# Linux File Editor

**What is a text editor?**
* A text editor is a program that enables you to create and manipulate character data (text) in a computer file.
* A text editor is not a word processor, although some text editors do include word processing facilities.
* Text editors often require "memorizing" commands in order to perform editing tasks.
* The more you use them, the easier it becomes.
* There is a "learning curve" in most cases, though.

**There are several standard text editors available on most LINUX systems.**
* `ed` - standard line editor.
* `ex` - extended line editor.
* `vi` - a visual editor; full screen; uses `ed`/`ex` line-mode commands for global file editing.
* `sed` - stream editor for batch processing of files.

**In addition to these, other local "favorites" may be available**:
* `emacs` - a full-screen editor and much more.
* `pico` - an easy "beginner's" editor.
* lots of others.

Our **editor = vi** (available in almost every Linux distribution)

# Introduction to vi Editor

**vi supplies commands for**:
* inserting and deleting text
* replacing text
* moving around the file
* finding and substituting strings
* cutting and pasting text
* reading and writing to other files

**vi uses a "buffer"**
* While using vi to edit an existing file, you are actually working on a copy of the file that is held in a temporary buffer in your computer's memory.
* If you invoked vi with a new filename (or no file name), the contents of the file only exist in this buffer.
* Saving a file writes the contents of this buffer to a disk file, replacing its contents.
* You can write the buffer to a new file or to some other file.
* You can also decide not to write the contents of the buffer and leave your original file unchanged.

**vi operates in two different "modes":**
* **Command mode**
    * VI starts up in this mode
    * Whatever you type is interpreted as a command, not text to be inserted into the file.
    * The mode you need to be in if you want to "move around" the file.
* **Insert mode**
    * This is the mode you use to type (insert) text.
    * There are several commands that you can use to enter this mode.
    * Once in this mode, whatever you type is interpreted as text to be included in the file.
    * You cannot "move around" the file in this mode.
    * Must press the `ESC` (escape) key to exit this mode and return to command mode.

**Entering vi**:
* `vi filename`  - The filename can be the name of an existing file or the name of the file you want to create.
* `view filename` - Starts vi in "read only" mode. Allows you to look at a file without the risk of altering its contents.

**Most common keys**:
* `i` – insert
* `Esc` – Escape out of any mode
* `:q!` – quit without writing/saving
* `:wq!` – quit with write & save
* `r` – replace a single character
* `d` – delete entire line
* `x` - delete a single character
* `u` - undo
* `/<search_characters>` - for searching characters

# Difference Between vi and vim Editor

* As far as functionality is concerned, both editors work in the same manner.
* Which editor you choose is a matter of personal choice.
* Some people recommend learning the Vim editor instead of the vi editor.
* Due to added features, learning and using the Vim editor is much easier than the vi editor.
* Since Vim is based on Vi, when you learn how to use the Vim editor, you will automatically learn how to use the vi editor.
* Vim has all the features of vi with some excellent additions.
* There's also a comprehensive help system and lots of customization options available.

![image.png](attachment:a772df9c-d9ff-4a3a-9bf9-d8ddf0e9e814.png)

**There are many websites that offer free Vim interactive training**:
* `https://www.openvim.com/`
* `http://www.vimgenius.com`
* `https://vim-adventures.com/ (Games)`

# `sed` command

* Replace a string in a file with a new string.
* Find and delete a line.
* Remove empty lines.
* Remove the first or **n** lines in a file.
* To replace tabs with spaces.
* Show defined lines from a file.
* Substitute within the vi editor.
* And much more…

> Note:
> * `sed` command fetches the data from the file at runtime, modifies its contents, and displays it on the screen.
> * It doesn't actually modify the file; the file will be remain unchanged.

```bash
sed 's/Kenny/Lenny/g' filename       # substitute all occurrences (g - globally at all places) of "Kenny" to "Lenny"

sed 's/Kenny//g' filename            # substitute all occurrences (g - globally at all places) of "Kenny" with an empty character (equivalent to a delete operation)

sed '/Seinfield/d' filename          # delete all occurrences of "Seinfeld" 

sed '/^$/d' filename                 # delete empty lines using regex

sed '1d' filename                    # remove the first line of the file

sed '1,2d' filename                  # remove the first two lines of the file

sed 's/\t/ /g' filename              # substitute all tabs with spaces
sed 's/ /\t/g' filename              # substitute all spaces with tabs

sed -n 12,18p filename               # print lines 12-18 of the file

sed 12,18d filename                  # print all lines except 12-18 of the file

sed G filename                       # add space between every line

sed '8!s/Seinfield/S/g' filename     # substitute "Seinfield" with "S" except 8th Seinfield

# To persist the changes in the file, use the `-i` option

sed -i 's/\t/ /g' filename              # substitute all tabs with spaces
sed -i 's/ /\t/g' filename              # substitute all spaces with tabs
```

# User Account Management

**COMMANDS**
* **`useradd [options] username`**:
    * To create a new user in Linux.
    * Different options can be used to modify userId, home directory, etc.
    * It edits `/etc/passwd`, `/etc/shadow`, `/etc/group`, and `/etc/gshadow` files for the newly created User account.
    * Creates and populates a home directory for the new user.
    * Sets permissions and ownerships to the home directory.
* **`groupadd [options] groupname`**: Creates a new group.
* **`userdel [options] username`**:
    * This command is used to delete the user.
    * Please note that this command alone will not delete the user's home directory.
    * You will have to use option `–r` to delete the user's home directory.
* **`groupdel [options] groupname`**: Removes an existing group.
* **`usermod [options] username`**: Modify user attributes such as user home directory, user group, user ID, etc.

**Files** conatining user & group details for management:
* `/etc/passwd`:
    * A plain text file that stores essential information about user accounts on a system.
    * It is a colon-separated file, where each line represents a user and contains fields like username, user ID, group ID, user information, home directory, and login shell.
* `/etc/group`: All group and user group information.
* `/etc/shadow`: This file contains encrypted user passwords and password policy.


**Example**:

```bash
useradd spiderman
id spiderman        # To verify user 'spiderman' is created
cd /home/           # Check 'spiderman' home directory

groupadd superheros
cat /etc/group      # To verify the group 'superheros' is created

userdel -r spiderman   # The -r is for deleting the home directory too

groupdel spiderman

usermod -G superheros spiderman # assigning 'superheros'  to 'spiderman' user 

# Practically used command
useradd –g superheros –s /bin/bash –c “user description” –m –d /home/spiderman spiderman
```

## 10 Basic Usage of `useradd` Commands

**1. How to Add a New User in Linux**

```bash
[root@localhost ~]# useradd kiranmoy
```

* When we add a new user in Linux with the **`useradd`** command, it gets created in a locked state.
* To unlock that user account, we need to set a password for that account with the **`passwd`** command.

```bash
[root@localhost ~]# passwd kiranmoy
Changing password for user kiranmoy.
New LINUX password:
Retype new LINUX password:
passwd: all authentication tokens updated successfully
```

* Once a new user is created, it’s entry automatically added to the `/etc/passwd` file. 
* The file is used to store users' information, and the entry should be.

```bash
kiranmoy:x:504:504:kiranmoy:/home/kiranmoy:/bin/bash
```

The above entry contains a set of seven colon-separated fields, each of which has its own meaning. Let’s see what these fields are.
* **Username**:
    * User login name used to log in to the system.
    * It should be between 1 to 32 characters long.
* **Password**: User password (or `x` character) stored in `/etc/shadow` file in encrypted format.
* **User ID (UID)**:
    * Every user must have a User ID (UID), **User Identification Number**.
    * By default, UID `0` is reserved for the root user, and UIDs ranging from `1-99` are reserved for other predefined accounts.
    * Further UID’s ranging from `100-999` are reserved for system accounts and groups.
* **Group ID (GID)**: The primary Group ID (GID) **Group Identification Number** stored in `/etc/group` file.
* **User Info**:
    * This field is optional and allows you to define extra information about the user.
    * For example, the user's full name.
    * This field is filled by the `finger` command.
* **Home Directory**: The absolute location of the user’s home directory.
* **Shell**: The absolute location of a user’s shell, i.e., `/bin/bash`.

---

**2. Create a User with a Different Home Directory**

* By default `useradd` command creates a user’s home directory under the `/home` directory with the **username**.
* Thus, for example, we’ve seen above that the default home directory for the user **kiranmoy** is `/home/kiranmoy`.
* However, this action can be changed by using the `-d` option along with the location of the new home directory (i.e., `/home/newusers`).
* For example, the following command will create a user ‘kiranmoy‘ with a home directory `/home/newusers`.

```bash
[root@localhost ~]# useradd -d /home/newusers kiranmoy
```
You can see the user's home directory and other user-related information like user ID, group ID, shell, and comments.

```bash
[root@localhost ~]# cat /etc/passwd | grep kiranmoy
kiranmoy:x:505:505::/home/newusers:/bin/bash
```

---

**3. Create a User with Specific User ID**

* In Linux, every user has their own **UID** (Unique Identification Number).
* By default, whenever we create a new user account in Linux, it assigns a userid 500, 501, 502, and so on.
* But, we can create users with a custom userid with the `-u` option.

For example, the following command will create a user `navin` with a custom userid **999**.
```bash
[root@localhost ~]# useradd -u 999 navin
```

Now, let’s verify that the user was created with a defined userid (**999**) using the following command.
```bash
[root@localhost ~]# cat /etc/passwd | grep solider
navin:x:999:999::/home/solider:/bin/bash
```

> ***NOTE**: Make sure the value of a user ID is unique from any other already created users on the system.*

---

**4. Create a User with Specific Group ID**

* Similarly, every user has their own GID (**Group Identification Number**).
* We can create users with specific group IDs as well, with the `-g` option.

Here in this example, we will add a user **‘tarunika‘** with a specific UID and GID simultaneously with the help of `-u` and `-g` options.
```bash
[root@localhost ~]# useradd -u 1000 -g 500 tarunika
```

Now, see the assigned user ID and group ID in the `/etc/passwd` file.

```bash
[root@localhost ~]# cat /etc/passwd | grep tarunika
tarunika:x:1000:500::/home/tarunika:/bin/bash
```

---

**5. Add a User to Multiple Groups**

* The `-G` option is used to add a user to additional groups.
* Each group name is separated by a comma, with no intervening spaces.

Here in this example, we are adding a user **‘soldier‘** into multiple groups like `admins`, `webadmin`, and developer.
```bash
[root@localhost ~]# useradd -G admins,webadmin,developers soldier
```

Next, verify that the multiple groups assigned to the user are listed with the `id` command.
```bash
[root@localhost ~]# id solider

uid=1001(solider) gid=1001(solider)
groups=1001(solider),500(admins),501(webadmin),502(developers)
context=root:system_r:unconfined_t:SystemLow-SystemHigh
```

---

**6. Add a User without Home Directory**

In some situations, we don’t want to assign a home directory for a user, due to some security reasons. 
* In such a situation, when a user logs into a system that has just restarted, their home directory will be root. 
* When such a user uses the `su` command, their login directory will be the previous user's home directory.

To create users without their home directories, `-M` is used. For example, the following command will create a user **‘shilpi‘** without a home directory.

```bash
[root@localhost ~]# useradd -M shilpi
```

Now, let’s verify that the user is created without a home directory, using the `ls` command.
```bash
[root@localhost ~]# ls -l /home/shilpi
ls: cannot access /home/shilpi: No such file or directory
```

---

**7. Create a User with Account Expiry Date**

By default, when we add users with the `useradd` command user account never expires, **i.e, their expiry date is set to `0`** (meaning never expired).
* However, we can set the expiry date using the `-e` option, which sets the date in `YYYY-MM-DD` format. 
* This is helpful for creating temporary accounts for a specific period of time.

Here in this example, we create a user **aparna** with account expiry date, i.e., `27th April 2014` in **YYYYMM-DD** format.
```bash
[root@localhost ~]# useradd -e 2014-03-27 aparna
```

Next, verify the age of the account and password with the `chage` command for the user **aparna** after setting the account expiry date.

```bash
[root@localhost ~]# chage -l aparna

Last password change: Mar 28, 2014
Password expires: never
Password inactive: never
Account expires: Mar 27, 2014
Minimum number of days between password change: 0
Maximum number of days between password change: 99999
Number of days of warning before password expires: 7
```

---

**8. Create a User with Password Expiry Date**

* The `-f` argument is used to define the number of days after a password expires. 
* A value of `0` inactive the user account as soon as the password has expired.
* By default, the password expiry value set to `-1` means never expire.

Here in this example, we will set an account password expiry date, **i.e., 45 days on a user's `soldier` using `-e` and `-f` options**.

```bash
[root@localhost ~]# useradd -e 2014-04-27 -f 45 solider
```

---

**9. Add a User with Custom Comments**

* The `-c` option allows you to add custom comments, such as the user’s full name, phone number, etc, to the `/etc/passwd` file. 
* The comment can be added as a single line without any spaces.

For example, the following command will add a user **mansi** and would insert that user’s full name, Manis Khurana, into the comment field.

```bash
[root@localhost ~]# useradd -c "Manis Khurana" mansi
```

You can see your comments in the `/etc/passwd` file in the comments section.

```bash
[root@localhost ~]# tail -1 /etc/passwd
mansi:x:1006:1008:Manis Khurana:/home/mansi:/bin/sh
```

---

**10. Change User Login Shell**

Sometimes, we add users which has nothing to do with the login shell, or sometimes we need to assign different shells to our users. We can assign different login shells to each user with the `-s` option.

Here in this example, we will add a user **‘soldier‘** without a login shell, i.e., `/sbin/nologin` shell.
```bash
[root@localhost ~]# useradd -s /sbin/nologin solider
```

You can check the assigned shell to the user in the `/etc/passwd` file.
```bash
[root@localhost ~]# tail -1 /etc/passwd
solider:x:1002:1002::/home/solider:/sbin/nologin
```


## Part II – 5 Advance Usage of `useradd` Commands

**11. Add a User with Specific Home Directory, Default Shell and Custom Comment**

The following command will create a user **‘ravi‘** with home directory `/var/www/soldier`, default shell `/bin/bash`, and add extra information about the user.
```bash
[root@localhost ~]# useradd -m -d /var/www/ravi -s /bin/bash -c "Solider Owner" -U ravi
```

* In the above command `-m -d` option creates a user with the specified home directory, and the `-s` option sets the user’s default shell, i.e., `/bin/bash`. 
* The `-c` option adds the extra information about the user, and the `-U` argument creates/adds a group with the same name as the user.

---

**12. Add a User with Home Directory, Custom Shell, Custom Comment, and UID/GID**

The command is very similar to above, but here we are defining shell as `/bin/zsh` and custom **UID** and **GID** to a user **‘tarunika‘**.

Where `-u` defines a new user’s UID (i.e., 1000) and `-g` defines GID (i.e., 1000).

```bash
[root@localhost ~]# useradd -m -d /var/www/tarunika -s /bin/zsh -c "Solider Technical Writer" -u 1000 -g 1000 tarunika
```

---

**13. Add a User with Home Directory, No Shell, Custom Comment, and User ID**

The following command is very similar to the above two commands; the only difference is here, that we are disabling the login shell for a user called **‘avishek‘** with a custom User ID (i.e., 1019).
* Here `-s` option adds the default shell `/bin/bash`, but in this case we set login to `/usr/sbin/nologin`. 
* That means user ‘avishek‘ will not be able to log in to the system.

```bash
[root@localhost ~]# useradd -m -d /var/www/avishek -s /usr/sbin/nologin -c "Soldier Sr. Technical Writer" -u 1019 avishek
```

---

**14. Add a User with Home Directory, Shell, Custom Shell/Comment, and User ID**

* The only change in this command is, we used the `-k` option to set a custom skeleton directory, i.e., `/etc/custom.skell`, not the default one `/etc/skel`. 
* We also used the `-s` option to define a different shell, i.e., `/bin/tcsh`, to the user **navin**.

```bash
[root@localhost ~]# useradd -m -d /var/www/navin -k /etc/custom.skell -s /bin/tcsh -c "No Active Member of Soldier" -u 1027 navin
```

---

**15. Add a User without Home Directory, No Shell, No Group, and Custom Comment**

The following command is very different than the other commands explained above. Here we used the `-M` option to create a user without a user’s home directory, and the `-N` argument is used, which tells the system to only create the username (without group). The `-r` argument is for creating a system user.

```bash
[root@localhost ~]# useradd -M -N -r -s /bin/false -c "Disabled Soldier Member" clayton
```

# Enable Password Aging

## The `/etc/login.def` File

The `chage` command – per user

**Example**:

```bash
chage [-m mindays] [-M maxdays] [-d lastday] [-I inactive] [-E expiredate] [-W warndays] user
```

**File = `/etc/login.defs`** - This file defines the default settings for controlling password ageing for each user.

```bash
PASS_MAX_DAYS 99999
PASS_MIN_DAYS 0
PASS_MIN_LEN 5
PASS_WARN_AGE 7
```

## The `chage` Command

The `chage` command – per user

**Syntax**
```
chage [-d lastday] [-m mindays] [-M maxdays] [-W warndays] [-I inactive] [-E expiredate] user
```
* `-d = 3`. **Last password change (lastchanged)**: Days since Jan 1, 1970 that password was last changed
* `-m = 4`. **Minimum**: The minimum number of days required between password changes, i.e., the number of days left before the user is allowed to change his/her password
* `-M = 5`. **Maximum**: The maximum number of days the password is valid (after that, the user is forced to change his/her password)
* `-W = 6`. **Warn**: The number of days before the password is to expire, the user is warned that his/her password must be changed
* `-I = 7`. **Inactive**: The number of days after the password expires that the account is disabled
* `-E = 8`. **Expire**: days since Jan 1, 1970, that the account is disabled, i.e., an absolute date specifying when the login may no longer be used.

**Syntax**
```
chage -m 0 -M 90 user -W 10 -I 3 babubutt
```
* `babubutt` is the user here.
* `-m = 0`. **Minimum**: Here, there is no restriction on changing the password; the user can change it anytime. But, if `-m=5` then the user has to wait for **minimum 5 days** before they can change the password.
* `-M = 90`. **Maximum**: Here, he maximum number of days the password is valid is **90 days** (after that, the user is forced to change his/her password)
* `-W = 10`. **Warn**: Here, the system will start warning the user that his/her password must be changed **10 days before the password expiry date**.
* `-I = 3`. **Inactive**: Here, after 3 days of password expiry, the account will be disabled.

To check the updated password ageing policy of user `babubutt`:
```bash
grep babubutt /etc/shadow
```


# Switch Users and sudo Access

**Commands**
* `su – username`
* `sudo` command
* `visudo`

**Switch Users**: Following is the user switch command that can be used to switch from one user to another.
* `su - username`:
    * `su -` invokes a login shell after switching the user.
    * A login shell resets most environment variables, providing a clean base.
* `su username`: Just switches the user, providing a normal shell with an environment nearly the same as with the old user.

**Sudo Access**:
* `sudo command-name`: The above command **`sudo command-name`** will run any command owned and authorized by the root account as long as that user is authorized to run it in the `/etc/sudoers` file.

**File**: `/etc/sudoers`
* The `/etc/sudoers` file is a critical configuration file in Linux and Unix-like systems that defines which users or groups can execute commands with elevated privileges using the sudo command. 
* It essentially acts as a security policy, specifying who can perform what actions on the system and under what circumstances. 
* The `/etc/sudoers` file should never be edited directly using a regular text editor like **vi** or **nano**. 
* Instead, it must be edited using the `visudo` command. 
* The `visudo` provides a safe way to edit the file, checking for syntax errors before saving the changes, which helps prevent accidental lockouts or system instability.

The file defines rules that specify:
* **Who**: Which users or groups can execute commands. 
* **What**: The specific commands they are allowed to run. 
* **As who**: The user or users whose privileges they can assume (e.g., root, other users). 
* **Host**: On which hosts can these commands be executed. 

**`sudoers.d` directory**:
* In addition to the main `/etc/sudoers` file, there is also a directory called `/etc/sudoers.d`.
* This directory can contain additional configuration files that are included in the main **sudoers** file.
* It's often recommended to create new entries in this directory rather than directly editing the main file. 

**Example**:
```bash
su -               # to change into root user
su - spiderman      # to change to spiderman user

visudo             # to modify the `/etc/sudoers` file for permissions

# To add user to 'wheel' group so that the user can execute all commands. The ''wheel' group has the permission to execute all commands.
usermod -aG wheel iafzal

# Check whether iafzal user is added to 'wheel' group
grep iafzal /etc/group
```

# Configuring `sudo` Access

**1. Log in to the system as the `root` user.**

**2. Create a normal user account using the useradd command.**

Replace USERNAME with the user name that you wish to create.
```bash
# useradd USERNAME
```

**3. Set a password for the new user using the passwd command.**

```bash
# passwd USERNAME
Changing password for user USERNAME.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
```

**4. Run the `visudo` to edit the `/etc/sudoers` file.** 

This file defines the policies applied by the `sudo` command.
```bash
# visudo
```

**5. Find the lines in the file that grant sudo access to users in the group wheel when enabled.**

```bash
## Allows people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
```

**6. Remove the comment character (#) at the start of the second line. This enables the configuration option.**

**7. Save your changes and exit the editor.**

**8. Add the user you created to the wheel group using the usermod command.**

```bash
# usermod -aG wheel USERNAME
```

**9. Test that the updated configuration allows the user you created to run commands using `sudo`.**

Use the su to switch to the new user account that you created.
```bash
# su USERNAME -
```

Use the `groups` to verify that the user is in the `wheel` group.
```bash
$ groups
USERNAME wheel
```

Use the `sudo` command to run the `whoami` command. 
* As this is the first time you have run a command using `sudo` from this user account, the banner message will be displayed.
* You will also be prompted to enter the password for the user account.

```bash
$ sudo whoami

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.

[sudo] password for USERNAME:

root
```

The last line of the output is the user name returned by the `whoami` command. If `sudo` is configured correctly, this value will be `root`.
* You have successfully configured a user with `sudo` access. 
* You can now log in to this user account and use `sudo` to run commands as if you were logged in to the account of the `root` user.

# Monitor Users

The following are the basic user monitor commands:
* who
* last
* w
* finger
* id

## `who` command

As a Linux user, sometimes it is required to know some basic information like :
* Time of last system boot
* List of users logged in
* Current run level, etc

Though this type of information can be obtained from various files in the Linux system but there is a command line utility called `who` that does exactly the same for you. 
 
In this section, we will discuss the capabilities and features provided by the `who` command.

The basic syntax of the `who`command is : 
```bash
who [OPTION]... [ FILE | ARG1 ARG2 ]
```

**1. Get the information on currently logged-in users**

This is done by simply running the `who` command (without any options). 

Consider the following example:
```bash
$ who

iafzal tty7 2012-08-07 05:33 (:0)
iafzal pts/0 2012-08-07 06:47 (:0.0)
iafzal pts/1 2012-08-07 07:58 (:0.0)
```

**2. Get the time of the last system boot**

This is done using the `-b` option. 

Consider the following example:
```bash
$ who -b

system boot 2012-08-07 05:32
```

So we see that the above output gives the exact date and time of the last system boot.

**3. Get information on system login processes**

This is done using the `-l` option. 

Consider the following example:
```bash
$ who -l

LOGIN tty4 2012-08-07 05:32 1309 id=4
LOGIN tty5 2012-08-07 05:32 1313 id=5
LOGIN tty2 2012-08-07 05:32 1322 id=2
LOGIN tty3 2012-08-07 05:32 1324 id=3
LOGIN tty6 2012-08-07 05:32 1327 id=6
LOGIN tty1 2012-08-07 05:32 1492 id=1
```

So we see that information related to system login processes was displayed in the output.

**4. Get the hostname and user associated with stdin**

This is done using the `-m` option. 

Consider the following example:
```bash
$ who -m

iafzal pts/1 2012-08-07 07:58 (:0.0)
```

So we see that the relevant information was produced in the output.

**5. Get the current run level**

This is done using the `-r` option. 

Consider the following example:
```bash
$ who -r

run-level 2 2012-08-07 05:32
```
So we see that the information related to the current run level (which is 2) was produced in the output.

**6. Get the list of users logged in**

This is done using the `-u` option. 

Consider the following example:
```bash
$ who -u

iafzal tty7 2012-08-07 05:33 old 1619 (:0)
iafzal pts/0 2012-08-07 06:47 00:31 2336 (:0.0)
iafzal pts/1 2012-08-07 07:58 . 2336 (:0.0)
```

So we see that a list of logged-in users was produced in the output.

**7. Get the number of users logged in and their user names**

This is done using the `-q` option. 

Consider the following example:
```bash
$ who -q

iafzal iafzal iafzal
# users=3
```

So we see that information related to the number of logged-in users and their user names was produced in the output.

**8. Get all the information**

This is done using the `-a` option. 

Consider the following example:
```bash
$ who -a

system boot 2012-08-07 05:32
run-level 2 2012-08-07 05:32
LOGIN tty4 2012-08-07 05:32 1309 id=4
LOGIN tty5 2012-08-07 05:32 1313 id=5
LOGIN tty2 2012-08-07 05:32 1322 id=2
LOGIN tty3 2012-08-07 05:32 1324 id=3
LOGIN tty6 2012-08-07 05:32 1327 id=6
LOGIN tty1 2012-08-07 05:32 1492 id=1
iafzal + tty7 2012-08-07 05:33 old 1619 (:0)
iafzal + pts/0 2012-08-07 06:47 . 2336 (:0.0)
iafzal + pts/1 2012-08-07 07:58 . 2336 (:0.0)
```

So we see that all the information that `who` can print is produced in the output.

## `last` command

To find out when a **particular user last logged in** to the Linux or Unix server.

**Syntax**

The basic syntax is:
```bash
last
last [userNameHere]
last [tty]
last [options] [userNameHere]
```

* If no options are provided last command displays a list of all users logged in (and out).
* You can filter out results by supplying the names of users or terminals to show only those entries matching the **username/tty**.

**`last` command examples**

To find out who has recently logged in and out on your server, type:
```bash
$ last

root pts/1 10.1.6.120 Tue Jan 28 05:59 still logged in
root pts/0 10.1.6.120 Tue Jan 28 04:08 still logged in
root pts/0 10.1.6.120 Sat Jan 25 06:33 - 08:55 (02:22)
root pts/1 10.1.6.120 Thu Jan 23 14:47 - 14:51 (00:03)
root pts/0 10.1.6.120 Thu Jan 23 13:02 - 14:51 (01:48)root pts/0 10.1.6.120 Tue Jan 7 12:02 - 12:38 (00:35)
wtmp begins Tue Jan 7 12:02:54 2014
```

**List all users' last logged-in/out times**

The `last` command searches back through the `/var/log/wtmp` file, and the output may go back several months. 

Just use the less command or more command as follows to display output one screen at a time:
```bash
$ last | more
$ last | less
```

**List a particular user's last logged in**

To find out when user iafzal last logged in, type:
```bash
$ last iafzal
$ last iafzal | less
$ last iafzal | grep 'Thu Jan 23'
```

![image.png](attachment:4cb51848-dd72-41aa-92c6-16f5587b4b22.png)

**Hide hostnames (Linux only)**

To hide the display of the hostname field, pass `-R` option:
```bash
$ last -R
$ last -R iafzal
```

![image.png](attachment:52fe5337-d60a-40cc-ba5d-346e1cd091cb.png)

**Display complete login & logout times**

By default year is now displayed by the `last` command. 

You can force the `last` command to display full login and logout times and dates by passing `-F` option:
```bash
$ last -F
```

![image.png](attachment:8752dbbb-53bb-40b1-bcdc-c51db8944f94.png)


**Display full user/domain names**
```bash
$ last -w
```

**Display last reboot time**

The user's reboot logs in each time the system is rebooted. 

The following command will show a Log of all reboots since the log file was created:
```bash
$ last reboot
$ last -x reboot
```

**Display the last shutdown time**

Find out the system shutdown entries and run level changes:
```bash
$ last -x
$ last -x shutdown
```

**Find out who was logged in at a particular time**

The syntax is as follows to see the state of logins as of the specified time:
```bash
$ last -t YYYYMMDDHHMMSS
$ last -t YYYYMMDDHHMMSS userNameHere
```

## `w` command

**Options**
* **`-h`, `--no-header`**: do not print header
* **`-u`, `--no-current`**: ignore current process username
* **`-s`, `--short`**: short format
* **`-f`, `--from`**: show remote hostname field
* **`-o`, `--old-style`**: old style output
* **`-i`, `--ip-addr`**: display IP address instead of hostname (if possible)
* **`--help`**: display this help and exit
* **`-V`, `--version`**: output version information and exit

## `id` command

Print user and group information for the specified USER, or (when USER omitted) for the current user.-a ignore, for compatibility with other versions
* **`-Z`, `--context`**: print only the security context of the current user
* **`-g`, `--group`**: print only the effective group ID
* **`-G`, `--groups`**: print all group IDs
* **`-n`, `--name`**: print a name instead of a number, for -ugG
* **`-r`, `--real`**: print the real ID instead of the effective ID, with -ugG
* **`-u`, `--user`**: prints only the effective user ID
* **`-z`, `--zero`**: delimit entries with NUL characters, not whitespace; not permitted in the default format
* **`--help`**: display this help and exit
* **`--version`**: output version information and exit

# Talking to Users  

* users
* wall
* write

# Special Permissions with setuid, setgid and sticky bit

All permissions on a file or directory are referred to as bits.

![image.png](attachment:b837d359-2ac2-4bc1-b4bc-be619edfb391.png)

There are 3 additional permissions in Linux
* **setuid**: bit tells Linux to run a program with the effective user ID of the owner instead of the executor (e.g., `passwd` command) → `/etc/shadow`.
* **setgid**: bit tells Linux to run a program with the effective group ID of the owner instead of the executor (e.g., `locate` or `wall` command).
> Please note: This bit is present only for files that have executable permissions
* **sticky bit**: a bit set on files/directories that allows only the owner or root to delete those files

> NOTE:
> * **setuid**, **setgid** & **sticky bits** are not actual commands.
> * Special permission is represented as `s` in user or group level permission. For example: `rwsx rws- r--`
---

**To assign special permissions at the user level**:
```bash
chmod u+s xyz.sh     # rwsx rw- r--
```
**To assign special permissions at the group level**:
```bash
chmod g+s xyz.sh     # rwx rws r--
```

**To remove special permissions at the user or group level**:
```bash
chmod u-s xyz.sh
chmod g-s xyz.sh
```

**To find all executables in Linux with setuid and setgid permissions**:
```bash
find / -perm /6000 -type f
```

> **Please note**: These bits work on C programming executables not on bash shell scripts

**Sticky bit**: It is assigned to the last bit of permissions.

![image.png](attachment:e568aedb-a2ac-44a7-a21f-82e58508234c.png)

**Why?**: Example of `/tmp` directory: `-drwxrwxrwt`
* Any user can write into this directory, but cannot delete this directory.
* The Sticky bit helps ensure that only the owner can delete the file and prevents other users from accidentally deleting it, irrespective of having write access for all users.

---

**Lab exercise**:
* Become root and create a directory `allinone` in `/` = `mkdir /allinone`
* Assign all rwx permissions to that directory = `chmod 777 /allinone`
* Become iafzal and create a directory inside of `/allinone` = `mkdir imrandir`
* Give all rwx permissions to that directory = chmod 777 imrandir
* Create 3 files in that directory = `touch a b c`
* Open another terminal and log in as `spiderman`
* Go to /allinone directory and delete imrandir directory = `rm –rf imrandir`
    * You will see the directory is deleted
* Now become root again and assign sticky bit permission to `/allinone` = `chmod +t /allinone`
* Become iafzal and create a directory again inside of `/allinone` = `mkdir imrandir`
* Give all rwx permissions to that directory = `chmod 777 imrandir`
* Create 3 files in that directory = `touch a b c`
* Become a `spiderman` user again
* Go to `/allinone` directory and try to delete `imrandir` directory = `rm –rf imrandir`
    * Now, as `spiderman`, you cannot delete the directory

# Linux Account Authentication

![image.png](attachment:2e3a1836-5e0e-4669-b8ae-6085e8e2c479.png)

# Difference between Active Directory, LDAP, IDM, WinBIND, OpenLDAP etc.

* Active Directory = Microsoft
* IDM = Identity Manager
* WinBIND = Used in Linux to communicate with Windows
(Samba)
* OpenLDAP (open source)
* IBM Directory Server
* JumpCloud
* LDAP = Lightweight Directory Access Protocol

# System Utility Commands

System Utility Commands:
* date
* uptime
* hostname
* uname
* which
* cal -> Calendar
* bc -> Calculator

**Example**:
```bash
date
uptime
hostname

uname
uname -a

which pwd
which date

cal # Calendar

bc # binary calculator
```

## `date` command

Print or set the system date and time.

**Usage**: 
```bash
date [OPTION]... [+FORMAT]
date [-u|--utc|--universal] [MMDDhhmm[[CC]YY][.ss]]
```

Display the current time in the given FORMAT, or set the system date.

Mandatory arguments to long options are mandatory for short options too.

* **`-d`, `--date=STRING`**: display time described by `STRING`, not `now`.
* **`-f`, `--file=DATEFILE`**: like --date once for each line of `DATEFILE`.
* **`-I[TIMESPEC]`, `--iso-8601[=TIMESPEC]`**:
    * output date/time in ISO 8601 format.
    * `TIMESPEC='date'` for date only (the default), 'hours', 'minutes', 'seconds', or 'ns' for date and time to the indicated precision.
* **`-r`, `--reference=FILE`**: display the last modification time of `FILE`.
* **`-R`, `--rfc-2822`**:
    * output date and time in RFC 2822 format.
    * Example: `Mon, 07 Aug 2006 12:34:56 -0600`
* **`--rfc-3339=TIMESPEC`**:
    * output date and time in RFC 3339 format.
    * `TIMESPEC='date'`, 'seconds', or 'ns' for date and time to the indicated precision.
    * Date and time components are separated by a single space: `2006-08-07 12:34:56-06:00`.
* **`-s`, `--set=STRING`**: set time described by `STRING`.
* **`-u`, `--utc, --universal`**: print or set Coordinated Universal Time (UTC).
* **`--help`**: display this help and exit.
* **`--version`**: output version information and exit.

## `uptime` command

* Tell how long the system has been running.
* The `uptime` command gives a one-line display of the following information. 
* The current time, how long the system has been running, how many users are currently logged on, and the system load averages for the past 1, 5, and 15 minutes.

**Options**:
* **`-p', '--pretty`**: show uptime in pretty format.
* **`-h', '--help`**: display this help and exit.
* **`-s`, `--since`**: system up since.
* **`-V', '--version`**: output version information and exit.

![image.png](attachment:b73602c2-a9b1-4b38-836e-1eccf5b171f1.png)

## `hostname` command

Show or set the system's host name

**Program options**:
* **`-a`, `--alias`**: alias names.
* **`-A`, `--all-fqdns`**: all long host names (FQDNs).
* **`-b`, `--boot`**: set default hostname if none available.
* **`-d`, `--domain`**: DNS domain name.
* **`-f`, `--fqdn`, `--long`**: long host name (FQDN).
* **`-F`, `--file`**: read host name or NIS domain name from given file.
* **`-i`, `--ip-address`**: addresses for the host name.
* **`-I`, `--all-ip-addresses`**: all addresses for the host.
* **`-s`, `--short`**: short host name.
* **`-y`, `--yp`, `--nis`**: NIS/YP domain name.

**Description**:
* This command can get or set the host name or the NIS domain name.
* You can also get the DNS domain or the FQDN (fully qualified domain name).
* Unless you are using bind or NIS for host lookups, you can change the FQDN (Fully Qualified Domain Name) and the DNS domain name (which is part of the FQDN) in the `/etc/hosts` file.

## `uname` command

* This command will give you system information. 
* It is one of the important commands that should be used every time you log in to a Linux/Unix machine.

**Usage**: `uname [OPTION]...`

Print certain system information. With **no OPTION**, same as `-s`.

* **`-a`, `--all`**: print all information, in the following order, except omit `-p` and `-i` if unknown.
* **`-s`, `--kernel-name`**: print the kernel name.
* **`-n`, `--nodename`**: print the network node hostname.
* **`-r`, `--kernel-release`**: print the kernel release.
* **`-v`, `--kernel-version`**: print the kernel version.
* **`-m`, `--machine`**: print the machine hardware name.
* **`-p`, `--processor`**: print the processor type or "unknown".
* **`-i`, `--hardware-platform`**: print the hardware platform or "unknown".
* **`-o`, `--operating-system`**: print the operating system.
* **`--help`**: display this help and exit.
* **`--version`**: output version information and exit.

## `which` command

Shows the full path of (shell) commands.

**Usage**: `/usr/bin/which [options] [--] COMMAND [...]`

Write the full path of the COMMAND(s) to standard output.
* **`--version`, `-[vV]`**: Print version and exit successfully.
* **`--help`**: Print this help and exit successfully.
* **`--skip-dot`**: Skip directories in **PATH** that start with a dot.
* **`--skip-tilde`**: Skip directories in **PATH** that start with a tilde.
* **`--show-dot`**: Don't expand a dot to the current directory in output.
* **`--show-tilde`**: Output a tilde for the **HOME** directory for non-root.
* **`--tty-only`**: Stop processing options on the right if not on tty.
* **`--all`, `-a`**: Print all matches in **PATH**, not just the first
* **`--read-alias`, `-i`**: Read list of aliases from stdin.
* **`--skip-alias`**: Ignore option `--read-alias`; don't read stdin.
* **`--read-functions`**: Read shell functions from stdin.
* **`--skip-functions`**: Ignore option `--read-functions`; don't read stdin.

# Processes and Jobs

Application = Service | Script | Process | Daemon | Threads | Job

**Processes**
* Whenever you enter a command at the shell prompt, it invokes a program.
    * While this program is running, it is called a **process**.
    * Your login shell is also a process, created for you upon logging in and existing until you log out.
* LINUX is a multi-tasking operating system.
    * Any user can have multiple processes running simultaneously, including multiple login sessions.
    * As you do your work within the login shell, each command creates at least one new process while it executes.
* **Process ID**: Every process in a LINUX system has a **unique PID** - process identifier.
* `ps` - displays information about processes.

> Note that the `ps` command differs between different LINUX systems - see the **local ps man page** for details.

**To see your current shell's processes**:

```bash
% ps
PID TTY TIME CMD
26450 pts/9 0:00 ps
66801 pts/9 0:00 -csh
```

**To see a detailed list of all of your processes on a machine (current shell and all other shells)**:

```bash
% ps uc
USER PID %CPU %MEM SZ RSS TTY STAT STIME TIME COMMAND
jsmith 26451 0.0 0.0 120 232 pts/9 R 21:01:14 0:00 ps
jsmith 43520 0.0 1.0 300 660 pts/76 S 19:18:31 0:00 elm
jsmith 66801 0.0 1.0 348 640 pts/9 S 20:49:20 0:00 csh
jsmith 112453 0.0 0.0 340 432 pts/76 S Mar 03 0:00 csh
```

**To see a detailed list of every process on a machine**:

```bash
% ps ug
USER PID %CPU %MEM SZ RSS TTY STAT STIME TIME COMMAND
root 0 0.0 0.0 8 8 - S Feb 08 32:57 swapper
root 1 0.1 0.0 252 188 - S Feb 08 39:16 /etc/init
root 514 72.6 0.0 12 8 - R Feb 08 28984:05 kproc
root 771 0.2 0.0 16 16 - S Feb 08 65:14 kproc
root 1028 0.0 0.0 16 16 - S Feb 08 0:00 kproc
{ lines deleted }
root 60010 0.0 0.0 1296 536 - S Mar 07 0:00 -ncd19:0
kdr 60647 0.0 0.0 288 392 pts/87 S Mar 06 0:00 -ksh
manfield 60968 0.0 0.0 268 200 - S 10:12:52 0:00 mwm
kelly 61334 0.0 0.0 424 640 - S 08:18:10 0:00 twm
sjw 61925 0.0 0.0 552 376 - S Mar 06 0:00 rlogin kanaha
mkm 62357 0.0 0.0 460 240 - S Feb 08 0:00 xterm
ishley 62637 0.0 0.0 324 152 pts/106 S Mar 06 0:00 xedit march2
tusciora 62998 0.0 0.0 340 448 - S Mar 06 0:05 xterm -e
dilfeath 63564 0.0 0.0 200 268 - S 07:32:45 0:00 xclock
tusciora 63878 0.0 0.0 548 412 - S Mar 06 0:41 twm
```

---

`kill`:
* Use the `kill` command to send a signal to a process.
* In most cases, this will be a kill signal, hence the command name.
* However, other types of signals are usually supported.
* Note that you can only kill processes that you own.

The command syntax is:
```bash
kill [-signal] process_identifier(PID)
```

**Examples**:
* **`kill 63878`** - kills process 63878.
* **`kill -9 1225`** - kills (kills!) process 1225. Use if simple kill doesn't work.
* **`kill -STOP 2339`** - stops process 2339.
* **`kill -CONT 2339`** - continues stopped process 2339.
* **`kill -l`** - list the supported kill signals.
* You can also use `CTRL-C `to kill the currently running process.
* Suspend a process: Use `CTRL-Z`.

---

**Background a process**: 
* Normally, commands operate in the foreground - you can not do additional work until the command completes.
* Backgrounding a command allows you to continue working at the shell prompt.

**To start a job in the background, use an ampersand (`&`) when you invoke the command**:
```bash
myprog &
```

**To put an already running job in the background, first suspend it with `CTRL-Z` and then Use the `bg` command**:
* `myprog` - execute a process.
* `CTRL-Z` - suspend the process.
* `bg` - put suspended process in the background.

---

**Foreground a process**: 
* To move a background job to the foreground, find its **"job"** number and then use the `fg` command.
* In this example, the jobs command shows that two processes are running in the background.
* The `fg` command is used to bring the second job (`%2`) to the foreground.

```bash
jobs

[1] + Running xcalc
[2] Running find / -name core -print

fg %2
```

---

**Stop a job running in the background**: 
* Use the jobs command to find its job number, and then use the `stop` command.
* You can then bring it to the foreground or restart execution later.

```bash
jobs

[1] + Running xcalc
[2] Running find / -name core -print

stop %2
```

---

Kill a job running in the background, use the jobs command to find its job number, and then use the kill command. 

> Note that you can also use the `ps` and `kill` commands to accomplish the same task.

```bash
jobs

[1] + Running xcalc
[2] Running find / -name core -print

kill %2
```

---

**Some notes about background processes**:
* If a background job tries to read from the terminal, it will automatically be stopped by the shell. If this happens, you must put it in the foreground to supply the input.
* The shell will warn you if you attempt to log out and jobs are still running in the background.
    * You can then use the jobs command to review the list of jobs and act accordingly.
    * Alternately, you can simply issue the logout command again, and you will be permitted to exit.

# Process / Services Commands

* systemctl (or service, which is an old command)
* ps
* top
* kill
* crontab
* at

## `systemctl` command

* The `systemctl` command is a new tool to control system services.
* It is available in version 7 and later, and it replaces the `service` command.

**Usage example**:

```bash
systemctl start|stop|status servicename.service (firewalld)

systemctl enable servicename.service

systemctl disable servicename.service

systemctl restart|reload servicename.service

systemctl list-units --all
```

![image.png](attachment:d389b1f8-2902-4545-a59a-d09ae3d08f20.png)

---

**To add a service under systemctl management**:
* Create a unit file in `/etc/systemd/system/servicename.service`

**To control the system with `systemctl`**
```bash
systemctl poweroff
systemctl halt
systemctl reboot
```

## `ps` command

The `ps` command stands for process status, and it displays all the currently running processes in the Linux system

**Usage examples**: 

`ps` = Shows the processes of the current shell

```bash
PID = the unique process ID
TTY = terminal type that the user logged in to
TIME = amount of CPU in minutes and seconds that the process has been running
CMD = name of the command
```

* `ps –e` = Shows all running processes
* `ps aux` = Shows all running processes in BSD format
* `ps –ef` = Shows all running processes in full format listing (Most commonly used)
* `ps –u username` = Shows all processes by username.

## `top` command

* The `top` command is used to show the Linux processes, and it provides a real-time view of the running system.
* This command shows the summary information of the system and the list of processes or threads that are currently managed by the Linux Kernel.
* When the top command is executed, it goes into interactive mode, and you can exit by hitting **`q`**.

**Usage**: `top`

Let’s see now every single row of this output to explain all the information found within the screen.

**1. Row — top**

![image.png](attachment:977db335-9e3d-40b3-987e-f8bf0d79e3a2.png)

This first line indicates in order:
* current time (`11:37:19`)
* uptime of the machine (`up 1 day, 1:25`)
* users sessions logged in (`3 users`)
* average load on the system (load average: `0.02`, `0.12`, `0.07`), the 3 values refer to the last minute, five minutes, and 15 minutes.

**2. Row – task**

![image.png](attachment:3f57a04a-ef66-4ffe-9100-b6ba9755e8ae.png)

The second row gives the following information:
* Processes running in totals (`73 total`)
* Processes running (`2 running`)
* Processes sleeping (`71 sleeping`)
* Processes stopped (`0 stopped`)
* Processes waiting to be stopped by the parent process (`0 zombie`)

**3. Row – CPU**

![image.png](attachment:1ad58036-ff30-430d-98b5-dc67faa7d058.png)

The third line indicates how the CPU is used. If you sum up all the percentages, the total will be `100%` of the CPU. 

Let’s see what these values indicate in order:
* Percentage of the CPU for user processes (`0.3%us`)
* Percentage of the CPU for system processes (`0.0%sy`)
* Percentage of the CPU processes with priority upgrade nice (`0.0%ni`)
* Percentage of the CPU not used (`99.4%id`)
* Percentage of the CPU processes waiting for I/O operations(`0.0%wa`)
* Percentage of the CPU serving hardware interrupts (`0.3%hi` — Hardware IRQ)
* Percentage of the CPU serving software interrupts (`0.0%si` — Software Interrupts)
* The amount of CPU ‘stolen’ from this virtual machine by the hypervisor for other tasks (such as running another virtual machine), this will be 0 on desktop and server without a Virtual machine. (`0.0%st` — Steal Time)

**4. &  5. Rows – memory usage**

![image.png](attachment:95a6ecca-02f3-42b4-910e-b73475be4c09.png)

* The fourth and fifth rows respectively indicate the use of physical memory (RAM) and swap. 
* In this order: Total memory in use, free, buffers cached.

**Following Rows — Processes list**

![image.png](attachment:ca51985f-1639-4d69-8394-49f2a6caad89.png)

And as last thing ordered by CPU usage (as default) there are the processes currently in use.

Let’s see what information we can get in the different columns:

![image.png](attachment:88a4dd76-6ce4-4aac-87fc-6a7611aac21a.png)

* `top –u iafzal` = shows tasks/processes owned by the user.
* `top then press c` = shows commands absolute path.
* `top then press k` = kill a process by PID within the top session.
* `top then M and P` = To sort all Linux running processes by Memory usage.

> **Please note**: The `top` command refreshes the information every 3 seconds.


## `kill` command

The `kill` command is used to terminate processes manually. 

It sends a signal that ultimately terminates or kills a particular process or group of processes.

**Usage**: 

`kill [OPTION] [PID]`
* **OPTION** = Signal name or signal number/ID
* **PID** = Process ID

`kill –l` = to get a list of all signal names or signal numbers.

The most used signals are:
* `kill PID` = Kill a process with the default signal.
* `kill -1` = Restart.
* `kill -2` = Interrupt from the keyboard, just like Ctrl C.
* `kill -9` = Forcefully kill the process.
* `kill -15` = Kill a process gracefully.

Other similar kill commands are:
* `killall`
* `pkill `

# Process & Signals

* A **process** is a running program in your system. Each process has its own identity known as a PID (Process ID). For example, running an app, task, or executing a command.
* A **signal** is a short message that the operating system or user sends to a process, which indicates that something has happened and the process needs to take certain actions. For example, if we press CTRL + C then it signals to stop the running process.
* Signals are a way to **interrupt**, **control**, or **communicate** with the processes.
* Process Signals means sending signals to running processes to control their behavior.
* The main purpose of Process signals is to enable communication between users and the operating system.
* Allowing the user to manage processes in real-time.

There are two main types of process signals:
* Standard Signals
* Real-time Signals

---

Standard Signals are pre-defined signals that the operating system sends to the process to control its behavior. 
* These signals have fixed meaning, such as: **stop**, **pause**, or **terminate** a process.
* The standard signals also include various types, such as:
    * SIGINT (Signal Interrupt)
    * SIGTERM (Signal Terminate)
    * SIGKILL (Signal Kill)
    * SIGSTOP (Signal Stop)
    * SIGCONT (Signal Continue)
    * SIGSEGV (Signal Segmentation Fault), etc.

**SIGINT** (Signal Interrupt):
* Used to interrupt a process.
* Command: `kill -SIGINT PID` or CTRL + C

**SIGTERM** (Signal Terminate)
* Used to terminate a process gracefully, giving it time to **save data** and  **clean up** before closing.
* Command: `kill -SIGTERM PID`

**SIGKILL** (Signal Kill)
* Used to forcefully kill a process immediately, and it cannot be ignored by the process.
* Command: `kill -SIGKILL PID`

**SIGSTOP** (Signal Stop)
* Used to stop a running process, allowing it to be resumed later, if needed.
* Command: `kill -SIGSTOP PID`

**SIGCONT** (Signal Continue)
* Used to resume a stopped process, it allows to resume the process to continue running from where it was stopped.
* Command: `kill -SIGCONT PID`

**SIGSEGV** (Signal Segmentation Fault)
* This signal is sent to processes when they try to access an **Invalid Memory Location**, often resulting in a crash known **Segmentation Fault**.
* Command: `kill -SIGSEGV PID`

**EXAMPLE**: Consider a text editor.
* `CTRL + C`: It sends a `SIGINT` signal to stop the text editor immediately.
* Closing the editor from the File Menu: It sends a `SIGTERM` signal, allowing the text editor to save the work.
* If the text editor freezes and doesn't respond, then closing it from the task manager will send a `SIGKILL` signal to stop it instantly.
* While working, pausing the text editor will send a `SIGSTOP` signal to temporarily pause.
* To unpause the text editor, send the `SIGCONT` signal to resume from where it was paused.
* Finally, when the editor tries to open a file that doesn't exist in memory, it might cause sending `SIGSEGV` signal rsulting in a crash due to invalid menory access.

---

Real-time signals allow processes to send extra information along with the signal, such as numbers or messages. Unlike Standard Signals, which are sent one by one without any order, the Real-time Signals are queued, meaning they are stored in a list and processed in the exact order they arrived.

There are three types of Real-Time Signals:
* SIGRTMIN
* SIGRTMAX
* Intermediate Signal

**SIGRTMIN Signal**: It marks the beginning of the real-time signal range, which means, any real-time signal starts from this point.

**SIGRTMAX Signal**: It marks the end of the real-time signal range, which means any real-time signal ends at this point.

**Intermediate Signal**:
* These are intermediate signals between **SIGRTMIN** and **SIGRTMAX**.
* Used for custom processes or specific Task.
* These signals allow running programs to send specific messages or data to each of them.

**EXAMPLE**: Consider a smart home system with lights, AC & CCTV cameras.
* **SIGRTMIN Signal** -> When the system starts it send this signal to **"Activate all connected devices"**.
* **SIGRTMAX Signal** -> It is used to shut down all devices.
* **Intermediate Signal** -> Used for a specific task such as adjusting AC temperature, notifying CCTV cameras to start recording, etc.

---



# Signal Names & Purpose

**SIGHUP** - The SIGHUP signal disconnects a process from the parent process. This can also be used to restart processes. For example, "killall -SIGUP compiz" will restart Compiz. This is useful for daemons with memory leaks.

**SIGINT** - This signal is the same as pressing Ctrl-C. On some systems, "delete" + "break" sends the same signal to the process. The process is interrupted and stopped. However, the process can ignore this signal.

**SIGQUIT** - This is like SIGINT with the ability to make the process produce a core dump.

**SIGILL** - When a process performs a faulty, forbidden, or unknown function, the system sends the SIGILL signal to the process. This is the ILLegal SIGnal.

**SIGTRAP** - This signal is used for debugging purposes. When a process has performed an action or a condition is met that a debugger is waiting for, this signal will be sent to the process.

**SIGABRT** - This kill signal is the abort signal. Typically, a process will initiate this kill signal on itself.

**SIGBUS** - When a process is sent the SIGBUS signal, it is because the process caused a bus error. Commonly, these bus errors are due to a process trying to use fake physical addresses, or the process has its memory alignment set incorrectly.

**SIGFPE** - Processes that divide by zero are killed using SIGFPE. Imagine if humans got the death penalty for such math. NOTE: The author of this article was recently drug out to the street and shot for dividing by zero.

**SIGKILL** - The SIGKILL signal forces the process to stop executing immediately. The program cannot ignore this signal. This process does not get to clean-up either.

**SIGUSR1** - This indicates a user-defined condition. This signal can be set by the user by programming the commands in sigusr1.c. This requires the programmer to know C/C++.

**SIGSEGV** - When an application has a segmentation violation, this signal is sent to the process.

**SIGUSR2** - This indicates a user-defined condition.

**SIGPIPE** - When a process tries to write to a pipe that lacks an end connected to a reader, this signal is sent to the process. A reader is a process that reads data from the end of a pipe.

**SIGALRM** - SIGALRM is sent when the real-time or clock time timer expires.SIGTERM - This signal requests a process to stop running. This signal can be ignored. The process is given time to gracefully shut down. When a program gracefully shuts down, that means it is given time to save its progress and release resources. In other words, it is not forced to stop. SIGINT is very similar to SIGTERM.

**SIGCHLD** - When a parent process loses its child process, the parent process is sent the SIGCHLD signal. This cleans up resources used by the child process. In computers, a child process is a process started by another process known as a parent.

**SIGCONT** - To make processes continue executing after being paused by the SIGTSTP or SIGSTOP signal, send the SIGCONT signal to the paused process. This is the CONTinue SIGnal. This signal is beneficial to Unix job control (executing background tasks).

**SIGSTOP** - This signal makes the operating system pause a process's execution. The process cannot ignore the signal.

**SIGTSTP** - This signal is like pressing Ctrl-Z. This makes a request to the terminal containing the process to ask the process to stop temporarily. The process can ignore the request.

**SIGTTIN** - When a process attempts to read from a tty (computer terminal), the process receives this signal.

**SIGTTOU** - When a process attempts to write to a tty (computer terminal), the process receives this signal.

**SIGURG** - When a process has urgent data to be read or the data is very large, the SIGURG signal is sent to the process.

**SIGXCPU** - When a process uses the CPU past the allotted time, the system sends the process this signal. SIGXCPU acts like a warning; the process has time to save the progress (if possible) and close before the system kills the process with SIGKILL.

**SIGXFSZ** - Filesystems have a limit to how large a file can be made. When a program tries to violate this limit, the system will send that process the SIGXFSZ signal.

**SIGVTALRM** - SIGVTALRM is sent when the CPU time used by the process elapses.

**SIGPROF** - SIGPROF is sent when the CPU time used by the process and by the system on behalf of the process elapses.

**SIGWINCH** - When a process is in a terminal that changes its size, the process receives this signal.SIGIO - Alias to SIGPOLL or at least behaves much like SIGPOLL.

**SIGPWR** - Power failures will cause the system to send this signal to processes (if the system is still on).

**SIGSYS** - Processes that give a system call an invalid parameter will receive this signal.

**`SIGRTMIN*`** - This is a set of signals that varies between systems. They are labeled SIGRTMIN+1, SIGRTMIN+2, SIGRTMIN+3, ......., and so on (usually up to 15). These are user-defined signals; they must be programmed in the Linux kernel's source code. That would require the user to know C/C++.

**`SIGRTMAX*`** - This is a set of signals that varies between systems. They are labeled SIGRTMAX-1, SIGRTMAX-2, SIGRTMAX-3, ......., and so on (usually up to 14). These are user-defined signals; they must be programmed in the Linux kernel's source code. That would require the user to know C/C++.

**`SIGEMT`** - Processes receive this signal when an emulator trap occurs.

**`SIGINFO`** - Terminals may sometimes send status requests to processes. When this happens, processes will also receive this signal.

**`SIGLOST`** - Processes trying to access locked files will get this signal.

**`SIGPOLL`** - When a process causes an asynchronous I/O event, that process is sent the SIGPOLL signal.

# `crontab` command

**1. What is crontab?**
* Crontab (**CRON TABle**) is a file that contains the schedule of cron entries to be run at specified times. 
* File location varies by operating system.
  
**2. What is a cron job or cron schedule?**
* A cron job or cron schedule is a specific set of execution instructions specifying day, time, and command to execute. 
* The `crontab` can have multiple execution statements.

**3. Crontab Restrictions**
* You can execute crontab if your name appears in the file `/usr/lib/cron/cron.allow`.
* If that file does not exist, you can use **crontab **if your name does not appear in the file `/usr/lib/cron/cron.deny`.
* If only `cron.deny` exists and is empty, all users can use `crontab`.
* If neither file exists, only the root user can use crontab.
* The allow/deny files consist of one user name per line.

**4. Crontab Commands**

The `crontab` command is used to schedule tasks.

* `export EDITOR=vi` = To specify an editor to open the `crontab` file.
* `crontab –e` = Edit the crontab
* `crontab –l` = List the crontab entries
* `crontab –r` = Remove the crontab
* `crond` = crontab daemon/service that manages scheduling
* `systemctl status crond` = To manage the crond service

**5. Crontab file**

**Crontab syntax**: A crontab file has five fields for specifying day, date, and time, followed by the command to be run at that interval.

![image.png](attachment:fccb0436-b07a-4992-b505-53a1bf7ea29e.png)

* `*` in the value field above means all legal values as in braces for that column.
* The value column can have a `*` or a list of elements separated by commas.
* An element is either a number in the ranges shown above or two numbers in the range separated by a hyphen (meaning an inclusive range).

> **Notes**
> A.) Repeat patterns like /2 for every 2 minutes or /10 for every 10 minutes are not supported by all operating systems. If you try to use it and **crontab** complains, it is probably not supported.
> B.) The specification of days can be made in two fields: month-day and weekday. If both are specified in an entry, they are cumulative, meaning both entries will get executed.

Create a `crontab` entry by scheduling a task:

```bash
crontab –e
schedule, echo “This is my first crontab entry” > crontab-entry
```

**6. Crontab Examples**

A line in crontab file like below removes the tmp files from `/home/someuser/tmp` each day at:
```bash
6:30 PM.30 18 * * * rm /home/someuser/tmp/*
```

Changing the parameter values as below will cause this command to run at different time schedule below :

![image.png](attachment:a4b31b4a-4356-4650-bb7d-c866b82f2614.png)

> **Note**:
> * If you inadvertently enter the `crontab` command with no argument(s), do not attempt to get out with `CTRL-D`.
> * This removes all entries in your crontab file.
> * Instead, exit with `CTRL-C`.

**7. Crontab Environment**

The **cron** invokes the command from the user’s **HOME** directory with the shell (`/usr/bin/sh`).

The **cron** supplies a default environment for every shell, defining:
```bash
HOME=user’s-home-directory
LOGNAME=user’s-login-id
PATH=/usr/bin:/usr/sbin:.
SHELL=/usr/bin/sh
```

Users who desire to have their `.profile` executed must explicitly do so in the **crontab** entry or in a script called by the entry.

**8. Disable Email**

By default, cron jobs send an email to the user account executing the cron job. If this is not needed, put the following command at the end of the cron job line.
```bash
>/dev/null 2>&1
```

**9. Generate log file**

To collect the **cron** execution execution log in a file :
```bash
30 18 * * * rm /home/someuser/tmp/* > /home/someuser/cronlogs/clean_tmp_dir.log
```

**10. Crontab file location**

User **crontab** files are stored by the login names in different locations in different Unix and Linux flavors. 

These files are useful for backing up, viewing, and restoring, but should be edited only with the `crontab` command by the users.

* **Mac OS X**: `/usr/lib/cron/tabs/`
* **BSD Unix**: `/var/cron/tabs/`
* **Solaris, HP-UX, Debian, Ubuntu**: `/var/spool/cron/crontabs/`
* **AIX, Red Hat Linux, CentOS, Ferdora**: `/var/spool/cron/`

# `at` command

* The `at` command is like crontab which allows you to schedule jobs but only once.
* When the command is run it will enter interactive mode and you can get out by pressing `Ctrl+D`.

**Usage**:
* `at HH:MM PM` = Schedule a job
* `atq` = List the at entries
* `atrm #` = Remove at entry
* `atd` = at daemon/service that manages scheduling
* `systemctl status atd` = To manage the atd service

**Create at entry by scheduling a task**:
```bash
at 4:45PM → enter
echo “This is my first at entry” > at-entry
Crtl D
```

**Other future scheduling format**:
* `at 2:45 AM 101621` = Schedule a job to run on Oct 16th, 2021 at 2:45am
* `at 4PM + 4 days` = Schedule a job at 4pm four days from now
* `at now +5 hours` = Schedule a job to run five hours from now
* `at 8:00 AM Sun` = Schedule a job to 8am on coming Sunday
* `at 10:00 AM next month` = Schedule a job to 10am next month

# Additional Cron Jobs (houly, daily, weekly, monthly)

By default, there are 4 different types of cron jobs:
* Hourly
* Daily
* Weekly
* Monthly

All the above crons are set up in **`/etc/cron.___`** (directory).

The timing for each is set in **`/etc/anacrontab`** -- except hourly

For hourly: **`/etc/cron.d/0hourly`**

# Process Management

* Background = `Ctrl-z`, `jobs`, and `bg`
* Foreground = `fg`
* Run process even after exit:
    * `nohup process &`
    * `nohup process > /dev/null 2>&1 &`
* Kill a process by name = `pkill`
* Process priority = `nice` (e.g., `nice –n 5 process`)
    * *The niceness scale goes from -20 to 19. The lower the number, the higher the priority that task gets*.
* Process monitoring = `top`
* List process = `ps`

# System Monitoring

* top
* df
* dmesg
* iostat 1
* netstat
* free
* cat /proc/cpuinfo
* cat /proc/meminfo

**System Resources Commands**:
* `date`: Report the current date and time.
* `df`: Report the summary of disk blocks and inodes free and in use.
* `du`: Report the amount of disk space in use.
* `hostname/uname`: Display or set (super-user only) the name of the current machine.
* `passwd`: Set or change your password.
* `whereis`: Report the binary, source, and man page locations for the command.
* `which`: Reports the path to the command or the shell alias in use.
* `who`: Report who is logged in and what processes are running.
* `cal`: Displays a calendar.
* `bc`: Calculator.

---

**`df` - summarize disk block and file usage**
* The `df` is used to report the number of disk blocks and inodes used and free for each file system.
* The output format and valid options are very specific to the OS and program version in use.

**Syntax**: `df [options] [resource]`

**Common Options**
* `-l`: local file systems only (SVR4)
* `-k`: report in kilobytes (SVR4)

---

**`du` - report disk space in use**

The `du` reports the amount of disk space in use for the files or directories you specify.

**Syntax**: `du [options] [directory or file]`

**Common Options**:
* `-a`: Display disk usage for each file, not just subdirectories.
* `-s`: Display a summary total only.
* `-k`: Report in kilobytes (SVR4).

---

**`who` - list current users**

The `who` reports who is logged in at the present time.

**Syntax**: `who [am i]`

**Examples**
```bash
$ who
wmtell ttyp1 Apr 21 20:15 (apple.acs.ohio-s)
fbwalk ttyp2 Apr 21 23:21 (worf.acs.ohio-st)
stwang ttyp3 Apr 21 23:22 (127.99.25.8)
```

---

**`whereis` - report program locations**

The `whereis` reports the filenames of source, binary, and manual page files associated with the command(s).

**Syntax**: `whereis [options] command(s)`

**Common Options**:
* `-b`: Report binary files only
* `-m`: Report manual sections only
* `-s`: Report source files only

**Examples**:
```bash
$ whereis Mail
Mail: /usr/ucb/Mail /usr/lib/Mail.help /usr/lib/Mail.rc /usr/man/man1/Mail.1

$ whereis -b Mail
Mail: /usr/ucb/Mail /usr/lib/Mail.help /usr/lib/Mail.rc

$ whereis -m Mail
Mail: /usr/man/man1/Mail.1
```

---

**`which` - report the command found**

* The `which` will report the name of the file that is executed when the command is invoked. 
* This will be the full path name or the alias that’s found first in your path.

**Syntax**: `which command(s)`

**Example**:
```bash
$ which Mail
/usr/ucb/Mail
```

---

**`hostname/uname –n` = name of machine**

The `hostname` (`uname -n` on SysV) reports the host name of the machine the user is logged into.

For example:
```bash
$ hostname
yourcomputername
```

The `uname` has additional options to print information about the system hardware type and software version.

---

**`date` - current date and time**

* The `date` displays the current date and time. 
* A superuser can set the date and time.

**Syntax**: `date [options] [+format]`

**Common Options**
* -u use Universal Time (or Greenwich Mean Time)

**+format specifies the output format**
* `%a`: weekday abbreviation, Sun to Sat.
* `%h`: month abbreviation, Jan to Dec.
* `%j`: day of year, 001 to 366.
* `%n`: new-line.
* `%t`: TAB.
* `%y`: last 2 digits of year, 00 to 99.
* `%D`: MM/DD/YY date.
* `%H`: hour, 00 to 23.
* `%M`: minute, 00 to 59.
* `%S`: second, 00 to 59.
* `%T`: HH:MM:SS time.

**Examples**:
```bash
$ date
Mon Jun 10 09:01:05 EDT 1996

$ date -u
Mon Jun 10 13:01:33 GMT 1996

$ date +%a%t%D
Mon 06/10/96

$ date '+%y:%j'
96:162
```

# Log Monitoring

Another and most important way of system administration is log monitoring.

Log Directory = **/var/log**

* boot
* chronyd = NTP
* cron
* maillog
* secure
* messages
* httpd

# System Maintenance Commands

* shutdown
* `init 0-6`: init run levels are 0 to 6.
* reboot
* halt

# Changing System Hostname

* `hostnamectl set-hostname newhostname`
* Version 7 = Edit /etc/hostname
* Version 6 = Edit /etc/sysconfig/network

# Finding System Information

* cat /etc/redhat-release
* uname –a
* dmidecode

# System Architecture

**Differences between a 32-bit and 64-bit CPU?**

A big difference between 32-bit processors and 64-bit processors is the number of calculations per second they can perform, which affects the speed at which they can complete tasks. 64-bit processors can come in dual-core, quad-core, six-core, and eight-core versions for home computing. Multiple cores allow for an increased number of calculations per Second, which can be performed, which can increase the processing power and help make a computer run faster. Software programs that require many calculations to function smoothly can operate faster and more efficiently on the multi-core 64-bit processors.

* Linux = arch
* Windows = My computer → Properties

# SOS Report

**What is SOS Report?**

Collect and package diagnostic and support data

**Package name**: sos-version

**Command**: sosreport

# Terminal Control Keys

Several key combinations on your keyboard usually have a special effect on the terminal.
* These "control" (CTRL) keys are accomplished by holding the CTRL key while typing the second key.
* For example, CTRL-c means to hold the CTRL key while you type the letter "c".

The most common control keys are listed below:
* `CTRL-u` - erase everything you've typed on the command line.
* `CTRL-c` - stop/kill a command.
* `CTRL-z` - suspend a command.
* `CTRL-d` - exit from an interactive program (signals end of data).
* `CTRL-h` - backspace (usually).
* `CTRL-s` - stop the screen from scrolling.
* `CTRL-q` - continue scrolling.

# Terminal Commands

* `clear`: Clears your screen
* `exit`: Exit out of the shell, terminal or a user session
* `script`: The script command stores terminal activities in a log file that can be named by a user, when a name is not provided by a user, the default file name, typescript is used.

# Recover Root Password

High level steps:
* Restart your computer
* Edit grub
* Change password
* reboot

**1 – In the boot grub menu, select the option to edit**

![image.png](attachment:8e045190-8f2c-4dfc-9c86-0b374267c0db.png)

**2 – Select Option to edit (e).**

![image.png](attachment:aa620175-4283-45fa-b342-72e2fbafc428.png)

**3 – Go to the line = ro and change it with `rw init=/sysroot/bin/sh`**

![image.png](attachment:20474c69-3400-41f5-9027-a00365b1d1c5.png)

**4 – Now press Control+x to start on single user mode**

![image.png](attachment:759cd530-e117-47df-95fe-b684d6749616.png)

**5 – Now access the system with this command.**

```bash
chroot /sysroot
```

**6 – Reset the password.**

```bash
passwd root
```

**7 – Exit chroot**

```bash
exit
```

**8 - Reboot your system**

```bash
reboot
```

# Environment Variables

**What are environment variables?**
* An environment variable is a dynamically named value that can affect the way running processes behave on a computer. 
* They are part of the environment in which a process runs.

To view all environment variables: `printevn` **OR** `env`

To view ONE environment variable: `echo $SHELL`

To set the environment variables
* `export TEST=1`
* `echo $TEST`

To set the environment variable permanently
* `vi .bashrc`
* `TEST=‘123’`
* `export TEST`

To set a global environment variable permanently
* `vi /etc/profile or /etc/bashrc`
* `Test=‘123’`
* `export TEST`

# The `screen` command

* The `screen` command (aka. GNU Screen) manages multiple terminal sessions in one window.
* It also allows you to reconnect to your task if your terminal closes accidentally or you lose connection.
* Because the `screen` command ensures that your task continues running in the background.
* This is specially useful for long-running tasks or remote work.

**Example**:
```bash
screen # creates first session called 'screen0'

# create vertical split screen
alt + a
shift + |

# create horizontal split screen
alt + a
shift + S
```

# The `tmux` command (Terminal Multiplex)

The `tmux` is a modern and dynamic alternative to the `screen` utility, as the `screen` package has become outdated and is no longer available in RHEL 8 & CentOS 8.

Features:
* split window
* switch between panes
* detach sessions (running process in the background)
* reattach sessions (running process in the foreground/console)

This is especially useful for:
* long-running tasks
* multiple tasks simultaneously
* or remote work.