Home > Articles

  • Print
  • + Share This
This chapter is from the book

This chapter is from the book

Administering Local Filesystems

Now that you know what's available, it's time to decide which filesystem you want to use on your local system hard disks. (Hint: When creating a filesystem for a local hard disk, pseudo and network filesystem types are right out.)

Local Filesystem Creation

Local filesystem creation is taken care of for you at install time by the various OS install programs. To do it manually, simply invoke mkfs on the device file that you want to set up. On Solaris systems, this would be the device file in /dev/rdsk – the raw/character device file.

On both Red Hat and Solaris, mkfs is mainly a wrapper that sends arguments to a filesystem-specific filesystem-creation subprogram (such as mkfs.ext2 or mkfs_ufs). The mkfs front end for both operating systems allows you to specify things like file- system type on the command line.

Solaris also offers a ufs-specific filesystem-creation tool called newfs. It offers more flexibility and deeper feature management than the mkfs front end. For most applications, however, the defaults for the filesystem are adequate.

The operating system will generally warn you if you try to create a new filesystem on a device that is either mounted or already has a filesystem present. Make sure that that partition is unmounted and not in use on the system before running mkfs. Also realize that if you create a new filesystem where one already exists, the original filesystem is permanently destroyed (your only hope of recovering the data is your backups). Because mkfs is a nonreversible operation, the system is generally polite enough to query before you destroy data, but don't take that for granted. Use care when (re)formatting disk space.

Note that a detailed description of logical volumes goes beyond the scope of this book, so the filesystems discussed are the usual one-to-a-partition kind.

Local Filesystem Availability Management

Of course, filesystem administration only really begins when the filesystem is created. The next task is to get the system to recognize and make available the newly formatted space, probably in a reboot-survivable way. You will also want to periodically check on space usage, both to make sure that system areas have enough free space to function well and to check that no errant processes or users are taking up inordinate amounts of space.

The mount Command

Both Red Hat and Solaris use the mount command to make filesystems available to the Operating System. When invoked from the command line, the filesystem is mounted in a temporary fashion; that is, it will disappear after a reboot. The filesystem itself, along with its data, is intact, but unless another mount command is issued, it is inaccessible.

Under both Red Hat and Solaris, mount acts as a wrapper, much in the same way that mkfs does. You can specify filesystem type via a command-line switch to mount, thereby invoking the correct routines. If no filesystem type is specified, Red Hat assumes ext2 and Solaris assumes ufs. Note that only root (or rather, only UID 0 users) has the capability to run mount.

Filesystems require somewhere to attach to the directory structure on your system, a path by which the files can be accessed. And because UNIX uses hierarchical filesystems, it shouldn't be surprising that the attachment point, or mount point, must be a directory. Both Red Hat and Solaris provide a mount point called /mnt, intended to be used for temporary mounts.31 Figures 3.5 and 3.6 show part of a standard UNIX filesystem both before and after mounting a filesystem on /mnt.

Figure 3.5 Filesystem fragment before mount.

Figure 3.6 Filesystem fragment with /mnt mounted.

Note that mount is invoked on the hard disk block device,32 as in the following examples:

[linux:16 ~]mount /dev/hda1 /mnt

[sun:16 ~]mount /dev/dsk/c0t0d0s3 /mnt

A successful operation produces no output.

If you want to mount a filesystem from a remote server, you specify both the remote server and the filesystem name as it appears on the remote server on the command line, like so:

[sun:17 ~]mount linuxserver:/research/data /mnt
[linux:17 ~]mount bsdserver:/accounting /accounting

Note that these commands assume that the NFS server is configured properly and that your system is configured for client-side NFS.

Remember that it doesn't matter what the local filesystem type is on the remote server, just that there is a network file server program that can handle passing data across the network and back into the local filesystem. This means that even though Solaris does not directly understand ext2 filesystems, it can communicate with a Linux file server via NFS. Also remember that the mount point must already exist on your local system. For more on network-based filesystems and file-sharing mechanisms, see Chapter 13.

The umount Command

Of course, what goes on must also come off (or something like that). To take a mounted filesystem offline, issue the umount command on the filesystem name (or the associated device name). As with mount, only root (or other UID 0 users) has the capability to unmount a filesystem.

Where Did the n Go? or, Why Is It umount Instead of unmount?

The n was sacrificed on the two altars of lazy typists and limited computer memory, like the i and t in the list (ls) command or the e in the ch[ange]mode (chmod) command. It's yet another way you know that UNIX was written by geeks—save those keystrokes!

The umount command is polite; if the filesystem is in use, it will not be unmounted because unmounted filesystems cannot be accessed. This means that you won't be able to accidentally unmount your root filesystem (which, incidentally, holds the kernel) or interrupt a write operation.

Of course, UNIX will let you do virtually anything, no matter how foolish or detrimental, if you really want to. By passing the command-line option to force the operation (usually –f; see the mount man page), the filesystem will be gracelessly dropped, killing any ongoing accesses and leaving the filesystem dirty. Be prepared to fsck a forcibly unmounted local filesystem and potentially suffer file corruption. Remote filesystems gracelessly dropped create problems for the remote server to deal with.

"Filesystem Busy" Resolution

Rather than forcing your system to unmount a busy filesystem, take the time to track down the processes or users still using those resources.

Under both Red Hat and Solaris, you can invoke the fuser command on the relevant filesystem name to get a list of processes currently requiring its presence. You might be surprised to find that your own shell is the obstacle; make sure that you are not currently in the filesystem that you are trying to unmount!

The fstab and vfstab Files

It would be awfully tedious and time-consuming to make sysadmins manually mount all filesystems manually every time the system rebooted. From laziness (and perhaps a sense of efficiency) is born automation. Recall the rc scripts mentioned in Chapter 1, "Startup and Shutdown," that take care of mounting routine filesystems (local, pseudo, and network) at boot-time. The rc scripts must get a list of these filesystems from somewhere, though.

On Red Hat, the relevant file is /etc/fstab; on Solaris, it is /etc/vfstab. Although both have the same basic function, their formats are quite different. Note that all lines beginning with a # are comments.

What's This "tab" File Business?

As with most "<something>tab" files, the "tab" is short for table. fstab, therefore, is the filesystem table file—it contains information about filesystems in tabular form. vfstab is the virtual filesystem table—a mild naming-convention difference that makes cross-platform sysadmin so interesting.

Also note that, as we have mentioned before, not all the entries in the [v]fstab must be mounted at any given time. This means that you can make entries for filesystems that you might want to regularly mount but not have come up on when the system boots (it's just a matter of setting the right options in the table file).

Red Hat: /etc/fstab

Note: We added the comment lines at the beginning of this file listing for the sake of clarity.

#device     	mount		FS   mount		dump	fsck
#to mount     	point		type  options	  frequency	pass
#
LABEL=/         	/		ext2  defaults    	1 	1
LABEL=/boot       /boot		ext2  defaults    	1 	2
/dev/fd0     	/mnt/floppy	auto  noauto,owner  	0 	0
none       	/proc		proc  defaults    	0 	0
none       	/dev/pts		devpts gid=5,mode=620 	0 	0
/dev/hda3   		swap		swap  defaults    	0 	0
/dev/cdrom       /mnt/cdrom	iso9660 noauto,owner,
						kudzu,ro		0 	0
bsdserver:/accounting	/accounting	nfs	rw,nosuid,nodev 	0 	0

The first field lists the local device name or remote filesystem to be mounted. Notice that pseudofilesystems have "none" in this field.

The second field lists the local mount point (which is also the mounted filesystem's local name). Notice that swap has "none" in this field.

The third field lists the filesystem type/instance. See the earlier table on filesystems currently supported by Red Hat.

The fourth field lists mounting options for the filesystem. These allow you to control read and write privileges, setuid bit honoring, and other performance- and security-related settings. Some recommended settings include these:

  • noauto—Do not mount the filesystem unless specifically invoked (i.e. mount –a will not mount it).

  • nodev—Do not honor any device files in the filesystem. This is a security precaution.

  • noexec—Do not execute any binaries in the filesystem. This is another security precaution that should be used with care (and not on an application server's application-service filesystems).

  • nosuid—Do not honor any setuid or setgid permission bits on any files in the filesystem. This is a security precaution that should be used with care; the filesystem containing the kernel, local password-changing binaries, and other critical programs should not have this option set.

  • usrquota—Enable user-based quotas (for ext2 filesystems only).

  • grpquota—Enable group-based quotas (for ext2 filesystems only).

  • ro—Mount the filesystem read-only. This is a security precaution that is not useful on filesystems that users need to write to (including home filesystems and tmp space).

For recommended remote filesystem mount options, see Chapter 13.

The fifth field lists how often dump should back up the filesystem. A value of "0" means that the filesystem is either not dumped at all or is dumped by some other method.

The sixth field lists the order in which fsck checks and corrects filesystem inconsistencies at boot time. A value of "0" means that the filesystem is not checked at all and must be checked manually if there is a problem. Note that network-based filesystems are never checked by fsck. Red Hat recommends that the root filesystem be assigned a value of "1" so that it is checked first and that all other filesystems be given a value of "2." All filesystems with the same field value are checked in parallel, if possible.

Although filesystem quotas are not indicated in the /etc/fstab file, they still need to be enabled for each filesystem that you want regulated via quotaon. Note that quotaon is called automatically at boot time via rc files but can be invoked manually when first setting up quotas on a filesystem.

Solaris: /etc/vfstab

#device          device       mount  FS  fsck mount  mount
#to mount         to fsck      point  type pass at boot options
#
/proc           -         /proc  proc -  no	 -
fd             -         /dev/fd fd  -  no	 -
swap      		-           /tmp  tmpfs -  yes	 -
/dev/dsk/c0t0d0s0     /dev/rdsk/c0t0d0s0 /    ufs  1  no 	 -
/dev/dsk/c0t0d0s3     /dev/rdsk/c0t0d0s3 /space ufs  1  yes	 -
/dev/dsk/c0t0d0s1     -         -    swap -  no 	 -
linuxserver:/research/data -         /mnt  nfs  -  yes	 nodev, _noexec,nosuid

The first field lists the local device name or remote filesystem to be mounted.

The second field lists the raw device that is passed to fsck. Note that this option is not available under Red Hat and is only applicable to local filesystem instances. Entries for which this field is not applicable should contain "-".

The third field lists the local mount point (which is also the mounted filesystem's local name). Notice that swap has "-" in this field.

The fourth field lists the filesystem type/instance. See Table 3.6 for filesystems currently supported by Solaris.

The fifth field lists the order in which fsck checks and corrects filesystem inconsistencies at boot time. A value of "-" means that the filesystem is not checked at all and must be checked manually if there is a problem. Note that network-based filesystems are never checked by fsck. All filesystems with the same field value are checked in parallel, if possible.

The sixth field lists whether the filesystem should be mounted at boot time.

The seventh field lists mounting options for the filesystem. As mentioned in the last section, these options allow you to control read and write privileges, setuid bit honoring, and other performance- and security-related settings. Some recommended settings include these:

  • nosuid—Do not honor any setuid or setgid permission bits on any files in the filesystem. This is a security precaution that should be used with care; the filesystem containing the kernel, local password-changing binaries, and other critical programs should not have this option set.

  • quota—Turn on full quota management for the filesystem.

  • ro—Mount the filesystem read-only. This is a security precaution that is not useful on filesystems that users need to write to (including home filesystems and tmp space).

Again, for recommended remote filesystem mount options, see Chapter 13.

So, How Do [v]fstab and mount Work Together?

  1. Through the rc files. At boot time, the system checks the [v]fstab file for both local and remote mount specifications.

  2. 2. At manual invocation of mount. If you call mount with just a filesystem name ("mount /space"), the system will first check if there is a related entry in [v]fstab. If so, the appropriate device will be mounted with the options given in [v]fstab. If not, the system will complain about either a missing mount point or a missing entry in the filesystem table file. Note that mount –a will mount all entries in [v]fstab, if possible.

Space Management

As mentioned before, there is really only one way to enforce space usage limitations within a filesystem: set quotas. Red Hat allows you to set quotas either by user or by group. Solaris limits you to setting user quotas only.

Be aware that these settings are done on a per-filesystem basis. Although this gives you good granularity for space allocation across different storage areas, it also means that you must assign and maintain quotas across all those areas. A user with no quota assigned for a given filesystem may use as much space as is available with no limits.

Tips for Handling Quotas

Your user creation scripts or procedures should add a default quota for the new user.

Disks with quotas should have quota checking enabled at boot time. This can be configured in [v]fstab.

Your user-deletion scripts should remove quotas. Unused quota entries add overhead to each disk write operation.

Quota Guidelines

Here are a few guidelines to keep in mind when setting quotas:

  • Define the goal for your use of quotas. Are you trying to prevent the disk from getting filled up by errant processes or mailer loops? Or are you trying to precisely divide out disk space, making sure that everyone gets the same-size slice of the pie?

  • This is a balancing act: If you dole out disk space exactly, you are likely to leave large portions unused when users are under their usage limit. This is, of course, not a problem until you realize that there is often quite differential usage among users—some (legitimately) need a great deal of space, while others don't. Strict rationing can cause resource starvation for no reason.

  • Are most of your users disk space–intensive? Will your users immediately use their entire quota or do they keep fairly minimal files on the system? General entropy (and our observations) suggests that eventually all available space will be filled, but you will need to monitor the system to find out the rate at which this occurs. This affects what kind of quotas you set and also how often you need to ask for more disk space (and how much).

  • Do users have access to write to system-critical areas? The answer here should be "No," but in case it isn't (for whatever reason), consider setting a fairly stringent quota for all users with access to the area. That way they won't damage system performance by filling up a filesystem.

  • Set quotas on all user-accessible filesystems. Though it might seem like overkill, every user should have a quota on every filesystem that they can access. This is especially important in space bill-back situations when users or departments must pay for the space they consume. If users can write to areas other than their own home filesystems, they might (intentionally or not) have files scattered and unaccounted for.

  • We recommend that, at the very least, you set user quotas to three-fourths of the partition size (perhaps slightly more if the partition is solely dedicated to the user in question). This will help cap runaway processes and also alert both users and admins when usage is nearing capacity.

  • Use caution when assigning quotas to system accounts (such as root). In fact, system accounts should not have quotas. Should you run into some pressing need, though, remember that if root can't write any more files, the system is going nowhere after a while.

Quota Definitions

You can limit two things by filesystem quotas: block usage (file space) and inode usage (number of files). Respectively, these prevent users from filling up too much space or hoarding too many inodes when both have a finite limit.

There are also two kinds of limit: soft and hard. The soft limit is the actual quota that the user is assigned, whether of blocks or of inodes. When the user has reached or surpassed this limit, the user has a preset grace period in which to lower usage (or get a quota boost from the sysadmin). After the grace period expires, the user will no longer be able to create new files. This might mean that the user can no longer log in, can no longer send or receive email, or other such unfortunate consequences. In fact, if a user reports one of these dilemmas, be sure to check quota usage before panicking about a deeper systemic problem.

The hard limit represents the absolute ceiling of resources that the user may consume within the grace period allotted. If there is no grace period, the soft limit effectively becomes the hard limit. We recommend a grace period of between three and seven days and a sensible margin of space between the soft and hard limits (this will vary, depending on your specific disk space, user pool, and applications).

Red Hat

Quotas are available by default with the ext2 filesystem. To enable quotas for a filesystem (listed in /etc/fstab) called /space, do the following:

  1. Become root.

  2. mount /space.

  3. Add "usrquota" and/or "grpquota" to the "mount options" column of the /etc/fstab entry for /space.

  4. touch /space/aquota.user /space/aquota.group

  5. chmod 600 /space/aquota.user /space/aquota.group

  6. quotacheck –auvg. (Note: This will produce some "truncation" error messages. This is okay.)

  7. Now you may add quotas for users on /space.

To set quotas for an individual user on a Red Hat system, you can use the command-line setquota or the interactive command edquota. Note that setquota can also be used to reset the grace period's expiration time.

When invoked, edquota reports on current usage on all filesystems that have quotas currently turned on. When edquota valjean is run, it brings up the following information with vi or your shell's current EDITOR environment variable. Simply edit the numbers to the right of the various "=" signs to set new limits:

Edit block and inode quota for user valjean:
Device /dev/hda1 (/space):
Used 2567KB, limits: soft=50000 hard=51000
Used 80 inodes, limits: soft=1000 hard=2000

Editing the informational statistics will have no effect on actual usage.

To check valjean's current space usage in all filesystems with quotas turned on, invoke quota –v valjean:

[linux:25 ~]quota -v valjean
Disk quotas for user valjean(24601):
   Filesystem blocks  quota  limit  grace  files  quota  limit  grace
   /dev/hda1    0  50000 51000        0  1000  2000    

The usage numbers should only be considered fully accurate if the quotacheck command is run on the filesystem of interest first. See the man page for more details.

If valjean does not have quotas set on any filesystem, you will see a message like, "Disk quotas for user valjean(24601): None".

Solaris

Quotas are also available by default with the ufs filesystem. To enable quotas for a filesystem (listed in /etc/vfstab) called /space, do the following:

  1. Become root.

  2. mount /space.

  3. touch /space/quotas

  4. chmod 600 /space/quotas

  5. Add "quota" to the "mount options" column of the /etc/vfstab entry for /space.

  6. /usr/sbin/quotaon /space

  7. Now you may add quotas for users.

To set quotas for an individual user on a Solaris system, you can use the interactive command edquota. Note that edquota -t can be used to reset the grace period's expiration time.

When edquota valjean is run, it brings up the following information with vi or your shell's current EDITOR environment variable. Again, all filesystems that currently have quotas turned on are displayed. Simply edit the numbers to the right of the various "=" signs to set new limits:

fs /space blocks (soft = 50000, hard = 51000) inodes (soft = 1000, hard = 2000)

Users with a UID greater than 67,108,864 cannot be assigned quotas under Solaris.

To check valjean's current space usage in all filesystems with quotas turned on, invoke quota –v valjean:

[sun:25 ~]quota -v valjean
Disk quotas for valjean (uid 24601):
Filesystem   usage quota limit  timeleft files quota limit  timeleft
/space     2543 50000 51000        75  1000  2000

Again, these usage numbers should only be considered fully accurate if the quotacheck command is run on the filesystem of interest first. See the man page for more details.

If valjean does not have quotas set on any filesystem, you will see a message like, "no disk quota for valjean (uid 24601)".

For both Red Hat and Solaris, to make quotas take effect, quotaon must be run at each boot. This is done automatically via the boot-time rc files after the steps just outlined are completed.

Filesystem Space Monitoring

Now that you know how to invoke mounts both automatically and manually, you need to know how to query the system for its current filesystem mount status. On both Red Hat and Solaris, use the df command. The -k option makes all sizes to be reported in kilobytes (Kb):

[linux:17 ~]df -k
Filesystem      1k-blocks   Used 	Available	Use% 	Mounted on
/dev/hda4       11179696  1381344  9230456 	14% 	/
/dev/hda1        31079   3485   25990 	12% 	/boot

[sun:17 ~]df -k
Filesystem      	kbytes   used	   avail capacity	Mounted on
/dev/dsk/c0t0d0s0   6191949 	 4845981  1284049  	80%  	/
/proc            0     0     0   	 0%  	/proc
fd              0     0     0   	 0%  	/dev/fd
mnttab            0     0     0  	 0%  	/etc/mnttab
swap          576368    16  576352    1%  	/var/run
swap          576464    112  576352    1%  	/tmp
/dev/dsk/c0t0d0s3   7995933   9623  7906351    1%  	/space

Notice that Solaris displays information about pseudofilesystems, whereas Red Hat does not.

Red Hat also supports the "-i" option for df; it reports statistics about the filesystem's inode usage:

[linux:18 ~]df -i
Filesystem      Inodes  	IUsed  	IFree 		IUse%	Mounted on
/dev/hda4      1419840  	79243 	1340597 		6% 	/
/dev/hda1        8032   26  	8006  		1% 	/boot
/dev/hda1        8032   26  	8006  		1% 	/mnt

There's also a command that allows you to examine and summarize disk usage by directory rather than filesystem: du. When passed the "-k" option, du will present its usage report in kilobytes (Kb).

Normally, du will recurse and print space usage information for every subdirectory. To simply present a summary of all file and subdirectory space usage under the directory specified, use the "-s" option.

For example, to see the space usage of all top-level directories in /usr, the command might look like this:

[linux:20 ~]du -ks /usr/*
88828  /usr/bin
4    /usr/dict
4    /usr/etc
40   /usr/games
120   /usr/html
19948  /usr/include
3996  /usr/kerberos
285016 /usr/lib
2264  /usr/libexec
66344  /usr/local
48   /usr/man
5132  /usr/sbin
392388 /usr/share
102200 /usr/src
0    /usr/tmp
79568  /usr/X11R6

But to see the total summary usage for /usr, leave off the wildcard:

[linux:21 ~]du -ks /usr
1045904 /usr

Notice that when /usr is also its own filesystem, df –k will give you equivalent usage information.

One final tool, quot, is offered only by Solaris. This handy command summarizes filesystem usage by user, whether or not quotas have been turned on. It also allows admins to get a true picture of who is using what space, regardless of how it is scattered among directories in the filesystem. The following shows using quot to report on diskspace used, the number of files extant, and the users who own them for all mounted filesystems:

[sun:26 ~]quot -af
/dev/rdsk/c0t0d0s0 (/):
3380940 58973  root  
1258565 63506  bin   
42709   681  daemon 
 8746   179  lp   
 186   11  adm   
  9    8  javert  
  6    6  eponine   
  5    5  fantine  
  2    6  nobody 
  1    1  valjean

/dev/rdsk/c0t0d0s3 (/space):
 7678   834  javert  
 1961    4  root

For more on space-monitoring considerations and method, see the second half of Chapter 23, "Requirements Analysis and Performance Monitoring."

  • + Share This
  • 🔖 Save To Your Account