What is UFS – Unix File System and ext Family

Knowing about Unix File System is important because it is the file system that is used by Linux distros and it is one of the most used kernels out there. XFS, JFS and many more file systems are like UFS so if you know about this file system you can cover other file systems based on this.

UFS is there from 1960. First it was started in Berkeley system distribution(BSD) fast file system(FFS) and it is called as UFS today.

Structure of UFS

UFS contains

  • Boot block
  • Super block
  • Cylinder groups
  • Cylinder group headers
  • Inodes
  • Data blocks

Boot block: Place where files belongs to booting are stored

Super block: A magic number that helps in identifying file system as UFS

Cylinder groups: Group of cylinders

Every cylinder contains back up of super block

Cylinder Group Headers: These headers store statistics and free lists which helps to identify free blocks in the file system.

Inodes: Contain file attributes like meta data (file size, timings, permissions), pointer to data blocks to find file.

Datablocks: The place where exact file is stored.

Super blocks structure

Super blocks contain

  • File size
  • Block size
  • Empty and filled blocks
  • Location of inode tables
  • Disk block map: map of the block or cluster in the file system

Inode

It is a data structure about files. It is scattered all over the disk in cylinders. Usually in NTFS file system all the data about files is stored in MFT but in UFS everything is stored in Inode tables and it contains

  • File ownership
  • Access modes (permissions)
  • File type
  • Time stamps
  • Link count

Link Count

Link count is very important and plays very important role in Unix File System. Every chunk of data associated with a file is not the file itself. It just carries file name. In UFS file system multiple file names can point to same data block.

For example, I have an apple file name point to file that is stored at block 5 and I can also have another file name food that is pointing to same block number 5.

Now the link count is 2. Simply link count is the number of file names associated with same data block and these links are also called as hard links.

Inode table doesn’t store any file names it just points to data locations. More precisely it stores the pointers to data.

 

Must Read: Everything you need to know about File System Basics as a Forensic Analyst

1 Shares

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.