Common /dev/ devices

Sun 15 December 2019 by TORGiren en pl 

In this post, I will show you a few GNU/Linux devices, which could be useful for SysOps.


All of the special device files that are handled by the kernel are described in

I will focus on these I find most often used.


Probably, the most often used device is /dev/null. This is the empty device and that means, that we don't get any data when we try to read from it.

$ hexdump -C /dev/null

however, writing will lead to drop data

$ echo "test" >/dev/null

The most often use case of this device is to write data to it when we don't what to get them on screen:

$ ps aux > /dev/null


/dev/zero device, as the name suggests, always return zero. Usually one only read from it. Zeros are mostly used while creating files which should be allocated immediately (in contrast to truncate command)

$ dd if=/dev/zero of=/tmp/file.dat bs=1k count=10k
10240+0 records in
10240+0 records out
10485760 bytes (10 MB, 10 MiB) copied, 0.0252958 s, 415 MB/s

/dev/random and /dev/urandom

/dev/random and /dev/urandom devices return random data from kernel entropy pool, but they differ in their behavior in case of an emptying pool. In the case of /dev/random, read operation is being blocked until new random data will be generated, while /dev/urandom will generate pseudorandom data and return them immediately. So /dev/urandom device is used more often because it is never blocked, but /dev/random is recommended when data has to be truly random and won't be vulnerable to RNG attacks. Ex. while generating private keys and other security data.

The current available entropy size in poll is stored in /proc/sys/kernel/random/entropy_avail file

$ cat /proc/sys/kernel/random/entropy_avail

Data from these devices can be read like any other binary file:

$ dd if=/dev/urandom bs=1 count=64|hexdump -C
00000000  fb de 91 54 21 f5 5f a4  ef 9c a5 de 22 d3 ba 41  |...T!._....."..A|
00000010  8b e5 3d 0e 26 7a 01 c2  b2 f6 6f 7a 9e 47 80 ce  |..=.&z....oz.G..|
00000020  0c d2 49 c2 94 aa 70 95  ba d2 e7 19 8b 1c 01 a4  |..I...p.........|
00000030  6b 2f 0f f2 ab 0b 89 3c  97 55 0c e9 b9 d5 c3 ae  |k/.....<.U......|
64+0 przeczytanych rekordów
64+0 zapisanych rekordów
skopiowane 64 bajty, 9,156e-05 s, 699 kB/s

$ dd if=/dev/random bs=1 count=64|hexdump -C
00000000  a3 0b 7d 8c 91 85 5d 30  18 fa f0 fe ae fb 89 42  |..}...]0.......B|
00000010  c1 81 02 b7 20 62 b8 83  a3 8a 33 51 ee 83 1d 6f  |.... b....3Q...o|
00000020  4d eb 6b e4 96 a4 9e c5  d8 bc 71 2a ec e7 27 5d  |M.k.......q*..']|
00000030  2a 06 96 11 24 9b 88 13  3e 74 6f 16 f5 1b 8a 74  |*...$...>to....t|
64+0 przeczytanych rekordów
64+0 zapisanych rekordów
skopiowane 64 bajty, 0,00020758 s, 308 kB/s

It often happens, that some application needs a large amount of random data from /dev/random, which leads to slow down its performance. In that situation, we can use rngd, which will fill entropy pool with data from hardware random number generator (if it is present)


Last, but not least device that will be shown in this post is /dev/full. This is probably the most common device presented today.

When reading from the device it will return no data.

But, when we try to write anything, it will return ENOSPC error, which means that there is no free space on the volume. This is usually used while testing the application's error handling in case of running out of space.

$ dd if=/dev/random of=/dev/full bs=1k count=1
dd: error writing '/dev/full': No space left on device
0+1 records in
0+0 records out
0 bytes copied, 0.00015115 s, 0.0 kB/s


In case of accidentally removing any device, we can easily recover it using documentation and mknod command.

For example, let's remove /dev/urandom device

[root@localhost bin]# ssh localhost
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
[root@localhost bin]# rm /dev/urandom
rm: remove character special file ‘/dev/urandom’? y
[root@localhost bin]# ssh localhost
cannot read from /dev/urandom, No such file or directory
[root@localhost bin]# mknod /dev/urandom c 1 9
[root@localhost bin]# ssh localhost
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

Fork me on GitHub