File System

How to display directory contents sorted by modification time

Learn how to sort the output of the ls command to list a directory contents by its modification time.

Summary

Show directory contents sorted by modification date and time

How to find writable files

Learn how to the use the find command to find any files that are writable.

Summary

Find the files that are writable

How to see the size of a directory

Learn how to see the size of a directory or folder on Linux systems using the du command.

Summary

Show disk usage by files and directories

How to see hidden files

Learn how to see any hidden files on the command line or in the terminal using the ls command.

Summary

Show hidden files

How to see files great than a specific size

Learn how to see files smaller or bigger than a specific defined size on Linux, using the du command.

Summary

Show files bigger or smaller than a specified size

How to find when the last modification happened in a directory

Learn how to find the last modification time of a file or subdirectory in a specified directory on Linux.

Summary

Show when the last modification was made within a directory

How to see inode usage

Learn how to see inode usage on a Linux file system or mount point.

Summary

Show used and free disk space

How to see used and free disk space

Learn how to see used and disk space of file systems or mount point on Linux systems.

Summary

Show used and free disk space

How to find symbolic links that point to a directory

Learn how to use the find command to discover symbolic links that refer to a directory.

Summary

Find symbolic links pointing to a directory

How to compare two directories and find the differences

Learn how to compare two directories and see their differences or what files they are having in common.

Summary

Compare two directories, find their differences and what they have in common

How to securely delete a file and its contents

Need to delete the contents of a sensitive file? Instead of just deleting it with rm, look at this option first.

Summary

Learn how to purge data before deleting a file

How to see the creation date of a file

Learn how to use the stat command to find the initial creation time of a file, also known as its birth time.

Summary

Find out when a file was initially created

Understanding the output of the stat command

Learn everything about the output that the stat command returns. Great for forensics, intrusion detection, and system administration.

Summary

The stat command can be used to show file statistics, such as file size, ownership, type, and several timestamps. It is a great addition to ls. Time to let it work for us!

Basic example

If we use the command on our /etc/passwd file, we might get output like below.

# stat /etc/passwd
  File: /etc/passwd
  Size: 3387      	Blocks: 8          IO Block: 4096   regular file
Device: 10303h/66307d	Inode: 47186412    Links: 1
Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2024-05-08 15:17:01.121123879 +0200
Modify: 2024-03-04 14:01:44.569913427 +0100
Change: 2024-03-04 14:01:44.577913496 +0100
 Birth: 2024-03-04 14:01:44.569913427 +0100

Explanation of the fields

Let’s have a look at all the fields and understand what the shared information means.

How to find the biggest directories on disk

Find the biggest directories and files on disk by using the du command.

Summary

Leverage the du command to find the biggest directories

How to change file permissions

Learn how to change the file permissions of files and directories on a Linux system. Follow the examples and make your system more secure.

Summary

Changing file permissions: chmod

The primary command to change file permissions on a Linux system is chmod. It’s a basic system administration utility and pre-installed on the system.

To make changes to an existing directory or file, it is first good to look up the existing permissions. This can be done using the ls -l command, that lists them with the long format.

ls -l /etc/hosts
-rw-r--r-- 1 root root 241 Feb  2 19:10 /etc/hosts

There are two syntax styles to tell chmod what the new value should be. So let’s look at them both.

Linux file permissions

Learn the basics of file permissions on Linux systems and common filesystems such as ext4, XFS, and ZFS. Guided by examples, everyone is able to learn how they work.

Summary

File permissions are stored together with the data on a disk. The Linux kernel uses them to decide which users and processes can access what file.

This page can be considered as a good cheat sheet, while the underlying articles explain how to use this information.

Main permissions

  • Read (r): Allows users to view the contents of a file or directory
  • Write (w): Grants users the ability to modify the contents of a file or directory
  • Execute (x): Enables users to execute a file or access the contents of a directory
PermissionAbbreviationOctal value
Readr4
Writew2
Executex1

Possible combinations:

Introduction in Linux file permissions

Learn the basics of how a Linux system applies file permissions. We look at examples to demystify the permissions mean and learn to troubleshoot common issues.

Summary

Every file that is stored has a set of file permissions stored within the filesystem. This data about the actual data, it called meta-data. Let have a look at how file permissions work on Linux systems and how to read and understand them.

Read, Write, and Execute

Linux file permissions are divided into three main categories:

  • Read (r): Allows users to view the contents of a file or directory
  • Write (w): Grants users the ability to modify the contents of a file or directory
  • Execute (x): Enables users to execute a file or access the contents of a directory

User, Group, and Others

These permissions are each assigned to three entities:

How to find hard links or files that point to a specific file

Learn how to find hardlinks on a file system or which files they have in common. We will use the find command to get this information quickly available.

Summary

If you want to know which hard links are present, the find utility can give you the answer. In this article we have a look at a few ways to discover more information about hard links.

Good to know: a hard link shares the same inode, where a symbolic link has its own inode and just points from one to another.

When we have a directory with hard links, we can discover by looking at the link count of each file. If it has more than 1 link, then there must be a hard link present.

Linux file systems

All articles about the purpose of a file system and how it works. Learn how to become a specialist to further secure your system.

Summary

Linux systems use a file system to store and process data. In this section we have a look at what a file system and supporting articles to learn more about it.

Purpose of a file system

At its core, a file system is the method by which data is organized and stored on a storage device. The storage device is typically a hard drive or solid-state drive (SSD), but it can also be memory. It provides the framework for managing files, directories, and other data structures. Its goal is enabling users and applications to interact with the stored information.

The purpose of the /etc/networks file

Also wondering what some files are used for on Linux systems? In this article we have a look at the /etc/networks file.

Summary

Also wondering what particular files do on Linux? One of those files we recently rediscovered during auditing is the /etc/networks file. For some reason it was always there, yet we never change it.

Screenshot of the contents in /etc/networks

Output of /etc/networks

When looking at the man page of networks(5) we learn its purpose (almost instantly):

  • It translates between IP ranges and network names
  • It is used for tools like netstat and route
  • It only works on class A, B, or C networks
  • It does not work on subnets

Surprisingly enough a test with subnetting actually showed the right names during our test. Digging through the related system calls (getnetbyaddr(3), getnetbyname(3), getnetent(3)), it did not reveal the reason why it worked.

Linux system hardening: adding hidepid to /proc mount point

The pseudo-filesystem /proc contains a lot of useful information for the system administrator. With the hidepid option we can restrict what users can see.

Summary

When looking in /proc you will discover a lot of files and directories. Many of them are just numbers, which represent the information about a particular process ID (PID). By default, Linux systems are deployed to allow all local users to see this all information. This includes process information from other users. This could include sensitive details that you may not want to share with other users. By applying some file system configuration tweaks, we can change this behavior and improve the security of the system.

Linux History: How Dot Files Became Hidden Files

Ever wondered why there are files on your Linux system, starting with a dot? The short answer: they are shortcuts. Here is the full story.

Summary

The history of hidden files

Ever wondered why there are files on your Linux system, starting with a dot? The short answer: they are shortcuts. The story begins many years ago when the first file systems were created on UNIX. To allow easy navigation, a single file with a dot (.) was added to each directory. Secondly, a double dot file (..) was added to easily move up in the directory structure. As these files had no real data in them, a quick hack was added to the ls binary.

Using xattrs or Extended Attributes on Linux

Linux supports extended attributes (xattr) on most file systems. Learn how they work and allow security features like access control lists and more.

Summary

An introduction into extended attributes (xattrs) on Linux

Securing mount points on Linux

Since data is stored on file systems, appropriate measures should be taken to protect it. Learn how to secure mount points on Linux.

Summary

Mount points are defined in /etc/fstab. They link a particular disk pointer to the related device (disk, partition or virtual device). By default the mount options are not focused on security, which gives us a room to further improve hardening of the system. This hardening is especially important considering our most precious data is stored here. Via mount options we can apply additional security controls to protect our data.

Mount point example

Let’s have a look at our /etc/fstab file.

Plus sign in ls output

When file access control lists, or ACLs are being used, the output of ls will change. Learn about the additional plus sign in its output.

Summary

Ever wondered what the plus (+) sign is when showing a directory listing? It is part of a POSIX standard to support access control lists (ACL) on files.

Normal files on a file system will have only 10 characters displayed, with the last 9 used for file permissions. However, when file access control lists are used, an 11th character shows up. This plus sign indicates the usage of a file ACL.