Establish a theory of probable cause/question the obvious.
Test the theory to determine the cause.
Establish a plan of action.
Implement the solution or escalate the issue.
Verify full system functionality.
Implement preventive measures.
Perform a root cause analysis.
2. Administering users and group
Manage user accounts:
User configuration file:
User accounts are stored in text files. Admins dont edit these files directly but use commands to manage user accounts
User data are stored in: (each value is separated with a colon)
/etc/passwd: all users have read permissions
user name
password as x
userID
groupID
comment: usually user full name
home directory path
default shell path
ex: vscode:x:1000:1000::/home/vscode:/bin/bash
/etc/shadow: only root can access
username
hashed password
days since last pw changed, count from jan 1 1970
days before pw may be changed
days before pw must be changed
days until user is warned to change pw
days after pw expire that account is disabled
days until account expire
unused fields
System and User Profiles
Shell features such as command history are unique to each user and stored in the individual user’s home directories.
As a sysadmin, you can use a few different files to set the system up the way your institution prefers.
Use /etc/profile to set system-wide environment variables and startup programs for new user shells.
Use /etc/bashrc to establish system-wide functions and aliases for new user shells.
Users can customize their preferred settings as well.
The ~/.bash_profile sets user-specific environment variables for new Bash shells, and ~/.bashrc runs when noninteractive shells are launched.
The user-specific configuration files take precedence over system files
Sysadmin can store files in the /etc/skel directory and have those files copy automatically to the home directory of any new user.
for pre-populating configuration files such as .bashrc with suggested settings for users or for distributing documents all users should have access to.
Account Management Commands
The /etc/login.defs file to define default account settings, including home directory location, preferred shell, and account expiration values.
contains the user mailbox location, password aging values, the UID and GID ranges, home directory creation, the default umask, and the password encryption hash
Options of the commands below can override the default values
Only authorized users may create, modify, or remove user and group accounts. The root user can do this, as can anyone else delegated such privileges via sudo.
Halt any active processes associated with the user. If the delete attempt fails, check for any running processes belonging to the user.
The ps command can be helpful for identifying processes.
killall command to halt or kill all processes for the user is: sudo killall -u {username}
Be sure to add the -r option to the userdel command if you want the user’s home directory deleted when the account is created.
Troubleshoot User Login Issues
If the account exists, confirm that a password is set.
Display the contents of /etc/ shadow, and verify a hashed password exists.
Use the passwd command to set a password if one did not exist.
If the account exists and a password is set, the user may have forgotten the correct password.
Other than the superuser, no other user can change the permissions of an object that is owned by someone else
Configure attributes:
The immutable flag is an attribute of a file or directory that prevents it from being modified, even by the root user. In other words, no one can delete, rename, or write to an immutable file.
The immutable flag is not set on all files. A single directory can have a mix of mutable and immutable files and subdirectories. Also, an immutable subdirectory can have mutable files.
The ext2, ext3, ext4, and XFS file systems all support hard and symbolic links.
Data sits on disk, the file name is a hard link to the data; and soft link points to hard link
Hard link:
a reference to another file of same file system, no directories
it enables the file’s data to have more than one name in different locations in the same file system.
Applications treat a hard link as a real file.
If the original file is deleted after a hard link is created, all its contents will still be available in the linked file.
This is because the inode of a hard link is the same as its target; in other words, it points to the same object on the file system.
symbolic (soft) link
reference to a file or directory that can span multiple file systems.
similar to a shortcut
If the original file or directory is deleted after a symbolic link is created, then the original content is lost. This is because the inode of a symbolic link is different from its target; in other words, it points to a different object on the file system
takes the output of one command and makes it the input of another.
One of the most common uses of pipe is in combination with grep command
Redirectors
Text stream:
a stream of one or more lines of text that applications can read from or write to a particular device or system component.
There are three stream types:
Standard input, or stdin, is a text stream that acts as the source for command input.
e.g. mouse and keyboard
standard output, or stdout, is a text stream that acts as the destination for command output.
By default, standard output from a Linux command is directed to the CLI.
standard error, or stderr, is a text stream that is used as the destination for error messages.
By default, the standard error stream prints error messages at the CLI.
Redirection is the process of accepting input data from a source (other than the keyboard) and sending output data to a destination (other than the display device)
Redirection is commonly used to accept input from files or send output to files using the stdin, stdout, and stderr streams
Redirector ops:
>: redirect stdout to a file
ex: ls > file.txt overrides the file with ls content
>>: append stdout to a file
2>: redirect stderr to a file
2>>: append stderr to a file
&>: redirect both stdout and stderr message to a file
<: read input from a file
<<(string): Provide input data from the current source, stopping when a line containing the provided string occurs. When placed in a script, this is called a here document.
Command modifiers:
Manipulate the commands, not the output.
Background a command &:
Normally, when a command is executed, it consumes the shell until it completes.
./job.sh & executes the line in background
Chain commands
Piping |
process of combining the standard I/O streams of commands
use stdout of 1 command as stdin of another
;
If the semi-colon character is placed between commands, they are run one after another, regardless of whether the previous command completed successfully.
&&
If the logical AND is placed between commands, the following command is only run after the previous command completed successfully. Useful for commands that rely on each other’s success.
||
If the logical OR is placed between commands, the following command is only run if the previous command fails.
!
If the bang is placed in a command expression, it negates the expression. Used as a way of stating “except this.“
if ! [ -f /path/to/file ]; then echo "File does not exist." fi
cut command: extracts the specified lines of text from a file
paste command: used to merge lines from text files horizontally. Each line of an initial file is a row in the first column; using paste, you specify a second file, and every line of the second file becomes a row in a newly created second column.
By default, the paste command uses a tab space delimiter to separate each column. You can use the -d option to specify a different delimiter.
diff command: used to compare text files. The command displays the two files and the differences between them.
the output suggests how you can change one file to make it identical to the other. Each symbol has a special meaning. The less-than symbol (<) with a line after it means that line should be removed from the first file because it doesn’t appear in the second. The greater- than symbol (>) with a line after it means that line should be added from the second file.
awk command: performs pattern matching on files. It is based on the AWK programming language.
The awk keyword is followed by the pattern, the action to be performed, and the file name.
sed command: to modify text files according to various parameters. The sed command can also be used for global search and replace actions.
Good to perform integrity check to ensure backup files have not changed
Use
6. Manage software
Software management
Compiling source code:
There are 2 ways software applications are managed: Red Hat-based and Debian Linux-based
Package management
Compiling software
Software installed are precompiled
Software is compiled at user’s device
not experiemental
more optimized for hardware and kernels as options can be chosen
complicated
Software packages
Package manager: install; maintain; tracker version, location, documentation; remove software and has a database that can report information about packages
Repository: a storage location for software packages
3 location types:
Local repositories: easy installation but version control is hard
Centralized internal repositories: These repositories are stored on one or more systems within the internal LAN and managed by the Linux administrator.
Vendor repositories: These repositories are maintained on the Internet, often by the distribution vendor.
Modern package managers install supporting applications automatically, ensuring that a single installation command provides the user with everything needed to run the program.
Manage RPM software packages and repo
Red Hat Package Managers
Packages for Red Hat–derived distributions use the .rpm file extension
Both RPM and YUM are superseded by Dandified Yum (DNF), which includes all the same functionality as both with additional plugins and features
Sysadmin can control available repositories include:
software version control: avoid beta by default
application installation control
Vendor control
bandwidth control
Admin use config files to inform package managers which repo are allowed and where they can be found in local network or internet
Manage config files for RPM repos
Sysadmins often prefer to maintain an internal repository on a local server that is referenced by all other Linux systems. This provides complete control over software availability and versions.
Sysadmins customize which repositories APT accesses. Repositories are exposed to APT in the /etc/apt/sources.list file and in the /etc/apt/sources.list.d/ director
/etc/apt.conf: The file contains settings that are loaded when APT starts and controls installation priorities, proxies, and other settings. Depending on the distribution, the configuration file may be found at /etc/apt.conf, /etc/apt/apt.conf, or along other paths.
Compile from source code
Commands
3 step process
the system mus be checked and compile instructions must be created
uses a configure script to ensure the necessary dependencies and compilers are available. The configure script creates a makefile containing the instructions for compiling the software.
./configure
source code is compiled to machine language
In most cases, once the makefile is created, simply issuing the make command without arguments will compile the application. The make command automatically looks for the makefile in the current directory.
new software is installed
The make install command installs the program, placing the appropriate files in the appropriate locations (configuration files, log files, and so on). The software is now available and ready to run
Remove compiled software
The makefile includes all directories and files created during the installation process. Examine this file, and remove each file and directory specified in the makefile.
A sandbox is a virtual machine or container that isolates the application from the rest of the system and mediates communication between hardware resources and the program
An althernative is the chroot command, tells an application that a given dir is the highest point in filesystem, its still used today
users can manage software on a system-wide or per-user basis
Repositories called “remotes” store software distributed as flatpaks
App image
AppImage applications are distributed and managed as a single file containing everything needed to run the application. Application developers decide what distributions to support and then ensure that all needed dependencies and libraries are included with the AppImage file. AppImage applications are standalone components, and while they can be installed in the traditional manner, they do not have to be. They can be accessed and run as mounted drives