Linux

Linux Master Application

A completely free application for testing your knowledge on Linux. Disclaimer: developed by repository owner

<a href="https://play.google.com/store/apps/details?id=com.codingshell.linuxmaster"></a>

• Linux
  • Linux Master Application
  • Linux Exercises
    • Basics
    • Misc
  • Linux Questions
    • Linux 101
    • I/O Redirection
    • Filesystem Hierarchy Standard
    • Permissions
    • Scenarios
    • Systemd
    • Troubleshooting and Debugging
      • Scenarios
    • Kernel
    • SSH
    • Globbing & Wildcards
    • Boot Process
    • Disk and Filesystem
    • Performance Analysis
    • Processes
    • Security
    • Networking
    • DNS
    • Packaging
    • DNF
    • Applications and Services
    • Users and Groups
    • Hardware
    • Namespaces
    • Virtualization
    • AWK
    • System Calls
    • Filesystem & Files
    • Advanced Networking
    • Memory
    • Distributions
    • Sed
    • Misc

Linux Exercises

Basics

Misc

Linux Questions

Linux 101

Wikipedia: "Linux is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged in a Linux distribution."

Red Hat: "Linux® is an open source operating system (OS). An operating system is the software that directly manages a system’s hardware and resources, like CPU, memory, and storage. The OS sits between applications and hardware and makes the connections between all of your software and the physical resources that do the work."

</b></details>

• touch
• ls
• rm
• cat
• cp
• mkdir
• pwd
• cd

• touch - update file's timestamp. More commonly used for creating files
• ls - listing files and directories
• rm - remove files and directories
• cat - create, view and concatenate files
• cp - copy files and directories
• mkdir - create directories
• pwd - print current working directory (= at what path the user currently located)
• cd - change directory </b></details>

• cd /
• cd ~
• cd
• cd ..
• cd .
• cd -

• cd / -> change to the root directory
• cd ~ -> change to your home directory
• cd -> change to your home directory
• cd .. -> change to the directory above your current i.e parent directory
• cd . -> change to the directory you currently in
• cd - -> change to the last visited path </b></details>

The -r (or -R in some commands) flag allows the user to run a certain command recursively. For example, listing all the files under the following tree is possible when done recursively (ls -R):

/dir1/ dir2/ file1 file2 dir3/ file3

To list all the files, one can run ls -R /dir1 </b></details>

• file permissions, number of links, owner name, owner group, file size, timestamp of last modification and directory/file name </b></details>

These are files directly not displayed after performing a standard ls direct listing. An example of these files are .bashrc which are used to execute some scripts. Some also store configuration about services on your host like .KUBECONFIG. The command used to list them is, ls -a </b></details>

myProgram < input.txt > executionOutput.txt </b></details>

• sed
• grep
• cut
• awk

• sed: a stream editor. Can be used for various purposes like replacing a word in a file: sed -i s/salad/burger/g
• grep: a search tool. Used to search, count or match a text in a file:
  • searching for any line that contains a word in a file: grep 'word' file.md
  • or displaying the total number of times a string appears in a file: grep -c 'This is a string' file.md
• cut: a tool for cutting out selected portions of each line of a file:
  • syntax: cut OPTION [FILE]
    • cutting first two bytes from a word in a file: cut -b 1-2 file.md, output: wo
• awk: a programming language that is mainly used for text processing and data extraction. It can be used to manipulate and modify text in a file:
  • syntax: awk [OPTIONS] [FILTER] [FILE] extracting a specific field from a CSV file: awk -F ',' '{print $1}' file.csv, output: first field of each line in the file </b></details>

Using the mv command. </b></details>

• Remove a directory with files
• Display the content of a file
• Provides access to the file /tmp/x for everyone
• Change working directory to user home directory
• Replace every occurrence of the word "good" with "great" in the file /tmp/y</summary> <b>

• rm -rf dir
• cat or less
• chmod 777 /tmp/x
• cd ~
• sed -i s/good/great/g /tmp/y </b></details>

• whereis
• which </b></details>

echo hello world
echo "hello world"

The echo command receives two separate arguments in the first execution and in the second execution it gets one argument which is the string "hello world". The output will be the same. </b></details>

Using a pipe in Linux, allows you to send the output of one command to the input of another command. For example: cat /etc/services | wc -l </b></details>

• sed "s/1/2/g' /tmp/myFile
• find . -iname *.yaml -exec sed -i "s/1/2/g" {} ;

sed 's/1/2/g' /tmp/myFile  # sed "s/1/2/g" is also fine
find . -iname "*.yaml" -exec sed -i "s/1/2/g" {} \;

</b></details>

history command or .bash_history file

• also can use up arrow key to access or to show the recent commands you type </b></details>

As to fix it there are several options:

1. Manually adding what you need to your $PATH <code>PATH="$PATH":/user/bin:/..etc</code>
2. You have your weird env variables backed up.
3. You would look for your distro default $PATH variable, copy paste using method #1

Note: There are many ways of getting errors like this: if bash_profile or any configuration file of your interpreter was wrongly modified; causing erratics behaviours, permissions issues, bad compiled software (if you compiled it by yourself)... there is no answer that will be true 100% of the time. </b>

You can use the commands <code>cron</code> and <code>at</code>. With cron, tasks are scheduled using the following format:

<code>*/30 * * * * bash myscript.sh</code> Executes the script every 30 minutes.

<minute> <hour> <day of month> <month> <day of week> <command to execute>

The tasks are stored in a cron file, you can write in it using <code>crontab -e</code>

Alternatively if you are using a distro with systemd it's recommended to use systemd timers. </b></details>

<a name="questions-linux-redirection"></a>

I/O Redirection

Here are some common examples of IO redirection:

• Redirecting Standard Output (stdout): <code>ls > filelist.txt</code>
• Redirecting Standard Error (stderr): <code>ls /some/nonexistent/directory 2> error.txt</code>
• Appending to a file: <code>echo "hello" >> myfile.txt</code>
• Redirecting Input (stdin): <code>sort < unsorted.txt</code>
• Using Pipes: Pipes ("|"): <code>ls | grep ".txt$"</code>
  </b></details>

<code>ls > ls_output.txt</code> </b></details>

<code>yippiekaiyay 2> ls_output.txt</code> </b></details>

<code>yippiekaiyay &> file</code> </b></details>

An output similar to: yippikaiyay: command not found...

The file die_hard will not be created </b></details>

<a name="questions-linux-fhs"></a>

Filesystem Hierarchy Standard

The root of the filesystem. The beginning of the tree. </b></details>

• /bin, /sbin, /usr/bin and /usr/sbin
• /etc
• /home
• /var
• /tmp</summary> <b>

• binaries
• configuration files
• home directories of the different users
• files that tend to change and be modified like logs
• temporary files </b></details>

/tmp folder is cleaned automatically, usually upon reboot. </b></details>

It contains useful information about the processes that are currently running, it is regarded as control and information center for kernel. </b></details>

False. No one can create file in /proc directly (certain operations can lead to files being created in /proc by the kernel). </b></details>

The command passed to the boot loader to run the kernel </b></details>

<a name="questions-linux-permissions"></a>

Permissions

Using the chmod command. </b></details>

• 777
• 644
• 750</summary> <b>

</b></details>

• setuid is a linux file permission that permits a user to run a file or program with the permissions of the owner of that file. This is possible by elevation of current user privileges.
• setgid is a process when executed will run as the group that owns the file. </b></details>

• chmod
• chown
• chgrp</summary> <b>

• chmod - changes access permissions to files system objects
• chown - changes the owner of file system files and directories
• chgrp - changes the group associated with a file system object </b></details>

The sudo program is installed by default in almost all Linux distributions. If you need to install sudo in Debian/Ubuntu, use the command apt-get install sudo

</b></details>

True </b></details>

</b></details>

• No more disk space
• No more inodes
• No permissions </b></details>

Using sudo setfacl -m u::rx /usr/bin/chmod will set the execute permissions on chmod for all the users. Post this, the chmod binary can be used as usual. </b></details>

<a name="questions-linux-scenarios"></a>

Scenarios

There are multiple ways to transfer files between hosts. Personal opinion: use rsync </b></details>

One way is to run the following: cat /proc/sys/kernel/random/uuid </b></details>

mkpasswd -l 7 </b></details>

<a name="questions-linux-systemd"></a>

Systemd

A daemon is a program that runs in the background without direct control of the user, although the user can at any time talk to the daemon.

systemd has many features such as user processes control/tracking, snapshot support, inhibitor locks..

If we visualize the unix/linux system in layers, systemd would fall directly after the linux kernel.

Hardware -> Kernel -> <u>Daemons</u>, System Libraries, Server Display. </b>

To start a service: systemctl start <service name> To stop a service: systemctl stop <service name> </b></details>

systemctl status <service name> </b></details>

<code>journalctl</code> </b></details>

Troubleshooting and Debugging

/var/log </b></details>

tail -f <file_name> </b></details>

<code>dstat -t</code> is great for identifying network and disk issues. <code>netstat -tnlaup</code> can be used to see which processes are running on which ports. <code>lsof -i -P</code> can be used for the same purpose as netstat. <code>ngrep -d any metafilter</code> for matching regex against payloads of packets. <code>tcpdump</code> for capturing packets <code>wireshark</code> same concept as tcpdump but with GUI (optional). </b></details>

<code>dstat -t</code> is great for identifying network and disk issues. <code>opensnoop</code> can be used to see which files are being opened on the system (in real time). </b></details>

<code>strace</code> is great for understanding what your program does. It prints every system call your program executed. </b></details>

<code>top</code> will show you how much CPU percentage each process consumes <code>perf</code> is a great choice for sampling profiler and in general, figuring out what your CPU cycles are "wasted" on <code>flamegraphs</code> is great for CPU consumption visualization (http://www.brendangregg.com/flamegraphs.html) </b></details>

• Check with top for anything unusual
• Run dstat -t to check if it's related to disk or network.
• Check if it's network related with sar
• Check I/O stats with iostat </b></details>

Scenarios

1. Run lsof <FILE_PATH>
2. Use the pid (process ID) from the lsof command and run kill <PID>

</b></details>

Kernel

The kernel is part of the operating system and is responsible for tasks like:

• Allocating memory
• Schedule processes
• Control CPU </b></details>

uname -a command </b></details>

A Linux kernel module is a piece of code that can be dynamically loaded into the kernel to extend its functionality. These modules are typically used to add support for hardware devices, filesystems, or system calls. The kernel itself is monolithic, but with modules, its capabilities can be extended without having to reboot the system or recompile the entire kernel. </b></details>

The operating system executes the kernel in protected memory to prevent anyone from changing (and risking it crashing). This is what is known as "Kernel space". "User space" is where users executes their commands or applications. It's important to create this separation since we can't rely on user applications to not tamper with the kernel, causing it to crash.

Applications can access system resources and indirectly the kernel space by making what is called "system calls". </b></details>

• Build time (when it's compiled)
• Boot time (when it starts)
• Runtime (once it's already running) </b></details>

Usually it will reside in /boot/config-<kernel version>.<os release>.<arch> </b></details>

/proc/cmdline </b></details>

sysctl -a </b></details>

Yes, you might notice that in most systems, when running systctl -a with root, you'll get more runtime parameters compared to executing the same command with a regular user. </b></details>

sudo sysctl net.ipv4.ip_forward=1

To make it persistent (applied after reboot for example): insert net.ipv4.ip_forward = 1 into /etc/sysctl.conf

Another way to is to run echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward </b></details>

If you strace the sysctl command you can see it does it by changing the file under /proc/sys/...

In the past it was done with sysctl system call, but it was deprecated at some point. </b></details>

There is a service called systemd-sysctl that takes the content of /etc/sysctl.conf and applies it. This is how changes persist, even after reboot, when they are written in /etc/sysctl.conf </b></details>

No. Containers have their own /proc filesystem so any change to kernel parameters inside a container, are not affecting the host or other containers running on that host. </b></details>

<a name="questions-linux-ssh"></a>

SSH

Wikipedia Definition: "SSH or Secure Shell is a cryptographic network protocol for operating network services securely over an unsecured network."

Hostinger.com Definition: "SSH, or Secure Shell, is a remote administration protocol that allows users to control and modify their remote servers over the Internet."

An SSH server will have SSH daemon running. Depends on the distribution, you should be able to check whether the service is running (e.g. systemctl status sshd). </b></details>

Telnet also allows you to connect to a remote host but as opposed to SSH where the communication is encrypted, in telnet, the data is sent in clear text, so it doesn't considered to be secured because anyone on the network can see what exactly is sent, including passwords. </b></details>

The file stores the key fingerprints for the clients connecting to the SSH server. This fingerprint creates a trust between the client and the server for future SSH connections. </b></details>

It means that the key of the remote host was changed and doesn't match the one that stored on the machine (in ~/.ssh/known_hosts). </b></details>

<code>ssh-keygen</code> is a tool to generate an authentication key pair for SSH, that consists of a private and a public key. It supports a number of algorithms to generate authentication keys :

• dsa
• ecdsa
• ecdsa-sk
• ed25519
• ed25519-sk
• rsa (default)

One can also specify number of bits in key. Command below generates an SSH key pair with RSA 4096-bits :

$ ssh-keygen -t rsa -b 4096

The output looks like this:

Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/user/.ssh/id_rsa
Your public key has been saved in /home/user/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:f5MOGnhzYfC0ZCHvbSXXiRiNVYETjxpHcXD5xSojx+M user@mac-book-pro
The key's randomart image is:
+---[RSA 4096]----+
|        . ..+***o|
|         o o++*o+|
|        . =+.++++|
|         B.oX+. .|
|        S *=o+   |
|       . o oE.   |
|      . + + +    |
|       . = + .   |
|        .   .    |
+----[SHA256]-----+

One can check how many bits an SSH key has with :

$ ssh-keygen -l -f /home/user/.ssh/id_rsa

Output should look like this :

4096 SHA256:f5MOGnhzYfC0ZCHvbSXXiRiNVYETjxpHcXD5xSojx+M user@mac-book-pro (RSA)

It shows the key is RSA 4096-bits.

-l and -f parameters usage explanation :

-l          Show the fingerprint of the key file.
-f filename Filename of the key file.

Learn more : How can I tell how many bits my ssh key is? - Superuser </b></details>

<a name="questions-linux-wildcards"></a>

Globbing & Wildcards

• ?
• *</summary> <b>

• The ? matches any single character
• The * matches zero or more characters </b></details>

• <code>grep '[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}' some_file</code>
• <code>grep -E "error|failure" some_file</code>
• <code>grep '[0-9]$' some_file</code>

1. An IP address
2. The word "error" or "failure"
3. Lines which end with a number </b></details>

aaa bbb ccc.aaa aaaaaa</summary> <b>

lines 1 and 3. </b></details>

An exit code (or return code) represents the code returned by a child process to its parent process.

0 is an exit code which represents success while anything higher than 1 represents error. Each number has different meaning, based on how the application was developed.

I consider this as a good blog post to read more about it: https://shapeshed.com/unix-exit-codes </b></details>

<a name="questions-linux-boot"></a>

Boot Process

Another way to ask this: what happens from the moment you turned on the server until you get a prompt </b></details>

<a name="questions-linux-disk-fs"></a>

Disk and Filesystem

For each file (and directory) in Linux there is an inode, a data structure which stores meta data related to the file like its size, owner, permissions, etc. </b></details>

• Link count
• File size
• File name
• File timestamp</summary> <b>

File name (it's part of the directory file) </b></details>

Run mount </b></details>

cat /proc/mounts </b></details>

Hard link is the same file, using the same inode. Soft link is a shortcut to another file, using a different inode. </b></details>

False </b></details>

True </b></details>

True. </b></details>

There are many answers for this question. One way is running df -T </b></details>

• new empty file
• a file with text (without using text editor)
• a file with given size</summary> <b>

• touch new_file.txt
• cat > new_file [enter] submit text; ctrl + d to exit insert mode
• truncate -s <size> new_file.txt </b></details>

du -sh </b></details>

• PV
• VG
• LV</summary> <b>

</b></details>

• /var/log/messages
• /var/log/boot.log</summary> <b>

</b></details>

False. /tmp is cleared upon system boot while /var/tmp is cleared every a couple of days or not cleared at all (depends on distro). </b></details>

<a name="questions-linux-performance-analysis"></a>

Performance Analysis

One can use uptime or top </b></details>

This article summarizes the load average topic in a great way </b></details>

pidstat </b></details>

iostat -xz 1 </b></details>

You can use the commands <code>top</code> and <code>free</code> </b></details>

sar -n TCP,ETCP 1 </b></details>

<a name="questions-linux-processes"></a>

Processes

The "ps" command can be used to list all the processes running in a system. The "ps aux" command provides a detailed list of all the processes, including the ones running in the background. </b></details>

You can achieve that by specifying & at the end of the command. As to why, since some commands/processes can take a lot of time to finish execution or run forever, you may want to run them in the background instead of waiting for them to finish before gaining control again in current session. </b></details>

SIGTERM - default signal for terminating a process SIGHUP - common usage is for reloading configuration SIGKILL - a signal which cannot caught or ignored

To view all available signals run kill -l </b></details>

</b></details>

A background process. Most of these processes are waiting for requests or set of conditions to be met before actually running anything. Some examples: sshd, crond, rpcbind. </b></details>

A process which has finished to run but has not exited.

One reason it happens is when a parent process is programmed incorrectly. Every parent process should execute wait() to get the exit code from the child process which finished to run. But when the parent isn't checking for the child exit code, the child process can still exists although it finished to run. </b></details>

You can't kill a zombie process the regular way with kill -9 for example as it's already dead.

One way to kill zombie process is by sending SIGCHLD to the parent process telling it to terminate its child processes. This might not work if the parent process wasn't programmed properly. The invocation is kill -s SIGCHLD [parent_pid]

You can also try closing/terminating the parent process. This will make the zombie process a child of init (1) which does periodic cleanups and will at some point clean up the zombie process. </b></details>

• Processes executed/owned by a certain user
• Process which are Java processes
• Zombie Processes

If you mention at any point ps command with arguments, be familiar with what these arguments does exactly. </b></details>

You may want to change the priority of a process to adjust the amount of CPU time it is allocated by the system scheduler. For example, if you have a CPU-intensive process running on your system that is slowing down other processes, you can lower its priority to give more CPU time to other processes. </b></details>

Once the connection is established, the client and server can exchange data using the read and write system calls. When the connection is no longer needed, the client or server can terminate the connection by calling the close system call on the socket. </b></details>

Ltrace, on the other hand, is a similar tool that is used to trace the library calls made by a process. It allows you to see the function calls made by a process to shared libraries, as well as the arguments passed to those functions. This can be useful for diagnosing issues with a process that involve library calls, such as identifying why a particular library is causing a problem.

</b></details>

find /some_dir -iname *.yml -print0 | xargs -0 -r sed -i "s/1/2/g" </b></details>

The ls executable is built for an incompatible architecture. </b></details>

You can use the <code>split</code> command this way: <code>split -l 25 some_file</code> </b></details>

In Linux (and Unix) the first three file descriptors are:

• 0 - the default data stream for input
• 1 - the default data stream for output
• 2 - the default data stream for output related to errors

This is a great article on the topic: https://www.computerhope.com/jargon/f/file-descriptor.htm </b></details>

<a name="questions-linux-security"></a>

Security

One way is using openssl this way:

openssl genrsa -aes256 -out ca-private-key.pem 4096 </b></details>

openssl req -new -x509 -days 730 -key [private key file name] -sha256 -out ca.pem

If using the private key from the previous question then the command would be:

openssl req -new -x509 -days 730 -key ca-private-key.pem -sha256 -out ca.pem </b></details>

Encode: echo -n "some password" | base64 Decode: echo -n "allE19remO91" | base64 </b></details>

<a name="questions-linux-networking"></a>

Networking

ip link show

</b></details>

The loopback interface is a special, virtual network interface that your computer uses to communicate with itself. It is used mainly for diagnostics and troubleshooting, and to connect to servers running on the local machine. </b></details>

• ip addr
• ip route
• ip link
• ping
• netstat
• traceroute</summary> <b>

</b></details>

One of the following would work:

netstat -tnlp | grep <port_number>
lsof -i -n -P | grep <port_number>

</b></details>

False </b></details>

Technically, yes. </b></details>

Telnet is a type of client-server protocol that can be used to open a command line on a remote computer, typically a server. By default, all the data sent and received via telnet is transmitted in clear/plain text, therefore it should not be used as it does not encrypt any data between the client and the server. </b></details>

Using nc is one way

</b></details>

One way would be ping6 ff02::1 </b></details>

There a couple of modes:

• balance-rr: round robing bonding
• active-backup: a fault tolerance mode where only one is active
• balance-tlb: Adaptive transmit load balancing
• balance-alb: Adaptive load balancing </b></details>

<a name="questions-linux-dns"></a>

DNS

cat /etc/hostname

You can also run hostnamectl or hostname but that might print only a temporary hostname. The one in the file is the permanent one. </b></details>

You can specify one or more of the following:

• <code>dig</code>
• <code>host</code>
• <code>nslookup</code> </b></details>

ANSWER SECTION:
codingshell.com.	3515	IN	A	185.199.109.153

What is the meaning of the number 3515?

This is the TTL. When you lookup for an address using a domain/host name, your OS is performing DNS resolution by contacting DNS name servers to get the IP address of the host/domain you are looking for.

When you get a reply, this reply in cached in your OS for a certain period of time. This is period of time is also known as TTL and this is the meaning of 3515 number - it will be cached for 3515 seconds before removed from the cache and during that period of time, you'll get the value from the cache instead of asking DNS name servers for the address again. </b></details>

1. Find the connection name:

   Copy

   # nmcli con show
   NAME         UUID                                  TYPE      DEVICE
   System ens5  8126c120-a964-e959-ff98-ac4973344505  ethernet  ens5
   System eth0  5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03  ethernet  --
   

   Here the connection name is "System ens5". Let's say we want to modify settings for this connection.

2. Modify the connection to use 8.8.8.8 as DNS server:

   Copy

   # nmcli con mod "System ens5" ipv4.dns "8.8.8.8"
   

3. We need to reactivate the connection for the change to take effect:

   Copy

   nmcli con up "System ens5"
   

4. Verify our settings once more:

   Copy

   cat /etc/resolv.conf
   nmcli -f ipv4.dns con show "System ens5"
   

<a name="questions-linux-packaging"></a>

Packaging

The answer depends on the distribution being used.

In Fedora/CentOS/RHEL/Rocky it can be done with rpm or dnf commands. In Ubuntu it can be done with the apt command. </b></details>

Package managers allow you to manage packages lifecycle as in installing, removing and updating the packages.

In addition, you can specify in a spec how a certain package will be installed - where to copy the files, which commands to run prior to the installation, post the installation, etc. </b></details>

<a name="questions-linux-dnf"></a>

DNF

From the repo:

"Dandified YUM (DNF) is the next upcoming major version of YUM. It does package management using RPM, libsolv and hawkey libraries."

Official docs

</b></details>

dnf provides /usr/bin/git </b></details>

<a name="questions-linux-apps-and-services"></a>

Applications and Services

Depends on the init system.

Systemd: <code> systemctl enable [service_name] </code> System V: <code> update-rc.d [service_name] </code> and add this line <code> id:5678:respawn:/bin/sh /path/to/app </code> to /etc/inittab Upstart: add Upstart init script at /etc/init/service.conf </b></details>

1. SSH server is not installed
2. SSH server is not running </b></details>

Nginx, Apache httpd. </b></details>

<a name="questions-linux-users-and-groups"></a>

Users and Groups

Command to create users is useradd

Syntax: useradd [options] Username

There are 2 configuration files, which stores users information

1. /etc/passwd - Users information like, username, shell etc is stored in this file

2. /etc/shadow - Users password is stored in encrypted format

/etc/groups file stores the group name, group ID, usernames which are in secondary group.

passwd <username> is the command to set/change password of a user.

/etc/shadow file holds the passwords of the users in encrypted format. NO, it is only visible to the root user

YES, we can create new user by manually adding an entry in the /etc/passwd file.

For example, if we need to create a user called john.

Step 1: Add an entry to /etc/passwd file, so user gets created.

echo "john:x:2001:2001::/home/john:/bin/bash" >> /etc/passwd

Step 2: Add an entry to /etc/group file, because every user belong to the primary group that has same name as the username.

echo "john:x:2001:" >> /etc/group

Step 3: Verify if the user got created

id john

/etc/passwd is a configuration file, which contains users information. Each entry in this file has, 7 fields,

username:password:UID:GID:Comment:home directory:shell

username - The name of the user.

password - This field is actually a placeholder of the password field. Due to security concerns, this field does not contain the password, just a placeholder (x) to the encrypted password stored in /etc/shadow file.

UID - User ID of the user.

GID - Group ID

Comment - This field is to provide description about the user.

home directory - Abousulte path of the user's home directory. This directory gets created once the user is added.

shell - This field contains the absolute path of the shell that will be used by the respective user.

adduser user_name --shell=/bin/false --no-create-home You can also add a user and then edit /etc/passwd. </b></details>

su command. Use su - to switch to root </b></details>

UID of root user is 0

Default values of UID_MIN and UID_MAX in /etc/login.defs UID_MIN is 1000 UID_MAX is 60000

Actually, we can change this value. But UID < 1000 are reserved for system accounts. Therefore, as per the default configuration, for regular user UID starts from 1000.

Re-install the OS IS NOT the right answer :) </b></details>

/etc/skel is a directory, that contains files or directories, so when a new user is created, these files/directories created under /etc/skel will be copied to user's home directory.

Using the last command. </b></details>

• useradd
• usermod
• whoami
• id</summary> <b>

useradd - Command for creating new users usermod - Modify the users setting whoami - Outputs, the username that we are currently logged in id - Prints the
</b></details>

The user you are using isn't defined locally but originates from services like LDAP.

You can verify with: getent passwd </b></details>

<a name="questions-linux-hardware"></a>

Hardware

/proc/cpuinfo

You can also use nproc for number of processors </b></details>

dmidecoode </b></details>

lsblk </b></details>

True. Only in kernel space they have full access to hardware resources. </b></details>

<a name="questions-linux-namespaces"></a>

Namespaces

• Process ID namespaces: these namespaces include independent set of process IDs
• Mount namespaces: Isolation and control of mountpoints
• Network namespaces: Isolates system networking resources such as routing table, interfaces, ARP table, etc.
• UTS namespaces: Isolate host and domains
• IPC namespaces: Isolates interprocess communications
• User namespaces: Isolate user and group IDs
• Time namespaces: Isolates time machine </b></details>

True. Inside the namespace it's PID 1 while to the parent namespace the PID is a different one. </b></details>

False. The opposite is true. Parent PID namespace is aware and has visibility of processes in child PID namespace and child PID namespace has no visibility as to what is going on in the parent PID namespace. </b></details>

False. Network namespace has its own interfaces and routing table. There is no way (without creating a bridge for example) for one network namespace to reach another. </b></details>

True </b></details>

False. In every child user namespace, it's possible to have a separate root user with uid of 0. </b></details>

In time namespaces processes can use different system time. </b></details>

<a name="questions-linux-virtualization"></a>

Virtualization

• KVM
• XEN
• VirtualBox
• Linux-VServer
• User-mode Linux
• ... </b></details>

Is an open source virtualization technology used to operate on x86 hardware.

From the official docs Recommended read:

• Red Hat Article - What is KVM? </b></details>

It's an open source collection of software used to manage virtual machines. It can be used with: KVM, Xen, LXC and others. It's also called Libvirt Virtualization API.

From the official docs Hypervisor supported docs </b></details>

<a name="questions-linux-awk"></a>

AWK

From Wikipedia: "AWK is domain-specific language designed for text processing and typically used as a data extraction and reporting tool" </b></details>

awk '{print $4}' file </b></details>

awk 'length($0) > 79' file </b></details>

Using system calls </b></details>

<a name="questions-linux-system-calls"></a>

System Calls

• A program executes a trap instruction. The instruction jump into the kernel while raising the privileged level to kernel space.
• Once in kernel space, it can perform any privileged operation
• Once it's finished, it calls a "return-from-trap" instruction which returns to user space while reducing back the privilege level to user space. </b></details>

fork() is used for creating a new process. It does so by cloning the calling process but the child process has its own PID and any memory locks, I/O operations and semaphores are not inherited. </b></details>

• On success, the PID of the child process in parent and 0 in child process
• On error, -1 in the parent </b></details>

Not enough memory to create a new process </b></details>

wait() is used by a parent process to wait for the child process to finish execution. If wait is not used by a parent process then a child process might become a zombie process. </b></details>

The kernel notifies the parent by sending the SIGCHLD to the parent. </b></details>

The waitpid() is a non-blocking version of the wait() function.

It also supports using library routine (e.g. system()) to wait a child process without messing up with other children processes for which the process has not waited. </b></details>

True in most cases though there are cases where wait() returns before the child exits. </b></details>

It transforms the current running program into another program.

Given the name of an executable and some arguments, it loads the code and static data from the specified executable and overwrites its current code segment and current static code data. After initializing its memory space (like stack and heap) the OS runs the program passing any arguments as the argv of that process. </b></details>

True

Since a successful exec replace the current process, it can't return anything to the process that made the call. </b></details>

fork(), exec() and the wait() system call is also included in this workflow. </b></details>

Executes a program. The program is passed as a filename (or path) and must be a binary executable or a script. </b></details>

Unix pipe implementation

"Pipes provide a unidirectional interprocess communication channel. A pipe has a read end and a write end. Data written to the write end of a pipe can be read from the read end of the pipe. A pipe is created using pipe(2), which returns two file descriptors, one referring to the read end of the pipe, the other referring to the write end." </b></details>

• Shell reads the input using getline() which reads the input file stream and stores into a buffer as a string

• The buffer is broken down into tokens and stored in an array this way: {"ls", "-l", "NULL"}

• Shell checks if an expansion is required (in case of ls *.c)

• Once the program in memory, its execution starts. First by calling readdir()

Notes:

• getline() originates in GNU C library and used to read lines from input stream and stores those lines in the buffer </b></details>

This way provides a lot of flexibility. It allows the shell for example, to run code after the call to fork() but before the call to exec(). Such code can be used to alter the environment of the program it about to run. </b></details>

The shell figures out, using the PATH variable, where the executable of the command resides in the filesystem. It then calls fork() to create a new child process for running the command. Once the fork was executed successfully, it calls a variant of exec() to execute the command and finally, waits the command to finish using wait(). When the child completes, the shell returns from wait() and prints out the prompt again. </b></details>

<a name="questions-linux-fs-files"></a>

Filesystem & Files

There are a couple of ways to do that:

• dd if=/dev/urandom of=new_file.txt bs=2MB count=1
• truncate -s 2M new_file.txt
• fallocate -l 2097152 new_file.txt </b></details>

open("/my/file") = 5
read(5, "file content")

These system calls are reading the file <code>/my/file</code> and 5 is the file descriptor number. </b></details>

From wikipedia: a context switch is the process of storing the state of a process or thread, so that it can be restored and resume execution at a later point </b></details>

<a name="questions-linux-advanced-networking"></a>

Advanced Networking

Another common way to task this questions is "what part of the tcp header does traceroute modify?" </b></details>

This is a good article about the topic: https://ops.tips/blog/how-linux-creates-sockets </b></details>

You can copy the script content to a new file using the cp command:

cp /proc/<PID>/fd/0 /path_to_restore_your_file/yourscriptname.sh

Replace <PID> with the actual PID of the script and /path_to_restore_your_file/yourscriptname.sh with the path where you want to restore the script.

</b></details>

<a name="questions-linux-memory"></a>

Memory

MemFree - The amount of unused physical RAM in your system MemAvailable - The amount of available memory for new workloads (without pushing system to use swap) based on MemFree, Active(file), Inactive(file), and SReclaimable. </b></details>

<a name="questions-linux-distributions"></a>

Distributions

• Kernel
• Utilities
• Services
• Software/Packages Management </b></details>

<a name="questions-linux-sed"></a>

Sed

echo $line | sed 's/.*\[//g;s/].*//g;s/:.*//g' </b></details>

<a name="questions-linux-misc"></a>

Misc

• A collection of packages - kernel, GNU, third party apps, ...
• Sometimes distributions store some information on the distribution in /etc/*-release file
  • For example for Red Hat distribution it will be /etc/redhat-release and for Amazon it will be /etc/os-release
  • lsb_release is a common command you can use in multiple different distributions </b></details>

ls, wc, dd, df, du, ps, ip, cp, cd ... </b></details>

• touch new_file
• echo "" > new_file </b></details>

$OLDPWD </b></details>

• ls
• find .
• echo * </b></details>

For these we can use wc command.

1. To count the number of lines in file wc -l

2. To count the number of words in file wc -w </b></details>

A good answer can be found here </b></details>

X=2 for example. But this will persist to new shells. To have it in new shells as well, use export X=2 </b></details>

It's used in commands to mark the end of commands options. One common example is when used with git to discard local changes: git checkout -- some_file </b></details>

/dev </b></details>

In user mode, an application can only access hardware resources indirectly, by calling system services or functions provided by the operating system. This ensures that the system's security and stability are maintained by preventing user processes from interfering with or damaging system resources.

Additionally, user mode also provides memory protection to prevent applications from accessing unauthorized memory locations. This is done by assigning each process its own virtual memory space, which is isolated from other processes.

In contrast to user mode, kernel mode is a privileged operating mode in which the operating system's kernel has full access to system resources, and can perform low-level operations, such as accessing hardware devices and managing system resources directly.

</b></details>

GPL v2 </b></details>