DevOps

Advanced Linux

Deep dive into advanced Linux concepts: user management, permissions, process control, networking basics, and shell scripting fundamentals.

By TechCoder TeamLast updated: 2026-06-02
In a Nutshell

Deep dive into advanced Linux concepts: user management, permissions, process control, networking basics, and shell scripting fundamentals. This hands-on tutorial focuses on practical implementation of advanced linux concepts.

Advanced Linux

Building on the basics, let's explore advanced Linux concepts essential for DevOps: user management, process control, networking, and shell scripting.

User and Permission Management

Understanding Users and Groups

┌────────────────────────────────────┐
│           Linux Users               │
├────────────────────────────────────┤
│  root (UID 0) - Superuser          │
│  system users - Service accounts     │
│  regular users - Human users         │
└────────────────────────────────────┘

User Management Commands

# Add a new user
sudo useradd -m -s /bin/bash username
# -m: create home directory
# -s: specify shell

# Set password
sudo passwd username

# Add user to sudo group
sudo usermod -aG sudo username

# Create system user (for services)
sudo useradd -r -s /bin/false serviceaccount

# Delete user
sudo userdel username
sudo userdel -r username  # Remove with home directory

# List all users
cat /etc/passwd
cut -d: -f1 /etc/passwd   # Just usernames

# List all groups
cat /etc/group

Group Management

# Create group
sudo groupadd devops

# Add user to group
sudo usermod -aG devops username

# Check user's groups
groups username
id username

# Change primary group
sudo usermod -g devops username

# Remove user from group
sudo gpasswd -d username devops

Sudo and Privilege Escalation

# Edit sudoers file (use visudo!)
sudo visudo

# Common sudoers entries
username ALL=(ALL:ALL) ALL           # Full sudo access
%devops ALL=(ALL) NOPASSWD: ALL      # Group with no password
username ALL=(root) /bin/systemctl   # Specific command only

# Switch to root
sudo -i
sudo su -

# Run command as another user
sudo -u www-data whoami

Advanced File Permissions

Special Permissions

# SUID (Set User ID) - Run as file owner
chmod u+s /usr/bin/somebinary
# Symbol: -rwsr-xr-x

# SGID (Set Group ID) - Run as group, inherit group in directories
chmod g+s /shared/directory
# Symbol: drwxr-sr-x

# Sticky Bit - Only owner can delete in shared directory
chmod +t /tmp
# Symbol: drwxrwxrwt

# Set all at once
chmod 4755 file   # SUID
chmod 2755 file   # SGID
chmod 1755 dir    # Sticky Bit

Access Control Lists (ACL)

# Install ACL support
sudo apt install acl

# Get ACL
getfacl file.txt

# Set ACL for specific user
setfacl -m u:username:rwx file.txt

# Set ACL for specific group
setfacl -m g:devops:rx directory/

# Remove ACL
setfacl -x u:username file.txt

# Set default ACL (for new files in directory)
setfacl -d -m u:username:rx directory/

# Recursive ACL
setfacl -R -m g:devops:rx directory/

Process Management Deep Dive

Understanding Processes

# View process tree
pstree
ps auxf              # Forest view

# Process details
cat /proc/PID/status
cat /proc/PID/cmdline
ls -la /proc/PID/fd  # Open file descriptors

# Environment variables of process
cat /proc/PID/environ | tr '\0' '\n'

Signals and Process Control

# Common signals
kill -1 PID    # SIGHUP - Hangup (reload config)
kill -9 PID    # SIGKILL - Force kill (cannot be caught)
kill -15 PID   # SIGTERM - Graceful termination (default)
kill -18 PID   # SIGCONT - Continue stopped process
kill -19 PID   # SIGSTOP - Pause process

# Send signal
kill -SIGTERM PID
killall -9 nginx
pkill -f pattern

# Nice values (process priority)
nice -n 10 command      # Start with low priority
renice -n -5 -p PID     # Increase priority (root only)

Background Jobs and Scheduling

# Background processes
command &              # Run in background
nohup command &        # Survive terminal close
disown                 # Detach from shell

# Job control
Ctrl+Z                 # Suspend
bg %1                  # Resume in background
fg %1                  # Bring to foreground
jobs -l                # List with PIDs

# Schedule with cron
crontab -e             # Edit user crontab
crontab -l             # List crontab

# Crontab format
# min hour day month weekday command
0 2 * * * /backup.sh           # Daily at 2 AM
*/5 * * * * /health-check.sh   # Every 5 minutes
0 0 * * 0 /weekly-report.sh    # Weekly on Sunday

# System cron
ls /etc/cron.d/
ls /etc/cron.daily/
ls /etc/cron.weekly/
ls /etc/cron.monthly/

# At - one-time scheduling
at 14:00 tomorrow <<EOF
/backup.sh
EOF
atq                    # List scheduled jobs
atrm 1                 # Remove job

Systemd and Service Management

Controlling Services

# Service management
sudo systemctl start nginx
sudo systemctl stop nginx
sudo systemctl restart nginx
sudo systemctl reload nginx    # Reload config
sudo systemctl status nginx

# Enable/disable auto-start
sudo systemctl enable nginx
sudo systemctl disable nginx

# Check if enabled
systemctl is-enabled nginx

# View logs
sudo journalctl -u nginx
sudo journalctl -u nginx -f    # Follow
sudo journalctl -u nginx --since "1 hour ago"

Creating Systemd Services

# /etc/systemd/system/myapp.service
[Unit]
Description=My Application
After=network.target

[Service]
Type=simple
User=appuser
WorkingDirectory=/opt/myapp
ExecStart=/opt/myapp/start.sh
ExecStop=/opt/myapp/stop.sh
Restart=always
RestartSec=10
Environment=NODE_ENV=production

[Install]
WantedBy=multi-user.target

# Reload daemon after creating service
sudo systemctl daemon-reload
sudo systemctl enable myapp
sudo systemctl start myapp

Networking Fundamentals

Network Interface Management

# Show interfaces
ip link show
ip addr show
ip -s link                 # Show statistics

# Configure IP (temporary)
sudo ip addr add 192.168.1.100/24 dev eth0
sudo ip link set eth0 up

# Routes
ip route show
ip route add 10.0.0.0/8 via 192.168.1.1
sudo ip route del default
sudo ip route add default via 192.168.1.1

# DNS configuration
cat /etc/resolv.conf
systemd-resolve --status

Network Troubleshooting

# Connectivity testing
ping -c 4 google.com
ping6 ipv6.google.com

traceroute google.com
tracepath google.com
mtr google.com              # Combined ping + traceroute

# Port scanning
nc -zv host 80              # Netcat
nmap -p 1-1000 localhost    # Scan ports

# Connection analysis
netstat -tuln              # Listening ports
ss -tuln                   # Modern replacement
ss -s                      # Socket statistics

# Packet capture (requires sudo)
sudo tcpdump -i eth0 port 80
sudo tcpdump -i any host 192.168.1.1

# Bandwidth monitoring
iftop
nload
vnstat

Firewall (iptables/ufw/firewalld)

# UFW (Ubuntu)
sudo ufw status
sudo ufw allow 22/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enable
sudo ufw deny from 192.168.1.100

# Firewalld (RHEL/CentOS)
sudo firewall-cmd --state
sudo firewall-cmd --permanent --add-port=80/tcp
sudo firewall-cmd --reload
sudo firewall-cmd --list-all

# iptables (Low level)
sudo iptables -L -v        # List rules
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -P INPUT DROP
sudo iptables-save > /etc/iptables/rules.v4

Shell Scripting Fundamentals

Basic Script Structure

#!/bin/bash
# Script description
# Author: Name
# Date: 2024

set -euo pipefail    # Strict mode: exit on error, undefined vars, pipefail

# Variables
NAME="World"
readonly PI=3.14159   # Constant

# Functions
greet() {
    local name=$1    # Local variable
    echo "Hello, $name!"
}

# Main execution
main() {
    greet "$NAME"
}

main "$@"

Control Structures

# Conditionals
if [ -f "$file" ]; then
    echo "File exists"
elif [ -d "$dir" ]; then
    echo "Directory exists"
else
    echo "Not found"
fi

# File tests
[ -e file ]      # Exists
[ -f file ]      # Regular file
[ -d dir ]       # Directory
[ -r file ]      # Readable
[ -w file ]      # Writable
[ -x file ]      # Executable
[ -s file ]      # Non-zero size

# String tests
[ -z "$str" ]    # Empty string
[ -n "$str" ]    # Non-empty
[ "$a" = "$b" ]  # Equal
[ "$a" != "$b" ] # Not equal

# Numeric tests
[ "$a" -eq "$b" ]  # Equal
[ "$a" -ne "$b" ]  # Not equal
[ "$a" -lt "$b" ]  # Less than
[ "$a" -gt "$b" ]  # Greater than

# Loops
for i in 1 2 3 4 5; do
    echo $i
done

for file in *.txt; do
    echo "Processing: $file"
done

for ((i=0; i<10; i++)); do
    echo $i
done

while [ "$count" -lt 10 ]; do
    echo $count
    ((count++))
done

until [ "$count" -ge 10 ]; do
    echo $count
    ((count++))
done

# Case statement
case "$var" in
    start)
        echo "Starting..."
        ;;
    stop)
        echo "Stopping..."
        ;;
    restart)
        echo "Restarting..."
        ;;
    *)
        echo "Unknown command"
        ;;
esac

Useful Scripting Patterns

# Command substitution
date_string=$(date +%Y-%m-%d)
files=$(ls *.txt)

# Arithmetic
result=$((a + b))
((counter++))

# Arrays
declare -a fruits=("apple" "banana" "cherry")
echo "${fruits[0]}"      # apple
echo "${fruits[@]}"      # All elements
echo "${#fruits[@]}"     # Array length
fruits+=("date")         # Add element

# Associative arrays (bash 4+)
declare -A user
user[name]="John"
user[age]=30
echo "${user[name]}"

# Error handling
cmd || { echo "Command failed"; exit 1; }
cmd && echo "Success" || echo "Failed"

# Trap signals
trap 'echo "Interrupted"; exit 1' INT TERM
trap cleanup EXIT

# Logging
log() {
    echo "[$(date '+%Y-%m-%d %H:%M:%S')] $*" | tee -a /var/log/myscript.log
}

# Check if running as root
if [[ $EUID -ne 0 ]]; then
   echo "This script must be run as root"
   exit 1
fi

Quiz

Quiz

Question 1 of 5

What does the 'set -euo pipefail' option do in a bash script?

Enables debugging mode
Exits on error, treats unset variables as errors, and catches pipeline failures
Disables all error checking
Sets the script to run in background

Next Steps

With a solid Linux foundation, let's move on to networking basics essential for DevOps engineers.