Linux is the best-known and most-used open source operating system.

To Learn

Introduction To Linux

- Linux Basics - Why Different Distros - Ubuntu Desktop Environments

User/Group Operations

- Create User - Delete User - Update user/ its group - Create group - Modify group - Gid. Why <1000 and >1000 - Modify Password - Modify Primay/Secondary Group

Package Managements

- apt install - apt remove/purge - apt search - apt repo configuration, versions - Installation using source - configure - make - make test - make install

File Permission

- How to grant file/folder permission - Why not 777 - rwx and 421 modes - user and group of file

Sudo

- Why not SUDO command - Why not user ROOT user - ROOT user DISK resource allocation - ROOT Permission security issues - sudoers.d and sudoers file - nopasswd sudo

ENVIRONMENTS

- ~/.bashrc - ~/.profile - /etc/profile - /etc/environment - /etc/profile.d

week 2 Process Management

- View - Kill Process and other Signals - cd /Proc - Start a Process - Nohup, Pm2, screen, setsid. bg , fg, disown, - Port Binding 127 vs 192 vs 0

File Management

- less - grep - tail - cat"

Nginx

- Install: ppa and source - Configure - User Permission - Locations - Logs

SSH

- Password/ File based logins - Passphrase - ~/.ssh permission - authorized_keys - id_rsa and id_rsa.pub - ssh_config

Java installation

- from ppa - From Source - adding and editing Environment Variables

TOMCAT

- Install and setup - Run - Log files - directories and files - Working”

User management

These operations are performed using the following commands:

adduser: add a user to the system.

userdel: delete a user account and related files.

addgroup: add a group to the system.

delgroup: remove a group from the system.

usermod: modify a user account.

chage: change user password expiry information.

sudo: run one or more commands as another user (typically with superuser permissions).

Relevant files: /etc/passwd (user information), /etc/shadow (encrypted passwords), /etc/group (group information) and /etc/sudoers (configuration for sudo).

The /etc/sudoers File

Now that we have a regular user account created, we will explain how to utilize it to perform user management tasks.

To grant pluralsight superuser permissions, we will need to add an entry for it in /etc/sudoers. This file is used to indicate which users can run what commands with elevated permissions (most likely as root).

https://www.pluralsight.com/guides/user-and-group-management-linux

https://www.pluralsight.com/guides/getting-started-with-user-management-linux-admin

https://www.tecmint.com/fix-user-is-not-in-the-sudoers-file-the-incident-will-be-reported-ubuntu/

https://linuxize.com/post/how-to-create-users-in-linux-using-the-useradd-command/

Sudo vs. Su

On some Linux distributions like Ubuntu, the root user account is disabled by default for security reasons. This means that no password is set for root, and you cannot use su to switch to root.

One option to change to root would be to prepend the su command with sudo and enter the currently logged in user password:

sudo su -

usermod

Group membership can be modified with the useradd or usermod command.

Be careful when using usermod to add users to groups. By default, the usermod command will remove the user from every group of which he is a member if the group is not listed in the command! Using the -a (append) switch prevents this behavior.

usermod -a -G tennis,sports venus

useradd vs adduser

https://askubuntu.com/questions/345974/what-is-the-difference-between-adduser-and-useradd

force user to logout in Linux

cut command

grep command

Overriding the Default /etc/login.defs Values

The -K (--key) option followed by KEY=VAL allows you to override the default values specified in the /etc/login.defs file.

Basically, all you can override are the maximum and minimum values of the normal and system group IDs for automatic GID selection when creating a new group.

Let’s say you want to create a new group with GID in the range between 1200 and 1500. To do that, specify the min/max values as shown below:

groupadd -K GID_MIN=1200 -K GID_MAX=1500 mygroup

Forcing Linux user to change password at their next login

Linux change password for other user account

Command to Add Multiple Users to a Group at once:

gpasswd -M *username1, *username2, *username3 ...., *usernamen *group_name

Example:

gpasswd -M Person1, Person2, Person3 Group1

Adding Repositories with add-apt-repository

Personal Package Archives (PPAs) repo

Manually Adding Repositories

https://www.makeuseof.com/compile-install-software-from-source-linux/

samba - SMB networking protocol

How to Create and Manage Archive Files in Linux

To create an archive called ‘project.tar’ from the contents of the ‘project’ directory, type:

$ tar -cvf project.tar project

To list the contents of an archive called ‘project.tar’, type:

$ tar -tvf project.tar 

To extract the contents of an archive called ‘project.tar’, type:

$ tar -xvf project.tar

https://www.fosslinux.com/34665/15-tar-command-in-linux-uses-with-examples.htm

chmod command

why not 777

https://pimylifeup.com/chmod-777/#:~:text=The permission 777 means that,files to compromise your system.

Suitable Permissions for a Web Server

When it comes to files that you are serving through a web server such as Apache or NGINX, some general permissions will work for most cases.

The first thing is there is zero need for any files within the directories your serving to have the execute privilege.

When a web server serves these files, it only needs to be able to read from them.

Typically for files within a web server, you will want to use the permission 644 for files and 755 for directories.

You can update the permissions for all of the files within a directory by running the following command.

find /var/www -type f -exec chmod 644 {} \;

To apply these new permissions to all directories within a directory, you can use the following command.

find /var/www -type d -exec chmod 755 {} \;

absolute and symbolic mode of changing file and folder permissions

Add an Existing User to Multiple Groups

Symbolic link - soft and hard

Symbolic links, also known as soft links, are special types of files that point to other files, much like shortcuts in Windows and Macintosh aliases. The data in the target file does not appear in a symbolic link, unlike a hard link. Instead, it points to another file system entry.

What is Umask and How To Setup Default umask Under Linux?

Explain Octal umask Mode 022 And 002

As I said earlier, if the default settings are not changed, files are created with the access mode 666 and directories with 777. In this example:

1. The default umask 002 used for normal user. With this mask default directory permissions are 775 and default file permissions are 664.

2. The default umask for the root user is 022 result into default directory permissions are 755 and default file permissions are 644.

3. For directories, the base permissions are (rwxrwxrwx) 0777 and for files they are 0666 (rw-rw-rw).

In short,

1. A umask of 022 allows only you to write data, but anyone can read data.

2. A umask of 077 is good for a completely private system. No other user can read or write your data if umask is set to 077.

3. A umask of 002 is good when you share data with other users in the same group. Members of your group can create and modify data files; those outside your group can read data file, but cannot modify it. Set your umask to 007 to completely exclude users who are not group members.

But, How Do I Calculate umasks?

The octal umasks are calculated via the bitwise AND of the unary complement of the argument using bitwise NOT. The octal notations are as follows:

• Octal value : Permission

• 0 : read, write and execute

• 1 : read and write

• 2 : read and execute

• 3 : read only

• 4 : write and execute

• 5 : write only

• 6 : execute only

• 7 : no permissions

Now, you can use above table to calculate file permission. For example, if umask is set to 077, the permission can be calculated as follows:

sudo - cautions, uses

• Privilege escalation - If there is a security vulnerability that's exploited (in say, your web browser), by not running your programs as root will limit damage. If your web browser is running as root (because you logged in as root), then any security failures will have access to your entire system.

• Acountability - There is only one root account. If everything is using the root account, it's difficult to find out who did what. This applies less in a single-user environment, but that's still not a good argument to avoid good security practices. With something like sudo, every command that's executed with super-user powers is logged, along with the specific user that requested it be executed.

root - why is it bad to login as root

Inodes and the Linux filesystem

Linux filesystems are complicated things to understand, especially when you get down into the weeds of data and metadata. Every time you run the ls  command and see the output—files listed, permissions, account ownership, etc.—understand that the data about  the files you see is stored somewhere separate from the files themselves, and must be called up. Inodes are behind the scenes working hard, so you don't have to. Let's take a look at what precisely an inode is and what it does for us.

What is an inode?

By definition, an inode is an index node. It serves as a unique identifier for a specific piece of metadata on a given filesystem. Each piece of metadata describes what we think of as a file. That's right, inodes operate on each filesystem, independent of the others. Where this gets confusing is when you realize that each inode is stored in a common table. In short, each filesystem mounted to your computer has its own inodes. An inode number may be used more than once but never by the same filesystem. The filesystem id combines with the inode number to create a unique identification label.

Allocating disk space

swap memory

grep Swap /proc/meminfo

Type the following command to show swap usage summary by device

# swapon -s

Use the free command as follows:
# free -g

Monitoring Tools In Linux

top, htop, vmstat, iostat, atop, nmon, glances, saidar

vmstat

vmstat 1 5

Description

vmstat is a computer system monitoring tool that collects and displays summary information about operating system memory, processes, interrupts, paging and block I/O. Users of vmstat can specify a sampling interval which permits observing system activity in near-real time

vmstat command (also known as virtual memory statistic tool) shows information about processes, memory, disk, and CPU activity in Linux, whereas the iostat command is used to monitor CPU utilization, system input/output statistics for all the disks and partitions.

iostat

iostat 1 5

sudo apt-get install sysstat -y

Top - This command used to check cpu and memory utilization process wise

Htop - command is well refine and have extra feature of top command.it have very good looking use interface.

How to Create Partitions in Linux

https://phoenixnap.com/kb/linux-create-partition

sudo parted /dev/sdb
select /dev/sdb
mklabel [partition_table_type] 
	eg mklabel gpt
  eg mkpart primary ext4 1MB 1855MB

The “You may need to update /etc/fstab file” message signals that the partition can be mounted automatically at boot time.
	Your Linux system's filesystem table, aka fstab, is a configuration table designed to ease the burden of mounting and unmounting file systems to a machine. It is a set of rules used to control how different filesystems are treated each time they are introduced to a system. Consider USB drives, for example. Today, we are so used to the plug and play nature of our favorite external drives that we may completely forget that operations are going on behind the scenes to mount the drive and read/write data.

In the time of the ancients, users had to manually mount these drives to a file location using the mount command. The fstab file became an attractive option because of challenges like this. It is designed to configure a rule where specific file systems are detected, then automatically mounted in the user's desired order every time the system boots. Not only is it less work over time, but it also allows the user to avoid load order errors that could eat up valuable time and energy.

sudo fdisk -l

sudo mkfs -t ext4 /dev/sdb1

sudo mkdir -p /mt/sdb1

sudo mount -t auto /dev/sbd1 /mt/sdb1

sudo visudo -f /etc/sudoers.d/networking

addgroup netadmin

ismail   ALL=(ALL:ALL) NOPASSWD: /bin/passwd

ismail   ALL=(ALL:ALL) NOPASSWD: /bin/passwd, /bin/rm, /bin/mkdir

The default signal is 15, which is SIGTERM. Which means if you just use the kill command without any number, it sends the SIGTERM signal.

The syntax for killing a process is:

Alternatively you can also use :

This command will send a ‘SIGKILL’ signal to the process. This should be used in case the process ignores a normal kill request.

change priority of a process

In Linux, you can prioritize between processes. The priority value for a process is called the ‘Niceness’ value. Niceness value can range from –20 to 19. 0 is the default value. Lower the value higher the priority.

The fourth column in the output of top command is the column for niceness value.

To start a process and give it a nice value other than the default one, use:

To change nice value of a process that is already running use:

renice [value] -p 'PID'

https://www.cyberciti.biz/faq/how-to-check-running-process-in-linux-using-command-line/

How to manage processes from the Linux terminal

The ps command is a traditional Linux command to lists running processes. The following command shows all processes running on your Linux based server or system:

vek@nixcraft:~$ ps -aux

vivek@nixcraft:~$ sudo ps -a

You can search for a particular Linux process using grep command /egrep command :

vivek@nixcraft:~$ ps aux | grep firefox

vivek@nixcraft:~$ sudo ps aux | grep vim

vivek@nixcraft:~$ sudo ps -aux | egrep 'sshd|openvpn|nginx'

Linux Kill Signals

The way of communicating a message from one process to another process is called a signal. The message that we try to communicate is also called notification that the destination process is to be processed. They might ignore the signals or leave to perform the default action. The kill command in Linux will allow users in sending a signal to the process. When we use the signal command to send a signal to a process that is owned by other users (like root), then we would need admin rights and have the privilege to use the ‘sudo’ command.

Kill signal command in Linux does not only use to stop processes running in the Linux system, but also used to terminate the software from all illegal programs. Thus, few of the kill command signals in Linux are a part of security parameters. Remarkably, these kill commands do not only terminate or kill the programs but also they are used to pause, restart, or continue the programs.

Linux kill command

Want to kill a process? Try kill command. The syntax is:vivek@nixcraft:~$ kill pidvivek@nixcraft:~$ kill -signal pidFind PID using ps, pgrep or top commands. Say you want to kill a PID # 16750, run:vivek@nixcraft:~$ kill 16750For some reason if the process can not be killed, try forceful killing:vivek@nixcraft:~$ kill -9 16750ORvivek@nixcraft:~$ kill -KILL 16750

Linux pkill command

If you wish to kill a process by name, try pkill command. The syntax is:vivek@nixcraft:~$ pkill processNamevivek@nixcraft:~$ pkill vimvivek@nixcraft:~$ pkill firefoxvivek@nixcraft:~$ pkill -9 emacsvivek@nixcraft:~$ sudo pkill -KILL php7-fpm

Linux killall command

The killall command kills processes by name, as opposed to the selection by PID as done by kill command:vivek@nixcraft:~$ killall vimvivek@nixcraft:~$ killall -9 emacs

Here are the common signals that we generally use in Linux.

Below are the list of Signals and their descriptions:

• SIGTRAP – The main purpose of SIGTRAP command signal is to debug a process. When a signal is sent to a process and it is waiting for an action or condition to meet the debugger then this signal will be sent.

• SIGABRT – This SIGABRT kill signal is used for aborting the processing signal. Basically, a process is initiated to SIGABRT to kill the signal on its own.

• SIGBUS – Whenever a program sends the SIGBUS signal, it happens to be caused by a bus error. Generally, the bus errors are because of a program that tries to utilize duplicate physical addresses or it might be due to the program that may have its memory settings that is set incorrectly.

• SIGCHLD – Whenever a parent program does not find its child process, then the parent program sends the SIGCHLD signal. This is used to clear up the resources which are used by the child program.

• SIGPROF – Whenever any process is using CPU Time then the SIGPROF signal is sent by the system when the program is elapsing.

• SIGPOLL – Whenever a program is causing any non-concurrent I/O actions, then that program will send the SIGPOLL signal.

The SIGHUP (“hang-up”) signal is used to report that the user's terminal is disconnected, perhaps because a network or telephone connection was broken.

The default action for SIGINT, SIGTERM, SIGQUIT, and SIGKILL is to terminate the process. However, SIGTERM, SIGQUIT, and SIGKILL are defined as signals to terminate the process, but SIGINT is defined as an interruption requested by the user