NILFS2 - bulletproof file system for / home





As you know, if trouble can occur, then it will certainly happen. Probably, everyone had cases when a fresh important file was accidentally deleted, or the text in a text editor was accidentally selected and deleted.



If you are the hoster or the owner of the site, then you probably faced hacking of user accounts or your site. In such cases, it is important to restore the chronology, find a way of penetration and the vulnerability that the attacker used.



To solve such problems, the NILFS2 file system is perfect.



It has been present in the Linux kernel since version 2.6.30.



A feature of this file system is that it is similar to a version control system: you can always roll back the state of the system and look at what it was some time ago.



To provide this functionality, you do not need to configure Cron scripts, make snapshots, etc. The NILFS2 file system does this all by itself. She never overwrites old data and always writes to new areas of the disk if there is enough free disk space. In full accordance with the principle of Copy-on-Write.



In fact, any change to the file entails the automatic creation of a new snapshot of the file system, so you can use this file system as a time machine and rewind the state of the files.



Story



NILFS2 was developed in the bowels of the Nippon Telegraph and Telephone Corporation , in fact, the state (it has a controlling stake) and the largest telecommunications company in Japan. More specifically, the CyberSpace Laboratories led by Ryusuke Konishi .



Why it was developed specifically - it’s not known, however, it can be assumed that such a FS, with its functionality of a “time machine”, is ideal for storing data in which you may want to dig deeper into special services in order to replay the whole picture of SMS, emails, etc.



NILFS2 is also, potentially, a very valuable tool for internal security services, as it allows you to restore all deleted letters in the mail database, open the jambs of employees who can subsequently try to disguise them by deleting or changing their files.



How can I trace the entire history of correspondence
In Linux, on servers (and it is worth putting NILFS2 there for internal security purposes), a file storage method for emails is often used to store mail messages. The so-called Maildir format. It is enough to install Courier Mail Server and configure the storage of letters in Maildir. Another mbox format is a large text file that is easily parsed to individual messages.



If the mail server uses the database, then NILFS2 will make it possible to restore the exact timing of the database changes and the ability to restore the database at any of these points. And then you need to use the database tools to see what was in it at that time ...



However, something went wrong. Either the Japanese government decided not to follow everyone (a la Yarovaya principle), or the performance of NILFS2 on traditional HDDs turned out to be lower than the baseboard, and NILFS2 was released under the GPL license and very quickly entered the Linux kernel, as there were special complaints about the code written highly skilled Japanese, the Linux kernel developers did not have.



What does NILFS2 look like?



From the point of view of use: on the version control system SVN . Each FS checkpoint is a commit that is made automatically without the user's knowledge at any change: whether it is deletion, changing the contents of a file or access rights. Each commit has a number that increases linearly.



From the point of view of the programmer: on a circular buffer. The file system stores the changes and writes them to a piece equal to about 8 MB (2048 * 4096, where 2048 is the number of elements in the block, and 4096 is the size of the memory page). The entire disc is divided into such chunks. Recording is in sequence. When free space runs out, the oldest pictures are deleted, and chunks are overwritten.



Basic NILFS2 Buns





NILFS2 for / home



In Unix-like operating systems, as a rule, there is a / home folder in which user data is stored. Various programs save their settings related to a specific user in this folder.



And who, if not the users, most often mows? Therefore, as they say, God himself commanded to use NILFS2 on / home.



Moreover, with the widespread distribution of SSDs, now we can not worry about the strong drawdown when using CoW file systems.



Yes, we can create FS snapshots as often as we like in ZFS and BTRFS, but there is always a risk that a lost file change will be between the snapshots. And the pictures still need to be administered: delete the old ones. In NILFS2, all this happens automatically, literally every few seconds.



I created a logical volume using lvcreate (in the nvme volume group, thin thin pool). I recommend creating it on the lvm volume, as it can be easily expanded later. I recommend having 50% free disk space with NILFS2 for decent version depth.



lvcreate -V10G -T nvme/thin -n home
      
      





and formatted it in NILFS2:



 mkfs.nilfs2 -L nvme_home /dev/nvme/home mkfs.nilfs2 (nilfs-utils 2.1.5) Start writing file system initial data to the device      Blocksize:4096 Device:/dev/nvme/home1 Device Size:10737418240 File system initialization succeeded !!
      
      





After that, you need to copy all the data from the current / home.



I did this immediately after booting the computer, before entering my account, from the root user. If I logged in as my user, then some programs would open sockets and files in my user’s folder / home / user, which would make copying difficult. As you know, the home folder for the root user is usually located on the path / root, so no files will be opened on the / home section.



 mkdir /mnt/newhome mount -t nilfs2 /dev/nvme/home /mnt/newhome cp -a /home/. /mnt/newhome
      
      





For the last line, see the article .



Next, edit / etc / fstab, which mounts the file system for / home, to



/dev/disk/by-label/nvme_home /home nilfs2 noatime 0 0







The noatime



option noatime



needed to improve performance so that atime does not change with every file access. Next, we reboot.



Types of images in NILFS2.



A normal snapshot without deletion immunity is called a checkpoint (checkpoint or recovery point).

A snapshot with auto-deletion protection is called a snapshot, then just a snapshot.



Viewing checkpoints is done using the lscp command



View snapshots lscp -s



We can create snapshots and checkpoints ourselves at any time using:



 mkcp [-s] 
      
      





Recover data.



NILFS allows us to mount as many old snapshots as necessary while working with the main FS branch. But only in read mode.



Everything is arranged like this. The usual checkpoints that NILFS2 does can be automatically deleted at any time (when the disk space runs out or by the rules of nilfs_cleanerd), so before mounting we must translate the checkpoint into a snapshot or, in Russian, fix the picture.



 chcp ss _
      
      





After that, we can mount the snapshot, for example, like this:



 mount -t nilfs2 -r -o cp=_ /dev/nvme/home /mnt/nilfs/_
      
      





Then we copy the recovered files from the snapshot to / home.

And then we remove the flag of indistinguishability from the image, so that in the future, the automatic garbage collector can delete obsolete data:



 chcp cp _
      
      





Utilities for NILFS2



But this is the trouble. Yes, of course, we can create a file system, change its size online, view a list of chain points, make and delete them. The nilfs2-utils package provides a minimal gentleman's set.



Since NTT curtailed funding, there are no fast, low-level utilities that can display the history of file changes or make diffs between snapshots.



My n2u utility



To fill this vacuum, I wrote my n2u utility , which can display the change history of a specific file / directory:



 n2u log filename
      
      





The output is something like this:



  CHECKPOINT DATE TIME TYPE SIZE MODE 1787552 2019-11-24 22:08:00 first 7079 cp 1792659 2019-11-25 23:09:05 changed 7081 cp
      
      





It works quite quickly for the chosen implementation method: it searches for differences between files using the bisection method, quickly mounting and comparing the file / directory in different images.



You can set the range of checkpoints using the -cp CP1:CP2



key -cp CP1:CP2



or -cp {YEAR-MM-DD}:{YEAR-MM-DD}



.



You can also see the difference between the checkpoints for a specific file or directory:



 n2u diff -r cp1:cp2 filename
      
      





You can display the entire chronology of changes: all the differences between the checkpoints of a specific file / directory:



 n2u blame [-r cp1:cp2] filename
      
      





The date range in this command is also supported.



Cry to the developers



There are a lot of specialists on Habré. Please finish NILFS2. Make replication, low-level fast diff between revisions, reflink and other goodies!



References



Official NILFS website .



Repositories:

NILFS2 .

NILFS2 Utilities and Modules .



Newsletters:

NILFS2 Developer Email . The identifier for the linux-nilfs subscription.

Newsletter Archive .



Nilfs_cleanerd configuration guide .

Comparative performance tests of EXT4, Btrfs, XFS & NILFS2 .




Acknowledgments:





PS Direct the noticed errors in a personal. I increase karma for this.






You can experiment with NILFS2 by ordering a virtual machine from RUVDS for the coupon below. For all new customers, a free trial period of 3 days.






All Articles