File System
How to display directory contents sorted by modification time
Learn how to sort the output of the ls command to list a directory contents by its modification time.
Summary
Show directory contents sorted by modification date and time
How to find writable files
Learn how to the use the find command to find any files that are writable.
Summary
Find the files that are writable
How to see the size of a directory
Learn how to see the size of a directory or folder on Linux systems using the du command.
Summary
Show disk usage by files and directories
How to see hidden files
Learn how to see any hidden files on the command line or in the terminal using the ls command.
Summary
Show hidden files
How to see files great than a specific size
Learn how to see files smaller or bigger than a specific defined size on Linux, using the du command.
Summary
Show files bigger or smaller than a specified size
How to find when the last modification happened in a directory
Learn how to find the last modification time of a file or subdirectory in a specified directory on Linux.
Summary
Show when the last modification was made within a directory
How to see inode usage
Learn how to see inode usage on a Linux file system or mount point.
Summary
Show used and free disk space
How to see used and free disk space
Learn how to see used and disk space of file systems or mount point on Linux systems.
Summary
Show used and free disk space
How to find symbolic links that point to a directory
Learn how to use the find command to discover symbolic links that refer to a directory.
Summary
Find symbolic links pointing to a directory
How to compare two directories and find the differences
Learn how to compare two directories and see their differences or what files they are having in common.
Summary
Compare two directories, find their differences and what they have in common
How to securely delete a file and its contents
Need to delete the contents of a sensitive file? Instead of just deleting it with rm, look at this option first.
Summary
Learn how to purge data before deleting a file
How to see the creation date of a file
Learn how to use the stat command to find the initial creation time of a file, also known as its birth time.
Summary
Find out when a file was initially created
Understanding the output of the stat command
Learn everything about the output that the stat command returns. Great for forensics, intrusion detection, and system administration.
Summary
The stat command can be used to show file statistics, such as file size, ownership, type, and several timestamps. It is a great addition to ls. Time to let it work for us!
Basic example
If we use the command on our /etc/passwd file, we might get output like below.
# stat /etc/passwd
File: /etc/passwd
Size: 3387 Blocks: 8 IO Block: 4096 regular file
Device: 10303h/66307d Inode: 47186412 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2024-05-08 15:17:01.121123879 +0200
Modify: 2024-03-04 14:01:44.569913427 +0100
Change: 2024-03-04 14:01:44.577913496 +0100
Birth: 2024-03-04 14:01:44.569913427 +0100
Explanation of the fields
Let’s have a look at all the fields and understand what the shared information means.
How to find the biggest directories on disk
Find the biggest directories and files on disk by using the du command.
Summary
Leverage the du command to find the biggest directories
How to change file permissions
Learn how to change the file permissions of files and directories on a Linux system. Follow the examples and make your system more secure.
Summary
Changing file permissions: chmod
The primary command to change file permissions on a Linux system is chmod
. It’s a basic system administration utility and pre-installed on the system.
To make changes to an existing directory or file, it is first good to look up the existing permissions. This can be done using the ls -l
command, that lists them with the long format.
ls -l /etc/hosts
-rw-r--r-- 1 root root 241 Feb 2 19:10 /etc/hosts
There are two syntax styles to tell chmod what the new value should be. So let’s look at them both.
Linux file permissions
Learn the basics of file permissions on Linux systems and common filesystems such as ext4, XFS, and ZFS. Guided by examples, everyone is able to learn how they work.
Summary
File permissions are stored together with the data on a disk. The Linux kernel uses them to decide which users and processes can access what file.
This page can be considered as a good cheat sheet, while the underlying articles explain how to use this information.
Main permissions
- Read (r): Allows users to view the contents of a file or directory
- Write (w): Grants users the ability to modify the contents of a file or directory
- Execute (x): Enables users to execute a file or access the contents of a directory
Permission | Abbreviation | Octal value |
---|---|---|
Read | r | 4 |
Write | w | 2 |
Execute | x | 1 |
Possible combinations:
Introduction in Linux file permissions
Learn the basics of how a Linux system applies file permissions. We look at examples to demystify the permissions mean and learn to troubleshoot common issues.
Summary
Every file that is stored has a set of file permissions stored within the filesystem. This data about the actual data, it called meta-data. Let have a look at how file permissions work on Linux systems and how to read and understand them.
Read, Write, and Execute
Linux file permissions are divided into three main categories:
- Read (r): Allows users to view the contents of a file or directory
- Write (w): Grants users the ability to modify the contents of a file or directory
- Execute (x): Enables users to execute a file or access the contents of a directory
User, Group, and Others
These permissions are each assigned to three entities:
How to find hard links or files that point to a specific file
Learn how to find hardlinks on a file system or which files they have in common. We will use the find command to get this information quickly available.
Summary
If you want to know which hard links are present, the find
utility can give you the answer. In this article we have a look at a few ways to discover more information about hard links.
Good to know: a hard link shares the same inode, where a symbolic link has its own inode and just points from one to another.
Show all hard links within a specific file system or directory
When we have a directory with hard links, we can discover by looking at the link count of each file. If it has more than 1 link, then there must be a hard link present.
Linux file systems
All articles about the purpose of a file system and how it works. Learn how to become a specialist to further secure your system.
Summary
Linux systems use a file system to store and process data. In this section we have a look at what a file system and supporting articles to learn more about it.
Purpose of a file system
At its core, a file system is the method by which data is organized and stored on a storage device. The storage device is typically a hard drive or solid-state drive (SSD), but it can also be memory. It provides the framework for managing files, directories, and other data structures. Its goal is enabling users and applications to interact with the stored information.
The purpose of the /etc/networks file
Also wondering what some files are used for on Linux systems? In this article we have a look at the /etc/networks file.
Summary
Also wondering what particular files do on Linux? One of those files we recently rediscovered during auditing is the /etc/networks file. For some reason it was always there, yet we never change it.
When looking at the man page of networks(5) we learn its purpose (almost instantly):
- It translates between IP ranges and network names
- It is used for tools like netstat and route
- It only works on class A, B, or C networks
- It does not work on subnets
Surprisingly enough a test with subnetting actually showed the right names during our test. Digging through the related system calls (getnetbyaddr(3), getnetbyname(3), getnetent(3)), it did not reveal the reason why it worked.
Linux system hardening: adding hidepid to /proc mount point
The pseudo-filesystem /proc contains a lot of useful information for the system administrator. With the hidepid option we can restrict what users can see.
Summary
When looking in /proc you will discover a lot of files and directories. Many of them are just numbers, which represent the information about a particular process ID (PID). By default, Linux systems are deployed to allow all local users to see this all information. This includes process information from other users. This could include sensitive details that you may not want to share with other users. By applying some file system configuration tweaks, we can change this behavior and improve the security of the system.
Linux History: How Dot Files Became Hidden Files
Ever wondered why there are files on your Linux system, starting with a dot? The short answer: they are shortcuts. Here is the full story.
Summary
The history of hidden files
Ever wondered why there are files on your Linux system, starting with a dot? The short answer: they are shortcuts. The story begins many years ago when the first file systems were created on UNIX. To allow easy navigation, a single file with a dot (.) was added to each directory. Secondly, a double dot file (..) was added to easily move up in the directory structure. As these files had no real data in them, a quick hack was added to the ls binary.
Using xattrs or Extended Attributes on Linux
Linux supports extended attributes (xattr) on most file systems. Learn how they work and allow security features like access control lists and more.
Summary
An introduction into extended attributes (xattrs) on Linux
Securing mount points on Linux
Since data is stored on file systems, appropriate measures should be taken to protect it. Learn how to secure mount points on Linux.
Summary
Mount points are defined in /etc/fstab. They link a particular disk pointer to the related device (disk, partition or virtual device). By default the mount options are not focused on security, which gives us a room to further improve hardening of the system. This hardening is especially important considering our most precious data is stored here. Via mount options we can apply additional security controls to protect our data.
Mount point example
Let’s have a look at our /etc/fstab file.
Plus sign in ls output
When file access control lists, or ACLs are being used, the output of ls will change. Learn about the additional plus sign in its output.
Summary
Ever wondered what the plus (+) sign is when showing a directory listing? It is part of a POSIX standard to support access control lists (ACL) on files.
Normal files on a file system will have only 10 characters displayed, with the last 9 used for file permissions. However, when file access control lists are used, an 11th character shows up. This plus sign indicates the usage of a file ACL.