Tuesday, December 11, 2012

Linux SuperBlock

File system?

Again file system divided into two categories:
  • User data - stores actual data contained in files
  • Metadata - stores file system structural information such as superblock, inodes, directories

Understanding UNIX / Linux filesystem Superblock


This is second part of "Understanding UNIX/Linux file system", Let us take an example of 20 GB hard disk. The entire disk space subdivided into multiple file system blocks. And blocks used for what?

Unix / Linux filesystem blocks

The blocks used for two different purpose:
  1. Most blocks stores user data aka files (user data).
  2. Some blocks in every file system store the file system's metadata. So what the hell is a metadata?
In simple words Metadata describes the structure of the file system. Most common metadata structure are superblock, inode and directories. Following paragraphs describes each of them.

Superblock

Each file system is different and they have type like ext2, ext3 etc. Further each file system has size like 5 GB, 10 GB and status such as mount status. In short each file system has a superblock, which contains information about file system such as:
  • File system type
  • Size
  • Status
  • Information about other metadata structures
If this information lost, you are in trouble (data loss) so Linux maintains multiple redundant copies of the superblock in every file system. This is very important in many emergency situation, for example you can use backup copies to restore damaged primary super block. Following command displays primary and backup superblock location on /dev/sda3:
# dumpe2fs /dev/hda3 | grep -i superblock
Output:
Primary superblock at 0, Group descriptors at 1-1
Backup superblock at 32768, Group descriptors at 32769-32769
Backup superblock at 98304, Group descriptors at 98305-98305
Backup superblock at 163840, Group descriptors at 163841-163841
Backup superblock at 229376, Group descriptors at 229377-229377
Backup superblock at 294912, Group descriptors at 294913-294913

 Linux: Find Alternative Superblocks

I think my file system has been damaged. Instead of block 1, I want to use block n as superblock. How do I find out an alternative superblock location under Linux?

Each file system has a superblock, which contains information about file system such as file system type, size, status, information about other metadata structures and so on.

You can use any one of the following command to find out the superblock location:
[a] mke2fs - Create an ext2/ext3/ext4 filesystem.
[b] dumpe2fs - dump ext2/ext3/ext4 filesystem information.
Open a command-line terminal (select Applications > Accessories > Terminal), and then type the following command (alternatively you can boot from rescue or Live Linux CD and type the same commands):
# dumpe2fs /dev/sda5 | grep -i superblock
The above command will list all superblocks for /dev/sda5 as follows:
dumpe2fs 1.41.11 (14-Mar-2010)
  Primary superblock at 0, Group descriptors at 1-29
  Backup superblock at 32768, Group descriptors at 32769-32797
  Backup superblock at 98304, Group descriptors at 98305-98333
  Backup superblock at 163840, Group descriptors at 163841-163869
  Backup superblock at 229376, Group descriptors at 229377-229405
  Backup superblock at 294912, Group descriptors at 294913-294941
  Backup superblock at 819200, Group descriptors at 819201-819229
  Backup superblock at 884736, Group descriptors at 884737-884765
  Backup superblock at 1605632, Group descriptors at 1605633-1605661
  Backup superblock at 2654208, Group descriptors at 2654209-2654237
  Backup superblock at 4096000, Group descriptors at 4096001-4096029
  Backup superblock at 7962624, Group descriptors at 7962625-7962653
  Backup superblock at 11239424, Group descriptors at 11239425-11239453
  Backup superblock at 20480000, Group descriptors at 20480001-20480029
  Backup superblock at 23887872, Group descriptors at 23887873-23887901
  Backup superblock at 71663616, Group descriptors at 71663617-71663645
  Backup superblock at 78675968, Group descriptors at 78675969-78675997
  Backup superblock at 102400000, Group descriptors at 102400001-102400029
Now you can use the backup superblock to check the file system using superblock # 98304 (warning do not run the following on mounted live file system):
# e2fsck -f -b 98304 /dev/sda5
OR mount the file system using superblock # 98304:
# mkdir -p /mnt/data5
# mount -o sb=98304 /dev/sda5 /mnt/data5


Surviving a Linux Filesystem Failures

When you use term filesystem failure, you mean corrupted filesystem data structures (or objects such as inode, directories, superblock etc. This can be caused by any one of the following reason:
* Mistakes by Linux/UNIX Sys admin
* Buggy device driver or utilities (especially third party utilities)
* Power outage (very rarer on production system) due to UPS failure
* Kernel bugs (that is why you don't run latest kernel on production Linux/UNIX system, most of time you need to use stable kernel release)
Due to filesystem failure:
  • File system will refuse to mount
  • Entire system get hangs
  • Even if filesystem mount operation result into success, users may notice strange behavior when mounted such as system reboot, gibberish characters in directory listings etc
So how the hell you are gonna Surviving a Filesystem Failures? Most of time fsck (front end to ext2/ext3 utility) can fix the problem, first simply run e2fsck - to check a Linux ext2/ext3 file system (assuming /home [/dev/sda3 partition] filesystem for demo purpose), first unmount /dev/sda3 then type following command :
# e2fsck -f /dev/sda3
Where,
  • -f : Force checking even if the file system seems clean.
Please note that If the superblock is not found, e2fsck will terminate with a fatal error. However Linux maintains multiple redundant copies of the superblock in every file system, so you can use -b {alternative-superblock} option to get rid of this problem. The location of the backup superblock is dependent on the filesystem's blocksize:
  • For filesystems with 1k blocksizes, a backup superblock can be found at block 8193
  • For filesystems with 2k blocksizes, at block 16384
  • For 4k blocksizes, at block 32768.
Tip you can also try any one of the following command(s) to determine alternative-superblock locations:
# mke2fs -n /dev/sda3
OR
# dumpe2fs /dev/sda3|grep -i superblock
To repair file system by alternative-superblock use command as follows:
# e2fsck -f -b 8193 /dev/sda3
However it is highly recommended that you make backup before you run fsck command on system, use dd command to create a backup (provided that you have spare space under /disk2)
# dd if=/dev/sda2 of=/disk2/backup-sda2.img

Understanding UNIX / Linux filesystem Inodes


The inode (index node) is a fundamental concept in the Linux and UNIX filesystem. Each object in the filesystem is represented by an inode. But what are the objects? Let us try to understand it in simple words. Each and every file under Linux (and UNIX) has following attributes:
=> File type (executable, block special etc)
=> Permissions (read, write etc)
=> Owner
=> Group
=> File Size
=> File access, change and modification time (remember UNIX or Linux never stores file creation time, this is favorite question asked in UNIX/Linux sys admin job interview)
=> File deletion time
=> Number of links (soft/hard)
=> Extended attribute such as append only or no one can delete file including root user (immutability)
=> Access Control List (ACLs)
All the above information stored in an inode. In short the inode identifies the file and its attributes (as above) . Each inode is identified by a unique inode number within the file system. Inode is also know as index number.

inode definition

An inode is a data structure on a traditional Unix-style file system such as UFS or ext3. An inode stores basic information about a regular file, directory, or other file system object.

How do I see file inode number?

You can use ls -i command to see inode number of file
$ ls -i /etc/passwd
Sample Output
32820 /etc/passwd
You can also use stat command to find out inode number and its attribute:
$ stat /etc/passwdOutput:
File: `/etc/passwd'
Size: 1988            Blocks: 8          IO Block: 4096   regular file
Device: 341h/833d       Inode: 32820       Links: 1
Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2005-11-10 01:26:01.000000000 +0530
Modify: 2005-10-27 13:26:56.000000000 +0530
Change: 2005-10-27 13:26:56.000000000 +0530

Inode application

Many commands used by system administrators in UNIX / Linux operating systems often give inode numbers to designate a file. Let us see he practical application of inode number. Type the following commands:
$ cd /tmp
$ touch \"la*
$ ls -l

Now try to remove file "la*
You can't, to remove files having created with control characters or characters which are unable to be input on a keyboard or special character such as ?, * ^ etc. You have to use inode number to remove file. This is fourth part of "Understanding UNIX/Linux file system, continue reading rest of the Understanding Linux file system series (this is part IV):
Posted by at

1 comment:

Subscribe to: Post Comments (Atom)