Lab 12.1: Working with File Attributes
1. With your normal user account use touch to create an empty file named/tmp/appendit.
2. Use cat to append the contents of /etc/hoststo/tmp/appendit.
3. Compare the contents of/tmp/appenditwith/etc/hosts; there should not be any differences.
4. Try to add the append-only attribute to /tmp/appenditby using chattr. You should see an error here. Why?
5. As root, retry adding the append-only attribute; this time it should work. Look at the file’s extended attributes by using lsattr.
6. As a normal user, try and use cat to copy over the contents of/etc/passwdto /tmp/appendit. You should get an error. Why?
7. Try the same thing again as root. You should also get an error. Why?
8. As the normal user, again use the append redirection operator (>>) and try appending the /etc/passwd file to /tmp/appendit. This should work. Examine the resulting file to confirm.
9. As root, set the immutable attribute on/tmp/appendit, and look at the extended attributes again.
10. Try appending output to/tmp/appendit, try renaming the file, creating a hard link to the file, and deleting the file as both the normal user and as root.
11. We can remove this file by removing the extended attributes. Do so.
33
34 CHAPTER 12. FILESYSTEM FEATURES: ATTRIBUTES, CREATING, CHECKING, MOUNTING
Solution 12.1
1. $ cd /tmp
$ touch appendit
$ ls -l appendit
-rw-rw-r-- 1 coop coop 0 Oct 23 19:04 appendit 2. $ cat /etc/hosts > appendit
3. $ diff /etc/hosts appendit 4. $ chattr +a appendit
chattr: Operation not permitted while setting flags on appendit 5. $ sudo chattr +a appendit
$ lsattr appendit
---a---e-- appendit 6. $ cat /etc/passwd > appendit
bash: appendit: Operation not permitted 7. $ sudo su
$ cat /etc/passwd > appendit
bash: appendit: Operation not permitted
$ exit
8. $ cat /etc/passwd >> /tmp/appendit
$ cat appendit
9. $ sudo chattr +i appendit
$ lsattr appendit ----ia---e- appendit 10. $ echo hello >> appendit
-bash: appendit: Permission denied
$ mv appendit appendit.rename
mv: cannot move ‘appendit’ to ‘appendit.rename’: Operation not permitted
$ ln appendit appendit.hardlink
ln: creating hard link ‘appendit.hardlink’ => ‘appendit’: Operation not permitted
$ rm -f appendit
rm: cannot remove ‘appendit’: Operation not permitted
$ sudo su
$ echo hello >> appendit
-bash: appendit: Permission denied
$ mv appendit appendit.rename
mv: cannot move ‘appendit’ to ‘appendit.rename’: Operation not permitted
$ ln appendit appendit.hardlink
ln: creating hard link ‘appendit.hardlink’ => ‘appendit’: Operation not permitted
$ rm -f appendit
rm: cannot remove ‘appendit’: Operation not permitted
$ exit 11. $ sudo su
$ lsattr appendit ----ia---e- appendit
$ chattr -ia /appendit
$ rm appendit
rm: remove regular file ‘appendit’? y
$ ls appendit
ls: cannot access appendit: No such file or directory
CHAPTER 12. FILESYSTEM FEATURES: ATTRIBUTES, CREATING, CHECKING, MOUNTING 35
Lab 12.2: Mounting Options
In this exercise you will need to either create a fresh partition, or use a loopback file. The solution will differ slightly and we will provide details of both methods.
1. Use fdisk to create a new 250 MB partition on your system, probably on/dev/sda. Or create a file full of zeros to use as a loopback file to simulate a new partition.
2. Use mkfs to format a new filesystem on the partition or loopback file just created. Do this three times, changing the block size each time. Note the locations of the superblocks, the number of block groups and any other pertinent information, for each case.
3. Create a new subdirectory (say/mnt/tempdir) and mount the new filesystem at this location. Verify it has been mounted.
4. Unmount the new filesystem, and then remount it as read-only.
5. Try to create a file in the mounted directory. You should get an error here, why?
6. Unmount the filesystem again.
7. Add a line to your/etc/fstabfile so that the filesystem will be mounted at boot time.
8. Mount the filesystem.
9. Modify the configuration for the new filesystem so that binary files may not be executed from the filesystem (change defaults to noexec in the /mnt/tempdirentry). Then remount the filesystem and copy an executable file (such as /bin/ls) to /mnt/tempdir and try to run it. You should get an error: why?
When you are done you will probably want to clean up by removing the entry from/etc/fstab.
Solution 12.2
Physical Partition Solution
1. We won’t show the detailed steps in fdisk, as it is all ground covered earlier. We will assume the partition created is/dev/sda11, just to have something to show.
$ sudo fdisk /dev/sda ...
w
$ partprobe -s
Sometimes the partprobe won’t work, and to be sure the system knows about the new partition you have to reboot.
2. $ sudo mkfs -t ext4 -v /dev/sda11
$ sudo mkfs -t ext4 -b 2048 -v /dev/sda11
$ sudo mkfs -t ext4 -b 4096 -v /dev/sda11
Note the -v flag (verbose) will give the requested information; you will see that for a small partition like this the default is 1024 byte blocks.
3. $ sudo mkdir /mnt/tempdir
$ sudo mount /dev/sda11 /mnt/tempdir
$ mount | grep tempdir 4. $ sudo umount /mnt/tempdir
$ sudo mount -o ro /dev/sda11 /mnt/tempdir
LFS201: V 1.0 Copyright the Linux Foundation 2015. All rights reserved.c
36 CHAPTER 12. FILESYSTEM FEATURES: ATTRIBUTES, CREATING, CHECKING, MOUNTING
If you get an error while unmounting, make sure you are not currently in the directory.
5. $ sudo touch /mnt/tempdir/afile 6. $ sudo umount /mnt/tempdir 7. Put this line in/etc/fstab:
/dev/sda11 /mnt/tempdir ext4 defaults 1 2 8. $ sudo mount /mnt/tempdir
$ sudo mount | grep tempdir 9. Change the line in /etc/fstabto:
/dev/sda11 /mnt/tempdir ext4 noexec 1 2 Then do:
$ sudo mount -o remount /mnt/tempdir
$ sudo cp /bin/ls /mnt/tempdir
$ /mnt/tempdir/ls
You should get an error here, why?
Loopback File Solution
1. $ sudo dd if=/dev/zero of=/imagefile bs=1M count=250 2. $ sudo mkfs -t ext4 -v
$ sudo mkfs -t ext4 -b 2048 -v /imagefile
$ sudo mkfs -t ext4 -b 4096 -v /imagefile
You will get warned that this is a file and not a partition, just proceed.
Note the -v flag (verbose) will give the requested information; you will see that for a small partition like this the default is 1024 byte blocks.
3. $ sudo mkdir /mnt/tempdir
$ sudo mount -o loop /imagefile /mnt/tempdir
$ mount | grep tempdir 4. $ sudo umount /mnt/tempdir
$ sudo mount -o ro,loop /imagefile /mnt/tempdir
If you get an error while unmounting, make sure you are not currently in the directory.
5. $ sudo touch /mnt/tempdir/afile 6. $ sudo umount /mnt/tempdir 7. Put this line in/etc/fstab:
/imagefile /mnt/tempdir ext4 loop 1 2 8. $ sudo mount /mnt/tempdir
$ sudo mount | grep tempdir 9. Change the line in /etc/fstabto:
/imagefile /mnt/tempdir ext4 loop,noexec 1 2 Then do:
$ sudo mount -o remount /mnt/tempdir
$ sudo cp /bin/ls /mnt/tempdir
$ /mnt/tempdir/ls
You should get an error here, why?