About | ACP | Buy | Forum | Industry Watch | Learning Curve | Search | Twitter | Xnews
Home » Learning Curve

Cookie Tin Tips V

This series is directed to potential switchers. It's about Unix. Remember when reading that Unix is considered more than an operating system: it's a way of thinking.

The File System

Buy It

Try It

This is a heady article, but this part of Unix is very important and very useful. One can learn what the Unix file system is like by analysing what the command 'ls' is like.

'ls' is Ken Thompsonese for 'list'. It lists whatever you want it to list (in the file system) and by default your current directory. Listings can be overly simple or rather involved - it all depends on you.

What's important is to know what possibilities 'ls' has. Remember: a directory by itself contains nothing except the actual file names and their inodes. The inodes are just an index, nothing more; there is no file information in the directories - it's all in the volume ilist.

Fortunately the system defines the layout of the iblocks in the ilist - and here you have it. It's something called the 'stat' structure.

struct stat {
    dev_t    st_dev;    /* device inode resides on */
    ino_t    st_ino;    /* inode's number */
    mode_t   st_mode;   /* inode protection mode */
    nlink_t  st_nlink;  /* number or hard links to the file */
    uid_t    st_uid;    /* user-id of owner */
    gid_t    st_gid;    /* group-id of owner */
    dev_t    st_rdev;   /* device type, for special file inode */
    struct timespec st_atimespec;  /* time of last access */
    struct timespec st_mtimespec;  /* time of last data modification */
    struct timespec st_ctimespec;  /* time of last file status change */
    off_t    st_size;   /* file size, in bytes */
    quad_t   st_blocks; /* blocks allocated for file */
    u_long   st_blksize;/* optimal file sys I/O ops blocksize */
    u_long   st_flags;  /* user defined flags for file */
    u_long   st_gen;    /* file generation number */

The first two columns under the declaration give the data type and the name of the field; the final column, the bit enclosed in '/*...*/', is a comment field which explains what the field is up to.

  1. st_dev: the physical device the file is on.
  2. st_ino: the actual inode.
  3. st_mode: protection mode; the item's access rights.
  4. st_nlink: number of links (filenames) to the physical file.
  5. st_uid: user ID of the item's owner.
  6. st_gid: group ID of the item.
  7. st_rdev: device type for special inodes.
  8. st_atimespec: last accessed time.
  9. st_mtimespec: last modified time.
  10. st_ctimespec: status change time.
  11. st_size: file size in bytes.
  12. st_blocks: blocks allocated for the file.
  13. st_blksize: optimal block size for the file.
  14. st_flags: special user flags for the file.
  15. st_gen: file generation number (seen only by root).

Fields 8, 9, and 10 are self-explanatory and fields 1, 7, 12, 13, and 15 can be ignored.

Which leaves only seven fields: 2, 3, 4, 5, 6, 11, and 14. Or st_ino, st_mode, st_nlink, st_uid, st_gid, st_size, and st_flags. Or the inode, the protection mode, the number of links, the user ID, the group ID, the size, and the special flags.

Field 2 - st_ino. This is the index in the ilist the directory had. Yes, they should be contiguous (would have to be) but this is a double check that things are in order. It's a bit of 'bookkeeping'.

Normally when a file manager culls data on a file, the 'stat' is returned and the inode is read from there instead of in the directory itself. It's a bit cleaner way to do things.

Remember: files are not unique; their inodes are. A physical file can have any number of names on the same volume, each with a reference to the same inode. When you 'delete' a file you're only removing one of the names for it - and decrementing the count of links (see below). The file continues to exist until that count reaches zero.

[And no, there is no way to backtrack to all the filenames for a given inode: the iblock contains no filenames whatsoever.]

Field 3 - st_mode. This is the (rather sophisticated) set of permissions on the file. You can do a lot of things with Unix file permissions. A discussion follows below.

Field 4 - st_nlink. See 'st_ino' above. This is the link count for the file maintained by the file system. Anytime someone adds a new name for a file this count is incremented; when a name is removed it is decremented. Only when this count reaches zero is the physical storage for the file actually set free and the file is actually 'gone'.

It's time to go to root on an OS X box and list everything.

% ls -ailo /
      2 drwxrwxr-t  26 root  staff    -     884 Mar  1 03:39 .
      2 drwxrwxr-t  26 root  staff    -     884 Mar  1 03:39 ..
     17 d-wx-wx-wx   2 root  unknown  -      68 May 20  2004 .Trashes
      0 dr--r--r--   2 root  wheel    -      96 Mar  1 02:56 .vol
    452 drwxrwxr-x  18 root  admin    -     612 May 20  2004 Applications
  34931 drwxrwxr-x  11 root  admin    -     374 May 20  2004 Developer
   1806 drwxrwxr-x  26 root  admin    -     884 Oct 23 17:51 Library
   7249 drwxr-xr-x   6 root  wheel    -     204 May 20  2004 Network
   1825 drwxr-xr-x   3 root  wheel    -     102 May 20  2004 System
   7259 drwxrwxr-t   4 root  admin    -     136 Mar  1 02:00 Users
   6846 drwxrwxrwt   2 root  wheel    -      68 Feb 18 14:24 Volumes
      6 dr-xr-xr-x   1 root  wheel    -     512 Mar  1 04:33 automount
   6847 drwxr-xr-x  35 root  wheel    -    1190 May 20  2003 bin
   7245 drwxrwxrwt   2 root  wheel    -      68 Jan 16  2003 cores
      2 dr-xr-xr-x   2 root  wheel    -     512 Mar  1 02:56 dev
  27441 lrwxrwxr-t   1 root  staff    -      11 Mar  1 03:39 etc -> private/etc
3816484 lrwxrwxr-t   1 root  staff    -       9 Mar  1 03:39 mach -> /mach.sym
3816483 -r--r--r--   1 root  staff    -  709440 Mar  1 02:56 mach.sym
   6887 -rw-r--r--   1 root  wheel    - 3744576 Aug 14  2003 mach_kernel
     19 drwxr-xr-x   6 root  wheel    -     204 Mar  1 02:57 private
   6980 drwxr-xr-x  60 root  wheel    -    2040 Aug 12  2003 sbin
  27503 lrwxrwxr-t   1 root  staff    -      11 Mar  1 03:39 tmp -> private/tmp
   7043 drwxr-xr-x  10 root  wheel    -     340 May 20  2004 usr
  27526 lrwxrwxr-t   1 root  staff    -      11 Mar  1 03:39 var -> private/var

There are nine columns to the output. Four switches are used on the command line to get 'all' ('a'), the inodes ('i'), a long listing ('l'), and the special user flags ('o').

  1. The inode of the item (st_ino).
  2. The protection flags (st_mode). More below.
  3. The number of links (st_nlink).
  4. The name of the owner derived from the UID.
  5. The name of the group derived from the GID.
  6. The special user flags (st_flags).
  7. The file size (st_size).
  8. The date/time for 'last modified' (from st_mtimespec).
  9. The filename found in the directory.

The first column is straightforward: it can be used to compare items to see if they match. If they have the same inode they should otherwise have identical data.

The items which in column 9 have arrows ('->') are symbolic links or 'symlinks' for short. These items contain only a path to whatever item they really want to refer to.

Look at column 2 in the first item listed.

2 drwxrwxr-t 26 root staff - 884 Mar 1 03:39 .

It's an item called '.' (current directory) which is owned by root and belongs to group staff with an inode of 2 and a size of 884 bytes. It has 26 links. This does not mean the root directory on a drive has 26 names - only that the directory itself contains 26 entries.

Its mode or permissions are:


The first 'd' indicates it's a directory, the first 'rwx' indicates the owner ('root') has read, write, and execute permissions, the next 'rwx' indicates the group 'staff' also have those permissions, and the following 'r-' indicates anyone else can read the directory but not write to it.

The final 't' is a so-called sticky bit: it gives special permissions to directories so that different users can get in there but not so easily delete things that don't belong to them.

To figure out what you can do with the item '.', you have to know who you are and what groups you belong to.

% whoami;groups
staff admin

You may very well belong - as most default users on OS X - to two groups: 'staff' and 'admin'. (Both are pretty good, but neither are 'high honcho' - that's 'wheel'.)

The item '.' is marked as belonging to 'staff', and so if you belong to staff, even if you are not root, the second grouping of 'rwx' applies to you: you'll be able to enter the directory ('x'), list its contents ('r') and modify it too ('w').

A few final notes.

  • Only the superuser (root) can change the ownership of a file.
  • There are special user flags only the superuser (root) can set.
  • Some of these flags can only be reset in single user mode.

Learn how 'ls' works and how to use its data and you'll be well on your way to mastering Unix.

About | ACP | Buy | Forum | Industry Watch | Learning Curve | Search | Twitter | Xnews
Copyright © Rixstep. All rights reserved.