Guide to Unix/Files
The fstab (for file systems table) file is commonly found on Unix and Unix-like systems and is part of the system configuration. The fstab file typically lists all used disks and disk partitions, and indicates how they are to be used or otherwise integrated into the overall system's file system.
Traditionally, the fstab was only read by programs, and not written to. However, more modern system administration tools can automatically build and edit fstab, or act as graphical editors for it. It is the duty of the system administrator to properly create and maintain this file.
The file may have other names on a given Unix variant; for example, it is
/etc/vfstab on Solaris.
# device name mount point fs-type options dump-freq pass-num LABEL=/ / ext3 defaults 1 1 none /dev/pts devpts gid=5,mode=620 0 0 none /proc proc defaults 0 0 none /dev/shm tmpfs defaults 0 0 # my removable media /dev/cdrom /mnt/cdrom udf,iso9660 noauto,owner,kudzu,ro 0 0 /dev/fd0 /mnt/floppy auto noauto,owner,kudzu 0 0 # my NTFS Windows XP partition /dev/hda1 /mnt/WinXP ntfs ro,defaults 0 0 /dev/hda6 swap swap defaults 0 0 # my files partition shared by windows and linux /dev/hda7 /mnt/shared vfat umask=000 0 0
The first column indicates the device name or other means of locating the partition or data source. The second column indicates where the data is to be attached to the filesystem. The third column indicates the filesystem type, or algorithm to use to interpret the filesystem. The fourth column gives options, including if the filesystem should be mounted at boot. The fifth column adjusts the archiving schedule for the partition (used by dump). The sixth column indicates the order in which the fsck utility will scan the partitions for errors when the computer powers on. A value of zero in either of the last 2 columns disables the corresponding feature (http://www.humbug.org.au/talks/fstab/fstab_structure.html).
To get more information about the fstab file you can read the man page about it.
/etc/group stores the definitive list of the users groups and their members.
A typical entry is:
It has four sections which going from left to right are,
- (root) The group name.
- () The group password in a hashed form. Normally not. When it is, it allows any user knowing the password access to the group, as such it lessens security. Group-passwords may be shadowed and stored in a separate file.
- (0) The unique id assigned to the group. Group ids below 10 are reserved for system use. Some unixs such as HP-UX reserve other groups numbers as well.
- (root,alice) The list of users who are members of that group.
/etc/passwd is the user authentication database, it contains a list of users and their associated internal user id numbers. Historically it also included passwords, however as this file needs to world readable (so all programs can use it to convert between username and user id) it is no longer considered secure to keep passwords in this file.
An entry in this file is of the form:
It has seven sections which going from left to right are,
- (alice) The username.
- (*) The password in a hashed form. In modern systems a star indicates shadowing is in use and hence the password can be found in /etc/shadow/.
- (134) The unique id assigned to the user. Some unique ids have special purposes. For example the user id 0 is used for the root user.
- (20) The group that the user is assigned to upon login.
- (Alice Monkey) The GCOS field, can be used for anything or left blank. Normally used for personal information abou the user such as full name.
- (/home/alice/) The home directory of the user.
- (/bin/bash) The users default shell.
/etc/profile contains the system default settings for users who login using the Bourne shell, "/bin/sh". When these users login, the Bourne shell runs the commands in this file before giving the shell prompt to the user. Most of these commands are variable assignments which configure the behavior of the shell.
Some Bourne-compatible shells also use this file, but other shells, such as the C shell, do not.
/etc/shadow contains the passwords for users in systems which use shadowing.
The sections are:
- (alice) The username.
- (43SrweDe3F) The password in hashed form.
- (621) date of last password change.
- (5) the mimimum number of days before the password may be changed.
- (30) the maximum number of days before the user is forced to change their password.
- (10) the number of days after which a user is advised to change their password.
- (100) the maximum number of days an account can be inactive for before it is suspeneded.
- (900) the date the account will expire, if left blank the account will remain indefinitely. Most often used for the purpose of temporary accounts.
/etc/sysctl.conf configures the behavior of the running Unix kernel. During system boot, the scripts read this file and use "sysctl" to set the parameters shown in the file. Changing the file has no effect before the next reboot.
Files to be merged in to the list
- /etc/aliases - file containing aliases used by sendmail and other MTAs (mail transport agents). After updating this file, it is necessary to run the newaliases utility for the changes to be passed to sendmail.
- /etc/bashrc - system-wide default functions and aliases for the bash shell
- /etc/conf.modules - aliases and options for configurable modules
- /etc/crontab - shell script to run different commands periodically (hourly, daily, weekly, monthly, etc.)
- /etc/DIR_COLORS - used to store colors for different file types when using ls command. The dircolors command uses this file when there is not a .dir_colors file in the user's home directory. Used in conjunction with the eval command (see below).
- /etc/exports - specifies hosts to which file systems can be exported using NFS. Man exports contains information on how to set up this file for remote users.
- /etc/fstab - contains information on partitions and filesystems used by system to mount different partitions and devices on the directory tree
- /etc/HOSTNAME - stores the name of the host computer
- /etc/hosts - contains a list of host names and absolute IP addresses.
- /etc/hosts.allow - hosts allowed (by the tcpd daemon) to access Internet services
- /etc/hosts.deny - hosts forbidden (by the tcpd daemon) to access Internet services
- /etc/group - similar to /etc/passwd but for groups
- /etc/inetd.conf - configures the inetd daemon to tell it what TCP/IP services to provide (which daemons to load at boot time). A good start to securing a Linux box is to turn off these services unless they are necessary.
- /etc/inittab - runs different programs and processes on startup. This is typically the program which is responsible for, among other things, setting the default runlevel, running the rc.sysinit script contained in /etc/rc.d, setting up virtual login terminals, bringing down the system in an orderly fashion in response to [Ctrl][Alt][Del], running the rc script in /etc/rc.d, and running xdm for a graphical login prompt (only if the default runlevel is set for a graphical login).
- /etc/issue - pre-login message. This is often overwitten by the /etc/rc.d/rc.S script (in Slackware) or by the /etc/rc.d/rc.local script (in Mandrake and Red Hat, and perhaps other rpm-based distributions). The relevant lines should be commented out (or changed) in these scripts if a custom pre-login message is desired.
- /etc/lilo.conf - configuration file for lilo boot loader
- /etc/motd - message of the day file, printed immediately after login. This is often overwritten by /etc/rc.d/rc.S (Slackware) or /etc/rc.d/rc.local (Mandrake/Red Hat) on startup. See the remarks in connection with /etc/issue.
- /etc/mtab - shows currently mounted devices and partitions and their status
- /etc/passwd - contains passwords and other information concerning users who are registered to use the system. For obvious security reasons, this is readable only by root. It can be modified by root directly, but it is preferable to use a configuration utility such as passwd to make the changes. A corrupt /etc/passwd file can easily render a Linux box unusable.
- /etc/printcap - shows the setup of printers
- /etc/profile - sets system-wide defaults for bash shell. It is this file in Slackware that sets up the DIR_COLORS environment variable for the color ls command. Also sets up other system-wide environment variables.
- /etc/resolv.conf - contains a list of domain name servers used by the local machine
- /etc/securetty - contains a list of terminals on which root can login. For security reasons, this should not include dialup terminals.
- /etc/termcap - ASCII database defining the capabilities and characteristics of different consoles, terminals, and printers
- /etc/X11/XF86Config - X configuration file. The location in Slackware is /etc/XF86Config.
- /proc/cpuinfo - cpu information
- /proc/filesystems - prints filesystems currently in use
- /proc/interrupts - prints interrupts currently in use
- /proc/ioports - contains a list of the i/o addresses used by various devices connected to the computer
- /proc/kcore - The command ls -l /proc/kcore will give the amount of RAM on the computer. It's also possible to use the free command to get the same information (and more).
- /proc/version - prints Linux version and other info
- /var/log/messages - used by syslog daemon to store kernel boot-time messages
- /var/log/lastlog - used by system to store information about last boot (can be read with lastlog)
- /var/log/wtmp - contains binary data indicating login times and duration for each user on system (can be read with last)
- /var/log/btmp - contains binary data indicating failed attempts to login (can be read with lastb)
- /var/run/utmp - contains binary data indicating currently logged-in users (can be read with who)
- /boot/vmlinuz - the typical location and name of the Linux kernel. In the Slackware distribution, the kernel is located at /vmlinuz.
- /boot/grub/menu.lst - has configuration settings for users of the GRUB bootloader for the available kernels and OS's which can continue the boot process.
/dev/cdrom is not an actual device, but on many systems it is a symbolic link to the actual CD device. For example, a Linux system with /dev/hdb for its floppy drive is likely to have a link /dev/cdrom which redirects to /dev/hdb.
At Linux, /dev/fd0 is the first floppy disk drive at the system. Use /dev/fd0H1440 to operate the first floppy drive in high density mode. Generally, this is invoked when formatting a floppy drive for a particular density. Slackware comes with drivers that allow for formatting a 3.5" diskette with up to 1.7MB of space. Red Hat and Mandrake do not contain these device driver files by default.
Likewise, /dev/fd1 is the second floppy disk drive.
At Linux, /dev/hda is the first IDE hard drive. The second drive is either /dev/hdb or /dev/hdc, depending on the hardware configuration. Some IDE hardware allows up to four drives, including /dev/hdd.
Many machines have one hard drive (hda) and one cdrom drive (hdc on many machines, but hdb on some). Often, /dev/cdrom is a symbolic link to the cdrom drive.
Partitions are numbered from 1, like /dev/hda1, /dev/hda2, ...
/dev/null is a do-nothing device to use when one wants to ignore or delete program output. This file is useful when a program expects to save to a file, but you want not to save anything. This file can also be used as input to a program to represent an empty file.
There is no actual hardware associated with the /dev/null device.
Deleting file called "x" (command rm x) sometimes causes an error, for example if the file does not exist:
$ rm x rm: x: No such file or directory
One can hide the error by redirecting it to a file. By using /dev/null as the file, the error never saves to an actual file.
Bourne shell: $ rm x > /dev/null 2>&1
In the Bourne shell, the "2>&1" redirects the standard error of "rm" (where the error appears) to standard output, then the ">" redirects the standard output to /dev/null.
One way to make an empty file called "y" is:
$ cat /dev/null > y
The "cat" command copies the file "/dev/null" to standard output, and the shell operator ">" redirects this output to "y". The "/dev/null" file seems empty when read, so the file "y" appears, but is also empty. (Note that in this case, simply "> y" will do the same thing.)
There is some redundancy across these programs. For example, the look and behavior of emacs can be customized by using the .emacs file, but also by adding the appropriate modifications to the .Xdefaults file. Default versions of these files are often installed in users' home directories when the software packages that use them are installed. If a program doesn't find its configuration file in the user's home directory, it will often fall back on a system-wide default configuration file installed in one of the subdirectories that the package lives in.
- .bash_logout - file executed by bash shell on logout
- .bash_profile - initialization of bash shell run only on login. Bash looks first for a .bash_profile file when started as a login shell or with the -login option. If it does not find .bash_profile, it looks for .bash_login. If it doesn't find that, it looks for .profile. System-wide functions and aliases go in /etc/bashrc and default environment variables go in /etc/profile.
- .bashrc - initialization command run when bash shell starts up as a non-login shell
- .cshrc - initialization commands that are run automatically (like autoexec.bat) when C shell is initiated
- .emacs - configuration file for emacs editor
- .fvwmrc - configuration file for fvwm window manager
- .fvwm2rc - configuration file for fvwm2 window manager
- .jedrc - configuration file for the jed text editor
- .lessrc - typically contains key bindings for cursor movement with the less command
- .login - initialization file when user logs in
- .logout - commands run when user logs out
- .wm_style - gives choice of default window manager if one is not specified in startx
- .Xdefaults - sets up X resources for individual user. The behavior of many different application programs can be changed by modifying this file.
- .xinitrc - initialization file when running startx. Can be used to activate applications, run a given window manager, and modify the appearance of the root window.
- .xsession - configuration file for xdm
Different distributions have different directory structures, despite attempts at standardization such as the Linux Filesystem Hierarchy Standard (FHS) organization.
- /bin - essential UNIX commands such as ls, etc. Should contain all binaries needed to boot the system or run it in single-user mode
- /boot - files used during booting and possibly the kernel itself are stored here
- /dev - contains device files for various devices on system
- /etc - files used by subsystems such as networking, NFS, and mail. Includes tables of disks to mount, processes to run on startup, etc.
- /etc/profile.d - contains scripts that are run by /etc/profile upon login.
- /etc/rc.d - contains a number of shell scripts that are run on bootup at different run levels. There is also typically an rc.inet1 script to set up networking (in Slackwar), an rc.modules script to load modular device drivers, and an rc.local script that can be edited to run commands desired by the administrator, along the lines of autoexec.bat in DOS.
- /etc/rc.d/init.d - contains most of the initialization scripts themselves on an rpm-based system.
- /etc/rc.d/rc*.d - where ``*'' is a number corresponding to the default run level. Contains files for services to be started and stopped at that run level. On rpm-based systems, these files are symbolic links to the initialization scripts themselves, which are in /etc/rc.d/init.d.
- /etc/skel - directory containing several example or skeleton initialization shells. Often contains subdirectories and files used to populate a new user's home directory.
- /etc/X11 - configuration files for the X Window system
- /home - home directories of individual users
- /lib - standard shared library files
- /lib/modules - modular device driver files, most with .o extensions
- /mnt - typical mount point for many user-mountable devices such as floppy drives, cd-rom readers, etc. Each device is mounted on a subdirectory of /mnt.
- /proc - virtual file system that provides a number of system statistics
- /root - home directory for root
- /sbin - location of binaries used for system administration, configuration, and monitoring
- /tmp - directory specifically designed for programs and users to store temporary files.
- /usr - directory containing a number of subdirectory with programs, libraries, documentation, etc.
- /usr/bin - contains most user commands. Should not contain binaries necessary for booting the system, which go in /bin. The /bin directory is generally located on the same disk partition as /, which is mounted in read-only mode during the boot process. Other filesystems are only mounted at a later stage during startup, so putting binaries essential for boot here is not a good idea.
- /usr/bin/X11 - most often a symbolic link to /usr/X11R6/bin, which contains executable binaries related to the X Window system
- /usr/doc - location of miscellaneous documentation, and the main location of program documentation files under Slackware
- /usr/include - standard location of include files used in C programs such as stdio.h
- /usr/info - primary location of the GNU info system files
- /usr/lib - standard library files such as libc.a. Searched by the linker when programs are compiled.
- /usr/lib/X11 - X Window system distribution
- /usr/local/bin - yet another place to look for comon executables
- /usr/man - location of manual page files
- /usr/sbin - other commands used by superuser for system administration
- /usr/share - contains subdirectories where many installed programs have configuration, setup and auxiliary files
- /usr/share/doc - location of program documentation files under Mandrake and Red Hat
- /usr/src - location of source programs used to build system. Source code for programs of all types are often unpacked in this directory.
- /usr/src/linux - often a symbolic link to a subdirectory whose name corresponds to the exact version of the Linux kernel that is running. Contains the kernel sources.
- /var - administrative files such as log files, used by various utilities
- /var/log/packages - contains files, each of which has detailed information on an installed package in Slackware. The same file can also be found at /var/adm/packages, since the adm subdirectory is a symbolic link to log. Each package file contains a short description plus a list of all installed files.
- /var/log/scripts - package installation scripts in Slackware are stored here. You can inspect these scripts to see what special features are included in individual packages.
- /var/spool - temporary storage for files being printed, mail that has not yet been picked up, etc.
External link: Modified Directory Structure