LPI Linux Certification/Find System Files And Place Files In The Correct Location

Detailed Objectives edit

(LPIC-1 Version 5.0)

Weight: 2

Description:
Candidates should be thoroughly familiar with the Filesystem Hierarchy Standard (FHS), including typical file locations and directory classifications.

Key Knowledge Areas:

  • Understand the correct locations of files under the FHS.
  • Find files and commands on a Linux system.
  • Know the location and propose of important file and directories as defined in the FHS.

The following is a partial list of the used files, terms and utilities:

  • find
  • locate
  • updatedb
  • whereis
  • which
  • type
  • /etc/updatedb.conf

Filesystem Hierarchy Standard edit

Filesystem Hierarchy Standard (FHS) defines standard locations for different file types and was adopted by many Unix and Linux distributions. Full description can be found here.

In essence FHS divides files based on 2 criteria:
Shareable/unshareable

  • shareable - files which can be stored on one host and used on others. This files do not contain any host specific information. Some examples are binaries under /usr/ or home directories
  • unshareable - files which should not be shared between hosts, for example lockfiles under /var/run define states of processes on a given host so it would make no sense for this information to be shared in normal scenarios (this might be different for software which is aware of existence of other servers sharing the same directory/filesystem)

variable/static

  • static - this are libraries, binaries, documentation and other files which normally do not change without administrator intervention
  • 'variable - this files can change during normal operation. One example are files in /var/run/ directory which might change when services are started and stopped

Below table summarizes main distinction between file types:

shareable unshareable
static /usr /etc
/opt /boot
variable /var/mail /var/run
/var/spool/news /var/lock

Main directories which can be found under / (root) filesystem in Linux are:
bin - essential command binaries, required for system to boot
boot - static files of the boot loader. See Boot the System section for more information
dev - special device files
etc - host-specific system configuration
lib - essential shared libraries and kernel modules. Files within this directory are required during boot
media - mount point for removable media like CD-ROM or USB drives
mnt - mount point for mounting a filesystem temporarily
opt - add-on application software packages. Usually used by third party software
sbin - essential binaries used for system administration, required during boot
srv - data for services provided by this system
tmp - temporary files
var - variable data which includes logfiles and some other frequently changing files
usr - secondary hierarchy which might look like:

/usr/
├── bin
├── include
├── lib
├── lib64
├── local
├── sbin
├── share
└── src

Reason for having separate /usr hierarchy is historical. In the past disk space was very limited and many systems were sharing filesystems for example using NFS. /usr was one of the directories shared this way. Because of that reason all files, libraries and kernel modules required for network and NFS to be operational had to be outside of /usr tree.

Most of the files in directories like /bin/ , /sbin/ , /usr/bin/ , /usr/sbin/ , /usr/lib/ come from Linux packages (see Use Debian Package Management and Use RPM and YUM package management) and almost never have to be changed manually.

If administrator needs to build software from source normally the best place to install it is under /usr/local/ hierarchy which might look similar to:

/usr/local/
├── bin
├── etc
├── games
├── include
├── lib
├── sbin
├── share
└── src

So custom binary files would end up in /usr/local/bin/ , libraries in /usr/local/lib/ , configuration files in /usr/local/etc/ and so on.

Find Files and Commands on a Linux System edit

find - can be used to search directory tree for files and directories meeting certain criteria. It is very powerful command and expressions can be quite complex.

find [-H] [-L] [-P] [-D debugopts] [-Olevel] [path...] [expression]

Normally no options are used so command can be similar to:

find /var/log -type f -mtime -1

In above example /var/log is path which will be searched. Path is optional and if it is not specified current directory will be used. The rest of the command above is expression. Explicit AND operator is assumed between parts of the expression so in above example command will print files (-type f) which were modified within the last 24 hours (-mtime -1).

Examples
List logfiles which were not written to in the last 2 days:

find /var/log -type f -mtime +2

List directories within /etc which are owned by UID 0 OR GID 0:

find /etc -type d \( -uid 0 -o -gid 0 \)

Find files within current directory and subdirectories which do not end with .conf:

find -type f ! -name "*.conf"

List files bigger than 1MB in /var/log

find /var/log -type f -size +1M

Find can also be used to perform actions on result files or directories. Command below will remove all backup files from root's home directory:

find /root -type f -name "*.bak" -exec rm '{}' \;

locate - reads one or more databases prepared by updatedb and writes file names matching at least one of the PATTERNs. This command is much faster than find because it uses prebuilt database but has some limitations. First of all because it uses static database results are not guaranteed to be accurate. If files were removed or added after the database was created locate will not know about it. Second limitation is search pattern. Find allows for very complex expressions while locate permits only simple pattern match.

locate [OPTION]... PATTERN...

Common options:

-i, --ignore-case - perform case insensitive search
-b, --basename - match only the base name against the specified patterns. This is the opposite of --wholename
-w, --wholename - match only the whole path name against the specified patterns

Examples Show location all files matching "rc.local":

locate rc.local

updatedb - creates or updates a database used by locate. If the database already exists, its data is reused to avoid rereading directories that have not changed.

updatedb [OPTION]...

Common options:

-v, --verbose - output path names of files to standard output, as soon as they are found
-e, --add-prunepaths - exclude whitespace separated list of directories from the database

Examples Rebuild the database excluding logfiles:

updatedb -e /var/log

/etc/updatedb.conf is a configuration file used by updatedb command described above. It customizes default behavior of updatedb which is normally executed using cron once a day. Example file from Ubuntu Linux looks like:

PRUNE_BIND_MOUNTS="yes"
# PRUNENAMES=".git .bzr .hg .svn"
PRUNEPATHS="/tmp /var/spool /media"
PRUNEFS="NFS nfs nfs4 rpc_pipefs afs binfmt_misc proc smbfs autofs iso9660 ncpfs coda devpts ftpfs devfs mfs shfs sysfs cifs lustre_lite tmpfs usbfs udf fuse.glusterfs fuse.sshfs ecryptfs fusesmb devtmpfs"

Above directives exclude some directories from being indexed (/tmp /var/spool and /media) as well as some filesystems.

whereis - whereis locates source/binary and manuals sections for specified files.

whereis [-bmsu] [-BMS directory...  -f] filename...

Common options:

-b - search only for binaries
-m - search only for manual sections
-s - search only for sources

Examples Display location of binaries and manpages for cp command:

whereis cp

Print location of tar command manpages:

whereis -m tar

which - which returns the pathnames of the files (or links) which would be executed in the current environment.

which [-a] filename ...

Common options:

-a print all matching pathnames of each argument

Examples Show location of rm binary:

which rm