- Chapter 3: Filesystem Administration
- Dividing Disk Space Wisely
- More About Filesystems
- Administering Local Filesystems
- Removable Storage Media
- Best Practices
- Online References
This chapter is from the book
This chapter is from the book
This chapter is from the book
Administering Local Filesystems
Now that you know what's available, it's time to decide which filesystem you want to use on your local system hard disks. (Hint: When creating a filesystem for a local hard disk, pseudo and network filesystem types are right out.)
Local Filesystem Creation
Local filesystem creation is taken care of for you at install time by the various OS install programs. To do it manually, simply invoke mkfs on the device file that you want to set up. On Solaris systems, this would be the device file in /dev/rdsk – the raw/character device file.
On both Red Hat and Solaris, mkfs is mainly a wrapper that sends arguments to a filesystem-specific filesystem-creation subprogram (such as mkfs.ext2 or mkfs_ufs). The mkfs front end for both operating systems allows you to specify things like file- system type on the command line.
Solaris also offers a ufs-specific filesystem-creation tool called newfs. It offers more flexibility and deeper feature management than the mkfs front end. For most applications, however, the defaults for the filesystem are adequate.
The operating system will generally warn you if you try to create a new filesystem on a device that is either mounted or already has a filesystem present. Make sure that that partition is unmounted and not in use on the system before running mkfs. Also realize that if you create a new filesystem where one already exists, the original filesystem is permanently destroyed (your only hope of recovering the data is your backups). Because mkfs is a nonreversible operation, the system is generally polite enough to query before you destroy data, but don't take that for granted. Use care when (re)formatting disk space.
Note that a detailed description of logical volumes goes beyond the scope of this book, so the filesystems discussed are the usual one-to-a-partition kind.
Local Filesystem Availability Management
Of course, filesystem administration only really begins when the filesystem is created. The next task is to get the system to recognize and make available the newly formatted space, probably in a reboot-survivable way. You will also want to periodically check on space usage, both to make sure that system areas have enough free space to function well and to check that no errant processes or users are taking up inordinate amounts of space.
The mount Command
Both Red Hat and Solaris use the mount command to make filesystems available to the Operating System. When invoked from the command line, the filesystem is mounted in a temporary fashion; that is, it will disappear after a reboot. The filesystem itself, along with its data, is intact, but unless another mount command is issued, it is inaccessible.
Under both Red Hat and Solaris, mount acts as a wrapper, much in the same way that mkfs does. You can specify filesystem type via a command-line switch to mount, thereby invoking the correct routines. If no filesystem type is specified, Red Hat assumes ext2 and Solaris assumes ufs. Note that only root (or rather, only UID 0 users) has the capability to run mount.
Filesystems require somewhere to attach to the directory structure on your system, a path by which the files can be accessed. And because UNIX uses hierarchical filesystems, it shouldn't be surprising that the attachment point, or mount point, must be a directory. Both Red Hat and Solaris provide a mount point called /mnt, intended to be used for temporary mounts.31 Figures 3.5 and 3.6 show part of a standard UNIX filesystem both before and after mounting a filesystem on /mnt.
){kind=link}
){kind=link}
Figure 3.5 Filesystem fragment before mount.
Figure 3.6 Filesystem fragment with /mnt mounted.
Note that mount is invoked on the hard disk block device,32 as in the following examples:
[linux:16 ~]mount /dev/hda1 /mnt [sun:16 ~]mount /dev/dsk/c0t0d0s3 /mnt
A successful operation produces no output.
If you want to mount a filesystem from a remote server, you specify both the remote server and the filesystem name as it appears on the remote server on the command line, like so:
[sun:17 ~]mount linuxserver:/research/data /mnt [linux:17 ~]mount bsdserver:/accounting /accounting
Note that these commands assume that the NFS server is configured properly and that your system is configured for client-side NFS.
Remember that it doesn't matter what the local filesystem type is on the remote server, just that there is a network file server program that can handle passing data across the network and back into the local filesystem. This means that even though Solaris does not directly understand ext2 filesystems, it can communicate with a Linux file server via NFS. Also remember that the mount point must already exist on your local system. For more on network-based filesystems and file-sharing mechanisms, see Chapter 13.
The umount Command
Of course, what goes on must also come off (or something like that). To take a mounted filesystem offline, issue the umount command on the filesystem name (or the associated device name). As with mount, only root (or other UID 0 users) has the capability to unmount a filesystem.
Where Did the n Go? or, Why Is It umount Instead of unmount?
The n was sacrificed on the two altars of lazy typists and limited computer memory, like the i and t in the list (ls) command or the e in the ch[ange]mode (chmod) command. It's yet another way you know that UNIX was written by geeks—save those keystrokes!
The umount command is polite; if the filesystem is in use, it will not be unmounted because unmounted filesystems cannot be accessed. This means that you won't be able to accidentally unmount your root filesystem (which, incidentally, holds the kernel) or interrupt a write operation.
Of course, UNIX will let you do virtually anything, no matter how foolish or detrimental, if you really want to. By passing the command-line option to force the operation (usually –f; see the mount man page), the filesystem will be gracelessly dropped, killing any ongoing accesses and leaving the filesystem dirty. Be prepared to fsck a forcibly unmounted local filesystem and potentially suffer file corruption. Remote filesystems gracelessly dropped create problems for the remote server to deal with.
"Filesystem Busy" Resolution
Rather than forcing your system to unmount a busy filesystem, take the time to track down the processes or users still using those resources.
Under both Red Hat and Solaris, you can invoke the fuser command on the relevant filesystem name to get a list of processes currently requiring its presence. You might be surprised to find that your own shell is the obstacle; make sure that you are not currently in the filesystem that you are trying to unmount!
The fstab and vfstab Files
It would be awfully tedious and time-consuming to make sysadmins manually mount all filesystems manually every time the system rebooted. From laziness (and perhaps a sense of efficiency) is born automation. Recall the rc scripts mentioned in Chapter 1, "Startup and Shutdown," that take care of mounting routine filesystems (local, pseudo, and network) at boot-time. The rc scripts must get a list of these filesystems from somewhere, though.
On Red Hat, the relevant file is /etc/fstab; on Solaris, it is /etc/vfstab. Although both have the same basic function, their formats are quite different. Note that all lines beginning with a # are comments.
What's This "tab" File Business?
As with most "<something>tab" files, the "tab" is short for table. fstab, therefore, is the filesystem table file—it contains information about filesystems in tabular form. vfstab is the virtual filesystem table—a mild naming-convention difference that makes cross-platform sysadmin so interesting.
Also note that, as we have mentioned before, not all the entries in the [v]fstab must be mounted at any given time. This means that you can make entries for filesystems that you might want to regularly mount but not have come up on when the system boots (it's just a matter of setting the right options in the table file).
Red Hat: /etc/fstab
Note: We added the comment lines at the beginning of this file listing for the sake of clarity.
#device mount FS mount dump fsck #to mount point type options frequency pass # LABEL=/ / ext2 defaults 1 1 LABEL=/boot /boot ext2 defaults 1 2 /dev/fd0 /mnt/floppy auto noauto,owner 0 0 none /proc proc defaults 0 0 none /dev/pts devpts gid=5,mode=620 0 0 /dev/hda3 swap swap defaults 0 0 /dev/cdrom /mnt/cdrom iso9660 noauto,owner, kudzu,ro 0 0 bsdserver:/accounting /accounting nfs rw,nosuid,nodev 0 0
The first field lists the local device name or remote filesystem to be mounted. Notice that pseudofilesystems have "none" in this field.
The second field lists the local mount point (which is also the mounted filesystem's local name). Notice that swap has "none" in this field.
The third field lists the filesystem type/instance. See the earlier table on filesystems currently supported by Red Hat.
The fourth field lists mounting options for the filesystem. These allow you to control read and write privileges, setuid bit honoring, and other performance- and security-related settings. Some recommended settings include these:
noauto—Do not mount the filesystem unless specifically invoked (i.e. mount –a will not mount it).
nodev—Do not honor any device files in the filesystem. This is a security precaution.
noexec—Do not execute any binaries in the filesystem. This is another security precaution that should be used with care (and not on an application server's application-service filesystems).
nosuid—Do not honor any setuid or setgid permission bits on any files in the filesystem. This is a security precaution that should be used with care; the filesystem containing the kernel, local password-changing binaries, and other critical programs should not have this option set.
usrquota—Enable user-based quotas (for ext2 filesystems only).
grpquota—Enable group-based quotas (for ext2 filesystems only).
ro—Mount the filesystem read-only. This is a security precaution that is not useful on filesystems that users need to write to (including home filesystems and tmp space).
For recommended remote filesystem mount options, see Chapter 13.
The fifth field lists how often dump should back up the filesystem. A value of "0" means that the filesystem is either not dumped at all or is dumped by some other method.
The sixth field lists the order in which fsck checks and corrects filesystem inconsistencies at boot time. A value of "0" means that the filesystem is not checked at all and must be checked manually if there is a problem. Note that network-based filesystems are never checked by fsck. Red Hat recommends that the root filesystem be assigned a value of "1" so that it is checked first and that all other filesystems be given a value of "2." All filesystems with the same field value are checked in parallel, if possible.
Although filesystem quotas are not indicated in the /etc/fstab file, they still need to be enabled for each filesystem that you want regulated via quotaon. Note that quotaon is called automatically at boot time via rc files but can be invoked manually when first setting up quotas on a filesystem.
Solaris: /etc/vfstab
#device device mount FS fsck mount mount #to mount to fsck point type pass at boot options # /proc - /proc proc - no - fd - /dev/fd fd - no - swap - /tmp tmpfs - yes - /dev/dsk/c0t0d0s0 /dev/rdsk/c0t0d0s0 / ufs 1 no - /dev/dsk/c0t0d0s3 /dev/rdsk/c0t0d0s3 /space ufs 1 yes - /dev/dsk/c0t0d0s1 - - swap - no - linuxserver:/research/data - /mnt nfs - yes nodev, _noexec,nosuid
The first field lists the local device name or remote filesystem to be mounted.
The second field lists the raw device that is passed to fsck. Note that this option is not available under Red Hat and is only applicable to local filesystem instances. Entries for which this field is not applicable should contain "-".
The third field lists the local mount point (which is also the mounted filesystem's local name). Notice that swap has "-" in this field.
The fourth field lists the filesystem type/instance. See Table 3.6 for filesystems currently supported by Solaris.
The fifth field lists the order in which fsck checks and corrects filesystem inconsistencies at boot time. A value of "-" means that the filesystem is not checked at all and must be checked manually if there is a problem. Note that network-based filesystems are never checked by fsck. All filesystems with the same field value are checked in parallel, if possible.
The sixth field lists whether the filesystem should be mounted at boot time.
The seventh field lists mounting options for the filesystem. As mentioned in the last section, these options allow you to control read and write privileges, setuid bit honoring, and other performance- and security-related settings. Some recommended settings include these:
nosuid—Do not honor any setuid or setgid permission bits on any files in the filesystem. This is a security precaution that should be used with care; the filesystem containing the kernel, local password-changing binaries, and other critical programs should not have this option set.
quota—Turn on full quota management for the filesystem.
ro—Mount the filesystem read-only. This is a security precaution that is not useful on filesystems that users need to write to (including home filesystems and tmp space).
Again, for recommended remote filesystem mount options, see Chapter 13.
So, How Do [v]fstab and mount Work Together?
Through the rc files. At boot time, the system checks the [v]fstab file for both local and remote mount specifications.
2. At manual invocation of mount. If you call mount with just a filesystem name ("mount /space"), the system will first check if there is a related entry in [v]fstab. If so, the appropriate device will be mounted with the options given in [v]fstab. If not, the system will complain about either a missing mount point or a missing entry in the filesystem table file. Note that mount –a will mount all entries in [v]fstab, if possible.
Space Management
As mentioned before, there is really only one way to enforce space usage limitations within a filesystem: set quotas. Red Hat allows you to set quotas either by user or by group. Solaris limits you to setting user quotas only.
Be aware that these settings are done on a per-filesystem basis. Although this gives you good granularity for space allocation across different storage areas, it also means that you must assign and maintain quotas across all those areas. A user with no quota assigned for a given filesystem may use as much space as is available with no limits.
Tips for Handling Quotas
Your user creation scripts or procedures should add a default quota for the new user.
Disks with quotas should have quota checking enabled at boot time. This can be configured in [v]fstab.
Your user-deletion scripts should remove quotas. Unused quota entries add overhead to each disk write operation.
Quota Guidelines
Here are a few guidelines to keep in mind when setting quotas:
Define the goal for your use of quotas. Are you trying to prevent the disk from getting filled up by errant processes or mailer loops? Or are you trying to precisely divide out disk space, making sure that everyone gets the same-size slice of the pie?
This is a balancing act: If you dole out disk space exactly, you are likely to leave large portions unused when users are under their usage limit. This is, of course, not a problem until you realize that there is often quite differential usage among users—some (legitimately) need a great deal of space, while others don't. Strict rationing can cause resource starvation for no reason.
Are most of your users disk space–intensive? Will your users immediately use their entire quota or do they keep fairly minimal files on the system? General entropy (and our observations) suggests that eventually all available space will be filled, but you will need to monitor the system to find out the rate at which this occurs. This affects what kind of quotas you set and also how often you need to ask for more disk space (and how much).
Do users have access to write to system-critical areas? The answer here should be "No," but in case it isn't (for whatever reason), consider setting a fairly stringent quota for all users with access to the area. That way they won't damage system performance by filling up a filesystem.
Set quotas on all user-accessible filesystems. Though it might seem like overkill, every user should have a quota on every filesystem that they can access. This is especially important in space bill-back situations when users or departments must pay for the space they consume. If users can write to areas other than their own home filesystems, they might (intentionally or not) have files scattered and unaccounted for.
We recommend that, at the very least, you set user quotas to three-fourths of the partition size (perhaps slightly more if the partition is solely dedicated to the user in question). This will help cap runaway processes and also alert both users and admins when usage is nearing capacity.
Use caution when assigning quotas to system accounts (such as root). In fact, system accounts should not have quotas. Should you run into some pressing need, though, remember that if root can't write any more files, the system is going nowhere after a while.
Quota Definitions
You can limit two things by filesystem quotas: block usage (file space) and inode usage (number of files). Respectively, these prevent users from filling up too much space or hoarding too many inodes when both have a finite limit.
There are also two kinds of limit: soft and hard. The soft limit is the actual quota that the user is assigned, whether of blocks or of inodes. When the user has reached or surpassed this limit, the user has a preset grace period in which to lower usage (or get a quota boost from the sysadmin). After the grace period expires, the user will no longer be able to create new files. This might mean that the user can no longer log in, can no longer send or receive email, or other such unfortunate consequences. In fact, if a user reports one of these dilemmas, be sure to check quota usage before panicking about a deeper systemic problem.
The hard limit represents the absolute ceiling of resources that the user may consume within the grace period allotted. If there is no grace period, the soft limit effectively becomes the hard limit. We recommend a grace period of between three and seven days and a sensible margin of space between the soft and hard limits (this will vary, depending on your specific disk space, user pool, and applications).
Red Hat
Quotas are available by default with the ext2 filesystem. To enable quotas for a filesystem (listed in /etc/fstab) called /space, do the following:
Become root.
mount /space.
Add "usrquota" and/or "grpquota" to the "mount options" column of the /etc/fstab entry for /space.
touch /space/aquota.user /space/aquota.group
chmod 600 /space/aquota.user /space/aquota.group
quotacheck –auvg. (Note: This will produce some "truncation" error messages. This is okay.)
Now you may add quotas for users on /space.
To set quotas for an individual user on a Red Hat system, you can use the command-line setquota or the interactive command edquota. Note that setquota can also be used to reset the grace period's expiration time.
When invoked, edquota reports on current usage on all filesystems that have quotas currently turned on. When edquota valjean is run, it brings up the following information with vi or your shell's current EDITOR environment variable. Simply edit the numbers to the right of the various "=" signs to set new limits:
Edit block and inode quota for user valjean: Device /dev/hda1 (/space): Used 2567KB, limits: soft=50000 hard=51000 Used 80 inodes, limits: soft=1000 hard=2000
Editing the informational statistics will have no effect on actual usage.
To check valjean's current space usage in all filesystems with quotas turned on, invoke quota –v valjean:
[linux:25 ~]quota -v valjean Disk quotas for user valjean(24601): Filesystem blocks quota limit grace files quota limit grace /dev/hda1 0 50000 51000 0 1000 2000
The usage numbers should only be considered fully accurate if the quotacheck command is run on the filesystem of interest first. See the man page for more details.
If valjean does not have quotas set on any filesystem, you will see a message like, "Disk quotas for user valjean(24601): None".
Solaris
Quotas are also available by default with the ufs filesystem. To enable quotas for a filesystem (listed in /etc/vfstab) called /space, do the following:
Become root.
mount /space.
touch /space/quotas
chmod 600 /space/quotas
Add "quota" to the "mount options" column of the /etc/vfstab entry for /space.
/usr/sbin/quotaon /space
Now you may add quotas for users.
To set quotas for an individual user on a Solaris system, you can use the interactive command edquota. Note that edquota -t can be used to reset the grace period's expiration time.
When edquota valjean is run, it brings up the following information with vi or your shell's current EDITOR environment variable. Again, all filesystems that currently have quotas turned on are displayed. Simply edit the numbers to the right of the various "=" signs to set new limits:
fs /space blocks (soft = 50000, hard = 51000) inodes (soft = 1000, hard = 2000)
Users with a UID greater than 67,108,864 cannot be assigned quotas under Solaris.
To check valjean's current space usage in all filesystems with quotas turned on, invoke quota –v valjean:
[sun:25 ~]quota -v valjean Disk quotas for valjean (uid 24601): Filesystem usage quota limit timeleft files quota limit timeleft /space 2543 50000 51000 75 1000 2000
Again, these usage numbers should only be considered fully accurate if the quotacheck command is run on the filesystem of interest first. See the man page for more details.
If valjean does not have quotas set on any filesystem, you will see a message like, "no disk quota for valjean (uid 24601)".
For both Red Hat and Solaris, to make quotas take effect, quotaon must be run at each boot. This is done automatically via the boot-time rc files after the steps just outlined are completed.
Filesystem Space Monitoring
Now that you know how to invoke mounts both automatically and manually, you need to know how to query the system for its current filesystem mount status. On both Red Hat and Solaris, use the df command. The -k option makes all sizes to be reported in kilobytes (Kb):
[linux:17 ~]df -k Filesystem 1k-blocks Used Available Use% Mounted on /dev/hda4 11179696 1381344 9230456 14% / /dev/hda1 31079 3485 25990 12% /boot [sun:17 ~]df -k Filesystem kbytes used avail capacity Mounted on /dev/dsk/c0t0d0s0 6191949 4845981 1284049 80% / /proc 0 0 0 0% /proc fd 0 0 0 0% /dev/fd mnttab 0 0 0 0% /etc/mnttab swap 576368 16 576352 1% /var/run swap 576464 112 576352 1% /tmp /dev/dsk/c0t0d0s3 7995933 9623 7906351 1% /space
Notice that Solaris displays information about pseudofilesystems, whereas Red Hat does not.
Red Hat also supports the "-i" option for df; it reports statistics about the filesystem's inode usage:
[linux:18 ~]df -i Filesystem Inodes IUsed IFree IUse% Mounted on /dev/hda4 1419840 79243 1340597 6% / /dev/hda1 8032 26 8006 1% /boot /dev/hda1 8032 26 8006 1% /mnt
There's also a command that allows you to examine and summarize disk usage by directory rather than filesystem: du. When passed the "-k" option, du will present its usage report in kilobytes (Kb).
Normally, du will recurse and print space usage information for every subdirectory. To simply present a summary of all file and subdirectory space usage under the directory specified, use the "-s" option.
For example, to see the space usage of all top-level directories in /usr, the command might look like this:
[linux:20 ~]du -ks /usr/* 88828 /usr/bin 4 /usr/dict 4 /usr/etc 40 /usr/games 120 /usr/html 19948 /usr/include 3996 /usr/kerberos 285016 /usr/lib 2264 /usr/libexec 66344 /usr/local 48 /usr/man 5132 /usr/sbin 392388 /usr/share 102200 /usr/src 0 /usr/tmp 79568 /usr/X11R6
But to see the total summary usage for /usr, leave off the wildcard:
[linux:21 ~]du -ks /usr 1045904 /usr
Notice that when /usr is also its own filesystem, df –k will give you equivalent usage information.
One final tool, quot, is offered only by Solaris. This handy command summarizes filesystem usage by user, whether or not quotas have been turned on. It also allows admins to get a true picture of who is using what space, regardless of how it is scattered among directories in the filesystem. The following shows using quot to report on diskspace used, the number of files extant, and the users who own them for all mounted filesystems:
[sun:26 ~]quot -af /dev/rdsk/c0t0d0s0 (/): 3380940 58973 root 1258565 63506 bin 42709 681 daemon 8746 179 lp 186 11 adm 9 8 javert 6 6 eponine 5 5 fantine 2 6 nobody 1 1 valjean /dev/rdsk/c0t0d0s3 (/space): 7678 834 javert 1961 4 root
For more on space-monitoring considerations and method, see the second half of Chapter 23, "Requirements Analysis and Performance Monitoring."