
# Introduction to Linux and Basic Commands
*Objective: Familiarize students with the Linux OS and basic command-line interface.*


## Introduction to Linux OS (45 minutes)

### Why should you use Linux?

1. Open Source and Free
    - Your learning and working without software and tools written in R, Python, C, C++, Julia, Java?
2. Stability and Reliability
3. Powerful Command-Line Interface
4. Widespread Use in Scientific Computing
5. Community and Support
    - free and knowledgeable
6. Customizability and Control
    - Customizable and programmable. 
7. Security and Privacy
8. Large Software Repository
9. Compatibility with Cloud and Server Environments
10. Skill Development for Professional Growth


### Overview of Linux in statistical and bioinformatics computing

Why do we use Linux in statistical and bioinformatics computing?

1. **High-Performance Computing Dominance:**
   - Majority of world's supercomputers run on Linux.
   - Critical for handling large datasets in bioinformatics.

2. **Bioinformatics Tools Development:**
   - Significant bioinformatics software developed for Linux.
   - Essential for using and developing bioinformatics tools.

3. **Scripting and Automation:**
   - Powerful command-line interface and scripting capabilities.
   - Enhances productivity in data analysis.

4. **Open Source Community:**
   - Vast developer and user community.
   - Invaluable for learning and problem-solving.

5. **Scientific Workflow Compatibility:**
   - Integrates various tools and software.
   - Ideal for complex scientific workflows.

6. **Cloud and Server Preference:**
   - Preferred OS for cloud computing and servers.
   - Indispensable for modern computational environments.

7. **Data Security:**
   - Known for robust security features.
   - Crucial for handling sensitive research data.


# Conceptual structure of a Linux system

![Linux architecture](images/linuxarch.jpg)

(image source: https://madhuakula.com/content/linux-security-internals/linuxarch/)

More readings about Linux architecture https://www.javatpoint.com/architecture-of-linux




### Main direcotry and theire functions

Linux file system hierarchy
https://en.wikipedia.org/wiki/Filesystem_Hierarchy_Standard

Roles of each typical directory in Linux file system. You would not create any of these directories yourself. They are created automatically when you install the operating system or add packages later on.
Folder are sorted by rough frequency of use. The most frequently used folders are at the top.

| Directory | Description |
| --- | --- |
|**/**| Root directory. All other directories are subdirectories of root.|
|**/home**| Home directories for all users on the system. It is also possible to setup home directories to a custom location.|
|**/usr**| User programs. This is the largest directory in a typical Linux system. It contains all the user binaries, their documentation, libraries, header files, etc.|
|**/etc**| System-wide configuration files.|
|**/bin**| Keep binary or scripts that are executable/runnable system-wide |
|**/tmp**| Temporary files. These files are generally deleted upon reboot.|
|**/boot**| Boot directory contains files for booting the system |
|**/var**| Variable data. This directory contains files that change often, such as logs, spool files, and temporary e-mail files.|
|**/cdrom**| Mount point for CD-ROMs|
|**/dev**| Device files for all hardware devices on the machine. For example, /dev/sda is the first hard drive, /dev/sda1 is the first partition on the first hard drive, and so on. |
|**/lib**| Libraries for the binaries in /bin and /sbin.|
|**/lib32**| Libraries for the binaries in /bin and /sbin for 32-bit systems.|
|**/lib64**| Libraries for the binaries in /bin and /sbin for 64-bit systems.|
|**/libx32**| Same functionality as /lib32 |
|**/lost+found**| Files that were recovered after a system crash.|
|**/media**| Mount point for removable media such as USB sticks or DVDs.|
|**/mnt**| Mount point for temporarily mounted filesystems.|
|**/opt**| Optional software packages.|
|**/proc**| Virtual filesystem that contains information about processes and the system.|
|**/root**| Home directory for the root user.|
|**/run**| Runtime data for processes started since the last boot.|
|**/sbin**| System binaries. These are executables that are generally reserved for the root user for system administration.|
|**/snap**| Snap packages. Software delivered via snap are self-contained and can be installed without affecting the rest of the system. They are usually ported from other Linux distributions, or Windows and Mac.|
|**/srv**| Data for services provided by the system.|
|**/sys**| Virtual filesystem that contains information about hardware devices and drivers.|


# Linux file system commands

In [1]:
# This is a comment, that is ignored by the computer.
# But comments are useful for humans to understand what is going on.

# Let's print a message to the screen.
echo Hello World

Hello World


In [None]:
# view root file system
ls -1 /

# Common usage patterns for Linux Users

1. Navigating the file system
2. Creating, copying, moving, and deleting files and directories
3. Viewing and editing files
4. Searching for files
5. Getting help
6. Managing processes
7. Managing users and groups
8. Managing permissions
9. Managing software packages
10. Managing services
11. Managing storage
12. Managing system logs
13. Managing the network
14. Managing the firewall
15. Managing the kernel
16. Managing the boot process
17. Managing the system clock
18. Managing the system
19. Managing the hardware
20. Managing the system

 ## 1. Navigating the file system

 0. `man` - read manual pages of commands installed on the system
 1. `pwd` - print working directory
 2. `cd` - change directory
 3. `ls` - list directory contents
 4. `tree` - list contents of directories in a tree-like format
 5. `mkdir` - make directories
 6. `rmdir` - remove empty directories
 7. `rm` - remove files and directories
 8. `cp` - copy files and directories
 9. `mv` - move/rename files and directories
 10. `touch` - create empty files
 11. `cat` - concatenate files and print on the standard output
 12. `less` - read file with pagination
 13. `more` - read text files with pagination, keeps the text in the terminal after exiting. 
 14. `head` - output the first part of files
 15. `tail` - output the last part of files
 16. `grep` - print lines matching a pattern. More advanced alternatives which are faster and more user friendly output: `ack` (belonging to "ack" package), `rg` (belonging to "ripgrep" package)
 17. `find` - search for files in a directory hierarchy
 18. `locate` - find files by name
 19. `which` - locate a command
 20. `whereis` - locate the binary, source, and manual page files for a command


In [None]:
## 0. `man` read manual pages
man man

In [None]:
## 1. `pdw` - print working directory
pwd

In [None]:
## 2. `ls` - list directory contents
man ls


## 2. Creating, copying, moving, and deleting files and directories

1. `mkdir` - make directories. 
    For example, `mkdir -p /tmp/mydir` will create a directory named `mydir` in the `/tmp` directory. The `-p` option will create the parent directories if they do not exist.
2. `rmdir` - remove empty directories
3. `rm` - remove files and directories
4. `cp` - copy files and directories
5. `mv` - move/rename files and directories
6. `touch` - create empty files
7. `ln` - create links to files. See more with `man ln`.


## Chaining linux commands

Chaining output of one command to another command as input is a very powerful feature of Linux command line. It allows you to combine multiple commands into one command or create a complex pipeline.

1. `|` - pipe operator. It takes the output of the command on the left and uses it as input for the command on the right.
2. `;` - command separator. It allows you to run multiple commands in succession, regardless of whether each previous command succeeds.
3. `&&` - logical AND operator. It allows you to execute a second command after the first command runs successfully.
4. `||` - logical OR operator. It allows you to execute a second command if the first command fails.


## Redirection

1. `>` - redirect output to a file. It will overwrite the file if it already exists, so be careful.
2. `>>` - redirect output to a file. It will append to the file if it already exists.
3. `<` - redirect input from a file.
4. `2>` - redirect standard error to a file.
5. `&>` - redirect both standard output and standard error to a file.
6. `|` - pipe operator. It takes the output of the command on the left and uses it as input for the command on the right.


In [None]:
# 1. redirect output to a file
ls -l > ls_output.txt

# 2. redirect output to a file (append)
ls -l >> ls_output.txt


In [None]:

# 3. redirect input from a file
wc -l < ls_output.txt

# Redirecting input from output of another command
wc -l <(ls -l) # there must be now spaces between '<' and '('

# Multiple input redirection
wc -l <(ls -l) <(ls -lah) # Each `<()` creates a virtual file.

# Input redirection from a string (here string)
wc -l <<< "Hello World" # This is usually used when you want to pass a string to a command that expects a file.


In [None]:
# 4. Redirecting standard error and standard output to separate files. 
# This is useful when you want to save the output of a command to a file, but also want to see the output on the screen.
ls -l /bin/usr 1> ls_output.txt 2> ls_error.txt

# 5. Redirecting standard error and standard output to the same file. (Joining stderr and stdout)
# This is useful when you want to see the command output like you would see in the terminal. 
# But it is a good idea to separate the error messages from the output messages.

ls -l /bin/usr > ls_output.txt 2>&1
# This does the same thing as above
ls -l /bin/usr &> ls_output.txt


In [None]:

# 6. Example of piping
ls -l | head -n 5


## 3. Viewing and editing files

1. `cat` - concatenate files and print on the standard output
2. `less` - read file with pagination
3. `more` - read text files with pagination, keeps the text in the terminal after exiting.
4. `head` - output the first part of files
5. `tail` - output the last part of files



6. `grep` - print lines matching a pattern. More advanced alternatives which are faster and more user friendly output: `ack` (belonging to "ack" package), `rg` (belonging to "ripgrep" package)
7. `find` - search for files in a directory hierarchy
8. `locate` - find files by name


### vim and emacs

1. `vim` - Vi IMproved, a programmers text editor. 
2. `emacs` - extensible, customizable, self-documenting real-time display editor.

Both are very powerful text editors. They have a steep learning curve, but they are worth learning. They are available on most Linux distributions. You can install them with your package manager. For example, on Ubuntu, you can install them with `sudo apt install vim emacs`.

Common use cases for vim: 
- editing configuration files
- editing code
- editing text files
- work with remote servers
- work in the terminal

Common use cases for emacs:
- editing code. Magit is a very powerful git interface for emacs.
- editing text files
- work with remote servers
- work in the terminal
- email
- calendar

Advantages of vim over emacs:

- Vim is more lightweight than Emacs.
- Vim keybindings are more ergonomic than Emacs keybindings.
- Out of the box, Vim is lighter than Emacs and can do core text editing functionality better than Emacs.

Advantages of emacs over vim:
- Emacs is more powerful than Vim with its plugins.
- Elips is a powerful programming language that can be used to extend Emacs.
- Many advanced plugins are available for Emacs thanks to the Elips programming language.

## 4. Searching for files


File search can be done with: 

1. `find` - search for files in a directory hierarchy by `name`, `type`, `size`, `modified time`, `permissions`, `owner`, `group`, etc.
2. `locate` - find files by name. It is faster than `find` because it uses a database of files and directories on the system. The database is updated periodically by a cron job. The database is usually updated once a day. If you want to update the database manually, you can run `sudo updatedb`.
3. `which` - locate a command
4. `whereis` - locate the binary, source, and manual page files for a command
5. `grep` - print lines matching a pattern. More advanced alternatives which are faster and more user friendly output: `ack` (belonging to "ack" package), `rg` (belonging to "ripgrep" package)



## 5. Getting help

1. `man` - read manual pages of commands installed on the system
2. `info` - read documentation in info format
3. `--help` - get help for a command
4. `apropos` - search the manual page names and descriptions
5. `whatis` - display one-line manual page descriptions
6. `alias` - create an alias for a command
7. `help` - get help for shell builtins


## 6. Managing processes

1. `ps` - report a snapshot of the current processes
2. `top` - display Linux processes
3. `kill` - send a signal to a process
4. `killall` - kill processes by name
5. `pkill` - send a signal to a process by name
6. `pgrep` - look up or signal processes based on name and other attributes
7. `jobs` - list active jobs
8. `bg` - run jobs in the background
9. `fg` - run jobs in the foreground
10. `nice` - run a command with modified scheduling priority
11. `renice` - alter priority of running processes
12. `nohup` - run a command immune to hangups, with output to a non-tty
13. `pstree` - display a tree of processes
14. `htop` - interactive process viewer
15. `atop` - advanced interactive process viewer
16. `iotop` - simple top-like I/O monitor
17. `strace` - trace system calls and signals
18. `lsof` - list open files
19. `fuser` - identify processes using files or sockets
20. `uptime` - tell how long the system has been running
21. `w` - show who is logged on and what they are doing
22. `who` - show who is logged on
23. `last` - show a listing of last logged in users
24. `lastlog` - reports the most recent login of all users or of a given user
25. `killall5` - send a signal to all processes


## 7. Managing users and groups

1. `useradd` - create a new user or update default new user information
2. `userdel` - delete a user account and related files
3. `usermod` - modify a user account
4. `passwd` - change user password
5. `groupadd` - create a new group
6. `groupdel` - delete a group
7. `groupmod` - modify a group
8. `chage` - change user password expiry information
9. `newgrp` - log in to a new group
10. `id` - print real and effective user and group IDs
11. `whoami` - print effective userid
12. `who` - show who is logged on
13. `w` - show who is logged on and what they are doing
14. `last` - show a listing of last logged in users
15. `lastlog` - reports the most recent login of all users or of a given user
16. `chfn` - change real user name and information
17. `chsh` - change login shell
18. `su` - change user ID or become superuser
19. `sudo` - execute a command as another user
20. `visudo` - edit the sudoers file



## 8. Managing permissions

1. `chmod` - change file mode bits
2. `chown` - change file owner and group
3. `chgrp` - change group ownership
4. `umask` - get or set the file mode creation mask
5. `passwd` - change user password
6. `su` - change user ID or become superuser
7. `sudo` - execute a command as another user
8. `visudo` - edit the sudoers file


## 9. Managing software packages

1. `apt` - command-line interface for managing packages. It is a successor of `apt-get` with more user friendly output.
2. `apt-get` - command-line interface for managing packages. It is a predecessor of `apt`, still have some features that `apt` does not have. 
3. `apt-cache` - query the APT cache
4. `apt-config` - query APT configuration
5. `dpkg` - package manager for Debian
6. `dpkg-deb` - Debian package archive (.deb) manipulation tool
7. `dpkg-query` - a tool to query the dpkg database
8. `dpkg-reconfigure` - reconfigure an already installed package
9. `dpkg-divert` - override a package's version of a file
10. `dpkg-statoverride` - override ownership and mode of files
11. `dpkg-preconfigure` - let packages ask questions prior to their installation
12. `aptitude` - high-level interface to the package manager
13. `apt-file` - search for files within Debian packages
14. `apt-mark` - show, set and unset various settings for a package (from package "apt")
15. `apt-listchanges` - show changelog entries of Debian packages (from package "apt-listchanges")
16. `apt-listbugs` - list critical bugs before each package installation (from package "apt-listbugs")
17. `apt-secure` - apt security extension (from package "apt", run in form of sub command `apt secure`)
18. `apt-show-versions` - lists available package versions with distribution (from package "apt-show-versions")
19. `apt-cdrom` - APT CD-ROM management utility

## 10. Managing services

1. `systemctl` - control the systemd system and service manager
2. `service` - run a System V init script
3. `chkconfig` - updates and queries runlevel information for system services
4. `update-rc.d` - install and remove System-V style init script links
5. `rcconf` - Debian Runlevel configuration tool



## 11. Managing storage

1. `df` - report file system disk space usage
2. `du` - estimate file space usage
3. `mount` - mount a file system
4. `umount` - unmount file systems
5. `fsck` - check and repair a Linux file system
6. `mkfs` - build a Linux file system
7. `mkswap` - set up a Linux swap area
8. `swapon` - enable devices and files for paging and swapping
9. `swapoff` - disable devices and files for paging and swapping
10. `parted` - a partition manipulation program
11. `fdisk` - manipulate disk partition table
12. `gdisk` - interactive GUID partition table (GPT) manipulator
13. `sfdisk` - partition table manipulator for Linux
14. `lsblk` - list block devices
15. `blkid` - locate/print block device attributes
16. `mountpoint` - see if a directory or file is a mountpoint
17. `findmnt` - find a filesystem
18. `lsof` - list open files
19. `fuser` - identify processes using files or sockets
20. `hdparm` - get/set SATA/IDE device parameters
21. `smartctl` - control and monitor utility for SMART disks
22. `mdadm` - manage MD devices aka Linux Software RAID
23. `dmidecode` - DMI table decoder
24. `lshw` - list hardware
25. `lspci` - list all PCI devices
26. `lsusb` - list USB devices
27. `lsscsi` - list SCSI devices (or hosts) and their attributes


## 12. Managing system logs

1. `journalctl` - query the systemd journal
2. `dmesg` - print or control the kernel ring buffer
3. `logger` - a shell command interface to the syslog system log module
4. `logrotate` - rotates, compresses, and mails system logs
5. `logsave` - save the output of a command in a logfile
6. `rsyslogd` - reliable and extended syslogd
7. `syslogd` - system log daemon



## 13. Managing the network

 1.	 `ip` - show / manipulate routing, devices, policy routing and tunnels
 2.	 `ifconfig` - configure a network interface. This command may be deprecated. Use `ip` instead.
 3.	 `route` - show / manipulate the IP routing table
 4.	 `traceroute` - print the route packets trace to network host
 5.	 `mtr` - a network diagnostic tool
 6.	 `ping` - send ICMP ECHO_REQUEST to network hosts
 7.	 `arp` - manipulate the system ARP cache
 8.	 `arping` - send ARP REQUEST to a neighbour host
 9.	 `dig` - DNS lookup utility
10.	 `host` - DNS lookup utility
11.	 `nslookup` - query Internet name servers interactively
12.	 `netstat` - Print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships
13.	 `ss` - another utility to investigate sockets
14.	 `tcpdump` - dump traffic on a network
15.	 `wireshark` - network traffic analyzer
16.	 `nmap` - Network exploration tool and security / port scanner
17.	 `nc` - arbitrary TCP and UDP connections and listens
18.	 `telnet` - user interface to the TELNET protocol
19.	 `ssh` - OpenSSH SSH client (remote login program)
20.	 `scp` - OpenSSH secure file copy (remote file copy program)
21.	 `sftp` - OpenSSH secure file transfer (interactive file transfer program)
22.	 `ftp` - Internet file transfer program
23.	 `wget` - The non-interactive network downloader
24.	 `rsync` - a fast, versatile, remote (and local) file-copying tool
25.	 `curl` - transfer a URL
26.	 `netcat` - arbitrary TCP and UDP connections and listens
27.	 `socat` - establishes two bidirectional byte streams and transfers data between them
28.	 `iptables` - administration tool for IPv4 packet filtering and NAT
29.	 `ip6tables` - administration tool for IPv6 packet filtering and NAT
30.	 `firewalld` - dynamic firewall daemon
31.	 `ufw` - program for managing a netfilter firewall
32.	 `nft` - administration tool for nftables
33.	 `nftables` - packet filtering and classification framework
34.	 `tcpd` - access control facility for internet services
35.	 `tcpdmatch` - test whether a host or a network address matches the access control rules
36.	 `tcpdchk` - check the tcp wrapper configuration file


### Understand IP addresses, network masks and CIDR notation

1. IP address

IP address is a unique address that identifies a device on the internet or a local network. It is a 32-bit number that is usually represented in dotted decimal notation. For example, `192.168.0.1` is an IP address.

IP addresses are divided into two parts: network part and host part. The network part identifies a network and the host part identifies a device on the network. The network part is determined by the network mask. The host part is determined by the IP address itself. 

For example, A address `192.168.0.1` may have the following networks: 
- `192.x.x.x` if the network mask is `255.0.0.0`. This is a class A network. The `x` represents the host part of the IP address.
- `192.168.x.x` if the network mask is `255.255.0.0`. This is a class B network.
- `192.168.0.x` if the network mask is `255.255.255.0`. This is a class C network. 

2. Network mask

Network masks can be written in dotted decimal notation or CIDR notation. For example: 

| Network mask | CIDR notation | Binary Mask |
| --- | --- | --- |
| 255.0.0.0 | /8 | 11111111.00000000.00000000.00000000 |
|255.255.0.0 | /16 | 11111111.11111111.00000000.00000000 |
|255.255.255.0 | /24 | 11111111.11111111.11111111.00000000 |
|255.255.255.128 | /25 | 11111111.11111111.11111111.10000000 | 
|255.255.255.192 | /26 | 11111111.11111111.11111111.11000000 |
|255.255.255.198 | /27 | 11111111.11111111.11111111.11100000 |
|255.255.255.240 | /28 | 11111111.11111111.11111111.11110000 |
|255.255.255.252 | /30 | 11111111.11111111.11111111.11111100 |

From this table we can see that the network mask is a binary number that has `n` leading `1`s and `32-n` trailing `0`s. `n` is the number of bits in the network part of the IP address. Decimal representation of the network mask is obtained by converting the binary number to decimal.
CIDR notation is a shorthand for writing network masks. It is written as `/n` where `n` is the number of bits in the network part of the IP address. For example, `/8` means the network mask has 8 leading `1`s and 24 trailing `0`s.


### Tools for transferring files between computers

1. `rsync` - a fast, versatile, remote (and local) file-copying tool. Many features for syncing files between computers.
2. `scp` - OpenSSH secure file copy (remote file copy program). Lightweight tool for copying files between computers.
3. `sftp` - OpenSSH secure file transfer (interactive file transfer program). Lightweight tool for transferring files between computers.
4. `fpsync` - synchronize files using rsync and fpart. It is a wrapper around rsync and fpart. It is useful for syncing large files or large number of files.

## 14. Managing the firewall

1. `iptables` - administration tool for IPv4 packet filtering and NAT
2. `ip6tables` - administration tool for IPv6 packet filtering and NAT
3. `firewalld` - dynamic firewall daemon
4. `ufw` - program for managing a netfilter firewall
5. `nft` - administration tool for nftables
6. `nftables` - packet filtering and classification framework

### Understand the concept of firewall

A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted internal network and untrusted external network, such as the Internet. 

Firewall works by inspecting packets and determining whether they should be allowed through or not, based on rules that you define which usually specify source IP address, destination IP address, source port, destination port, protocol, etc. 

Network ports are the communication endpoints for network applications. A port number is a 16-bit unsigned integer, thus ranging from 0 to 65535. 
Network protocols use port numbers  together with the IP address to send and receive data. For example, HTTP uses port 80, HTTPS uses port 443, SSH uses port 22, etc.

`iptables` is a firewall utility that is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. It is the most widely used firewall utility in Linux. It is a command-line utility. It is very powerful and flexible. It is also very complex and difficult to use. 

`iptables` organizes its rules into the following tables:
- `filter` - used for packet filtering. It is the default table.
- `nat` - used for network address translation (e.g. port forwarding).
- `mangle` - used for specialized packet alteration.
- `raw` - used for configuring exemptions from connection tracking.
- `security` - used for Mandatory Access Control networking rules.





## 15. Managing the kernel

1. `uname` - print system information
2. `dmesg` - print or control the kernel ring buffer
3. `lsmod` - show the status of modules in the Linux Kernel
4. `modinfo` - show information about a Linux Kernel module
5. `modprobe` - add and remove modules from the Linux Kernel
6. `insmod` - simple program to insert a module into the Linux Kernel
7. `rmmod` - simple program to remove a module from the Linux Kernel
8. `depmod` - program to generate modules.dep and map files
9. `kmod` - program to manage Linux Kernel modules
10. `sysctl` - configure kernel parameters at runtime
11. `sysctl.d` - configure kernel parameters at boot
12. `sysfs` - a virtual file system that exports information about various kernel subsystems, hardware devices, and associated device drivers from the kernel's device model to user space through virtual files
13. `procfs` - a virtual file system that presents information about processes and other system information in a hierarchical file-like structure



## 16. Managing the boot process

1. `systemd` - a system and service manager for Linux
2. `systemctl` - control the systemd system and service manager
3. `systemd-analyze` - analyze and debug system manager
4. `systemd-boot` - simple UEFI boot manager
5. `systemd-cgls` - show systemd cgroups in a tree
6. `systemd-cgtop` - show systemd cgroups in a top-like format
7. `systemd-delta` - find overridden configuration files
8. `systemd-detect-virt` - detect execution in a virtualized environment
9. `systemd-escape` - escape strings for usage in systemd unit names
10. `systemd-hwdb` - hardware database management tool
11. `systemd-inhibit` - execute a program with an inhibition lock taken
12. `systemd-machine-id-setup` - initialize the machine ID in /etc/machine-id
13. `systemd-notify` - notify service manager about start-up completion and other daemon status changes
14. `systemd-path` - convert paths between various different representations
15. `systemd-resolve` - Resolve domain names, IPV4 and IPv6 addresses, DNS resource records, and services with the systemd-resolved.service
16. `systemd-run` - run programs in transient scope or service units
17. `systemd-socket-proxyd` - Bidirectionally proxy local sockets to another address
18. `systemd-stdio-bridge` - Bridge between stdin/stdout and a socket
19. `systemd-sysusers` - Allocate system users and groups
20. `systemd-tmpfiles` - Create, delete and clean up volatile and temporary files and directories
21. `systemd-tty-ask-password-agent` - Listens for password read requests from the system and shows a password prompt on the system console
22. `systemd-umount` - unmount file systems
23. `systemd-mount` - mount file systems

## 17. Managing the system clock

1. `date` - print or set the system date and time
2. `hwclock` - query and set the hardware clock (RTC)
3. `timedatectl` - control the system time and date
4. `ntpdate` - set the date and time via NTP
5. `ntpd` - Network Time Protocol (NTP) daemon
6. `ntpq` - standard NTP query program
7. `ntptime` - read kernel time variables
8. `ntpstat` - show network time synchronisation status
9. `chronyc` - command-line interface for chrony daemon
10. `chronyd` - chrony daemon
11. `chrony.conf` - chrony configuration file
12. `tzselect` - view time zone information
13. `tzdata` - time zone and daylight-saving time data
14. `tzdata-update` - update time zone information
15. `tzdata-zdump` - timezone dumper


## 18. Managing the hardware

1. `lshw` - list hardware
2. `lspci` - list all PCI devices
3. `lsusb` - list USB devices
4. `lsscsi` - list SCSI devices (or hosts) and their attributes
5. `lsblk` - list block devices
6. `blkid` - locate/print block device attributes
7. `hdparm` - get/set SATA/IDE device parameters
8. `smartctl` - control and monitor utility for SMART disks
9. `dmidecode` - DMI table decoder
10. `hwinfo` - probes for the hardware present in the system
11. `inxi` - a full featured system information script
12. `lsdev` - list devices
13. `lspnp` - list PnP devices
14. `lshal` - list HAL devices
15. `lscpu` - display information about the CPU architecture
16. `lsipc` - show information on IPC facilities currently employed in the system
17. `lslogins` - display information about known users in the system
18. `lsns` - list information about active namespaces


# More advanced topics

1. setuid, setgid, and the Sticky Bit
2. File system quotas
3. File system permissions
4. File system attributes
5. File system journaling
6. File system encryption
7. File system compression
8. File system snapshots
9. File system backups
10. File system recovery
11. File system integrity
12. File system monitoring
13. File system tuning
14. File system benchmarking
15. File system virtualization


## 1. setuid, setgid, and the Sticky Bit

1. `chmod` - change file mode bits
2. `chown` - change file owner and group
3. `chgrp` - change group ownership
4. `umask` - get or set the file mode creation mask
5. `passwd` - change user password
6. `su` - change user ID or become superuser
7. `sudo` - execute a command as another user
8. `visudo` - edit the sudoers file

### Understand the concept of setuid, setgid, and the Sticky Bit

1. setuid
setuid is a special permission that can be assigned to executable files. It allows the executable file to run as the owner of the file. For example, if the owner of the file is `root`, then the executable file will run as `root` even if it is executed by a normal user. 

The safe use of setuid is very important. If an executable file has setuid permission and it is owned by `root`, then it can be used to gain root access to the system.
It is safe to use setuid if either by normal user or if owned by `root` and the executable file is not writable by normal users. `setuid`-ed executables also must not call anything with relative paths, as this can be used to trick the program into executing something else. 

Common valid programs with setuid permission:
- `passwd` - change user password
- `su` - change user ID or become superuser
- `sudo` - execute a command as another user


## 2. File system quotas

Disk quotas is a feature of the Linux kernel that allows the system administrator to allocate a maximum amount of disk space a user or group may use. It is a very useful feature for multi-user systems. It prevents users from using too much disk space. It also prevents users from filling up the disk and causing problems for other users.

1. `quota` - display disk usage and limits
2. `edquota` - edit user quotas
3. `repquota` - summarize quotas for a filesystem
4. `quotaon` - turn filesystem quotas on and off
5. `quotaoff` - turn filesystem quotas on and off
6. `quotacheck` - scan a filesystem for disk usage, create, check and repair quota files
7. `quota_nld` - quota netlink message daemon
8. `quota_nld_selinux` - Security Enhanced Linux Policy for the quota_nld processes
9. `quota_selinux` - Security Enhanced Linux Policy for the quota processes
10. `quotastats` - quota statistics
11. `quota-tools` - Linux quota management tools
12. `quota-warnquota` - send mail to users over quota
13. `xfs_quota` - administer XFS quotas
14. `xfs_quota_selinux` - Security Enhanced Linux Policy for the xfs_quota processes


You may need to install the following packages to use the tools for quota management: 
- `quota` - display disk usage and limits
- `quota-tools` - Linux quota management tools
- `xfsprogs` - Utilities for managing the XFS filesystem


## 3. File system permissions

File system permissions are used to control who can read, write, and execute files and directories. They are very important for the security of the system.

These are the tools you may use to manage file system permissions:

1. `chmod` - change file mode bits
2. `chown` - change file owner and group
3. `chgrp` - change group ownership
4. `umask` - get or set the file mode creation mask
5. `passwd` - change user password
6. `su` - change user ID or become superuser
7. `sudo` - execute a command as another user
8. `visudo` - edit the sudoers file

### Understand the concept of file system permissions

Permissions are assigned to three classes of users: `owner`, `group`, and `others`. 

- `owner` (shorthand `u` from '**u**ser'): The owner is the user who owns the file or directory. 
- `group` (shorthand `g`): The group is the group of users who have access to the file or directory.
- `others` (shorthand `o`): Others are users who are neither the owner nor in the group.

There are three types of permissions: `read`, `write`, and `execute`. 
- **Read**(shorthand `r`): permission allows the user to read the file or directory.
- **Write**(shorthand `w`): permission allows the user to write to the file or directory.
- **Execute**(shorthand `x`): permission allows the user to execute the file or access the directory.


You may see the following characters in the output of `ls -l` command: 

| Character | Meaning |
| --- | --- |
| `-` | no permission |
| `r` | read permission |
| `w` | write permission |
| `x` | execute permission |
| `s` | setuid or setgid permission |
| `t` | sticky bit permission |
| `S` | setuid or setgid permission without execute permission |
| `T` | sticky bit permission without execute permission |
| `d` | directory |
| `l` | symbolic link |
| `c` | character device |
| `b` | block device |
| `p` | named pipe |
| `s` | socket |

The permission representation showed by `ls` 10 characters in this format from left to right: 
| 1| 2 - 4 | 5 - 7 | 8 - 10 |
| --- | --- | --- | --- |
| file type | owner permission | group permission | other permission |


For example: 

```
$ ls -l /bin/ls
-rwxr-xr-x 1 root root 133464 Nov  6  2023 /bin/ls

```
**It is important to the fixed order of `r`, `w`, and `x` in the following order: `rwx` in a group.**

The permission `-rwxr-xr-x` is always 10 characters, is read from left to right, in groups of 1, 3, 3, and 3 characters: 

- Character 1 for file type: `-` (file), `d` (directory), `l` (symbolic link), `c` (character device), `b` (block device), `p` (named pipe), `s` (socket).
- Character 2-4: Owner permission. In this case, `rwx` is read, write, and execute for owner.
- Character 5-7: Group permisison. In this case, `r-x` is read and execute for group.
- Character 8-10: Other permission. In this case, `r-x` is read and execute for others.


```
$ ls -l /tmp
drwxrwxrwt  2 root root  4096 Dec  1 15:00 /tmp
```
The permission `drwxrwxrwt` is read from left to right, in groups of 1, 3, 3, and 3 characters: `d`, `rwx`, `rwx`, `rwx`. The first character `d` means it is a directory. The first group of 3 characters `rwx` means the owner has read, write, and execute permissions. The second group of 3 characters `rwx` means the group has read, write, and execute permissions. The third group of 3 characters `rwt` means others have read, write, and execute permissions. The last character `t` means the sticky bit is set.



### Setting file system permissions

`chmod` is used to change file system permissions. It can be used to set permissions for owner, group, and others. It can also be used to set permissions for multiple classes of users at the same time.

`chmod` can be used in two ways:

1. Symbolic mode

```bash
chmod [-R] [ugoa...][[+-=][rwxX]...][,...] file...
# -R means recursive. It is used to set permissions for files and directories to all files and subdirectories under the directory. 
# Example:
chmod u=rwx,g=rx,o=rx /tmp/myfile # set user to rwx, group and others to rx
chmod a=rwx /tmp/myfile # set all to rwx
chmod u=rwx,go=rx /tmp/myfile # set user to rwx, group and others to rx
chmod u=rwx,go= /tmp/myfile # set user to rwx, group and others to nothing
chmod og-rwx /tmp/myfile # remove rwx from group and others
chmod a+x /tmp/myfile # add execute permission to all
chmod a-x /tmp/myfile # remove execute permission from all
chmod a=rwx /tmp/myfile # set all to rwx
chmod u+x,g=rw,o-rwx /tmp/myfile # add read and write permission, set rw for group, remove all for others

```

2. Absolute mode

The mode is an octal number. It is a 3-digit number. Each digit represents the permission for owner, group, and others respectively.

| Octal | Binary | Character | Permission |
|--- | --- | --- | --- |
| 0 | 000 | --- | no permission |
| 1 | 001 | --x | execute permission |
| 2 | 010 | -w- | write permission |
| 3 | 011 | -wx | write and execute permission |
| 4 | 100 | r-- | read permission |
| 5 | 101 | r-x | read and execute permission |
| 6 | 110 | rw- | read and write permission |
| 7 | 111 | rwx | read, write, and execute permission |


```bash
chmod [-R] [mode] file...
chmod 755 /tmp/myfile # set user to rwx, group to rx, others to rx
chmod 777 /tmp/myfile # set all to rwx
chmod 750 /tmp/myfile # set user to rwx, group to rx, others to nothing
chmod 660 /tmp/myfile # set user to rw, group to rw, others to nothing
```

### Setting file system permissions with ACL

ACL stands for Access Control List. It is an extension of the standard file system permissions. It allows you to set permissions for multiple users and groups. It is more flexible than standard file system permissions.

ACL is enabled by default on most Linux distributions. You can check if ACL is enabled with the following command:

```bash
$ mount | grep acl
/dev/sda1 on / type ext4 (rw,relatime,errors=remount-ro,acl)
```


## 4. File system attributes


## 5. File system journaling


## 6. File system encryption


## 7. File system compression


## 8. File system snapshots


## 9. File system backups


## 10. File system recovery


## 11. File system integrity


## 12. File system monitoring


## 13. File system tuning


## 14. File system benchmarking


## 15. File system virtualization