Linx a deep understanding of the file system and block -inode
inode: Record file attributes of a file occupies one inode, while recording the block number of file data is located.
block: Record the contents of the file, if the file too large occupy more than bolck blocks. Usually the size of 1k, 2k, 4k.
English |
nickname |
Chinese translation |
When to modify |
View command |
Access |
Atime |
interview time |
Read. Write |
Ls -lu |
Modify |
Mtime |
Change the time |
Write. modify |
ls -l |
Change/Create |
Ctime |
Changing the time / Created |
Modify the file name. Write. modify. Change permissions. Do Links |
Ls -lc |
Important Find / tmp directory under the modified file within three days, and moved to the / opt under
find / tmp -type f -a -mtime -3 -exec mv {} / opt \; (+3 within three days, three days ago -3)
inode number (2) View file
ls -i filename
stat filename
5. Delete specified file corresponding to the inode number
find ./ -inum inode号 -exec rm -i {} \;
6. Check the file system information of the inode and block
df -i device names (mounted file system can only check in)
dumpe2fs -h device name (no need to mount the file system)
tune2fs -l device name (no need to mount the file system)
7. When formatting specified file system inode number and block size
Method: mkfs.ext4 -N number inode -b block size (in bytes, is generally 4k size may be altered, but in general may be omitted) the device name
8 resolved inode depletion caused by disk failure
<1 delete unused files
<2 file backup, reformat the file system, inode number designated more
Two in-depth understanding of Linux file systems --- Links
1 hard link
Methods: ln source destination file
Features: The specified target and source files inode same, but not hard links for directories, must be in the same file system. Delete a file name, does not affect another visit
2 soft links
Methods: ln -s source file or directory target file or directory
Features: soft link to the file name, a new generation of soft link different inode number and source files, directories can also generate soft links, soft links and source files may no longer be in the same file system, the contents of the soft link file is the source file route, the system will automatically guide reading source files, but when the source file is moved or the same name, given soft link
Three recover accidentally deleted files (CentOS 7 does not have this feature, CentOS 6 also this feature)
Four analyze log files
1. The classification of the log file
(1) the kernel and system log to a log file final #
(2) The user log
(3) log
Position 2 log files are located
Log Files |
Content storage |
View command |
|
/ Var / log / messages |
Kernel messages and public information log a variety of applications, including startup. I / O error. Network Error. Program failure |
Cat etc. |
|
/ Var / log / lastlog |
Each user has recently logged events |
Last lastlog |
|
/ Var / log / secure |
User authentication information related to the safety time |
Cat etc. |
|
/ Var / log / wtmp |
Each user login, logout and system startup and shutdown events |
Users、who、w、 |
|
/ Var / log / btmp |
Failed, incorrect login attempts and authentication events |
lastb |
file View File Types
5. Level log messages
level |
Representation and English translation |
significance |
0 |
EMERG (emergency) |
Causing the host is unavailable |
1 |
ALERT (warning) |
We must immediately take measures to solve |
2 |
CRIT (severe) |
More serious cases |
3 |
ERR (error) |
Runtime error |
Command: last: the query was successful login to the system's user record, recent logins on top
-a: from the host name or IP address where the log is displayed in the last line
-n: n sign indicates the most recent record of
lastlog command: used to display all system users last logged information
lastb command: used to display the user's login error list, this command can be found in the system login exception
(3) log
Storage location: not fixed
7 log files for protection
chattr + a log file
chattr + a -R a recursive increase permissions
8 Log Management
<1 for logs, regular backups, off-site backup (retention logging 1-3 days)
<2 for permission to strictly (to prevent the disclosure of sensitive information), do log for centralized management
<3 for cutting the log periodic mv / var / log / messages / / var / log / messages - $ (date -d "-1 days" +% F) the day before
date +% F Current time