预备文章,熟悉Ext2文件系统。看前面的blog 分析Ext2文件系统结构
问题:
如果一个4G的文件,删除开始几个字节,底层磁盘会发生什么变化?
猜想:
在团队的分享讨论中,有人认为会有高效的方式,优化文件修改。让我们用实验测试一下,ext2文件系统具体是怎么执行的。
实践:
1. 采用 linux loop设备作为虚拟磁盘,并mount到一个文件。 磁盘一共1000个block,每个block大小是512。(实践上创建完成之后,发现是500个block,每个block大小是1024,总容量没有变化。)
dd if=/dev/zero of=~/file.img bs=512 count=1000 LOOFDEV=`sudo losetup --find --show ~/file.img` mkdir file.image.loop -p sudo mkfs -t ext2 $LOOFDEV sudo mount $LOOFDEV file.image.loop
获取块大小
BLOCKSIZE=`dumpe2fs ~/file.img | grep "Block size:" | awk '{print $NF}'`
2. 查看文件系统详细信息
dumpe2fs ~/file.img
输入结果如下:
1 dumpe2fs 1.44.1 (24-Mar-2018) 2 Filesystem volume name: <none> 3 Last mounted on: <not available> 4 Filesystem UUID: 53664a8d-19e9-4cb3-9cd9-6c1c4f5f1598 5 Filesystem magic number: 0xEF53 6 Filesystem revision #: 1 (dynamic) 7 Filesystem features: ext_attr resize_inode dir_index filetype sparse_super large_file 8 Filesystem flags: signed_directory_hash 9 Default mount options: user_xattr acl 10 Filesystem state: not clean 11 Errors behavior: Continue 12 Filesystem OS type: Linux 13 Inode count: 64 14 Block count: 500 15 Reserved block count: 25 16 Free blocks: 472 17 Free inodes: 53 18 First block: 1 19 Block size: 1024 20 Fragment size: 1024 21 Reserved GDT blocks: 1 22 Blocks per group: 8192 23 Fragments per group: 8192 24 Inodes per group: 64 25 Inode blocks per group: 8 26 Filesystem created: Sun May 10 16:29:03 2020 27 Last mount time: Sun May 10 16:29:04 2020 28 Last write time: Sun May 10 16:29:04 2020 29 Mount count: 1 30 Maximum mount count: -1 31 Last checked: Sun May 10 16:29:03 2020 32 Check interval: 0 (<none>) 33 Reserved blocks uid: 0 (user root) 34 Reserved blocks gid: 0 (group root) 35 First inode: 11 36 Inode size: 128 37 Default directory hash: half_md4 38 Directory Hash Seed: 97e7d950-9ee2-405e-9dfa-f36c2ff7baa5 39 40 41 Group 0: (Blocks 1-499) 42 Primary superblock at 1, Group descriptors at 2-2 43 Reserved GDT blocks at 3-3 44 Block bitmap at 4 (+3) 45 Inode bitmap at 5 (+4) 46 Inode table at 6-13 (+5) 47 472 free blocks, 53 free inodes, 2 directories 48 Free blocks: 28-499 49 Free inodes: 12-64
14行显示,有500个块
16行显示,空闲块是472个。
19行显示,每个块大小是1024字节。
3. 创建一个文件,写入3个块(实际是4给块,最后一个块是EOF)
cd file.image.loop/ COUNT=$BLOCKSIZE python -c "print('a' * $COUNT + 'b' * $COUNT + 'c' * $COUNT)" |sudo tee a.txt
写入1024个字母“a”(HEX 61,DEX97 )
写入10024个字母“b”(HEX 62,DEX98 )
写入10024个字母“b”(HEX 63,DEX99 )
4. 查看文件字节数
ls查看
ls -l a.txt -rw-r--r-- 1 root root 3073 5月 10 16:42 a.txt
wc点字节数
cat a.txt |wc -c 3073
5. 查看文件的具体信息
sudo debugfs $LOOFDEV <<< "stat a.txt"
输出如下结果:
Inode: 12 Type: regular Mode: 0644 Flags: 0x0 Generation: 2365015721 Version: 0x00000001 User: 0 Group: 0 Size: 3073 File ACL: 0 Links: 1 Blockcount: 8 Fragment: Address: 0 Number: 0 Size: 0 ctime: 0x5eb7be5a -- Sun May 10 16:42:02 2020 atime: 0x5eb7bea6 -- Sun May 10 16:43:18 2020 mtime: 0x5eb7be5a -- Sun May 10 16:42:02 2020 BLOCKS: (0-3):28-31 TOTAL: 4
数据位于28-31的磁盘块中。
获取起始块和长度
BNUM=`sudo debugfs $LOOFDEV <<< "blocks a.txt" |grep -o "^[0-9 ]*" |cut -d " " -f1` BLEN=`sudo debugfs $LOOFDEV <<< "blocks a.txt" |grep -o "^[0-9 ]*" |wc -w`
6. 查看文件对应的block内容
sudo dd if=$LOOFDEV bs=$BLOCKSIZE count=$BLEN skip=$BNUM | od -t x1 -Ax
输入如下内容
4+0 records in 4+0 records out 4096 bytes (4.1 kB, 4.0 KiB) copied, 8.578e-05 s, 47.8 MB/s 000000 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 * 000400 62 62 62 62 62 62 62 62 62 62 62 62 62 62 62 62 * 000800 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 * 000c00 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000c10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 * 001000
删除四个字符
sudo sed -i -r '1s/.{4}//' a.txt cat a.txt |wc -c
再次查看文件内容
sudo dd if=$LOOFDEV bs=$BLOCKSIZE count=$BLEN skip=$BNUM | od -t x1 -Ax
没有发生变化,同步数据到磁盘也没有发生变化
sync -f a.txt
这是因为文件的inode和block发生了变化,但是原来存储数据的block并没有擦除。这就是为什么一些磁盘恢复工具能恢复数据的原理。
7. 重新查看文件的具体信息
sudo debugfs $LOOFDEV <<< "stat a.txt"
显示结果如下:
Inode: 13 Type: regular Mode: 0644 Flags: 0x0 Generation: 1601438359 Version: 0x00000001 User: 0 Group: 0 Size: 3069 File ACL: 0 Links: 1 Blockcount: 6 Fragment: Address: 0 Number: 0 Size: 0 ctime: 0x5eb7c5b5 -- Sun May 10 17:13:25 2020 atime: 0x5eb7c5b8 -- Sun May 10 17:13:28 2020 mtime: 0x5eb7c5b5 -- Sun May 10 17:13:25 2020 BLOCKS: (0-2):32-34 TOTAL: 3
我们可以看到block,从前面的28-21移动到了32-34
8. 再次获取新的数据块起始和长度
注意,实际中,数据块不一定是连续的,本实验是因为采用了一个全新的空磁盘。或者再做一次实验,就会发现数据块,可能不连续了。
BNUM=`sudo debugfs $LOOFDEV <<< "blocks a.txt" |grep -o "^[0-9 ]*" |cut -d " " -f1` BLEN=`sudo debugfs $LOOFDEV <<< "blocks a.txt" |grep -o "^[0-9 ]*" |wc -w`
查看文件对应的block内容
sudo dd if=$LOOFDEV bs=$BLOCKSIZE count=$BLEN skip=$BNUM | od -t x1 -Ax
内容如下,已发生变化
3+0 records in 3+0 records out 3072 bytes (3.1 kB, 3.0 KiB) copied, 0.000226374 s, 13.6 MB/s 000000 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 * 0003f0 61 61 61 61 61 61 61 61 61 61 61 61 62 62 62 62 000400 62 62 62 62 62 62 62 62 62 62 62 62 62 62 62 62 * 0007f0 62 62 62 62 62 62 62 62 62 62 62 62 63 63 63 63 000800 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 63 * 000bf0 63 63 63 63 63 63 63 63 63 63 63 63 0a 00 00 00 000c00
9. 清理环境
首先查看还有没有进程打开该磁盘,有的话,kill该进程
sudo lsof $LOOFDEV
cd .. sudo umount $LOOFDEV sudo losetup -d $LOOFDEV rm file.img -rf rm file.image.loop -rf
结论:
整个磁盘都会移动,这其实是最好的方式, 所有数据都是循序读写。
修改一个文件,其实就是创建了一个新文件,inode和磁盘数据都会发生变化。
这是由于文件系统,只提供了read和write的操作,并没有提供插入和删除的操作,其实是应用程序实现了新建文件的操作。
我们可以实现sed过程的strace
1 sudo strace sed -i -r '1s/.{4}//' a.txt 2 execve("/bin/sed", ["sed", "-i", "-r", "1s/.{4}//", "a.txt"], 0x7ffcf1b4cfe0 /* 24 vars */) = 0 3 brk(NULL) = 0x564cef104000 4 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) 5 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) 6 openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 7 fstat(3, {st_mode=S_IFREG|0644, st_size=167308, ...}) = 0 8 mmap(NULL, 167308, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f9820a7a000 9 close(3) = 0 10 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) 11 openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libselinux.so.1", O_RDONLY|O_CLOEXEC) = 3 12 read(3, "177ELF211���������3�>�1���20b������"..., 832) = 832 13 fstat(3, {st_mode=S_IFREG|0644, st_size=154832, ...}) = 0 14 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9820a78000 15 mmap(NULL, 2259152, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f9820654000 16 mprotect(0x7f9820679000, 2093056, PROT_NONE) = 0 17 mmap(0x7f9820878000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x24000) = 0x7f9820878000 18 mmap(0x7f982087a000, 6352, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f982087a000 19 close(3) = 0 20 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) 21 openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 22 read(3, "177ELF2113��������3�>�1���260342�����"..., 832) = 832 23 fstat(3, {st_mode=S_IFREG|0755, st_size=2030544, ...}) = 0 24 mmap(NULL, 4131552, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f9820263000 25 mprotect(0x7f982044a000, 2097152, PROT_NONE) = 0 26 mmap(0x7f982064a000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1e7000) = 0x7f982064a000 27 mmap(0x7f9820650000, 15072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f9820650000 28 close(3) = 0 29 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) 30 openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libpcre.so.3", O_RDONLY|O_CLOEXEC) = 3 31 read(3, "177ELF211���������3�>�1��� 25������"..., 832) = 832 32 fstat(3, {st_mode=S_IFREG|0644, st_size=464824, ...}) = 0 33 mmap(NULL, 2560264, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f981fff1000 34 mprotect(0x7f9820061000, 2097152, PROT_NONE) = 0 35 mmap(0x7f9820261000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x70000) = 0x7f9820261000 36 close(3) = 0 37 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) 38 openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3 39 read(3, "177ELF211���������3�>�1���P16������"..., 832) = 832 40 fstat(3, {st_mode=S_IFREG|0644, st_size=14560, ...}) = 0 41 mmap(NULL, 2109712, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f981fded000 42 mprotect(0x7f981fdf0000, 2093056, PROT_NONE) = 0 43 mmap(0x7f981ffef000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f981ffef000 44 close(3) = 0 45 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) 46 openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3 47 read(3, "177ELF211���������3�>�1���000b������"..., 832) = 832 48 fstat(3, {st_mode=S_IFREG|0755, st_size=144976, ...}) = 0 49 mmap(NULL, 2221184, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f981fbce000 50 mprotect(0x7f981fbe8000, 2093056, PROT_NONE) = 0 51 mmap(0x7f981fde7000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x19000) = 0x7f981fde7000 52 mmap(0x7f981fde9000, 13440, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f981fde9000 53 close(3) = 0 54 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9820a76000 55 arch_prctl(ARCH_SET_FS, 0x7f9820a77040) = 0 56 mprotect(0x7f982064a000, 16384, PROT_READ) = 0 57 mprotect(0x7f981fde7000, 4096, PROT_READ) = 0 58 mprotect(0x7f981ffef000, 4096, PROT_READ) = 0 59 mprotect(0x7f9820261000, 4096, PROT_READ) = 0 60 mprotect(0x7f9820878000, 4096, PROT_READ) = 0 61 mprotect(0x564cee735000, 4096, PROT_READ) = 0 62 mprotect(0x7f9820aa3000, 4096, PROT_READ) = 0 63 munmap(0x7f9820a7a000, 167308) = 0 64 set_tid_address(0x7f9820a77310) = 313 65 set_robust_list(0x7f9820a77320, 24) = 0 66 rt_sigaction(SIGRTMIN, {sa_handler=0x7f981fbd3cb0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f981fbe0890}, NULL, 8) = 0 67 rt_sigaction(SIGRT_1, {sa_handler=0x7f981fbd3d50, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f981fbe0890}, NULL, 8) = 0 68 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 69 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 70 statfs("/sys/fs/selinux", 0x7ffc909bbef0) = -1 ENOENT (No such file or directory) 71 statfs("/selinux", 0x7ffc909bbef0) = -1 ENOENT (No such file or directory) 72 brk(NULL) = 0x564cef104000 73 brk(0x564cef125000) = 0x564cef125000 74 openat(AT_FDCWD, "/proc/filesystems", O_RDONLY|O_CLOEXEC) = 3 75 fstat(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0 76 read(3, "nodev sysfs nodev rootfs nodev r"..., 1024) = 477 77 read(3, "", 1024) = 0 78 close(3) = 0 79 access("/etc/selinux/config", F_OK) = -1 ENOENT (No such file or directory) 80 openat(AT_FDCWD, "/usr/lib/locale/locale-archive", O_RDONLY|O_CLOEXEC) = 3 81 fstat(3, {st_mode=S_IFREG|0644, st_size=10281936, ...}) = 0 82 mmap(NULL, 10281936, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f981f1ff000 83 close(3) = 0 84 openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/charset.alias", O_RDONLY|O_NOFOLLOW) = -1 ENOENT (No such file or directory) 85 openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache", O_RDONLY) = 3 86 fstat(3, {st_mode=S_IFREG|0644, st_size=26376, ...}) = 0 87 mmap(NULL, 26376, PROT_READ, MAP_SHARED, 3, 0) = 0x7f9820a9c000 88 close(3) = 0 89 futex(0x7f982064fa08, FUTEX_WAKE_PRIVATE, 2147483647) = 0 90 openat(AT_FDCWD, "a.txt", O_RDONLY) = 3 91 ioctl(3, TCGETS, 0x7ffc909bbcf0) = -1 ENOTTY (Inappropriate ioctl for device) 92 fstat(3, {st_mode=S_IFREG|0644, st_size=3073, ...}) = 0 93 umask(0700) = 022 94 getpid() = 313 95 openat(AT_FDCWD, "./sediSJ0Jh", O_RDWR|O_CREAT|O_EXCL, 0600) = 4 96 umask(022) = 0700 97 fcntl(4, F_GETFL) = 0x8002 (flags O_RDWR|O_LARGEFILE) 98 fstat(3, {st_mode=S_IFREG|0644, st_size=3073, ...}) = 0 99 read(3, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 4096) = 3073 100 fstat(4, {st_mode=S_IFREG|000, st_size=0, ...}) = 0 101 write(4, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 3069) = 3069 102 read(3, "", 4096) = 0 103 fchown(4, 1000, 1000) = 0 104 fchmod(4, 0100644) = 0 105 close(3) = 0 106 close(4) = 0 107 rename("./sediSJ0Jh", "a.txt") = 0 108 close(1) = 0 109 close(2) = 0 110 exit_group(0) = ? 111 +++ exited with 0 +++
95行显示,打开了一个文件./sediSJ0Jh,fd为4
101行显示,对该fd进行了写操作
107行显示,对./sediSJ0Jh进行了重命名,为”a.txt“
vim 也执行了同样的类似的操作
查看执行前的inode
ls -i a.txt 12452049 a.txt
执行vim修改文件
strace -f -o vim.strace vim a.txt # or vim a.txt VIMPID=`ps -ef |grep vim |grep -v grep |awk '{print $2}'` sudo ltrace -p $VIMPID
查看执行结果
ls -i a.txt 12452058 a.txt
inode发生变化
1 user@user-cloud-nuc1:~$ tail -n 100 vim.strace 2 970 write(1, "w", 1) = 1 3 970 select(1, [0], [], [0], {tv_sec=0, tv_usec=0}) = 0 (Timeout) 4 970 select(1, [0], [], [0], {tv_sec=0, tv_usec=0}) = 0 (Timeout) 5 970 write(1, "33[?25l33[34h33[?25h", 17) = 17 6 970 select(1, [0], [], [0], {tv_sec=4, tv_usec=0}) = 1 (in [0], left {tv_sec=3, tv_usec=888987}) 7 970 read(0, "q", 4096) = 1 8 970 select(1, [0], [], [0], {tv_sec=0, tv_usec=0}) = 0 (Timeout) 9 970 select(1, [0], [], [0], {tv_sec=0, tv_usec=0}) = 0 (Timeout) 10 970 write(1, "q", 1) = 1 11 970 select(1, [0], [], [0], {tv_sec=0, tv_usec=0}) = 0 (Timeout) 12 970 select(1, [0], [], [0], {tv_sec=0, tv_usec=0}) = 0 (Timeout) 13 970 write(1, "33[?25l33[34h33[?25h", 17) = 17 14 970 select(1, [0], [], [0], {tv_sec=4, tv_usec=0}) = 1 (in [0], left {tv_sec=3, tv_usec=738309}) 15 970 read(0, "a", 4096) = 1 16 970 select(1, [0], [], [0], {tv_sec=0, tv_usec=0}) = 0 (Timeout) 17 970 select(1, [0], [], [0], {tv_sec=0, tv_usec=0}) = 0 (Timeout) 18 970 write(1, "a", 1) = 1 19 970 select(1, [0], [], [0], {tv_sec=0, tv_usec=0}) = 0 (Timeout) 20 970 select(1, [0], [], [0], {tv_sec=0, tv_usec=0}) = 0 (Timeout) 21 970 write(1, "33[?25l33[34h33[?25h", 17) = 17 22 970 select(1, [0], [], [0], {tv_sec=4, tv_usec=0}) = 1 (in [0], left {tv_sec=3, tv_usec=555370}) 23 970 read(0, " ", 4096) = 1 24 970 select(1, [0], [], [0], {tv_sec=0, tv_usec=0}) = 0 (Timeout) 25 970 write(1, " ", 1) = 1 26 970 stat("/home/user/a.txt", {st_mode=S_IFREG|0644, st_size=3073, ...}) = 0 27 970 access("/home/user/a.txt", W_OK) = 0 28 970 write(1, "33[?25l", 6) = 6 29 970 ioctl(0, TCGETS, {B38400 opost -isig -icanon -echo ...}) = 0 30 970 ioctl(0, SNDCTL_TMR_START or TCSETS, {B38400 opost isig icanon echo ...}) = 0 31 970 ioctl(0, TCGETS, {B38400 opost isig icanon echo ...}) = 0 32 970 getcwd("/home/user", 4096) = 11 33 970 write(1, ""a.txt"", 7) = 7 34 970 stat("a.txt", {st_mode=S_IFREG|0644, st_size=3073, ...}) = 0 35 970 access("a.txt", W_OK) = 0 36 970 getxattr("a.txt", "system.posix_acl_access", 0x7ffcd6162100, 132) = -1 ENODATA (No data available) 37 970 stat("a.txt", {st_mode=S_IFREG|0644, st_size=3073, ...}) = 0 38 970 lstat("a.txt", {st_mode=S_IFREG|0644, st_size=3073, ...}) = 0 39 970 lstat("4913", 0x7ffcd61624c0) = -1 ENOENT (No such file or directory) 40 970 openat(AT_FDCWD, "4913", O_WRONLY|O_CREAT|O_EXCL|O_NOFOLLOW, 0100644) = 3 41 970 fchown(3, 1000, 1000) = 0 42 970 stat("4913", {st_mode=S_IFREG|0644, st_size=0, ...}) = 0 43 970 close(3) = 0 44 970 unlink("4913") = 0 45 970 stat("a.txt~", 0x7ffcd61621c0) = -1 ENOENT (No such file or directory) 46 970 stat("a.txt", {st_mode=S_IFREG|0644, st_size=3073, ...}) = 0 47 970 stat("a.txt~", 0x7ffcd6161190) = -1 ENOENT (No such file or directory) 48 970 unlink("a.txt~") = -1 ENOENT (No such file or directory) 49 970 rename("a.txt", "a.txt~") = 0 50 970 openat(AT_FDCWD, "a.txt", O_WRONLY|O_CREAT, 0644) = 3 51 970 ftruncate(3, 0) = 0 52 970 write(3, "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"..., 3069) = 3069 53 970 fsync(3) = 0 54 970 stat("a.txt", {st_mode=S_IFREG|0644, st_size=3069, ...}) = 0 55 970 stat("a.txt", {st_mode=S_IFREG|0644, st_size=3069, ...}) = 0 56 970 fchmod(3, 0100644) = 0 57 970 close(3) = 0 58 970 setxattr("a.txt", "system.posix_acl_access", "2���1�6�3773773773774�4�377377377377 �4�377377377377", 28, 0) = 0 59 970 write(1, " 1L, 3069C written", 18) = 18 60 970 lseek(4, 0, SEEK_SET) = 0 61 970 write(4, "b0VIM 8.0����20��`372267^321�276�3123��user"..., 4096) = 4096 62 970 stat("/home/user/a.txt", {st_mode=S_IFREG|0644, st_size=3069, ...}) = 0 63 970 unlink("a.txt~") = 0 64 970 getcwd("/home/user", 4096) = 11 65 970 openat(AT_FDCWD, "/home/user/.viminfo", O_RDONLY) = 3 66 970 stat("/home/user/.viminfo", {st_mode=S_IFREG|0600, st_size=22730, ...}) = 0 67 970 getuid() = 1000 68 970 getuid() = 1000 69 970 stat("/home/user/.viminfo.tmp", 0x7ffcd6162540) = -1 ENOENT (No such file or directory) 70 970 umask(000) = 002 71 970 openat(AT_FDCWD, "/home/user/.viminfo.tmp", O_WRONLY|O_CREAT|O_EXCL|O_NOFOLLOW, 0600) = 5 72 970 umask(002) = 000 73 970 fcntl(5, F_GETFL) = 0x28001 (flags O_WRONLY|O_LARGEFILE|O_NOFOLLOW) 74 970 stat("/home/user/.viminfo.tmp", {st_mode=S_IFREG|0600, st_size=0, ...}) = 0 75 970 fstat(3, {st_mode=S_IFREG|0600, st_size=22730, ...}) = 0 76 970 read(3, "# This viminfo file was generate"..., 4096) = 4096 77 970 read(3, "f\\>" ? \<name\> |2,1,1562634451"..., 4096) = 4096 78 970 read(3, "|4,39,2335,48,1589114505,"~/vim."..., 4096) = 4096 79 970 read(3, "89114187,"~/vim.strace" -' 975 "..., 4096) = 4096 80 970 fstat(5, {st_mode=S_IFREG|0600, st_size=0, ...}) = 0 81 970 write(5, "# This viminfo file was generate"..., 4096) = 4096 82 970 write(5, "f\\>" ? \<name\> |2,1,1562634451"..., 4096) = 4096 83 970 write(5, "~/vim.strace |4,39,2335,48,15891"..., 4096) = 4096 84 970 read(3, "7095 0 " 2487 0 > ~/dbtransfor"..., 4096) = 4096 85 970 write(5, "4200,"~/vim.strace" -' 1062 6 "..., 4096) = 4096 86 970 read(3, "0 + 86 11 + 83 18 + 86 0 + 8"..., 4096) = 2250 87 970 write(5, "5037 0 " 79 0 ^ 19 0 . 76 0 "..., 4096) = 4096 88 970 read(3, "", 4096) = 0 89 970 write(5, "84 7 + 85 17 + 39 34 + 42 36 "..., 2176) = 2176 90 970 close(5) = 0 91 970 close(3) = 0 92 970 stat("/home/user/.viminfo.tmp", {st_mode=S_IFREG|0600, st_size=22656, ...}) = 0 93 970 stat("/home/user/.viminfo", {st_mode=S_IFREG|0600, st_size=22730, ...}) = 0 94 970 unlink("/home/user/.viminfo") = 0 95 970 rename("/home/user/.viminfo.tmp", "/home/user/.viminfo") = 0 96 970 write(1, " 33[?1l33>", 10) = 10 97 970 write(1, "33[34h33[?25h33[?1049l", 19) = 19 98 970 close(4) = 0 99 970 unlink("/home/user/.a.txt.swp") = 0 100 970 exit_group(0) = ? 101 970 +++ exited with 0 +++
49行显示,原文件被命名为a.txt~
50行显示,重新创建了一个名为a.txt的文件。
windows执行和inux类似的操作。
REF:
实际上,文件系统分析的文章网上一大堆。
北航 操作系统 Operation System 七:文件系统