Top Ten Basic Linux Administration Tips: in This Paper
Top Ten Basic Linux Administration Tips: in This Paper
As you can see, with SSH, you connect using the command ssh, followed by the Username, an @
symbol, and then the Hostname or IP Address of the Linux host to which you are trying to connect.
You will be prompted for your password to log in. In the example above, the password is required, but
is not echoed and therefore not shown.
The uname command shows the basic type of operating system you are using, like this:
david@debian:~$ uname -a
Linux debian 3.16.0-4-686-pae #1 SMP Debian 3.16.43-2 (2017-04-30) i686 GNU/Linux
And the hostnamectl command shows you the hostname of the Linux server as well as other system
information, like the machine ID, virtualization hypervisor (if used), operating system, and Linux kernel
version. Here’s an example:
david@debian:~$ hostnamectl
Static hostname: debian
Icon name: computer-vm
Chassis: vm
Machine ID: 0eb625ef6e084c9181b9db9c6381d8ff
Boot ID: 8a3ef6ecdfcf4218a6102b613e41f9ee
Virtualization: vmware
Operating System: Debian GNU/Linux 8 (jessie)
Kernel: Linux 3.16.0-4-686-pae
Architecture: x86
• pwd. Display the directory you’re currently in (short for print working directory)
Next, to change to the root directory, you can use the cd command.
david@debian:~$ cd /
To get a simple list of files, you can use the ls command. This will display a very concise list of the files
and folders that exist in the current directory.
david@debian:/$ ls
bin boot dev etc home initrd.img lib lost+found media mnt opt proc root
run sbin srv sys tmp usr var vmlinuz
But, in most cases, you probably want more information than just a simple list of files. Linux uses
command line flags or switches to extend what a command can do. For example, to list out all the files
and folders in the current directory, along with full details about each one, you would type ls -la.
This long listing format then shows you each file and directory, as well as the permissions and access
rights for each object, the name of the user that owns the object (root), the name of the group that owns
the object (again, root), the file size, and the data and time that the object was last modified. Here’s what
this output looks like for the root folder on my test system:
david@debian:/$ ls -la
total 88
drwxr-xr-x 21 root root 4096 May 15 11:50 .
drwxr-xr-x 21 root root 4096 May 15 11:50 ..
drwxr-xr-x 2 root root 4096 May 15 12:11 bin
drwxr-xr-x 3 root root 4096 May 15 15:53 boot
drwxr-xr-x 18 root root 3200 Jul 14 01:52 dev
drwxr-xr-x 134 root root 12288 Jul 14 01:55 etc
drwxr-xr-x 3 root root 4096 May 15 15:53 home
lrwxrwxrwx 1 root root 33 May 15 11:50 initrd.img -> /boot/initrd.img-3.16.0-
4-686-pae
drwxr-xr-x 19 root root 4096 May 17 00:41 lib
drwx------ 2 root root 16384 May 15 11:49 lost+found
drwxr-xr-x 3 root root 4096 May 15 11:49 media
drwxr-xr-x 2 root root 4096 May 15 11:49 mnt
drwxr-xr-x 2 root root 4096 May 15 11:49 opt
dr-xr-xr-x 150 root root 0 Jul 14 01:52 proc
drwx------ 2 root root 4096 May 16 14:29 root
drwxr-xr-x 23 root root 880 Jul 14 01:57 run
drwxr-xr-x 2 root root 4096 May 17 00:41 sbin
drwxr-xr-x 2 root root 4096 May 15 11:49 srv
dr-xr-xr-x 13 root root 0 Jul 14 01:52 sys
drwxrwxrwt 13 root root 4096 Jul 14 02:02 tmp
You can execute applications or commands simply by typing the name of the command if application’s
location is in your $PATH. If that application is not in one of the folders listed in your $PATH, you have
to do one of the following:
• Navigate to the folder where the application is found and tell Linux that you want to execute
the application in that folder, like this:
david@debian:~$ cd /opt/app/bin
david@debian:~$ ./myapp
• (the “dot slash” refers to the current folder, with the full command saying “in the current
directory, execute ‘my app’”)
• Specify the full path of the application when you execute it, like this:
david@debian:~$ /opt/app/bin/myapp
A useful command in determining which command will be run and from what directory it will be run
is the which command. Use which with the executable of a command afterward to get a list of the
location of the command that will be executed.
Besides the standard types of Linux tools, there are tens of thousands of applications you can install into
Linux in just a few commands. Linux distributions offer package managers that help you search online
package or application repositories and then download and install just about any application you might
want. Package managers also make it easy to update your packages to get the latest version. Examples of
package managers are apt, dpkg, rpm, and yum. The package manager that is available to you will be
determined by the Linux distribution that you have installed. Linux running on Android mobile devices
also has its own package manager (similar to the Apple “App Store”).
On Debian and Ubuntu systems, you can run apt list --installed and get a list of the packages
that are already installed, like this:
david@debian:~$ apt list --installed
accountsservice/stable,now 0.6.37-3+b1 i386 [installed,automatic]
acl/stable,now 2.2.52-2 i386 [installed]
acpi/stable,now 1.7-1 i386 [installed]
acpi-support-base/stable,now 0.142-6 all [installed]
(Output truncated)
Any apt list command will result in very long output, so you may consider piping it to the “less”
pager tool, like this: apt list | less. This will show you the output page by page and allow you to
press the space bar after each page to see the next page.
(output truncated)
Important!
For commands requiring elevated privileges, we’ll be prepending those commands with the
sudo command. The sudo command allows you to run the command as an administrator.
In the above example, we used apt install to install the Apache web server. To verify that a package
is installed correctly (and that you installed what you think you installed), you can use apt show.
(Output truncated)
If you just enter ps by itself, you’ll see only your running processes, like this:
david@debian:~$ ps
PID TTY TIME CMD
1679 pts/1 00:00:00 bash
1784 pts/1 00:00:00 ps
In this case, you can see that this user is running the bash shell, which is providing the command
prompt and the ps command to show what processes are running (also the command that produced
this output).
Linux uses the concept of system services, which are long-running programs that are run in the
background and typically provide some service on behalf of system users. You can start, stop, and check
the status of services with the command systemctl, like this:
david@debian:/opt$ systemctl status
● debian
State: running
Jobs: 0 queued
Failed: 0 units
Since: Tue 2017-08-08 20:49:02 EDT; 1h 37min ago
CGroup: /
├─1 /sbin/init
├─system.slice
│ ├─avahi-daemon.service
│ │ ├─469 avahi-daemon: running [debian.local
david@debian:/opt$
(Output truncated)
If you go over to /var/log (with cd /var/log) and do a ls -l (to list the files in long format), you’ll
find that there are quite a few Linux system log files.
david@debian:~$ cd /var/log
david@debian:/var/log$ ls -l
total 4924
-rw-r--r-- 1 root root 0 Jul 14 01:57 alternatives.log
-rw-r--r-- 1 root root 40586 May 15 12:12 alternatives.log.1
drwxr-xr-x 2 root root 4096 Jul 14 01:57 apt
-rw-r----- 1 root adm 1471 Jul 14 02:17 auth.log
-rw-r----- 1 root adm 24651 Jul 14 01:55 auth.log.1
-rw-rw---- 1 root utmp 0 Jul 14 01:57 btmp
-rw------- 1 root utmp 768 Jul 14 01:53 btmp.1
drwxr-xr-x 2 root root 4096 Jul 14 01:57 cups
(Output truncated)
The following are the most important system log files:
• syslog. Contains the centralized logging system, called syslog, in which you’ll find messages
related to the kernel, applications, and more. If configured, this could be the centralized log file
for all Linux systems (or even all network devices) in your data center.
• auth.log. Contains authentication failures and successes
• messages. Contains general system messages of all types
A variety of different tools can be used to view and parse log files, such as:
• grep. Search for a string in a file where the usage is grep PATTERN [FILE]
• tail. View the last lines (tail end) of a text file. A common use case for tail is to watch the status
of a log file in real time with the “-f” flag like tail -f /var/log/syslog
Even if you ignore the rest of the commands in the previous list, learn to use grep.
david@debian:/$ id
uid=1000(david) gid=1000(david)
groups=1000(david),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plu
gdev),108(netdev),110(lpadmin),113(scanner),117(bluetooth)
david@debian:/$ whoami
david
david@debian:/$ sudo id
uid=0(root) gid=0(root) groups=0(root)
david@debian:/$
david@debian:/$ sudo whoami
root
Notice in the dialog above how the id command was used to see that we were “uid” (user ID) 1000, and
how the whoami command was used to see that I am a user called “david.” From there, I used the sudo
id command to make sure I was the root user, and the sudo whoami command verified that I had
become root. You’ll note that the id command proves that I have the uid of 0 (zero).
Here’s a real-world example. Suppose you’d like to view the latest system logs from the Linux syslog file.
Doing so isn’t possible with a regular user account. To view the syslog file (using the tail command, in
this case), you must use the sudo command:
david@debian:~$ tail /var/log/syslog
tail: cannot open ‘/var/log/syslog’ for reading: Permission denied
david@debian:~$ sudo tail /var/log/syslog
May 15 10:00:08 debian systemd[1]: Reached target Network is Online.
May 15 10:00:08 debian systemd[1]: Started ACPI event daemon.
May 15 10:00:08 debian systemd[1]: Listening on ACPID Listen Socket.
May 15 10:00:08 debian systemd[1]: Started LSB: RPC portmapper replacement.
In the above command sequence, you can see that first there was a permission denied error when trying
to view the syslog file, but when the sudo command was used (which typically prompts you for the root
password, since no other user was specified), the last 10 lines of the log file were shown. Many systems
prevent you from becoming the root user with su and instead require you to use the sudo command.
The privileges for who can run what are determined by the /etc/sudoers file, and that file should be
edited using the visudo command to ensure safe access to a critically important configuration file. For
more information on sudo, just use man sudo to view the manual page.
The file is owned by the user “root” and the group “adm”. The file permissions are “rw” (shorthand for
read/write) for the owner and “r” (shorthand for “read”) for the group with no permissions for anyone
else. Figure 2 shows how file permissions work in Linux.
d – directory
drwxr-xr-x
r – read
w – write
x - execute
Type User Group Other Figure 2. Linux file permissions
In the file permissions graphic (Figure 2), a “d” on the left tells you whether you are looking at a directory
(or folder). Then the three sets of permissions “rwx, r-x, r-x” say whether you can read, write, and execute
(or start the application) at the user level, the group level, and the “everyone else” level (others). The type
indicator shown in Figure 2 identifies the selected object as a directory, hence the “d” as the type. The
two most important types of objects in the Linux file system are directories (“d”) and files (“-”). There
are other possible types as well, but for my purposes here, we’ll stick with directories and files.