- How to Find Out File Types in Linux
- Types of File and Explanation
- Regular Files
- Directory Files
- Special Files
- 1. Block Files:
- 2. Character device files:
- 3. Pipe Files:
- 4. Symbol link files:
- 5. Socket Files:
- How to see the file type?
- The unknown file
- The file command
- How does file work?
- Stage 1: File system tests
- Stage 2: Magic discovery
- Stage 3: Text files
- File Command and Parameters
- Continue reading
- 2 comments
- Leave a Reply Cancel reply
- About Linux Audit
- Linux and UNIX security automation
- Recent Posts
- Contact
- How linux know the type of the file it is dealing with? [duplicate]
- 2 Answers 2
How to Find Out File Types in Linux
In Linux, everything is considered as a file. In UNIX, seven standard file types are regular, directory, symbolic link, FIFO special, block special, character special, and socket. In Linux/UNIX, we have to deal with different file types to manage them efficiently.
In Linux/UNIX, Files are mainly categorized into 3 parts:
The easiest way to find out file type in any operating system is by looking at its extension such as .txt, .sh, .py, etc. If the file doesn’t have an extension then in Linux we can use file utility. In this article, we will demonstrate file command examples to determine a file type in Linux.
To find out file types we can use the file command.
Syntax: file [OPTION…] [FILE…]
You can run the following command to verify the version of the file utility:
We can test a file type by typing the following command:
We can pass a list of files in one file and we can specify using the -f option as shown below:
cat file.txt file -f file.txt
Using the -s option we can read the block or character special file.
Using -b option will not prepend filenames to output lines
Using -F option will use string as separator instead of “:”.
Using -L option will follow symlinks (default if POSIXLY_CORRECT is set):
We can use the –extension option to print a slash-separated list of valid extensions for the file type found.
For more information and usage options, you can use the following command:
We can also use ls command to determine a type of file.
The following table shows the types of files in Linux and what will be output using ls and file command
| File Type | Command to create the File | Located in | The file type using “ls -l” is denoted using | FILE command output |
|---|---|---|---|---|
| Regular FIle | touch | Any directory/Folder | – | PNG Image data, ASCII Text, RAR archive data, etc |
| Directory File | mkdir | It is a directory | d | Directory |
| Block Files | fdisk | /dev | b | Block special |
| Character Files | mknod | /dev | c | Character special |
| Pipe Files | mkfifo | /dev | p | FIFO |
| Symbol Link Files | ln | /dev | l | Symbol link to |
| Socket Files | socket() system call | /dev | s | Socket |
Types of File and Explanation
Regular Files
Regular files are ordinary files on a system that contains programs, texts, or data. It is used to store information such as text, or images. These files are located in a directory/folder. Regular files contain all readable files such as text files, Docx files, programming files, etc, Binary files, image files such as JPG, PNG, SVG, etc, compressed files such as ZIP, RAR, etc.
Or we can use the “file *” command to find out the file type
Directory Files
The sole job of directory files is to store the other regular files, directory files, and special files and their related information. This type of file will be denoted in blue color with links greater than or equal to 2. A directory file contains an entry for every file and sub-directory that it houses. If we have 10 files in a directory, we will have 10 entries in the directory file. We can navigate between directories using the cd command
We can find out directory file by using the following command:
We can also use the file * command
Special Files
1. Block Files:
Block files act as a direct interface to block devices hence they are also called block devices. A block device is any device that performs data Input and Output operations in units of blocks. These files are hardware files and most of them are present in /dev.
We can find out block file by using the following command:
We can use the file command also:
2. Character device files:
A character file is a hardware file that reads/writes data in character by character in a file. These files provide a serial stream of input or output and provide direct access to hardware devices. The terminal, serial ports, etc are examples of this type of file.
We can find out character device files by:
We can use the file command to find out the type of file:
3. Pipe Files:
The other name of pipe is a “named” pipe, which is sometimes called a FIFO. FIFO stands for “First In, First Out” and refers to the property that the order of bytes going in is the same coming out. The “name” of a named pipe is actually a file name within the file system. This file sends data from one process to another so that the receiving process reads the data first-in-first-out manner.
We can find out pipe file by using the following command:
We can use the file command to find out file type:
4. Symbol link files:
A symbol link file is a type of file in Linux which points to another file or a folder on your device. Symbol link files are also called Symlink and are similar to shortcuts in Windows.
We can find out Symbol link file by using the following command:
We can use the file command to find out file type:
5. Socket Files:
A socket is a special file that is used to pass information between applications and enables the communication between two processes. We can create a socket file using the socket() system call. A socket file is located in /dev of the root folder or you can use the find / -type s command to find socket files.
We can find out Symbol link file by using the following command:
We can use the file command to find out file type:
How to see the file type?
Did you come across a file, but don’t know what type it is? Let’s learn how to analyze it.
The unknown file
You may encounter a file on your system with known contents or goal. Usually, the first thing we do is then use cat to show the contents, or execute it. While that makes sense, it may be dangerous to do. It might be a piece of malware, disrupt your screen output or even hang the terminal. Here is a better way to do it, using the file command. Great for forensics, malware analysis, intrusion detection, and normal day-to-day system administration.
The file command
Most systems will have the file command available. It is a nifty small tool which helps you quickly determine what the purpose of a file is. Besides just telling if it is binary code or data, it will include additional details. For binaries, it may share that it is an ELF binary, for 64 bits systems, how it is linked and if it depends on external function libraries.
How does file work?
Even veteran administrators might never have looked into the details of the file command, but taken its power for granted. The tool is pretty nifty, because it uses a staged set of tests, working towards a final answer. Depending on the outcome of each test it continues, till it finds useful details to share.
Stage 1: File system tests
The file command starts with determining if a file is a “simple” file. It can be a symbolic link to another file, or a directory. Yes, directories are files as well. To help with this, file uses the stat(2) system call, which is also a standalone utility.
Regular file is shown by stat utility
From this output, we can see that the stat command does not reveal much. It is considered to be a regular file, which might hold any type of data. So time to go the next phase.
Stage 2: Magic discovery
When the file command knows the type of file we are dealing with, it can test more in-depth. This is done via a magic file, which represents many text strings, or character combinations. For example, a file starting with PK might be a compressed file.
Output of file -l displaying magic strings
With this predefined list of strings and regular expressions, most file types can be discovered.
Stage 3: Text files
The last stage is determining if the file is a text file. If it didn’t find a match by using tips from the magic dataset, it will assume it is a normal file with text in it. To be sure, it will check the character set used (ASCII, UTF-8). Also if line breaks are used and what type, like applied line feed and carriage returns, which differ between files created in MS-DOS/Windows, Mac OS and Linux systems.
Common types of output are:
- ASCII text
- ASCII text, with very long lines
- gzip compressed data, from Unix, last modified:
File Command and Parameters
The file utility is very easy to use, as it actually does not require any parameter, except the file you want to analyze. While there are parameters available, most of them cover very specific cases. An example is changing the behavior of the tool, or the output itself.
- brief (-b) – Do not show the file name
- uncompress (-z) – Uncompress the data file for further inspection
See the man page for more specific use cases.
One more thing.
Keep learning
So you are interested in Linux security? Join the Linux Security Expert training program, a practical and lab-based training ground. For those who want to become (or stay) a Linux security expert.
Security scanning with Lynis and Lynis Enterprise
Run automated security scans and increase your defenses. Lynis is an open source security tool to perform in-depth audits. It helps with system hardening, vulnerability discovery, and compliance.
Continue reading
2 comments
Q. What can be determine by the “file” command? 1. File type
2. File contents
3. File permissions
4. File supper block. I have confused that choice answer. Please answer me Reply
Leave a Reply Cancel reply
This site uses Akismet to reduce spam. Learn how your comment data is processed.
About Linux Audit
This blog is part of our mission: help individuals and companies, to scan and secure their systems. We simply love Linux security, system hardening, and questions regarding compliance.
Besides the blog, we have our security auditing tool Lynis. Open source, GPL, and free to use.
For those with enterprise needs, or want to audit multiple systems, there is an Enterprise version.
«One security solution to audit, harden, and secure your Linux/UNIX systems.»
- Perform audits within a few minutes
- Central management
- Powerful reporting
- Compliance checks (e.g. PCI DSS)
- Additional plugins and more tests
Linux and UNIX security automation
Lynis is a free and open source security scanner. It helps with testing the defenses of your Linux, macOS, and Unix systems. Typical use-cases for this software include system hardening, vulnerability scanning, and checking compliance with security standards (PCI-DSS, ISO27001, etc).
Recent Posts
Contact
This blog is part of our mission to share valuable tips about Linux security. We are reachable via @linuxaudit
Company details
CISOfy
De Klok 28,
5251 DN, Vlijmen, The Netherlands
+31-20-2260055
How linux know the type of the file it is dealing with? [duplicate]
In windows the OS know the type of file by using extension: exe,doc,ppt,pdf . etc In Linux as we know that the extension is useless. My question is how can Linux know the type of file it is dealing with: shell script, audio file,video file . etc or is it dealing with all the files in the same way?
2 Answers 2
File extensions aren’t useless for Linux distros, they are just a shortcut that is often uneeded. There are a couple of tools that Linux uses which make file extensions largely uneeded. The first, and perhaps the most obvious, is the shebang ( #! ).
The shebang is a line at the top of scripts executed by a shell to tell the shell what should be used to execute it. For example, the standard line to be included for a bash script is something like this:
This line tells the shell that the scripts contents should be executed by the utility located at /usr/bin/bash . However, shebangs are really only helpful for executable items.
The next tool used widely by modern applications are MIME types. Mime types are a declaration of file type used widely on the internet so that web browsers and email clients can know what type of file is being transferred. However, many programs rely on these types to know how to handle them (for example, X’s .desktop files may include a mimetype line to declare a file-type association with a particular program).
Finally, a C library and command-line frontend were developed to detect mimetypes through heuristics. These are libmagic and file , respectively. Libmagic and file allow a program, or a user, to detect a file’s mimetype even if it is not explicitly declared.
Admittedly, shebangs play a much smaller role in how modern operating systems determine the type of a file, but they are still widely used in the scripting world, and are certainly still a part of the equation.
Some of the declared filetype associations through mimetypes for X can be found in the file $HOME/.local/share/applications/mimeapps.list (for example).