Hope this article helps you if you are looking for a Linux administrator job and lets start here.
When you have a process in progress which handle your prompt, there are some signals (orders) that we can send to theses process to indicate what we need:
Control+C
sends SIGINT which will interrupt the application. Usually causing it to abort, but a process is able to intercept this signal and do whatever it likes: for instance, from your Bash prompt, try hitting Ctrl-C. In Bash, it just cancels whatever you've typed and gives you a blank prompt (as opposed to quitting Bash)Control+Z
sends SIGTSTP to a foreground application, effectively putting it in the background on suspended mode. This is very useful when you want the application to continue its process while you are doing another job in the current shell. When you finish the job, you can go back into the application by running fg
(or %x where x is the job number as shown in jobs).Traceroute is a program that shows you the route taken by packets through a network. It traces the route of packets from source to destination. It is commonly used when your network doesn’t work as well and you want to examine where can be the problem. Traceroute sends a UDP packet to the destination taking advantage of ICMP’s messages. ICMP has two types of messages: error-reporting messages and query messages. Query messages are generally used to diagnose network problems (the ping tool uses ICMP’s query messages). The error-reporting messages as the name suggest report errors if any in the IP packet; it uses Destination unreachable and Time exceeded errors message. It works by theses steps:
nscd is a daemon that provides a cache for the most common name service requests. When resolving a user, group, host, service..., the process will first try to connect to the nscd socket (something like /var/run/nscd/socket
).
If nscd has died, the connect will fail, and so nscd won't be used and that should not be a problem.
If it's in a hung state, then the connect may hang or succeed. If it succeeds the client will send its request (give IP address for www.google.com, passwd entries...). Now, you can configure nscd to disable caching for any type of database (for instance by having enable-cache hosts no in /etc/nscd.conf
for the hosts database).
However, if nscd is in a hung state, it may not be able to even give that simple won't do answer, so that won't necessarily help. nscd is a caching daemon, it's meant to improve performance. Disabling it would potentially make those lookups slower. However, that's only true for some kind of databases. For instance, if user/service/group databases are only in small files (/etc/passwd
, /etc/group
, /etc/services
), then using nscd for those will probably bring little benefit if any. nscd will be useful for the hosts database.
command > file.log 2>&1
: Redirect stderr to "where stdout is currently going". In this case, that is a file opened in append mode. In other words, the &1
reuses the file descriptor which stdout currently uses.
command 2>&1 | tee -a file.txt
The Random Number Generator gathers environmental noise from device drivers and other sources into entropy pool. It also keeps an estimate of Number of bits of noise in entropy pool. It is from this entropy pool, random numbers are generated.
/dev/random
will only return Random bytes from entropy pool. If entropy pool is empty, reads to /dev/random will be blocked until additional environmental noise is gathered. This is suited to high-quality randomnesses, such as one-time pad or key generation.
/dev/urandom
will return as many random bytes as requested. But if the entropy pool is empty, it will generate data using SHA, MD5 or any other algorithm. It never blocks the operation. Due to this, the values are vulnerable to theoretical cryptographic attack, though no known methods exist.
For cryptographic purposes, you should really use /dev/random
because of nature of data it returns. Possible waiting should be considered as an acceptable tradeoff for the sake of security, IMO. When you need random data fast, you should use /dev/urandom
of course.
Both /dev/urandom and /dev/random are using the exact same CSPRNG (a cryptographically secure pseudorandom number generator). They only differ in very few ways that have nothing to do with “true” randomness and /dev/urandom is the preferred source of cryptographic randomness on UNIX-like systems.
If the chmod binary was set to 000, how would you fix it? You can face a problem with /bin/chmod permission denied so you will be not able to apply for permissions. There is a method to recover it by reinstalling coreutils
# ls -ls /bin/chmod
60 -rwxr-xr-x 1 root root 58584 Nov 5 20:46 /bin/chmod
# chmod 000 /bin/chmod
# ls -ls /bin/chmod
60 ---------- 1 root root 58584 Nov 5 20:46 /bin/chmod
# uname -a
Linux centos-01 3.10.0-514.6.1.el7.x86_64 #1 SMP Wed Jan 18 13:06:36 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
# rpm --query centos-release
centos-release-7-3.1611.el7.centos.x86_64
[root@centos-01 ~]# ls -l
total 12
drwxr-xr-x 2 root root 4096 Apr 6 22:54 linox
drwxr-xr-x 2 root root 4096 Apr 6 22:54 pac
drwxr-xr-x 2 root root 4096 Apr 6 22:54 utils
# chmod 640 linox
-bash: /usr/bin/chmod: Permission denied
# wget http://mirror.centos.org/centos/7/os/x86_64/Packages/coreutils-8.22-18.el7.x86_64.rpm
--2017-04-06 23:23:44-- http://mirror.centos.org/centos/7/os/x86_64/Packages/coreutils-8.22-18.el7.x86_64.rpm
Resolving mirror.centos.org (mirror.centos.org)... 204.15.73.245, 2604:eb80:1:4::10
Connecting to mirror.centos.org (mirror.centos.org)|204.15.73.245|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3412144 (3.3M) [application/x-rpm]
Saving to: ‘coreutils-8.22-18.el7.x86_64.rpm’
100%[============================================================================================================>] 3,412,144 4.84MB/s in 0.7s
2017-04-06 23:23:45 (4.84 MB/s) - ‘coreutils-8.22-18.el7.x86_64.rpm’ saved [3412144/3412144]
# rpm -Uvh --force coreutils-8.22-18.el7.x86_64.rpm
Preparing... ################################# [100%]
Updating / installing...
1:coreutils-8.22-18.el7 ################################# [100%]
# ls -ls /bin/chmod
60 -rwxr-xr-x 1 root root 58584 Nov 5 20:46 /bin/chmod
# chmod 640 linox
# ls -ls
total 3348
3336 -rw-r--r-- 1 root root 3412144 Nov 20 17:26 coreutils-8.22-18.el7.x86_64.rpm
4 drw-r----- 2 root root 4096 Apr 6 22:54 linox
4 drwxr-xr-x 2 root root 4096 Apr 6 22:54 pac
4 drwxr-xr-x 2 root root 4096 Apr 6 22:54 utils
Reinstalling coreutils also works on Apt based systems.
Sometimes sysadmins Linux need to save data safety and to this, it is recommended to compress the data. We have some methods or commands for compression on Linux. So frequently asked questions could be why should I use this command instead of another one example, why should I use tar instead of zip. To answer this, you should know the difference between the two.
tar is only an archiver whereas zip is an archiver and compressor. Tar uses gzip and bzip2 to achieve compression. With using tar command, we preserve metadata information of file and directories like seiuid, setgid and sticky bitinformation which are very important while zip doesn't preserve theses information. It is very important for criticals information. Other advantages of using tar is the fact that it assembles all the files into a single file to compress directly while zip compress file by file.
In the work of sysadmin, we can sometimes want to check open ports on our remote server. But if we are on a machine where can not install nmap or we don't have the possibility to install a tool which can help us to check open ports, what could we do?
We can check it with bash using /dev/tcp
or /dev/udp
to open a TCP or UDP connection to the associated socket. The command behavior is:
$ echo > /dev/tcp/$host/$port
we can associate a message to display if the port is opened
$ echo > /etc/tcp/8.8.8.8/53 && echo "OPEN PORT"
OPEN PORT
$ echo > /dev/tcp/8.8.8.8/80 && echo "GOOD" || echo "NOT OPEN"
-bash: connect: Connection timed out
-bash: /dev/tcp/8.8.8.8/80: Connection timed out
NOT OPEN
Systemd is well designed. It was conceived from the top, not just to fix bugs, but to be a correct implementation of the base system services. A systemd, may refer to all the packages, utilities and libraries around daemon. It was designed to overcome the shortcomings of init. It itself is a background process which is designed to start processes in parallel, thus reducing the boot time and computational overhead. It has a lot other features as compared to init while Sysvinit was never designed to cope with the dynamic/event-based architecture of the current Linux kernel. The only reason why we still use it today is the cost of a migration.
It is not just init. It unifies, in fewer lines of code, everything that is related to starting services and managing session groups: user login, cron jobs, network services (inetd), virtual TTY management… Having a single system to handle all of that allows us to remove a lot of cruft, and to use less memory on the system.
For Linux sysadmins, it is frequent to access servers by ssh. But are we sure the communication established is really good secured? There some additionals very simple steps that can be taken to initially harden the SSH service, such as:
LVM is a logical volume manager. It requires to resize filesystem size. This size can be extended and reduced using lvextend
and lvreduce
commands respectively. You can think of LVM as dynamic partitions, meaning that you can create/resize/delete LVM partitions from the command line while your Linux system is running: no need to reboot the system to make the kernel aware of the newly-created or resized partitions. LVM also provides:
When user create a file or directory under Linux or UNIX, it created with a default set of permissions. In most case, the system defaults may be open or relaxed for file sharing purpose. The user file-creation mode mask (umask) is used to determine the file permission for newly created files. It can be used to control the default file permission for new files.
It acts as a set of permissions that applications cannot set on files. It's a file mode creation mask for processes and cannot be set for directories itself. Most applications would not create files with execute permissions set, so they would have a default of 666
, which is then modified by the umask.
As you have set the umask to remove the read/write bits for the owner and the read bits for others, a default such as 777
in applications would result in the file permissions being 133
. This would mean that you (and others) could execute the file, and others would be able to write to it.
If you want to make files not be read/write/execute by anyone but the owner, you should use a umask like 077
to turn off those permissions for the group & others.
The default umask on Ubuntu is 0022
which means that newly created files are readable by everyone, but only writable by the owner:
# umask
0022
# touch file
# ls -l
total 3340
-rw-r--r-- 1 root root 3412144 Nov 20 17:26 coreutils-8.22-18.el7.x86_64.rpm
-rw-r--r-- 1 root root 0 Apr 7 04:00 file
# umask 133
# umask
0133
# touch new-file
# ls -l
total 3336
-rw-r--r-- 1 root root 3412144 Nov 20 17:26 coreutils-8.22-18.el7.x86_64.rpm
-rw-r--r-- 1 root root 0 Apr 7 04:00 file
-rw-r--r-- 1 root root 0 Apr 7 04:00 new-file
When we schedule task in cron jobs, we have the possibility to use cron and anacron. But there is a frequently asked question which should be and what are the particularity of the two commands?
Both cron
and anacron
are daemons that can schedule execution of recurring tasks to a certain point in time defined by the user. The main difference between cron
and anacron
is that the former assumes that the system is running continuously. If your system is off and you have a job scheduled during this time, the job never gets executed.
On the other hand anacron
is 'anachronistic' and is designed for systems that are not running 24x7. For it to work anacron
uses time-stamped files to find out when the last time its commands were executed. It also maintains a file /etc/anacrontab
just like cron
does. In addition, cron.daily
runs anacron everyhour. Also, anacron
can only run a job once a day, but cron
can run as often as every minute so
cron
gives minimum granularity in minute while Anacron
gives it in daysCron
expects the system to be up and running while the Anacron
doesn’t expect the system to be up and running all the time. In case of Anacron, if a job is scheduled and the system is down that time, it will execute the job as soon as the system is up and running so cron
is ideal for servers while anacron
is ideal for desktops and laptops.cron
should be used when you want a job to be executed at a particular hour and minute while Anacron
should be used in when the job can be executed irrespective of the hour and minute.File systems, in general, have two parts: the metadata or the “data” about the data and the data itself. Metadataconsist of information about the data. More precisely it includes information such as the Access Control List (ACL), the date the file was modified, file owner, file permissions, size of file, device ID, uid of the file, etc. This type of information is key to a file system otherwise we just have a bunch of bits on the storage media that don’t mean much. Inodes store this metadata information and typically they also store information about where the data is located on the storage media.
In a file system, inodes consist roughly of 1% of the total disk space, whether it is a whole storage unit (hard disk, thumb drive, etc.) or a partition on a storage unit. The inode space is used to track the files stored on the hard disk. The inode entries only points to these structures rather than storing the data. Each entry is 128 bytes in size.Space for Inodes is allocated when the operating system or a new file system is installed and when it does its initial structuring. So this way we can see that in a file system, the aximum number of Inodes and hence maximum number of files are set. Now, the above concept brings up another interesting fact. A file system can run out of space in two ways:
To get a listing of an inode number, use ls -i
command.
ls -li
total 3336
57741 -rw-r--r-- 1 root root 3412144 Nov 20 17:26 coreutils-8.22-18.el7.x86_64.rpm
57725 -rw-r--r-- 1 root root 0 Apr 7 04:00 file
57736 -rw-r--r-- 1 root root 0 Apr 7 04:00 new-file
# ls -li new-file
57736 -rw-r--r-- 1 root root 0 Apr 7 04:00 new-file
# find /root -inum 57736
/root/new-file
It is possible that we have free storage space but still we cannot add any new data in file system because all the Inodes are consumed. the df -i
command will show that. This may happen in a case where file system contains very large number of very small sized files. This will consume all the Inodes and though there would be free space from a Hard-disk-drive point of view but from file system point of view no Inode available to store any new file.
A storage unit can contain numerous small files. Each file takes up 128 bytes of the inode structure. If the inode structure fills up before the data storage of the disk, no more files can be copied to the disk. Once inode storage is freed in the structure, the storage unit can have files written to it again.
# touch test-file
touch: cannot touch 'test': no space left on device
# df -Th
Filesystem Type Size Used Avail Use% Mounted onFilesystem
udev devtmpfs 3.9G 0 3.9G 0% /dev
tmpfs tmpfs 788M 10M 778M 2% /run
/dev/sda6 ext4 44G 24G 18G 59% /
/dev/sda7 ext4 103G 74G 24.0G 71% /home
/dev/sda2 vfat 95M 29M 67M 31% /boot/efi
# df -i
Filesystem Inodes IUsed IFree IUse% Mounted on
udev 1002898 650 1002248 1% /dev
tmpfs 1008079 1128 1006951 1% /run
/dev/sda6 2875392 617635 2257757 22% /
/dev/sda7 6815744 80342 6735402 100% /home
you can see that in /dev/sda7 we have available space but because of inodes full, we can't create any file on the disk.
There is a lot of questions that can face most Linux sysadmins and that is a guide to answer to theses questions. You can face it during an interview or when troubleshooting. For a better answer, you need to understand the functioning provided in this topic. You can add comments below if you find some question which is mostly asked.