File System

How to display directory contents sorted by modification time

Learn how to sort the output of the ls command to list a directory contents by its modification time.


Show directory contents sorted by modification date and time

How to find writable files

Learn how to the use the find command to find any files that are writable.


Find the files that are writable

How to see the size of a directory

Learn how to see the size of a directory or folder on Linux systems using the du command.


Show disk usage by files and directories

How to see hidden files

Learn how to see any hidden files on the command line or in the terminal using the ls command.


Show hidden files

How to see files great than a specific size

Learn how to see files smaller or bigger than a specific defined size on Linux, using the du command.


Show files bigger or smaller than a specified size

How to find when the last modification happened in a directory

Learn how to find the last modification time of a file or subdirectory in a specified directory on Linux.


Show when the last modification was made within a directory

How to see inode usage

Learn how to see inode usage on a Linux file system or mount point.


Show used and free disk space

How to see used and free disk space

Learn how to see used and disk space of file systems or mount point on Linux systems.


Show used and free disk space

How to find symbolic links that point to a directory

Learn how to use the find command to discover symbolic links that refer to a directory.


Find symbolic links pointing to a directory

How to compare two directories and find the differences

Learn how to compare two directories and see their differences or what files they are having in common.


Compare two directories, find their differences and what they have in common

How to securely delete a file and its contents

Need to delete the contents of a sensitive file? Instead of just deleting it with rm, look at this option first.


Learn how to purge data before deleting a file

How to see the creation date of a file

Learn how to use the stat command to find the initial creation time of a file, also known as its birth time.


Find out when a file was initially created

Understanding the output of the stat command

Learn everything about the output that the stat command returns. Great for forensics, intrusion detection, and system administration.


The stat command can be used to show file statistics, such as file size, ownership, type, and several timestamps. It is a great addition to ls. Time to let it work for us! Basic example If we use the command on our /etc/passwd file, we might get output like below. # stat /etc/passwd File: /etc/passwd Size: 3387 Blocks: 8 IO Block: 4096 regular file Device: 10303h/66307d Inode: 47186412 Links: 1 Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2024-05-08 15:17:01.

How to find the biggest directories on disk

Find the biggest directories and files on disk by using the du command.


Leverage the du command to find the biggest directories

How to change file permissions

Learn how to change the file permissions of files and directories on a Linux system. Follow the examples and make your system more secure.


Changing file permissions: chmod The primary command to change file permissions on a Linux system is chmod. It’s a basic system administration utility and pre-installed on the system. To make changes to an existing directory or file, it is first good to look up the existing permissions. This can be done using the ls -l command, that lists them with the long format. ls -l /etc/hosts -rw-r--r-- 1 root root 241 Feb 2 19:10 /etc/hosts There are two syntax styles to tell chmod what the new value should be.

Linux file permissions

Learn the basics of file permissions on Linux systems and common filesystems such as ext4, XFS, and ZFS. Guided by examples, everyone is able to learn how they work.


File permissions are stored together with the data on a disk. The Linux kernel uses them to decide which users and processes can access what file. This page can be considered as a good cheat sheet, while the underlying articles explain how to use this information. Main permissions Read (r): Allows users to view the contents of a file or directory Write (w): Grants users the ability to modify the contents of a file or directory Execute (x): Enables users to execute a file or access the contents of a directory Permission Abbreviation Octal value Read r 4 Write w 2 Execute x 1 Possible combinations:

Introduction in Linux file permissions

Learn the basics of how a Linux system applies file permissions. We look at examples to demystify the permissions mean and learn to troubleshoot common issues.


Every file that is stored has a set of file permissions stored within the filesystem. This data about the actual data, it called meta-data. Let have a look at how file permissions work on Linux systems and how to read and understand them. Read, Write, and Execute Linux file permissions are divided into three main categories: Read (r): Allows users to view the contents of a file or directory Write (w): Grants users the ability to modify the contents of a file or directory Execute (x): Enables users to execute a file or access the contents of a directory User, Group, and Others These permissions are each assigned to three entities:

How to find hard links or files that point to a specific file

Learn how to find hardlinks on a file system or which files they have in common. We will use the find command to get this information quickly available.


If you want to know which hard links are present, the find utility can give you the answer. In this article we have a look at a few ways to discover more information about hard links. Good to know: a hard link shares the same inode, where a symbolic link has its own inode and just points from one to another. Show all hard links within a specific file system or directory When we have a directory with hard links, we can discover by looking at the link count of each file.

Linux file systems

All articles about the purpose of a file system and how it works. Learn how to become a specialist to further secure your system.


Linux systems use a file system to store and process data. In this section we have a look at what a file system and supporting articles to learn more about it. Purpose of a file system At its core, a file system is the method by which data is organized and stored on a storage device. The storage device is typically a hard drive or solid-state drive (SSD), but it can also be memory.

The purpose of the /etc/networks file

Also wondering what some files are used for on Linux systems? In this article we have a look at the /etc/networks file.


Also wondering what particular files do on Linux? One of those files we recently rediscovered during auditing is the /etc/networks file. For some reason it was always there, yet we never change it. Output of /etc/networks When looking at the man page of networks(5) we learn its purpose (almost instantly): It translates between IP ranges and network names It is used for tools like netstat and route It only works on class A, B, or C networks It does not work on subnets Surprisingly enough a test with subnetting actually showed the right names during our test.

Linux system hardening: adding hidepid to /proc mount point

The pseudo-filesystem /proc contains a lot of useful information for the system administrator. With the hidepid option we can restrict what users can see.


When looking in /proc you will discover a lot of files and directories. Many of them are just numbers, which represent the information about a particular process ID (PID). By default, Linux systems are deployed to allow all local users to see this all information. This includes process information from other users. This could include sensitive details that you may not want to share with other users. By applying some file system configuration tweaks, we can change this behavior and improve the security of the system.

Linux History: How Dot Files Became Hidden Files

Ever wondered why there are files on your Linux system, starting with a dot? The short answer: they are shortcuts. Here is the full story.


The history of hidden files Ever wondered why there are files on your Linux system, starting with a dot? The short answer: they are shortcuts. The story begins many years ago when the first file systems were created on UNIX. To allow easy navigation, a single file with a dot (.) was added to each directory. Secondly, a double dot file (..) was added to easily move up in the directory structure.

Using xattrs or Extended Attributes on Linux

Linux supports extended attributes (xattr) on most file systems. Learn how they work and allow security features like access control lists and more.


An introduction into extended attributes (xattrs) on Linux

Securing mount points on Linux

Since data is stored on file systems, appropriate measures should be taken to protect it. Learn how to secure mount points on Linux.


Mount points are defined in /etc/fstab. They link a particular disk pointer to the related device (disk, partition or virtual device). By default the mount options are not focused on security, which gives us a room to further improve hardening of the system. This hardening is especially important considering our most precious data is stored here. Via mount options we can apply additional security controls to protect our data. Mount point example Let’s have a look at our /etc/fstab file.

Plus sign in ls output

When file access control lists, or ACLs are being used, the output of ls will change. Learn about the additional plus sign in its output.


Ever wondered what the plus (+) sign is when showing a directory listing? It is part of a POSIX standard to support access control lists (ACL) on files. Normal files on a file system will have only 10 characters displayed, with the last 9 used for file permissions. However, when file access control lists are used, an 11th character shows up. This plus sign indicates the usage of a file ACL.