Enumerate Metadata

Commands

ls -lisa

File info

file [file]

Determine File Type.

stat [file]

Display Detailed File Information.

statvfs [directory_path]

Display Filesystem Information.

lsattr [filename]

Lists the attributes of the specified file.

getfacl [filename]

Displays the Access Control Lists (ACLs) of the specified file.

getcap [filepath]

Check a specific file for capabilities

getcap -r [filepath]

Recursive

namei /sbin/init

Shows available links to the file. D = dir, F = File, L = Link

namei -mo /sbin/init

Better, shows file permissions and owners

Identifying Symlinks and Hard Links

ls -l

Look at the third column:

Hard link: The number in this column represents the number of hard links pointing to the same data block. If it's greater than 1, it's a hard link.

Soft link: This column will display a hyphen (-) followed by the file size and filename of the file the link points to.

file

The output will tell you the file type.

Hard link: It will say something like "inode link to "

Soft link: It will say "symbolic link to "

stat

Look for the following differences:

Hard link: st_ino (inode number) will be the same for both the link and the original file.

Soft link: st_ino will be different for the link and the original file.

Permission Notes

+------------------------+
| Owner	| Group | Others |
| R W E	| R W E | R W E	 |
| 4 2 1	| 4 2 1 | 4 2 1	 |
+------------------------+

SUID (4): Execute with owner's permissions.

SGID (2): Execute with owning group's permissions.

Sticky Bit (1): Can't delete these files. Often root owned dirs. Only for dirs.

Necessary Permissions by Action

Actions			    Dir	    File
----------------------------------------
Read File		    X	    R
Modify File		    X	    W
Create File		    WX	
Delete File		    WX	
Move File		    WX	    WX
Dir Listing		    R	
Dir Listing w/ Metadata	    RX
Execute Binary		    X	    X
Execute Script		    X	    RX

Timestamp Notes

ctime = Inode change

mtime = Content change

atime = Access time

stat - View inode info and timestamps of a file

Inode: Metadata about a file. Has pointers to the data that the file holds. Keeps track of file meteadata.

Changing the owner of a file changes ctime Creating a file changes ctime

Anytime the content is changed, the ctime is also changed, because the size of the file changes

Anytime file is moved or copied the path changes so the ctime also changes.

Anytime file is opened or executed, atime is changed.

Testing:

If you...

Create a dir

Go in to that dir

Create a subdir

Run stat on the original dir

The atime and ctime does NOT change.

If you...

Create a dir

Do NOT go in to that dir

Create a subdir

Run stat on the original dir

ALL times change. Except birth time.

ls Options

-a or --all

-l or --long

-h or --human-readable

-R or --recursive

-t or --sort=time

-S or --sort=size

-r or --reverse

-i or --inode

-d or --directory

-g or --group

-o or --owner

-F or --classify

-p or --indicator-style=slash

--color

-c or --time=ctime

-u or --time=atime

-1 or --format=single-column

--group-directories-first

PreviousNotes NextModify Metadata

Last updated 1 year ago

Was this helpful?