Linux For beginners

Linux For beginners

Learning consistently from practicing and getting a hell lot of errors is the best way to learn anything new. I know what's easier for us might be a little tricky or new for others. Also learning from the tutorials/websites is sometimes boring so we have to get our hands dirty to make it more interesting. I tried to explain the concepts for a beginner to have a hassle-free experience. Let's begin 😉

Architecture of Linux - javatpoint

The kernel is the center of the operating system. The term kernel often refers to the operating system. The critical code of the kernel is stored in a special memory area to protect it from other programs. It is a vital component as it is the basis for the proper functioning of the entire system. The kernel performs a variety of tasks including process management, managing hardware devices and handling interrupts.

The shell forms the layer between the user and the kernel so the user can enter commands. The kernel 'understands' only binary language, which is composed exclusively of ones and zeros. In early computing, any instructions/commands from the users were entered in binary language, but this evolved so that the user can enter commands in a more recognizable language. It is the shell that acts as the go-between, accepting the commands entered in the language recognizable by the user, and translating them to binary language for the kernel.

Difference between shell and kernel

Shell Script is a file consisting of lists of commands executed sequentially. It helps in automating the day-to-day tasks of DevOps Engineer/Linux Admin and saves time. For example, if you want to schedule a backup of your file/logs then with the help of a shell script it can be automated to take a backup of the desired files at a specified time and there will be no manual intervention.

Let's write our first Shell Script 🤞:

  1. Create and edit a file:

    vi <Scriptname.sh>

    (Hint: refer to below image for the script part)

  2. Provide execute permission to the shell script:

    chmod u+x <Scriptname.sh>

    (Hint: Scroll down there is a detailed explanation on this under File Permission section)

  3. Execute the script (you can use any of the below syntax):

    ./<ScriptName.sh>

    sh <ScriptName.sh>

    (Hint: Below is the output of the script)

Script1.sh

Output of the Script1.sh

What is Linux, an OS or Kernel?

If you ask this question to anyone you will get a mixed response. Here's why:

As we all know, in a broader concept Linux is an OS with different flavors like Redhat, Fedora, Ubuntu, CentOS etc. This means Linux is an OS.

But, If you are familiar with command "uname" in linux (Yes correct the one which shows Kernel details) then it shows kernel name as Linux. This means Linux is a Kernel.
(Comment down which one you agree about Linux 😵‍💫)

In Linux, everything is a file including programs, and to store them we need directories (if you are familiar with Windows then think of it as a folder😶‍🌫️).

Multiple directories that hold different configuration files related to User profiles, OS, devices, variables, mount directories, Media related, Temp files, User binaries etc. Don't worry will get a little deeper over these.

  • The /root directory is the home directory for the root user.

  • The /dev directory contains device files such as /dev/sda.

  • Static boot files are located in the /boot directory.

  • Applications and user utilities are found in the /usr directory.

  • The /var directory contains log files of various system applications.

  • All system configuration files are stored in the /etc directory.

  • The /home directory is where user folders are located. These include Desktop, Documents, Downloads, Music, Public, and Videos.

  • For add-on application packages, check them out in the /opt directory.

  • The /media directory stores files for removable devices such as USB drives.

  • The /mnt directory contains subdirectories that act as temporary mount points for mounting devices such as CD-ROMs.

  • The /proc directory is a virtual filesystem that holds information on currently running processes. It is a strange filesystem that is created upon a system boot and destroyed upon shutdown.

  • The /bin directory contains user command binary files.

  • The /lib directory stores shared library images and kernel modules.

  1. Regular files (-): These contains programs, executable files and text files.

  2. Directory files (d): It is shown in blue color. It contains lists of files.

  3. Special files

    • Block file (b)

    • Character device file (c)

    • Named pipe file (p)

    • Symbolic link file (l)

    • Socket file (s)

Sr.No.

Prefix & Description

-

Regular files, such as an ASCII text file, binary executable, or hard link.

b

Block special file. Block input/output device files such as a physical hard drive.

c

Character special file. Raw input/output device files such as a physical hard drive.

d

Directory file that contains a listing of other files and directories.

l

Symbolic link file. Links on any regular file.

p

Named pipe. A mechanism for inter-process communications.

s

The Socket is used for inter-process communication.

Command

Description

 Formats

file

Determines file type.

file <Filename>  

stat

to view details (Access, Modify, change time, size, inode, block ... )

 stat [OPTION] <Filename>

touch

Used to create a file.

touch <Filename>

rm

To remove a file.

rm <Filename>

cp

To copy a file.

 cp <Source File> <Destination>

mv

To rename or to move a file.

rm filename1 filename2 filename3

rename

To rename files.

mv <original name>

There are multiple ways to list a file and you will see the difference between all of them. This is something you didn’t find anywhere, below is simple yet effective image to compare and understand :

Let’s take the below example and understand each column in detail:

Example1:

File Permissions

Number of memory blocks

Owner

 Group

File Size in KB

Month, Date

Directory name /File name

1

2

3

4

5

6

7

  • First Column − Represents the file type and the permission given on the file. Below is the description of all type of files.

  • Second Column − Represents the number of memory blocks taken by the file or directory.

  • Third Column − Represents the owner of the file. This is the user who created this file.

  • Fourth Column − Represents the group of the owner. Every user will have an associated group.

  • Fifth Column − Represents the file size in bytes.

  • Sixth Column − Represents the date and the time when this file was created or modified for the last time.

  • Seventh Column − Represents the file or the directory name.

Number

Permission Representation

Ref

Octal representation

0

No permission

---

0

1

Execute permission

--x

1

2

Write permission

-w-

2

3

Execute and write permission: 1 (execute) + 2 (write)

-wx

3

4

Read permission

r--

4

5

Read and execute permission: 4 (read) + 1 (execute)

r-x

5

6

Read and write permission: 4 (read) + 2 (write)

rw-

6

7

All permissions: 4 (read) + 2 (write) + 1 (execute)

rwx

7

1

2

3

4

5

6

7

8

9

10

-

r

w

x

r

w

x

r

w

x

File type

User permission

Group Permission

Others

Inode Number

File Permissions

Number of Symbolic Link

Owner

 Group

Size in KB

Month Date

Modified Time

Directory name /File name

1

2

3

4

5

6

7

8

9

This is used to modify the file permission for Users, Groups and Others

chmod <options> <permission> <File/Directory Name>

Command Action for option:

-c verbose: only report the changes made

-v Verbose: outputs the diagnostics for every request made

-R Recursively: applies the operation on files and directories

This is used to modify the owner of a file

chown <owner name> <file>

This is used to modify the group of the file.

chgrp <group name> file

ACLs are used on Linux filesystems to set custom and more personalized permissions on files and folders. ACLs allow file owners or privileged users to grant rights to specific users or to specific groups.

In Linux, as you probably know, the permissions are divided into three categories : one for the owner of the file, one for the group and one for the others. However, in some cases, you may want to grant access to a directory (the execute permission for example) to a specific user without having to put this user into the group of the file.

This is exactly why access control lists were invented in the first place.

On Linux, access control lists are not enabled when you create a new file or directory on your host (except if a parent directory has some ACLs predefined).

ACL is not pre-installed over the machine. We can use Below Syntax:

apt-get install acl

To see if access control lists are defined for a file or directory, run the ls command and look for a “+” character at the end of the permission line.

The getfacl command is used on Linux to print a complete listing of all regular permissions and access control lists permissions on a file or directory.

getfacl <file/directory>

The setfacl command is used on Linux to create, modify and remove access control lists on a file or directory.

setfacl {-m, -x} {u, g}:<name>:[r, w, x] <file, directory>

Where curly brackets mean one of the following options and regular brackets mean one or several items.

  • -m : means that you want to modify one or several ACL entries on the file or directory.

  • -x : means that you want to remove one or several ACL entries on a file or directory.

  • {u, g} : if you want to modify the ACL for a user or for a group.

  • name : this is an optional parameter, it can be omitted if you want to set the ACL entries for every user or for every group on your host.

  • [r, w, x] : in order to set read, write or execute permissions on the file or directory.

For example, in order to set specific write permissions for a user on a file, you would write the following command:

$ setfacl -m u:user:w <file, directory>

In order to set execute permissions for all users on your host, you would write the following command:

$ setfacl -m u::x <file, directory>

To set full permissions for a specific group on your host, you would write the setfacl this way

setfacl -m g:group:rwx <file, directory>

Now let’s say that you want to remove an ACL entry from a file.

In order, to remove a user specific entry from a file, you would specify the x option.

Note : you cannot specific rights from a single ACL entry, meaning that you can’t remove write permissions, keeping the ACL read permissions active.

setfacl -x u:<user> <file, directory>

Similarly, to remove ACL related to groups on your host, you would write the following command:

setfacl -x g:<group> <file, directory>

Example1: Adding Write permission for another user:

It is broadly categorized as Users, groups and Permission.

There are two kinds of accounts you will see in /etc/passwd :

A. System accounts are used by daemons to access files and directories. These will

usually be disallowed from interactive login via shell or physical console login.

B. Interactive accounts are used by end-users to access computing resources from

either a shell or physical console login.

useradd <options> <groupname> <username>

options

Action

c

Adds a comment to the user account

m

Creates user home directory in the default location, if nonexistent

g

Default group to assign the user

n

Does not create a private group for the user, usually a group with the username

-M

Creates user without home directory

s

Default shell other than /bin/bash

u

Specifies UID (otherwise assigned by the system)

g

Additional groups to assign the user to.

For Example,

useradd -c "Devops Engineer" -m -g Devops varsha

Here user will be added and a home directory will be created along. You can view the user inside the below file:

cat /etc/passwd

This file holds user lists along with their home directory, UID,GID permissions. Below is the representation of each section of the entries inside passwd file:

/etc/passwd file field

Sample Output:

Let me explain with the help of below highlighted example. Here,

gnats: username

[This field can store maximum 32 characters. This field cannot be empty. Case sensitive]

x: The Encrypted password

[Historically, this field was used to store user’s password encrypted with DES algorithm. Over the time computing power increased and DES algorithm became trivial to crack.

To use a more secure algorithm, Linux moved user’s password in a separate file /etc/shadow. Since user’s password no longer stored in this field, a placeholder value x is used to indicate that actual password is stored in other location]

41:UserID (UID)

41: GroupID (GID)

Gnats Bug Reporting System (admin): User Description

/var/lib/gnats: User's Home Directory

/usr/sbin/nologin: User's Login Shell

To check the User ID, group ID & Groupname it is part of?

id <username>

How to Create/change the Password for users?

passwd <username>

How to disable user account?

There are several methods to disable accounts on a system. These range from editing the /etc/passwd file by hand. Or even using the passwd command with the -l switch.

Both of these methods have one big drawback: if the user has ssh access and uses an RSA key for authentication, they can still login using this method. Now let’s use the chagecommand, changing the password expiry date to a previous date. Also, it may be good to make a note on the account as to why we disabled it.

chage [options] <username>

Options

Details

-d, --lastday LAST_DAY

Set the number of days since when the password was last changed. The date may also be expressed in the format YYYY-MM-DD (or the format more commonly used in your area). If the LAST_DAY is set to 0 the user is forced to change his password on the next log-on.

-E, --expiredate EXPIRE_DATE

Set the date or number of days since which the user's account will no longer be accessible. The date may also be expressed in the format YYYY-MM-DD (or the format more commonly used in your area). A user whose account is locked must contact the system administrator before being able to use the system again. (Passing the number -1 as the EXPIRE_DATE will remove an account expiration date)

-h, --help

Display help message and exit.

-i, --iso8601

When printing dates, use the YYYY-MM-DD format

-I, --inactive INACTIVE

Set the number of days of inactivity after a password has expired before the account is locked. The INACTIVE option is the number of days of inactivity. A user whose account is locked must contact the system administrator before being able to use the system again. (Passing the number -1 as the INACTIVE will remove an account's inactivity.)

-l, --list

Show account aging information.

-m, --mindays MIN_DAYS

Set the minimum number of days between password changes to MIN_DAYS. A value of zero for this field indicates that the user may change their password at any time.

-M, --maxdays MAX_DAYS

Set the maximum number of days during which a password is valid. When MAX_DAYS plus LAST_DAY is less than the current day, the user will be required to change their password before being able to use their account. This occurrence can be planned for in advance by use of the -W option, which provides the user with advance warning. (Passing the number -1 as MAX_DAYS will remove checking a password's validity.)

-R, --root CHROOT_DIR

Apply changes in the CHROOT_DIR directory and use the configuration files from the CHROOT_DIR directory. Only absolute paths are supported.

-W, --warndays WARN_DAYS

Set the number of days of warning before a password change is required. The WARN_DAYS option is the number of days before the password expires that a user will be warned their password is about to expire.

Example:

The sudoers file is a file Linux and Unix administrators use to allocate system rights to system users. This allows the administrator to control who does what. Remember, Linux is built with security in mind so don't play with this file 😵‍💫

cat /etc/sudoers

How To Add a User to Sudoers On Debian 10 Buster – devconnected

Thanks for reading till the end, I hope you got some knowledge. Here is a BONUS to make you smile #Linux_Memes:

Take Control of your Linux | sudoers file

If you like my work, Let's connect and collaborate😃. I am available on the below platforms and very much active there:

https://www.linkedin.com/in/varsha-verma-182a04148/
https://github.com/Varsha-Verma/
https://cloud-and-devops.hashnode.dev/

Did you find this article valuable?

Support Varsha Verma by becoming a sponsor. Any amount is appreciated!