Today I've learned: Filesystem & Storage Device Management

Jonas SatkauskasJonas Satkauskas
5 min read

Table of contents

Intro

I believe that you’ve already seen the filesystem of Windows. There are disks like C:, D:, E: and etc…

Linux has its own way to manage storage devices.

We’ll see how does it look and how to manage them, where are they stored.

For a hacker it is necessary to understand the file and storage device management system.

When you’re in your target system, you must understand what you’re working with and where to find confidential files.

We’ll begin with the directory /dev which stands for devices.

The Device Directory /dev

This directory contains files representing each attached device.

You can navigate to /dev directory and long list contents:

cd dev
ls -l       
total 0
crw-------  1 root root     10,   123 Dec 31 10:12 acpi_thermal_rel
crw-r--r--  1 root root     10,   235 Dec 31 10:12 autofs
drwxr-xr-x  2 root root           320 Dec 31 12:40 block
drwxr-xr-x  2 root root            80 Dec 31 11:16 bsg
crw-------  1 root root     10,   234 Dec 31 10:12 btrfs-control
drwxr-xr-x  3 root root            60 Dec 31 10:12 bus
drwxr-xr-x  2 root root          3400 Dec 31 11:16 char
crw-------  1 root root      5,     1 Dec 31 10:12 console

Each device on your system is represented by a file in the /dev directory, including devices you’ve probably never used or even knew existed.

In the list you can see sda1, sda2, sda3, sdb devices. These are the hard drives and its partitions, also a USB flash drive and it’s partitions.

brw-rw----  1 root disk      8,     0 Dec 31 10:12 sda
brw-rw----  1 root disk      8,     1 Dec 31 10:12 sda1
brw-rw----  1 root disk      8,     2 Dec 31 10:12 sda2
brw-rw----  1 root disk      8,     3 Dec 31 10:12 sda3
brw-rw----  1 root disk      8,    16 Dec 31 11:16 sdb
brw-rw----  1 root disk      8,    17 Dec 31 12:33 sdb1

How Linux Represents Storage Devices

Linux uses logical labels for drives that are then mounted on the filesystem. Sometimes same hard drive might have different labels at different times.

Newer Serial ATA (SATA) interface drives and Small Computer System Interface (SCSI) hard drives are represented as sda.

Drives are sometimes split up into sections known as partitions.

When systems have more than one hard drive, Linux names them serially by incrementing the last letter in alphabetical order. For example:

  1. sda

  2. sdb

  3. sdc

Drive Partitions

We can also split drives into partitions. For example we can make few separate partitions in sda hard drive.

Partition labeling system:

  1. sda1 - The first partition (1) on the first SATA drive (a)

  2. sda2 - The second partition (2) on the first SATA drive (a)

  3. sda3 - The third partition (3) on the first SATA drive (a)

This is useful when you want to share only certain files and give permissions to a certain group of users. Also there are many other reasons why this could be useful.

To check which partitions you have in your system and see the details about them you can use fdisk tool with -l flag.

fdisk -l
Device         Start       End   Sectors  Size Type
/dev/sda1       2048   1050623   1048576  512M EFI System
/dev/sda2    1050624 498116607 497065984  237G Linux filesystem
/dev/sda3  498116608 500117503   2000896  977M Linux swap

Disk /dev/sdb: 29.25 GiB, 31406948352 bytes, 61341696 sectors
Disk model: Cruzer Glide    
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x00000000

Swap acts like virtual RAM.

I also have external USB connected and you can see that it is called sdb.

Mounting and Unmounting

Most modern operating systems automount storage devices when they’re attached.

The term mount is from early days of computers. Storage tapes had to be physically mounted to the computer system. These are the days when computer size was half of a room.

Two main mount points in Linux are /mnt and /media

USB devices can be manually mounted at /mnt. (keep in mind that it can be mounted anywhere, but when you do so, the mounted device will cover the contents of the directory)

In some cases you need to mount drives manually so we’ll see how it’s done:

So I have my USB located at /dev/sdb (it’s located and visible at /devices directory)

Let’s mount it at the /mnt directory:

mount /dev/sdb1 /mnt

Now you can go to the /mnt directory and you’ll see that we see the contents of our files.

/mnt# ls
file1
file2
file3

To unmount the drive we can write:

umount /dev/sdb1

Keep in mind that it’s umount and not unmount.

Monitoring Filesystems

Monitoring the state of filesystem is a necessary skill for a hacker.

To do so we can use df command (disk free). It’ll give us information about any hard disks or mounted devices.

df
Filesystem     1K-blocks     Used Available Use% Mounted on
udev             3982012        0   3982012   0% /dev
tmpfs             804388     1488    802900   1% /run
/dev/sda2      243520884 23459860 207617992  11% /
/dev/sdb1       30655856    55808  30600048   1% /mnt

As you can see it also shows me my USB drive mounted on /mnt.

sda2 is my main disk and it breaks down as follows:

sd - SATA hard drive

a - First hard drive

2 - Second partition on that drive

Credits

I’m learning using this book:

Linux Basics For Hackers by OCCUPYTHEWEB (MASTER OTP)

You can purchase it here

10
Subscribe to my newsletter

Read articles from Jonas Satkauskas directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Linuxlinux for beginnerslinux-basicsterminalarchivepartitioncybr#cybersecuritycybersecurityLearning Journeylearning

Written by

Jonas Satkauskas
Jonas Satkauskas