Redhat6 File System Structure and Maintenance Guide

Chapter 2. File System Structure and Maintenance

2.1. Overview of Filesystem Hierarchy Standard (FHS)

2.1.1. FHS Organization

2.2. Special Red Hat Enterprise Linux File Locations

2.3. The /proc Virtual File System

2.4. Discard unused blocks

The file system structure is the most basic level of organization in an operating system. The way an operating system interacts with its users, applications, and security model nearly always depends on how the operating system organizes files on storage devices. Providing a common file system structure ensures users and programs can access and write files.

File systems break files down into two logical categories:

• Shareable versus unshareable files
• Variable versus static files

Shareable files can be accessed locally and by remote hosts; unshareable files are only available locally.Variable files, such as log files, can be changed at any time; static files, such as binaries, do not change without an action from the system administrator.

Categorizing files in this manner helps correlate the function of each file with the permissions assigned to the directories which hold them. How the operating system and its users interact with a file determines the directory in which it is placed, whether that directory is mounted with read-only or read/write permissions, and the level of access each user has to that file. The top level of this organization is crucial; access to the underlying directories can be restricted, otherwise security problems could arise if, from the top level down, access rules do not adhere to a rigid structure.

⁠2.1. Overview of Filesystem Hierarchy Standard (FHS)

Red Hat Enterprise Linux uses the Filesystem Hierarchy Standard (FHS) file system structure, which defines the names, locations, and permissions for many file types and directories.

The FHS document is the authoritative reference to any FHS-compliant file system, but the standard leaves many areas undefined or extensible. This section is an overview of the standard and a description of the parts of the file system not covered by the standard.

The two most important elements of FHS compliance are:

• Compatibility with other FHS-compliant systems
• The ability to mount a /usr/ partition as read-only. This is especially crucial, since /usr/ contains common executables and should not be changed by users. In addition, since /usr/ is mounted as read-only, it should be mountable from the CD-ROM drive or from another machine via a read-only NFS mount.

⁠2.1.1. FHS Organization

The directories and files noted here are a small subset of those specified by the FHS document. Refer to the latest FHS documentation for the most complete information at http://www.pathname.com/fhs/.

⁠2.1.1.1. Gathering File System Information

The df command reports the system's disk space usage. Its output looks similar to the following:

⁠

Example 2.1. df command output

Filesystem           1K-blocks      Used Available Use% Mounted on/dev/mapper/VolGroup00-LogVol00                       11675568   6272120   4810348  57% / /dev/sda1                 100691      9281     86211  10% /bootnone                     322856         0    322856   0% /dev/shm

By default, df shows the partition size in 1 kilobyte blocks and the amount of used and available disk space in kilobytes. To view the information in megabytes and gigabytes, use the command df -h. The -h argument stands for "human-readable" format. The output for df -h looks similar to the following:

⁠

Example 2.2. df -h command output

Filesystem            Size  Used Avail Use% Mounted on/dev/mapper/VolGroup00-LogVol00                        12G  6.0G  4.6G  57% / /dev/sda199M  9.1M   85M  10% /boot none 316M     0  316M   0% /dev/shm

Note

In the above examples, the mounted partition /dev/shm represents the system's virtual memory file system.

The du command displays the estimated amount of space being used by files in a directory, displaying the disk usage of each subdirectory. The last line in the output of du shows the total disk usage of the directory; to see only the total disk usage of a directory in human-readable format, use du -hs. For more options, refer to man du.

To view the system's partitions and disk space usage in a graphical format, use the Gnome System Monitor by clicking on Applications → System Tools → System Monitor or using the command gnome-system-monitor. Select the File Systems tab to view the system's partitions. The figure below illustrates the File Systems tab.

⁠

Figure 2.1. GNOME System Monitor File Systems tab

⁠2.1.1.2. The /boot/ Directory

The /boot/ directory contains static files required to boot the system, for example, the Linux kernel. These files are essential for the system to boot properly.

Warning

Do not remove the /boot/ directory. Doing so renders the system unbootable.

⁠2.1.1.3. The /dev/ Directory

The /dev/ directory contains device nodes that represent the following device types:

• devices attached to the system;
• virtual devices provided by the kernel.

These device nodes are essential for the system to function properly. The udevd daemon creates and removes device nodes in /dev/ as needed.

Devices in the /dev/ directory and subdirectories are defined as either character (providing only a serial stream of input and output, for example, mouse or keyboard) or block (accessible randomly, for example, a hard drive or a floppy drive). If GNOME or KDE is installed, some storage devices are automatically detected when connected (such as with a USB) or inserted (such as a CD or DVD drive), and a pop-up window displaying the contents appears.

⁠

Table 2.1. Examples of common files in the /dev directory

FileDescription/dev/hdaThe master device on the primary IDE channel./dev/hdbThe slave device on the primary IDE channel./dev/tty0The first virtual console./dev/tty1The second virtual console./dev/sdaThe first device on the primary SCSI or SATA channel./dev/lp0The first parallel port./dev/ttyS0Serial port.

⁠2.1.1.4. The /etc/ Directory

The /etc/ directory is reserved for configuration files that are local to the machine. It should contain no binaries; any binaries should be moved to /bin/ or /sbin/.

For example, the /etc/skel/ directory stores "skeleton" user files, which are used to populate a home directory when a user is first created. Applications also store their configuration files in this directory and may reference them when executed. The /etc/exports file controls which file systems export to remote hosts.

⁠2.1.1.5. The /lib/ Directory

The /lib/ directory should only contain libraries needed to execute the binaries in /bin/ and /sbin/. These shared library images are used to boot the system or execute commands within the root file system.

⁠2.1.1.6. The /media/ Directory

The /media/ directory contains subdirectories used as mount points for removable media, such as USB storage media, DVDs, and CD-ROMs.

⁠2.1.1.7. The /mnt/ Directory

The /mnt/ directory is reserved for temporarily mounted file systems, such as NFS file system mounts. For all removable storage media, use the /media/ directory. Automatically detected removable media will be mounted in the /media directory.

Important

The /mnt directory must not be used by installation programs.

⁠2.1.1.8. The /opt/ Directory

The /opt/ directory is normally reserved for software and add-on packages that are not part of the default installation. A package that installs to /opt/ creates a directory bearing its name, for example /opt/packagename/. In most cases, such packages follow a predictable subdirectory structure; most store their binaries in /opt/packagename/bin/ and their man pages in /opt/packagename/man/.

⁠2.1.1.9. The /proc/ Directory

The /proc/ directory contains special files that either extract information from the kernel or send information to it. Examples of such information include system memory, CPU information, and hardware configuration. For more information about /proc/, refer to Section 2.3, “The /proc Virtual File System”.

⁠2.1.1.10. The /sbin/ Directory

The /sbin/ directory stores binaries essential for booting, restoring, recovering, or repairing the system. The binaries in /sbin/ require root privileges to use. In addition, /sbin/ contains binaries used by the system beforethe /usr/ directory is mounted; any system utilities used after /usr/ is mounted are typically placed in /usr/sbin/.

At a minimum, the following programs should be stored in /sbin/:

• arp
• clock
• halt
• init
• fsck.*
• grub
• ifconfig
• mingetty
• mkfs.*
• mkswap
• reboot
• route
• shutdown
• swapoff
• swapon

⁠2.1.1.11. The /srv/ Directory

The /srv/ directory contains site-specific data served by a Red Hat Enterprise Linux system. This directory gives users the location of data files for a particular service, such as FTP, WWW, or CVS. Data that only pertains to a specific user should go in the /home/ directory.

Note

The default httpd install uses /var/www/html for served content.

⁠2.1.1.12. The /sys/ Directory

The /sys/ directory utilizes the new sysfs virtual file system specific to the 2.6 kernel. With the increased support for hot plug hardware devices in the 2.6 kernel, the /sys/ directory contains information similar to that held by /proc/, but displays a hierarchical view of device information specific to hot plug devices.

⁠2.1.1.13. The /usr/ Directory

The /usr/ directory is for files that can be shared across multiple machines. The /usr/ directory is often on its own partition and is mounted read-only. The /usr/ directory usually contains the following subdirectories:

/usr/bin

This directory is used for binaries.

/usr/etc

This directory is used for system-wide configuration files.

/usr/games

This directory stores games.

/usr/include

This directory is used for C header files.

/usr/kerberos

This directory is used for Kerberos-related binaries and files.

/usr/lib

This directory is used for object files and libraries that are not designed to be directly utilized by shell scripts or users. This directory is for 32-bit systems.

/usr/lib64

This directory is used for object files and libraries that are not designed to be directly utilized by shell scripts or users. This directory is for 64-bit systems.

/usr/libexec

This directory contains small helper programs called by other programs.

/usr/sbin

This directory stores system administration binaries that do not belong to /sbin/.

/usr/share

This directory stores files that are not architecture-specific.

/usr/src

This directory stores source code.

/usr/tmp linked to /var/tmp

This directory stores temporary files.

The /usr/ directory should also contain a /local/ subdirectory. As per the FHS, this subdirectory is used by the system administrator when installing software locally, and should be safe from being overwritten during system updates. The /usr/local directory has a structure similar to /usr/, and contains the following subdirectories:

• /usr/local/bin
• /usr/local/etc
• /usr/local/games
• /usr/local/include
• /usr/local/lib
• /usr/local/libexec
• /usr/local/sbin
• /usr/local/share
• /usr/local/src

Red Hat Enterprise Linux's usage of /usr/local/ differs slightly from the FHS. The FHS states that /usr/local/should be used to store software that should remain safe from system software upgrades. Since the RPM Package Manager can perform software upgrades safely, it is not necessary to protect files by storing them in /usr/local/.

Instead, Red Hat Enterprise Linux uses /usr/local/ for software local to the machine. For instance, if the /usr/directory is mounted as a read-only NFS share from a remote host, it is still possible to install a package or program under the /usr/local/ directory.

⁠2.1.1.14. The /var/ Directory

Since the FHS requires Linux to mount /usr/ as read-only, any programs that write log files or need spool/ or lock/ directories should write them to the /var/ directory. The FHS states /var/ is for variable data, which includes spool directories and files, logging data, transient and temporary files.

Below are some of the directories found within the /var/ directory depending on what is installed on the system:

• /var/account/
• /var/arpwatch/
• /var/cache/
• /var/crash/
• /var/db/
• /var/empty/
• /var/ftp/
• /var/gdm/
• /var/kerberos/
• /var/lib/
• /var/local/
• /var/lock/
• /var/log/
• /var/mail linked to /var/spool/mail/
• /var/mailman/
• /var/named/
• /var/nis/
• /var/opt/
• /var/preserve/
• /var/run/
• /var/spool/
• /var/tmp/
• /var/tux/
• /var/www/
• /var/yp/

System log files, such as messages and lastlog, go in the /var/log/ directory. The /var/lib/rpm/ directory contains RPM system databases. Lock files go in the /var/lock/ directory, usually in directories for the program using the file. The /var/spool/ directory has subdirectories that store data files for some programs. These subdirectories may include:

• /var/spool/at/
• /var/spool/clientmqueue/
• /var/spool/cron/
• /var/spool/cups/
• /var/spool/exim/
• /var/spool/lpd/
• /var/spool/mail/
• /var/spool/mailman/
• /var/spool/mqueue/
• /var/spool/news/
• /var/spool/postfix/
• /var/spool/repackage/
• /var/spool/rwho/
• /var/spool/samba/
• /var/spool/squid/
• /var/spool/squirrelmail/
• /var/spool/up2date/
• /var/spool/uucp/
• /var/spool/uucppublic/
• /var/spool/vbox/

⁠2.2. Special Red Hat Enterprise Linux File Locations

Red Hat Enterprise Linux extends the FHS structure slightly to accommodate special files.

Most files pertaining to RPM are kept in the /var/lib/rpm/ directory. For more information on RPM, refer to man rpm.

The /var/cache/yum/ directory contains files used by the Package Updater, including RPM header information for the system. This location may also be used to temporarily store RPMs downloaded while updating the system. For more information about the Red Hat Network, refer to the documentation online athttps://rhn.redhat.com/.

Another location specific to Red Hat Enterprise Linux is the /etc/sysconfig/ directory. This directory stores a variety of configuration information. Many scripts that run at boot time use the files in this directory.

⁠2.3. The /proc Virtual File System

Unlike most file systems, /proc contains neither text nor binary files. Instead, it houses virtual files; as such, /procis normally referred to as a virtual file system. These virtual files are typically zero bytes in size, even if they contain a large amount of information.

The /proc file system is not used for storage. Its main purpose is to provide a file-based interface to hardware, memory, running processes, and other system components. Real-time information can be retrieved on many system components by viewing the corresponding /proc file. Some of the files within /proc can also be manipulated (by both users and applications) to configure the kernel.

The following /proc files are relevant in managing and monitoring system storage:

/proc/devices

Displays various character and block devices that are currently configured.

/proc/filesystems

Lists all file system types currently supported by the kernel.

/proc/mdstat

Contains current information on multiple-disk or RAID configurations on the system, if they exist.

/proc/mounts

Lists all mounts currently used by the system.

/proc/partitions

Contains partition block allocation information.

For more information about the /proc file system, refer to the Red Hat Enterprise Linux 6 Deployment Guide.

⁠2.4. Discard unused blocks

Batch discard and online discard operations are features of mounted file systems that discard blocks not in use by the file system. They are useful for both solid-state drives and thinly-provisioned storage.

Batch discard operations are run explicitly by the user with the fstrim command. This command discards all unused blocks in a file system that match the user's criteria. Both operation types are supported for use with ext4 file systems as of Red Hat Enterprise Linux 6.2 and later, so long as the block device underlying the file system supports physical discard operations. This is also the case with XFS file systems as of Red Hat Enterprise Linux 6.4 and later. Physical discard operations are supported if the value of /sys/block/device/queue/discard_max_bytes is not zero.

Online discard operations are specified at mount time with the -o discard option (either in /etc/fstab or as part of the mount command), and run in realtime without user intervention. Online discard operations only discard blocks that are transitioning from used to free. Online discard operations are supported on ext4 file systems as of Red Hat Enterprise Linux 6.2 and later, and on XFS file systems as of Red Hat Enterprise Linux 6.4 and later.

Red Hat recommends batch discard operations unless the system's workload is such that batch discard is not feasible, or online discard operations are necessary to maintain performance.

⁠Chapter 3. Encrypted File System

3.1. Mounting a File System as Encrypted

3.2. Additional Information

Red Hat Enterprise Linux 6 provides a technology preview of eCryptfs, a "pseudo-file system" which provides data and filename encryption on a per-file basis. The term "pseudo-file system" refers to the fact that eCryptfs does not have an on-disk format; rather, it is a file system layer that resides on top of an actual file system. The eCryptfs layer provides encryption capabilities.

eCryptfs works like a bind mount by intercepting file operations that write to the underlying (that is, encrypted) file system. The eCryptfs layer adds a header to the metadata of files in the underlying file system. This metadata describes the encryption for that file, and eCryptfs encrypts file data before it is passed to the encrypted file system. Optionally, eCryptfs can also encrypt filenames.

eCryptfs is not an on-disk file system; as such, there is no need to create it via tools such as mkfs. Instead, eCryptfs is initiated by issuing a special mount command. To manage file systems protected by eCryptfs, the ecryptfs-utils package must be installed first.