🐧
A Practical Introduction

Linux
essentials

Filesystem, permissions, processes, pipes, packages, systemd, networking, and SSH — the foundation of everything running in production.

filesystem permissions processes pipes ssh
press → or arrow-keys to advance
concept 01

Filesystem Hierarchy

Everything is under /. One tree, three categories: system binaries, config & data, virtual kernel interfaces.

/ (root) SYSTEM BINARIES CONFIG & DATA VIRTUAL / KERNEL /bin → /usr/bin Essential user commands: ls, cat, grep, bash /sbin → /usr/sbin System admin commands: iptables, fdisk, sshd /lib → /usr/lib Shared libraries (.so files), kernel modules /boot Kernel image, initrd, GRUB config /etc System-wide config files nginx.conf · fstab · passwd · hosts · resolv.conf /home User home directories /home/alice · /home/bob (root's is /root) /var Variable/runtime data /var/log · /var/lib · /var/run · /var/www /tmp Temporary files · cleared on reboot /proc Process info (virtual fs) /proc/cpuinfo · /proc/meminfo · /proc/1/maps /sys Kernel & hardware interface Driver params, power, block device settings /dev Device files /dev/sda · /dev/null · /dev/tty · /dev/zero /usr Installed software · /usr/local for manual installs
concept 02

Everything is a File

The Unix philosophy: one interface — open/read/write/close — for regular files, devices, sockets, pipes, and more.

$ ls -la /dev /etc /proc (first char = file type) - Regular file /etc/nginx.conf · ~/.bashrc · /bin/ls 📄 d Directory /etc · /home/alice · /var/log 📁 l Symbolic link /bin → /usr/bin · /lib → /usr/lib 🔗 b Block device /dev/sda · /dev/nvme0n1 · disks & partitions 💾 c Character device /dev/tty · /dev/null · /dev/random (stream) ⌨️ p Named pipe (FIFO) mkfifo · inter-process comms s Socket /run/docker.sock · nginx.sock Same syscall API for all: open() · read() · write() · close()

Why it matters

  • Read a disk block device like a file
  • Write to a terminal like a file
  • Pipe network socket output like a file
  • Configure hardware by writing to /sys
  • Inspect processes by reading /proc

Useful special files

  • /dev/null — discard output
  • /dev/zero — infinite zero bytes
  • /dev/random — random data
  • /dev/stdin — your keyboard
  • /proc/self — current process

ls -la output

drwxr-xr-x  alice  /home/alice
-rw-r--r--  alice  .bashrc
lrwxrwxrwx  root   /bin → usr/bin
crw-rw-rw-  root   /dev/null
concept 03

Permissions & Ownership

Every file has an owner, a group, and a 9-bit permission mask split into three trios.

example: -rwxr-xr-- alice devs script.sh - r w x r - x r - - type owner (alice) rwx = 7 group (devs) r-x = 5 others r-- = 4 type: - regular d directory l symlink b block dev c char dev p pipe s socket Bit values (add together) r = 4 (read) — can read file/list dir w = 2 (write) — can modify / create x = 1 (execute) — can run / enter dir Common octal modes 755 rwxr-xr-x executables, dirs 644 rw-r--r-- config files 600 rw------- private keys chmod 755 script.sh · chmod +x script.sh · chown alice:devs file.txt Special bits setuid (s) — run as owner /usr/bin/sudo (4755) setgid (s) — run as group sticky (t) — only owner can delete /tmp (1777)
concept 04

Users, Groups & sudo

Every process runs as a user. sudo is privilege escalation — not a login, a temporary grant.

/etc/passwd (one line per user) alice:x:1001:1001:Alice:/home/alice:/bin/bash name pw uid gid comment home shell password hash lives in /etc/shadow (root-only) alice uid=1001 gid=1001 Groups alice (primary) devs sudo sudo checks /etc/sudoers asks for alice's password root uid=0 · unrestricted $ sudo apt install nginx sudo command run ONE command as root, then back to alice su - switch to a full root login shell /etc/sudoers (edit with: visudo) alice ALL=(ALL:ALL) ALL user hosts (run-as-user:group) commands %sudo ALL=(ALL:ALL) NOPASSWD: ALL

User management

# create user with home dir
useradd -m -s /bin/bash alice
passwd alice

# add to group (e.g. docker)
usermod -aG docker alice

# who am I / what groups?
whoami
id
groups

Key files

  • /etc/passwd — user accounts
  • /etc/shadow — password hashes (root only)
  • /etc/group — group memberships
  • /etc/sudoers — sudo rules

Security notes

  • Disable root SSH login (PermitRootLogin no)
  • Lock unused accounts: passwd -l user
  • Principle of least privilege — no blanket NOPASSWD in prod
concept 05

Processes & Signals

Every running program is a process. They form a tree rooted at PID 1. Signals are the way to communicate with them.

systemd (PID 1) init process · parent of everything · never dies sshd PID 234 SSH daemon bash PID 890 your login shell vim PID 1042 child of bash nginx PID 456 master process worker PID 457 worker PID 458 postgres PID 789 main db process checkpointer PID 790 cron PID 512 scheduled tasks Signals SIGTERM (15) — please stop gracefully SIGKILL (9) — terminate immediately, cannot be caught SIGHUP (1) — reload config SIGINT (2) — Ctrl+C ps aux · ps aux | grep nginx · kill -15 1042 · kill -9 1042 · pkill nginx · pgrep -u alice
concept 06

stdin · stdout · stderr & Pipes

Every process has three open file descriptors. Pipes connect stdout of one process to stdin of the next.

File Descriptors 0 stdin ← keyboard / prev stdout 1 stdout → terminal / next stdin 2 stderr → terminal (separate!) $ cat access.log | grep "ERROR" | sort | uniq -c | sort -rn cat access.log → stdout fd:0 fd:1 fd:2 pipe grep "ERROR" filters matching lines sort alphabetical order uniq -c count duplicates sort -rn highest count first term- inal stderr (fd 2) flows to terminal separately Redirects cmd > file overwrite cmd >> file append cmd 2> err.log stderr to file cmd 2>&1 merge stderr into stdout cmd < file stdin from file cmd > /dev/null 2>&1 discard all output
concept 07

Package Management

Packages are compressed archives containing binaries, libraries, and metadata. Repos are catalogues of packages with verified checksums.

# ── Debian / Ubuntu (apt) ──────────────────
# update package index
sudo apt update

# upgrade all installed packages
sudo apt upgrade

# install a package
sudo apt install nginx

# remove (keep config) / purge (delete all)
sudo apt remove nginx
sudo apt purge nginx

# search for a package
apt search "http server"

# show package info / files
apt show nginx
dpkg -L nginx

# ── RHEL / Fedora / Amazon Linux (dnf) ─────
sudo dnf install nginx
sudo dnf update
sudo dnf remove nginx
rpm -ql nginx       # list installed files

# ── Add a third-party repo ─────────────────
# apt: add .list file to /etc/apt/sources.list.d/
curl -fsSL https://repo.example.com/key.gpg | \
  sudo apt-key add -
echo "deb https://repo.example.com stable main" \
  | sudo tee /etc/apt/sources.list.d/example.list
sudo apt update && sudo apt install example-pkg
Package Repo archive.ubuntu.com apt update Local index /var/lib/apt/lists/ apt install System /usr/bin/… Inside nginx.deb / nginx.rpm: binaries → /usr/sbin/nginx config → /etc/nginx/nginx.conf systemd unit → /lib/systemd/system/nginx.service man page → /usr/share/man/man8/nginx.8 + pre/post install scripts · dependency list · checksums

Distributions & package formats

  • .deb Debian, Ubuntu, Mint → apt / dpkg
  • .rpm RHEL, Fedora, Amazon → dnf / rpm
  • .pkg.tar.zst Arch → pacman

Tip: auto-clean old packages

# remove unused dependencies
sudo apt autoremove
# clear cached .deb files
sudo apt clean
concept 08

systemd & Services

systemd is PID 1 — it starts, stops, and monitors services using declarative unit files.

# /etc/systemd/system/myapp.service
[Unit]
Description=My Web Application
After=network.target postgresql.service
Requires=postgresql.service

[Service]
Type=simple
User=deploy
WorkingDirectory=/opt/myapp
ExecStart=/opt/myapp/venv/bin/uvicorn main:app
ExecReload=/bin/kill -HUP $MAINPID
Restart=on-failure
RestartSec=5s
EnvironmentFile=/etc/myapp/env
StandardOutput=journal
StandardError=journal

[Install]
WantedBy=multi-user.target

# after creating/editing:
systemctl daemon-reload
systemctl enable --now myapp
inactive start activating active ✅ stop deactivating inactive failed ❌ crash

systemctl commands

systemctl start nginx
systemctl stop nginx
systemctl restart nginx
systemctl reload nginx   # HUP
systemctl status nginx
systemctl enable nginx   # start on boot
systemctl disable nginx

journalctl — view logs

# follow live logs for service
journalctl -u nginx -f
# last 100 lines
journalctl -u nginx -n 100
# since boot / since time
journalctl -b
journalctl --since "1 hour ago"
concept 09

Networking Basics

Interfaces, routing, DNS resolution, and the tools to inspect all of it.

Network Interfaces (ip addr show) lo (loopback) 127.0.0.1/8 · ::1/128 process ↔ process on same host · never leaves the box eth0 (or ens3, enp0s3…) 192.168.1.42/24 · 2001:db8::1/64 main physical / virtual NIC · connects to the network docker0 (virtual bridge) 172.17.0.1/16 created by Docker for container networking DNS Resolution flow (what happens when you curl api.example.com) app getaddrinfo() 1st /etc/hosts 127.0.0.1 localhost checked first — overrides DNS 2nd /etc/resolv.conf nameserver 8.8.8.8 points to DNS resolver 3rd DNS Resolver 8.8.8.8 / 1.1.1.1 / systemd-resolved IP address → returned to app Essential networking commands ip addr show list interfaces and IPs ip route show routing table ip link set eth0 up ss -tlnp listening TCP sockets + PIDs (replaces netstat) ss -s socket summary stats ping 1.1.1.1 test connectivity curl -I https://example.com HTTP headers only dig api.example.com DNS lookup traceroute 8.8.8.8 hop-by-hop path
concept 10

SSH — Secure Shell

Public-key auth, config files, and port forwarding — the three things that make SSH powerful.

Client (~/.ssh/) id_rsa (private key) NEVER leave this machine · chmod 600 id_rsa.pub (public key) Safe to share · add to authorized_keys ~/.ssh/config Host prod HostName 203.0.113.10 User deploy IdentityFile ~/.ssh/prod_key 🔒 Encrypted Tunnel (port 22) Challenge-response key auth → no passwords needed Server (~/.ssh/) authorized_keys One public key per line ssh-ed25519 AAAA… alice@laptop sshd (daemon) /etc/ssh/sshd_config Port 22 · PermitRootLogin no AllowUsers deploy alice (restrict logins) Quick start ssh-keygen -t ed25519 -C "alice@laptop" generate key pair ssh-copy-id deploy@server install pub key ssh prod connect using ~/.ssh/config alias ssh -L 5432:localhost:5432 prod local port forward (tunnel DB)
concept 11

Essential Commands

The commands you'll reach for every day.

# ── Navigation ───────────────────────
pwd                    print working dir
cd -                   previous directory
ls -lah               long + hidden + human sizes
find . -name "*.log"  find by name
find . -mtime -1      modified in last day

# ── Files ────────────────────────────
cp -r src/ dst/       recursive copy
mv file newname
rm -rf dir/           ⚠ careful
ln -s target link     symlink

# ── Viewing / Searching ──────────────
cat file
less file             paginate (q to quit)
tail -f /var/log/syslog
grep -r "error" /var/log/
grep -n "TODO" *.py   with line numbers

# ── Text Processing ──────────────────
cut -d: -f1 /etc/passwd  extract field
awk '{print $1, $NF}' f
sed 's/foo/bar/g' file   replace text
sort -k2 -n file
wc -l file               line count

# ── Disk & Storage ───────────────────
df -h                  disk usage by filesystem
du -sh /var/log/*     size of each item
lsblk                 block devices tree
mount /dev/sdb1 /mnt

# ── Archives ─────────────────────────
tar -czf archive.tar.gz dir/   create
tar -xzf archive.tar.gz        extract
tar -tzf archive.tar.gz        list contents
zip -r archive.zip dir/
unzip archive.zip

# ── System Info ──────────────────────
uname -a              kernel version + arch
uptime
free -h               RAM usage
top  /  htop         process monitor
lscpu                 CPU info

# ── Useful combos ────────────────────
# top 10 largest files
du -ah . | sort -rh | head -10
# who is listening on :8080?
ss -tlnp | grep 8080
# what opened this file?
lsof /var/log/nginx/access.log
recap

You now know Linux

The foundation that Docker, Kubernetes, and every production server runs on.

🐧 Core Concepts

  • One / tree — everything is a path
  • Everything is a file — one API for all I/O
  • Every process has an owner and runs as a user
  • Permissions: owner / group / others × r / w / x

⚙️ Runtime

  • systemd — PID 1, manages all services
  • Processes — tree rooted at PID 1, signals to communicate
  • Pipes — compose small tools into powerful pipelines
  • Packages — apt/dnf manage install + dependencies

🌐 Network & Access

  • Interfaces — lo, eth0, ss to inspect sockets
  • DNS — /etc/hosts → /etc/resolv.conf → resolver
  • SSH — key-pair auth, ~/.ssh/config, port tunnels
  • sudo — temporary privilege grant, not a root login

🔑 The Unix Philosophy

Write programs that do one thing well. Write programs that work together. Write programs that handle text streams — the universal interface. Pipes turn small tools into powerful pipelines.

📖 /proc and /sys are your friend

Before installing a monitoring tool, try reading /proc/meminfo, /proc/net/tcp, and /sys/class/net/eth0/statistics/rx_bytes. The kernel exposes everything.

Next steps: linuxcommand.org · tldr.sh (quick man pages) · overthewire.org/wargames/bandit (hands-on) · man man