File Systems

Filesystem is part of operating system to control and manage storing data on hard disk.

 

A journaling file system is a file system that maintains a special file called a journal that is used to repair any inconsistencies that occur as the result of an improper shutdown of a computer. Such shutdowns are usually due to an interruption of the power supply or to a software problem that cannot be resolved without a rebooting.

 

Initramfs: in computing, initrd is a scheme for loading a temporary root file system into memory, which may be used as part of the Linux startup process. The key parts of initramfs are:

  • The special file /dev/initrd is a read-only block device. This device is a RAM disk that is initialized (e.g., loaded) by the boot loader before the kernel is started.
  • CPIO archive, so no filesystems at all are needed in kernel. The archive is simply unpacked into a ram disk.
  • This unpacking happens before do_basic_setup is called. This means that firmware files are available before in-kernel drivers load.
  • The userspace init is called instead of prepare_namespace. All finding of the root device, and md setup happens in userspace.
  • An initramfs can be built into the kernel directly by adding it to the ELF archive under the section name .init.ramfs
  • initramfs' can be stacked. Providing an initramfs to the kernel using the traditional initrd mechanisms causes it to be unpacked along side the initramfs' that are built into the kernel.
  • All magic naming of the root device goes away. Integrating udev into the initramfs means that the exact same view of the /dev tree can be used throughout the boot sequence. This should solve the majority of the SATA failures that are seen where an install can succeed, but the initrd cannot boot.

 

Swap space: when physical memory (RAM) is out of space then swap area can take care of it. In case of failure at boot:

  • sudo blkid
  • copy the swap UUID
  • sudo nano /etc/initramfs-tools/conf.d/resume
  • sudo mkswap -U custom_uuid /dev/sdx

 

EXT2,3,4: the extended file system was implemented as the first file system created specifically for the Linux kernel. It has metadata structure inspired by the traditional Unix File System.

  • Type or version 2 is suitable for boot volumes
  • Type or version 2 isn't a journaling file system

 

LVM2: Logical Volume Manager is a device mapper target that provides logical volume management for the Linux kernel.

  • pvchange - Change attributes of a Physical Volume.
  • pvck - Check Physical Volume metadata.
  • pvcreate - Initialize a disk or partition for use by LVM.
  • pvdisplay - Display attributes of a Physical Volume.
  • pvmove - Move Physical Extents.
  • pvremove - Remove a Physical Volume.
  • pvresize - Resize a disk or partition in use by LVM2.
  • pvs - Report information about Physical Volumes.
  • pvscan - Scan all disks for Physical Volumes.
  • vgcfgbackup - Backup Volume Group descriptor area.
  • vgcfgrestore - Restore Volume Group descriptor area.
  • vgchange - Change attributes of a Volume Group.
  • vgck - Check Volume Group metadata.
  • vgconvert - Convert Volume Group metadata format.
  • vgcreate - Create a Volume Group.
  • vgdisplay - Display attributes of Volume Groups.
  • vgexport - Make volume Groups unknown to the system.
  • vgextend - Add Physical Volumes to a Volume Group.
  • vgimport - Make exported Volume Groups known to the system.
  • vgimportclone - Import and rename duplicated Volume Group (e.g. a hardware snapshot).
  • vgmerge - Merge two Volume Groups.
  • vgmknodes - Recreate Volume Group directory and Logical Volume special files.
  • vgreduce - Reduce a Volume Group by removing one or more Physical Volumes.
  • vgremove - Remove a Volume Group.
  • vgrename - Rename a Volume Group.
  • vgs - Report information about Volume Groups.
  • vgscan - Scan all disks for Volume Groups and rebuild caches.
  • vgsplit - Split a Volume Group into two, moving any logical volumes from one Volume Group to another by moving entire Physical Volumes.
  • lvchange - Change attributes of a Logical Volume.
  • lvconvert - Convert a Logical Volume from linear to mirror or snapshot.
  • lvcreate - Create a Logical Volume in an existing Volume Group.
  • lvdisplay - Display attributes of a Logical Volume.
  • lvextend - Extend the size of a Logical Volume.
  • lvmchange - Change attributes of the Logical Volume Manager.
  • lvmdiskscan - Scan for all devices visible to LVM2.
  • lvmdump - Create lvm2 information dumps for diagnostic purposes.
  • lvreduce - Reduce the size of a Logical Volume.
  • lvremove - Remove a Logical Volume.
  • lvrename - Rename a Logical Volume.
  • lvresize - Resize a Logical Volume.
  • lvs - Report information about Logical Volumes.
  • lvscan - Scan (all disks) for Logical Volumes.

 

UFS2: the Unix file system is a file system supported by many Unix and Unix-like operating systems. It is a distant descendant of the original filesystem used by Version 7 Unix.

  • Type or version 1 is suitable for boot volumes
  • Type or version 1 isn't a journaling file system

 

ZFS: a combined file system and logical volume manager designed by Sun Microsystems. ZFS is scalable, and includes extensive protection against data corruption, support for high storage capacities.

 

Configures ZFS file systems

  • zfs [-?]
  • zfs create [-pu] [-o property=value]... filesystem
  • zfs create [-ps] [-b blocksize] [-o property=value]... -V size volume
  • zfs destroy [-fnpRrv] filesystem|volume
  • zfs destroy [-dnpRrv] filesystem|volume@snap[%snap][,snap[%snap]][,...]
  • zfs destroy filesystem|volume#bookmark
  • zfs snapshot|snap [-r] [-o property=value]...
    • filesystem@snapname|volume@snapname
    • filesystem@snapname|volume@snapname...
  • zfs rollback [-rRf] snapshot
  • zfs clone [-p] [-o property=value]... snapshot filesystem|volume
  • zfs promote clone-filesystem
  • zfs rename [-f] filesystem|volume|snapshot filesystem|volume|snapshot
  • zfs rename [-f] -p filesystem|volume filesystem|volume
  • zfs rename -r snapshot snapshot
  • zfs rename -u [-p] filesystem filesystem
  • zfs list [-r|-d depth] [-Hp] [-o property[,property]...]
    • [-t type[,type]...] [-s property]... [-S property]...
    • filesystem|volume|snapshot |bookmark...
  • zfs remap filesystem|volume
  • zfs set property=value [property=value]... filesystem|volume|snapshot...
  • zfs get [-r|-d depth] [-Hp] [-o all | field[,field]...]
    • [-t type[, type]...] [-s source[,source]...] all |
    • property[,property]... filesystem|volume|snapshot...
  • zfs inherit [-rS] property filesystem|volume|snapshot...
  • zfs upgrade [-v]
  • zfs upgrade [-r] [-V version] -a | filesystem
  • zfs userspace [-Hinp] [-o field[,field]...] [-s field]... [-S field]...
    • [-t type[,type]...] filesystem|snapshot
  • zfs groupspace [-Hinp] [-o field[,field]...] [-s field]... [-S field]...
    • [-t type[,type]...] filesystem|snapshot
  • zfs mount
  • zfs mount [-vO] [-o property[,property]...] -a | filesystem
  • zfs unmount|umount [-f] -a | filesystem|mountpoint
  • zfs share -a | filesystem
  • zfs unshare -a | filesystem|mountpoint
  • zfs bookmark snapshot bookmark
  • zfs send [-DLPRVcenpv] [-i snapshot | -I snapshot] snapshot
  • zfs send [-LPcenv] [-i snapshot|bookmark] filesystem|volume|snapshot
  • zfs send [-PVenv] -t receive_resume_token
  • zfs receive|recv [-vnsFu] [-o origin=snapshot] filesystem|volume|snapshot
  • zfs receive|recv [-vnsFu] [-d | -e] [-o origin=snapshot] filesystem
  • zfs receive|recv -A filesystem|volume
  • zfs allow filesystem|volume
  • zfs allow [-ldug] user|group[,user|group]...
    • perm|@setname[,perm|@setname]... filesystem|volume
  • zfs allow [-ld] -e|everyone perm|@setname[,perm|@setname]...
    • filesystem|volume
  • zfs allow -c perm|@setname[,perm|@setname]... filesystem|volume
  • zfs allow -s @setname perm|@setname[,perm|@setname]... filesystem|volume
  • zfs unallow [-rldug] user|group[,user|group]...
    • [perm|@setname[,perm|@setname]...] filesystem|volume
  • zfs unallow [-rld] -e|everyone [perm|@setname[,perm|@setname]...]
    • filesystem|volume
  • zfs unallow [-r] -c [perm|@setname[,perm|@setname]...] filesystem|volume
  • zfs unallow [-r] -s @setname [perm|@setname[,perm|@setname]...]
    • filesystem|volume
  • zfs hold [-r] tag snapshot...
  • zfs holds [-Hp] [-r|-d depth] filesystem|volume|snapshot...
  • zfs release [-r] tag snapshot...
  • zfs diff [-FHt] snapshot [snapshot|filesystem]
  • zfs program [-jn] [-t timeout] [-m memory_limit] pool script [arg1 ...]
  • zfs jail jailid|jailname filesystem
  • zfs unjail jailid|jailname filesystem

 

Configures ZFS storage pools

  • zpool [-?]
  • zpool add [-fn] pool vdev ...
  • zpool attach [-f] pool device new_device
  • zpool checkpoint [-d, --discard] pool
  • zpool clear [-F [-n]] pool [device]
  • zpool create [-fnd] [-o property=value] ...
    • [-O file-system-property=value] ... [-m mountpoint] [-R root]
    • [-t tempname] pool vdev ...
  • zpool destroy [-f] pool
  • zpool detach pool device
  • zpool export [-f] pool ...
  • zpool get [-Hp] [-o field[,...]] all | property[,...] pool ...
  • zpool history [-il] [pool] ...
  • zpool import [-d dir | -c cachefile] [-D]
  • zpool import [-o mntopts] [-o property=value] ...
    • [--rewind-to-checkpoint] [-d dir | -c cachefile] [-D] [-f] [-m]
    • [-N] [-R root] [-F [-n]] -a
  • zpool import [-o mntopts] [-o property=value] ...
    • [--rewind-to-checkpoint] [-d dir | -c cachefile] [-D] [-f] [-m]
    • [-N] [-R root] [-t] [-F [-n]] pool | id [newpool]
  • zpool initialize [-cs] pool [device...]
  • zpool iostat [-T d|u] [-v] [pool] ...
  • zpool labelclear [-f] device
  • zpool list [-Hpv] [-o property[,...]] [-T d|u] [pool] ...
    • [inverval [count]]
  • zpool offline [-t] pool device ...
  • zpool online [-e] pool device ...
  • zpool reguid pool
  • zpool remove [-np] pool device ...
  • zpool remove -s pool
  • zpool reopen pool
  • zpool replace [-f] pool device [new_device]
  • zpool scrub [-s | -p] pool ...
  • zpool set property=value pool
  • zpool split [-n] [-R altroot] [-o mntopts] [-o property=value] pool
    • newpool [device ...]
  • zpool status [-Dvx] [-T d|u] [pool] ... [interval [count]]
  • zpool upgrade [-v]
  • zpool upgrade [-V version] -a | pool ...

 

fstab: The file fstab contains descriptive information about the various file systems. fstab is only read by programs, and not written; it is the duty of the system administrator to properly create and maintain this file.

 

<file systems> - defines the storage device (i.e. /dev/sda1).

 

<dir> - tells the mount command where it should mount the <file system> to.

 

<type> - defines the file system type of the device or partition to be mounted. Many different file systems are supported. Some examples are: ext2, ext3, reiserfs, xfs, jfs, smbfs, iso9660, vfat, ntfs, swap, and auto. The 'auto' type lets the mount command to attempt to guess what type of file system is used, this is useful for removable devices such as CDs and DVDs.

 

<options> - define particular options for filesystems. Some options relate only to the filesystem itself. Some of the more common options are:

  • auto - file system will mount automatically at boot, or when the command 'mount -a' is issued.
  • noauto - the filesystem is mounted only when you tell it to.
  • exec - allow the execution binaries that are on that partition (default).
  • noexec - do not allow binaries to be executed on the filesystem.
  • ro - mount the filesystem read only.
  • rw - mount the filesystem read-write.
  • sync - I/O should be done synchronously.
  • async - I/O should be done asynchronously.
  • flush - specific option for FAT to flush data more often, thus making copy dialogs or progress bars to stays up until things are on the disk.
  • user - permit any user to mount the filesystem (implies noexec,nosuid,nodev unless overridden).
  • nouser - only allow root to mount the filesystem (default).
  • defaults - default mount settings (equivalent to rw,suid,dev,exec,auto,nouser,async).
  • suid - allow the operation of suid, and sgid bits. They are mostly used to allow users on a computer system to execute binary executables with temporarily elevated privileges in order to perform a specific task.
  • nosuid - block the operation of suid, and sgid bits.
  • noatime - do not update inode access times on the filesystem. Can help performance.
  • nodiratime - do not update directory inode access times on the filesystem. Can help performance. You do not need to enable this flag if you have already enabled noatime.
  • relatime - update inode access times relative to modify or change time. Access time is only updated if the previous access time was earlier than the current modify or change time (similar to noatime, but doesn't break mutt or other applications that need to know if a file has been read since the last time it was modified). Can help performance.
  • <dump> - is used by the dump utility to decide when to make a backup. When installed, dump checks the entry and uses the number to decide if a file system should be backed up. Possible entries are 0 and 1. If 0, dump will ignore the file system, if 1, dump will make a backup. Most users will not have dump installed, so they should put 0 for the <dump> entry.
  • <pass> fsck reads the <pass> number and determines in which order the file systems should be checked. Possible entries are 0, 1, and 2. The root file system should have the highest priority, 1, all other file systems you want to have checked should get a 2. File systems with a <pass> value 0 will not be checked by the fsck utility.

 

crypttab: The /etc/crypttab file describes encrypted block devices that are set up during system boot.

 

cipher=<cipher>

Encryption algorithm (ignored for LUKS and TCRYPT devices). See cryptsetup -c.

 

size=<size>

Encryption key size (ignored for LUKS and TCRYPT devices). See cryptsetup -s.

 

sector-size=<bytes>

Sector size. See cryptsetup for possible values and the default value of this option.

 

hash=<hash>

Hash algorithm (ignored for LUKS and TCRYPT devices). See cryptsetup -h.

 

offset=<offset>

Start offset (ignored for LUKS and TCRYPT devices). Uses cryptsetup -o.

 

skip=<skip>

Skip sectors at the beginning (ignored for LUKS and TCRYPT devices). Uses cryptsetup -p.

 

keyfile-offset=<keyfile-offset>

Specifies the number of bytes to skip at the start of the key file.

 

keyfile-size=<keyfile-size>

Specifies the maximum number of bytes to read from the key file. The default is to read the whole file up to the compiled-in maximum, that can be queried with cryptsetup --help. This option is ignored for plain dm-crypt devices, as the key file size is then given by the encryption key size (option size).

 

keyslot=<slot>, key-slot=<slot>

Key slot (ignored for non-LUKS devices). See cryptsetup -S.

 

header=<path>

Detached header file (ignored for plain dm-crypt devices). See cryptsetup --header.

 

verify

Verify password. Uses cryptsetup -y.

 

readonly, read-only

Set up a read-only mapping.

 

tries=<num>

Try to unlock the device <num> before failing. It's particularly useful when using a passphrase or a keyscript that asks for interactive input. If you want to disable retries, pass “tries=1”. Default is “3”. Setting “tries=0” means infinitive retries.

 

discard

Allow using of discards (TRIM) requests for device.

 

Starting with Debian 10 (Buster), this option is added per default to new dm-crypt devices by the Debian Installer. If you don't care about leaking access patterns (filesystem type, used space) and don't have hidden truecrypt volumes inside this volume, then it should be safe to enable this option. See the following warning for further information.

 

WARNING: Assess the specific security risks carefully before enabling this option. For example, allowing discards on encrypted devices may lead to the leak of information about the ciphertext device (filesystem type, used space etc.) if the discarded blocks can be located easily on the device later.

 

luks

Force LUKS mode. When this mode is used, the following options are ignored since they are provided by the LUKS header on the device: cipher=, hash=, size=

 

plain

Force plain encryption mode.

 

tcrypt

Use TrueCrypt encryption mode. When this mode is used, the following options are ignored since they are provided by the TrueCrypt header on the device or do not apply: cipher=, hash=, keyfile-offset=, keyfile-size=, size=

 

veracrypt, tcrypt-veracrypt

Use VeraCrypt extension to TrueCrypt device. Only useful in conjunction with tcrypt option (ignored for non-TrueCrypt devices).

 

tcrypthidden, tcrypt-hidden

Use hidden TCRYPT header (ignored for non-TCRYPT devices).

 

swap

Run mkswap on the created device.

This option is ignored for initramfs devices.

 

tmp=<tmpfs>

Run mkfs with filesystem type <tmpfs> on the created device. Default is ext4.

This option is ignored for initramfs devices.

 

check=<check>

Check the content of the target device by a suitable program; if the check fails, the device is removed. If a program is provided as an argument, it is run, giving the decrypted volume (target device) as first argument, and the value of the checkargs option as second argument. Cryptdisks/cryptroot searches for the given program in /lib/cryptsetup/checks/ first, but full path to program is supported as well.

 

Default is set in /etc/default/cryptdisks (blkid).

 

This option is specific to the Debian crypttab format. It's not supported by systemd.

 

checkargs=<arguments>

Give <arguments> as the second argument to the check script. See the CHECKSCRIPTS section for more information.

 

This option is specific to the Debian crypttab format. It's not supported by systemd.

 

initramfs

The initramfs hook processes the root device, any resume devices and any devices with the initramfs option set. These devices are processed within the initramfs stage of boot. As an example, that allows the use of remote unlocking using dropbear.

 

This option is specific to the Debian crypttab format. It's not supported by systemd.

 

noearly

The cryptsetup init scripts are invoked twice during the boot process - once before lvm, raid, etc. are started and once again after that. Sometimes you need to start your encrypted disks in a special order. With this option the device is ignored during the first invocation of the cryptsetup init scripts.

 

This option is ignored for initramfs devices and specific to the Debian crypttab format. It's not supported by systemd.

 

noauto

Entirely ignore the device at the boot process. It's still possible to map the device manually using cryptdisks_start.

 

This option is ignored for initramfs devices and specific to the Debian crypttab format. It's not supported by systemd.

 

loud

Be loud. Print warnings if a device does not exist. This option overwrites the option loud.

 

This option is ignored for initramfs devices and specific to the Debian crypttab format. It's not supported by systemd.

 

quiet

Be quiet. Don't print warnings if a device does not exist. This option overwrites the option loud.

 

This option is ignored for initramfs devices and specific to the Debian crypttab format. It's not supported by systemd.

 

keyscript=<path>

The executable at the indicated path is executed with the value of the third field as only argument. The keyscript output is passed to cryptsetup as decyption key. When used in initramfs, the executable either needs to be self-contained (i.e. does'nt rely on any external program which is not present in the initramfs environment) or the dependencies have to added to the initramfs image by other means.

 

LIMITATIONS: All binaries and files on which the keyscript depends must be available at the time of execution. Special care needs to be taken for encrypted filesystems like /usr or /var. As an example, unlocking encrypted /usr must not depend on binaries from /usr/(s)bin.

 

This option is specific to the Debian crypttab format. It's not supported by systemd.

 

WARNING: With systemd as init system, this option might be ignored. At the time this is written (December 2016), the systemd cryptsetup helper doesn't support the keyscript option to /etc/crypttab. For the time being, the only option to use keyscripts along with systemd is to force processing of the corresponding crypto devices in the initramfs. See the 'initramfs' option for further information.

 

All fields of the appropriate crypttab entry are available to the keyscript as exported environment variables:

 

CRYPTTAB_NAME

The target name

 

CRYPTTAB_SOURCE

The source device

 

CRYPTTAB_KEY

The key file

 

CRYPTTAB_OPTIONS

A list of exported crypttab options

 

CRYPTTAB_OPTION_<option>

The value of the appropriate crypttab option, with value set to 'yes' in case the option is merely a flag. For option aliases, such as 'readonly' and 'read-only', the variable name refers to the first alternative listed (thus 'CRYPTTAB_OPTION_readonly' in that case). If the crypttab option name contains '-' characters, then they are replaced with '_' in the exported variable name. For instance, the value of the 'CRYPTTAB_OPTION_keyfile_offset' environment variable is set to the value of the 'keyfile-offset' crypttab option.

 

CRYPTTAB_TRIED

Number of previous tries since start of cryptdisks (counts until maximum number of tries is reached).

 

KDE Partition Manager

KDE Partition Manager is a utility program to help you manage the disk devices, partitions and file systems on your computer. It allows you to easily create, copy, move, delete, resize without losing data, backup and restore partitions.

 

Features:

  • Supports a large number of file systems, including ext2/3/4, btrfs, reiserfs, NTFS, FAT16/32, JFS, XFS and more
  • Makes use of already available external programs to get its job done

 

Partition Manager

 

GParted Partition Manager

GParted is a free partition editor for graphically managing your disk partitions.

 

With GParted you can resize, copy, and move partitions without data loss, enabling you to:

  • Grow or shrink your drives
  • Create space for new operating systems
  • Attempt data rescue from lost partitions

 

GParted uses libparted to detect and manipulate devices and partition tables while several (optional) filesystem tools provide support for filesystems not included in libparted.

 

Gparted