Solaris File System

Understanding the SOLARIS file system is very important, before we discuss anything further. Its huge topic and I suggest you really need to be patient while going through it. If you find anything difficult to understand, you can comment and I will get back to you as soon as possible.
File is the basic unit in Solaris, similar to atom for an element in chemistry. For example commands are executable files, documents are text file or file having code/script, directories are special files containing other files etc.

Blocks: A file occupies the space on disks in units. These units are called Blocks. The blocks are measured in two sizes :
1. Physical Block size: Its the size of the smallest block that the disk controller can read or write. The physical block size is usually 512B for UFS(Unix Files System). It may vary from file system to file system.
2. Logical Block size:  Its the size of the block that UNIX uses to read or write files. It is set by default to the page size of the system, which is 8KB for UFS.

Inodes: It is a data structure that contains all the file related information except the file name and data. It is 128 kb in size and is stored in cylindrical information block. The inode contains following information about a file :
1. Type of File : e.g. regular file, block special, character special, directory, symbolic link, other inode etc.
2. The file modes : e.g. read, write, execute permissions.
3. The number of hard links to the file.
4. The group id to which the file belongs
5. The user ID that owns the file.
6. The number of bytes in the file.
7. An array of addresses for 15 disk blocks
8. The date and time when the file was created, last accessed and last modified.

So, an Inode contains almost all the information about a file. But what is more important is what an inode does not contain. An inode does not contain the "file name" and data. The file name is stored inside a directory and data is saved in blocks

There is an inode associated with each file. So, the number of inodes determines the maximum number of files in the files system. The number of inodes depends upon the size of file system. For example : lets take a file system of size 2gb. The inode size will be 4kb each. So the number of inodes = 2gb /4kb = 524288. So the maximum number of files that can be created is 524288.

File systemIts the way an operating system organizes files on a medium(storage device). 
The different flavors of UNIX have different default file systems. Few of them are listed below:
SOLARIS UFS (Unix File System)
AIX - JFS (journal FS)
JP - HFS (high performance FS)
LINUX - ext2 ext3

Before getting into the UFS file system, lets discuss about the architecture of the file system in SOLARIS and other file systems used in SOLARIS.

SOLARIS uses VFS (Virtual File System architecture). It provides standard interface for different file system types. The VFS architecture enables kernel to perform basic file operation such as reading, writting and listing.  Its is called virtual because the user can issue same command to work regardless of the file system. SOLARIS also uses memory based file system and disk based file system.

Lets discuss some memory based file systems:
Memory based File Systems:
It use the physical memory rather than disk and hence also called Virtual File System or pseudo file system. Following are the Memory based file system supported by SOLARIS:
1. Cache File System(CacheFS): It uses the local disk to cache the data from the slow file systems like CD - ROM.
2. Loopback File System(LOFS): If we want to make a file system e.g: /example to look like /ex, we can do that by creating a new virtual file system known as Loopback File System.
3. Process File System(PROOFS): It is used to contains the list of active process in SOLARISby their process ID, in the /proc directory. It is used by the ps command.
4. Temporary File System(TEMPFS): It is the temporary file system used by SOLARIS to perform the operation on file systems. It is default file system for /tmp directory in SOLARIS.
5. FIFOFS: First in first out file system contains named pipe to give processes access to data
6. MNTFS: It contains information about all the mounted file system in SOLARIS.
7. SWAPFS: This file system is used by kernel for swapping.

Disk Based File System:
The disk based file systems resides on disks such as hard disk, cd-rom etc. Following are the disk based file system supported by SOLARIS:
1. High Sierra File System(HSFS): It is the file system for CD-ROMs. It is read only file system.
2. PC File System(PCFS): It is used to gain read/write access to the disks formatted for DOS.
3. Universal Disk Format(UDF): It is used to store information on DVDs.
4. Unix File System(UFS): It is default File system used in SOLARIS. We will discuss in details below.

Device File System (devfs)
The device file system (devfs) manages devices in Solaris 10 and is mounted to the mount point/devices.
The files in the /dev directory are symbolic links to the files in the /devices directory.

Features of UFS File System:
1. Extended Fundamental Types (EFTs). Provides a 32-bit user ID (UID), a group ID (GID), and device numbers.
2. Large file systems. This file system can be up to 1 terabyte in size, and the largest file size on a 32-bit system can be about 2 gigabytes.
3. Logging. Offers logging that is enabled by default in Solaris 10. This feature can be very useful for auditing, troubleshooting, and security purposes.
4. Multiterabyte file systemsSolaris 10 provides support for mutiterabyte file systems on machines that run a 64-bit Solaris kernel. In the previous versions, the support was limited to approximately 1 terabyte for both 32-bit and 64-bit kernels. You can create a UFS up to 16 terabytes in size with an individual file size of up to 1 terabyte.
5. State flags. Indicate the state of the file system such as active, clean, or stable. 
6. Directory contents: table
7. Max file size: 273 bytes (8 ZB)
8. Max filename length: 255 bytes
9. Max volume size: 273 bytes (8 ZB)
10. Supported operating systems: AIX, DragonFlyBSD, FreeBSD, FreeNAS, HP-UX, NetBSD, Linux, OpenBSD, Solaris, SunOS, Tru64 UNIX, UNIX System V, and others

 Now, that we have some basic idea of the SOLARIS file system, lets explore some important file systems in SOLARIS.
Windows guys must be aware of important directories in windows like sytem32, program files etc., like wise below we will discuss some important file systems in Solaris:

/    root directory
/usr     man pages information
/opt     3rd party packages
/etc     system configuration files
/dev   logical drive info
/devices   physical devices info
/home    default user home directory
/ kernel   Info abt kernel(genunix for Solaris)
lost+found unsaved data info
/proc    all active PID's running
/tmp    Temporary files system
/lib    library file information(debuggers, compilers)
/var    It contains logs for troubleshooting
/bin    Symbolic link to the /usr/bin directory (Symbolic link is same as shortcut in windows)
/export   It commonly holds user's home directory but can customized according the requirement
/mnt    Default mount point used to temporarily mount file systems
/sbin    Contains system administration commands and utilities. Used during booting when /usr/bin is not                                                mounted.
Important: / is the root directory and as the name suggests, other directories spawn from it.

File Handling
Lets us now get started with managing file i.e. creating, editing and deleting files.I have mentioned few commands below and their usage in managing/handling file & directories.

pwd Displays current working directory
touch filename Creates a file
touch file1 file2 file3   Creates multiple files(space is used as separator)
file filename Displays the type of a file/directory
cat filename Displays the content of the file
cat > filename Writes/over-writes the file(ctrl + D save and exit)
cat >> filename  Used to append the content to the file(ctrl + D save and exit)


mkdir /directoryname Creates a directory
mkdir -p /directory1/directory2  Creates a child directory under the parent directory(-p option  to  specify the parent directory)

cd  Changes the current working directory to root
cd directoryname Changes the current working directory to the directory specified
cd .. Changes the current working directory to the previous directory
cd ../.. Changes the current working directory to the previous directory of the previous  directory

Link is a pointer to the file. There are two type of links in SOLARIS OS:

Hard Link: The two files which are having hard links will be having the same inode number. In other terms, when we create hard link to a file, then a redundant copy of the file is created, however the content of both files remains the same. So, if any of the file is updated, the other also gets updated. So any point of time, both the files will have same content.
Command to create Hard Link:
#ln <SourceFile> <DestinationFile>

Following are few features of Hard Link:
It is applicable only for files
The source and destination file system should be in same file system
There is no way to differentiate between (or find out) Hard Link and soft file.
If the source/destination file is updated the other files get updated too.
It the source/destination file is deleted the other file is still accessible. 

Soft Link/Symbolic Link: The two files which are having soft links will be having different inode number.This one is just like the shortcut in windows.
Command to create Soft Link:
#ln –s <SourceFile> <DestinationFile>

Following are few features of Soft Link:
It is applicable for files & directories
The source and destination file system need not be in same file system
The soft link can be differentiated from the original/source file.If the source/destination file is updated the other files get updated too.
It the source file is deleted the destination file is inaccessible.  

Removing Hard and Soft Link:
Important points to remember before removing the links:
1. To remove a file, all hard links that points to the file must be removed, including the name by which it was originally created. 
2. Only after removing the file itself and all of its hard links, will the inode associated with the file be released.
3. In both cases, hard and soft links, if you remove the original file, the link will still exist. 

A link can be removed just as can a file:
rm <linkName>
Important: We should not delete a file without deleting the symbolic links. However, you cannot delete the file (its content) unless you delete all the hard links pointing to it.

Few commands to check disk and file system usage
df command (Disk free command)
df -h → It is used to display the file system information in human readable format
df -k → It is used to display the file system information in KB format
df -b → It is used to display the file system information in blocks(1 block = 512 bytes)
df -e → It is used to display the file system free inode information
df -n → It is used to display the type of file system information(whether the file system is a file or a directory)
df -a → It is used to display the complete information about the file system information(which include above all information)

df -t <file system>  → It displays total number of free blocks & inodes and total blocks & inodes. The example of output is as follows:
# df -t /
/    (/dev/dsk/c1t0d0s0 ): 62683504 blocks  7241984 files     total: 124632118 blocks  7501312 files
7241984→ Free inodes
7501312→ Total inodes
259328→ Used inodes (7501312-7241984=259328)

ls command (Listing Command)
It displays all files and directories under present working directory
ls -p → It list all the files and directories with the o/p which can differentiate between a file and a directory
ls -F → It does the same thing as above mentioned
ls -a → It list all the files and directories along with the hidden files
ls -ap → It list all the files and directories including the hidden ones and the o/p which can differentiate between a file and a directory
ls -l → It list all the files and directories long with the permission and other informations

Output of ls -l
<FileName>→ -rw-r-r-- 2 root root 10 ModifiedDate ModifiedTime <FileName>

Explanation of the above o/p:
'-' at the beginning denotes that it is a file. For a directory it is 'd'.
'-rw' Denotes the owner's permission which is read and write
'-r' Denotes the group's permission which is read only
'-r' Denotes the other user's permission which is read only
'2' Denotes the number of hard links to the file
'root' Denotes the owner of a file
'root' Denotes the group of a file
'10' File Size

Output of ls -ld
<DirectoryName>→ -rw-r-r-- 2 root root 10 ModifiedDate ModifiedTime <DirectoryName>

Explanation of the above o/p:
'd' Denotes that it is a directory. For a file it is '-'.
'-rw' Denotes the owner's permission which is read and write
'-r' Denotes the group's permission which is read only
'-r' Denotes the other user's permission which is read only
'2' Denotes the number of hard links to the directory
'root' Denotes the owner of a directory
'root' Denotes the group of a directory
'10' Directory Size

ls -lt → It displays all the files and directories in the descending order of their last modified date(first → last)
ls -ltr → It displays all the files and directories in the ascending order of their last modified date(last → first)
ls -R → It displays all the files and directories and sub-directories
ls -r → It displays all the files and directories in the revese alphabetical order
ls -i <FileName> → Displays the inode number of the file


Identifying file types from the output of ls command:
-  regular files
d  directories
l  Symbolic Link
b  Block special device files
c  Character special device files

Using Basic File Permissions:
Every file in Solaris has access permission control. We can use ls -l (as discussed above) to view the permission given to the file or directory. The Solaris OS uses two basic measures to prevent unauthorized access to a system and to protect data:
1. Authenticate user's login.
2. To protect the file/directory automatically by assigning a standard set of access at the time of creation.

Types of User: Lets see the different types of user in Solaris who access the files/directories.
FieldDescription
OwnerPermission used by the assigned owner of the file or directory
GroupPermission used by the members of the group that owns the file or directory
OtherPermission used by all user other than owner, and members of group that owns the file or directory

Each of the these user has three permission, called permission set. Each permission set contains read, write and execute permissions.
Each file or directory has three permission sets for three type of users. The first permission set is for owner, the second permission set is for group and the third and last is for other user's permission.
For Example:
#ls -l
-rw-r--r-- 2 root root 10  Jan 31 06:37 file1
In the above example the first permission set is rw mean read and write. The first permission set is for owner so owner has read and write permissions.
The second permission set for the group is r i.e. read only.
The third permission set for the other user is r i.e. read only.
The '-' symbol denotes denied permission.

Permission characters and sets:
Permission Character Access for a file Octal Value
Read r User can display the file content & copy the file 4
Write w User can modify the content of the file 2
Execute x User can execute the file if it has execute permission and file is executable 1

Note : For a directory to be in general use it must have read and execute permission.
When we create a new file or directory in Solaris, OS assigns initial permission automatically. The initial permission of a file or a directory are modified based on default umask value.

UMASK(User Mask Value)
It is used to provide security to files and directories.It is three digit octal value that is associated with the read, write, and execute permissions. The default UMASK value is [022]. It is stored under /etc/profile.
The Various Permission and their Values are listed below:
r (read only) =  4
w (write) =  2
x (execute) =  1
rwx (read+write+execute)  4+2+1 = 7
rw  (read + write) 4+2 =6

Computation of Default permission for a directory:
The directory has a default UMASK value of [777]. When a user creates a directory the user's umask value is subtracted from the Directory's UMASK value.
The UMASK Value of a directory created[755](rwx-rw-rw) = [777](Directory's UMASK value) - [022](Default user's UMASK Value)

Computation of Default permission for a file:
The file has a UMASK value of [666]. When a user creates a file the user's umask value is subtracted from the File's UMASK value.
The UMASK Value of a file created[644](rw-r-r) = [666](File's UMASK value) - [022](Default user's UMASK Value)

#umask→ Displays the user's UMASK Value
#umask 000 → Changes the user's UMASK Value to 000
Note: It is strictly not recommended to change the UMASK value.

chmod(Change Mode):
This command is used to change the file's or directory's pemission.There are two ways of doing it.
1. Absolute or Octal Mode:
e.g. chmod 464 <FileName>/<DirectoryName>
The above command gives the permission r-rw-r.
2. Symbolic Mode:
First we need to understand the below mentioned symbols:
'+' It is used to add a permission
'-' It is used to remove a permission
'u' It er
'g' It is uis used to assign/remove the permission of the ussed to assign/remove the permission of the group
'o' It is used to assign/remove the permission of other user
'a' Permission for all.

e.g. chmod u-wx,g-x,g+w,o-x

ACL (Access Control LIst) :
We have seen above how permission for owner, group and other users are set by default. However, if we want to customize the permission of files, we need to use ACL. There are two ACL commands used and we will discuss these one by one :
1. getfacl : It displays ACL entries for files.
Syntax : getfacl [-a] file1] [file2] ........
-a : Displays the file name, file owner, file group and ACL entries for the specified file or directory.
Example:
#getfacl acltest
#file: acltest
#owner: root
#group: root
user::rw-
group::r--                                        #effective:r--
mask::r--
other:r--
ACL Entry Types:
u[ser]::permThe permissions for the file owner
The permissions for the file owner's group
o[ther]:permThe permissions for users other than owner and owner's group
u[ser]:UID:perm orThe permissions for a specific user. The username must exist in the /etc/passwd file
u[ser]:username:permThe permissions for a specific user. The username must exist in the /etc/group file
g[roup]:GID:perm orThe permissions for a specific group. The groupname must exist in the /etc/passwd file
g[roup]:groupname:permThe permissions for a specific group. The groupname must exist in the /etc/passwd file
m[ask]It indicates the maximum effective permissions allowed for all specified users and groups except for user owner or others.

Determining if a file have an ACL : The files having ACL entry are called Non-Trivial ACL entry and if file do not have any ACL entry except the default one it is called Trivial-ACL entry. When we do ls -l, the file having Non-Trivial ACL entry is having +sign at the end of permission. For example :
#ls -l ravi
-rw-r--r--+ 1 root root 0 April 07 09:00 acltest

#getfacl acltest
#file: acltest
#owner: root
#group: root
user::rw-
user:acluser:rwx                            #effective: r-- as mask is set to r--
group::r--                                        #effective:r--
mask::r--
other:r--

The + sign at the end indicates the presence of non-trivial ACL entries.

2. setfacl : It is used to configure ACL entries on files.

Configuring or modifying an ACL :
Syntax : setfacl -m acl_entry filename
-m : Modifies the existing ACL entry.
acl_entry : It is a list of modifications to apply to ACLs for one or more files/directories.

Example:
#getfacl acltest
#file: acltest
#owner: root
#group: root
user::rw-
group::r--                                        #effective:r--
mask::r--
other:r--
#setfacl -m u:acluser:7 acltest

#getfacl acltest
#file: acltest
#owner: root
#group: root
user::rw-
user:acluser:rwx                            #effective: r-- as mask is set to r--
group::r--                                        #effective:r--
mask::r--
other:r--
In the above example, we saw how we assigned rwx permission to the user acluser, however the effective permission remains r-- as the mask value is r-- which is the maximum effective permission for the user except owner and others.

Recalculating an ACL Mask:
In the above example, we saw that even after making an acl entry of rwx for the user acluser, the effective permission remains r--. In order to overcome that we use -r option to recalculate the ACL mask to provide the full set of requested permissions for that entry. The below example shows the same : 
#setfacl -r -m u:acluser:7 acltest

#getfacl acltest
#file: acltest
#owner: root
#group: root
user::rw-
user:acluser:rwx                            #effective: rwx
group::r--                                        #effective:r--
mask::r--
other:r--
We have seen above how chmod is used to change permissions too. However we should be careful while using this command if ACL entry exists for the file/directory as it recalculates the mask and changes the effective permission. Lets proceed with the above example. We have changed the effective permission of user acluser to rwx. Now, lets change the group permission to rw- using chmod command:
#chmod 664 acltest
#getacl acltest

#file: acltest
#owner: root
#group: root
user::rw-
user:acluser:rwx                            #effective: rw-
group::rw-                                        #effective:rw-
mask::rw-
other:r--
So we  saw that the effective permission changes to rw from rwx for the user acluser.

Substituting an ACL:
This is used to replace the entire set of ACL entry with the specified one. So, we should not miss the basic set of an ACL entries : user, group, other and ACL mask permissions.
Syntax: setfacl -s u::perm, g::perm, o::perm, [u:UID:perm], [g:GID:perm] filename
-s : for the substitution of an acl entry

Deleting an ACL :
It is used to delete and ACL entry.
Syntax :setfacl -d acl_entry filename
Lets go with the last example of file acltest. Now we want to remove the entry for the user acluser. This is done as follows :
#setfacl -d u:acluser acltest
#getfacl acltest

#file: acltest
#owner: root
#group: root
user::rw-
group::rw-                                        #effective:rw-
mask::rw-
other:r--

4 comments:

  1. it is more useful stuff

    ReplyDelete
  2. Very Good Blog.
    Thanks

    ReplyDelete
  3. Really Informative...Thanks...

    ReplyDelete