pwd - to inquire the present working directory mkdir folder_name : command used to create a new folder.

mkdir location/folder_name : creates the folder at the specified location. Example:- mkdir /home/ubuntu/Desktop/kk3/Yuvi ; it will create a folder named "Yuvi" in the given location.

mkdir folder1 folder2 folder3 : creates multiple folders in a single command mkdir folder{1..10} : This creates 10 folders within a single command ie. folder1, folder2, folder3 etc would be created.

mkdir .folder : Creates hidden folder ls: This command is used to list the files and folders ls -a : "-a" option will show all files and folders, including hidden ones

clear : to clear everything

history : shows history of previously executed commands

mkdir "abc def" : It will create a folder named abc def.

mkdir kk2/kkc : It will create a folder named "kkc" inside an existing folder named kk2.

mkdir kk2/kkc/kk1 : It will create a folder named "kk1" inside an existing folder named kkc, which is present inside an existing kk2. If we want to create a subdirectory, but the parent directory does not exist, we need to provide the option -p, which specifies parent: mkdir -p /abc/def . This would create the folder def even if folder abc is not present.

If we want to run multiple commands within a single line, we use the semicolon symbol. eg: mkdir /home; cd /home ; ls. This one command would execute three things simultaneously: create a folder, goes inside that folder and lists the items with the folder. cd /path/to/directory : changes the current working directory to the specified path.

cd - :previous working directory

cd .. :one step back into the directory

cd / - To navigate to the root directory

The rm command lets you delete a file or directory passing its name: "rm filename" or "rm -d directory" or "rm -r directory".

`rm -r`: Remove directories recursively

The -r (or --recursive) option tells rm to remove directories and their contents, including all files and subdirectories.
It is used when you want to delete a directory and everything inside it.
This command removes mydir, mydir/subdir, and all files within them.

`rm -d`: Remove empty directories only

The -d (or --dir) option tells rm to remove empty directories. It will not work if the directory contains any files or subdirectories.
It is useful for deleting empty directories without affecting others.
This command removes emptydir because it is empty.
So, if you try to use rm -d on a non-empty directory, you’ll get an error “rm: cannot remove 'kkdir': Directory not empty”
Use of “*” option :

“rename” Command Examples :

1. Change File Extension:

change the file extension from .txt to .pdf with: rename -v 's/.txt/.pdf/' *.txt command

2. Replacing a Part of a Filename:

To rename example1.txt, example2.txt, and example3.txt to test1.txt, test2.txt, and text3.txt, use:

rename -v 's/example/test/' *.txt command

3. Delete a Part of a Filename:

The rename option also allows you to delete a part of the filename by omitting the replacement part of the expression. For instance, if we want to shorten example into ex: we can use

rename -v 's/ample//' *.txt command

4. Rename Files with Similar Names:

Another use for the rename option is to rename files with similar names. For instance, if we want to rename files with example and sample in their name to test, use this command:

rename -v 's/(ex|s)ample/test/' *.txt

5. Rename Files Character-by-Character:

If you want to rename multiple files named example file by replacing the blank space with an underscore (_), use:

Important Notes :

Dry Run: To test the rename operation without making actual changes, use the -n option:
```
  rename -n 's/old/new/' old_*.txt
```
“This will show you what files would be renamed, without actually renaming them.”
Backup: Always back up important files before performing bulk renaming.

Some More Examples:

renamed kk7 folder to kk4

result of renaming a file with single underscore with double underscore:

y vs s in rename:

man - manual for any command for help or more information. For example: If we use man rm command , then we get the output as :-

touch file1_name: This would create a single file of the specified name

touch file1_name file2_name : This would create both the files simultaneously

touch kish/kk.txt : It creates a kk.txt file inside the existing folder named kish

touch abc{1..10} : 10 files would be created simultaneously like abc1, abc2, abc3, abc4 etc.

touch .myfile : This would create a hidden file.

There are 2 main duties of touch command: Updating the timestamp and creating the file

stat file.txt: This command would show the timestamp for the file and if we run the command "touch file.txt", it would update the timestamp for the file.

cat myfile.txt : This command would list the contents of the file.

cat -n myfile.txt: This would number the lines and then present the output

tac myfile.txt : This would present the lines of data in reverse order.

tac -n myfile.txt : This would result in an error as -n option would not work along with the tac command. INSTEAD , we can use the command "tac myfile.txt | nl"

Head and tail command: Used to read a file's content Whenever we use other commands such as cat command, it shows the entire content of the file which makes it difficult to read when the content is huge. This is where the head command and tail command comes in play. If we write head file_name, it shows only the first 10 lines from the file's content. We can also specify the number of lines we want the output to show, 10 is the by default number which is present as the argument. head -n 15 file_name is the command which can list 15 number of initial lines from the file content. Whereas if we use tail, it prints from the bottom, unlike head command which prints from the top. -n option works in a similar way for tail command as it does for the head command. This is useful where we need to read the logs. tail -F is the command which opens the file in the real time and will keep on showing the content as and when added in the particular file. EXAMPLE:- "head -n 3 myfile.txt" is the command which can list 3 number of initial lines from the file content.

cp existing_file.txt backup/ :- This command copies the file "existing_file.txt" to the "backup" directory. NOTE:- -r specifies the argument: redundantly. -f option specifies forcefully, usually used when we want to copy a file which is opened somewhere. -v option specifies the argument verbose, shows details of the output. -n option specifies no overwrite: Which implies that only the new added files are to be copied and rest are to be ignored.

cp -r folder1 folder2 :- This will copy the entire folder1(along with its contents) to the folder2.

cp -rvf file1 file2 file3 backup/ : Used to copy multiple files to the "backup" directory.

mv old_file.txt /path_to_new_location : This command moves the file "old_file.txt" to the specified directory.

Variable :-

/script.sh : this command runs the "script.sh" file.

NOTE:- When you use sudo su, you switch to the superuser (root) account, and your command prompt changes from a regular user prompt ($) to a superuser prompt (#). This indicates that you are now operating with elevated privileges.

vim: sudo apt install vim . i - Enter Insert Mode (start editing). Esc - Exit Insert Mode (return to normal mode). :w - Save changes :wq - save changes and quit :q! - quit without saving (force exit).

Commands to reboot :-

systemctl reboot - gracefully reboots the OS which means that all the other processes running will first shut down and then the OS will reboot

reboot - alias of the previous command.

init 6 - forcefully reboots the OS

shutdown -r 5:30 - Reboots the OS at the scheduled time

shutdown -r +15 - Reboots the OS after specified number of minutes

shutdown -c - Command to cancel the reboot instruction provided to the OS

shutdown -r - now Reboots the OS then and there.

Commands to shutdown :-

systemctl poweroff - gracefully shuts down the OS which means that all the other processes running will first close and then the OS will shutdown

poweroff - alias of the previous command.

init 0 - forcefully shuts down the OS

shutdown -h 5:30 - shuts down the OS at the scheduled time

shutdown -h +15 - shuts down the OS after specified number of minutes

shutdown -h now - shuts down the OS then and there.

“Linux isn't an operating system . It's a kernel”:

Kernel: The core part of an operating system that controls hardware and manages system resources (CPU, memory, devices). It acts like a bridge between hardware and software.
- Example: Imagine the kernel as the engine of a car. It powers everything but doesn’t directly interact with the driver.
Operating System (OS): A complete package that includes the kernel along with tools, applications, and interfaces to help users interact with the computer.
- Example: The OS is like the car, which includes the engine (kernel) plus seats, steering wheel, and other tools to drive it.
Linux, created by Linus Torvalds in 1991, is just the kernel, not the whole OS. It doesn’t include other components like a desktop environment, file manager, or applications.
Developers combine the Linux kernel with other tools (e.g., GNU tools, desktop environments like GNOME) to create a Linux-based OS. Example: Ubuntu (Debian-Based) , Fedora (Red Hat-Based), etc.
NOTE : GNU Tools: Command-line tools and utilities for interacting with the Linux kernel.

GNOME Tools: Graphical tools and applications for a user-friendly desktop experience.

Together, GNU tools and GNOME tools make Linux-based OSes versatile and accessible for both developers and regular users. GNU: Stands for “GNU’s Not Unix. GNOME: Stands for "GNU Network Object Model Environment."

Linux Directory Structure:

FOR EXAMPLE : On using the command ls -l /etc , we get :-

LINUX TIME MANAGEMENT :

1. System Clock vs. Hardware Clock

System Clock: Runs in the operating system (software-based). Tracks time while the system is on.
- Commands: Use timedatectl or date to check/set it.
- Example: Like your phone's clock that updates dynamically when the phone is on.
Hardware Clock: A physical clock in the computer's motherboard. Keeps time even when the system is off.
- Command: Use hwclock to check/set it.
- Example: Like a wristwatch that works even when you're not using it.

Key Point: Both clocks should match for accurate time.

2. NTP (Network Time Protocol)

Purpose: Ensures all systems in a company have the same, accurate time by syncing with a central time server.
Cloud Times (e.g., IST): NTP servers sync with global time services, like IST (Indian Standard Time).
- Example: Think of NTP as a radio tower that sends accurate time signals to all nearby devices.

USE OF “date” command :

To set date , we can use the command date MMDDhhmmYYYY.ss :

On using date --help command , we can see various other options related to date command like:

USE of “hwclock” command :

USE of “timedatectl” command:

Command to set time zone :

Commands to Enable NTP (to sync time automatically with the internet) and Disable NTP (to stop automatic time synchronization) :

Chrony configuration file:

Chrony is a tool for managing NTP (Network Time Protocol) in Linux systems.

Use sudo vim /etc/chrony/chrony.conf to edit the configuration file.
The chrony.conf file contains various settings for time synchronization, including NTP servers. If you want to change the NTP servers, look for lines that begin with server or pool, and modify them.

NOTE: iburst helps your computer sync its time faster with an NTP server. Instead of waiting for a long time, it sends a few quick requests at the start to speed up the process.

Use the ifconfig command to get the inet and put that value after “allow ………”, like this:

Then save and exit the file.

After modifying the configuration, restart the Chrony service to apply the changes:

sudo systemctl restart chronyd
To check the status of the Chrony service and ensure it’s synchronizing correctly, use the command :

chronyc tracking

NOTE: 1) The chronyc sources command lists the time sources that Chrony is using or has used. These sources can be remote NTP servers or local reference clocks.

The chronyc clients command monitors clients syncing with your Chrony server. A client is typically a machine or device syncing its time with your Chrony server.

The above picture shows that currently no clients are synced with our chrony.

………………………………………….

LINUX FILTER COMMANDS :

We have already learnt a few filter commands like cat, tac, head, tail, etc. Let us learn the remaining filter commands one by one.

wc command : The wc (word count) command in Linux is used to count lines, words, characters, and bytes in files or input data. It's a versatile tool for quickly analyzing the size and structure of text data.

2)| (pipe) command : The | (pipe) command in Linux is used to pass the output of one command as the input to another command. This allows chaining multiple commands together to perform complex tasks efficiently. Syntax : command1 | command2 .

Example: Combine cat and wc to count the number of lines in a file :-

The cut command in Linux is used to extract specific sections of text or data from each line of a file or input stream.

Examples

1. Extract Specific Characters:

2. Extract Specific Fields

Extract specific fields from a CSV file using a comma as a delimiter:

Explanation: The -d',' sets the delimiter to a comma, and -f2 extracts the second field.

3. Extract Multiple Fields

Extract multiple fields from a file:

Explanation: Extracts the 1st and 3rd fields.

4. Extract Specific Bytes

Extract specific bytes from each line:

5. Using `--complement`

Exclude specific fields:

6. Using cut with a File :

One more IMPORTANT example :

BUT if we use cut command to extract the 5th field , we get :

This issue is happening because of the “spaces” . So , this is the limitation of “cut” command. Thus, in such cases we can use the “awk” command. For instance:

The “awk” command : MOST USEFUL LINUX FILTER COMMAND

Syntax : awk option 'pattern {action}' file

pattern: Specifies when the action should apply
action: What to do when the pattern matches
file: The file to process

If no pattern is provided, the action applies to all lines.

Let’s see some examples related to the uses of awk command :-

USECASES:

Suppose I want to display details related to directories only :

NOTE : ^ matches the beginning of the line.

Suppose I want to display names of all the files only :

Suppose I want to display all the items whose timestamp is Dec 19 :

Suppose I want to list all the files and directories in the root (/) directory and prints the details of those whose size (in bytes) is greater than 4096 :

Suppose I want to display the line number and the number of fields along with all the items :

Suppose I want to filter and print the details (line number, file details, and number of fields) of directories (under root directory) that have the permissions drwxr-xr-x :

Suppose I want to count and print the number of files or directories in the root (/) directory that were last modified in December :

Importance of the “$” symbol :

Importance of the “column -t” option :

use of OFS option : The OFS (Output Field Separator) option in awk sets the string used to separate fields in the output. By default, OFS is a space, but you can customize it to change how fields are separated in the output.

The “sed” command : The sed (stream editor) command in Linux is particularly powerful for editing text on the fly in shell scripts.

BASIC SYNTAX : sed [options] 'command' file

Use Cases :-

1. Substitute Text (`s`) :

2. Delete Lines (`d`)

Remove specific lines.
Example: Delete the 2nd line in a file.

Delete all lines containing "KK":

3. Print Specific Lines (`p`) :

See the below results :

NOTE : 1) sed command prints each line by default, the p command duplicates the output. Thus, each line is printed twice on using sed ‘p’ para.txt . In order to prevent this repetition , we shall use the -n option. The -n disables the default behavior of printing every line, and the p command selectively prints the lines.

sed -n '/to/p' para.txt . This command tells sed:

Use -n to suppress automatic printing.
Only print lines containing the pattern to.

4. Insert or Append Text:

Insert (i): Add a line before the specified line. For e.g: sed '4i\Hello World' para.txt
Append (a): Add a line after the specified line. For e.g: sed '2a\This is an appended line' para.txt

5. Replace Text on a Specific Line

Example: Replace "old stuff" with "new stuff" on the 3rd line.

6. Change Text (`c`)

Replace entire lines matching a pattern.
Example: Replace all lines containing "situation" with "blablabla".

7. Multiple Commands

Use the -e option or semicolons to chain commands.
Example: Delete the 1st line and replace "was" with "is".

8. Edit In-Place { VERY IMPORTANT}

Modify the file directly using -i.
Example: Replace "panic" with "no panic" in the file.

NOTE:

-i: In-place editing: Makes changes directly to the file (para.txt) instead of outputting to the console or creating a new file.
g: Global flag ensures all occurrences in each line are replaced, not just the first one.

9. Apply Ranges

Apply commands to a range of lines.
Example: Delete lines 1 to 3.

10. Substitute Using File {IMPORTANT}

Replace patterns using a script file:

The “more” and “less” commands :

1. `more` Command:

The more command lets you view files or output one screen (page) at a time.

Examples

Viewing a File

View a file named para.txt:

Pipe Command Output

Use more with a long command output:

Navigating:

Spacebar: Move forward by one screen.
Enter: Move forward by one line.
q: Quit the more viewer.

2. `less` Command

The less command is more advanced than more, offering bidirectional navigation and additional features.

Examples

Viewing a File

View a file named para.txt: On using the less para.txt command , we get:-

Search for Text

Search for "was" in the file:

Type /was and press Enter to search forward.
Use n to find the next match.
Use N to find the previous match.

Display Line Numbers

Enable line numbers: Use the command less -N para.txt

Pipe Command Output

View the output of a command using less: On using the command ls -l /etc | less , we get:

Navigating

Spacebar: Move forward by one screen.
b: Move backward by one screen.
Enter: Move forward by one line.
Arrow Keys: Navigate line by line.
q: Quit the less viewer.

The “grep” command :

The grep command in Linux is a powerful tool used to search for specific patterns within files or streams of text. It stands for Global Regular Expression Print.

Examples

1. Search for a Simple String:

2. Case-Insensitive Search

The -i option makes the search case-insensitive, so it matches "Was", "WAS", "was", etc.

3. Search in Multiple Files

This searches for "Kishaloy" in both who.txt and info.txt.

4. Display Line Numbers

The -n option shows the line numbers of matching lines.

5. Count Matches

The -c option counts the number of lines that contain the pattern.

6. Display Only Matching Parts

The -o option outputs only the matched parts of a line, not the entire line.

7. Highlight Matches

The --color=auto option highlights the matching text for better visibility.

8. Search Recursively in Directories

The -r option searches recursively through all files in the specified directory and its subdirectories.

Examples:
1. The “find” command : The find command in Linux is a versatile and powerful tool for searching files and directories based on various criteria like name, size, type, permissions, and more. It can search recursively through directories and is especially useful for complex searches.

SYNTAX : find [path] [expression]

path: The directory to start the search (default is the current directory if omitted).
expression: The conditions or filters for finding files (e.g., name, size, type).

Examples

1. Find Files by Name

find /path/to/search -name "filename"

Searches for a file named filename in the specified path.

2. Case-Insensitive Name Search

find /path/to/search -iname "filename"

The -iname option makes the search case-insensitive.

3. Find Directories

4. Find Files by Extension

Advanced Usage

1. Find Files by Size

SIZE can be:
- c: Bytes
- k: Kilobytes
- M: Megabytes
- G: Gigabytes

Examples:

Finds files larger than 1 MB and 1 kB

.
Finds files smaller than 500 KB.

2. Find Files by Modification Time

Example:

Finds files modified in the last 7 days.

3. Find Files by Permissions

Matches files with specific permissions .

Example:

Finds files with 755 permissions.

4. Find Empty Files or Directories

find /path/to/search -empty

Finds empty files and directories.

User Management in Linux:

User management in Linux refers to creating, managing, and organizing user accounts. These accounts determine who can access the system, what they can do, and how the system interacts with them.

Types of Users in Linux

Super User
- Who? The most powerful user in Linux, also called root.
- Identifiers:
  - UID (User ID): Always 0.
  - GID (Group ID): Also 0.
- Home Directory: /root. This is the personal directory for the root user.
- Default Shell: /bin/bash. The command-line interface used by the root.
- Purpose: Has unrestricted access to everything in the system, including critical files and system settings. Root can install software, manage users, and modify any file.
- Example:
  Think of the root user as the CEO of a company who has access to every department and decision.

System Users
- Who? Special users created by the system to run services and applications like dns, dhcp, ftp, mail, httpd, etc.
- Identifiers:
  - UID: 1-999 (reserved range for system users).
  - GID: Same range as UID.
- Home Directory: System users usually don't need a home directory. When necessary, their home directory is often something like /var/lib/xyz.
- Default Shell: /sbin/nologin. This prevents them from logging into the system directly.
- Purpose: System users are used internally to manage services. For example:
  - httpd manages web server services.
  - dhcp handles dynamic IP allocation.
- Example:
  Think of system users as background workers in a factory—they don’t interact with the public but keep everything running smoothly.

Normal Users
- Who? Regular users created by an admin for human use. These are individuals who interact with the system for day-to-day tasks.
- Identifiers:
  - UID: 1000-60000 (default range for normal users).
  - GID: Matches the user's primary group ID.
- Home Directory: /home/{username}. For example:
  - User Alice has /home/alice.
  - User Bob has /home/bob.
- Default Shell: Usually /bin/bash or another shell like /bin/zsh.
- Purpose:
  Normal users have restricted access. They can only modify files in their home directory and require sudo (superuser privileges) to perform administrative tasks.
- Example:
  Think of normal users as employees with access limited to their desks and assigned tasks.

User Management Files

Linux stores user-related information in specific files under /etc. Here are the most important ones:

/etc/passwd
- Purpose: Contains basic information about all users.
- Format:
```
  username:x:UID:GID:comment:home_directory:shell
```
  Example:
```
  alice:x:1000:1000:Alice:/home/alice:/bin/bash
```
  - username: Name of the user.
  - x: Placeholder indicating the password is stored in /etc/shadow.
  - UID and GID: User and group IDs.
  - comment: Optional field for user description.
  - home_directory: The user's home directory.
  - shell: The user's default shell.
/etc/shadow
- Purpose: Stores hashed passwords and password-related settings.
- Format:
```
  username:hashed_password:last_changed:min_days:max_days:warn:inactive:expire
```
  Example:
```
  alice:$6$randomhashedpassword$...:19000:7:90:7:::
```
  - hashed_password: Encrypted password.
  - last_changed: Days since the password was last updated.
  - min_days: Minimum days before the user can change the password again.
  - max_days: Maximum days the password is valid.
/etc/group
- Purpose: Contains group information.
- Format:
```
  group_name:x:GID:user1,user2
```
  Example:
```
  developers:x:1001:alice,bob
```
  - group_name: Name of the group.
  - x: Placeholder for group password.
  - GID: Group ID.
  - users: Members of the group.
/etc/gshadow
- Purpose: Stores secure group information, including group passwords.

Common User Management Commands in Linux:

1. Adding a User

Command: `sudo adduser username`

This is the most user-friendly way to create a new user.
The adduser command:
- Creates a user account.
- Sets up a home directory (e.g., /home/{username}).
- Configures default shell settings (e.g., /bin/bash).
- Prompts for a password and additional user details.

Use Cases:

Creating a User with a Custom UID:
- Useful when you need specific UID ranges (e.g., for system integration).
Creating a User Without a Home Directory:
- Used for temporary users or system accounts.
Creating a User with a Specific Group:
- Adds alice to the developers group at creation.

2. Deleting a User

Command: `sudo userdel username`

Removes a user account but retains their home directory and files by default.

Examples:

Basic User Deletion:
```
 sudo userdel alice
```
- Deletes the user but leaves /home/alice intact.
Delete a User and Their Home Directory:
```
 sudo userdel -r alice
```
- Removes both the user and /home/alice.
Force Deletion of Logged-In User:
```
 sudo userdel -f alice
```
- Forcefully removes the user even if they are logged in or running processes.

Use Cases:

Employee Exit: Remove the account of an employee who has left but retain their files for reference.
System Cleanup: Remove temporary or unused accounts to maintain system security

3. Modifying a User

Command: `sudo usermod options username`

Used to alter user properties, such as shell, groups, and home directory.

Examples:

Change Default Shell:
```
 sudo usermod -s /bin/zsh alice
```
- Changes Alice's shell to Zsh.
Add a User to a Secondary Group:
```
 sudo usermod -aG developers alice
```
- Appends Alice to the developers group without removing her from existing groups.
Change Home Directory:
```
 sudo usermod -d /home/newalice alice
```
- Moves Alice's home directory to /home/newalice.
- Use -m to move files to the new location:
```
  sudo usermod -d /home/newalice -m alice
```
Lock/Unlock a User Account:
- Lock:
```
  sudo usermod -L alice
```
  Prevents Alice from logging in.
- Unlock:
```
  sudo usermod -U alice
```

Use Cases:

Role Change: Add a user to specific groups when their role changes (e.g., adding to sudo for admin access).
Restrict Access: Temporarily lock a user’s account during investigations.

4. Changing Password

Command: `passwd username`

Used to set or reset a user’s password.

Examples:

Change Password for Yourself:
```
 passwd
```
- Prompts for your current password and a new one.
Change Password for Another User (Admin):
```
 sudo passwd alice
```
Force a User to Change Password at Next Login:
```
 sudo passwd -e alice
```
Disable a Password for an Account:
```
 sudo passwd -l alice
```
- Locks the password and disables login.

Use Cases:

Account Recovery: Reset passwords for users who forget them.
Enforce Security: Force regular password changes.

5. Viewing User Information

Commands:

List All Users:
```
 cat /etc/passwd
```
- Displays all user accounts with their details.
View Groups of a User:
```
 groups alice
```
- Lists all groups Alice belongs to.
Check Detailed Account Info:
```
 id alice
```
- Shows UID, GID, and group memberships for Alice.
List All Groups:
```
 cat /etc/group
```
- Displays all system groups.
Find Recently Logged-In Users:
```
 lastlog
```
- Displays the last login time for all users.

Use Cases:

Audit: Check which users have access to specific groups.
Debugging: Investigate why a user lacks permissions by inspecting their group memberships.

NOTE : Practical Workflow Example

Let’s walk through a realistic scenario of managing a new developer account:

Create a New User:
```
 sudo adduser devuser
```
Set Password:
```
 sudo passwd devuser
```

Add to Groups:

 sudo usermod -aG sudo,developers devuser

Force Password Change at Next Login:
```
 sudo passwd -e devuser
```
View User Info:
```
 id devuser
 groups devuser
```
Temporarily Lock the Account:
```
 sudo usermod -L devuser
```
Delete the User (After Resignation):
```
 sudo userdel -r devuser
```

How to Read the Shadow File :

The /etc/shadow file is a critical component of user management in Linux. It stores encrypted passwords and related information for user accounts. This file is only accessible by the root user or users with elevated privileges because it contains sensitive data.

Structure of `/etc/shadow`

Each line in the /etc/shadow file corresponds to a user account and contains the following fields separated by colons (:):

username:encrypted_password:last_changed:min_age:max_age:warning:inactive:expire

Here’s a breakdown of the fields:

username: The name of the user account.
encrypted_password: The hashed password or placeholder.
- If the value is ! or !!, the account is locked.
- If the value is empty, no password is set (not recommended).
last_changed: The date the password was last changed, stored as the number of days since January 1, 1970.
min_age: The minimum number of days before a password can be changed.
max_age: The maximum number of days a password is valid.
warning: The number of days before expiration that a warning is issued.
inactive: The number of days the account can remain inactive after password expiration before being disabled.
expire: The date the account expires, stored as days since January 1, 1970.

How to Read the `/etc/shadow` File

To view the contents:

sudo cat /etc/shadow

Example Entry:

alice:$6$randomhashedvalue$...:19234:0:99999:7:::

Explanation:

alice: Username.
$6$randomhashedvalue$...: SHA-512 hashed password.
19234: Password last changed on day 19234 since January 1, 1970.
0: No minimum age for password changes.
99999: Maximum password age is approximately 273 years.
7: Warning issued 7 days before password expiration.

Practical Use Cases

Check If an Account Is Locked:
```
 sudo cat /etc/shadow | grep alice
```
If the password field shows ! or !!, the account is locked. So, as per the above SS, the account is currently locked.
Manually Lock or Unlock a User Account:
- Lock:
```
  sudo usermod -L alice
```
  Updates the /etc/shadow file to prepend ! to the password field.
- Unlock:
```
  sudo usermod -U alice
```
  NOTE : unlocking the user's password would result in a passwordless account.
Set Password Aging Policies:
```
 sudo chage -m 7 -M 90 -W 15 alice
```
- Minimum password age: 7 days.
- Maximum password age: 90 days.
- Warning issued 15 days before expiration.

How to Read the Useradd Configuration File

The /etc/default/useradd file contains default settings for new user accounts. It defines system-wide default values used by the useradd command when creating users.

Structure of `/etc/default/useradd`

You can view the contents with:

sudo cat /etc/default/useradd

Explanation of Fields

GROUP: The default group ID for new users.
- Example: 100 is typically the users group.
HOME: The base directory for user home directories.
- Example: /home means new users will have home directories like /home/username.
INACTIVE: The number of days after password expiration before the account is disabled.
- -1 disables this feature.
EXPIRE: The account expiration date (empty means no expiration).
SHELL: Default shell for new users.
- Example: /bin/bash or /bin/zsh.
SKEL: Path to the skeleton directory.
- Files in /etc/skel are copied to the user’s home directory during creation.
CREATE_MAIL_SPOOL: Whether to create a mail spool file in /var/spool/mail for the user.

Modifying the File

To modify the defaults, use a text editor:

bashCopy codesudo nano /etc/default/useradd

Practical Use Cases

To modify the defaults, we can use the command sudo vim /etc/default/useradd

Change Default Shell for New Users: If you want all new users to use Zsh by default:
```
 SHELL=/bin/zsh
```
Set Home Directory Location: To create home directories in /custom_home:
```
 HOME=/custom_home
```
Disable Account Expiration: Ensure EXPIRE is empty:
```
 EXPIRE=
```

Save after doing all the changes :

Verify Changes: Create a new user and check the applied settings:

creating new user :

checking the applied settings :

Group Management in Linux:

Linux uses groups to manage permissions for files and directories. Groups allow you to assign access rights to multiple users simultaneously, making it easier to manage permissions for teams or roles.

What Are Groups in Linux?

A group is a collection of users. Every file and directory in Linux has three sets of permissions:

Owner: The user who created the file.
Group Owner: A group that the file belongs to.
Others: All other users who are neither the owner nor part of the group.

Types of Groups in Linux

Primary Group:
- A group automatically assigned to a user when they are created.
- Each user can belong to only one primary group.
- Example: When you create a user testuser, a group with the same name (testuser) is created as their primary group.
Secondary Group:
- Additional groups a user can belong to.
- A user can belong to multiple secondary groups.
- Example: A developer may be part of the developers, sudo, and ftp groups.

Group Management Commands

a. Viewing Groups

List all groups on the system:
```
  cat /etc/group
```
Check the groups a specific user belongs to:
```
  groups alice
```

b. Creating a Group

Create a new group:
```
  sudo groupadd DevOpsEng
```

c. Adding a User to a Group

Add a user to a group (secondary group):
```
  sudo usermod -aG DevOpsEng alice
```

So as per the above example , the user Alice belongs to the primary group Alice and , secondary groups like developers and DevOpsEng .

d. Changing a User’s Primary Group

Change the primary group of a user:
```
  sudo usermod -g developers alice
```
So now , the user Alice belongs to the primary group developers.

e. Deleting a Group

Remove a group:
```
  sudo groupdel DevOpsEng
```
Managing Group Passwords

You can protect a group by setting a password, allowing users to join it temporarily.

Steps:
1. Set a Group Password:
```
 sudo gpasswd developers
```
2. Join the Group Temporarily: A user can join the group temporarily by providing the group password:
```
 newgrp developers
```
3. Revert to Original Group: To leave the group and return to the original one:
```
 exit
```

Practical Examples of Group Management

Example 1: Setting Up a Development Team

Create a group for the team:
```
 sudo groupadd dev_team
```

Add users to the group:

 sudo usermod -aG dev_team alice
 sudo usermod -aG dev_team bob

Verify group membership:
```
 groups alice
 groups bob
```

Create a shared directory:
```
 sudo mkdir /shared
```
Set the group owner:
```
 sudo chown :dev_team /shared
```
Set permissions for the group:
```
 sudo chmod 770 /shared
```
- 7: Full permissions (read, write, execute) for the owner.
- 7: Full permissions for the group.
- 0: No permissions for others.
Verify:
```
 ls -ld /shared
```

RESULT :

Understanding the `/etc/group` File

The /etc/group file stores group information. Each line represents a group, formatted as:

    group_name:x:GID:user1,user2,...

Example:

    dev_team:x:1001:alice,bob

devteam: Group name.
x: Password placeholder (actual password stored in /etc/gshadow).
1001: Group ID (GID).
alice,bob: Members of the group.

Understanding the `/etc/gshadow` File

The /etc/gshadow file stores group passwords and administrative information.

Example entry:

dev_team:!:alice,bob:

devteam: Group name.
!: Password (if set).
alice,bob: Group members.

NOTE : In the `/etc/gshadow` file, the `` character in the second field represents that the group does not have a password set. This prevents users from joining the group temporarily by using the* `newgrp` command with a password.

Permission Management in Linux:

Permissions {chmod} :-

When you run the ls -l command in a terminal, you'll see the file permissions listed like this: " -rwxr-xr-- " Here’s what each part means:

The first character (-) shows if the item is a file (-) or directory (d). The next three characters (rwx) show the owner’s permissions: r: Read w: Write x: Execute. The next three characters (r-x) show the group's permissions. The last three characters (r--) show the permissions for others. So, in this example: The owner can read, write, and execute the file. The group can read and execute the file, but not write to it. Others can only read the file.

Example 1: Grant the owner permission to write to a file.

chmod u+w file.txt

u refers to the owner (user). +w adds write permission.

Example 2: Remove the execute permission from others.

chmod o-x file.txt

o refers to others. -x removes the execute permission.

Example 3: Give everyone read and execute permissions.

chmod a+rx file.txt

a refers to all users (owner, group, others). +rx adds both read and execute permissions.

Example 4: Give execute permission to the group for a file in Linux.

chmod g+x [file_name]

g refers to the group. +x adds the execute permission.

Few more examples :

chmod ugo-rwx xyz.txt

The code above revokes all the read(r), write(w), and execute(x) permission from all user(u), group(g), and others(o) for the file xyz.txt

chmod ug+rw,o-x abc.mp4

The code above adds read(r) and write(w) permission to both user(u) and group(g) and revoke execute(x) permission from others(o) for the file abc.mp4.

chmod ug=rx,o+r abc.c

Assigns read(r) and execute(x) permission to both user(u) and group(g) and add read permission to others for the file abc.c.

We can also use octal notations like this :-

Example : chmod 754 file.txt

7: Read, write, execute for the owner.
5: Read, execute for the group.
4: Read-only for others.

Special Permissions in Linux

Besides usual methods, Linux also offers special permission types to have more complex control over files.

1. The ‘setuid’ Command

The SET User ID permission allows user to execute programs with the previledges of its owner. Below is the example for the same:

chmod u+s __NAME__

To locate the setuid, look for an ‘s’ instead of an ‘x’ in the executable bit of the file permissions.

Normal users typically do not have the ability to set up or change their passwords by default, as this operation often requires administrative privileges. However, by applying the SetUID bit to certain files or commands, we can grant specific elevated permissions to users while maintaining security.

So, we see:

2. The ‘setgid’ Command

The setgid (Set Group ID) is a special permission in Linux that works differently depending on whether it is applied to files or directories.

What Does `setgid` Do?

For Directories:

When the setgid bit is set on a directory, all files and subdirectories created inside that directory will inherit the group ownership of the directory, not the group of the user who creates them.
This is especially useful for collaborative environments where multiple users work in the same directory and need consistent group ownership.

For Files:

When the setgid bit is set on an executable file, anyone who runs that file will inherit the group ownership of the file, regardless of their actual group.
This is useful for shared applications where group-based access is required.

How to Identify the `setgid` Bit?

The setgid bit is represented as s in the group execute position of the file/directory permissions.
For example :-
- For files: -rwxr-sr-x
- For directories: drwxr-sr-x

Command to Set `setgid`

Use the following command:

chmod g+s directoryname

Practical Real-Life Examples

Example 1: Collaborative Project Directory

Scenario: A team is working on a shared project. Files created in the project directory should always belong to the same group to avoid permission issues.

Create a shared group:
```
 sudo groupadd projectgroup
```

Add users to the group:

 sudo usermod -aG projectgroup user1
 sudo usermod -aG projectgroup user2

Create the project directory:
```
 mkdir /shared/project
```
Set the group ownership and setgid:
```
 sudo chgrp projectgroup /shared/project
 sudo chmod g+s /shared/project
```
NOTE : The chgrp command in Linux is used to change the group ownership of a file or directory.
Verify permissions:
```
 sudo ls -ld /shared/project
```
Output:

Test the behavior:
- Switch to a user in the projectgroup and create a file:
```
  su user1
  touch /shared/project/file1
  ls -l /shared/project/file1
```
  Output:
```
  -rw-r--r-- 1 user1 projectgroup 0 Jan 6 14:05 file1
```
- Note: The file's group is projectgroup, not the user’s default group.

Example 2: `setgid` on Files

The setgid (Set Group ID) bit on a file allows the file to execute with the group permissions of the file’s group, not the user running it. This is especially useful for scripts or programs that require specific group access to perform their tasks.
Scenario Explanation

You have a program (e.g., backup.sh) that needs access to files or directories that are only accessible by a specific group (backupgroup). When setgid is applied, the script runs with the permissions of its group (not the user’s group), ensuring it can access the necessary files or directories.
Steps to Implement :-

1. Create a Special Group for the Script

We create a group called backupgroup to manage permissions.
```
  sudo groupadd backupgroup
```
2. Change the File’s Group Ownership

Assign the backupgroup as the group owner of the script backup.sh:
```
  sudo chgrp backupgroup backup.sh
```
3. Apply the setgid Bit

Set the setgid bit on the script to ensure it runs with the backupgroup permissions:
```
  sudo chmod g+s backup.sh
```
4. Verify Permissions

Check the permissions of the file:
```
  ls -l backup.sh
```
Output:
So, the rws in the group permission field shows the setgid bit is active.
How it Works in Practice
1. When a User Executes backup.sh:
  - The script runs as if it belongs to the backupgroup, regardless of the user’s default group.
  - This means the script has access to any files or directories that backupgroup can access.
2. Example Use Case:
  - Assume /restricted/data is a directory accessible only by the backupgroup.
  - A regular user cannot access this directory, but if the setgid is applied to backup.sh, the script can back up files from /restricted/data because it runs with backupgroup permissions.

Test Execution

1. Create a Restricted Directory

    sudo mkdir -p /restricted/data # Also create a file inside it named kk.txt
    sudo chgrp backupgroup /restricted/data
    sudo chmod 770 /restricted/data

2. Add Users to `backupgroup`

    sudo usermod -aG backupgroup user1

3. Test the Script

Write a simple script in backup.sh to list the contents of /restricted/data:

    #!/bin/bash
    ls /restricted/data

Run the script as user1:

    ./backup.sh

RESULT :-

My Observations :-

Even though user1 may or may not have direct access to /restricted/data, the script runs successfully because it uses backupgroup permissions.
We can see above that the file can be executed by user1 but not by the user ubuntu.

Why Use setgid on Files?

Ensures scripts/programs can access restricted areas without giving direct access to users.
Maintains security by controlling access through groups.

3. The ‘sticky bit’ Command

The sticky bit is a special permission for directories that restricts the ability to delete or rename files within the directory. When the sticky bit is set on a directory, only the owner of a file (or the directory's owner) can delete or rename files in it, regardless of the directory’s write permissions for other users.

How the Sticky Bit Works

Normally, if a directory has write (w) permissions for a group or others, any user in that group or others can delete or rename files inside the directory, even if they don’t own those files.
When the sticky bit is applied to a directory, it ensures that only:
- The file owner or
- The directory owner can delete or rename files inside the directory.
Use the following command to apply the sticky bit to a directory:

chmod +t directoryname

To verify if the sticky bit is applied, use: ls -ld directoryname
You will see a t in the permissions of the directory.
- The t appears in the others execute position.

Real-Life Use Cases

`/tmp` Directory (Default Example)

Scenario: The /tmp directory in Linux is a shared space where multiple users can create temporary files.
Problem Without Sticky Bit:
- Any user with write access to /tmp could delete or modify another user’s files.
Solution: The sticky bit is applied to /tmp by default, ensuring that only the file owner or the system admin can delete or rename files.
Proof :

What is Umask in Linux?

Umask (short for user file-creation mode mask) is used by UNIX-based systems to set default permissions for newly created files and directories. It does this by masking or subtracting these permissions. For example, with the usual Umask being set to 022 on most systems all the new files we create will subtract the Umask value from full permissions (for files that would be 666 – 022 = 644 and for directories that would be 777 -022 = 755). Umask can be expressed in octal or symbolic values.

IMPORTANT OBSERVATIONS :

When I create files using sudo, the permissions are 755 for directories and 644 for files; but when I create them in the normal way, the permissions are 775 for directories and 664 for files.

The reason is pretty simple :-

umask for ubuntu : 0002 and umask for root : 0022

Access Control Lists (ACL)

What are ACLs?

ACLs are used to manage file and directory permissions in Linux.
They allow you to give specific permissions to individual users or groups, even if they aren't part of the file's main owner or group. This is more flexible than regular permissions.

Why Use ACLs?

If a user isn't in a certain group but you want them to have read or write access to a file, ACLs help you do this without changing the user's group.

Basic Commands

setfacl: Used to set or modify permissions for files or directories.
getfacl: Used to view the current permissions of files or directories.

Example:

To view the ACL for a file, you can run:
```
 getfacl test/declarations.h
```
Output might look like:
```
 # file: test/declarations.h
 # owner: mandeep
 # group: mandeep
 user::rw-
 group::rw-
 other::r--
```
This shows the permissions for the file declarations.h, with rw- for the user and group.

Common ACL Commands

To add permissions for a specific user:
```
 setfacl -m u:user:permissions /path/to/file
```
Example:
```
 setfacl -m u:mandeep:rwx test/declarations.h
```
This adds read, write, execute permissions to the user mandeep.

To add permissions for a group:

 setfacl -m g:group:permissions /path/to/file

Example:

 setfacl -m g:staff:rw- test/declarations.h

This gives read, write permissions to the staff group.

To allow new files or directories to inherit ACL permissions:
```
 setfacl -dm "entry" /path/to/dir
```
Example:
```
 setfacl -dm u:dummy:rw test
```
This sets a default permission for new files in the test directory, so any new file gets read and write access for the dummy user.
To remove a specific ACL entry:
```
 setfacl -x "entry" /path/to/file
```
To remove all ACL entries:
```
 setfacl -b /path/to/file
```
After removing ACL, use getfacl again to see that no extra permissions are shown.

Understanding `chattr` in Linux

The chattr (short for change attribute) command is used to modify file attributes in Linux. These attributes provide additional layers of control and protection for files and directories beyond the standard file permissions (read, write, execute).

Why Use `chattr`?

Sometimes, you want to:

Protect a file from being deleted or modified, even by the root user.
Prevent accidental changes to critical files.
Enable special behaviors like appending data only.

chattr helps achieve these goals by setting special attributes on files.

Key Attributes Used with `chattr`

+i (Immutable):
- Makes the file immutable, meaning it cannot be edited, deleted, or renamed.
- Even root cannot modify it unless the immutable attribute is removed.
+a (Append-only):
- Restricts modifications to appending data only.
- Useful for log files to prevent overwriting.
- (Remove attribute):
- Removes the specified attribute.

Examples of Using `chattr`

1. Make a File Immutable (`+i`)

Protect a critical file (e.g., /etc/passwd) from accidental changes:

sudo chattr +i /etc/passwd

Now, even if you try to delete or modify /etc/passwd, you’ll get an error:

To remove the immutable attribute:

sudo chattr -i /etc/passwd

2. Set Append-only Mode (`+a`)

Allow only appending to a log file (e.g., /var/log/syslog):

sudo chattr +a /var/log/syslog

You can append data, but overwriting or truncating the file is not allowed.

To remove the append-only attribute:

sudo chattr -a /var/log/syslog

3. Check File Attributes

Use the lsattr command to see the current attributes of a file or directory:

lsattr /etc/passwd

Example output:

The i indicates the file is immutable.

4. Apply Attributes to Directories

Make a directory immutable to protect all files inside it:

sudo chattr +i /my_directory

Files within the directory cannot be created, deleted, or renamed.

To remove the attribute:

sudo chattr -i /my_directory

SERVICES IN LINUX :

The systemctl list-units command is used to display a list of currently active systemd units (services, targets, devices, etc.) on a Linux system.

To get a list of all active services on your system, you can run the following command:

systemctl list-units --type=service --state=active

To check the status of a service : systemctl status chrony.service

So, we see above that the chrony service is active(running).

We can stop that using the command systemctl stop chrony.service.

But remember, the service which we have stopped above is just temporarily stopped. It will restart if we reboot our system.

Proof :

If we want to disable the service permanently then we shall use the commands:

systemctl stop chrony.service and then , systemctl disable chrony.service .

We can see above the keyword “disabled”.

Now, we can temporarily start the service by using systemctl start chrony.service command.

We can see above that although it’s active(running) but the keyword “disabled” is still there . It means if we reboot the system then automatically the chrony service will be inactive.

Thus, If we want to enable the service permanently then we shall use the commands:

systemctl start chrony.service and then , systemctl enable chrony.service .

Note: Whenever we make internal changes to any service, it is essential to restart the service; otherwise, the changes won’t take effect. There are two common ways to restart a service:

Use the commands:

 systemctl stop <service>  
 systemctl start <service>

Use the single command:
```
 systemctl restart <service>
```

Issue with Restarting:
The problem with both methods is that they change the Process ID (PID) of the service. This can cause a disruption, potentially leading to disconnection from clients. To avoid this issue, we use the reload command instead, which applies changes without restarting the service or altering the PID.

Handling Disturbances Between Services:
Sometimes, one service may interfere with another, or you may need to stop a service temporarily or permanently. However, after rebooting the system, the service might automatically start again.

To prevent this, you can use the mask command:

systemctl mask <service>

Effect of Masking: Once masked, the service cannot be started even with the systemctl start command.
To Re-enable: To start the service again, you need to unmask it:
```
  systemctl unmask <service>
```

Automatically Restarting Services in Linux

In Linux, you can configure services to restart automatically if they are killed or crash. This ensures critical services remain available, reducing downtime and avoiding issues for users who depend on them.

Why Do We Need This?

Example Scenario: Imagine a remote developer is working on a server using SSH, and the SSH service (sshd) crashes or is killed. If it doesn’t restart automatically, the developer won’t be able to reconnect and will face difficulties manually restarting the service.
To avoid such situations, you can configure the service to restart itself automatically after it fails or is killed.

How to Configure Automatic Restart

Default Behavior in Some Systems:
- In CentOS, for example, the SSH service (sshd) automatically restarts after 42 seconds if killed, as it's configured with restart settings by default.
Customizing the Restart Behavior:
- On Ubuntu (or other Linux distributions), you can configure a service to restart automatically by doing some changes.

Steps to Configure Automatic Restart:

Navigate to the Service File:

 cd /etc/systemd/system/multi-user.target.wants/

Edit the Service File: Open the desired service file for editing :
```
 sudo vim cron.service
```
Add or Modify Restart Settings: Inside the [Service] section of the file, add or modify the following lines:
```
 Restart=on-failure
 RestartSec=30s
```
- Restart=on-failure: Ensures the service restarts automatically if it exits with an error or is killed.
- RestartSec=30s: Sets the delay (30 seconds) before the service is restarted.
Reload and Restart Systemd: After editing, reload the configuration and restart the service:
```
 sudo systemctl daemon-reload
 sudo systemctl restart <service>
```
RESULTS :

Now even after killing this service , it automatically restarts after 30 seconds :-

CONCLUSION : By setting up automatic restarts, you safeguard your server’s availability and reduce the risk of downtime caused by accidental or intentional service interruptions.

Understanding SSH in Linux :

SSH (Secure Shell) is a protocol used to securely connect to a remote computer or server over a network. It allows users to execute commands, transfer files, and manage systems remotely while ensuring data security through encryption.

Basic SSH Commands

Ping: Test if the remote machine is reachable.
```
 ping <ip_address>
```
Example:
Check Network Interfaces:
```
 ifconfig
```
Example:

Displays IP addresses and network details of your system.
Connect to a Remote Machine:
```
 ssh <username>@<ip_address>
```
Example:
```
 ssh user1@192.168.1.10
```
Enter the password for user1 to access the remote machine.
Connect as Root (Not recommended directly):
```
 ssh root@<ip_address>
```
Example:
```
 ssh root@192.168.1.10
```
This requires the root password.

Industry practices:

Imagine a server shared by 100 remote employees. Managing 100 unique users is challenging. It’s difficult for every user to have their own account & login credentials.
Instead, a common user (e.g., common) is created for all employees to log in remotely:
```
  ssh common@<ip_address>
```
Why avoid direct root login?
- Root credentials are sensitive. Exposing them over the internet is risky.
- Logging in as a common user and switching to root (sudo su ) on the server ensures better security.
- So whenever a linux server is being prepared in companies ; they make it sure that no one can directly do ssh root login . BUT HOW ?? Let’s learn below :
Restricting Root SSH Access

To enhance security, companies often block root SSH access:
1. Edit the SSH configuration file:
```
 vim /etc/ssh/sshd_config
```
2. Locate the line:
```
 PermitRootLogin yes
```
3. Change it to:
```
 PermitRootLogin no
```
4. Save the file (:wq) and reload the SSH service:
```
 systemctl reload sshd
```

Now, root login via SSH will be denied. Users must log in as a normal user first and switch to root if needed.

Managing User Access

Allow Specific Users

Edit the SSH configuration:
```
 vim /etc/ssh/sshd_config
```
Add the line:
```
 AllowUsers user1 user3
```
Save and reload the SSH service:
```
 systemctl reload sshd
```

Now, only user1 and user3 can SSH into the server.

Deny Specific Users

In the same file, add:
```
 DenyUsers user2
```
Save and reload:
```
 systemctl reload sshd
```

Now, all users except user2 can SSH into the server.

Real-World Scenario

A company sets up a Linux server and creates a common user:
```
 useradd common
 passwd common
```
All employees SSH into the server using:
```
 ssh common@<ip_address>
```
Once logged in, employees use:
```
 sudo su
```
to gain root privileges.

Observation

If a machine has users user1, user2, and user3, you can:

 ssh user1@192.168.1.10
 ssh user2@192.168.1.10
 ssh user3@192.168.1.10

If you attempt to log in as a user who doesn’t exist (e.g., user4):
```
 ssh user4@192.168.1.10
```
You’ll get:
```
 Permission denied
```

Scenario:

Imagine there’s a data center with a Linux server where various applications are running. Different teams like developers, testers, and monitoring teams need access to this server to do their work (e.g., testers testing the apps). Since everyone works remotely, they log in using SSH.

Now let’s look at how this works using an example with Harry (a developer):

What is SSH?

SSH (Secure Shell) is a way to connect to another computer (like a server) securely. It lets you log in and work on the server as if you were sitting right in front of it.

How Harry Logs into the Server

When Harry is in the Office (Private Network)
If Harry is in the same office (data center network), he can easily log in using this command:
```
 ssh username@server_ip
```
Example:
```
 ssh harry@192.168.1.10
```
Here, Harry enters his password to access the server. This is called password-based authentication and works fine because the office network is secure.
When Harry is Outside the Office (Public Network)
If Harry is at an airport or working from home, he first connects to the office’s private network using a VPN. Then he uses the same SSH command:
```
 ssh username@server_ip
```

Why Passwords Are a Problem

Public Network Risks
If Harry uses a password to log in from a public network, a hacker could try to steal it. Even though SSH encrypts passwords, it’s still a risk on public networks.
Automating Tasks
Suppose Harry writes a script to automate daily tasks on the server. If the script includes his password, anyone who gets the script can log into the server. This is unsafe.

The Solution: Key-Based Authentication

Instead of passwords, Harry can use keys to log in. If the system is linux-based , then Harry can create keys with ssh-keygen command . In case of Windows , putty is being used for this purpose.

A private key stays on Harry’s computer (like a secret).
A public key goes to the server.

Steps to Set Up Key-Based Authentication

Step 1: Harry Generates Keys

On his computer, Harry runs:

ssh-keygen

This creates two files:

id_rsa: The private key (Harry keeps this safe).
id_rsa.pub: The public key (Harry shares this with the server admin, let’s name him as Sanjay).

Step 2: Harry Shares the Public Key

Harry sends the id_rsa.pub file to Sanjay securely (e.g., email or a file-sharing tool or ).

Step 3: Sanjay Sets Up the Key on the Server

Suppose Harry wants root privileges. So, Sanjay logs into the server:
He creates a .ssh directory (if it doesn’t exist):
```
 mkdir -p /root/.ssh
 chmod 700 /root/.ssh
```

He adds Harry’s public key to the authorized_keys file:

 echo "contents_of_id_rsa.pub" >> /root/.ssh/authorized_keys
 chmod 600 /root/.ssh/authorized_keys

Harry’s id_rsa.pub :

Sanjay’s server :

Sanjay disables password-based login for security:
- Open the SSH config file:
```
  vim /etc/ssh/sshd_config
```
- Set this:
```
  PasswordAuthentication no
```
- Restart SSH:
```
  systemctl reload sshd
```

Step 4: Harry Logs In Using the Private Key

Now, Harry can log in without a password:

ssh -i ~/.ssh/id_rsa root@server_ip

Use “exit” command to Logout.

Why This Is Safer

Even if someone tries to hack into the server, they can’t log in without Harry’s private key.

Extra Security Measures

Restrict Login to Harry’s Laptop
In the authorized_keys file, Sanjay can add a restriction so the key works only from Harry’s laptop:
```
 from="IP Address of Harry's laptop" ....... (rest of the key)
```
Add a Passphrase to Harry’s Private Key
During key generation, Harry can add a passphrase for extra security.

Now, even if someone steals the private key, they need the passphrase to use it.
Rotate Keys Regularly
Harry and Sanjay can create new keys periodically to reduce the risk of misuse.

Changing the Default SSH Port for Enhanced Security

By default, the SSH service runs on port 22. This is well-known, so attackers often target it to attempt unauthorized access. To make the server more secure, many organizations change the default SSH port to a custom port.

Why Change the SSH Port?

Reduce Automated Attacks: Hackers often use scripts to scan servers running on port 22. Using a custom port makes it harder for these scripts to find your SSH service.
Added Layer of Security: Though not foolproof, changing the port is a good practice to complement other security measures.

How to Change the Default SSH Port

Step 1: Check the Current SSH Port

You can verify if SSH is running on port 22 using this command:

netstat -tulnp | grep 22

This shows if the server is listening on port 22.

Step 2: Open the SSH Configuration File

Edit the SSH configuration file:

vim /etc/ssh/sshd_config

Step 3: Change the Port Number

Find the line that says:
```
 #Port 22
```
Uncomment it by removing the # and replace 22 with your custom port number (e.g., 2222):
```
 Port 2222
```

Step 4: Save and Reload the SSH Service

Save the file (:wq in vim).
Reload or restart the SSH service for changes to take effect:
```
 systemctl reload sshd
```

Step 5: Verify the New Port

Check if SSH is now listening on the new port using this command:

netstat -tulnp | grep ssh

You’ll see SSH running on your new port (e.g., 2222).

Step 6: Update the SSH Command for Logging In

Since the SSH port has changed, users must specify the new port when logging in.
Example:

ssh root@server_ip -p 2222

Without specifying the port, the connection will fail because it defaults to port 22.

Important Notes

Firewall Configuration:
Ensure your firewall allows traffic on the new port. For example, if using ufw:
```
 sudo ufw enable
 sudo ufw allow 2222
 sudo ufw reload
 sudo ufw status
```
Keep Port 22 Temporarily Open:
While testing the new port, keep port 22 open in case of configuration issues. Once confirmed, disable port 22 access:
```
 ufw deny 22
```
Avoid Common Ports:
Choose a port number above 1024 that is not commonly used (e.g., avoid 80, 443). A good choice might be 2222 or 65000.
Make sure both the servers (my server and the target server ) shall have the configuration being changed to port 2222. Doing changes to just one server won’t help .

Linux Networking Basics with `nmcli` :

Linux networking can be simplified using nmcli (Network Manager Command Line Interface), a command-line tool to manage network connections.

Checking Existing Network Connections

To see all network connections on your system:

nmcli connection show

This lists all saved connections. For example:

Details of a Specific Connection

To see detailed settings of a connection:

nmcli connection show NAME

This shows settings like the IP address, gateway, DNS, and more.

Concepts of IP Address, Gateway, and DNS :

1. IP Address (Internet Protocol Address)

What is it?
An IP address is like your device's unique phone number on a network. It helps computers, phones, or any device talk to each other.

Example:
Imagine you live in a neighborhood, and your house has a unique address (like "123 Street Lane"). This is how people find your house. Similarly, devices have IP addresses so they can send and receive information.

Example IP: 192.168.1.10

2. Gateway

What is it?
A gateway is like the gate of your neighborhood that connects you to the outside world. It allows your device to communicate with devices outside your local network.

Example:
In your house, if you want to send a letter to a different city, you drop it off at the main gate (the gateway). The gateway then routes it to its destination.

Example Gateway: 192.168.1.1

3. DNS (Domain Name System)

What is it?
DNS is like a phonebook for the internet. It translates domain names (like google.com) into IP addresses (like 142.250.190.78) that computers understand.

Example:
If you want to call "John" on your phone, you don't memorize his number. Instead, you save his name, and your phone looks up the number for you. DNS works the same way for websites.

Without DNS, you'd need to type the IP address of every website instead of its name.

Easiest Practical Example:

Your laptop (IP: 192.168.1.10) wants to visit google.com.
It asks the DNS server: "What's the IP for google.com?"
DNS replies: "It's 142.250.190.78."
Your laptop sends the request via the gateway (192.168.1.1) to reach Google's server.

Steps to Configure a Network Connection with `nmcli`

1. Adding a New Connection

You can create a new network connection by assigning it a name, type (like Ethernet), device (interface name), and other properties like IP, gateway, and DNS.

Command:

nmcli connection add con-name <NAME> type <Type> ifname <DEVICE> autoconnect yes ipv4.address <IP_ADDRESS> ipv4.gateway <GATEWAY> ipv4.dns <DNS>

2. Checking the Connection

After adding the connection, check its status using:

nmcli connection show

What You’ll See:

If the connection is down, you need to bring it up.

3. Activating the Connection

To activate the connection:

nmcli connection up <NAME>

Result :

NOTE : The connection is now active but the previous connection (Wired connection 1) went down .

4. Modifying an Existing Connection

You can modify the IP address, gateway, or DNS of an existing connection.

Command to Modify IP Address:

nmcli connection modify <NAME> ipv4.addresses <NEW_IP_ADDRESS>

After modification, bring the connection up again:

nmcli connection up <NAME>

5. Deactivating and Deleting a Connection

To deactivate a connection:

nmcli connection down <NAME>

To delete a connection:

nmcli connection delete <NAME>

RESULT :-

Interesting Concept: Pinging Without DNS

What Happens Without DNS? If DNS is not configured, you won’t be able to resolve domain names (like google.com) to IP addresses. This makes it impossible to ping or connect to websites by name.

Workaround: Use /etc/hosts File

Open the /etc/hosts file:
```
 sudo vim /etc/hosts
```
Add the IP address and hostname you want to use:
```
 142.250.190.78   google.com
```
Save and exit the file.

Now you can ping google.com successfully because the system resolves the name using the /etc/hosts file.

If you want to share files between two systems (e.g., from a laptop in Singapore to a server in India), Linux provides simple and powerful tools: SCP (Secure Copy) and rsync. These commands allow you to transfer files between systems securely over a network.

Copying Local Data vs. Remote Data

cp Command: Used to copy files locally (within the same system).
scp and rsync Commands: Used to copy files or directories between two systems across a network.

1. SCP (Secure Copy Protocol)

What is SCP?
SCP is a command-line tool that securely transfers files or directories between systems using SSH (Secure Shell).

Syntax:

scp [options] <source> <destination>

Options:

-r: Copy directories (recursive).
-p: Preserve the original file's timestamps.
-P: Specify the port number (useful if the remote system runs SSH on a non-standard port).
-C: Compress the data during transfer to speed it up.
-F: Specifies an alternative SSH configuration file (useful for custom settings).

Examples:

Copy a File to a Remote Server:
```
 scp file.txt user@192.168.1.100:/home/user/
```
- file.txt: Source file on your local system.
- user@192.168.1.100: Remote system's username and IP.
- /home/user/: Destination directory on the remote system.

Copy a Directory to a Remote Server:

 scp -r my_folder user@192.168.1.100:/home/user/

Preserve File Timestamps:
```
 scp -p file.txt user@192.168.1.100:/home/user/
```
- Ensures the creation time on the source system matches the destination.
Specify a Custom SSH Port:
```
 scp -P 2222 file.txt user@192.168.1.100:/home/user/
```
- Useful if the server uses a non-default SSH port (e.g., 2222).

Compress Data During Transfer:

 scp -C file.txt user@192.168.1.100:/home/user/

OBSERVATION :-

Source Machine :

Target Machine :

2. rsync

What is rsync?
rsync is an advanced tool for syncing files/directories between systems. Unlike SCP, it only transfers new or changed files, making it efficient for repetitive tasks.

Syntax:

rsync [options] <source> <destination>

Options:

-r: Copy directories (recursive).
-a: Archive mode (preserves permissions, timestamps, symbolic links).
-v: Verbose (shows detailed output).
-z: Compress data during transfer.
--progress: Displays the transfer progress.

Examples:

Copy a File to a Remote Server:

 rsync file.txt user@192.168.1.100:/home/user/

Copy a Directory to a Remote Server:

 rsync -r my_folder user@192.168.1.100:/home/user/

Efficient Sync (Only Transfer New/Changed Files):
```
 rsync -a my_folder user@192.168.1.100:/home/user/
```
- Saves bandwidth and time as it skips already-existing files.

Compressed Transfer:

 rsync -z my_folder user@192.168.1.100:/home/user/

Show Progress During Transfer:

 rsync -avz --progress my_folder user@192.168.1.100:/home/user/

OBSERVATION :-

Source Machine :

Target Machine :

Linux Commands

rm -r: Remove directories recursively

rm -d: Remove empty directories only

“rename” Command Examples :

1. Change File Extension:

2. Replacing a Part of a Filename:

3. Delete a Part of a Filename:

4. Rename Files with Similar Names:

5. Rename Files Character-by-Character:

Important Notes :

y vs s in rename:

“Linux isn't an operating system . It's a kernel”:

Linux Directory Structure:

LINUX TIME MANAGEMENT :

1. System Clock vs. Hardware Clock

2. NTP (Network Time Protocol)

Chrony configuration file:

LINUX FILTER COMMANDS :

Examples

1. Extract Specific Characters:

2. Extract Specific Fields

3. Extract Multiple Fields

4. Extract Specific Bytes

5. Using --complement

USECASES:

Use Cases :-

1. Substitute Text (s) :

2. Delete Lines (d)

3. Print Specific Lines (p) :

4. Insert or Append Text:

5. Replace Text on a Specific Line

6. Change Text (c)

7. Multiple Commands

8. Edit In-Place { VERY IMPORTANT}

9. Apply Ranges

10. Substitute Using File {IMPORTANT}

1. more Command:

Examples

Viewing a File

Pipe Command Output

Navigating:

2. less Command

Examples

Viewing a File

Search for Text

Display Line Numbers

Pipe Command Output

Navigating

Examples

1. Search for a Simple String:

2. Case-Insensitive Search

4. Display Line Numbers

5. Count Matches

6. Display Only Matching Parts

7. Highlight Matches

8. Search Recursively in Directories

Examples

1. Find Files by Name

2. Case-Insensitive Name Search

3. Find Directories

4. Find Files by Extension

Advanced Usage

1. Find Files by Size

2. Find Files by Modification Time

3. Find Files by Permissions

4. Find Empty Files or Directories

User Management in Linux:

Types of Users in Linux

User Management Files

Common User Management Commands in Linux:

1. Adding a User

Command: sudo adduser username

Use Cases:

2. Deleting a User

Command: sudo userdel username

Examples:

Use Cases:

3. Modifying a User

Command: sudo usermod options username

Examples:

`rm -r`: Remove directories recursively

`rm -d`: Remove empty directories only

5. Using `--complement`

1. Substitute Text (`s`) :

2. Delete Lines (`d`)

3. Print Specific Lines (`p`) :

6. Change Text (`c`)

1. `more` Command:

2. `less` Command

Command: `sudo adduser username`

Command: `sudo userdel username`

Command: `sudo usermod options username`

Command: `passwd username`

Structure of `/etc/shadow`

How to Read the `/etc/shadow` File

Structure of `/etc/default/useradd`

Understanding the `/etc/group` File

Understanding the `/etc/gshadow` File

NOTE : In the `/etc/gshadow` file, the `` character in the second field represents that the group does not have a password set. This prevents users from joining the group temporarily by using the* `newgrp` command with a password.

What Does `setgid` Do?

How to Identify the `setgid` Bit?

Command to Set `setgid`

Example 2: `setgid` on Files

2. Add Users to `backupgroup`

`/tmp` Directory (Default Example)

Understanding `chattr` in Linux