≡ Menu

ls command

Chrooted jail allows run command or service such as http / mysql / postfix with special root directory i.e. chroot changes the root directory for application. The biggest benefit is a service that is re-rooted to another directory cannot access files outside that directory. Basically you are going to set service in sandbox. Chrooting offers the following 2 benefits:

[a] Service Isolation

[b] Privilege Separation

But how do you find out if service / server is chrooted or not under Linux?

Simply run ls -ld command on /proc/MAIN-PID/root directory.

For example, find out if httpd chrooted or not:
pidof httpd


Run ls command:
ls -ld /proc/23456/root

lrwxrwxrwx 1 root root 0 Sep 10 02:52 /proc/23456/root -> /wwwdata

Find out if postfix is chrooted or not (PID 4645):
ls -ld /proc/4645/root
lrwxrwxrwx 1 root root 0 Sep 10 02:59 /proc/4645/root -> /
The PID 4645 pointing out to / (root) i.e. the root directory for application is not changed or chrooted. This is a quick and dirty way to find out if application is chrooted or not w/o opening configuration files.

I’ve already written about conceptual information regarding file system, especially data structure and related terms that help you become a successful system administrator. However I do get few emails asking about /opt directory or /usr or /lost+found directories and their purpose on the system.

Exploring Linux File System Hierarchy

A typical Linux system has the following directories:

=> / : This is the root directory.

=> /bin : This directory contains executable programs which are needed in single user mode and to bring the system up or repair it.

=> /boot : Contains static files for the boot loader. This directory only holds the files which are needed during the boot process.

=> /dev : Special or device files, which refer to physical devices such as hard disk, keyboard, monitor, mouse and modem etc

=> /etc : Contains configuration files which are local to the machine. Some larger software packages, like Apache, can have their own subdirectories below /etc i.e. /etc/httpd. Some important subdirectories in /etc:

  • /etc/skel : When a new user account is created, files from this directory are usually copied into the user’s home directory.
  • /etc/X11 : Configuration files for the X11 window system .
  • /etc/sysconfig : Important configuration file used by SysV script stored in /etc/init.d and /etc.rcX directories
  • /etc/cron.* : cron daemon configuration files which is used to execute scheduled commands

=> /home : Your sweet home to store data and other files. However in large installation yhe structure of /home directory depends on local administration decisions.

=> /lib : This directory should hold those shared libraries that are necessary to boot the system and to run the commands in the root filesystem.

=> /lib64 : 64 bit shared libraries that are necessary to boot the system and to run the commands in the root filesystem.

=> /mnt : This directory contains mount points for temporarily mounted filesystems

=> /opt : This directory should contain add-on packages such as install download firefox or static files

=> /proc : This is a mount point for the proc filesystem, which provides information about running processes and the kernel.

=> /root : This directory is usually the home directory for the root user.

=> /sbin : Like /bin, this directory holds commands needed to boot the system, but which are usually not executed by normal users, root / admin user specific commands goes here.

=> /tmp : This directory contains temporary files which may be deleted with no notice, such as by a regular job or at system boot up.

=> /usr : This directory is usually mounted from a separate partition. It should hold only sharable, read-only data, so that it can be mounted by various machines run ning Linux (useful for diskless client or multiuser Linux network such as university network). Programs, libraries, documentation etc. for all user-related programs.

=> /var : This directory contains files which may change in size, such as spool and log files.

=> /lost+found : Every partition has a lost+found in its upper directory. Files that were saved during failures are here, for e.g ext2/ext3 fsck recovery.

How do I get information about each and every directory from command prompt?

Above list just summaries important directories, you can get list by entering the following command to display description of the file system hierarchy (works under all other UNIX like oses such as HP-UX ):
$ man hier

List contents of directories in a tree-like format

ls command is basic tool for exploring file system. You can use tree command for a recursive directory listing. It produces a depth indented listing of files.
$ tree

|-- DIR_COLORS.xterm
|-- Muttrc
|-- Muttrc.local
|-- NetworkManager
|-- X11
|   |-- Xmodmap
|   |-- Xresources
|   |-- applnk
|   |-- fs
|   |   `-- config

find is another useful command to search for files in a directory hierarchy.

Further readings:

While administrating a box, you may wanted to find out what a processes is doing and find out how many file descriptors (fd) are being used. You will surprised to find out that process does open all sort of files:
=> Actual log file

=> /dev files

=> UNIX Sockets

=> Network sockets

=> Library files /lib /lib64

=> Executables and other programs etc

In this quick post, I will explain how to to count how many file descriptors are currently in use on your Linux server system.
[click to continue…]

A quick question from my mail bag:

How do I display or get the date when a file was last time accessed?

The best and simplest way is to use stat command. It displays file or file system status such as:

=> File size

=> File type

=> Inode number


=> File access , modify and creation time etc.

stat command example

$ stat /etc/passwd

  File: `/etc/passwd'
  Size: 2453            Blocks: 8          IO Block: 4096   regular file
Device: 806h/2054d      Inode: 25298826    Links: 1
Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2007-08-06 04:45:18.000000000 -0500
Modify: 2007-07-17 16:25:12.000000000 -0500
Change: 2007-07-17 16:25:12.000000000 -0500

Display file system status

You can display file system status instead of file status. For example, display status for / file system:
$ stat -f /

  File: "/"
    ID: 0        Namelen: 255     Type: ext2/ext3
Block size: 4096       Fundamental block size: 4096
Blocks: Total: 32161831   Free: 30458361   Available: 28798245
Inodes: Total: 33226752   Free: 33135357

stat command and shell scripts

You can use stat in a shell script. It supports -c option. By default it shows all information about file. Use -c option to specify FORMAT instead of the default. For example store access time in a shell variable:

ATIME=$(stat -c "%x" /etc/passwd)
echo $ATIME

See the stat command man page for full details for the valid format sequences for files:
man stat

This article was organically contributed by monk.

When you are logged in to a Linux server and you type a command. It is the responsibility of the shell to interpret your command. Here I will explain how BASH shell finds out which program to run. The method used by SHELL is straightforward but often creates confusion for new Linux user/admins/Interns.

Remember your shell deals with different commands and command line options to process your request.
For example:

  1. Internal commands aka shell builtin command (such as set)
  2. External commands (such as clear, date)
  3. Aliases (such as alias rm='rm -i')
  4. Command substitutions ( such as echo "Today is $(date)")
  5. Functions
  6. Pipes ( such as cat /etc/passwd | wc -l)
  7. I/O redirection (such as cat /etc/passwd > /tmp/names)

As you can see, SHELL has to do many things before it can find the correct executable file for you. For example, when you type single command date; SHELL will locate date command for you. Then it spawns (forks) a new process and "execs" the date command. Please note that discussion related forks and kernel is beyond the scope of this document (see nice explanation by Tony @ How shells call other programs). Here you just want to understand how Linux knows which program to run.

Shell uses PATH variable

Your shell uses the environment variable called PATH to locate commands. Just type following command to display your current PATH:

$ echo $PATH


The variable PATH defines search path for commands. As you can see, PATH holds a colon-separated list of directories in which the shell looks for commands. Returning to the date example, when you type date command, shell will start with the directory on left (i.e. /usr/local/bin) side of PATH variable and checks to see if there is date command executable file. If executable file found, shell will execute date command. If command cannot be located at all in all directories then you will see command not found error message. BASH shell use following sequence to execute command (for example purpose, we will use date command):

  1. If there exists a shell FUNCTION date() execute it and stop.
  2. If there exists a shell builtin date command, execute it and stop
  3. If the date is neither a shell function nor a builtin then BASH searches in HASH tables. If there exists an entry for date command execute it and stop.
  4. Finally, if date does not exist in HASH tables, it will search using PATH variable.
  5. If above all method fails then SHELL will return error "Command not found" and always exit with 127 status code.

However, things started to get complicated if it is a shell script, the SHELL does exactly the same thing (as mentioned above), but the exec fails, which causes the shell to read the script and interpret it.

What is a HASH table?

A HASH table is nothing but some sort of caching mechanism to speed up things. For each command, the full file name of the command is determined by searching the directories in $PATH variable and remembered by shell in HASH table. Just type hash command and it will display the all remembered directory name:
$ hash

hits    command
5    /usr/bin/chsh
1    /usr/bin/man
1    /bin/ls

Related shell commands
To solve a command searching mysteries Linux/SHELL offers couple of commands.

type command

Tells whether command is an alias, function, buitin command or executable command file. To be frank type command indicate how it would be interpreted if used as a command name. General syntax:
type {command-name}

$ type -a ls

ls is aliased to 'ls --color=auto'

$ type date

date is hashed (/bin/date)

$ type dirs

dirs is a shell builtin

$ type if

if is a shell keyword

$ type getip

getip is a function
getip ()
lynx --dump 'http://localhost:81/getip'

which command

Use to locate a command in a PATH.
$ which ls


Continue reading the second part of "How Linux or UNIX Understand which program to run" series (this is part I).

  • PART I : How Linux or UNIX Understand which program to run
  • PART II : An example: How shell Understand which program to run

Updated for accuracy by Vivek. This article almost rewritten to fix typos.

A single inode number use to represent file in each file system. All hard links based upon inode number.

So linking across file system will lead into confusing references for UNIX or Linux. For example, consider following scenario

* File system: /home
* Directory: /home/vivek
* Hard link: /home/vivek/file2
* Original file: /home/vivek/file1

Now you create a hard link as follows:
$ touch file1
$ ln file1 file2
$ ls -l


-rw-r--r--  2 vivek vivek    0 2006-01-30 13:28 file1
-rw-r--r--  2 vivek vivek    0 2006-01-30 13:28 file2

Now just see inode of both file1 and file2:
$ ls -i file1
$ ls -i file2

As you can see inode number is same for hard link file called file2 in inode table under /home file system. Now if you try to create a hard link for /tmp file system it will lead to confusing references for UNIX or Linux file system. Is that a link no. 782263 in the /home or /tmp file system? To avoid this problem UNIX or Linux does not allow creating hard links across file system boundaries. Continue reading rest of the Understanding Linux file system series (this is part VII):

  • Part I - Understanding Linux superblock
  • Part II - Understanding Linux superblock
  • Part III - An example of Surviving a Linux Filesystem Failures
  • Part IV - Understanding filesystem Inodes
  • Part V - Understanding filesystem directories
  • Part VI - Understanding UNIX/Linux symbolic (soft) and hard links
  • Part VII - Why isn't it possible to create hard links across file system boundaries?

Understanding UNIX / Linux filesystem Inodes

The inode (index node) is a fundamental concept in the Linux and UNIX filesystem. Each object in the filesystem is represented by an inode. But what are the objects? Let us try to understand it in simple words. Each and every file under Linux (and UNIX) has following attributes:

=> File type (executable, block special etc)
=> Permissions (read, write etc)
=> Owner
=> Group
=> File Size
=> File access, change and modification time (remember UNIX or Linux never stores file creation time, this is favorite question asked in UNIX/Linux sys admin job interview)
=> File deletion time
=> Number of links (soft/hard)
=> Extended attribute such as append only or no one can delete file including root user (immutability)
=> Access Control List (ACLs)

All the above information stored in an inode. In short the inode identifies the file and its attributes (as above) . Each inode is identified by a unique inode number within the file system. Inode is also know as index number.

inode definition

An inode is a data structure on a traditional Unix-style file system such as UFS or ext3. An inode stores basic information about a regular file, directory, or other file system object.

How do I see file inode number?

You can use ls -i command to see inode number of file
$ ls -i /etc/passwd
Sample Output

32820 /etc/passwd

You can also use stat command to find out inode number and its attribute:
$ stat /etc/passwdOutput:

File: `/etc/passwd'
Size: 1988            Blocks: 8          IO Block: 4096   regular file
Device: 341h/833d       Inode: 32820       Links: 1
Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2005-11-10 01:26:01.000000000 +0530
Modify: 2005-10-27 13:26:56.000000000 +0530
Change: 2005-10-27 13:26:56.000000000 +0530

Inode application

Many commands used by system administrators in UNIX / Linux operating systems often give inode numbers to designate a file. Let us see he practical application of inode number. Type the following commands:
$ cd /tmp
$ touch \"la*
$ ls -l

Now try to remove file "la*

You can't, to remove files having created with control characters or characters which are unable to be input on a keyboard or special character such as ?, * ^ etc. You have to use inode number to remove file. This is fourth part of "Understanding UNIX/Linux file system, continue reading rest of the Understanding Linux file system series (this is part IV):

  • Part I - Understanding Linux superblock
  • Part II - Understanding Linux superblock
  • Part III - An example of Surviving a Linux Filesystem Failures
  • Part IV - Understanding filesystem Inodes
  • Part V - Understanding filesystem directories
  • Part VI - Understanding UNIX/Linux symbolic (soft) and hard links
  • Part VII - Why isn't it possible to create hard links across file system boundaries?