Data Structure
Networking
RDBMS
Operating System
Java
MS Excel
iOS
HTML
CSS
Android
Python
C Programming
C++
C#
MongoDB
MySQL
Javascript
PHP
Physics
Chemistry
Biology
Mathematics
English
Economics
Psychology
Social Studies
Fashion Studies
Legal Studies
- Selected Reading
- UPSC IAS Exams Notes
- Developer's Best Practices
- Questions and Answers
- Effective Resume Writing
- HR Interview Questions
- Computer Glossary
- Who is Who
DEBUGFS Command to Show File Creation Times in Linux
The DEBUGFS command is a powerful utility in Linux that grants access to the file system of a block device. One of its notable features is its ability to reveal the creation time of a file, which cannot be easily obtained through typical Linux commands. This piece of information is stored in a data structure known as the inode, which houses diverse particulars about the file, including its creation time.
To obtain the data using the DEBUGFS command accesses the inode of the file and provides a comprehensive view of the file system. This command facilitates the identification of the inode number of a file, which can subsequently be utilized to disclose the creation time of the file. Having knowledge of a file's creation time can be remarkably valuable in forensic inquiries or when attempting to troubleshoot system issues.
In essence, the DEBUGFS command furnishes a means to examine and adjust the file system of a block device, providing detailed insights into files that are not typically accessible through standard Linux commands. By accessing the inode of a file, the DEBUGFS command enables users to retrieve the creation time of a file, which can prove advantageous in a variety of situations, such as forensic investigations or system troubleshooting.
Step 1 − Find the File Creation Date in Linux
To find the creation date and time of a file on a Linux-based operating system, including the crtime, we can use the "stat" command. To accomplish this, we must first locate the inode of the file by executing the "stat" command against the file we are interested to find let's take an example the file name is "example.txt".
This command will display detailed information about that file. We can see how to find the inode number in the next step and it is used to get the crtime of that particular file that you mentioned. Here is an input command to find a file creation date and time −
stat -c %w example.txt
The command "stat -c %w example.txt" displays the creation time of that file in YYYY-MM-DD HH:MM:SS format. Here's an example output −
2022-10-21 15:42:57
This output display that the file name "example.txt" was created on October 21, 2022, at 15:42:57. However, the format of the output may be different based on the system settings and locale. By executing this command we can get the date and time of any files in the Linux system.
Step 2 − Find the Inode Number of the File
To access a file on a Unix-based operating system, we need its inode number - a unique identifier for every file and directory. We can find the inode number using the 'ls -i' command in the terminal, which lists files in the current directory along with their inode numbers. Alternatively, we can use the 'stat' command to retrieve detailed information about a file and also include its inode number. Once we have the inode number, we can use it to perform various operations on the file, such as copying, moving, or accessing its contents.
To find the inode number of any file, you need to visit the directory where the file is stored.
Execute the following command −
ls -i <file_name>
To find the inode number of a file, For example, if you want to find the inode number of a file named "example.txt" in the current directory, you would type "ls -i example.txt". The output will show the first inode number of that which you want to check and also with its name and other information.
ls -i example.txt
This will display the file's inode number as the first item in the output as you can see below in the output.
1234567 example.txt
In this output, you can see the file name and inode number "example.txt" is 1234567.
Step 3 − Use the DEBUGFS Command to Display File Creation Time
To display the file creation time in Linux, Step 2 involves using the DEBUGFS command, which provides a command-line interface for interacting with the file system. First, we need to find the file system where the file is located by using the "df" command. Then, we can use the "debugfs" command with the "-R" flag followed by the path to the file system device to specify a command to run. The "stat
The syntax for the “debugfs” command −
sudo debugfs -R 'stat <inode_number>' /dev/<block_device>
Replace <inode_number> with the actual inode number of the file you want to check, and
For example, to display the creation time of the file "example.txt" (with inode number 1234567) on the block device /dev/sda1, you would run the following command −
sudo debugfs -R 'stat <1234567>' /dev/sda1
This will display detailed information about the file and include its creation time. The creation time is listed as "crtime".
Here's an example output −
debugfs 1.42.9 (28-Dec-2013) Inode: 1234567 Type: regular Mode: 0644 Flags: 0x0 Generation: 123456789 User: 0 Group: 0 Size: 0 File ACL: 0 Directory ACL: 0 Links: 1 Blockcount: 0 Fragment: Address: 0 Number: 0 Size: 0 ctime: 0x5d4090bb -- Wed Jul 31 14:28:27 2019 atime: 0x5d4090bb -- Wed Jul 31 14:28:27 2019 mtime: 0x5d4090bb -- Wed Jul 31 14:28:27 2019 crtime: 0x5d4090bb -- Wed Jul 31 14:28:27 2019 Size of extra inode fields: 28
Conclusion
In summary, the DEBUGFS command is a powerful tool in Linux for accessing and displaying file system information, including file creation time. Knowing how to use this command enables users to identify the file system, display file attributes, and convert the Unix timestamp to a human-readable format. Viewing file creation times can be useful for forensic investigations, troubleshooting, and auditing, providing vital information about a file's history and age. Mastering the DEBUGFS command is a valuable skill for system administrators, developers, and anyone who works with file systems, offering greater control and insights into Linux file systems, leading to optimized workflows and increased productivity.
153 Views
