat /proc/mounts command to display information about mounted file systems.
The df -h command displays information about file systems and their use of disk space:
Filesystem Size Used Avail Use% Mounted on ... /dev/sda3 46G 18G 29G 39% / /dev/sda2 795M 452M 344M 57% /boot /dev/sda1 100M 5.7M 95M 6% /boot/efi ...
To attach or bind a block device at several mount points, use the mount -B command.
You can also remount part of a directory hierarchy, which need
not be a complete file system, somewhere else. For example, you
would use the following command to mount
/var/projects/project1
on
/mnt
, for example:
sudo mount -B /var/projects/project1 /mnt
Each directory hierarchy acts as a mirror of the other. The same files are accessible in either location. However, any submounts aren't replicated. These mirrors don't provide data redundancy.
To mount a file over another file, you would use the following command:
sudo touch /mnt/foo
sudo mount -B /etc/hosts /mnt/foo
In the previous example, the /etc/hosts
and /mnt/foo
mount
points represent the same file. The existing file that acts as a mount point isn't accessible
until you unmount the overlying file.
To include submounts in the mirror, use the -R option to create a recursive bind.
When you use the -B or -R option, the file system mount options remain the same as those for the original mount point. To change, the mount options, use a separate remount command, for example:
sudo mount -o remount,ro /mnt/foo
You can mark the submounts in a mount point as being shared, private, or secondary. You can specify the following options:
- mount --make-shared mount_point
-
Any mounts or unmounts under the specified mount point propagate to any mirrors that you create, and this mount hierarchy reflects mounts or unmount changes that you make to other mirrors.
- mount --make-private mount_point
-
Any mounts or unmounts under the specified mount point don't propagate to other mirrors, nor does this mount hierarchy reflect mounts or unmount changes that you make to other mirrors.
- mount --make-slave mount_point
-
Any mounts or unmounts under the specified mount point don't propagate to other mirrors, but this mount hierarchy does reflect mounts or unmount changes that you make to other mirrors.
To prevent a mount from being mirrored by using the -B or -R options, mark its mount point as being unbindable:
sudo mount --make-unbindable mount_point
To move a mounted file system, directory hierarchy, or file between mount points, use the -M option, for example:
sudo touch /mnt/foo
sudo mount -M /mnt/foo /mnt/bar
To unmount a file system, use the umount command:
sudo umount /var/projects
Or, you can specify the block device if it's mounted on only one mount point.
For more information, see the mount(8)
and
umount(8)
manual pages.
Using More Options of the mount Command
You can identify the mount command behavior by using the -o option to specify options in a comma-separated list. Some of these options are as follows:
Note:
These options can also be entered in the
/etc/fstab
file.
-
auto
-
Causes the file system to be mounted automatically by using the mount -a command.
-
exec
-
Causes the execution of any binary files in the file system.
-
loop
-
Uses a loop device (
/dev/loop*
) to mount a file that contains a file system image. See Mounting a File That Contains a File System Image, Creating a File System on a File Within Another File System, and thelosetup(8)
manual page.Note:
The default number of available loop devices is 8. You can use the kernel boot parameter
max_loop=N
to configure up to 255 devices. Or, add the following entry to/etc/modprobe.conf
:options loop max_loop=N
In the previous example, N is the number of loop devices that you require (from 0 to 255), and then reboot the system.
-
noauto
-
Prevents the file system from being mounted automatically when mount -a is issued.
-
noexec
-
Prevents the execution of any binary files in the file system.
-
nouser
-
Prevents any user other than the
root
user from mounting or unmounting the file system. -
remount
-
Remounts the file system if it's already mounted. You would typically combine this option with another option such as
ro
orrw
to change the behavior of a mounted file system. -
ro
-
Mounts a file system as read-only.
-
rw
-
Mounts a file system for reading and writing.
-
user
-
Allows any user to mount or unmount the file system.
The following examples show different ways to use the mount -o command syntax.
-
Mount the
/dev/sdd1
file system as/test
with read-only access and grant only theroot
user to mount or unmount the file system:sudo mount -o nouser,ro /dev/sdd1 /test
-
Mount an ISO image file on
/mount/cdrom
with read-only access by using the loop device:sudo mount -o ro,loop ./Linux-Server-dvd.iso /media/cdrom
-
Remount the
/test
file system with both read and write access, and prohibit the execution of any binary files that are in the file system:sudo mount -o remount,rw,noexec /test
Mounting a File That Contains a File System Image
A loop device lets you access a file as a block device. For example, you can mount a file
that contains a DVD ISO image on the directory mount point /ISO
as follows:
sudo mount -t iso9660 -o ro,loop /var/ISO_files/V33411-01.iso /ISO
If required, create a permanent entry for the file system in the
/etc/fstab
file, for example:
/var/ISO_files/V33411-01.iso /ISO iso9660 ro,loop 0 0
About the File System Mount Table
The /etc/fstab
file contains the file system mount table, which provides
all the information that the mount command requires to mount block
devices or implement binding of mounts. If you add a file system, you must create the
appropriate entry in the /etc/fstab
file to ensure that the file system is
mounted at boot time. The following are typical entries from this file:
/dev/sda1 /boot ext4 defaults 1 2 /dev/sda2 / ext4 defaults 1 1 /dev/sda3 swap swap defaults 0 0
The descriptions of each field in the previous output are as follows:
-
The first field indicates the device to mount, which is specified by the device name, UUID, or device label, or the specification of a remote file system. A UUID or device label is preferable to a device name if the device name could change, for example:
LABEL=Projects /var/projects ext4 defaults 1 2
Note that the first field specifies the path of the file system, directory hierarchy, or file that's to be mounted on the mount point specified by the second field. The third and fourth fields are specified as
none
andbind
. -
The second field is either the mount point for a file system or
swap
to indicate a swap partition. The mount point must be a path to either a file or a directory. -
The third field is the file system type, such as
ext4
orswap
. -
The fourth field specifies any mount options.
-
The fifth column specifies whether the dump command dumps the file system (
1
) or not (0
). -
The sixth column identifies the order by which the fsck command performs a file system check at boot time. The root file system has the value
1
, while other file systems have2
. A value of0
skips checking, as is appropriate for swap, for file systems that aren't mounted at boot time, and for binding of existing mounts.
For bind mounts, only the first four fields are specified, for example:
path mount_point none bind
For more information, see the fstab(5)
manual
page.
Configuring the Automounter
The automounter mounts file systems when they're accessed, rather than maintaining connections for those mounts all the time. When a file system becomes inactive for a certain period, the automounter unmounts it. Using automounting frees up system resources and improves system performance.
The automounter consists of two components: the
autofs
kernel module and the
automount
user-space daemon. It also references
entries in /etc/auto.master
, which is the
automounter configuration file.
About the Automounter Configuration File
In the /etc/auto.master
configuration file,
each map entry specifies a mount point and a map file that
contains definitions of the remote file systems that can be
mounted, for example:
/- /etc/auto.direct /misc /etc/auto.misc /net -hosts
The previous example shows the following types of map entries:
-
/-
: direct map entry. Direct map entries always specify/-
as the mount point. -
/misc
: indirect map entry. -
/net
: host map entry. Host maps always specify the keyword-hosts
instead of a map file.
A direct map contains definitions of directories that are
automounted at the specified absolute path. In the example, the
auto.direct
map file might contain an entry
similar to the following:
/usr/man -fstype=nfs,ro,soft host01:/usr/man
This entry is a directive to do the following:
-
Mount the file system
/usr/man
that's exported byhost01
by specifying thero
andsoft
options. -
Create the
/usr/man
mount point if it doesn't already exist. If the mount point exists , the mounted file system hides any existing files that it contains.
Because the default file system type is NFS, the previous example can be shortened to read as follows:
/usr/man -ro,soft host01:/usr/man
An indirect map contains definitions of directories or keys that are automounted
relative to the mount point (/misc
) that's specified in the
/etc/auto.master
file. For example, the /etc/auto.misc
map
file might contain entries similar to the following:
xyz -ro,soft host01:/xyz cd -fstype=iso9600,ro,nosuid,nodev :/dev/cdrom abc -fstype=ext3 :/dev/hda1 fenetres -fstype=cifs,credentials=credfile ://fenetres/c
Note that the /misc
directory must already exist; however, the automounter
creates a mount point for the keys xyz
, cd
, and so on, if
they don't already exist, and then removes them when it unmounts the file system.
For example, using the ls /misc/xyz command
causes the automounter to the mount the /xyz
directory, exported by host01
as
/misc/xyz
.
The cd
and abc
entries
mount the following local file systems: an ISO image from the
CD-ROM drive on /misc/cd
and an ext3 file
system from /dev/hda1
on
/misc/abc
. The fenetres
entry mounts a Samba share as /misc/fenetres
.
If a host map entry exists, and a command references an NFS server that's relative to the
mount point (/net
) by name, the automounter mounts all the directories that
the server exports within a subdirectory of the mount point named for the server. For example,
the cd /net/host03 command causes the automounter to mount all exports
from host03
under the /net/host03
directory. By default, the
automounter uses the nosuid,nodev,intr
mount options unless you override the
options in the host map entry, as follows:
/net -hosts -suid,dev,nointr
Note:
The name of the NFS server must be resolvable to an IP address
in DNS or the /etc/hosts
file.
For more information about NFS administration, see the Using NFS in Oracle Linux chapter in Oracle Linux 8: Managing Shared File Systems
Oracle Linux 9: Managing Shared File
Systems. See also the
hosts.master(5)
and auto.master(5)
manual pages.
Installing and Enabling the Automounter
-
Install the
autofs
package and any other packages that are required to support remote file systems:sudo dnf install autofs
-
Edit the
/etc/auto.master
configuration file to define map entries that are appropriate to the file systems.See About the Automounter Configuration File for reference.
-
Start the
autofs
service, and configure the service to start following a system reboot:sudo systemctl start autofs sudo systemctl enable autofs
You can configure various settings for autofs
in the /etc/sysconfig/autofs
file, including
the idle timeout value after which a file system is
automatically unmounted.
If you change the /etc/auto.master
or
/etc/sysconfig/autofs
file, restart the autofs
service to
reread these files:
sudo systemctl restart autofs
For more information, see the automount(8)
and autofs(5)
manual pages.
Creating a File System on a File Within Another File System
-
Create an empty file of the required size:
sudo dd if=/dev/zero of=/fsfile bs=1024 count=1000000
The output of the previous command would be as follows:
1000000+0 records in 1000000+0 records out 1024000000 bytes (1.0 GB) copied, 8.44173 s, 121 MB/s
-
Create a file system on the file:
sudo mkfs.ext4 -F /fsfile
The output of the previous command would be as follows:
mke2fs 1.44.6 (5-Mar-2019) Discarding device blocks: done Creating filesystem with 250000 4k blocks and 62592 inodes Filesystem UUID: 17ef1d96-c595-4f19-891b-112a56b54c82 Superblock backups stored on blocks: 32768, 98304, 163840, 229376 Allocating group tables: done Writing inode tables: done Creating journal (4096 blocks): done Writing superblocks and filesystem accounting information: done
-
Mount the file as a file system by using a loop device:
sudo mount -o loop /fsfile /mnt
The file appears as a normal file system when you run the sudo mount command:
... /fsfile on /mnt type ext4 (rw,loop=/dev/loop0)
sudo df -h
Filesystem Size Used Avail Use% Mounted on ... /fsfile 962M 18M 896M 2% /mnt
If required, create a permanent entry for the file system in
/etc/fstab
:/fsfile /mnt ext4 rw,loop 0 0
About Access Control Lists
POSIX Access Control Lists (ACLs) provide a richer access control model than traditional
UNIX Discretionary Access Control (DAC) that sets read, write, and execute permissions for the
owner, group, and all other system users. You can configure ACLs that define access rights for
more than a single user or group, and specify rights for programs, processes, files, and
directories. If you set a default ACL on a directory, its descendents inherit the same rights
automatically. You can use ACLs with the btrfs
,
OCFS2
,
ext3
, ext4
, and XFS
file systems, including
mounted NFS file systems.
An ACL consists of a set of rules that specify how a specific user or group can access the file or directory with which the ACL is associated. A regular ACL entry specifies access information for a single file or directory. A default ACL entry is set on directories only, and specifies default access information for any file within the directory that doesn't have an access ACL.
Enabling ACL Support
-
Ensure that the
acl
package is installed. If not, use the following command:sudo dnf install acl
-
Edit the
/etc/fstab
file and change the entries for any file systems that you want to use ACLs so that they include the appropriate option that supports ACLs, for example:LABEL=/work /work ext4 acl 0 0
For mounted Samba shares, use the
cifsacl
option instead ofacl
. -
Remount the file systems:
sudo mount -o remount /work
Setting and Displaying ACLs
To add or modify the ACL rules for file, use the setfacl command with the following syntax:
sudo setfacl -m rules file ...
ACL rules accept the following forms:
- [d:]u: user[: permissions]
-
Sets the access ACL for the user specified by name or user ID. The permissions apply to the owner if no user is specified.
- [d:]g: group[: permissions]
-
Sets the access ACL for a group specified by name or group ID. The permissions apply to the owning group if no group is specified.
- [d:]m[:][: permissions]
-
Sets the effective rights mask, which is the union of all permissions of the owning group and all user and group entries.
- [d:]o[:][: permissions]
-
Sets the access ACL for other (everyone else to whom no other rule applies).
The permissions are as follows and are used with the chmod command.
-
r
: read -
w
: write -
x
: execute
The d: prefix is used to apply the rule to the default ACL for a directory.
To display a file's ACL, use the getfacl command, for example:
sudo getfacl foofile
The output of this command would be as follows:
# file: foofile # owner: bob # group: bob user::rw- user::fiona:r-- user::jack:rw- user::jill:rw- group::r-- mask::r-- other::r--
If extended ACLs are active on a file, the ls
-l command displays a plus sign (+
)
after the permissions:
-rw-r--r--+ 1 bob bob 105322 Apr 11 11:02 foofile
The following examples show how to set and display ACLs for directories and files:
-
To grant read access to a file or directory by a user:
sudo setfacl -m u:user:r file
-
To display the name, owner, group, and ACL for a file or directory:
sudo getfacl file
-
To remove write access to a file for all groups and users by changing the effective rights mask rather than the ACL:
sudo setfacl -m m::rx file
Note that the -x option removes rules for a user or group.
-
To remove the rules for a user from the ACL of a file:
sudo setfacl -x u:user file
-
To remove the rules for a group from the ACL of a file:
sudo setfacl -x g:group file
-
To remove all the extended ACL entries from a file or directory, specify the -b option:
sudo setfacl -b file
-
To copy the ACL of file f1 to file f2:
sudo getfacl f1 | setfacl --set-file=- f2
-
To set a default ACL of read and execute access for other on a directory:
sudo setfacl -m d:o:rx directory
-
To promote the ACL settings of a directory to default ACL settings that can be inherited:
sudo getfacl --access directory | setfacl -d -M- directory
-
to remove the default ACL from a directory, specify the -k option:
sudo setfacl -k directory
For more information, see the acl(5)
,
setfacl(1)
, and getfacl(1)
manual pages.
About Disk Quotas
You can set disk quotas to restrict the amount of disk space or blocks that users or groups can use, to limit the number of files or inodes that users or groups can create, and to notify you when usage is reaching a specified limit. A hard limit specifies the maximum number of blocks or inodes that are available to a user or group on the file system. Users or groups can exceed a soft limit for a period, which is known as a grace period.
Oracle Linux 8 doesn't provide support for user and group disk quotas for a Btrfs file system. However, quota support at the subvolume level is available for a Btrfs file system as a technology preview in this release. For more information, see Managing Quotas for Btrfs Subvolumes With Quota Groups.
For information about how to configure quotas for an XFS file system, see Managing Quotas on an XFS File System.
Enabling Disk Quotas on File Systems
Disk quotas are enabled at mount. The following table describes the options that you can specify with the mount command to enable quotas.
Mount Option | Description |
---|---|
gqnoenforce |
Enable group quotas. Report usage, but do not enforce usage limits. |
gquota |
Enable group quotas and enforce usage limits. |
pqnoenforce |
Enable project quotas. Report usage, but do not enforce usage limits. |
pquota |
Enable project quotas and enforce usage limits. |
uqnoenforce |
Enable user quotas. Report usage, but don't enforce usage limits. |
uquota |
Enable user quotas and enforce usage limits. |
-
Install the
quota
package on the system, if not already installed:sudo dnf install quota
-
Add the
usrquota
orgrpquota
options to the file system's/etc/fstab
entry:/dev/sdb1 /home ext4 usrquota,grpquota 0 0
-
Remount the file system:
sudo mount -o remount /home
-
Create the quota database files:
sudo quotacheck -cug /home
The previous command creates the files
aquota.user
andaquota.group
in the root of the file system, which is/home
in this example.
For more information, see the quotacheck(8)
manual page.
Assigning Disk Quotas to Users and Groups
-
For a user, use the following command:
sudo edquota username
for a group, use the following command:
sudo edquota -g group
Running the previous command opens a text file opens in the default editor that's defined by the
EDITOR
environment variable. Therefore, you can specify the limits for the user or group, for example:Disk quotas for user guest (uid 501) Filesystem blocks soft hard inodes soft hard /dev/sdb1 10325 0 0 1054 0 0
The
blocks
andinodes
entries reflect the user's current usage on a file system.Tip:
Setting a limit to
0
disables quota checking and enforcement for the correspondingblocks
orinodes
category. -
Edit the soft and hard block limits for the number of blocks and inodes, then save the changes.
Or, you can use the setquota command to configure quota limits from the command line. The -p option applies quota settings from one user or group to another user or group.
Note that when using XFS file systems, xfs_quota is the preferred tool to manage quota information. See Managing Quotas on an XFS File System for more information.
For more information, see the edquota(8)
and
setquota(8)
manual pages.
Setting Project Quotas
Some file systems enable you to set quotas on individual directory hierarchies, which are
known as managed trees. Each managed tree is uniquely identified by a project ID
and an optional project name. The ability to control the disk usage of a directory
hierarchy is useful if you don't otherwise want to set quota limits for a privileged user, for
example, /var/log
, or if many users or groups have write access to a
directory, for example, /var/tmp
.
To define a project and set quota limits for it:
-
Mount the file system with project quotas enabled.
sudo mount -o pquota device mountpoint
For example, to enable project quotas for the
/myxfs
file system, you would use the following command:sudo mount -o pquota /dev/vg0/lv0 /myxfs
-
Define a unique project ID for the directory hierarchy in the
/etc/projects
file.sudo echo project_ID:mountpoint/directory |sudo tee -a /etc/projects
For example, you would set a project ID of 51 for the directory hierarchy
/myxfs/testdir
as follows:sudo echo 51:/myxfs/testdir |sudo tee -a /etc/projects
-
Create an entry in the
/etc/projid
file that maps a project name to the project ID.sudo echo project_name:project_ID |sudo tee -a /etc/projid
For example, you would map the project name
testproj
to the project with ID 51 as follows:sudo echo testproj:51 |sudo tee -a /etc/projid
For more information, see the projects(5)
and projid(5)
manual pages.
With the file system mounted to enable project quotas and project IDs set for the directory hierarchy, you can set limits for the project quota using edquota or xfs_quota. Note that when using XFS file systems, xfs_quota is preferred. See Managing Quotas on an XFS File System for more information.
Setting a Grace Period for Soft Limits
-
Run the following command to set a grace period for soft limits:
sudo edquota -t
Running the previous command opens a text file in a default text editor, thus enabling you to specify the grace period, as shown in the following example:
Grace period before enforcing soft limits for users: Time units may be: days, hours, minutes, or seconds Filesystem Block grace period Inode grace period /dev/sdb1 7days 7days
-
Specify the grace periods for the soft limits on the number of blocks and inodes, then save the changes.
For more information, see the edquota(8)
manual page.
Displaying Disk Quotas
To display a user's disk usage, use the quota command without any options or arguments:
sudo quota username
To display a group's disk usage, add the -g option, use the following command:
sudo quota -g group
To display information about file systems, where usage is over the quota limits, add the -q option, for example:
sudo quota -q
Users can also use the quota command to display disk usage for themselves and their group.
For more information, see the quota(1)
manual
page.
Enabling and Disabling Disk Quotas
To disable disk quotas for all users, groups on a specific file system, use the following command:
sudo quotaoff -guv filesystem
To disable disk quotas for all users, groups, and file systems, use the following command:
sudo quotaoff -aguv
Reactivate disk quotas for all users, groups, and file systems as follows:
sudo quotaon -aguv
For more information, see the quotaon(1)
manual page.
Reporting on Disk Quota Usage
To display the disk quota usage for a file system:
sudo repquota filesystem
To display the disk quota usage for all file systems:
sudo repquota -a
For more information, see the repquota(8)
manual page.
Maintaining the Accuracy of Disk Quota Reporting
Uncontrolled system shutdowns can lead to inaccuracies in disk quota reports.
The following steps show how to rebuild the quota database for a file system:
-
Disable disk quotas for the file system:
sudo quotaoff -guv filesystem
-
Unmount the file system:
sudo umount filesystem
-
Rebuild the quota databases:
sudo quotacheck -guv filesystem
-
Mount the file system:
sudo mount filesystem
-
Enable disk quotas for the file system:
sudo quotaoff -guv filesystem
For more information, see the quotacheck(8)
manual page.