1. The role of block: used to store real data content
The size of each sector (sector) of ours is specified as 512B. When the system reads hard disk data, it will not read one sector one by one, but read multiple sectors at a time, that is, read one at a time. Block, this kind of block composed of multiple sectors, is the smallest unit of file access. The size of the block, the most common is 4kb, that is, 8 consecutive sectors form a block
2. The role of inode: it is used to store the meta-information of the data. The so-called meta-information refers to some attribute characteristics of the data
What information can our inode record? It can be a record of file permissions (rwx), file owner, group, file size, time stamp, etc. This kind of storage file has no information area called inode, Chinese translation is called "traction node", also called i node, therefore, a file must occupy one inode, but at least one block.
Note: The file name is not included in the inode. In fact, the file name is stored in the directory. Everything in the Linux system is a file. Therefore, the directory is also a kind of file. You can view the files in the directory. Check the file name, and each of our inodes has a number, the system uses the inode number to identify different files, the system does not use the file name, but uses the inode number to identify the file
Three, the three main time attributes of Linux system files
ctime(change time): Change the
last time the file or directory (attribute) was changed
atime (access time): access to the
last time to change the file or directory (attribute)
mtime(modify time): modify the
last time the file or directory (attribute) was changed
All three time attributes will change when modified
Four, inode number
When the user opens the file by the file name, the internal process
of the system 1. The system finds the inode number corresponding to the file name
2. Obtains the inode information through the inode number
3. According to the inode information, finds the block where the file data is located, reads out the data to
view the file Inode size: ls -i a.txt
View detailed information: stat a.txt
Five, the size of the inode
1. Inodes also consume hard disk space. The size of each inode is generally 128 bytes or 256 bytes.
2. Determine the total number of inodes when formatting the file system.
3. Use the df -i command to view the total number of inodes for each hard disk partition. And the amount used
Six, the special role of inode
Due to the separation of the inode number and the file name, some Unix/Linux systems have the following phenomena:
1. When the file name includes special characters, the file may not be deleted normally. You can delete the inode directly or delete the file.
2. When you move or rename the file, Only change the file name, does not affect the inode number
3. After opening a file, the system uses the inode number to identify the file without considering the file name
Seven, delete garbled files
方法一:touch a.txt
Ls -I a.txt
1543511 a.txt
find . –inum 1543511 –exec rm –i {} \;
This command means that the content found by find is used as the object to be deleted by rm, and the grammatical structure analysis:
-exec parameter is followed by the command, and its termination is; as the end sign, {} represents the file found by the previous find The name, \ represents the line break means immediate execution
方法二:find . –inum 1543511 | xargs rm -f
The Xargs parameter means strong, and if the previous output contains spaces or tabs, it will be executed forcefully
8. Recover XFS files
1. The extundelete tool can only restore EXT type files. CentOS7 system defaults to xfs type files. There is currently no mature file recovery tool for the xfs file system. Make data backups in advance to prevent data loss.
2. Xfs type The files can be backed up and restored using the xfsdump and xfsrestore tools. If the xfsdump and xfsrestore tools are not installed on the system, they can be installed through the yum -y install xfsdump command. xfsdump backs up an xfs file system in the order of inodes. There are two backup levels for xfsdump: 0 means full backup, 1-9 means incremental backup. Xfsdump backup defaults to 0, the commonly used parameters of xfsdump commands include the following
| -f | Specify the backup file or directory |
|---|---|
| -L | Specify the label session label |
| -M | Specify device label media label |
| -s | Back up a single file, the path cannot be followed directly after -s |
xfsdump recovery tool experimental steps:
1. Initialize the disk (partition, format and mount)
2. Prepare test files
3. Use the xfsdump command to back up the entire partition
xfsdump -f /opt/dump.sdb1 /dev/sdb1
dump.sdb1 to specify the backup session label,
sdb1 to specify the device label, and
xfsdump -I to view the backup information and content
4. Delete previously created content
5. Restore files
When using xfsdump, you need to pay attention to the following restrictions:
xfsdump does not support the backup of mounted file systems, so you can only back up the mounted
xfsdump. You must use root permissions to operate
xfsdump can only back
up the data backed up by the XFS file system xfsdump Only use xfsrestore to parse
xfsdump is to distinguish each backup file through the UUID of the file system, so two file systems with the same UUID cannot be backed up
extundelete recovery tool experimental steps: (do it in CentOS6 system)
1. Initialize the disk (partition, format and mount)
2. Installation environment
3. Import and install the extundelete compressed file
4. Create files under /data, backup and delete some files under /data
5. To restore files, unmount the mount point first, empty files or empty directories cannot be backed up
The difference between xfsdump and extundelete:
1. extundelete needs to be installed additionally, and xfsdump comes with the default system
2. extundelete needs to be unmounted when restoring, and xfsdump needs to be
used when the mount point is online 3. When using xfsdump, it must be a root account to use
4. Exundelate can only be restored The file system format of ext4 (must be a CentOS6 system), xfsdump can only restore the file system format of xfs (the default is the xfs file system format in CentOS7),
Nine, log files
Log function
1. It is used to record various events that occur in the system and program operation.
2. By reading the log, it is helpful to diagnose and interpret system failures
. Classification of log files
1. Kernel-level system log
2. User log
3. Program log
10. Log save location
The default is located in the /var/log directory.
Main log file introduction.
Kernel and public information log: /var/log/messages
Scheduled task log: /var/log/cron
System boot log: /var/log/dmesg
Mail system log: /var /log/maillog
records the login events of each user: /var/log/lastlog
records security event messages related to user authentication: /var/log/secure
records each user login, logout, system startup and shutdown messages: /var /log/wtmp
Record failed, wrong login attempts and verification events: /var/log/btmp
11. Level of log message
Query the user record of the user's failed login
last: view the user record of the successful login to the system
lastb: view the user record of the failed login
12. The general format of log records
13. Log management strategy
