Filesystem and Storage Device Management
107
The filesystems on a system that are mounted
at boot-time are kept in a
file at
/etc/fstab (short for
filesystem table), which is read by the system at every
bootup.
Unmounting with umount
If you’re coming from a Mac or Windows background, you’ve probably
unmounted a drive without knowing it. Before you remove a flash drive
from
your system, you “eject” it to keep from causing damage to the files
stored on the device.
Eject is just another word for unmount.
Similar to the
mount
command, you can unmount a second hard drive
by entering the
umount
command followed by the
file entry of the device in
the
/dev directory, such as
/dev/sdb. Note that the command is not spelled
unmount but rather
umount (no
n).
kali >
umount /dev/sdb1
You cannot unmount a device that is busy, so if the system is reading or
writing
to the device, you will just receive an error.
Monitoring Filesystems
In this section, we look at some commands for monitoring the state of the
filesystem—a skill necessary for any hacker or system administrator. We’ll get
some info about mounted disks and then check for and fix errors. Storage
devices are particularly error prone, so it’s worth learning this skill.
Getting Information on Mounted Disks
The command
df
(for
disk free) will provide us with basic information on
any hard disks or mounted devices, such as CD, DVD, and flash drives,
including how much space is being used and how much is available (see
Listing 10-4).
Without any options,
df
defaults to all mounted drives. If
you want to check a different drive, simply follow the
df
command with
the drive representation you want to check (for example,
df sdb
).
kali >
df
Filesystem 1K-Blocks Used Available Use% Mounted on
rootfs 19620732 17096196 1504788 92% /
udev 10240 0 10240 0% /dev
--
snip
--
/dev/sdb1 29823024 29712544 110480 99% /media/USB3.0
Listing 10-4: Getting information on disks and mounted devices with
df
The first line of output
here shows category headers, and then we get
the information. The disk space is given in 1KB blocks. On the second
line, we see that
rootfs has 19,620,732 one-kilobyte blocks, of which it is
108
Chapter 10
using 17,096,196 (or about 92 percent), leaving 1,504,788 available. The
df
command also tells us that this filesystem is
mounted on the top of the
filesystem
/.
In the last line, you can see my USB flash drive. Note that it is designated
/dev/sdb1, is nearly 100 percent full, and is mounted at
/media/USB3.0.
As a recap, my virtual disk on this system is designated sda1, which
breaks down as follows:
