Introduction
Linux administration requires deep understanding of file systems, process management, security, and system operations. This comprehensive guide covers essential Linux administration skills from file operations to process monitoring, system scheduling, and disaster recovery.
We'll explore the Linux file system hierarchy, file manipulation commands, process management, security permissions, archiving strategies, and system monitoring tools. Each section includes practical examples and production best practices.
Linux Administration Series
📚 View Complete Linux Administration Guide - Master all 7 parts with our comprehensive learning path.
This is Part I of our comprehensive 7-part Linux administration guide:
- Part I: File System & Process Management ← You are here
- Part II: User Authentication & LDAP →
- Part III: UFW Firewall & Networking
- Part IV: systemd & SSH Hardening
- Part V: Postfix Email Server
- Part VI: QEMU KVM Virtualization
- Part VII: LVM & RAID Storage
Linux File System Hierarchy
File System Architecture
The Linux file system follows a hierarchical structure starting from root (/), as defined in the Filesystem Hierarchy Standard.
Key Directories:
/bin- Essential command binaries (ls, cat, cp)/boot- Boot loader files and kernel/dev- Device files (hard drives, terminals)/etc- System-wide configuration files/home- User home directories/lib- Shared libraries for binaries/media- Mount points for removable media/opt- Optional third-party software/proc- Virtual filesystem with kernel/process info/root- Root user's home directory/run- Runtime data for processes/srv- Service data (web servers, FTP)/sys- System hardware information/tmp- Temporary files (cleared on reboot)/usr- User programs and data/var- Variable data (logs, caches, spools)
Essential File Operations
Navigation and Exploration
# List files with details
ls -lah /etc
# -l: long format, -a: show hidden, -h: human-readable sizes
# Recursive directory listing
ls -R /var/log
# Find command location
which python3
# Search command by keyword
apropos network
File and Directory Management
# Create directory structure
mkdir -p /opt/myapp/{bin,config,logs}
# Copy preserving attributes
cp -a /etc/nginx/nginx.conf /etc/nginx/nginx.conf.backup
# Move and rename
mv /tmp/oldname.txt /opt/data/newname.txt
# Remove directory and contents
rm -rf /tmp/old-data
Finding Files
# Find by name
find /var/log -name "*.log"
# Find by size (larger than 100MB)
find /home -size +100M
# Find and execute command
find /tmp -name "*.tmp" -mtime +7 -exec rm {} \;
# Find by modification time (last 24 hours)
find /var/log -mtime -1
# Find by permissions
find /home -perm 777
Links: Hard Links vs Symbolic Links
Link Types Comparison
Creating links:
# Create symbolic link (most common)
ln -s /etc/nginx/nginx.conf ~/nginx.conf
# Create hard link (same inode, same size)
ln /var/log/app.log /backup/app.log
# Check link type
file ~/nginx.conf
# Output: symbolic link to /etc/nginx/nginx.conf
# List inode numbers
ls -li /var/log/app.log /backup/app.log
# Both show same inode number
Key differences:
| Feature | Hard Link | Symbolic Link |
|---|---|---|
| Crosses filesystems | No | Yes |
| Links to directories | No | Yes |
| Survives source deletion | Yes | No (broken link) |
| Disk space | No extra | Minimal |
| Inode | Same as original | Different |
Input/Output Redirection
Standard Streams
Redirection examples:
# Redirect stdout to file (overwrite)
ls -l /etc > output.txt
# Redirect stdout to file (append)
echo "New entry" >> /var/log/app.log
# Redirect stderr to file
find / -name "*.conf" 2> errors.log
# Redirect both stdout and stderr
command > output.txt 2>&1
# Redirect stderr to stdout
command 2>&1 | grep "error"
# Discard output
command > /dev/null 2>&1
# Here document
cat << EOF > config.txt
server {
listen 80;
server_name example.com;
}
EOF
Archiving and Compression
Creating Archives
# Create tar archive
tar -cvf backup.tar /etc/nginx
# -c: create, -v: verbose, -f: file
# Documentation: https://www.gnu.org/software/tar/manual/tar.html
# Create compressed tar.gz
tar -czf backup.tar.gz /var/www
# Create tar.bz2 (better compression)
tar -cjf backup.tar.bz2 /home/user
# List archive contents
tar -tf backup.tar.gz
# Extract archive
tar -xzf backup.tar.gz -C /restore/path
# Extract specific file
tar -xzf backup.tar.gz etc/nginx/nginx.conf
ZIP Archives
# Create zip archive
zip -r website.zip /var/www/html
# Create zip excluding files
zip -r backup.zip /home/user -x "*.tmp" "*.log"
# Extract zip
unzip website.zip
# List zip contents
unzip -l website.zip
# Extract to specific directory
unzip website.zip -d /var/www
File Permissions and Security
Permission Model
Permission values:
| Permission | Binary | Decimal |
|---|---|---|
--- |
000 | 0 |
--x |
001 | 1 |
-w- |
010 | 2 |
-wx |
011 | 3 |
r-- |
100 | 4 |
r-x |
101 | 5 |
rw- |
110 | 6 |
rwx |
111 | 7 |
Managing permissions:
# Change file permissions (see man chmod: https://man7.org/linux/man-pages/man1/chmod.1.html)
chmod 755 script.sh
chmod u+x,g-w,o-r file.txt
# Change file owner
chown user:group file.txt
# Change group only
chgrp developers project/
# Recursive permission change
chmod -R 644 /var/www/html
chown -R www-data:www-data /var/www
# Special permissions
chmod u+s /usr/bin/passwd # setuid
chmod g+s /shared/project # setgid
chmod +t /tmp # sticky bit
Process Management
Process Lifecycle
Process commands:
# View processes
ps aux | grep nginx
ps -ef --forest # tree view
# Real-time process monitor
top
htop # better alternative
# Background processes
command &
nohup long-running-task.sh &
# Job control
jobs # list background jobs
fg %1 # bring job 1 to foreground
bg %1 # resume job 1 in background
Ctrl+Z # suspend current process
# Kill processes
kill PID
kill -9 PID # force kill
killall nginx # kill by name
pkill -f "python script.py" # kill by pattern
System Monitoring
Resource Monitoring
# Disk usage
df -h # filesystem usage
du -sh /var/* # directory sizes
du -h --max-depth=1 /home
# Memory usage
free -h
cat /proc/meminfo
# CPU information
lscpu
cat /proc/cpuinfo
nproc # number of processors
# System load
uptime
cat /proc/loadavg
# I/O statistics
iostat -x 1 5 # extended stats, 1 sec interval, 5 times
Task Scheduling
Cron vs Anacron
Cron scheduling:
# Edit user crontab
crontab -e
# List user crontab
crontab -l
# Cron syntax: minute hour day month weekday command
# Cron format documentation: https://man7.org/linux/man-pages/man5/crontab.5.html
# Example: Run backup at 2 AM daily
0 2 * * * /usr/local/bin/backup.sh
# Every 15 minutes
*/15 * * * * /usr/local/bin/check-health.sh
# First day of month at midnight
0 0 1 * * /usr/local/bin/monthly-report.sh
# Weekdays at 6 PM
0 18 * * 1-5 /usr/local/bin/workday-task.sh
# System-wide crontab
cat /etc/crontab
# Cron directories
/etc/cron.daily/
/etc/cron.weekly/
/etc/cron.monthly/
Anacron configuration:
# Edit anacron
vim /etc/anacrontab
# Syntax: period delay job-id command
# Run daily, 5 min delay
1 5 daily-backup /usr/local/bin/backup.sh
# Run weekly, 10 min delay
7 10 weekly-cleanup /usr/local/bin/cleanup.sh
Boot Process and Targets
System Boot Flow
Managing boot targets:
# Check current target
systemctl get-default
# List all targets (systemd documentation: https://www.freedesktop.org/software/systemd/man/systemd.target.html)
systemctl list-units --type=target
# Switch to rescue mode (single-user)
systemctl isolate rescue.target
# Switch to multi-user (no GUI)
systemctl isolate multi-user.target
# Switch to graphical
systemctl isolate graphical.target
# Set default target
systemctl set-default multi-user.target
systemctl set-default graphical.target
# Reboot to different target
systemctl reboot --boot-loader-entry=rescue
System Shutdown and Reboot
# Shutdown now
shutdown -h now
poweroff
# Reboot now
shutdown -r now
reboot
# Scheduled shutdown (5 minutes)
shutdown -h +5 "System maintenance in 5 minutes"
# Scheduled reboot (specific time)
shutdown -r 23:00 "System update tonight"
# Cancel scheduled shutdown
shutdown -c
# Emergency sync and reboot
sync && reboot
# Force immediate poweroff (dangerous)
echo b > /proc/sysrq-trigger
Disaster Recovery Best Practices
Backup Strategy
Backup best practices:
- 3-2-1 Rule: 3 copies, 2 different media, 1 off-site
- Regular testing: Verify backups can be restored
- Automation: Use cron for scheduled backups
- Encryption: Encrypt sensitive backups
- Retention policy: Define how long to keep backups
- Documentation: Document restore procedures
Example backup script:
#!/bin/bash
# /usr/local/bin/backup.sh
BACKUP_DIR="/backup/$(date +%Y-%m-%d)"
RETENTION_DAYS=30
# Create backup directory
mkdir -p "$BACKUP_DIR"
# Backup configuration files
tar -czf "$BACKUP_DIR/etc-backup.tar.gz" /etc
# Backup home directories
tar -czf "$BACKUP_DIR/home-backup.tar.gz" /home
# Backup database
mysqldump -u root -p"$DB_PASSWORD" --all-databases | gzip > "$BACKUP_DIR/mysql.sql.gz"
# Remove old backups
find /backup -type d -mtime +$RETENTION_DAYS -exec rm -rf {} \;
# Sync to remote server
rsync -avz /backup/ backup-server:/remote/backup/
Production Best Practices
-
File System Management:
- Monitor disk usage with alerts at 80% capacity
- Use LVM for flexible storage management
- Implement log rotation to prevent disk filling
-
Process Management:
- Use systemd for service management
- Monitor critical processes with supervisor/monit
- Set resource limits in
/etc/security/limits.conf
-
Security:
- Apply principle of least privilege
- Regularly audit file permissions
- Use sudo instead of root login
- Enable SELinux or AppArmor
-
Monitoring:
- Set up centralized logging (rsyslog, ELK stack)
- Monitor system metrics (CPU, memory, disk, network)
- Create alerts for abnormal conditions
-
Automation:
- Automate repetitive tasks with cron/systemd timers
- Use configuration management (Ansible, Puppet)
- Implement infrastructure as code
Troubleshooting Common Issues
High disk usage:
# Find largest directories
du -h / | sort -rh | head -10
# Find large files
find / -type f -size +100M -exec ls -lh {} \;
# Clean package cache
apt clean
yum clean all
High load:
# Check running processes
top
ps aux --sort=-%cpu | head -10
# Check I/O wait
iostat -x 1
# Check disk activity
iotop
Permission issues:
# Fix web directory permissions
chown -R www-data:www-data /var/www
find /var/www -type d -exec chmod 755 {} \;
find /var/www -type f -exec chmod 644 {} \;
Frequently Asked Questions
Q: What is the Linux file system hierarchy?
The Linux file system hierarchy is a standardized directory structure where "/" is the root. Key directories include /etc for configuration, /var for variable data like logs, /home for user files, /bin for essential binaries, and /usr for user programs. Understanding this structure is essential for system navigation and administration.
Q: How do I find files in Linux?
Use the find command to search for files by name, type, size, or modification time. For example, "find /path -name filename" searches by name, "find / -size +100M" finds large files. The locate command provides faster searches using a pre-built database updated by updatedb cron job.
Q: What is the difference between kill and killall commands?
The kill command terminates processes by PID (Process ID) using signals like SIGTERM (15) for graceful shutdown or SIGKILL (9) for forceful termination. The killall command terminates all processes matching a name. Use "kill -15 PID" first, then "kill -9 PID" if unresponsive.
Q: How does cron scheduling work in Linux?
Cron executes scheduled tasks using five time fields: minute, hour, day of month, month, and day of week. For example, "0 2 * * " runs daily at 2 AM, "/5 * * * *" runs every 5 minutes. Edit with "crontab -e", list with "crontab -l". System-wide jobs go in /etc/cron.d/ or /etc/crontab.
Q: What are Linux file permissions and how do I set them?
Linux uses three permission types (read=4, write=2, execute=1) for owner, group, and others. "chmod 755 file" sets rwxr-xr-x permissions. "chmod u+x file" adds execute for owner. "chown user:group file" changes ownership. Use "ls -l" to view permissions. Understanding permissions prevents unauthorized access.
Q: How do I monitor system performance in Linux?
Use top or htop for real-time process monitoring showing CPU, memory usage. The vmstat command displays system statistics, iostat shows disk I/O, and free shows memory usage. For comprehensive monitoring, use tools like sar for historical data, netstat for network connections, and df for disk space.
Q: What is the difference between tar and rsync for backups?
Tar creates compressed archives of files and directories, ideal for full backups and transfers. Rsync synchronizes directories incrementally, copying only changed files, making it efficient for incremental backups over networks. Use tar for complete archives, rsync for continuous synchronization and bandwidth-efficient remote backups.
Conclusion
Linux system administration fundamentals cover file system operations, process management, security, scheduling, and disaster recovery. Understanding the file system hierarchy, mastering file operations, managing processes effectively, and implementing robust backup strategies are essential for reliable system administration.
Choose appropriate tools for each task: use find for file location, tar for backups, cron for scheduling, and systemd for service management. Regular monitoring, automation, and documented procedures ensure system reliability and quick recovery from failures.