File Systems

Filesystem is part of operating system to control and manage storing data on hard disk.

 

A journaling file system is a file system that maintains a special file called a journal that is used to repair any inconsistencies that occur as the result of an improper shutdown of a computer. Such shutdowns are usually due to an interruption of the power supply or to a software problem that cannot be resolved without a rebooting.

 

Initramfs: in computing, initrd is a scheme for loading a temporary root file system into memory, which may be used as part of the Linux startup process. The key parts of initramfs are:

 

Swap space: when physical memory (RAM) is out of space then swap area can take care of it. In case of failure at boot:

 

EXT2,3,4: the extended file system was implemented as the first file system created specifically for the Linux kernel. It has metadata structure inspired by the traditional Unix File System.

 

LVM2: Logical Volume Manager is a device mapper target that provides logical volume management for the Linux kernel.

 

UFS2: the Unix file system is a file system supported by many Unix and Unix-like operating systems. It is a distant descendant of the original filesystem used by Version 7 Unix.

 

ZFS: a combined file system and logical volume manager designed by Sun Microsystems. ZFS is scalable, and includes extensive protection against data corruption, support for high storage capacities.

 

Configures ZFS file systems

 

Configures ZFS storage pools

 

fstab: The file fstab contains descriptive information about the various file systems. fstab is only read by programs, and not written; it is the duty of the system administrator to properly create and maintain this file.

 

<file systems> - defines the storage device (i.e. /dev/sda1).

 

<dir> - tells the mount command where it should mount the <file system> to.

 

<type> - defines the file system type of the device or partition to be mounted. Many different file systems are supported. Some examples are: ext2, ext3, reiserfs, xfs, jfs, smbfs, iso9660, vfat, ntfs, swap, and auto. The 'auto' type lets the mount command to attempt to guess what type of file system is used, this is useful for removable devices such as CDs and DVDs.

 

<options> - define particular options for filesystems. Some options relate only to the filesystem itself. Some of the more common options are:

 

crypttab: The /etc/crypttab file describes encrypted block devices that are set up during system boot.

 

cipher=<cipher>

Encryption algorithm (ignored for LUKS and TCRYPT devices). See cryptsetup -c.

 

size=<size>

Encryption key size (ignored for LUKS and TCRYPT devices). See cryptsetup -s.

 

sector-size=<bytes>

Sector size. See cryptsetup for possible values and the default value of this option.

 

hash=<hash>

Hash algorithm (ignored for LUKS and TCRYPT devices). See cryptsetup -h.

 

offset=<offset>

Start offset (ignored for LUKS and TCRYPT devices). Uses cryptsetup -o.

 

skip=<skip>

Skip sectors at the beginning (ignored for LUKS and TCRYPT devices). Uses cryptsetup -p.

 

keyfile-offset=<keyfile-offset>

Specifies the number of bytes to skip at the start of the key file.

 

keyfile-size=<keyfile-size>

Specifies the maximum number of bytes to read from the key file. The default is to read the whole file up to the compiled-in maximum, that can be queried with cryptsetup --help. This option is ignored for plain dm-crypt devices, as the key file size is then given by the encryption key size (option size).

 

keyslot=<slot>, key-slot=<slot>

Key slot (ignored for non-LUKS devices). See cryptsetup -S.

 

header=<path>

Detached header file (ignored for plain dm-crypt devices). See cryptsetup --header.

 

verify

Verify password. Uses cryptsetup -y.

 

readonly, read-only

Set up a read-only mapping.

 

tries=<num>

Try to unlock the device <num> before failing. It's particularly useful when using a passphrase or a keyscript that asks for interactive input. If you want to disable retries, pass “tries=1”. Default is “3”. Setting “tries=0” means infinitive retries.

 

discard

Allow using of discards (TRIM) requests for device.

 

Starting with Debian 10 (Buster), this option is added per default to new dm-crypt devices by the Debian Installer. If you don't care about leaking access patterns (filesystem type, used space) and don't have hidden truecrypt volumes inside this volume, then it should be safe to enable this option. See the following warning for further information.

 

WARNING: Assess the specific security risks carefully before enabling this option. For example, allowing discards on encrypted devices may lead to the leak of information about the ciphertext device (filesystem type, used space etc.) if the discarded blocks can be located easily on the device later.

 

luks

Force LUKS mode. When this mode is used, the following options are ignored since they are provided by the LUKS header on the device: cipher=, hash=, size=

 

plain

Force plain encryption mode.

 

tcrypt

Use TrueCrypt encryption mode. When this mode is used, the following options are ignored since they are provided by the TrueCrypt header on the device or do not apply: cipher=, hash=, keyfile-offset=, keyfile-size=, size=

 

veracrypt, tcrypt-veracrypt

Use VeraCrypt extension to TrueCrypt device. Only useful in conjunction with tcrypt option (ignored for non-TrueCrypt devices).

 

tcrypthidden, tcrypt-hidden

Use hidden TCRYPT header (ignored for non-TCRYPT devices).

 

swap

Run mkswap on the created device.

This option is ignored for initramfs devices.

 

tmp=<tmpfs>

Run mkfs with filesystem type <tmpfs> on the created device. Default is ext4.

This option is ignored for initramfs devices.

 

check=<check>

Check the content of the target device by a suitable program; if the check fails, the device is removed. If a program is provided as an argument, it is run, giving the decrypted volume (target device) as first argument, and the value of the checkargs option as second argument. Cryptdisks/cryptroot searches for the given program in /lib/cryptsetup/checks/ first, but full path to program is supported as well.

 

Default is set in /etc/default/cryptdisks (blkid).

 

This option is specific to the Debian crypttab format. It's not supported by systemd.

 

checkargs=<arguments>

Give <arguments> as the second argument to the check script. See the CHECKSCRIPTS section for more information.

 

This option is specific to the Debian crypttab format. It's not supported by systemd.

 

initramfs

The initramfs hook processes the root device, any resume devices and any devices with the initramfs option set. These devices are processed within the initramfs stage of boot. As an example, that allows the use of remote unlocking using dropbear.

 

This option is specific to the Debian crypttab format. It's not supported by systemd.

 

noearly

The cryptsetup init scripts are invoked twice during the boot process - once before lvm, raid, etc. are started and once again after that. Sometimes you need to start your encrypted disks in a special order. With this option the device is ignored during the first invocation of the cryptsetup init scripts.

 

This option is ignored for initramfs devices and specific to the Debian crypttab format. It's not supported by systemd.

 

noauto

Entirely ignore the device at the boot process. It's still possible to map the device manually using cryptdisks_start.

 

This option is ignored for initramfs devices and specific to the Debian crypttab format. It's not supported by systemd.

 

loud

Be loud. Print warnings if a device does not exist. This option overwrites the option loud.

 

This option is ignored for initramfs devices and specific to the Debian crypttab format. It's not supported by systemd.

 

quiet

Be quiet. Don't print warnings if a device does not exist. This option overwrites the option loud.

 

This option is ignored for initramfs devices and specific to the Debian crypttab format. It's not supported by systemd.

 

keyscript=<path>

The executable at the indicated path is executed with the value of the third field as only argument. The keyscript output is passed to cryptsetup as decyption key. When used in initramfs, the executable either needs to be self-contained (i.e. does'nt rely on any external program which is not present in the initramfs environment) or the dependencies have to added to the initramfs image by other means.

 

LIMITATIONS: All binaries and files on which the keyscript depends must be available at the time of execution. Special care needs to be taken for encrypted filesystems like /usr or /var. As an example, unlocking encrypted /usr must not depend on binaries from /usr/(s)bin.

 

This option is specific to the Debian crypttab format. It's not supported by systemd.

 

WARNING: With systemd as init system, this option might be ignored. At the time this is written (December 2016), the systemd cryptsetup helper doesn't support the keyscript option to /etc/crypttab. For the time being, the only option to use keyscripts along with systemd is to force processing of the corresponding crypto devices in the initramfs. See the 'initramfs' option for further information.

 

All fields of the appropriate crypttab entry are available to the keyscript as exported environment variables:

 

CRYPTTAB_NAME

The target name

 

CRYPTTAB_SOURCE

The source device

 

CRYPTTAB_KEY

The key file

 

CRYPTTAB_OPTIONS

A list of exported crypttab options

 

CRYPTTAB_OPTION_<option>

The value of the appropriate crypttab option, with value set to 'yes' in case the option is merely a flag. For option aliases, such as 'readonly' and 'read-only', the variable name refers to the first alternative listed (thus 'CRYPTTAB_OPTION_readonly' in that case). If the crypttab option name contains '-' characters, then they are replaced with '_' in the exported variable name. For instance, the value of the 'CRYPTTAB_OPTION_keyfile_offset' environment variable is set to the value of the 'keyfile-offset' crypttab option.

 

CRYPTTAB_TRIED

Number of previous tries since start of cryptdisks (counts until maximum number of tries is reached).

 

KDE Partition Manager

KDE Partition Manager is a utility program to help you manage the disk devices, partitions and file systems on your computer. It allows you to easily create, copy, move, delete, resize without losing data, backup and restore partitions.

 

Features:

 

Partition Manager

 

GParted Partition Manager

GParted is a free partition editor for graphically managing your disk partitions.

 

With GParted you can resize, copy, and move partitions without data loss, enabling you to:

 

GParted uses libparted to detect and manipulate devices and partition tables while several (optional) filesystem tools provide support for filesystems not included in libparted.

 

Gparted