Rha130 Workbook 03 Student 5.0 0 Linux File System Management

Workbook 3.
Linux Filesystem
Management
Workbook 3. Linux Filesystem Management
Table of Contents
1. Disk Recognition and Partitioning .......................................................................................................6
Discussion ..........................................................................................................................................6
Disk Partitions ..........................................................................................................................6
Partitioning with fdisk..............................................................................................................9
Viewing Partitions in /proc/partitions...........................................................................18
Examples..........................................................................................................................................18
Partitioning a New Drive ........................................................................................................18
Online Exercises...............................................................................................................................21
Specification ...........................................................................................................................22
Deliverables ............................................................................................................................22
Questions..........................................................................................................................................22
2. Creating and Managing Filesystems ..................................................................................................26
Discussion ........................................................................................................................................26
Filesystems .............................................................................................................................26
Linux Filesystems...................................................................................................................27
Creating Filesystems ..............................................................................................................28
Creating ext2 Filesystems: mke2fs ........................................................................................28
Examining Filesystems with dumpe2fs.................................................................................30
Filesystem Features ................................................................................................................32
The ext3 Journaling Filesystem..............................................................................................33
Examples..........................................................................................................................................34
Creating an ext2 Filesystem ...................................................................................................34
Creating a vfat Filesystem ......................................................................................................36
Creating an ext3 Filesystem ...................................................................................................36
Specification ...........................................................................................................................37
Deliverables ............................................................................................................................37
Questions..........................................................................................................................................38
3. Mounting Filesystems..........................................................................................................................42
Discussion ........................................................................................................................................42
Mounting Filesystems ............................................................................................................42
Mounting Filesystems with the mount Command.................................................................50
Unmounting Filesystems with the umount Command ..........................................................52
Remounting Partitions with mount -o remount....................................................................53
Examples..........................................................................................................................................53
Creating Mount Points............................................................................................................53
Specification ...........................................................................................................................54
Deliverables ............................................................................................................................54
Questions..........................................................................................................................................55
iii
4. The /etc/fstab File...........................................................................................................................59
Discussion ........................................................................................................................................59
The /etc/fstab File Syntax................................................................................................59
Mount Options Relevant to the /etc/fstab File .................................................................60
Specifying Devices by Filesystem Label................................................................................61
Using Filesystem Labels on the Mount Command Line ........................................................61
Adding Lines to the /etc/fstab File ..................................................................................62
Examples..........................................................................................................................................62
Defining Mount Points in the /etc/fstab File....................................................................62
Specification ...........................................................................................................................64
Deliverables ............................................................................................................................64
Questions..........................................................................................................................................64
5. Managing Swap Space.........................................................................................................................68
Discussion ........................................................................................................................................68
Swap Space.............................................................................................................................68
Monitoring Swap Partitions: /proc/swaps and /proc/meminfo ......................................68
Initializing Swap Space with mkswap...................................................................................69
Activating Swap Space with swapon .....................................................................................69
Deactivating Swap Areas with swapoff .................................................................................70
Predefining Swap Areas in the /etc/fstab File..................................................................70
Examples..........................................................................................................................................70
Initializing Swap Partitions ....................................................................................................70
Using Swap Files ....................................................................................................................71
Specification ...........................................................................................................................72
Deliverables ............................................................................................................................72
Questions..........................................................................................................................................72
6. Miscellaneous Filesystem Management Commands ........................................................................75
Discussion ........................................................................................................................................75
The e2label Command ...........................................................................................................75
File System Repair with fsck .................................................................................................75
The tune2fs Command...........................................................................................................76
Review: Adding a New Disk ..................................................................................................77
Examples..........................................................................................................................................78
Converting an ext2 filesystem to ext3.....................................................................................78
Specification ...........................................................................................................................79
Deliverables ............................................................................................................................79
Questions..........................................................................................................................................79
7. SELinux: Secure Linux .......................................................................................................................83
Discussion ........................................................................................................................................83
Introduction to SELinux ("Secure Linux").............................................................................83
The targeted SELinux Policy .................................................................................................84
Enabling SELinux: /etc/sysconfig/selinux, setenforce, and getenforce ...................84
Viewing SELinux contexts: ps -Z and ls -Z...........................................................................86
rha130-5.0-0-en-2007-12-13T13:35:30-0500
Copyright (c) 2003-2007 Red Hat, Inc. All rights reserved. For use only by a student enrolled in a Red Hat Academy course taught at a Red Hat
iv
Academy. Any other use is a violation of U.S. and international copyrights. No part of this publication may be photocopied, duplicated,
stored in a retrieval system, or otherwise duplicated whether in electronic or print format without prior written consent of Red Hat, Inc.
If you believe Red Hat course materials are being used, copied, or otherwise improperly distributed please email training@redhat.com
or phone toll-free (USA) +1 866 626 2994 or +1 (919) 754 3700.
Monitoring SELinux violations: sealert and /var/log/messages ....................................87
Changing the SELinux Context of a File: chcon ...................................................................88
Restoring the SELinux Context of a File: restorecon............................................................89
Managing SELinux Booleans: getsebool and setsebool........................................................89
Administering SELinux with system-config-selinux ............................................................90
Examples..........................................................................................................................................91
Changing the SELinux Context of a File ...............................................................................91
Specification ...........................................................................................................................94
Deliverables ............................................................................................................................94
Clean Up .................................................................................................................................95
Questions..........................................................................................................................................95
rha130-5.0-0-en-2007-12-13T13:35:30-0500
Copyright (c) 2003-2007 Red Hat, Inc. All rights reserved. For use only by a student enrolled in a Red Hat Academy course taught at a Red Hat Academy. Any other use is a violation
v
of U.S. and international copyrights. No part of this publication may be photocopied, duplicated, stored in a retrieval system, or otherwise duplicated whether in electronic or print
format without prior written consent of Red Hat, Inc. If you believe Red Hat course materials are being used, copied, or otherwise improperly distributed please email
training@redhat.com or phone toll-free (USA) +1 866 626 2994 or +1 (919) 754 3700.
Chapter 1. Disk Recognition and Partitioning
Key Concepts
• The fdisk utility is used to display and edit partition tables.
• Disks may have up to 4 primary partitions.
• One primary partition may be used a an extended partition.
• The extended partition is then used as a container for holding multiple logical partitions.
• Every partition has an associated label which identifies how the partition is intended to be used.
Discussion
The Linux Operating System treat disks as a large array of bytes, which can be divided and structured to
serve a variety of needs. This Workbook teaches the skills that allow administrators to configure and
structure disks to their needs.
Disk Partitions
Like most modern operating systems, Linux allows disks to be divided into multiple partitions, where
each partition is effectively treated as a separate disk. The process of creating partitions is referred to as
partitioning a disk.
How Linux Refers to Partitions

The Linux kernel refers to individual partitions through distinct device nodes, where the name of the
node is derived by appending the partition number to the name of the disk. For example, the first
partition on the drive /dev/hda is referred to as /dev/hda1, while the seventh partition on the drive
/dev/sdc would be referred to as /dev/sdc7.
DOS Partitioning Oddities

Different operating systems have established different conventions for recording a disk’s partitioning
information. Because Linux has historically inter-operated with DOS based operating systems, the most
commonly encountered partitioning scheme is DOS partitioning. The DOS partitioning format was
derived in days when a 200 megabyte hard disk was considered large and the number of necessary
partitions on a disk was small, the implications of which will soon be discovered.
6
Figure 1-1. A Sample Partitioning of the Drive /dev/hda
rha130-5.0-0-en-2007-12-13T13:35:30-0500 7
Copyright (c) 2003-2007 Red Hat, Inc. All rights reserved. For use only by a student enrolled in a Red Hat Academy course taught at a Red Hat Academy. Any other
use is a violation of U.S. and international copyrights. No part of this publication may be photocopied, duplicated, stored in a retrieval system, or otherwise
duplicated whether in electronic or print format without prior written consent of Red Hat, Inc. If you believe Red Hat course materials are being used, copied, or
otherwise improperly distributed please email training@redhat.com or phone toll-free (USA) +1 866 626 2994 or +1 (919) 754 3700.
The above figure diagrams a disk partitioned using DOS partitioning, including the features outlined
below.
The Master Boot Record (MBR)

The first block (512 bytes) of every disk is reserved for the Master Boot Record, or MBR. (The size of
the MBR in the above figure is greatly out of proportion.) The MBR contains the following items.
• Bootloader: On bootable disks, a low level executable referred to as a bootloader resides in the MBR.
When booting, BIOS passes control to the bootloader, which is then responsible for loading and
passing control to the appropriate operating system. The bootloader will be discussed in more detail in
a later Workbook.
• Partition Table: On every disk, 64 bytes of the Master Boot Record is reserved for the disk’s partition
table. This small amount of space records information for up to 4 partitions, referred to as primary
partitions. For each partition, a starting location, an ending location, and a partition type is recorded.
Primary Partitions
Each disk can be divided into up to four primary partitions, whose properties are recorded in the partition
table located in the MBR. Linux always uses partition numbers 1 through 4 to refer to primary partitions.
In the above diagram, the first primary partition, /dev/hda1, is a FAT filesystem for Windows operating
system. The second primary partition, /dev/hda2, is a swap partition which Linux uses to implement
virtual memory. The third partition, /dev/hda3, is an ext3 filesystem which contains a Linux /boot
partition.
The Extended Partition

With the three partitions mentioned above, we are already about to use up the four allowed primary
partitions. As a way to work around this limitation, an awkward structure was created, referred to as the
extended partition. DOS partitioning allows any one primary partition to be used as the extended
partition. The extended partition is used as a container for storing more partitions, referred to as logical
partitions. Once a primary partition is used as the extended partition, it may not be used for any other
purpose.
An extended partition is optional. If four partitions serve the partitioning needs for a particular disk, then
no extended partition is required. In theory, any of the four primary partitions may be used as the
extended partition. In practice, the first three primary partitions are generally created as needed, and the
remainder of the disk is devoted to a fourth primary partition used as the extended partition. This strategy
was implemented in the figure above, where /dev/hda4 serves as the extended partition.
Logical Partitions
Within the extended partition, multiple logical partitions may be created. The partitioning information
for logical partitions is maintained as a linked list, so in theory, there is no limit to the number of logical
partitions which may be created. In practice, device drivers impose limitations. There may be no more
than 63 IDE partitions, and no more than 15 SCSI partitions. Linux always begins counting the first
logical partition as partition number 5, even if not all 4 primary partitions are used.
rha130-5.0-0-en-2007-12-13T13:35:30-0500 8
In the above figure, 4 logical partitions (/dev/hda5, /dev/hda6, /dev/hda7and /dev/hda8) contain
ext3 filesystems for the /, /home, /var, and pub partitions, respectively.
Partitioning with fdisk

The most commonly used tool in Red Hat Enterprise Linux for partitioning disks is fdisk. The command
line utility is intentionally kept simple and unpretentious, so that it can be used in minimal environments
such as a rescue shell. As standard users do not have permission to read (and certainly not modify) disks
directly through their device node, the fdisk utility can only usefully be used as the root user.
Using fdisk to List Partitions

Perhaps the simplest use of fdisk is to display known partitions. With the -l command line switch, fdisk
will list partition tables for all known disks. In the following example, fdisk -l generates a partition table
of the two attached hard disks on the system, /dev/hda and /dev/hdb. The output of this single
command has been broken into two listings, in order to allow us to focus on each disk individually.
[root@station root]# fdisk -l
Disk /dev/hda: 120.0 GB, 120034123776 bytes ➊

240 heads, 63 sectors/track, 15505 cylinders ➋
Units = cylinders of 15120 * 512 = 7741440 bytes ➌
Device Boot Start End Blocks Id System ➍

/dev/hda1 1 540 4082368+ b Win95 FAT32
/dev/hda2 * 541 3249 20480040 7 HPFS/NTFS
/dev/hda3 3250 ➎3926 5118120 83 Linux
We now attempt to make sense of the reported structure of the first disk.
➊ The first disk is 120 gigabytes in size.

➋ This line displays the drive’s geometry, or how the drive is internally structured. The important
parameter is cylinders, because fdisk forces partitions to begin and end on cylinder boundaries. A
cylinder is composed of multiple heads, which are in turn composed of multiple blocks of 512 bytes
each. Doing the math, on this disk each cylinder contains (512 bytes/head) * (240 heads/sector) *
(63 sectors/cylinder) = 7741440 bytes/cylinder, or about 7.5 megabytes per cylinder.
➌ We really didn’t have to do all of that math, fdisk did it for us.
➍ Here we find the actual partition table. This disk has only three partitions, each as a primary
partition. (How do we know this? For starters, the partition numbers are less then or equal to 4).
Each line gives the device name, the starting and ending cylinder, the size of the partition, and the
partition type. We will further discuss interpreting these lines below.
➎ The last partition ends on cylinder 3926, while we know from the line listing the disk geometry
(labeled "2" above) that the disk has 15505 cylinders. We can estimate that the disk has about
(15505 - 3926 cylinders) * (7.5 megabytes/cylinder) = 87 gigabytes of space left unallocated.
rha130-5.0-0-en-2007-12-13T13:35:30-0500 9
Copyright (c) 2003-2007 Red Hat, Inc. All rights reserved. For use only by a student enrolled in a Red Hat Academy course taught at a Red Hat Academy. Any other use is
a violation of U.S. and international copyrights. No part of this publication may be photocopied, duplicated, stored in a retrieval system, or otherwise duplicated whether
in electronic or print format without prior written consent of Red Hat, Inc. If you believe Red Hat course materials are being used, copied, or otherwise improperly distributed
please email training@redhat.com or phone toll-free (USA) +1 866 626 2994 or +1 (919) 754 3700.
Next, we focus on the second disk, /dev/hdb.
Disk /dev/hdb: 80.0 GB, 80026361856 bytes ➊

255 heads, 63 sectors/track, 9729 cylinders ➋
Units = cylinders of 16065 * 512 = 8225280 bytes ➌
Device Boot Start End Blocks Id System

/dev/hdb1 * 1 9 72261 83 Linux ➍
/dev/hdb2 10 270 2096482+ 82 Linux swap
/dev/hdb3 271 1302 8289540 83 Linux
/dev/hdb4 1303 9729 67689877+ f Win95 Ext’d (LBA) ➎
/dev/hdb5 1303 5127 30724281 83 Linux ➏
/dev/hdb6 5128 6171 8385898+ 83 Linux
/dev/hdb7 6172 ➐9729 28579603+ 83 Linux
We now perform a similar analysis on the second disk.
➊ The second disk is 80 gigabytes in size.

➋ Now that we know that fdisk does the work for us, we only focus on the number of cylinders, in this
case 9729...
➌ ... where each cylinder is a little over 8 megabytes in size.
➍ This disk has allocated all four primary partitions.
➎ The fourth primary partition is being used as the extended partition, ending on the disk’s last
cylinder (9729).
➏ The remaining partitions are logical partitions. Notice that their cylinder boundaries fall inside the
bounds of the extended partition (i.e., between cylinder numbers 1303 and 9729 inclusively).
➐ The end of the last logical partition (cylinder 9729) coincides with the end of the extended partition,
which coincides with the end of the disk. There is no more space left on the drive.
Focusing on a Single Line of fdisk ’s Partition Table

In order to discuss a single line in detail, we list again the partition table for the disk /dev/hda.
Disk /dev/hda: 120.0 GB, 120034123776 bytes

240 heads, 63 sectors/track, 15505 cylinders
Units = cylinders of 15120 * 512 = 7741440 bytes

/dev/hda1 1 540 4082368+ b Win95 FAT32
/dev/hda2 * 541 3249 20480040 7 HPFS/NTFS
/dev/hda3 3250 3926 5118120 83 Linux
Each line of the partition contains the following seven columns.
Table 1-1. Column Definitions for fdisk
Column Function
rha130-5.0-0-en-2007-12-13T13:35:30-0500
Copyright (c) 2003-2007 Red Hat, Inc. All rights reserved. For use only by a student enrolled in a Red Hat Academy course taught at a Red Hat Academy. Any other use is a violation 10
Column Function
Device The device node which references the partition, commonly used as the
"name" of the partition.
Boot Identifies the "bootable" partition. On each disk, one of the primary
partitions may be labeled "bootable". Although not used by Linux (it is used
by the MS/DOS bootloader), fdisk does report and allow the user to set the
bootable partition.
Start and End The starting and ending cylinder of the partition.
Blocks The size of the partition, in "blocks" of 1024 bytes (i.e, 1k). Usually, this is
redundant (albeit convenient) information, as it can be calculated from
cylinder boundaries. For example, for the partition /dev/hda2, multiplying
the number of cylinders by the number of kilobytes per cylinder yields
20480040 exactly.
Sometimes, especially when examining disks partitioned by some utility
other than fdisk, cylinders do not fall exactly on cylinder boundaries. For
example, when performing similar math on the first partition (/dev/hda1),
the reported number of bytes is exactly 32 kilobytes short. In such
situations, fdisk flags the reported number of blocks with an appended “+”.
Id A 2 digit hexadecimal number representing the partition’s type Id.

System A text name for the partition type, as defined by the Id.
Partition Labels
As seen in the above table, the partition table includes a one byte identifier that is used to assign the
partition’s "Id" (sometimes referred to as the partition’s "type", or the partition’s "label"). The Id is used
to identify the role for the partition: is it to be used as swap space, an ext3 filesystem, a FAT filesystem,
part of Linux Volume Management, or an extended partition?
Many different operating systems follow the same partition Id naming conventions. The following table
lists partition types which occur commonly within Linux, in approximate order of how commonly they
occur.
Table 1-2. Partition Id’s Relevant to Linux
Id Label Role
83 Linux A Linux ext2 or ext3 filesystem
82 Linux Swap A Linux swap (virtual memory) partition
8e Linux LVM A Linux logical volume management physical
volume
fd Linux raid auto A Linux software RAID partition
In Linux, partition Ids are often cosmetic. A partition labeled Linux may be initialized and used for swap
space, while a partition labeled Linux Swap may be used as an ext2 filesystem. Some Ids, however, are
significant to the Linux kernel (for instance, Linux raid auto), and many are significant to other operating
systems which might be sharing the same disk. Good practice suggests that each partition’s Id should
rha130-5.0-0-en-2007-12-13T13:35:30-0500 11
reflect its intended use.
Using fdisk to Edit a Partition Table
Starting fdisk and Using the Command Menu

When using fdisk to edit a partition table, the fdisk command should be called with a single argument:
the device node of the disk to be edited.
[root@station root]# fdisk /dev/hda
The number of cylinders for this disk is set to 15505.

There is nothing wrong with that, but this is larger than 1024,
and could in certain setups cause problems with:
1) software that runs at boot time (e.g., old versions of LILO)
2) booting and partitioning software from other OSes
(e.g., DOS FDISK, OS/2 FDISK)
Command (m for help):
As fdisk starts, it issues a warning that the disk exceeds 1024 cylinders. Some older BIOS’s are limited
to only accessing the first 1024 cylinders, a topic covered in a later Workbook. Usually, this warning can
be safely ignored. Next, fdisk waits patiently to be told what to do next.
Note: One of the most common mistakes by new users is to invoke fdisk with the name of a
partition, instead of a disk . For example, fdisk /dev/hda3 would cause fdisk to exit with an error.
Partitions do not have partition tables to edit; disks do.
In interactive (editing) mode, fdisk expects to be driven with single letter commands. The command “m”
displays a list of possible commands.
Command (m for help): m

Command action
a toggle a bootable flag
b edit bsd disklabel
c toggle the dos compatibility flag
d delete a partition
l list known partition types
m print this menu
n add a new partition
o create a new empty DOS partition table
p print the partition table
q quit without saving changes
s create a new empty Sun disklabel
t change a partition’s system id
u change display/entry units
v verify the partition table
w write table to disk and exit
x extra functionality (experts only)
rha130-5.0-0-en-2007-12-13T13:35:30-0500 12
Fortunately, most users can survive using a small subset of these commands.
Table 1-3. Commonly Used fdisk Commands
Command Function
m list command (m)enu
p (p)rint partition table
n create (n)ew partition
d (d)elete partition
t change partition (t)ype (Id)
q (q)uit without saving changes
w (w)rite changes and exit
Often, a user’s first action is orient themselves by using the “p” command to print the current partition
table.
Command (m for help): p


/dev/hda1 1 540 4082368+ b Win95 FAT32
/dev/hda2 * 541 3249 20480040 7 HPFS/NTFS
/dev/hda3 3250 3926 5118120 83 Linux
We see again the partition table for the disk /dev/hda, with three primary partitions and over 80
gigabytes of free space.
Adding a Partition
In our discussion, we assume that the administrator wants to create two new partitions. The first will be
used as a 512 megabyte swap space, and the second will be used as a 1024 megabyte ext3 filesystem.
The “n” command is used to create a new partition.
Command (m for help): n

Command action
e extended
p primary partition (1-4)
The next question depends on the state of the drive. If no extended partitions exist (our case), fdisk asks
if the new partition should be the extended partition, or a (normal) primary partition. If an extended
partition does exist, fdisk asks if the new partition should be logical or primary. If all primary partitions
are used, fdisk just doesn’t ask.
rha130-5.0-0-en-2007-12-13T13:35:30-0500 13
Because three primary partitions already exist, and our administrator wants to create 2 new partitions,
she must first create an extended partition to hold them. She answers “e”. Next, fdisk prompts for the
starting cylinder number for the partition. Our administrator just presses RETURN, accepting the
suggested default 3927 (the first available cylinder).
Selected partition 4
First cylinder (3927-15505, default 3927): RETURN
Next, fdisk asks for the ending cylinder number.
Using default value 3927

Last cylinder or +size or +sizeM or +sizeK (3927-15505, default 15505):
Four different formats can be used when specifying the ending cylinder.
Format Interpretation
n Use ending cylinder n.
+n Use starting cylinder incremented by n cylinders.
+n M Use starting cylinder incremented by n megabytes. (A trailing K implies
kilobytes).
RETURN Use the suggested default, which is chosen to make the resulting partition as
large as possible.
Because the extended partition is a primary partition, it will be the fourth (and thus last) primary partition
on the disk. Since any disk space not included in the extended partition will become inaccessible, there is
no reason not to use the suggested cylinder (which is the last cylinder on the disk).
Our administrator does so, and then prints the new partition table.


/dev/hda1 1 540 4082368+ b Win95 FAT32
/dev/hda2 * 541 3249 20480040 7 HPFS/NTFS
/dev/hda3 3250 3926 5118120 83 Linux
/dev/hda4 3927 15505 87537240 5 Extended ➊
➊ The newly added extended partition, which spans the rest of the drive.
Happy with the results, she next proceeds to add a new 512 megabyte partition. Because all four primary
partitions are now used, fdisk does not prompt for the partition type. A logical partition is the only type
available.
rha130-5.0-0-en-2007-12-13T13:35:30-0500 14
First cylinder (3927-15505, default 3927): RETURN ➊

Last cylinder or +size or +sizeM or +sizeK (3927-15505, default 15505): +512M ➋


/dev/hda1 1 540 4082368+ b Win95 FAT32
/dev/hda2 * 541 3249 20480040 7 HPFS/NTFS
/dev/hda3 3250 3926 5118120 83 Linux
/dev/hda4 3927 15505 87537240 5 Extended
/dev/hda5 3927 3993 506488+ 83 Linux ➌
➊ By simply pressing RETURN, the default starting cylinder is accepted.

➋ The syntax +512M specifies that the partition should be 512 megabytes in size (or as close as
possible).
➌ The newly added logical partition.
Even though she asked for a 512 megabyte partition, the resulting partition is closer to 506 megabytes.
Because partitions must fall on cylinder boundaries, and (for this drive) a cylinder is about 7.5 megabytes
in size, fdisk did the best it could.
Changing a Partition’s Label

By default, when fdisk adds a partition, the partition Id is set to "Linux" (appropriate for a partition that
will contain an ext2 or ext3 filesystem). Because she plans to use the partition for swap space, she would
like to set the partition Id appropriately. She uses the “t” command to set the partitions type, and
specifies the appropriate partition. Taking advantage of the ability to list all known labels, she locates the
appropriate "Linux swap" label, and its associated hex code, “82”.
Command (m for help): t

Partition number (1-5): 5
Hex code (type L to list codes): L
0 Empty 1c Hidden Win95 FA 70 DiskSecure Mult bb Boot Wizard hid

1 FAT12 1e Hidden Win95 FA 75 PC/IX be Solaris boot
2 XENIX root 24 NEC DOS 80 Old Minix c1 DRDOS/sec (FAT-
3 XENIX usr 39 Plan 9 81 Minix / old Lin c4 DRDOS/sec (FAT-
4 FAT16 <32M 3c PartitionMagic 82 Linux swap c6 DRDOS/sec (FAT-
5 Extended 40 Venix 80286 83 Linux c7 Syrinx
6 FAT16 41 PPC PReP Boot 84 OS/2 hidden C: da Non-FS data
7 HPFS/NTFS 42 SFS 85 Linux extended db CP/M / CTOS / .
rha130-5.0-0-en-2007-12-13T13:35:30-0500 15
8 AIX 4d QNX4.x 86 NTFS volume set de Dell Utility

9 AIX bootable 4e QNX4.x 2nd part 87 NTFS volume set df BootIt
a OS/2 Boot Manag 4f QNX4.x 3rd part 8e Linux LVM e1 DOS access
b Win95 FAT32 50 OnTrack DM 93 Amoeba e3 DOS R/O
c Win95 FAT32 (LB 51 OnTrack DM6 Aux 94 Amoeba BBT e4 SpeedStor
e Win95 FAT16 (LB 52 CP/M 9f BSD/OS eb BeOS fs
f Win95 Ext’d (LB 53 OnTrack DM6 Aux a0 IBM Thinkpad hi ee EFI GPT
10 OPUS 54 OnTrackDM6 a5 FreeBSD ef EFI (FAT-12/16/
11 Hidden FAT12 55 EZ-Drive a6 OpenBSD f0 Linux/PA-RISC b
12 Compaq diagnost 56 Golden Bow a7 NeXTSTEP f1 SpeedStor
14 Hidden FAT16 <3 5c Priam Edisk a8 Darwin UFS f4 SpeedStor
16 Hidden FAT16 61 SpeedStor a9 NetBSD f2 DOS secondary
17 Hidden HPFS/NTF 63 GNU HURD or Sys ab Darwin boot fd Linux raid auto
18 AST SmartSleep 64 Novell Netware b7 BSDI fs fe LANstep
1b Hidden Win95 FA 65 Novell Netware b8 BSDI swap ff BBT
Hex code (type L to list codes): 82
Changed system type of partition 5 to 82 (Linux swap)


/dev/hda1 1 540 4082368+ b Win95 FAT32
/dev/hda2 * 541 3249 20480040 7 HPFS/NTFS
/dev/hda3 3250 3926 5118120 83 Linux
/dev/hda4 3927 15505 87537240 5 Extended
/dev/hda5 3927 3993 506488+ 82 Linux swap ➊
➊ The partition label, which was "Linux", has changed to "Linux swap".
Adding a Second Partition

The administrator now proceeds to add the second partition.

Last cylinder or +size or +sizeM or +sizeK (3994-15505, default 15505): +1024M


/dev/hda1 1 540 4082368+ b Win95 FAT32
rha130-5.0-0-en-2007-12-13T13:35:30-0500 16
/dev/hda2 * 541 3249 20480040 7 HPFS/NTFS

/dev/hda3 3250 3926 5118120 83 Linux
/dev/hda4 3927 15505 87537240 5 Extended
/dev/hda5 3927 3993 506488+ 82 Linux swap
/dev/hda6 3994 4126 1005448+ 83 Linux ➊
➊ The newly added partition.
Deleting a Partition
Were the administrator to make a mistake, or needed to remove a partition to create more room, deleting
a partition is straightforward, and would look like the following.
Command (m for help): d

There are only a couple of details to note.
1. If an extended partition is deleted, all logical partitions that it contains are deleted as well.
2. Because the partitioning information for logical partitions is maintained as a linked list, they must be
numbered consecutively. If partition number 5 of 7 is deleted, partitions 6 and 7 will become
partitions 5 and 6. (This is not the case for primary partitions.)
Exiting fdisk
When finished, there are two ways to exit fdisk. First, the “q” command can be used to "quit" fdisk,
abandoning any changes. The fdisk utility does not write any changes until specifically instructed to, so
users may safely quit at any time.
With the “w” command, fdisk will "write" changes and exit. This is the normal way to exit fdisk,
implementing any specified edits.
Command (m for help): w

The partition table has been altered!
Calling ioctl() to re-read partition table.
WARNING: Re-reading the partition table failed with error 16: Device or resource busy.
The kernel still uses the old table.
The new table will be used at the next reboot.
Syncing disks.
While exiting, fdisk warns that the changes will not take effect until the next reboot. This is a fib.
Rebooting will cause the change to take affect, but so will running a relatively newer called partprobe.
The administrator runs partprobe, so the kernel will reread the partition table and implement the
changes.
rha130-5.0-0-en-2007-12-13T13:35:30-0500 17
[root@station root]# partprobe
Viewing Partitions in /proc/partitions

As an alternative to fdisk -l (which only root has permissions to perform), the proc filesystem file
/proc/partitions lists all known partitions, as well as sizes (in blocks of 1024 bytes) and activity
statistics.
[root@station root]# cat /proc/partitions

major minor #blocks name
3 0 117220824 hda
3 1 4082368 hda1
3 2 20480040 hda2
3 3 5118120 hda3
3 64 78150744 hdb
3 65 72261 hdb1
3 66 2096482 hdb2
3 67 8289540 hdb3
3 69 30724281 hdb5
3 70 8385898 hdb6
3 71 28579603 hdb7
Notice the prominence of the major and minor number of each partition (and disk) in the output. The
Linux kernel internally identifies a partition by the major and minor number associated with its device
driver, not by the name of the device node, a fact that is often observed in kernel level error messages.
Examples
Partitioning a New Drive

In this example, we look over the shoulders of the user prince, who has just attached a new disk to his
machine. He would like to divide his new disk into the following partitions.
Number Size Purpose

1 128 megs swap space
2 512 megs ext2 filesystem
3 512 megs vfat filesystem
4 1024 megs ext3 filesystem
Upon first booting the machine, after the new drive has been connected, prince skims the kernel boot
messages for evidence of the newly detected drive. Unfortunately, the kernel is too fast for his monitor,
which does not power up to full strength until after the messages have past.
rha130-5.0-0-en-2007-12-13T13:35:30-0500 18
Once the system has booted, prince skims the /var/log/dmesg file, where he finds the following lines.
...
hda: Maxtor 51536H2, ATA DISK drive
hdb: ST310212A, ATA DISK drive
blk: queue c03cdfe0, I/O limit 4095Mb (mask 0xffffffff)
blk: queue c03ce124, I/O limit 4095Mb (mask 0xffffffff)
hdc: LTN485, ATAPI CD/DVD-ROM drive
ide0 at 0x1f0-0x1f7,0x3f6 on irq 14
ide1 at 0x170-0x177,0x376 on irq 15
hda: attached ide-disk driver.
hda: host protected area => 1
hda: 29336832 sectors (15020 MB) w/2048KiB Cache, CHS=1940/240/63, UDMA(66)
hdb: attached ide-disk driver.
hdb: host protected area => 1
hdb: 20005650 sectors (10243 MB) w/512KiB Cache, CHS=1323/240/63, UDMA(66)
ide-floppy driver 0.99.newide
...
Convinced that his new drive is being detected correctly, he begins partitioning the drive with the fdisk
command. He first prints the partition table with the “p” command.
[root@station root]$ fdisk /dev/hdb
The number of cylinders for this disk is set to 1323.

There is nothing wrong with that, but this is larger than 1024,
and could in certain setups cause problems with:
1) software that runs at boot time (e.g., old versions of LILO)
2) booting and partitioning software from other OSs
(e.g., DOS FDISK, OS/2 FDISK)
Disk /dev/hdb: 10.2 GB, 10242892800 bytes

As expected, the partition table is empty. As he proceeds to add his first partition, the only really
interesting interaction is when he specifies the partition’s size, using +128M.

Command action
e extended
p
rha130-5.0-0-en-2007-12-13T13:35:30-0500 19


/dev/hdb1 1 18 136048+ 83 Linux
Because the partition is going to be used as swap space, prince changes the partition’s label to the
appropriate code for Linux Swap.
Command (m for help): t

Hex code (type L to list codes): 82
Changed system type of partition 1 to 82 (Linux swap)
The next two partitions are then added in a straightforward manner.

Command action
e extended
p

Command action
e extended
p


/dev/hdb2 19 85 506520 83 Linux
/dev/hdb3 86 152 506520 83 Linux
rha130-5.0-0-en-2007-12-13T13:35:30-0500 20
Although prince only wants to add one more partition now, he will leave unallocated space on the drive.
If he were to use his last primary partition for the filesystem, he would no longer be able to make an
extended partition, and the remaining space would be wasted. Instead, prince creates an extended
partition to span the rest of the drive, and then adds his new partition as a logical partition within it.

Command action
e extended
e
Last cylinder or +size or +sizeM or +sizeK (153-1323, default 1323): RETURN



/dev/hdb2 19 85 506520 83 Linux
/dev/hdb3 86 152 506520 83 Linux
/dev/hdb4 153 1323 8852760 5 Extended
/dev/hdb5 153 285 1005448+ 83 Linux
Happy with his work, he writes and exits.
Command (m for help): w

The partition table has been altered!
Calling ioctl() to re-read partition table.

Syncing disks.
rha130-5.0-0-en-2007-12-13T13:35:30-0500 21
Online Exercises
Lab Exercise
Objective: Use fdisk to add new partitions.
Estimated Time: 10 mins.
Specification
In this lab, you will add two small partitions to a disk on your computer.
1. Use the fdisk -l command to confirm that your machine has at least 256 megabytes of unallocated
space. If your machine has multiple hard drives, the space must exist all on one drive. Create the file
~/lab3.1/disk, which contains the name of the disk you will use for this lab, as an absolute
reference. For example, if the disk you will use is /dev/hda, the file should contain the single word
/dev/hda.
2. Use the fdisk command to edit the drive’s partition table. Note that you will have to use your root
account. Add two new partitions, each 128 megabytes in size (or nearly so). Set the partition Id of
the first newly added partition to Linux Swap. The partition Id of the second newly added partition
should remain Linux. The two new partitions should be the last two partitions on the drive. Exit
fdisk, saving changes.
3. If necessary, reboot your machine in order for the new partitions to be recognized by the kernel
before grading your lab.
Deliverables
1. The file ~/lab3.1/disk, which contains the name of the drive you used for this lab, as an absolute reference.
The drive name should be the only word in the file.
2. The next to the last partition on the specified drive should be (nearly) 128 megabytes in size, and have a
partition Id of Linux Swap.
3. The last partition on the specified drive should be (nearly) 128 megabytes in size, and have a partition Id of
Linux.
Questions
Use the output from the following command to answer the next question.
rha130-5.0-0-en-2007-12-13T13:35:30-0500 22
Copyright (c) 2003-2007 Red Hat, Inc. All rights reserved. For use only by a student enrolled in a Red Hat Academy course taught at a Red Hat Academy. Any other use is a violation of U.S.
and international copyrights. No part of this publication may be photocopied, duplicated, stored in a retrieval system, or otherwise duplicated whether in electronic or print format without
prior written consent of Red Hat, Inc. If you believe Red Hat course materials are being used, copied, or otherwise improperly distributed please email training@redhat.com or phone toll-
free (USA) +1 866 626 2994 or +1 (919) 754 3700.
[root@station root]$ cat /proc/partitions

major minor #blocks name
ng use aveq
8 0 8891650 sda
8 1 136521 sda1
8 2 3502170 sda2
8 3 2096482 sda3
8 5 2096451 sda5
1. Which of the following best explains why the partition sda4 is not listed in /proc/partitions?
( ) a. The partition has been initialized with a filesystem, but the filesystem is not mounted.
( ) b. The partition is being used as the extended partition, and therefore is not accessed directly.
( ) c. The partition has been initialized as swap space, but there has not yet been a high demand placed on
physical memory.
( ) d. The disk has not yet had a partition sda4 allocated.
( ) e. None of the above
2. Which of the following partitions could be an extended partition?

( ) a. /dev/hda7
( ) b. /dev/sdb5
( ) c. /dev/sdb4
( ) d. /dev/hdc8
3. Which of the following would be a logical partition?

( ) a. /dev/hda3
( ) b. /dev/hda5
( ) c. /dev/hdb1
( ) d. /dev/hdb4
4. Which of the following commands would list all known partitions?

( ) a. fdisk --dump
( ) b. dumppart
( ) c. fdisk -l
( ) d. fdisk --list
rha130-5.0-0-en-2007-12-13T13:35:30-0500 23
5. Which of the following commands could be used to add the partition /dev/sda8?
( ) a. fdisk -a /dev/sda8
( ) b. fdisk /dev/sda8
( ) c. fdisk -l /dev/sda8
( ) d. fdisk --add /dev/sda8
Use the following transcript to answer the next 3 questions.
[root@station root]$ fdisk -l


/dev/hda1 * 1 14 105808+ 83 Linux
/dev/hda2 15 1124 8391600 83 Linux
/dev/hda3 1125 1193 521640 82 Linux swap


/dev/hdb1 * 1 17 128488+ 83 Linux
/dev/hdb2 18 585 4294080 83 Linux
/dev/hdb3 586 1323 5579280 83 Linux
6. Assuming that the system Id’s indicate the true use of the partitions, approximately how much partition space is
allocated to swap space?
( ) a. 128 megabytes
( ) b. 520 megabytes
( ) c. 8.4 gigabytes
( ) d. 5.5 megabytes
( ) e. Not enough information is provided
rha130-5.0-0-en-2007-12-13T13:35:30-0500 24
7. Approximately how much space is left unallocated on the drive /dev/hda?

( ) a. 0
( ) c. 2 gigabytes
( ) d. 5.75 gigabytes
( ) e. Note enough information is provided
8. Approximately how much space is left unallocated on the drive /dev/hdb?

( ) a. 0
( ) c. 2 gigabytes
( ) d. 5.75 gigabytes
( ) e. Note enough information is provided
9. After editing the partition table with fdisk, what action must (usually) be taken for the kernel to recognize the new
partitions?
( ) a. The machine must be rebooted.
( ) b. The new partition should be added to /proc/partitions with a text editor.
( ) c. The partprobe command should be run.
( ) d. None of the above
( ) e. Either A or C
10. Which of the following fdisk commands is used to abandon all changes?
( ) a. a
( ) b. q
( ) c. x
( ) d. w
( ) e. z
rha130-5.0-0-en-2007-12-13T13:35:30-0500 25
Chapter 2. Creating and Managing Filesystems
Key Concepts
• The mkfs command, and its filesystem specific friends, are used to create filesystems.
• The most common filesystem in Linux is the ext2 filesystem, and its close cousin, the ext3 filesystem.
• The ext3 filesystem is exactly like the ext2 filesystem, with the added feature of journaling.
• The dumpe2fs command can be used to examine ext2 and ext3 filesystems.
Discussion
Filesystems
At the lowest level, block device nodes allow disks and disk partitions to be accessed as if they were
simply an array of bytes (recall the Unix mantra, "everything is a file"). But when Linux users store
information on disks, they prefer to use the familiar constructs of files and directories. Somehow, this
array of bytes that is a disk partition must be made to act like the /home/elvis directory, and the files it
contains.
The Linux kernel implements a virtual filesystem layer, which dictates that everything that exists in a
directory tree, such as regular files, directories, device nodes, and symbolic links, must have a uniform
structure which consists of the following elements.
inodes
Inodes store all of the metadata associated with a file. A file’s metadata is all of the information
associated with a file, except for its name and its content. For example, a file’s ownerships,
permissions, and modify time are all stored in it’s inode. More than anything else, the inode
provides the identity of the file.
dentries
Dentries, whose name is a shortening of the term "Directory Entries", contain a file’s name and
location within the directory structure, and associate this identity with the file’s inode.
data
Lastly, every file has an array of bytes which constitute its content and are referenced by the file’s
inode.
The intermediate structure which occurs on a disk or disk partition that defines a particular chunk of
bytes as containing dentries, and another chunk of bytes as containing the inodes which the dentries
reference, and another chunk of bytes as containing the data which the inodes reference, is referred to as
26
a filesystem. In other operating systems, the act of initializing the filesystem on a particular partition is
referred to as formatting the partition. In Linux (and Unix), the act is usually simply referred to as
creating a filesystem.
Linux Filesystems
Filesystem design is a general problem in computer engineering, and much time and effort has been
devoted to designing filesystems which balance efficiency, robustness, capability, and simplicity
appropriately for a given situation. Because a filesystem must be closely coordinated with the operating
system that supports it, most operating systems only support one or two filesystems which are considered
"native" to that operating system.
In contrast, Linux supports a large number of filesystems, some of which are native to Linux, many of
which are shared with other operating systems. The following table contains a partial list of filesystems
supported by Linux.
Table 2-1. Filesystems Supported in Linux
Filesystem Comments
ext2 The ext2 ("extended 2") filesystem has been the native filesystem of Linux
during its rise in popularity from the mid 1990’s. The ext2 filesystem is the
model around which the virtual filesystem layer is designed, and natively
implements almost all of the features expected from a filesystem under
Linux.
ext3 The ext3 ("extended 3") filesystem, introduced around the year 2000, is an
extension of the ext2 filesystem that supports journaling. In every other way,
the ext3 filesystem is identical to the ext2 filesystem, and what is said about
one generally applies to the other. The ext3 filesystem is the default
filesystem in Red Hat Enterprise Linux.
msdos The msdos filesystem is the FAT filesystem used by DOS and Windows. It
does not support many advanced features, such as file ownerships and
permissions, and file names consist of at most 8 characters with a 3 character
extension.
vfat The vfat filesystem is an extension of the msdos filesystem that allows long
filenames.
nfs The nfs "network filesystem" is used to share directories between Linux (and
Unix) machines. One machine exports part of its directory structure over the
network, which another machine may import into its local directory structure
at the filesystem level.
smbfs The smbfs filesystem is used to share directories between Linux (and Unix)
and Windows machines. Using smbfs, a Linux machine can incorporate an
exported Windows share into its local directory structure.
iso9660 The iso9660 filesystem is a read-only filesystem commonly used on compact
disks.
rha130-5.0-0-en-2007-12-13T13:35:30-0500
Filesystem Comments
proc The proc filesystem is a virtual filesystem that resides entirely within the
kernel (i.e., there is no hard disk associated with the filesystem).
reiserfs The reiserfs is an alternate journaling filesystem native to Linux and
supported by Red Hat Enterprise Linux.
jfs The jfs "journaling filesystem" is a mature journaling filesystem with many
enterprise features native to IBM machines. The jfs filesystem has been
recently open sourced and ported to Linux, and is supported by Red Hat
Enterprise Linux.
More could be added to the table, but hopefully the point has been made that Linux features support for a
wide variety of filesystems. The curious should start with the fs(5) man page for more information. We
will discuss the ext2/ext3 filesystem in some detail, and acquaint ourselves with a few others from the
table as well.
Creating Filesystems
Before a block device can be used to store files, it must be initialized with a filesystem. In Red Hat
Linux, some variant of the mkfs command is used to create filesystems. These commands tend to reside
in the /sbin directory.
[root@station root]# ls /sbin/mkfs.*

mkfs.cramfs mkfs.ext2 mkfs.ext3 mkfs.msdos mkfs.vfat
The mkfs command is a front-end command that expects to be called with the -t command line switch,
whose argument is the filesystem type to create. The other listed commands, which start mkfs., are
filesystem specific variants for particular filesystems. For example, mkfs -t ext2 and mkfs.ext2 are
equivalent commands.
Initializing a partition can be as easy as the following.
[root@station root]# mkfs.ext2 /dev/hda6
All versions of the mkfs commands expect some optional, filesystem specific command line switches,
and a required first argument which is the file (partition) to structure. An optional, seldom used second
argument may also be used, which specifies the size of the filesystem in blocks. The second argument is
seldom used because, by default, the filesystem will fill the entire specified partition or disk. While
anyone has permissions to execute the mkfs commands, in practice, only root has permissions to write to
the block device nodes that are being initialized.
Creating ext2 Filesystems: mke2fs

The most common filesystem encountered in Linux is the ext2 filesystem, or its close cousin the ext3
filesystem. Our discussion will focus on the ext2 filesystem. Near its conclusion, we will find that all that
is said about the ext2 filesystem applies directly to the ext3 filesystem as well.
Because the ext2 filesystem is so commonly used, yet another command synonymous with mkfs.ext2
exists, namely mke2fs. The commands mke2fs, mkfs.ext, and mkfs -t ext2 yield identical results.
rha130-5.0-0-en-2007-12-13T13:35:30-0500 28
Command Line Switches

The following table specifies some of the mke2fs command’s more commonly used command line
switches.
Table 2-2. Command Line Switches for the mke2fs Command
Switch Effect
-b blocksize Specify the filesystem blocksize in bytes, where blocksize may be one of
1024, 2048, or 4096.
-c Check for bad block while creating the filesystem.
-i density Specify an inode density of density bytes per inode.
-L label Set the volume label of the filesystem to label.
-m n Set the reserved block percentage to n.
-N number Directly specify the number of inodes.
-j Create a filesystem journal
The command line switches introduce some filesystem concepts which are addressed below.
Filesystem Labels (-L)

Like most filesystems, an ext2 filesystem can be labeled with a text string identifier, which is at most 16
characters. Other operating systems often refer to this label as a volume name (as they refer to a partition
formatted with a filesystem as a volume). We will discover that Red Hat Enterprise Linux makes
functional use of filesystem labels.
Block Size (-b)

Above, we ambiguously mentioned organizing a filesystem around "chunks of bytes", as in "this chunk
of bytes is storing inodes, while this chunk of bytes is storing dentries." The chunks we refer to are more
appropriately called blocks, and when creating a filesystem, a block size has to be decided. The ext2
filesystem supports block sizes of 1024, 2048, and 4096 bytes ("1k", "2k", and "4k", respectively).
The block size establishes the granularity of the filesystem. When space on the filesystem is devoted to
storing the contents of a particular file, the space is allocated in fixed size blocks of the specified block
size. For example, if the block size were 1024 bytes, then storing a file with 5000 bytes of data would
require 5 blocks. The same file stored in a filesystem with a block size of 4096 would require 2 blocks.
Once a block has been assigned to a particular purpose, it cannot be used for anything else.
At first glance, a smaller block size seems to result in less wasted space. In the above example, the file
system with a block size of 1k wastes about 1020 bytes (the remainder of the fifth block), while the
filesystem with a blocksize of 4k wastes 4092 bytes (the remainder of the second block). However, a
smaller blocksize requires more overhead on the part of the filesystem. For example, the filesystem needs
to maintain an internal table of which blocks have been used, and for what purpose. Again referring to
the above example, the filesystem with a 1k blocksize has to keep track of 5 blocks, while the filesystem
with a 4k blocksize only has to keep track of 2.
rha130-5.0-0-en-2007-12-13T13:35:30-0500 29
As a general rule, the larger the filesystem, the larger the appropriate block size. By default, the mke2fs
chooses a block size of either 1k or 4k, depending on the size of the filesystem being created.
Inodes (-N or -i)

Every file is directly associated with a structure called an inode. An inode must exist for each file in the
filesystem. The number of inodes that a filesystem contains needs to be specified as the filesystem is
created. Because the number of inodes cannot be changed later, care must be taken to estimate the
number of required inodes conservatively.
Usually, the mke2fs command chooses appropriate default settings. In a couple of situations, however,
the number of inodes may need to be specified directly.
• When a filesystem is expected to contain a large number of small files, the number of inodes may need
to be increased, or the filesystem may run out.
• When the filesystem is expected to contain a small number of large files, the excess amount of space
devoted to unused inodes takes away from space that could potentially be used for storing data. As a
result, the number of inodes may want to be decreased.
There are two ways to specify the number of inodes. The -N command line switch can be used to specify
an absolute number of inodes. For situations where a statement such as "This filesystem will never
contain more than 18,112 files." can be made, this switch is appropriate. In contrast, the -i command line
switch is used to specify an inode density, in bytes per inode. When constructing the filesystem, the
mke2fs command will divide the total size of the filesystem by the density (or, more exactly, the
inverse-density) to determine the number of inodes. For situations where statements such as "I expect my
average file size to be 180 kilobytes" can be made, this is the appropriate switch.
Reserved Blocks
By default, the ext2 filesystem reserves 5% of its space for the root user. This feature attempts to provide
the administrator a little bit of wiggle room if a user on the system accidentally (or intentionally) fills the
entire filesystem. The -m command line switch allows the percentage of blocks to reserve to be specified.
Examining Filesystems with dumpe2fs

As the name implies, the dumpe2fs command dumps to standard out low level information about an ext2
filesystem. In the following example, the mke2fs command is used to create a filesystem on the partition
sda1 with default options.
[root@station root]# mke2fs /dev/sda1

mke2fs 1.39 (29-May-2006)
Filesystem label= ➊
OS type: Linux
Block size=1024 (log=0) ➋
Fragment size=1024 (log=0)
31744 inodes, 126960 blocks ➌
6348 blocks (5.00%) reserved for the super user
rha130-5.0-0-en-2007-12-13T13:35:30-0500 30
First data block=1

16 block groups
8192 blocks per group, 8192 fragments per group
1984 inodes per group
Superblock backups stored on blocks:
8193, 24577, 40961, 57345, 73729
Writing inode tables: done

Writing superblocks and filesystem accounting information: done
This filesystem will be automatically checked every 39 mounts or

180 days, whichever comes first. Use tune2fs -c or -i to override.
As the filesystem is being created, the mke2fs command displays details about the new filesystem,
including the following.
➊ The specified filesystem label (in this case, none).

➋ The blocksize (chosen by mke2fs, if not specified on the command line). In this case, 1024 bytes.
➌ The number of inodes and blocks in the filesystem.
After the filesystem has been created, the dumpe2fs command is used to examine its details. The
dumpe2fs command expects to be called with a single argument, the name of a file (disk or partition)
that contains an ext2 filesystem.
[root@station root]# dumpe2fs /dev/sda1

dumpe2fs 1.39 (29-May-2006)
Filesystem volume name: /boot ➊
Last mounted on: <not available>
Filesystem UUID: dcf63b6b-157f-4493-a257-5221a44c37b9
Filesystem magic number: 0xEF53
Filesystem revision #: 1 (dynamic)
Filesystem features: filetype sparse_super ➋
Default mount options: user_xattr acl ➌
Filesystem state: clean
Errors behavior: Continue
Filesystem OS type: Linux
Inode count: 31744 ➍
Block count: 126960 ➎
Reserved block count: 6348
Free blocks: 122934
Free inodes: 31733
First block: 1
Block size: 1024 ➏
Fragment size: 1024
Blocks per group: 8192
Fragments per group: 8192
Inodes per group: 1984
Inode blocks per group: 248
Filesystem created: Fri Sep 26 17:17:53 2003
Last mount time: n/a
Last write time: Fri Sep 26 17:17:54 2003
Mount count: 0
rha130-5.0-0-en-2007-12-13T13:35:30-0500 31
Maximum mount count: 39

Last checked: Fri Sep 26 17:17:53 2003
Check interval: 15552000 (6 months)
Next check after: Wed Mar 28 18:17:53 2004
Reserved blocks uid: 0 (user root)
Reserved blocks gid: 0 (group root)
First inode: 11
Inode size: 128
Group 0: (Blocks 1-8192) ➐

Primary superblock at 1, Group descriptors at 2-2
Block bitmap at 3 (+2), Inode bitmap at 4 (+3)
Inode table at 5-252 (+4)
7927 free blocks, 1973 free inodes, 2 directories
Free blocks: 266-8192
Free inodes: 12-1984
Group 1: (Blocks 8193-16384)
Backup superblock at 8193, Group descriptors at 8194-8194
...
➊ The filesystem label. Unlike many versions of Linux, Red Hat Enterprise Linux makes functional
use of the volume label. For reasons we will see, Anaconda initializes volume labels with the
intended mount point of the filesystem. The label can later be changed with the e2label command.
➋ The ext2 filesystem can have several features enabled, which would be listed here.
➌ The Anaconda installer embeds the acl mount option into the filesystem superblock, so that Red Hat
Enterprise Linux filesystems (which were created at install time) support access control lists by
default. Access control lists will be covered in more detail in a later lesson.
➍ The number of inodes in the filesystem.
➎ The number of blocks in the filesystem. Dividing this value by the number of inodes (found on the
previous line), we find that by default, the mke2fs command included one inode for every four
blocks.
➏ The blocksize, in this case 1024 bytes ("1k"). Because the partition was relatively small (126960
blocks at "1k" each = about 127 megabytes), the mke2fs command chose the smaller block size.
➐ Lastly, the mke2fs command generates an accounting of free blocks and other information for each
of several block groups. The role of block groups in the ext2 filesystem structure is beyond the scope
of this discussion.
More detailed information about the design of the ext2 filesystem can be found at
http://e2fsprogs.sourceforge.net.
Filesystem Features
We now use the dumpe2fs command to examine a currently mounted /dev/hda3 partition.
[root@station root]# dumpe2fs /dev/hda3

dumpe2fs 1.39 (29-May-2006)
rha130-5.0-0-en-2007-12-13T13:35:30-0500 32
Filesystem volume name: / ➊

Filesystem UUID: c6c6c0ec-6430-470d-b371-754503e49ff6
Filesystem features: has_journal filetype needs_recovery sparse_super ➋
Default mount options: (none)
Inode count: 652800
Block count: 1303273
Free blocks: 148316
Free inodes: 418518
First block: 0
Block size: 4096 ➌
Fragment size: 4096
...
➊ In this case, the filesystem has been given a label of “/”.

➋ The filesystem features. More on these below.
➌ The blocksize of the filesystem is 4096 bytes.
In the above output, a couple of filesystem features merit attention.
needs_recovery
Recall from the previous Workbook that the kernel buffers all I/O activity associated with block devices.
While this provides a wonderful boost to performance, if the kernel were to shutdown for some reason
before committing any pending writes from its in memory cache, the internal information of the
filesystem (i.e., which blocks are being used for what purpose) could be left in an inconsistent state.
When a filesystem is mounted (i.e., used. More on this in the next Lesson), its needs_recovery flag is set.
If the filesystem is unmounted through normal techniques, as when the system is shut down from the
command line, the kernel has an opportunity to flush its pending writes to disk, and the needs_recovery
flag is removed. If the filesystem is not cleanly unmounted, however, as when the system loses power or
is switched off without being shut down, the needs_recovery flag never gets cleared. When next used
(upon next boot, for example), the needs_recovery flag will be discovered, and maintenance will be
performed on the filesystem.
has_journal
The mke2fs command subtly mentions that this ext2 filesystem has an associated journal. Earlier, we
stated that the ext3 filesystem is just an ext2 filesystem with a journal. What are we left to conclude? We
are using the dumpe2fs command to examine what is really an ext3 filesystem! Again, the ext3
filesystem is just an ext2 filesystem with the added "feature" of a journal.
rha130-5.0-0-en-2007-12-13T13:35:30-0500 33
The ext3 Journaling Filesystem
Journaling Filesystems
What is the importance of a journaling filesystem? A journaling filesystem maintains a log of all of its
pending transactions, through a process commonly referred to as a "two phase commit". When writing
information to disk, a journaling filesystem takes an approach similar to the following.
1. The filesystem writes to the journal the details about the transaction it is about to perform.
2. The filesystem performs the transaction.
3. Upon successful completion, the filesystem removes the details about the transaction from the
journal.
What is gained by this extra work? Just as the captain’s log is used tell rescuers what was happening on
the ship when disaster struck, the filesystem’s journal tells filesystem repair utilities what the filesystem
was up to when a filesystem crash occurs.
When repairing an ext2 filesystem, which does not maintain a journal, the filesystem repair utility must
examine the entire filesystem, searching for any internal structuring information which is in an
inconsistent state. For even a moderately large filesystem (40 gigabytes, for example), this process can
take several minutes.
In contrast, when repairing an ext3 filesystem, the repair utility needs only to focus on the journal of
pending transactions. The repair utility can then reset the internal filesystem structures associated with
these transactions to a consistent state, and assume the rest of the filesystem is healthy. The presence of a
journal to guide the repair utility dramatically reduces the amount of time needed to begin reusing a
crashed filesystem.
Creating ext3 Filesystems

How is an ext3 filesystem created? Notice in the above table of commonly used command line switches
for the mke2fs command, the -j command line switch was included without discussion. The switch
specifies that the mke2fs utility should include a journal with the newly created ext2 filesystem. In other
words, make an ext3 filesystem.
As a convenience, the mkfs.ext3 command is also provided. The command is a synonym for mke2fs -j
(or mkfs.ext2 -j, or mkfs -t ext2 -j). It shares all command line switches in common with mke2fs.
Examples
Creating an ext2 Filesystem

Continuing to configure his new disk, the user prince next proceeds to create his first filesystem, which
he wanted to be the ext2 filesystem. He makes the following decisions about the specifications.
rha130-5.0-0-en-2007-12-13T13:35:30-0500 34
• He knows that he is going to be using the filesystem for storing images, so he decides to give the
filesystem the label pics.
• As he is the only user that will routinely be using the partition, he decides not to waste space reserving
blocks for the root user, and sets the reserved block percentage to 0.
• Because he expecting to store relatively few large files, he decides to force the blocksize to 4096 bytes.
• To be safe, he has the mke2fs command check for bad blocks before creating the filesystem.
Composing the appropriate command line switches, he runs the the mke2fs command on the partition.
[root@station root]# mke2fs -L pics -m 0 -b 4096 -c /dev/hdb2

mke2fs 1.39 (29-May-2006)
Filesystem label=pics
OS type: Linux
Block size=4096 (log=2)
126720 inodes, 126622 blocks
First data block=0
4 block groups
32768, 98304
Checking for bad blocks (read-only test): done


In order to confirm that the filesystem was created "to spec", he turn right around and runs the dumpe2fs
command, whose output is excerpted below.
[root@station root]# dumpe2fs /dev/hdb2

dumpe2fs 1.39 (29-May-2006)
Filesystem volume name: pics
Filesystem UUID: dbc2276d-3393-4f75-9e1b-e6d114e87e53
Filesystem features: filetype sparse_super
...
Inode count: 126720
Block count: 126622
...
Block size: 4096
...
All appears to be well.
rha130-5.0-0-en-2007-12-13T13:35:30-0500 35
Creating a vfat Filesystem

The user prince’s machine is a dual boot machine, with Red Hat Enterprise Linux and Windows XP. His
Windows partition is using the NTFS filesystem, which is not supported by Red Hat Enterprise Linux.
Because he would like to easily share files between the two operating systems, prince wants to make a
FAT partition that can be seen from both worlds.
Although he knows that the mkfs.vfat command has several options which can be used to specify FAT
filesystem details, he assumes that the default settings are appropriate, and quickly creates the partition.
[root@station root]# mkfs.vfat /dev/hdb3

mkfs.vfat 2.11 (12 Mar 2005)
Seeing no information returned from the command, an knowing no analogue to the dumpe2fs command
for the vfat filesystem, prince assumes all went well and moves along.
Creating an ext3 Filesystem

Lastly, prince is going to create an ext3 filesystem to hold all of his music which he has ripped from
CD’s, into the ogg vorbis format. He decides to label the filesystem ogg, appropriately. He knows he
could use the mkfs.ext3 command, but because his fingers are in the habit of typing mke2fs, that just
seems to fall out of his fingers. He adds the -j command line switch, so that the resulting filesystem is
ext3.
[root@station root]# mke2fs -j -c -L ogg /dev/hdb5

mke2fs 1.39 (29-May-2006)
Filesystem label=ogg
OS type: Linux
Block size=4096 (log=2)
125696 inodes, 251362 blocks
First data block=0
8 block groups
32768, 98304, 163840, 229376
Checking for bad blocks (read-only test): done

Creating journal (4096 blocks): done

Again, he confirms the results with the dumpe2fs command.

dumpe2fs 1.39 (29-May-2006)
Filesystem volume name: ogg
rha130-5.0-0-en-2007-12-13T13:35:30-0500 36

Filesystem UUID: 7c82a031-a594-4579-a63f-fb28972bcfc8
Filesystem features: has_journal filetype sparse_super
...
Inode count: 125696
Block count: 251362
...
Block size: 4096
...
Journal UUID: <none>
Journal inode: 8
Journal device: 0x0000
...
Seeing some signs that the journal was created, prince is satisfied that the filesystem is an ext3 filesystem.
Online Exercises
Lab Exercise
Objective: Create a new ext2 partition.
Specification
This lab exercise will continue to use the partition created in the previous lab exercise. Ensure that the
file ~/lab3.1/disk still exists, and that it still references the correct drive.
Create an ext2 filesystem on the last partition created in the previous exercise. The filesystem should
meet the following criteria.
1. The filesystem should have the label lab3.2.

2. The filesystem should have a blocksize of 2048 bytes.
3. The filesystem should have exactly 24,000 inodes (or as near to 24,000 as possible).
rha130-5.0-0-en-2007-12-13T13:35:30-0500 37
Deliverables
1. The last partition on the drive specified in the file ~/lab3.1/disk should be formatted with an ext2 filesystem,
whose label is lab3.2, has a blocksize of 2048 bytes, and has (very close to) 24,000 inodes.
Questions
1. Which of the following filesystems is usually associated with compact disks?

( ) a. ext3
( ) b. iso9660
( ) c. reiserfs
( ) d. vfat
2. Which of the following commands could be used to create an ext3 filesystem?

( ) a. mkfs.ext3
( ) b. mkfs -t ext3
( ) c. mke2fs -j
( ) d. mkfs.ext2 -j
( ) e. All of the above
3. Which of the following command lines could be used to create an ext2 filesystem with a blocksize of 2048 bytes?
( ) a. mke2fs -b 2048 /dev/hda4
( ) b. mke2fs /dev/hda4
( ) c. mke2fs -b2k /dev/hda4
( ) d. mke2fs -b2 /dev/hda4
( ) e. A and B

dumpe2fs 1.39 (29-May-2006)
Filesystem volume name: /home
rha130-5.0-0-en-2007-12-13T13:35:30-0500 38
free (USA) +1 866 626 2994 or +1 (919) 754 3700.

Filesystem UUID: 4a26ac4a-fcd9-4231-bf3a-e5e5fb2456b5
Filesystem features: has_journal filetype needs_recovery sparse_super
Default mount options: (none)
Inode count: 3842720
Block count: 7681070
Free blocks: 1150544
Free inodes: 3597708
First block: 0
Block size: 4096
Fragment size: 4096
Blocks per group: 32768
Fragments per group: 32768
Inodes per group: 16352
Inode blocks per group: 511
Last mount time: Sun Oct 5 13:59:31 2003
Last write time: Sun Oct 5 13:59:31 2003
Mount count: 74
Maximum mount count: -1
Last checked: Fri Sep 19 09:16:20 2003
Check interval: 15552000 (6 months)
Next check after: Wed Mar 17 08:16:20 2004
Reserved blocks uid: 0 (user root)
Reserved blocks gid: 0 (group root)
First inode: 11
Inode size: 128
Journal UUID: <none>
Journal inode: 8
Journal device: 0x0000
First orphan inode: 0
4. Which of the following command lines could have created this filesystem? (Assume that the filesystem has not
been modified with tune2fs since it was created.)
( ) a. mke2fs -L /home -b 2048 /dev/hdb5
( ) b. mkfs.ext3 -b 2048 /dev/hdb5
( ) c. mkfs -t ext2 -b 4096 /dev/hdb5
( ) d. mke2fs -j -L /home -b 4096 -N 3842720 /dev/hdb5
rha130-5.0-0-en-2007-12-13T13:35:30-0500 39
5. When creating this filesystem, which of the following would be the appropriate argument to the -i command line
switch to the mke2fs command to generate the appropriate number of inodes?
( ) a. -i 2
( ) b. -i 4096
( ) c. -i 8192
( ) d. -i 4
6. When formatting a floppy with the mke2fs command, why might one be tempted to include the -m 0 command
line switch?
( ) a. Because journaling would be too slow on a floppy, this command line switch would disable journaling.
( ) b. The command line switch would prevent any blocks being reserved for only the root user.
( ) c. The command line switch would set the number of inodes to 0, which is appropriate for temporary media
such as floppies.
( ) d. The command line switch would cause the floppy to be overwritten with binary 0’s before the filesystem is
constructed, wiping clean any previous data.
7. Which of the following command lines would create a filesystem with a volume label of data?
( ) a. mkfse2 -l data /dev/hda1
( ) b. mkfs.ext2 --label=data /dev/hda1
( ) c. mkfs.ext2 -m data /dev/hda1
( ) d. mkfs -t ext2 -L data /dev/hda1
8. Which of the following command lines would create an ext3 filesystem with a block size of 4096?
( ) a. mke2fs --journal --block=4096 /dev/hda1
( ) b. mkfs.ext3 -b 4k /dev/hda1
( ) c. mkfs -t ext2 -j -b4 /dev/hda1
( ) d. mkfs -t ext3 --block=4k /dev/hda1
rha130-5.0-0-en-2007-12-13T13:35:30-0500 40
9. Which of the following command line switches causes the mke2fs command to check the disk for bad blocks
before creating a filesystem?
( ) a. -L
( ) b. -c
( ) c. -b
( ) d. -s
10. Your friend has just run the dumpe2fs command on his /home filesystem, and noticed that the flag
needs_recovery was set. What advice would you give him?
( ) a. He should reboot his machine immediately.
( ) b. When convenient, he should unmount the partition, and perform filesystem maintenance.
( ) c. He should not be concerned, as the flag is always set on mounted filesystems.
( ) d. He should not be concerned, as the Linux kernel automatically runs a filesystem recovery algorithm every
10 minutes.
( ) e. You do not believe him, and suspect he ran the dumpe2fs command on a partition that does not contain an
ext2 filesystem.
rha130-5.0-0-en-2007-12-13T13:35:30-0500 41
Chapter 3. Mounting Filesystems
Key Concepts
• The mount command is used to attach the root directories of filesystems to already existing directories
in the directory tree.
• The pre-existing directory is referred to as the mount point of the mount.
• The umount command is used to detach filesystems (which are not busy) from the directory tree.
• Various mount options can be used to qualify the capabilities of mounted filesystems.
• The remount mount option can be used to associate new options with already existing mounts.
Discussion
Mounting Filesystems
In Linux (and Unix), filesystems are gracefully combined into a single directory tree through a concept
called mounting. Every filesystem provides a root directory which servers as the base of the filesystem.
When a filesystem is mounted, its root directory is bound to an already existing directory in the system’s
directory tree, referred to as the mount point for the filesystem. Whenever the mount point is referenced,
the root directory of the mounted filesystem is presented instead.
As we elaborate on the concept of mounting, we will continue to use the IDE drive introduced in our
partitioning discussion.
42
Figure 3-1. Partitioning for the Drive /dev/hda
rha130-5.0-0-en-2007-12-13T13:35:30-0500 43
The root partition

Because the mount point must be an already existing directory, the first mount is special, and performed
by the kernel directly at startup. This first filesystem is referred to as the root partition, and the root
partition’s root directory becomes the root directory of the directory tree, "/". In the above example, the
partition /dev/hda5 is being used as the root partition.
rha130-5.0-0-en-2007-12-13T13:35:30-0500 44
Figure 3-2. The /dev/hda5 Root Partition
rha130-5.0-0-en-2007-12-13T13:35:30-0500 45
This filesystem contains a root directory and commonly recognized subdirectories such as /etc, /home,
and /boot. If desired, the root partition could serve as a machine’s only filesystem. The directories
above would contain subdirectories, and those subdirectories would in turn contain subdirectories, so
that every file on the system is stored in this single filesystem. For simple workstations, this may well be
the appropriate design.
"Partitioning Off" Parts of the Directory Tree

In practice, Linux (and Unix) administrators often choose to compose their system’s directory tree out of
multiple partitions. In the above example, the partition /dev/hda6 is referred to as the /home partition,
because the filesystem in intended to be mounted to the /home directory in the directory tree. In the
following diagram, we examine the contents of this filesystem.
rha130-5.0-0-en-2007-12-13T13:35:30-0500 46
Figure 3-3. The /dev/hda6 Filesystem
The filesystem has its own root directory, and subdirectories such as /blondie, /elvis, etc. When
mounted to the /home directory, the mount point /home becomes bound to the root directory of the
/dev/hda6 filesystem.
rha130-5.0-0-en-2007-12-13T13:35:30-0500 47
Figure 3-4. The /dev/hda6 Filesystem Mounted to /home
rha130-5.0-0-en-2007-12-13T13:35:30-0500 48
Once mounted, all subsequent references to the /home directory no longer see the contents of the /home
directory on the partition /dev/hda5, but instead the root directory of the partition /dev/hda6. To the
end user, the effect is seamless. When the user asks for a ls of /home he sees the directories elvis,
madonna, etc.
The process can be continued as often as desired. The following diagram reflects the fully assembled
directory tree for the IDE drive above, with the /dev/hda6 filesystem mounted to /home, the
/dev/hda7 filesystem mounted to /var, and the /dev/hda8 filesystem mounted to /var/ftp/pub.
All filenames are listed relative to the root directory of the filesystem which contains them.
Figure 3-5. The Fully Assembled Directory Tree
Often, the end user, who might ask for an md5sum of the file /var/ftp/pub/images/bootdisk.img,
does not realize that her absolute reference traverses three different partitions.
rha130-5.0-0-en-2007-12-13T13:35:30-0500 49
Copyright (c) 2003-2007 Red Hat, Inc. All rights reserved. For use only by a student enrolled in a Red Hat Academy course taught at a Red Hat Academy.
Any other use is a violation of U.S. and international copyrights. No part of this publication may be photocopied, duplicated, stored in a retrieval system, or
otherwise duplicated whether in electronic or print format without prior written consent of Red Hat, Inc. If you believe Red Hat course materials are being
used, copied, or otherwise improperly distributed please email training@redhat.com or phone toll-free (USA) +1 866 626 2994 or +1 (919) 754 3700.
Note: In the diagram of the IDE drive, and in our discussion, the partition /dev/hda6 has been
referred to as the "/home" partition. The fact that the directory /home does not exist in the /dev/hda6
filesystem should be emphasized. The filesystem is only referred to as the /home partition because it
is intended to be mounted on the /home directory. It could just as easily be mounted to the /etc
directory, resulting in a directory tree which contains the directories /etc/blondie, /etc/elvis, etc.
(This is possible, not desirable.)
Mounting Filesystems with the mount Command

Filesystems are mounted with the mount command. Generally, only root can mount filesystems. The
following example of the mount command illustrates the general syntax.
[root@station root]# mount -t ext2 -o noatime,noexec /dev/sda1 /home
Each execution of the mount command must somehow resolve the following four questions.
1. What device is being mounted? The first argument specifies the name of a block device to be
mounted.
2. What filesystem is the device formatted with? The filesystem can be specified with the -t command
line switch.
3. Where should the device be mounted? The second argument specifies the already existing directory
which should serve as the mount point for the filesystem.
4. Are there any options which should be associated with the mounted filesystem? Mount options are
generally specified with the -o command line switch. In the above example, the mounted filesystem
will not record file access times, and will not interpret any files as commands to be executed.
Listing All Mounted Devices

The mount command, when called without arguments, will list all mounted filesystems along with the
answers to the four questions above.
[root@station root]# mount

/dev/hda3 on / type ext3 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/hda1 on /boot type ext3 (rw)
tmpfs on /dev/shm type tmpfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
/dev/sda1 on /home type ext2 (rw,noexec,noatime)
rha130-5.0-0-en-2007-12-13T13:35:30-0500 50
Shortcutting the Filesystem Type

If the filesystem type is not specified explicitly, the mount command will consult the file
/etc/filesystems for a list of candidate filesystems.
[root@station root]# cat /etc/filesystems

ext3
ext2
nodev proc
nodev devpts
iso9660
vfat
hfs
When mounting one of these filesystem types, the filesystem does not need to be specified manually.
Mount Options
The Linux kernel supports the following mount options, which by design are generic to any filesystem. In
practice, some filesystems silently ignore some of the options. Most mount options are implemented as
complementary choices, such as exec and noexec. Such binary options are coupled in the following table.
Table 3-1. Linux Mount Options
Option Effect
ro, rw The ro option specifies that the filesystem should be mounted read only. Internal
filesystem parameters (such as the mount count, or last mount time) are not
modified as well. The default is rw.
(a)sync The sync option specifies that all transactions should occur synchronously, i.e.,
writes should bypass the kernel cache. While this option provides better integrity
(transactions are written to disk immediately), it can significantly degrade overall
system performance. The default is async. This option is currently only supported
by the ext2/ext3 and ufs filesystems.
(no)atime The noatime option specifies that file access times should not be maintained.
When access times are recorded, every read effectively becomes a write (because
the inode’s atime requires updating). If access times are not considered important,
system performance can be improved by ignoring them. Also useful on laptops,
this option can prevent the drive from "spinning up" unnecessarily. The default is
atime.
(no)dev The nodev option specifies that no files within the filesystem should be
interpreted as device nodes. The default is dev.
(no)exec The noexec option specifies that no files within the filesystem should be
interpreted as executable commands. The default is exec.
(no)suid The nosuid option specifies that the suid permission bit should not be honored on
any files within the filesystem. The suid bit allows scripts to elevate privileges
upon execution, and is commonly used to implement trap doors on compromised
systems. The default is suid.
rha130-5.0-0-en-2007-12-13T13:35:30-0500 51
In addition, most filesystems support mount options specific to that filesystem. Consult the mount(8)
man page for details.
In practice, the default options are generally appropriate, and the mount command is often called with
only two arguments, as in the following.
[root@station root]# mount /dev/sda1 /home
Unmounting Filesystems with the umount Command

Filesystems are unmounted with the umount command. The umount command expects to be called
with a single argument, which may be either the device name or the mount point associated with the
mount. Either of the following two commands would attempt to unmount the /dev/sda1 partition from
the /home directory.
[root@station root]# umount /home
[root@station root]# umount /dev/sda1
While simple in concept, one complication often serves to frustrate attempts to unmount devices:
[root@station home]# umount /home

umount: /home: device is busy
The umount command will only unmount filesystems which are not "busy". A filesystem is considered
busy if any process has an open file in the filesystem, or any process has a directory within the filesystem
as its current working directory. Before the filesystem can be unmounted, the process which is busying it
must be tracked down and killed (or convinced to release the files and/or directories to which it is laying
claim).
Using fuser or lsof to Track Down Processes

Fortunately, a command is designed with just this purpose in mind. The fuser command lists the process
ids of processes which are somehow using a file. More relevant for our purposes, if the fuser command
is called with the the -m command line switch, it will list all processes which are using files anywhere on
the filesystem which contains the specified file.
[root@station home]# fuser -m /home

/home: 1912c
In this case, process id 1912 has a current working directory within the specified filesystem. Observation
of the bash prompt implies that the id probably belongs to the shell itself. Changing directories "out of"
the /home partition, the device can be unmounted.
[root@station home]# cd
[root@station root]# umount /home/
The lsof command (for "list open files") provides an alternative to fuser. When invoked on a directory
serving as amount point, lsof lists every currently open file within the filesystem.
rha130-5.0-0-en-2007-12-13T13:35:30-0500 52
[root@station6 foo]# lsof /home

COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
bash 1912 root cwd DIR 3,5 1024 12049 /home
lsof 15612 root cwd DIR 3,5 1024 12049 /home
lsof 15613 root cwd DIR 3,5 1024 12049 /home
The lsof command is very versatile and is a good tool to have at your disposal, but at this point we
merely mention this one use.
Remounting Partitions with mount -o remount

The mount command can also be used to associate new mount options with already mounted partitions.
When remounting partitions, the mount command should be called with the remount option, combined
with whatever new options are to be associated with the filesystem. Consider the following example.
[root@station root]# date > /home/foo

[root@station root]# mount -o remount,ro /home
-bash: /home/foo: Read-only file system
[root@station root]# mount -o remount,rw /home
Examples
Creating Mount Points

Continuing his work from the previous example, prince decides to create the following mount points for
his 3 filesystems.
Partition Size Filesystem Mountpoint

/dev/hdb2 512 megabytes ext2 /picts
/dev/hdb3 512 megabytes vfat /dosd
/dev/hdb5 1024 megabytes ext3 /ogg
His first step is to create the needed directories.
[root@station root]# mkdir /picts /dosd /ogg
Next, he mount his new partitions, one by one. Because he is using standard filesystem types, he does not
need to specify filesystem types to the mount command.
[root@station root]# mount /dev/hda6 /picts/

[root@station root]# mount /dev/hda7 /dosd
[root@station root]# mount /dev/hda8 /ogg
rha130-5.0-0-en-2007-12-13T13:35:30-0500 53

none on /proc type proc (rw)
usbdevfs on /proc/bus/usb type usbdevfs (rw)
/dev/hda7 on /var/ftp/pub type ext3 (rw)
/dev/hda5 on /home type ext3 (rw)
none on /dev/pts type devpts (rw,gid=5,mode=620)
none on /dev/shm type tmpfs (rw)
/dev/hdb2 on /picts type ext2 (rw)
/dev/hdb3 on /dosd type vfat (rw)
/dev/hdb5 on /ogg type ext3 (rw)
After performing the mount, price decides he would like to protect the vfat filesystem until he can
confirm that it looks good after rebooting into Windows XP. He decides to add the ro mount option.
[root@station root]# mount -o remount,ro /dosd

...
/dev/hdb3 on /dosd type vfat (ro)
Online Exercises
Lab Exercise
Objective: Mount an ext2 filesystem to the specified directory, with appropriate
mount options.
Specification
This lab exercise will continue to use the filesystem created in the previous lab exercise. Ensure that the
file ~/lab3.1/disk still exists, and that it still references the correct drive. The last partition of the
drive should have a properly formatted ext2 filesystem.
1. Create the directory /lab3, which will serve as a mount point for your partition.
2. Mount the last partition on the specified drive to the /lab3 directory, with the noexec and noatime
mount options.
rha130-5.0-0-en-2007-12-13T13:35:30-0500 54
of U.S. and international copyrights. No part of this publication may be photocopied, duplicated, stored in a retrieval system, or otherwise duplicated whether in electronic or
print format without prior written consent of Red Hat, Inc. If you believe Red Hat course materials are being used, copied, or otherwise improperly distributed please email
Deliverables
1. The last partition on the drive specified in the file ~/lab3.1/disk should be mounted to the directory /lab3,
with the noexec and noatime options.
Questions
1. Which of the following could be a legitimate invocation of the mount command?

( ) a. mount -t /dev/hda2 /home
( ) b. mount /home /dev/hda2
( ) c. mount /dev/hda2 /home
( ) d. mount -o /home /dev/hda2
2. Which of the following command lines would mount the device /dev/hda3, formatted with the vfat filesystem,
to the mount point /dosc?
( ) a. mount -o vfat -d /dev/hda3 /dosc
( ) b. mount -t vfat /dev/hda3 /dosc
( ) c. mount -t vfat -o /dosc /dev/hda3
( ) d. mount -o vfat /dosc /dev/hda3
3. Which of the following is not a common Linux mount option?

( ) a. mtime
( ) b. noatime
( ) c. noexec
( ) d. ro
( ) e. All are common mount options
rha130-5.0-0-en-2007-12-13T13:35:30-0500 55
free (USA) +1 866 626 2994 or +1 (919) 754 3700.

proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
/dev/hda1 on /boot type ext3 (rw)
tmpfs on /dev/shm type tmpfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
[root@station root]# mount /dev/hda7 /var
[root@station root]# mount /dev/hda5 /var/www/html
4. Which partition contains the file /proc/meminfo?

( ) a. /dev/hda1
( ) b. /dev/hda7
( ) c. /dev/hda5
( ) d. /dev/hda3
5. Which partition contains the mount point /var/www/html?

( ) a. /dev/hda3
( ) b. /dev/hda7
( ) c. /dev/hda1
( ) d. /dev/hda5
6. When accessing the file /var/www/html/index.html, how many partitions does the kernel involve?
( ) a. 1
( ) b. 3
( ) c. 0
( ) d. 2
( ) e. Not enough information is provided
[root@station root]# mount /dev/fd0 /mnt/floppy

[root@station root]# cd /mnt/floppy
[root@station floppy]# cal > september.txt
[root@station floppy]# umount /mnt/floppy
umount: /mnt/floppy: device is busy
rha130-5.0-0-en-2007-12-13T13:35:30-0500 56
7. Which is the most likely reason the /mnt/floppy device was considered busy?
( ) a. The kernel had not yet finished writing the file september.txt.
( ) b. Although the kernel had finished writing the file september.txt, the writes had not yet been committed
to disk.
( ) c. The filesystem on the /mnt/floppy device has become corrupted.
( ) d. The bash shell’s current working directory is /mnt/floppy.
8. Which of the following commands would resolve the problem, so that if it were immediately followed by the
same umount command listed above, the unmount would succeed?
( ) a. fuser -m /mnt/floppy
( ) b. fsck -m /mnt/floppy
( ) c. sync
( ) d. cd
9. Which of the following command lines would add the noatime option to an already mounted /home partition?
( ) a. mount -o noatime /dev/hda4 /home
( ) b. mount -a noatime /dev/hda4 /home
( ) c. mount -remount -o noatime /dev/hda4 /home
( ) d. mount -o remount,noatime /dev/hda4 /home
Use the following transcript to answer the next question.

/dev/hdb6 on / type ext3 (rw)
none on /proc type proc (rw)
usbdevfs on /proc/bus/usb type usbdevfs (rw)
/dev/hdb7 on /var/ftp/pub type ext3 (rw)
/dev/hdb5 on /home type ext3 (rw)
none on /dev/pts type devpts (rw,gid=5,mode=620)
none on /dev/shm type tmpfs (rw)
rha130-5.0-0-en-2007-12-13T13:35:30-0500 57
10. Which of the following command lines could be used to unmount the /home partition?
( ) a. unmount /home
( ) b. umount -t ext3
( ) c. umount /dev/hdb5
( ) d. unmount -a
rha130-5.0-0-en-2007-12-13T13:35:30-0500 58
Chapter 4. The /etc/fstab File
Key Concepts
• The /etc/fstab file can be used to predefine mount points.
• When the mount command is called with only half of the information it needs, it consults the
/etc/fstab for the rest.
• The mount -a command attempts to mount (almost) every predefined mount point listed in the
/etc/fstab file.
• In the /etc/fstab file, devices may either be referenced by name, or by filesystem label.
Discussion
In the previous Lesson, the mount command was introduced requiring two arguments: the device to
mount, and the mount point to which to mount it. Often, however, shortcuts are taken with the mount
command, as in the following 3 examples.
[root@station root]# mount /mnt/floppy
[root@station root]# mount /dev/fd0
[root@station root]# mount -a
Whenever the mount command is called without enough information, it looks to a "filesystem table" to
provide more: the /etc/fstab file.
The /etc/fstab File Syntax

The following /etc/fstab file might be found on the machine using the IDE drive from our previous
lesson.
[root@station root]# cat /etc/fstab

/dev/hda5 / ext3 defaults 1 1
/dev/hda6 /home ext3 defaults 1 2
/dev/hda7 /var ext3 defaults 1 2
/dev/hda8 /var/ftp/pub ext3 defaults 1 2
/dev/hda3 /boot ext3 defaults 1 2
devpts /dev/pts devpts gid=5,mode=620 0 0
proc /proc proc defaults 0 0
sysfs /sys sysfs defaults 0 0
tmpfs /dev/shm tmpfs defaults 0 0
/dev/hda2 swap swap defaults 0 0
Each column of the file is separated by some combination of white space (generally, spaces and/or tabs).
Each row defines a mount, with the first four column directly answering the four questions associated
59
with each mount posed in the previous lesson: what, where, with which filesystem, and how. The latter
two columns are more subtle, and are described in the table below.
Table 4-1. Format of the /etc/fstab File
Column Example Role
1 /dev/hda6 Which device (disk, partition, or otherwise) to mount.

2 /home The mount point associated with the mount.
3 ext3 The filesystem to expect to find on the device, or the keyword "auto",
which means the filesystem should be automatically detected.
4 defaults A comma separated list of options to associate with the mount, as
would be specified with the -o command line switch to the mount
command.
5 0 Used by the dump command to determine if this partition should be
archived when performing backups. The dump utility is seldom used.
6 2 The "fsck"ing order. On system startup, the fsck "file system check"
command is run on each identified filesystem. There are three relevant
values for this field: 1 (reserved for the root partition), 2 (for all
partitions to be checked except for the root partition), and 0 (for
partitions which should not be fscked on startup).
Whenever the mount command is called with just a mount point, or just a device, as its lone argument, it
looks for a matching line within the /etc/fstab file to supply the remaining information. Examples of
successful commands have been given above. Notice the reference to the /etc/fstab file when the
following unsuccessful mount command complains.
[root@station root]# mount /foo

mount: can’t find /foo in /etc/fstab or /etc/mtab
The mount -a command specifies to mount "all". The command reads the /etc/fstab line by line, and
performs all appropriate mounts. The mount -a command is executed as part of the system startup.
Mount Options Relevant to the /etc/fstab File

The following options, while documented in the mount(8) man page, only make sense when used in the
/etc/fstab file.
Table 4-2. Mount Options Relevant to the /etc/fstab File
Option Effect
defaults Use default options: rw, suid, dev, exec, auto, nouser, and async. (The word
defaults has the same effect as specifying no options, but something must hold the
place of the fourth column in the /etc/fstab file.)
rha130-5.0-0-en-2007-12-13T13:35:30-0500
Option Effect
(no)auto The noauto option specifies that the partition should not be mounted when
executing mount -a. This option is generally used on lines defining mount points
for temporary media, such as floppies, CD-ROM’s, and USB drives.
user By default, only root may perform mounts. The user option specifies that anyone
should be able to perform the predefined mount.
Specifying Devices by Filesystem Label

The above example of an /etc/fstab file could be found in most any version of Unix, and would also
work in Linux. The default /etc/fstab file in Red Hat Enterprise Linux, however, takes advantage of
an additional feature of the Linux mount command. In Red Hat Enterprise Linux, the same file would
probably look more like the following, where the only differences occur in the first column.

LABEL=/ / ext3 defaults 1 1
LABEL=/home /home ext3 defaults 1 2
LABEL=/var /var ext3 defaults 1 2
LABEL=pub /var/ftp/pub ext3 defaults 1 2
LABEL=/boot /boot ext3 defaults 1 2
procfs /proc proc defaults 0 0
LABEL=SWAP-hda2 swap swap defaults 0 0
When discussing the mke2fs command, we mentioned that Red Hat Enterprise Linux makes functional
use of a filesystem labels. This is it. Rather than specifying a device directly, the device can be specified
by filesystem label. Think of the second line as saying, "Examine all known filesystems, and mount the
one labeled "/home" to the /home directory.
By convention, Anaconda (the Red Hat Enterprise Linux Installer) labels filesystems by their intended
mount point. This way, the filesystem internally "knows" where it is intended to be mounted. As the
fourth line above implies, however, this is merely convention. Any label will suffice.
Why does Red Hat Enterprise Linux add this extra level of indirection, with its associated complexity?
Because device names can be fickle. There are two situations that can lead to devices shifting identities.
1. Deleting Logical Partitions: Recall that logical partitions are maintained as a linked list, and if
logical partition /dev/hda6 were to be deleted, logical partitions /dev/hda7 and /dev/hda8
would shift to /dev/hda6 and /dev/hda7.
2. Adding (or Removing) SCSI Drives: When a SCSI drive is added or removed from the system,
SCSI drives can shift identities. What was /dev/sdb on a previous boot might become /dev/sdc.
In the latter case, a move as innocently intentioned as adding a SCSI disk to the system could throw a
traditional /etc/fstab file out of whack, potentially leaving the system unbootable. Identifying
filesystems by filesystem label rather than device names protects against such unfortunate events.
rha130-5.0-0-en-2007-12-13T13:35:30-0500 61
Using Filesystem Labels on the Mount Command Line

Just as filesystem labels can be used in the /etc/fstab file to specify a device, they can be used on the
mount command line directly, with the -L command line switch, as in the following example.
[root@station root]# dumpe2fs /dev/hda1 | head -1

dumpe2fs 1.39 (29-May-2006)
Filesystem volume name: /boot
[root@station root]# mount -L /boot /boot
Similarly, devices can be identified on the mount command line (and the /etc/fstab file) by their
"UUID" (Universal Unique Identifier). Refer to the mount(8) and fstab(5) man pages for more
information.
Adding Lines to the /etc/fstab File

When creating a new filesystem, there are several reasons why a line defining a mount point for the
filesystem might be added to the /etc/fstab file.
• A /etc/fstab line defines a "place" for the filesystem. While the filesystem could be mounted at any
time to any directory, defining a default mount point has the effect of giving the files a home in the
directory tree.
• The mount becomes part of system bootup process. Unless the noauto option is added, the mount will
occur automatically as the system boots.
• Users other than root can perform the mount. By default, only root may perform a mount. If the user
or owner option is specified in the /etc/fstab file, however, this privilege may be bestowed to other
users.
In principle, adding a line to the /etc/fstab file is easy, and may be performed with any text editor.
Care must be taken, however, not to mangle the syntax of the file. Because of the mount -a command,
the /etc/fstab file plays a fundamental role in the system’s bootup process. A mangled or
mis-specified /etc/fstab file can leave the system unbootable. When editing the /etc/fstab file,
text editors (or word processors) that implement "word wrapping" should be avoided like the plague.
Examples
Defining Mount Points in the /etc/fstab File

Because prince does not want to perform the three mounts for his three new filesystems manually every
time he reboots the machine, he decides to define the mounts in his /etc/fstab file. He first examine
his current file, looking for lines similar to what he desires.

LABEL=/var/ftp/pub /var/ftp/pub ext3 defaults 1 2
rha130-5.0-0-en-2007-12-13T13:35:30-0500 62

LABEL=SWAP-hda2 swap swap defaults 0 0
He decides that the line specifying the /boot partition looks as good as any. Before proceeding, he
makes a backup of the /etc/fstab file, just in case.
[root@station root]# cp /etc/fstab /etc/fstab.bak
Next, using a text editor, he duplicates his chosen line 3 times.

Next, he begins implementing his customizations, changing only what is necessary.

LABEL=pics /picts ext2 defaults 1 2
/dev/hdb3 /dosd vfat defaults 1 2
LABEL=/ogg /ogg ext3 defaults 1 2
Because he did not give his vfat filesystem a volume label, he must refer to it by device name.
Fortunately, it is an IDE drive and a primary partition, so it should be safe. He saves the file and quits the
editor.
Lastly, he tests out his configuration by first unmounting his partitions, and then simulating a system
startup by running the mount -a command.
[root@station root]# umount /picts

[root@station root]# umount /dosd
[root@station root]# umount /ogg
mount: special device LABEL=/ogg does not exist
Realizing his mistake, he corrects the /etc/fstab file (replacing LABEL=/ogg with LABEL=ogg), and
tries again.

[root@station root]# umount /dosd
[root@station root]# umount /ogg
umount: /ogg: not mounted
...
/dev/hdb3 on /dosd type vfat (rw)
rha130-5.0-0-en-2007-12-13T13:35:30-0500 63
He is now satisfied with the results.
Online Exercises
Lab Exercise
Objective: Create a /etc/fstab entry which correctly defines a mount point for
your drive.
Specification
This exercise will continue to use the filesystem created and mounted in the previous 2 exercises. Ensure
that the file ~/lab3.1/disk still exists, and that it still references the correct drive. The last partition of
the drive should have a properly formatted ext2 filesystem.
1. Add a line to your /etc/fstab file which defines the mount performed in the last lab. To recap, the
last partition of the specified drive should be mounted to the directory /lab3, with the noatime and
noexec options.
2. The line should refer to your partition not by device name, but by filesystem label.
3. Add the appropriate customization so that your filesystem is not mounted by default on system
boots.
4. Configure the line appropriately so that the filesystem would not be archived by the dump command.
5. Unmount the partition before grading your exercise.
Deliverables
1. A properly configured /etc/fstab file which mounts the last partition on the specified drive to the directory
/lab3 with the noexec and noatime options. The partition should not be mounted automatically on system
boots, and should not be included in archives created by the dump command. The partition should be
referenced by filesystem label.
2. The partition should not be currently mounted.
rha130-5.0-0-en-2007-12-13T13:35:30-0500 64
free (USA) +1 866 626 2994 or +1 (919) 754 3700.
Questions

LABEL=/var/ftp/pub /var/ftp/pub ext3 defaults 1 2
LABEL=/boot /mnt/boot ext3 defaults,noauto 1 2
/dev/hda5 /dos vfat defaults,noauto,user 0 2
LABEL=SWAP-hdb2 swap swap defaults 0 0
/dev/fd0 /media/floppy auto user 0 0
1. Which of the following mount points would not be used by a mount -a command?
( ) a. /var/ftp/pub
( ) b. /dev/pts
( ) c. /home
( ) d. /dos
( ) e. All of the above mount points would be used.
2. Which of the following command lines would attempt to mount the /dev/hda5 partition?
( ) a. mount /dev/hda5
( ) b. mount /dos
( ) c. mount /dev/hda5 /mnt/dos
( ) d. All of the above
( ) e. A and B only
3. Which of the following command lines would attempt to mount a filesystem to the /mnt/boot directory?
( ) a. mount -a
( ) b. mount /boot
( ) c. mount -L /boot
( ) d. A and C
rha130-5.0-0-en-2007-12-13T13:35:30-0500 65
Copyright (c) 2003-2007 Red Hat, Inc. All rights reserved. For use only by a student enrolled in a Red Hat Academy course taught at a Red Hat Academy. Any other use is a
violation of U.S. and international copyrights. No part of this publication may be photocopied, duplicated, stored in a retrieval system, or otherwise duplicated whether in
electronic or print format without prior written consent of Red Hat, Inc. If you believe Red Hat course materials are being used, copied, or otherwise improperly distributed
4. What is the most likely reason that the third column of the last line contains the word auto?
( ) a. Because a FAT or ext2 or otherwise formatted floppy could be inserted into the drive, the filesystem type
should be probed for each mount.
( ) b. When a floppy is inserted into the drive, the filesystem should be automatically mounted.
( ) c. Upon bootup, the system should attempt to mount the floppy automatically.
( ) d. The auto filesystem is the most common filesystem used on floppy drives.
( ) e. None of the above adequately explain the configuration.
5. What users would be able to mount the device /dev/fd0?

( ) a. Only root may perform mounts.
( ) b. Any user logged in physically at the console (and root).
( ) c. Any user on the system.
( ) d. The current owner of the directory /mnt/floppy (and root).
( ) e. None of the above.
6. What does the noauto mount option imply?

( ) a. The filesystem should not be managed by an automounting daemon.
( ) b. The filesystem should not be automatically mounted whenever a file within the filsystem is references.
( ) c. The filesystem should not be mounted as part of the system startup process.
( ) d. The line should not be automatically removed from the configuration file if the underlying partition is
deleted.
7. What command could be used to create the label referred to by the LABEL= syntax in the /etc/fstab file?
( ) a. mke2fs
( ) b. fdisk
( ) c. mount
( ) d. fuser
[root@station root]$ cat /etc/fstab

/dev/hda6 / ext3 defaults 1 1
/dev/hda2 /boot ext3 defaults 1 2
rha130-5.0-0-en-2007-12-13T13:35:30-0500 66
free (USA) +1 866 626 2994 or +1 (919) 754 3700.

/dev/hda1 tmp ext3 defaults 1 2
/dev/hda3 /var ext3 defaults 1 2
/dev/hda4 /var/data ext3 defaults 1 1
8. What is suspicious about the first column of this file, which leads you to believe that there must be some mistake?
( ) a. A logical partition is being used as the root partition, which is not allowed.
( ) b. A device of type "none" is being mounted to the /proc partition, which makes no sense.
( ) c. All of the partitions are being mounted from a single drive.
( ) d. There is a jump from 4 to 6 in the listed partitions, with no mention of partition number 5.
( ) e. The file implies that all 4 primary partitions contain a filesystem, but a logical partition exists as well.
9. What is suspicious about the second column of this file, which leads you to believe that there must be some
mistake?
( ) a. Partitions are configured to be mounted to both /var/data and /var, but partitions may only be mounted
to directories contained by the root partition.
( ) b. The mount point tmp is specified as a relative reference.
( ) c. Filesystems are configured to be mounted to directories in the /dev directory, but the /dev directory may
only contain device nodes.
( ) d. A partition is configured to be mounted to /, but only the kernel may mount the root partition.
( ) e. A filesystem is configured to be mounted to /proc, but the kernel automatically mounts /proc as part of
its bootup process.
10. What is suspicious about the last column of this file, which leads you to believe that there must be some mistake?
( ) a. The column contains the value 0, when only the values greater than 0 are allowed.
( ) b. The column contains multiple entries for the value "2", which will result in an error when the fsck
command tries to decide which to check first.
( ) c. The column contains the value "2", when only the values 1 and 0 are meaningful.
( ) d. The last column only exists for legacy reasons, so the fact that it contains non-zero values is suspect.
( ) e. The column contains multiple entries for the value "1", when the value 1 is only supposed to be used for
the root partition.
rha130-5.0-0-en-2007-12-13T13:35:30-0500 67
Chapter 5. Managing Swap Space
Key Concepts
• Partitions and Files may be used as Swap Space to extend a system’s apparent memory.
• Swap areas must be initialized with the mkswap command.
• Swap areas are activated with the swapon command, and deactivated with the complementary
swapoff command.
• Swap areas may be listed in the /etc/fstab file in order to be activated automatically at system
startup.
Discussion
Swap Space
Linux allows block devices to be used to extend the system’s physical memory. In other operating
systems, disk space used for such a purpose is often referred to as "virtual memory". In Linux (and
Unix), it is referred to as swap space, and the act of using the disk based memory is referred to as
swapping out memory to disk.
In Linux, swap space may be allocated either as an entire partition or as a file in an already existing (and
mounted) filesystem. The former is the more common, but can be more difficult to set up once the system
is installed. The latter is less efficient, but can be quickly put into place if some upcoming operation is
going to require large amounts of memory.
Disk based memory is dramatically slower to access than RAM. As a result, swap space is generally used
to overcome temporary peak memory demands, and not as a general replacement for physical memory. If
a system is consistently using large amounts of swap space, more physical memory would greatly
improve its performance.
Users new to Linux are sometimes surprised to discover that, even when not running processes
demanding large amounts of memory, the Linux kernel uses swap space. Recall that the Linux kernel
primarily uses memory for two purposes: process memory, and caching I/O operations. Sometimes, the
kernel will sacrifice seldom used process memory for the sake of increasing the size of the I/O cache,
"swapping out" portions of seldom used processes in an attempt to improve overall system performance.
The fact that the Linux kernel is using a little bit of swap space does not necessarily imply that more
physical memory is required.
In a similar vein, even systems with large amounts of physical memory should provide some amount of
swap space. The Linux kernel prefers to have the option of swapping memory to disk available as it
develops its memory optimization strategies. Systems which do not provide swap space are officially
considered an unsupported configuration by Red Hat.
68
Monitoring Swap Partitions: /proc/swaps and /proc/meminfo

The proc filesystem file /proc/swaps lists currently active swap spaces, their type (either partition or
file), their sizes, and their priority.
[root@station root]# cat /proc/swaps

Filename Type Size Used Priority
/dev/hda2 partition 522104 42284 -1
The already familiar proc filesystem file /proc/meminfo lists the total amount of currently allocated
swap space, along with physical memory statistics.
[root@station root]# cat /proc/meminfo

MemTotal: 255232 kB
MemFree: 19200 kB
MemShared: 0 kB
...
SwapTotal: 522104 kB ➊
SwapFree: 479820 kB
➊ Swap utilization in conventional kilobytes (where 1 kB = 1024 bytes).
Initializing Swap Space with mkswap

In order to use a disk partition or file as swap space, it must first be initialized with the mkswap
command. Like the mkfs family of commands, the mkswap command expects to be called with a
mandatory argument, the file to be initialized. In the following example, the mkswap command is used
to initialize the device /dev/sda1 as swap space.
[root@station root]# mkswap /dev/sda1

Setting up swapspace version 1, size = 130002 kB
Like creating a filesystem, initializing swap space with the mkswap command is a one time action.
Activating Swap Space with swapon

Once initialized, swap space must be activated with the swapon command. In the following example, the
previously initialized device /dev/sda1 is activated, examining the file /proc/swaps both before and
after to reflect the change.

[root@station root]# swapon /dev/sda1
/dev/sda1 partition 126952 0 -2
rha130-5.0-0-en-2007-12-13T13:35:30-0500 69
The swapon command also allows priorities to be set with the -p command line switch. Swap areas with
higher priorities will be used before swap areas with lower priorities. See the swapon(2) man page for
details.
Deactivating Swap Areas with swapoff

The complement to the swapon command, swapoff deactivates the specified swap file. If the swap file
was in use, the command may take a while to run, as the kernel relocates all of the swapped pages to
other swap areas, or back into RAM.
Predefining Swap Areas in the /etc/fstab File

When invoked with the -a command line switch, the swapon command will examine the /etc/fstab,
and activate all listed swap partitions or files. When specifying a swap area in /etc/fstab, the first
column should be the name of the partition or file to activate, the second and third columns should both
be set to the word “swap”, and the fourth column should either be set to “defaults”, or the “pri=n”
option can be used to assign the swap area a priority of n. The last two fields should be set to 0.
Examples
Initializing Swap Partitions

Having configured his filesystems to his liking, elvis now returns his attention to the swap partition he
created. He initializes the partition with the mkswap command.
[root@station root]# mkswap /dev/hda9

Next, he activates the swap space with the swapon command, and confirms that it activated properly by
examining /proc/swaps.
[root@station root]# swapon /dev/hda9

/dev/hdb1 partition 136040 0 -2
In order to activate the swap partition automatically at system bootup, he adds a line to the /etc/fstab
file. Following the same technique used with his filesystems, he finds a similar line and duplicates it.
[root@rosemont-es root]# cp /etc/fstab /etc/fstab.bak

cp: overwrite ‘/etc/fstab.bak’? y

rha130-5.0-0-en-2007-12-13T13:35:30-0500 70
Now, by editing a single word, his new swap partition is incorporated into the bootup process.

/dev/hdb1 swap swap defaults 0 0
Using Swap Files

The user blondie is about to perform a compilation of a large program she downloaded, and is concerned
that her machine does not have enough memory. In order to help herself get past this one task, she
decides to create a swap file.
First, she used the dd command to create a 256 megabyte file full of zeros. On the dd command line, she
specifies her input file as the virtual device /dev/zero, the output file as her swap file, /tmp/swap, the
blocksize as 1 megabyte, and the transfer size of 256 blocks.
[root@station root]# dd if=/dev/zero of=/tmp/swap bs=1024k count=256

256+0 records in
256+0 records out
[root@station root]# ls -s /tmp/swap
262404 /tmp/swap
After creating the file, she treats it as if it were a partition, first initializing it for use as swap space, and
then activating the file.
[root@station root]# mkswap /tmp/swap

[root@station root]# swapon /tmp/swap
/dev/hdb2 partition 2096472 0 -1
/tmp/swap file 262136 0 -3
She then performs her compilation. When finished, she cleans up by first deactivating the swap space,
and the removing the file.
[root@station root]# swapoff /tmp/swap

[root@station root]# rm /tmp/swap
rm: remove regular file ‘/tmp/swap’? y
Online Exercises
Lab Exercise
Objective: Initialize a swap partition, and configure your /etc/fstab file so that
the partition is activated automatically at system startup.
rha130-5.0-0-en-2007-12-13T13:35:30-0500 71
Specification
This exercise will use the first partition created in the first Exercise of this Workbook. Ensure that the file
~/lab3.1/disk still exists, and that it still references the correct drive. The next to the last partition of
the specified drive should be about 128 megabytes in size, and have a partition id of Linux Swap.
1. Initialize the next to the last partition to be used as swap space.

2. Manually activate the swap partition.
3. Add a line to your /etc/fstab file, such that the swap partition is activated automatically at system
startup.
Note: In the process of grading your lab, the swap space will be deactivated and reactivated. If the
reactivation fails, you should manually restart the swap space (step 2) before regrading.
Deliverables
1. A properly initialized and activated swap partition, which is the next to the last partition on the specified drive.
2. A properly configured /etc/fstab file, such that the swap partition is automatically activated at bootup.
Questions
1. What is the threshold amount of physical memory, above which allocating swap space is no longer recommended?
( ) a. 128 megabytes
( ) c. 512 megabytes
( ) d. 1 gigabyte
( ) e. A swap partition should always be created, no matter how much physical memory is available.
2. Which of the following files lists currently active swap partitions?

( ) a. /proc/swaps
( ) b. /etc/fstab
( ) c. /var/state/swap
rha130-5.0-0-en-2007-12-13T13:35:30-0500 72
( ) d. /etc/swaptab
3. Which file is used to define swap partitions which should be activated automatically as the system boots?
( ) a. /etc/swaptab
( ) b. /etc/fstab
( ) c. /proc/swaps
( ) d. /var/state/swap
( ) e. none of the above
4. What command line would be used to initialize a disk partition to be used as swap space?
( ) a. swapinit /dev/hda3
( ) b. mkswap /dev/hda3
( ) c. mkfs -t swap /dev/hda3
( ) d. fdisk /dev/hda3
5. What command line would be used to initialize a file to be used as swap space?
( ) a. mkswap /tmp/swapfile
( ) b. mkswap -f /tmp/swapfile
( ) c. swapinit -f /tmp/swapfile
( ) d. mkswapfile /tmp/swapfile
6. ext3 is to mount as swap is to ....

( ) a. swapon
( ) b. mkswap
( ) c. swaps
( ) d. swapoff
( ) e. startswap
rha130-5.0-0-en-2007-12-13T13:35:30-0500 73
7. Which of the following lines could be used to define a swap area that should be activated at system startup in the
/etc/fstab file?
( ) a. /dev/hda4 swap swap defaults 0 0

( ) b. swap /dev/hda4 swap defaults 0 0
( ) c. /tmp/swapfile swap swap noauto 0 0
( ) d. /tmp/swapfile none none defaults 0 0
8. Which of the following commands is used to deactivate a swap area?

( ) a. swapstop
( ) b. umount
( ) c. uswap
( ) d. swapoff
9. Which of the following command lines could be used to activate a swap partition with a priority of 3?
( ) a. mkswap -p 3 /dev/hda3; swapon /dev/hda3
( ) b. swap /dev/hda3 3
( ) c. mount -t swap -o pri=3 /dev/hda3
( ) d. swapon -p 3 /dev/hda3
( ) e. none of the above
10. Which of the following commands could confirm that a swap partition is active with a priority of 3?
( ) a. cat /proc/swaps
( ) b. cat /proc/meminfo
( ) c. top
( ) d. cat /proc/slabinfo
( ) e. A and B
rha130-5.0-0-en-2007-12-13T13:35:30-0500 74
Chapter 6. Miscellaneous Filesystem
Management Commands
Key Concepts
• The e2label command can be used to examine and set ext2 and ext3 filesystem labels.
• The fsck command is used to check and repair filesystems.
• The tune2fs command can be used to modify already existing ext2 and ext3 filesystems.
• With the -j command line switch, the tune2fs command can convert ext2 filesystems into ext3
filesystems.
Discussion
In this last Lesson of the Workbook, we cover a few miscellaneous commands and concepts that have not
yet been addressed, and end with a summary which ties together the skills developed in this Workbook
and places them into context with one another.
The e2label Command

The e2label command is used to display or set the volume name of an ext2 or ext3 filesystem. The first
argument should be the name of the partition which contains the filesystem. If only one argument is
provided, the volume name is displayed. If an optional second argument is provided, the volume name is
set to it. Both are exemplified in the following sequence.
[root@station root]# e2label /dev/hda1

/boot
[root@station root]# e2label /dev/hda1 foo
foo
Recall that in Red Hat Enterprise Linux, you should not change volume names without also considering
the configuration of the /etc/fstab file. After performing this example, unless the LABEL= reference
for the /boot partition is also changed in the /etc/fstab file, the /dev/hda1 partition will probably
not be mounted when the machine reboots.
File System Repair with fsck

Filesystems generally maintain large amounts of internal data about their directory structure. Over time,
disk imperfections or kernel bugs can lead to minor corruptions of this filesystem data. If a system is
shutdown before a filesystem is unmounted, the filesystem is almost certain to contain corruptions.
75
Chapter 6. Miscellaneous Filesystem Management Commands
Traditionally, Unix provides a fsck command, named for "(f)ile (s)ystem (c)hec(k)", which is used to
diagnose and fix filesystem corruptions. The act of executing the fsck command on a filesystem is often
referred to as "fisking" the partition.
Much like the mkfs command, Linux uses a front-end fsck command, backed by several file-system
specific versions which start fsck..
[root@station root]# ls /sbin/fsck*

/sbin/fsck /sbin/fsck.ext2 /sbin/fsck.jfs /sbin/fsck.reiserfs
/sbin/fsck.cramfs /sbin/fsck.ext3 /sbin/fsck.msdos /sbin/fsck.vfat
The fsck command can be called with the -t command line switch to specify a filesystem type, or the
filesystem specific version of the command can be used. If fsck is used without the -t switch, it will try to
automatically determine the filesystem type, though this could be risky for heavily damaged filesystems.
Because the ext2 filesystem is so common, yet another name for the fsck.ext2 command exists, e2fsck.
The commands fsck -t ext2, fsck.ext2, and e2fsck are all synonyms.
Using fsck
The fsck command is generally called with the name of the partition to check as its lone argument. If the
fsck command finds a problem which it can fix without a risk of losing data, it will implement the fix. If
there is a possibility of losing data, the fsck command will pause and prompt to ask if it should
implement the fix. For administrators not blessed with a detailed knowledge of internal ext2 filesystem
design, there is really little choice but to say "yes". In fact, the fsck command is often invoked with the -y
command line switch, which in effect says "don’t ask, just do it".
The /lost+found Directory

Often, the fsck command may come across damaged data which it recognizes as a file, but which has no
associated a name or directory. (Recall that a file’s name is generally stored in a dentry, not in the inode.)
Whenever an ext2 filesystem is created, a directory called lost+found is created in its root directory.
This directory exists to claim any lost files discovered by fsck. The fsck command will make up a name
for the file, and place it in this directory.
Automatic fscking on Startup

By default, most Linux (and Unix) systems apply the fsck command to all filesystems at startup. If a
filesystem was not previously unmounted cleanly, a thorough fscking occurs. For ext2 filesystems, the
entire filesystem is examined. For ext3 (and other) journaling filesystems, only the journal of pending
transactions is examined, resulting in a much quicker check. Even for journaling filesystems, however, an
occasional, thorough check of the entire filesystem is suggested.
The tune2fs Command

The tune2fs command is used to tweak filesystem parameters for an already existing ext2 or ext3
filesystem, which is specified as its lone argument. Before a filesystem can be operated on with tune2fs,
rha130-5.0-0-en-2007-12-13T13:35:30-0500 76
it must be unmounted. The following table lists some of the parameters which may be modified by the
tune2fs command.
Table 6-1. Command Line Switches for the tune2fs Command
Switch Effect
-c n Set the maximum mount count to n. After the filesystem has been mounted n
times, a mandatory fsck check of the filesystem occurs.
-j Add an ext3 filesystem journal.
-L name Set the volume name to name. This option is identical in function to the e2label
command.
-m n Set the reserved blocks percentage to n.
The ext2 Mount Count

Most of these options refer to features of the ext2 filesystem which should already be familiar. The
exception is the -c command lines switch, and the concept of a maximum mount count.
The ext2 filesystem maintains a mount count, which is incremented every time the filesystem is mounted,
and a maximum mount count parameter. If a mount would exceed the maximum mount count, a
mandatory fsck of the filesystem is applied, and the mount count is reset to 0.
Converting ext2 Filesystems to ext3

As implied by the -j command line switch mentioned above, converting an ext2 filesystem into an ext3
filesystem is trivial. Run tune2fs -j on it. Afterward, specify the filesystem type as ext3 when mounting it
(or in the /etc/fstab file).
The only complexity occurs if this is the first time an ext3 filesystem has been used on the system. In that
case, the system’s initial ramdisk (initrd) needs to be reconstructed so as to contain the ext3.o kernel
module. While this rather complicated topic will be addressed in a later Workbook, for now, consider the
following command line, run as root, the appropriate incantation for reconstructing an initial ramdisk.
[root@station root]# mkinitrd /boot/initrd-$(uname -r).img $(uname -r)
Again, this command is only necessary if the system does not already contain an ext3 filesystem.
Because the ext3 filesystem is the default, this is rarely the case.
Mounting ext3 filesystems as ext2

There is no need to "convert" an ext3 filesystem to ext2. Instead, just mount the filesystem, specifying the
filesystem type as ext2. The journal will be ignored.
rha130-5.0-0-en-2007-12-13T13:35:30-0500 77
Review: Adding a New Disk

In order to make use of a new disk added to an existing system, the following steps are required. These
steps serve as a review of many of the topics covered in this workbook, placed into context with one
another.
1. Physical Connection: Physically connect the disk to the machine. Upon rebooting, the new disk
should be identified in the stream of kernel messages seen on the console at bootup, or logged in the
file /var/log/dmesg. If evidence of the new drive is not found, there is a BIOS or physical
connectivity problem which must be addressed before continuing.
2. Partitioning: The disk is subdivided into multiple partitions using the fdisk command. As we are
considering a newly connected drive, the system will probably not have to be rebooted, as would be
the case for repartitioning a drive already in use.
3. Formatting: Any partitions which are going to be used as filesystems must be initialized with the
appropriate variant of the mkfs command, such as mkfs.ext3. Likewise, any partitions which are
going to be used as swap space must be initialized with the mkswap command.
4. Mounting: Filesystems must be mounted to a mount point before they can be used. Using the
mkdir command to create the mount point is an often overlooked step. Analogously, any swap
partitions must be activated with the swapon command.
5. Updating /etc/fstab: If the filesystem is to be mounted (or the swap area activated)
automatically at bootup, the appropriate lines should be added to the /etc/fstab file.
Examples
Converting an ext2 filesystem to ext3

After a few weeks of using his new disk, and one too many waits for his ext2 filesystem to repair itself,
prince decides he really should have made the filesystem ext3 to begin with. He decides to convert it now.
First, he unmounts the filesystem.
Next, he operates on the ext2 filesystem with the tune2fs command, using the -j command line switch to
specify that a journal should be added. Because his memory is hazy, he first confirms that he has the right
partition by examining its label.

pics
[root@station root]# tune2fs -j /dev/hda6
tune2fs 1.32 (09-Nov-2002)
Creating journal inode: done
Having finished the conversion, he tries performing the mount as an ext3 filesystem manually.
rha130-5.0-0-en-2007-12-13T13:35:30-0500 78
[root@station root]# mount -t ext3 -L pics /picts

...
/dev/hda7 on /dosd type vfat (rw)
/dev/hda8 on /ogg type ext3 (rw)
/dev/hda6 on /picts type ext3 (rw)
As that seemed to work without incident, he updates his /etc/fstab file.
LABEL=pics /picts ext3 defaults 1 2
Online Exercises
Lab Exercise
Objective: Use filesystem maintenance commands to modify existing filesystems.
Specification
This exercise will continue to use the filesystem created and mounted in the previous Exercises. Ensure
that the file ~/lab3.1/disk still exists, and that it still references the correct drive. The last partition of
the drive should have a properly formatted ext2 filesystem.
1. Use the appropriate commands to convert your ext2 filesystem into an ext3 filesystem. Do not create
a new filesystem. Any information contained in the filesystem should be preserved.
2. Change the filesystem label to lab3.6.
3. Update your /etc/fstab file, so that the appropriate label is used, and the filesystem is mounted as
an ext3 filesystem.
4. Unmount the partition before grading your exercise.
Deliverables
1. The last partition of the specified drive should be an ext3 filesystem, with a label of lab3.6, and no blocks
reserved for root. The contents of the filesystem should be preserved in the process.
2. An appropriately configured /etc/fstab file, updated to refer to the new label and the ext3 filesystem.
rha130-5.0-0-en-2007-12-13T13:35:30-0500 79
Questions
1. Which of the following command lines could be used to check and repair an ext2 filesystem?
( ) a. fsck /dev/hda3
( ) b. fsck -t ext2 /dev/hda3
( ) c. fsck.ext2 /dev/hda3
( ) d. e2fsck /dev/hda3
( ) e. All of the above
2. Which of the following command lines could be used to assign the label /data to an ext2 filesystem?
( ) a. e2label /data /dev/hda3
( ) b. e2label -L /data /dev/hda3
( ) c. e2label /dev/hda3 /data
( ) d. label -t ext2 /dev/hda3 /data
The remaining questions refer to the following scenario.

You have just attached a newly purchased drive to an already existing Red Hat Enterprise Linux installation, as the
IDE secondary slave drive. Using only the tools discussed in this Workbook, you would like to create 6 ext2
filesystems, each mounted to the directories /data1, /data2, ..., /data6, and a 256 megabyte swap partition. You
would like all 6 partitions to be mounted and the swap area to be activated automatically at bootup.
3. Which of the following commands could you get away with not using?
( ) a. e2label
( ) b. mkswap
( ) c. fdisk
( ) d. mount
( ) e. All of the above commands are required.
4. What is the most reasonable ordering for the commands you will use?
( ) a. mke2fs, mkswap, fdisk, mount, swapon
( ) b. fdisk, swapon, mkswap, mke2fs, mount
( ) c. mount, fdisk, mke2fs, mkswap, swapon
( ) d. fdisk, mke2fs, mkswap, mount, swapon
( ) e. mkswap, swapon, mke2fs, mount, fdisk
rha130-5.0-0-en-2007-12-13T13:35:30-0500 80
5. At least how many logical partitions will need to be used?

( ) a. 1
( ) b. 2
( ) c. 3
( ) d. 4
( ) e. 5
6. Which of the following command lines could be used to create an ext2 filesystem on the first logical partition, and
assign it the label /data3?
( ) a. mke2fs -L /data3 /dev/hdd5
( ) b. mke2fs /dev/hdd5; e2label /dev/hda5 /data3
( ) c. mke2fs /dev/hdd5; tune2fs -L /dev/hda5 /data3
( ) d. All of the above
7. Once the ext2 filesystems have been created, and are all mounted, you decide that you would like the filesystem
on partition /dev/hdd2 to be an ext3 filesystem instead. Which command line could be used to convert the filesystem
to ext3 (without losing any data already in the filesystem)?
( ) a. tune2fs -j /dev/hdd2
( ) b. umount /dev/hdd2 && mkfs.ext3 /dev/hdd2
( ) c. umount /dev/hdd2 && tune2fs -j /dev/hdd2
( ) d. umount /dev/hdd2 && mke2fs -j /dev/hdd2
8. You decide that you would like to check and repair the filesystem on partition /dev/hdd3. You unmount the
partition. What command could you run next to perform the check?
( ) a. swapoff /dev/hdd3
( ) b. fsck.vfat /dev/hdd3
( ) c. fisk /dev/hdd3
( ) d. fsck /dev/hdd3
rha130-5.0-0-en-2007-12-13T13:35:30-0500 81
9. The check and repair utility used above mentions that it has restored some file, but could not find names for.
Where should you look for these files?
( ) a. The /lost+found directory in your root partition.
( ) b. The lost+found directory in the repaired filesystem’s root directory.
( ) c. The /proc/lost+found directory.
( ) d. The /tmp/lost+found directory.
10. You realize that your previously installed Red Hat Enterprise Linux system had not used the ext3 filesystem.
After successfully converting your new ext2 filesystem to ext3, what additional command should be run?
( ) a. ext3init
( ) b. kudzu
( ) c. mkinitrd
( ) d. setup
( ) e. mkext3
rha130-5.0-0-en-2007-12-13T13:35:30-0500 82
Chapter 7. SELinux: Secure Linux
Key Concepts
• Red Hat Enterprise Linux 4 ships with a new security mechanism implemented by the kernel, known
as SELinux.
• SELinux potentially casts every process into a SELinux domain, and every resource (such as files) into
a SELinux security context. A SELinux policy then specifies which processes can access which
resources.
• The SELinux policy is implemented at a low level, and is in general not configurable by an end system
administrator.
• The SELinux policy that ships with Red Hat Enterprise Linux 4 is know as the targeted policy, and
only effects selected networking daemons.
• The system can boot into one of three SELinux related states, enforcing, permissive, or disabled.
• The default state can be set by editing the /etc/sysconfig/selinux configuration file.
• The SELinux state can be immediately switched from enforcing to permissive and back using the
setenforce command.
• SELinux domains and contexts can be examined by adding the new -Z command line switch to the
traditional ps and ls commands.
• The SELinux context of a file can be modified using the new chcon command.
Discussion
Introduction to SELinux ("Secure Linux")

In Red Hat Enterprise Linux 4, A fundamentally new approach to Linux (and Unix) security was
introduced: SELinux. The result of an NSA development effort (http://www.nsa.gov/selinux) targeted at
securing computer infrastructure, SELinux allows administrators to define highly customizable security
policies which are enforced by the Linux kernel as it performs its normal operations.
Using SELinux, processes can be cast into a particular SELinux domain, and every resource on the
system (such as files, networking sockets, system calls, and so on) can be assigned a particular SELinux
context. A SELinux policy loaded into the kernel (usually as part of the system bootup process) then
defines which process domains may access which resource contexts.
The design of any security mechanism must be flexible enough to be useful, but simple enough for an
administrator to confidently implement the policy. As comparatively simple as the standard Unix model
of file ownerships and permissions is, it’s probably the most common source of administrative headaches
- either because a file was left too exposed, or not exposed enough.
83
SELinux falls way to the flexible and complex side of the simple-flexible spectrum. From the Red Hat
perspective, as an administrator, you should never need to write or modify your own SELinux policy.
Instead, in Red Hat Enterprise Linux, your SELinux related decisions should be limited to to the
following.
1. Do I want to enable SELinux?

2. If enabled, do I want SELinux in the permissive or enforcing state?
3. What SELinux context do I want to assign to a particular file?
The targeted SELinux Policy

As mentioned above, designing an appropriate SELinux policy is a complex task. One of several
different policies could be chosen as a system boots. Although other policies ship with Red Hat
Enterprise Linux 5, we will restrict our attention to the default targeted policy. The targeted policy affects
a selection of more commonly used network applications, including the ones listed below, and more.
• dhcpd
• httpd
• mysqld
• named
• nscd
• ntpd
• portmap
• postgres
• snmpd
• squid
• syslogd
• and more...
Unless you are managing files which are used by one of the included applications, the targeted SELinux
policy should not hinder interactive uses of a Red Hat Enterprise Linux workstation. As only syslogd
from this list is relevant to this course, managing SELinux is not a major focus. However, any
administrator of a Red Hat Enterprise Linux system should at least be aware of the topics covered in this
lesson.
Enabling SELinux: /etc/sysconfig/selinux, setenforce, and

getenforce
Upon bootup, a Red Hat Enterprise Linux 4 machine enters one of three SELinux states.
rha130-5.0-0-en-2007-12-13T13:35:30-0500 84
• enforcing: Any action that would violate the SELinux policy is prohibited, and the violation is logged
as a kernel message.
• permissive: Any action that would violate the SELinux policy generates a warning (in the form of a
kernel message), but the action is allowed to continue.
• disabled.
The default state is specified as part of the installation process, and recorded in the file
/etc/sysconfig/selinux. The default SELinux state can be changed by editing this file, or the state
can be changed immediately using the setenforce command.
The /etc/sysconfig/selinux configuration file

This simple configuration file is used upon bootup to determine the SELinux state and policy.
[student@station ~]$ cat /etc/sysconfig/selinux

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=permissive ➊
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted ➋
➊ The default SELinux state can be set using SELINUX. Changes will apply on the next boot.
➋ The policy can be chosen using SELINUXTYPE.
The setenforce and getenforce commands

Assuming SELinux is not disabled, the SELinux state can also be immediately switched from enforcing
to permissive (and back) using the setenforce command. The command expects a single argument, either
a 0 or 1, which respond to the permissive and enforcing states, respectively.
The following command switches SELinux to the permissive state.
[root@station ~]# setenforce 0

[root@station ~]# getenforce
Permissive
The following command switches SELinux to the enforcing state.

Enforcing
rha130-5.0-0-en-2007-12-13T13:35:30-0500 85
Note that getenforce merely displays the current state. The setenforce command takes effect
immediately, but does not change the default state if the machine is rebooted. These commands are often
helpful in debugging SELinux configuration problems.
Viewing SELinux contexts: ps -Z and ls -Z

As mentioned, each process belongs to a SELinux domain, and each file can be assigned a SELinux
context. The relevant domains and contexts can be viewed by using the (new) -Z command line switch
with the conventional ls and ps commands.
The following command can be used to view the SELinux domain of all running processes.
[student@station ~]$ ps ax -Z
LABEL PID TTY STAT TIME COMMAND
system_u:system_r:init_t 1 ? Ss 0:00 init [5]
system_u:system_r:kernel_t 2 ? S 0:00 [migration/0]
system_u:system_r:kernel_t 3 ? SN 0:00 [ksoftirqd/0]
system_u:system_r:kernel_t 4 ? S 0:00 [watchdog/0]
...
system_u:system_r:httpd_t 1631 ? S 0:00 /usr/sbin/httpd
system_u:system_r:xfs_t 1651 ? Ss 0:00 xfs -droppriv
system_u:system_r:crond_t:SystemLow-SystemHigh 1672 ? Ss 0:00 /usr/sbin/atd
system_u:system_r:rpm_t 1697 ? S 0:00 /usr/sbin/yum-updatesd
system_u:system_r:avahi_t 1709 ? Ss 0:00 avahi-daemon: running
...
system_u:system_r:unconfined_t:SystemLow-SystemHigh 2030 ? Ss 0:00 sshd: root@
pts/0
root:system_r:unconfined_t:SystemLow-SystemHigh 2032 pts/0 Ss 0:00 -bash
root:system_r:unconfined_t:SystemLow-SystemHigh 2058 pts/0 R+ 0:00 ps ax -Z
root:system_r:unconfined_t:SystemLow-SystemHigh 2059 pts/0 D+ 0:00 -bash
Notice that the domain type of interactive processes, such as the bash shell and the ps command started
from the shell, domain type is unconfined_t, implying that the process is not restrained by any SELinux
context. User interactive shells, and generally processes started them, are generally not effected by the
default SELinux targeted policy.
The SELinux context of files can be seen by adding -Z to the ls command. In the following example, the
-a switch is only necessary because the fairly recently created home directory has not yet collected any
"nonhidden" files.
[student@station ~]$ ls -a -Z
drwx------ student student user_u:object_r:user_home_dir_t .
drwxr-xr-x root root system_u:object_r:home_root_t ..
-rw-r--r-- student student user_u:object_r:user_home_t .bash_logout
-rw-r--r-- student student user_u:object_r:user_home_t .bash_profile
-rw-r--r-- student student user_u:object_r:user_home_t .bashrc
drwxr-xr-x student student user_u:object_r:user_home_t Desktop
-rw-r--r-- student student user_u:object_r:user_home_t .zshrc
Note that all of these files have the type user_home_t. Some were created by the user student as she, for
example, fired up the Firefox web browser, others were created automatically when the account was
rha130-5.0-0-en-2007-12-13T13:35:30-0500 86
added (before the student ever logged on). The user_u portion of the SELinux context denotes that the
file was created by the user.
Exploration of the filesystem with the ls -Z command will produce a large number of SELinux types
associated with various files. (The /etc and /var directories are particularly interesting).
Realize that knowing the SELinux domain of a process, or the SELinux context of a file, is not enough.
You also need to know what the current policy dictates. Unfortunately, with the current set of SELinux
tools, examining the current policy is not easy, and the effects of the SELinux policy are generally only
discovered when something tries to violate it.
Monitoring SELinux violations: sealert and

/var/log/messages
Whenever a SELinux violation occurs, the kernel notifies the deamon setroubleshootd that a violation
has occured. The daemons stores information about the violation, and logs a message containing the
violation’s unique identifier in /var/log/messages.
Aug 13 15:37:47 station setroubleshoot: SELinux is preventing the

/usr/sbin/httpd from using potentially mislabeled files (/var/www/html/index.html).
For complete SELinux messages. run sealert -l 88f46e71-fda2-41e4-b3d6-0874996f9c9a
Following the log message’s advice, we can use the sealert command to reveal much more information
about the violation.
[root@station log]# sealert -l 88f46e71-fda2-41e4-b3d6-0874996f9c9a

Summary
SELinux is preventing the /usr/sbin/httpd from using potentially mislabeled
files (/var/www/html/index.html).
Detailed Description
SELinux has denied /usr/sbin/httpd access to potentially mislabeled file(s)
(/var/www/html/index.html). This means that SELinux will not allow
/usr/sbin/httpd to use these files. It is common for users to edit files in
their home directory or tmp directories and then move (mv) them to system
directories. The problem is that the files end up with the wrong file
context which confined applications are not allowed to access.
Allowing Access
If you want /usr/sbin/httpd to access this files, you need to relabel them
using restorecon -v /var/www/html/index.html. You might want to relabel the
entire directory using restorecon -R -v /var/www/html.
Additional Information
Source Context system_u:system_r:httpd_t

Target Context root:object_r:tmp_t
Target Objects /var/www/html/index.html [ file ]
Affected RPM Packages httpd-2.2.3-6.el5 [application]
Policy RPM selinux-policy-2.4.6-30.el5
Selinux Enabled True
rha130-5.0-0-en-2007-12-13T13:35:30-0500 87
Policy Type targeted

MLS Enabled True
Enforcing Mode Enforcing
Plugin Name plugins.home_tmp_bad_labels
Host Name station.example.com
Platform Linux station.example.com 2.6.18-8.el5xen #1 SMP
Fri Jan 26 14:42:21 EST 2007 i686 i686
Alert Count 2
Line Numbers
Raw Audit Messages
avc: denied { getattr } for comm="httpd" dev=xvda2 egid=48 euid=48

exe="/usr/sbin/httpd" exit=-13 fsgid=48 fsuid=48 gid=48 items=0
name="index.html" path="/var/www/html/index.html" pid=1626
scontext=system_u:system_r:httpd_t:s0 sgid=48 subj=system_u:system_r:httpd_t:s0
suid=48 tclass=file tcontext=root:object_r:tmp_t:s0 tty=(none) uid=48
By examining the detailed message, we deduce that the file /var/www/html/index.html did not have
the appropriate SELinux context.
If the targeted SELinux policy is causing a problem, an administrator generally has three options.
1. Disable SELinux.
2. Change the SELinux context of the file which is causing the violation.
3. Tweak the policy through the use of SELinux booleans.
We’ve already discussed how to disable SELinux (recall the setenforce command and the
/etc/sysconfig/selinux configuration file). In the following sections, we discuss changing a file’s
SELinux context and tweaking a policy through the use of SELinux booleans.
Changing the SELinux Context of a File: chcon

Just as a file’s owner, group, or mode (permissions) are changed with chown, chgrp, and chmod
(respectively), a file’s SELinux security context is changed with chcon.
Table 7-1. Common Command Line Switches for the chcon Command
Switch Effect
-R, --recursive change files and directories recursively
--reference=FILE Use the security context of FILE to define the
resulting context.
-u, --user=USER; -r, --role=ROLE; -t, set USER, ROLE, or TYPE component of the
--type=TYPE file’s security context, respectively.
Most commonly, an administrator would like a problematic file to take on the context of a "known good"
file. As an example, the following command would cause /etc/named.conf to inherit the SELinux
security context of /etc/named.conf.rpmorig.
rha130-5.0-0-en-2007-12-13T13:35:30-0500 88
[root@station ~]# chcon --reference=/etc/named.conf.orig /etc/named.conf
Restoring the SELinux Context of a File: restorecon

While the chcon command gives and adminstrator the ability to change the SELinux context of a file, it
doesn’t necessarily tell the adminstrator what the context of a file should be. The targeted policy includes
a database of file and directory locations, and associated SELinux contexts. Using the assumption that a
file’s appropriate SELinux context is defined by where it resides in the filesystem, the restorecon
command restores the appropriate context.
As an example, the problematic index.html file was created in the /tmp directory, and therefore
acquired the associated tmp_t type.
[root@station log]# ls -Z /var/www/html/

-rw-r--r-- root root root:object_r:tmp_t index.html
As the sealert message implied, an adminstrator can trivially align the file’s SELinux type with the
expectations of the SELinux policy using the restorecon command.
[root@station log]# restorecon /var/www/html/index.html

[root@station log]# ls -Z /var/www/html
-rw-r--r-- root root system_u:object_r:httpd_sys_content_t index.html
By specifying -R, the restorecon command recurses through subdirectories as well.
[root@station log]# restorecon -R /var/www/html/
Managing SELinux Booleans: getsebool and setsebool

While an adminstrator is discouraged from crafting their own SELinux policy, the default policy does
feature a collection of yes/no options which an adminstrator can modify on the fly, referred to as SELinux
booleans.
Booleans can be listed with the getsebool command, using -a to list all available booleans and their
current setting.
[root@station html]# getsebool -a

NetworkManager_disable_trans --> off
allow_cvs_read_shadow --> off
allow_daemons_dump_core --> on
allow_daemons_use_tty --> off
allow_execheap --> off
allow_execmem --> on
...
ftp_home_dir --> off
...
rha130-5.0-0-en-2007-12-13T13:35:30-0500 89
SElinux booleans can be modified with the complementary setsebool command. For example, the
default policy does not allow users to access their home directory using the FTP service. The setsebool
command can be used to enable home directory access.
[root@station www]# setsebool ftp_home_dir 1

[root@station www]# getsebool ftp_home_dir
ftp_home_dir --> on
By default, setsebool modifies the policy dynamically, and the default will be restored the next time the
machine reboots. The -P command line switch causes the modification to persist across reboots.
[root@station www]# setsebool -P ftp_home_dir 1
Administering SELinux with system-config-selinux

Red Hat Enterprise Linux provides a graphical tool for administering SELinux, system-config-selinux.
After understanding the role of /etc/sysconfig/selinux, getenforce and setenforce, getsebool and
setsebool, and chcon and restorecon, the functionallity of the first two panels should be self evident,
with one exception.
Figure 7-1. Managing SELinux State with system-config-selinux
On the first "Status" panel, "Relabel on next reboot" can be selected. This has the effect of running
restorecon -R / early in the bootup process, effectively resetting the SELinux state of the entire
filesystem. This is accomplished by createing the file /.autorelabel, which is discovered by startup
scripts upon a reboot.
rha130-5.0-0-en-2007-12-13T13:35:30-0500 90
Figure 7-2. Managing SELinux Booleans with system-config-selinux
The system-config-selinux utility has many other capabilities, most of which relate to policies other than
the targeted policy. While interesting, they are beyond the scope of this course. (Browsing the File
Labelling panel, however, can provide insight into the behaviour of restorecon.)
Examples
Changing the SELinux Context of a File

The user prince would like to publish files which document elvis sightings through the web server by
placing them in the Web Server’s document root directory, /var/www/html. He starts with two files
which he had previously created in his home directory, elvis_in_austin.html and
elvis_in_pheonix.html. The first, he copies to the document root. The second, he moves there. He
then checks that the files can be read by the system user apache.
[prince@station ~]$ su
Password:
[root@station prince]# cp elvis_in_austin.html /var/www/html/
[root@station prince]# mv elvis_in_pheonix.html /var/www/html/
[root@station prince]# ls -l /var/www/html/
total 56
-rw-r--r-- 1 root root 219 Jul 31 19:38 elvis_in_austin.html
-rw-rw-r-- 1 prince prince 228 Jul 31 19:37 elvis_in_pheonix.html
Seeing that each of the files is readable by all, he’s satisfied that the webserver (which runs as the user
apache) will be able to read the file. He next opens a browser, and references the files.
[prince@localhost ~]$ elinks -dump http://localhost/elvis_in_austin.html

Elvis seen watching bats in Austin
rha130-5.0-0-en-2007-12-13T13:35:30-0500 91
Austin native Fred Anderson claims to have seen Elvis watching the bats
fly from a underneath the Congress St. bridge in Austin TX. When
...
[prince@localhost ~]$ elinks -dump http://localhost/elvis_in_pheonix.html
Forbidden
You don’t have permission to access /elvis_in_pheonix.html on this server.

...
Perplexed as to why access to elvis_in_pheonix.html was forbidden, prince suspects SELinux. To

confirm, prince becomes root, and temporarily drops the SELinux state from enforcing to permissive,
and tries again.
[prince@localhost ~]$ su -
Password:
Enforcing
Permissive

Elvis seen Jousting Cactus outside of Pheonix
Pheonix native John Doe claims to have seen Elvis riding a llama, jousting
a cactus with a fishing pole. When approached, however, Elvis and the
...
Convinced that the SELinux policy was causing the problem, he looks for a log message in
/var/log/messages.
[root@station8 prince]# tail /var/log/messages

...
Aug 13 16:10:10 station setroubleshoot: SELinux is preventing the
/usr/sbin/httpd from using potentially mislabeled files
(/var/www/html/elvis_in_pheonix.html). For complete SELinux messages.
run sealert -l 09f29720-4a3a-490d-b815-3205ca39333f
...
Following the message advice, he explores the problem.
[root@station ~]# sealert -l 09f29720-4a3a-490d-b815-3205ca39333f

Summary
SELinux is preventing the /usr/sbin/httpd from using potentially mislabeled
files (/var/www/html/elvis_in_pheonix.html).
...
Allowing Access
If you want /usr/sbin/httpd to access this files, you need to relabel them
using restorecon -v /var/www/html/elvis_in_pheonix.html. You might want to
relabel the entire directory using restorecon -R -v /var/www/html.
rha130-5.0-0-en-2007-12-13T13:35:30-0500 92
Additional Information
Source Context system_u:system_r:httpd_t

Target Context root:object_r:user_home_t
Target Objects /var/www/html/elvis_in_pheonix.html [ file ]
Affected RPM Packages httpd-2.2.3-6.el5 [application]
...
[root@station ~]# ls -Z /var/www/html/

-rw-r--r-- root root root:object_r:httpd_sys_content_t elvis_in_austin.html
-rw-rw-r-- prince prince user_u:object_r:file_t elvis_in_pheonix.html
Because elvis_in_austin.html is copied to /var/www/html using cp, the resulting file is a newly
created file, which inherits the user who created it (root) and the SELinux context of the directory in
which it is created (httpd_sys_content_t).
In contrast, the file elvis_in_pheonix.html is moved to its new destination using the mv command.
Moving a files does not create a new one, but relocates an already existing one. As a result, the user who
created it (prince) and more pertinently the SELinux context (user_home_t) is retained. When the web
server process tries to read a file of type user_home_t, a SELinux policy violation occurs.
To fix the situation, prince (as root) uses the chcon command to pass the SELinux context from the
"good" file to the "bad", and setenforce to restore SELinux to the enforcing state.
[root@station ~]# cd /var/www/html/

[root@station html]# chcon --reference elvis_in_austin.html elvis_in_pheonix.html
[root@station html]# ls -Z
-rw-r--r-- root root root:object_r:httpd_sys_content_t elvis_in_austin.html
-rw-rw-r-- prince prince root:object_r:httpd_sys_content_t elvis_in_pheonix.html
[root@station html]# setenforce 1
Now, the web server can view the file with ease.

Elvis seen Jousting Cactus outside of Pheonix
Pheonix native John Doe claims to have seen Elvis riding a llama, jousting
a cactus with a fishing pole. When approached, however, Elvis and the
...
Note: If you are confused by the use of the web server above, or the reference to the term
"document root", don’t be too concerned, and take heart that we needed to stretch to find an
example of a problem caused by SELinux for this course.
rha130-5.0-0-en-2007-12-13T13:35:30-0500 93
Online Exercises
Lab Exercise
Objective: Set appropriate SELinux contexts for a files
Specification
1. Your system should be in the SELinux enforcing state. If this is not the case, edit the
/etc/sysconfig/selinux file appropriately, and reboot your machine. You should be able to
reproduce the following command.
[root@station4 html]# getenforce
Enforcing
2. In this lab, you will publish files using your web server. If you have not yet started your web server
(and you probably haven’t), start it using the service command.
[root@station8 ~]# service httpd start
Starting httpd: [ OK ]
[root@station8 ~]# service httpd status
httpd (pid 15611 15610 15609 15608 15607 15606 15605 15604 15601) is running...
3. You would like to publish a copy of your /var/log/dmesg file. (Don’t worry if you don’t know
what it is yet.) Copy the file to the /var/www/html directory, and observe the ownerships and
permissions. You should be able to view the contents by pointing any browser to
http://localhost/dmesg.
4. You would also like to publish a copy of the /var/log/rpmpkgs file, but you realize this file is
updated nightly. In order to automatically publish the updates as well, hard link the file into the
/var/www/html directory.
[root@station4 html]# ln /var/log/rpmpkgs /var/www/html/
[root@station4 html]# ls -i /var/log/rpmpkgs /var/www/html/rpmpkgs
180333 /var/log/rpmpkgs 180333 /var/www/html/rpmpkgs
[root@station8 html]# ll /var/www/html/rpmpkgs
-rw-r--r-- 2 root root 23076 Jul 2 04:04 /var/www/html/rpmpkgs
Although the file /var/www/html/rpmpkgs is readable by all, you should still not be able to
access http://localhost/rpmpkgs from a web browser. Why?
5. Use the chcon command, referencing the "working" file /var/www/html/dmesg, to assign
/var/log/html/rpmpkgs the appropriate SELinux security context. If completed successfully,
you should be able to access http://localhost/rpmpkgs from a web browser.
Use ls -Z to observe the SELinux context of /var/log/rpmpkgs. Why did it change as well?
rha130-5.0-0-en-2007-12-13T13:35:30-0500 94
of U.S. and international copyrights. No part of this publication may be photocopied, duplicated, stored in a retrieval system, or otherwise duplicated whether in electronic or
print format without prior written consent of Red Hat, Inc. If you believe Red Hat course materials are being used, copied, or otherwise improperly distributed please email
Deliverables
1. The system is in the SELinux enforcing state.

2. A web browser can access http://localhost/dmesg.
3. A web browser can access http://localhost/rpmpkgs.
4. The files /var/log/rpmpkgs and /var/www/html/rpmpkgs have the same inode number (i.e., they are hard
links of the same file).
Clean Up
After you have completed the exercise, restore your system to the desired SELinux state, remove
/var/www/html/rpmpkgs, and restore the appropriate context on /var/log/rpmpkgs with the
following command.
[root@station8 ~]# chcon --reference /var/log /var/log/rpmpkgs
Questions
1. Which of the following is not a SELinux state?

( ) a. disabled
( ) b. enforcing
( ) c. paranoid
( ) d. permissive
2. What is the name of the default Red Hat Enterprise Linux 5 SELinux policy?
( ) a. targeted
( ) b. strong
( ) c. shadowman
( ) d. full
( ) e. None of the above.
rha130-5.0-0-en-2007-12-13T13:35:30-0500 95
3. Which file establishes the default SELinux state upon bootup?

( ) a. /etc/selinux
( ) b. /etc/boot.opts
( ) c. /etc/fstab
( ) d. /etc/security/selinux
4. Which of the following processes would you expect to be most constrained by the default Red Hat Enterprise
Linux 5 SELinux policy?
( ) a. bash
( ) b. dd
( ) c. ls
( ) d. httpd
( ) e. ps
5. Which of the following command lines could be used to most directly determine the current SELinux state?
( ) a. lscon
( ) b. ps -axZ
( ) c. service selinux status
( ) d. getenforce
( ) e. cat /proc/selinux
6. Which of the following commands can be used to immediately change the SELinux state of a machine?
( ) a. selinux
( ) b. setstate
( ) c. setenforce
( ) d. chcon
rha130-5.0-0-en-2007-12-13T13:35:30-0500 96
7. Which of the following commands would view the SELinux domain of the process with process ID 3452?
( ) a. selinux 3452
( ) b. ps -Z 3452
( ) c. getenforce -p 3452
( ) d. lscon -p 3452
8. Which of the following command would display the SELinux security context of the file /etc/passwd?
( ) a. ls -Z /etc/passwd
( ) b. selinux /etc/passwd
( ) c. getenforce /etc/passwd
( ) d. lscon /etc/passwd
9. What file would you examine in order to see logs of SELinux violations?
( ) a. /var/log/selinux
( ) b. /var/log/messages
( ) c. /var/log/secure
( ) d. /var/log/dmesg
10. Which of the following commands would cause the file foo to inherit the SELinux security context of the file
bam?
( ) a. chcon --reference=bam foo

( ) b. chcon --reference=foo bam
( ) c. chcon -R bam foo
( ) d. chcon -R foo bam
( ) e. Both A and C
rha130-5.0-0-en-2007-12-13T13:35:30-0500 97

Rha130 Workbook 03 Student 5.0 0 Linux File System Management

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Rha130 Workbook 03 Student 5.0 0 Linux File System Management

Загружено:

Авторское право:

Доступные форматы

Workbook 3.

How Linux Refers to Partitions

DOS Partitioning Oddities

Figure 1-1. A Sample Partitioning of the Drive /dev/hda

The Master Boot Record (MBR)

The Extended Partition

Partitioning with fdisk

Using fdisk to List Partitions

[root@station root]# fdisk -l

Disk /dev/hda: 120.0 GB, 120034123776 bytes ➊

Device Boot Start End Blocks Id System ➍

➊ The first disk is 120 gigabytes in size.

Next, we focus on the second disk, /dev/hdb.

Disk /dev/hdb: 80.0 GB, 80026361856 bytes ➊

Device Boot Start End Blocks Id System

We now perform a similar analysis on the second disk.

➊ The second disk is 80 gigabytes in size.

Focusing on a Single Line of fdisk ’s Partition Table

Disk /dev/hda: 120.0 GB, 120034123776 bytes

Device Boot Start End Blocks Id System

Each line of the partition contains the following seven columns.

Table 1-1. Column Definitions for fdisk

Id A 2 digit hexadecimal number representing the partition’s type Id.

Table 1-2. Partition Id’s Relevant to Linux

reflect its intended use.

Using fdisk to Edit a Partition Table

Starting fdisk and Using the Command Menu

[root@station root]# fdisk /dev/hda

The number of cylinders for this disk is set to 15505.

Command (m for help):

Command (m for help): m

Table 1-3. Commonly Used fdisk Commands

Command (m for help): p

Disk /dev/hda: 120.0 GB, 120034123776 bytes

Device Boot Start End Blocks Id System

Command (m for help): n

Next, fdisk asks for the ending cylinder number.

Using default value 3927

Using default value 15505

Command (m for help): p

Disk /dev/hda: 120.0 GB, 120034123776 bytes

Device Boot Start End Blocks Id System

Command (m for help):

Command (m for help): n

First cylinder (3927-15505, default 3927): RETURN ➊

Command (m for help): p

Disk /dev/hda: 120.0 GB, 120034123776 bytes

Device Boot Start End Blocks Id System

Command (m for help):

➊ By simply pressing RETURN, the default starting cylinder is accepted.

Changing a Partition’s Label

Command (m for help): t

0 Empty 1c Hidden Win95 FA 70 DiskSecure Mult bb Boot Wizard hid

8 AIX 4d QNX4.x 86 NTFS volume set de Dell Utility

Command (m for help): p

Disk /dev/hda: 120.0 GB, 120034123776 bytes

Device Boot Start End Blocks Id System

Command (m for help):

Adding a Second Partition

Command (m for help): n

Command (m for help): p

Disk /dev/hda: 120.0 GB, 120034123776 bytes

Device Boot Start End Blocks Id System

/dev/hda2 * 541 3249 20480040 7 HPFS/NTFS