Inodes
Home Up Stream A Stream B Shell Skills RegExp Skills Perl Skills Resources Using FTP Web Logs Permissions Notes 1 Notes 2 Inodes Unix exploit - PATH

 

Unix File System Nodes (inodes)

Unix directories and files don't really have names.  They are numbered, using node numbers called inodes, vnodes, or even gnodes (depending on the version of Unix).  You won't find the name of a particular file or directory in or near the file or directory itself.  All the name-to-number mappings of files and directories are stored in the parent directories.  For each file or directory, a link count keeps track of how many parent directories contain a name-number mapping for each node.  When a link count goes to zero, no directory points to the node and Unix is free to reclaim the disk space.

Unix permits all files to have many name-to-number mappings.  So, a file may appear to have several different "names" (Unix calls them "links"); that is, several names that all map to the same node number (and thus to the same file).   Or, the file may have the same "name"; but, that name may appear in different directories. 

Anyone can create a link to any file to which they have access. They don't need to be able to read or write the file itself to make the link; they only need write permission on the directory in which the name-to-number map (the name, or "link") is being created.

Directories are not allowed to have many name-to-number mappings.  Each directory name-to-number map is allowed to appear in exactly one parent directory and no more.   This restriction means that every directory has only one "name".  It prevents loops and cycles in the file system tree.  (Many things are simpler if the tree has no cycles.)

Since a parent directory may have many sub-directories, and since the name ".." (dot dot) in every one of those sub-directories is a map to the node number of the parent directory, the link count of the parent directory is increased by one for every sub-directory the parent contains.  Every directory also contains the name "." (dot), a map to the directory itself, so the smallest link count of any Unix directory is 2: one for the map in the parent directory that gives the directory its "name", and one for the dot map in the directory itself.

Example

Suppose the root directory has node number #2.  Here is a small part of a Unix file system tree, showing hypothetical node numbers:

 
Node #2
. (dot) 
2
.. (dot dot) 
2
 
home
 
123
 
bin
 
555
 
usr
 
654
 
Node #555
. (dot) 
555
.. (dot dot) 
2
 
rm
 
546
 
ls
 
984
 
cp
 
333
 
ln
 
333
 
mv
 
333
 
Node #123
. (dot) 
123
.. (dot dot) 
2
 
ian
 
111
 
stud0002
 
755
 
stud0001
 
883
 
stud0003
 
221

Note how one directory (#555) has three name-to-number maps for the same node.   All three names (cp, ln, mv) refer to the same node number, in this case a file containing an executable program.  (This program looks at its name and behaves differently depending on which name you use to call it.)
 
Node #111
. (dot) 
111
.. (dot dot) 
123
 
.profile
 
334
 
.login
 
335
 
.logout
 
433
 
Node #333
Disk blocks

for the

cp / ln / mv

file

(link count: 3)
 
Node #335
Disk blocks

for the

.login

file

(link count: 1)

Example

Here are two shell programs that are linked into different directories under different names.  The only way you can tell which names point to the same program files is by looking at the inode numbers using the "-i" option to ls:

# ls -i /sbin/sh /usr/bin/sh
    136724 /sbin/sh         279208 /usr/bin/sh
# ncheck -i 279208,136724
/dev/dsk/c0t3d0s0:
279208  /usr/lib/rsh
136724  /sbin/jsh
136724  /sbin/sh
279208  /usr/bin/jsh
279208  /usr/bin/sh

The ncheck command is usable only by the Super User. It finds all pathnames that lead to a particular inode.

Damage

When a Unix file system suffers damage, one or more nodes may become unreadable.  If the damaged or lost nodes are file nodes, the file content pointed to by those nodes will be missing or incomplete.  If any of the nodes are directory nodes, containing the names of files and sub-directories, the files and sub-directories that were once mapped by those nodes will lose their "names".

The Unix file-system checking program ("fsck") usually notices the existence of files and sub-directories that no longer have names, and it gives them false names and links them into a special directory  named "lost+found" when the system reboots itself.  The system admin must go into the directory and figure out what the files are, what their names are, and where they belong.

Many File Systems

A Unix file system is equivalent to a single disk partition. Each Unix file system has its own set of node numbers. Since the overall hierarchical tree on a Unix system may transparently include pieces from several file systems, some items in the hierarchical tree will appear to have the same node numbers, but will actually be different files residing on different file systems.

A directory's name-to-number mapping applies only within a single Unix file system. It isn't possible for a directory to map to a node number in a different file system (i.e. in a different disk partition). A special "mount" command is used to splice together different file systems into one hierarchical tree.