Linux背景知识（一）：Linux文件体系

本文没有专门的kali知识，只介绍Linux——参照了多本Linux、Kali的相关书籍资料，都是我在学习中用到的书

---

目录

---

Linux的发展历史

1969：C语言的诞生

1969年，Dennis Ritchie和Ken Thompson二人开发了C语言并在其基础上开发了Unix操作系统——他们公开了所有的源代码

1980S：Unix百家争鸣和GNU计划

80年代，很多公司开发了自己的Unix系统，Richard Stallma通过GNU计划试图终止这一局面，以让软件再次实现共享，如今很多的命令行工具都是来自于GNU计划的产物

1990S：Linus Torvalds

90年代，Linus Torvalds众所周知是Linux之父，把自己开发的操作系统源码放到网上，众人拾柴

2005：Linux第四版内核发布

在2005年4月，Linux发布了第四版的内核，这归功于所有参与贡献的开发者

---

基本命令行（bash shell）

通过本段文字，读者将学到一些基本的Linux命令行操作；虽然是在bash下进行的，但是因为zsh兼容bash而且更强大，所以学成后可以换zsh

帮助命令

man $command

e.g.
man whois

man $configfile

e.g.
man syslog.cong

man daemon

e.g.
man syslogd

man -k

e.g.
man -k syslog

man $section $file

e.g.
man 5 passwd

处理路径

pwd：print working directory，查看当前工作目录

pwd

cd：change directory，更换工作目录

cd /etc

ls：得到当前目录的所有文件列表

ls

ls -a
# also get the hidden files

ls -l
# get the long list of files, including states, etc.

mkdir：创建目录

mkdir mydir

mkdir -p
# create parent directory if needed.

rmdir
# only remove empty directory, cannot remove non-mepty directories.

rmdir -p
# similar to -p in mkdir, remove empty parent if needed.

处理路径

在学些文件的相关命令前，要明确：在Linux中，一切皆文件
这句话，随着学习的深入，将会有更深的理解

另外，在Linux中，文件名的小写敏感
这一点和MacOS的terminal不一样，人家是大小写不敏感的

最后，在Linux中，后缀名不重要
其实后缀名本来就不重要，那是为了方便管理

file pci33.png
# file utility determines the file type

touch mydoc.txt

touch -p myfile
# create the with certain properties passing by arguments

rm

rm -i
# To prevent yourself from accidentally removing a file

rm -rf
# By default, rm -r will not remove non-empty directories. However rm accepts several
options that will allow you to remove any directory

cp path1 path2 path3 path4 dest
# copy path1..4 to dest, by deafult the last argument must be the destination

cp -r path1 path2
# forces recursive copying of all files
in all subdirectories

cp -i path1 path2
# prevent cp from overwriting existing files

mv path1 path2
# can also use mv command to rename a file

mv -i path1 paht2
# ask permission to overwrite an existing file

处理文件

head mydoc
# get first 10 lines of mydoc

head -4 mydoc
# get first 4 lines of mydoc

head -c14 mydoc
# get first 14 bytes of mydoc

tail mydoc
# get last 10 lines of mydoc

tail -4 mydoc
# get last 4 lines of mydoc

cat file1 file2 file3
# concatenate files

cat > myfile
# create a file named myfile and then type, ends with ctrl+D

cat > myfile << stop
# use 'stop' instead of default end marker(ctrl+D, which means EOF)

cat file1 > file2
# as same as copy command

tac filename
# cat backwards

more/less

strings smfile
# displays readable strings in the binary file

---

Linux文件结构：二进制目录

众所周知，Linux的文件结构是树状结构（file tree）
遵循文件系统层次结构标准

不同版本的Linux的文件系统略有不同

/

All Linux systems have a directory structure that starts at the root directory. The root
directory is represented by a forward slash, like this: /. Everything that exists on your Linux
system can be found below this root directory. Let's take a brief look at the contents of the
root directory

/bin

The /bin directory contains binaries for use by all users. According to the FHS the /bin
directory should contain /bin/cat and /bin/date (among others).
In the screenshot below you see common Unix/Linux commands like cat, cp, cpio, date, dd,
echo, grep, and so on. Many of these will be covered in this book.

/home/username/bin

You can find a /bin subdirectory in many other directories. A user named serena could put
her own programs in /home/serena/bin.

/opt/username/bin

Some applications, often when installed directly from source will put themselves in /opt. A
samba server installation can use /opt/samba/bin to store its binaries.

/sbin

/sbin contains binaries to configure the operating system. Many of the system binaries
require root privilege to perform certain tasks.
Below a screenshot containing system binaries to change the ip address, partition a disk
and create an ext4 file system.

/lib

Binaries found in /bin and /sbin often use shared libraries located in /lib. Below is a
screenshot of the partial contents of /lib.

/lib/modules

Typically, the Linux kernel loads kernel modules from /lib/modules/$kernel-version/

/lib32和/lib64

We currently are in a transition between 32-bit and 64-bit systems. Therefore, you may
encounter directories named /lib32 and /lib64 which clarify the register size used during
compilation time of the libraries. A 64-bit computer may have some 32-bit binaries and
libraries for compatibility with legacy applications. This screenshot uses the file utility to
demonstrate the difference

/opt

The purpose of /opt is to store optional software. In many cases this is software from outside
the distribution repository. You may find an empty /opt directory on many systems.
A large package can install all its files in /bin, /lib, /etc subdirectories within /opt/
$packagename/. If for example the package is called wp, then it installs in /opt/wp, putting
binaries in /opt/wp/bin and manpages in /opt/wp/man

---

Linux文件结构：配置目录

/boot

The /boot directory contains all files needed to boot the computer. These files don't change
very often. On Linux systems you typically find the /boot/grub directory here. /boot/grub
contains /boot/grub/grub.cfg (older systems may still have /boot/grub/grub.conf) which
defines the boot menu that is displayed before the kernel starts.

/etc

All of the machine-specific configuration files should be located in /etc. Historically /etc
stood for etcetera, today people often use the Editable Text Configuration backronym.
Many times the name of a configuration files is the same as the application, daemon, or
protocol with .conf added as the extension

/etc/init.d/

A lot of Unix/Linux distributions have an /etc/init.d directory that contains scripts to start
and stop daemons. This directory could disappear as Linux migrates to systems that replace
the old init way of starting all daemons

/etc/X11

The graphical display (aka X Window System or just X) is driven by software from the
X.org foundation. The configuration file for your graphical display is /etc/X11/xorg.conf.

/etc/xkel

The skeleton directory /etc/skel is copied to the home directory of a newly created user. It
usually contains hidden files like a .bashrc script.

/etc/sysconfig/

This directory, which is not mentioned in the FHS, contains a lot of Red Hat Enterprise
Linux configuration files. We will discuss some of them in greater detail. The screenshot
below is the /etc/sysconfig directory from RHELv4u4 with everything installed.

---

Linux文件结构：数据目录

/home

Users can store personal or project data under /home. It is common (but not mandatory by
the fhs) practice to name the users home directory after the user name in the format /home/
$USERNAME.

/root

On many systems /root is the default location for personal data and profile of the root user.
If it does not exist by default, then some administrators create it.

/srv

You may use /srv for data that is served by your system. The FHS allows locating cvs,
rsync, ftp and www data in this location. The FHS also approves administrative naming in /
srv, like /srv/project55/ftp and /srv/sales/www.
On Sun Solaris (or Oracle Solaris) /export is used for this purpose.

/media

The /media directory serves as a mount point for removable media devices such as CDROM's,
digital cameras, and various usb-attached devices. Since /media is rather new in the
Unix world, you could very well encounter systems running without this directory. Solaris
9 does not have it, Solaris 10 does. Most Linux distributions today mount all removable
media in /media.

/mnt

The /mnt directory should be empty and should only be used for temporary mount points
(according to the FHS).
Unix and Linux administrators used to create many directories here, like /mnt/something/.
You likely will encounter many systems with more than one directory created and/or
mounted inside /mnt to be used for various local and remote filesystems.

/tmp

Applications and users should use /tmp to store temporary data when needed. Data stored
in /tmp may use either disk space or RAM. Both of which are managed by the operating
system. Never use /tmp to store data that is important or which you wish to archive.

---

Linux文件结构：设备目录（在内存中）

外挂的设备会在内存中创建一个新的设备目录，这并不会占用磁盘空间

/dev

Device files in /dev appear to be ordinary files, but are not actually located on the hard disk.
The /dev directory is populated with files as the kernel is recognising hardware.

/proc

/proc is another special directory, appearing to be ordinary files, but not taking up disk
space. It is actually a view of the kernel, or better, what the kernel manages, and is a means
to interact with it directly. /proc is a proc filesystem.

/sys

The /sys directory was created for the Linux 2.6 kernel. Since 2.6, Linux uses sysfs
to support usb and IEEE 1394 (FireWire) hot plug devices. See the manual pages
of udev(8) (the successor of devfs) and hotplug(8) for more info (or visit http://linuxhotplug.sourceforge.net/
).
Basically the /sys directory contains kernel information about hardware.

---

Linux文件结构：Unix系统资源（/usr）

Unix系统资源，英文Unix System Resources，存储在/usr文件中

/usr文件目录的两个主要特点是：1. 共享，2. 只读

Although /usr is pronounced like user, remember that it stands for Unix System Resources.
The /usr hierarchy should contain shareable, read only data. Some people choose to mount
/usr as read only. This can be done from its own partition or from a read only NFS share
(NFS is discussed later).

/usr/bin

The /usr/bin directory contains a lot of commands

/usr/include

The /usr/include directory contains general use include files for C.

/usr/lib

The /usr/lib directory contains libraries that are not directly executed by users or scripts.

/usr/local

The /usr/local directory can be used by an administrator to install software locally

/usr/share

The /usr/share directory contains architecture independent data. As you can see, this is a
fairly large directory.
This directory typically contains /usr/share/man for manual pages.
And it contains /usr/share/games for all static game data (so no high-scores or play logs).

/usr/src

The /usr/src directory is the recommended location for kernel source files

---

Linux文件结构：可变数据（/var）

/var目录下通常存储一些实现不可估计大小的文件数据，比如日志、缓存、假脱机文件

/var/log

The /var/log directory serves as a central point to contain all log files.

/var/log/messages

A typical first file to check when troubleshooting on Red Hat (and derivatives) is the /var/
log/messages file. By default this file will contain information on what just happened to the
system. The file is called /var/log/syslog on Debian and Ubuntu.

/var/cache

The /var/cache directory can contain cache data for several applications.

/var/spool

The /var/spool directory typically contains spool directories for mail and cron, but also
serves as a parent directory for other spool files (for example print spool files).

/var/lib

The /var/lib directory contains application state information.
Red Hat Enterprise Linux for example keeps files pertaining to rpm in /var/lib/rpm/

/var/…

/var also contains Process ID files in /var/run (soon to be replaced with /run) and temporary
files that survive a reboot in /var/tmp and information about file locks in /var/lock. There
will be more examples of /var usage further in this book.