Module 1 - Accessing the Command Line
- The BASH Shell
- Virtual Consoles
- Shell Basics
- Terminology
- The GNOME Desktop Environment
- Workspaces
- Starting a Terminal
- Locking the Screen/Shutting Down
- Lab 1 - Changing Password
- Basic Command Syntax
- Examples of Simple Commands
- Command History
- Editing the Command Line
- Lab 2 - Using Commands
The BASH Shell (Back to Index)
- The Linux command line is provided by a program called the shell
- Default shell for users in RHEL is the GNU Bourne-Again Shell (bash)
$indicates a normal user,#indicates the root user- Bash provides a scripting language - supports automation of tasks
Virtual Consoles (Back to Index)
- Users access the bash shell via terminal
- Terminal provides keyboard for input and display for output. Can be configured through serial ports
- A Linux machine's physical console supports multiple virtual consoles - act like separate terminals. Each virtual console supports an independent login session
- If GUI is available, it runs on the first virtual console on RHEL 7
- With GUI running, access a text login prompt on a virtual console by pressing Ctrl+Alt and pressing a function key
Shell Basics (Back to Index)
- Commands entered at the shell prompt have three basic parts:
- Command to run
- Options to adjust the behaviour of the command
- Arguments which are typically targets of the command
The command is the name of the program to run. Might be followed by one or more options. Options adjust the behaviour of the command - normally start with one or two dashes
Arguments often indicate a target that the command should operate on
Most commands have a --help or -h option. Usage statements have a few basic conventions
| Symbols | Description |
|---|---|
[] |
Surround optional items |
<something>.. |
represents an arbitrary length list of items of that type |
| item 1 pipe item 2 | Means only one of them can be specified |
<filename> |
Represents variable data |
When a user is finished using the shell, use the exit command to terminate the current shell session or press CTRL+D
Terminology (Back to Index)
| Description | Term |
|---|---|
| The interpreter that executes commands typed as strings | Shell |
| The visual cue that indicates an interactive shell is waiting for the user to type a command | Prompt |
| The name of a program to run | Command |
| The part of the command line that adjusts the behaviour of a command | Option |
| The part of the command line that specifies the target that the command should operate on | Argument |
| The hardware display and keyboard used to interact with a system | Physical console |
| One of multiple logical consoles that can each support an independent login session | Virtual console |
| An interface that provides a display for output and a keyboard for input to a shell session | Terminal |
The GNOME Desktop Environment (Back to Index)
The desktop environment is the GUI on a Linux system. Default desktop environment in RHEL 7 is provided by GNOME 3 - provided by X Windows System
By default, RHEL 7 uses the GNOME Classic theme for gnome-shell. Help can be quickly started by pressing F1 in gnome-shell, by selecting Applications --> Documentation --> Help or by running the yelp command
Workspaces (Back to Index)
Workspaces are seperate desktop screens which have different application windows. Three methods for switching between them:
1. Clicking the indicator in the right corner of the window list
2. CTRL+ALT+UpArrow` or `CTRL+ALT+DownArrow
3. Switch to Activities Overview
Advantage of Activities Overview - windows can be clicked and dragged between
Starting a Terminal (Back to Index)
To get a shell prompt in GNOME, start a terminal application such as GNOME terminal. Three most commonly used methods:
1. Applications --> Utilities --> Terminal
2. Right-click and select Open in Terminal from context menu
3. From Activities Overview, select Terminal from the dash
Locking the Screen/Shutting Down (Back to Index)
To lock the screen, select (User) --> Lock or press CTRL+ALT+L To unlock the screen, press Enter or Space
To shut down, select (User) --> Power Off or press CTRL+ALT+DEL
Lab 1 - Changing Password (Back to Index)
Please refer to Activities for the lab exercises
Basic Command Syntax (Back to Index)
The GNU Bourne-Again Shell(BASH) is a program that interprets commands typed in by the user. Each command is typed on a separate line and the output from each displays before the shell displays a prompt. To type more than one command on a line, use the ;symbol as a command separator
The semicolon is in a class of characters called metacharacters that has special meanings for BASH
Examples of Simple Commands (Back to Index)
The date command displays current date and time - used by root to set the system clock. An argument that begins with + specifies a format string for date
The passwd command changes a user's own password. Root can use the passwd command to change other user's passwords
Linux does not require file name extensions to classify files. The file command scans the beginning of a file's content and displays what type it is
The head command displays the top 10 lines automatically. The tail command displays the bottom 10 lines. Both have the -n option to specify a number of lines
The wc comand counts lines, words and chars in a file. Takes a -l, -w or -c option to display only lines, words and chars respectively
Arguments and options can be matched with tab completion for MANY commands. The useradd command is used by root to create additional users on the system. It has many options. Tab completion following a partial option can be utilized
Command History (Back to Index)
The history command displays a list of previously executed commands prefixed via number. The ! character is used to expand previous commands without retyping. The !3 command would run the 3rd last command entered. The !ls command would expand to the most recent command that begins with ls
Can also use arrow keys to navigate previous commands. The Esc+. key combination causes the shell to copy the last word of the previous command.
Editing the Command Line (Back to Index)
| Shortcut | Description |
|---|---|
CTRL+A |
Jump to beginning of command |
CTRL+E |
Jump to end of command |
CTRL+U |
Clear from cursor to the beginning of command |
CTRL+K |
Clear from cursor to end of command |
CTRL+LEFT |
Jump to beginning of previous word on CL |
CTRL+RIGHT |
Jump to end of next word on CL |
CTRL+R |
Search history of commands for pattern |
Lab 2 - Using Commands (Back to Index)
Please refer to Activities for the lab exercises
Module 2 - Managing Files from the Command Line
- The File System Hierarchy
- File System Hierarchy Review
- Absolute Paths and Relative Paths
- Navigating Paths
- Paths Review
- Command-Line File Management
- Lab 3 - File Management
- File Globbing: Path Name Expansion
- File Globbing Review
- Lab 4 - Managing Files with Shell Expansion
The File System Hierarchy (Back to Index)
All files on Linux are stored on file systems which are organized into a single inverted tree known as a file system hierarchy. The root of the tree is at the top and the branches stretch below
The top directory is the root (/) directory. Subdirectories of / are used for standardized purposes to organize files by type and purpose. The following terms are encountered in describing file system directory contents:
- Static is content that remains unchanged until explicitly edited or reconfigured
- Dynamic or variable is content typically modified or appended by active processes
- Persistent is content, particularly configuration settings, that remain after a reboot
- Runtime is a process or system specific content or attributes cleared during reboot
The following table lists some of the most important directories on the system by name and purpose:
| Location | Purpose |
|---|---|
| /usr | Installed software, shared libraries, include files, and static read-only program data. Important subdirectories are /usr/bin which contains user commands, /usr/sbin which contains system administration commands and /usr/local which contains locally customized software. |
| /etc | Configuration files specific to this system |
| /var | Variable data specific to this system that should persist between boots. Files that dynamically change (e.g. databases, cache directories, log files, printer-spooled documents and website content) may be found here |
| /run | Runtime data for processes started since the last boot. This includes process ID files and lock files, among other things. The contents of this directory are recreated on reboot |
| /home | Home directories where regular users store their personal data and configuration files |
| /root | Home directory for the administrative superuser, root |
| /tmp | A world-writable space for temporary files. Files which have not been accessed, changed or modified for 10 days are deleted from here automatically. Another temporary directory exists /var/tmp in which files that have not been accessed, changed, or modified in more than 30 days are deleted automatically |
| /boot | Files needed in order to start the boot process |
| /dev | Contains special device files which are used by the system to access hardware |
In RHEL 7, four older directories in / now have identical contents as their counterparts located in /usr:
- /bin and /usr/bin
- /sbin and /usr/sbin
- /lib and /usr/lib
- /lib64 and /usr/lib64
In older versions of RHEL, these were distinct directories containing different sets of files. In RHEL 7, the directories in / are symbolic links to the matching directories in /usr
File System Hierarchy Review (Back to Index)
| Directory Purpose | Location |
|---|---|
| This directory contains static, persistent system configuration data | /etc |
| This is the system's root directory | / |
| User home directories are located under this directory | / home |
| This is the root account's home directory | /root |
| This directory contains dynamic configuration data such as FTP and websites | /var |
| Regular user commands and utilities are located here | /usr/bin |
| System administration binaries, for root user, are here | /usr/sbin |
| Temporary files are stored here | /tmp |
| Contains dynamic, non-persistent application runtime data | /run |
| Contains installed software programms and libraries | /usr |
Absolute Paths and Relative Paths (Back to Index)
The path of a file or directory specifies its unique file system location
An absolute path is a fully qualified name, beginning at the root directory and specifying each subdirectory traversed. Every absolute path will start with /. When a user logs in and opens a terminal, the initial location is normally the user's home directory. System processes also have an initial directory
Users and processes navigate to other directories as needed; the terms working directory or current working directory refer to their current location
A relative path identifies a unique file, specifying only the path necessary to reach the file from the working directory
For standard Linux file systems, the path name of a file, including all / characters may be no more than 4095 bytes long. Each component of the path name seperated may be no more than 255 bytes long. File names can use any UTF-8 encoded Unicode chararacter EXCEPT / and the NUL character
Linux file systems - ext4, XFS, BTRGS, GFS2 and GlusterFS - are case sensitive in terms of filenames. The VFAT file system is NOT case-sensitive. However, VFAT along with Microsoft's NTFS and Apple's HFS+ has case preserving behaviour
Navigating Paths (Back to Index)
The pwd command displays the full path name of the current location. The ls command lists directory contents for specified or current directory
Use the cd command to change directories. Can use absolute or relative paths
At any time, return to the user's home directory using cd without any destination
The touch command normally updates a file's timestamp to the current data and time without otherwise modifying it. Useful for creating empty files. The ls command has multiple options for displaying attributes on files - most common being -l for long listing, -a for including hidden files, and -R for recursive to include contents of all subdirs
File names beginning with a dot indicate files hidden from normal view using ls and other commands. Hidden files keep necessary user configuration files from cluttering home directories. Many commands process hidden files only with specific command-line options, preventing one user's configuration from being accidentally copied to other directories
The cd command has many options. The cd - command changes to the previous directory. The cd .. command uses the .. hidden directory to move up one level to the parent directory
Paths Review (Back to Index)
| Action to accomplish | Command |
|---|---|
| List the current user's home directory (long format) in simplest syntax, when it is not the current location | ls - l ~ |
| Return to the current user's home directory | cd |
| Determine the absolute path name of the current location | pwd |
| Return to the most previous working directory | cd - |
| Move up two levels from the current location | cd ../.. |
| List the current location (long format) with hidden files | ls -al |
| Move to the binaries location, from any current location | cd /bin |
| Move up to the parent of the current location | cd .. |
| Move to the binaries location, from the root directory | cd bin |
Command-Line File Management (Back to Index)
File management involves creating, deleting, copying and moving files. Additionally, directories can be created, deleted, copied and moved to help organize files logically
| Activity | Single Source | Multiple Sources |
|---|---|---|
| Copy File | cp file1 file2 | cp file1 file2 file3 dir (4) |
| Move File | mv file1 file2 (1) | mv file1 file2 file3 dir (4) |
| Remove File | rm file1 | rm -f file1 file2 file3 (5) |
| Create directory | mkdir dir | mkdir -p par1/par2/dir (6) |
| Copy directory | cp -r dir1 dir2 (2) | cp -r dir1 dir2 dir3 dir4 (4) |
| Move directory | mv dir1 dir2 (3) | mv dir1 dir2 dir3 dir4 (4) |
| Remove directory | rm -r dir1 (2) | rm -rf dir1 dir2 dir3 (5) |
| Remove empty directory | rmdir dir1 | rmdir -p dir1/dir2/dir3 |
| SuperScript | Note |
|---|---|
| (1) | The result is a rename |
| (2) | The "recursive" option is required to process a source directory |
| (3) | If dir2 exists, the result is a move. If dir2 doesn't exist, the result is a rename |
| (4) | The last argument must be a directory |
| (5) | Use caution with "force" option; you will NOT be prompted to confirm your action |
| (6) | Use caution with "create parent" option; typing errors are NOT caught |
The mkdir command creates one or more directories - generates errors if file name already exists. The -p option creates missing parent directories for requested destination - accidental spelling errors create unintended directories without error messages
The cp command copies one or more files to become new, independent files. Can copy existing file to new file in current/other directory or copy multiple files into another directory. If new file name is NOT unique, it overwrites existing file. When copying multiple files with one command, last argument MUST be a directory. Multiple cp commands ignore directories specified as a source. Copying non-empty directories, with contents, requires the -r option
The mv command renames files or relocates files. Files moved to different file system require creating new file by copying source file, and deleting source file.
The rm deletes files but NOT directories. To delete directories, use the -r option. Using -i interactively prompts for each deletion. The rmdir command deletes empty directories.
Lab 3 - File Management (Back to Index)
Please refer to Activities for the lab exercises
File globbing - Path Name Expansion (Back to Index)
BASH has a path name-matching capability historically called globbing which makes managing large numbers of files easier by using meta-characters that expand to match file and path names being sought
Globbing is a shell command-parsing operation that expands a wildcard pattern into a list of matching path names. Patterns - especially square-bracketed character classes - that do not return matches display the original pattern request as literal text
| Pattern | Matches |
|---|---|
* |
Any string of zero or more characters |
? |
Any single character |
~ |
The current user's home directory |
~username |
User's home directory |
~+ |
The current working directory |
~- |
The previous working directory |
[abc...] |
Any one character in the enclosed class |
[!abc...] |
Any one character NOT in the enclosed class |
[^abc...] |
Any one character NOT in the enclosed class |
[[:alpha:]] |
Any alphabetic character |
[[:lower:]] |
Any lower-case character |
[[:upper:]] |
Any upper-case character |
[[:alnum:]] |
Any alphabetic character or digit |
[[:punct:]] |
Any printable character not a space or alphanumeric |
[[:digit:]] |
Any digit 0-9 |
[[:space:]] |
Any one whitespace character (tabs, newline, carriage returns, space) |
Note |
pre-set POSIX character class; adjusts for current locale |
The tilde character (~) when followed by a slash delimiter matches the current user's home directory. When followed by a string of characters up to a slash, it is interpreted as the username
Brace expansion is used to generate discretionary strings of characters. Braces contain a comma-separated list of strings, or a sequence expression. Brace expansions may be nested one inside another
Command substitution allows the output of a command to replace the command itself. Occurs when command is enclosed with beginning dollar sign and brackets or with backticks
The backticks have two disadvantages - easy to visually confused and cannot be nested inside backticks
Many characters have special meaning in the BASH shell. To ignore special meanings, quoting and escaping can be used. The / is an escape character protecting the single character following it from special interpretation.
To protect longer strings, single or double quotes can be used. Using double quotes still allows command and variable substitution. Variable substitution is conceptually identical to command substitution but may use optional brace syntax
Use single quotes to interpret all text literally. Besides suppressing globbing and shell expansion, quotations direct the shell to additionally suppress command and variable substitution. The question mark is a meta-character that also needed protection from expansion
File Globbing Review (Back to Index)
| Requested match to find | Patterns |
|---|---|
| Only filenames beginning with b | b* |
| Only filenames ending in b | *b |
| Only filenames containing a b | *b* |
| Only filenames where first character is not b | [!b]* |
| Only filenames at least 3 characters in length | ??? |
| Only filenames that contain a number | *[[:digit:]]* |
| Only filenames that begin with an upper-case letter | [[:upper:]]* |
Lab 4 - Managing Files with Shell Expansion (Back to Index)
Please refer to Activities for the lab exercises
Module 3 - Getting Help in Red Hat Enterprise Linux
- Introducing the man Command
- Navigate and Search man Pages
- Searching for man Pages by Keyword
- Lab 5 - Finding Relevant Information Using Man
- Introducing GNU Info
- GNU Info vs. Man Page Navigation
- Lab 6 - Understanding Program Documentation
- Introducing Package Documentation
- Research Documentation under /usr/share/doc
- Using redhat-support-tool to Search Knowledge Base
- Directly Access Knowledge Base Articles by Document ID
- Using redhat-support-tool to Manage Support Cases
- Managing A Bug Report with redhat-support-tool
- Including Diagnostic Information by Attaching a SoS Report Archive
- Lab 8 - Using sosreport Command to Generate a SoS Report
- Lab 9 - Research Methods Used by Sys Admins
Introducing the man Command (Back to Index)
The historical Linux Programmer's Manual is where the man page originates. Each contained information for specifiy types of files which have become sections
| Section | Content Type |
|---|---|
| 1 | User commands (both executable and shell programs) |
| 2 | System calls (kernel routines invoked from user space) |
| 3 | Library functions (provided by program libraries) |
| 4 | Special files (such as device files) |
| 5 | File format (for many configurations files and structures) |
| 6 | Games (historical section for amusing programs) |
| 7 | Conventions, standards and miscellaneous (protocols, file systems) |
| 8 | System administration and privileged commands (maintenance tasks) |
| 9 | Linux kernel API (internal kernel calls) |
Man page references include the section number in parentheses - passwd(1) describes the command and passwd(5) explains the /etc/passwd file
To read specific man pages, use man <topic>. Topic contents display one screen at a time. The man command searches manual sections in a configured order - section 1 is displayed first if available - to display a different man page topic, include the section number eg. man 5 passwd
Navigate and Search man Pages (Back to Index)
The following table lists basic man navigation commands
| Command | Result |
|---|---|
| Spacebar | Scroll forward one scree |
| PageDown | Scroll forward one screen |
| PageUp | Scroll backward one screen |
| DownArrow | Scroll forward one line |
| UpArrow | Scroll backword one line |
| d | Scroll foward one half-screen |
| u | Scroll backward one half-screen |
| /string | Search forward for string in the man page |
| n | Repeat previous search forward in the man page |
| N | Repeat previous search backward in the man page |
| g | Go to start of the man page |
| G | Go to end of the man page |
| q | Exit man and return to command shell prompt |
When performing searches, string allows regex syntax. Regex uses meta-characters for more sophisticated pattern matching
Searching for man Pages by Keyword (Back to Index)
A keyword search of man pages is performed using man -k keyword which displays a list of keyword matching man page topics with section numbers
Popular sections are 1, 5, and 8. Admins using certain troubleshooting tools also use section - remaining sections are commonly for programmer reference or advanced administration
NB. Keyword searches rely on an index generated by the mandb(8) command, which must be run as root. Command runs daily through cron.daily or by anacrontab within an hour of boot
The man -K option performs a full-text page search - not just titles and descriptions
Lab 5 - Finding Relevant Information Using Man (Back to Index)
Please refer to Activities for the lab exercises
Introducing GNU Info (Back to Index)
Many pages have a formal format useful as a command reference but less useful as general documentation. Info documents are an important resource on RHEL - many fundamental components and utilities such as the coreutils package and glibc standard libraries utilize it
Info documentation is structured as hyperlinked info nodes - more flexible than man pages. Info nodes are read from CLI using either info or pinfo commands - some commands have both documentation for man and pinfo
The pinfo reader is more advanced than info commands. Info nodes for a particular topic are browsed with pinfo topic. New documentation nodes become available in pinfo when their corresponding software packages are installed
GNU Info vs. Man Page Navigation (Back to Index)
The info command uses different navigation than man
| Navigation | pinfo | man |
|---|---|---|
| Scroll forward one screen | PageDown or Space | PageDown or Space |
| Scroll backward one screen | PageUp or b | PageUp or b |
| Display directory of topics | d | - |
| Scroll forward one half-screen | - | d |
| Display parent node of a topic | u | - |
| Display the top of a topic | HOME | 1G |
| Scroll backward one half-screen | - | u |
| Scroll forward to next hyperlink | DownArrow | - |
| Open topic at cursor location | Enter | - |
| Scroll forward one line | - | DownArrow or Enter |
| Scroll backward to previous hyperlink | UpArrow | - |
| Scroll backward one line | - | UpArrow |
| Search for a pattern | /string | /string |
| Display next node in topic | n | - |
| Repeat previous search forward | / then Enter | n |
| Display previous node in topic | p | - |
| Repeat previous search backward | - | N |
| Quit the program | q | q |
Lab 6 - Understanding Program Documentation (Back to Index)
Please refer to Activities for the lab exercises
Introducing Package Documentation (Back to Index)
Developers may choose to include documentation in their application's RPM distribution package. When the package is installed, files recognized as documentation are moved to /usr/share/doc/<packagename>. GNU packages also use /usr/share/doc to supplement info nodes
Most packages include files describing package distribution licensing - some include extensive PDF or HTML based documentation
Some packages come with extensive samples, config file templates, scripts, tutorials or user guides
Lab 7 - Research Documentation under /usr/share/doc (Back to Index)
Please refer to Activities for the lab exercises
Using redhat-support-tool to Search Knowledge Base (Back to Index)
The Red Hat Support Tool utility redhat-support-tool provides a text console interface to the subscription-based Red Hat access services - internet access is required and can be used from any terminal or SSH connection
By default, the program launches in shell mode - use the provided help sub-command to see all available commands. Shell mode supports tab completion and the ability to call programs in the parent shell
When first ran, it asks for credentials. It asks to store account info in home directory - ~/.redhat-support-tool/redhat-support-tool.conf. If a RedHat account is shared, the --global option can save account information to /etc/redhat-support-tool.conf
The tool allows subscribers to search and display the same knowledge seen when on the RHCP. Knowledge Base permits keyword searches. Users can enter error codes, syntax from log files or any mix of keywords to produce a list of relevant solutions
Directly Access Knowledge Base Articles by Document ID (Back to Index)
Locate online articles directly by using the tool's kb command with the document ID. Returned documents scroll on the screen without pagination allowing a user to redirect the output.
Documents retrieved in unpaginated format are easy to print, convert to PDF or others or to redirect output
Using redhat-support-tool to Manage Support Cases (Back to Index)
Before contacting Red Hat Support, gather relevant info for a bug report:
- Define the problem
Be able to clearly state the problem and its symptoms. Be as specific as possible and detail the steps which will reproduce the problem
- Gather background information
Things like version and product. Be ready to provide relevant diagnostic information. This can include output of sosreport. For kernel problems, this could include the system's kdump crash dump or a digital photo of the kernel backtrace displayed on the monitor of a crashed system
- Determine the severity level
Red Hat uses four severity levels - Urgent and High severity problem reports should be followed by a phone call to the relevant local support center
| Severity | Description |
|---|---|
| Urgent (Severity 1) | A problem that severely impacts your use of the software in a production environment. The situation halts your business operations and no procedural workaround exists |
| High (Severity 2) | A problem where the software is functioning but your use in a production environment is severely reduced. The situation is causing a high impact to portions of your business operations and no procedural workaround exists |
| Medium (Severity 3) | A problem that involves partial, non-critical loss of use of the software in a production environment or development environment. For production environments, there is a medium-to-low impact on your business, but your business continues to function, including by using a procedural workaround. For development environments, where the situation is causing your project to no longer continue or migrate into production |
| Low (Severity 4) | A general usage question, reporting of a documentation error, or recommendation for a future product enhancement or modification. For production environments, there is low-to-no impact on your business or the performance or functionality of your system. For development environments, there is a medium-to-low impact on your business, but your business continues to function, including by using a procedural workaround. |
Managing A Bug Report with redhat-support-tool (Back to Index)
Subscribers may create, view modify and close Red Hat Support cases using redhat-support-tool. When support cases are opened users may include files or documentation such as diagnostic reports. The tool uploads and attaches files to online cases.
Case details including product, version, summary, description, severity and case group may be assigned with command options or letting the tool prompt for required information
Including Diagnostic Information by Attaching a SoS Report Archive (Back to Index)
Including diagnostic information when a support case is first created contributes to quicker problem resolution. The sosreport command generates a compressed tar archive of diagnostic information gathered from the running system. The redhat-support-tool prompts to include one if an archive has been created previously
If a curren SoS report is not already prepared, an admin can generate and attach one later, using the tool's addattachment command as advised previously
Support cases can also be viewed modified and closed by you as the subscriber
The Red Hat Support Tool has advanced application diagnostic and analytic capabilities. Using kernel crash dump core files, redhat-support-tool can create and extract a backtrace - a report of the active stack frames at the point of a crash dump
The tool also provides log file analysis. Using the tool's analyze command, log files of many types including OS, JBoss, Python, Tomcat, oVirt and others can be parsed to reconggized problem symptoms which can then be viewed and diagnosed indidivualy
Lab 8 - Using sosreport Command to Generate a SoS Report (Back to Index)
Please refer to Activities for the lab exercises
Lab 9 - Research Methods Used by Sys Admins (Back to Index)
Please refer to Activities for the lab exercises
Module 4 - Creating, Viewing and Editing Text Files
- Standard Input, Standard Output and Standard Error
- Redirecting Output to a File
- Example for Output Redirection
- Constructing Pipelines
- Pipeline Examples
- Pipeline, Redirection and Tee
- Pipeline Examples Using the tee Command
- Pipeline Knowledge Quiz
- Editing Files with Vim
- Rearranging Existing Text
- Lab 10 - Using Vim
- Editing Files with GEdit
- Copying Text Between Graphical Windows
- Lab 11 - Editing with Gedit
- Lab 12 - Editing a File using Vim's Visual Mode
Standard Input, Standard Output and Standard Error (Back to Index)
A running program - or process - needs to read input from somewhere and write output to the screen or to files. A command run from the shell prompt normally reads its input from keyboard and sends output to terminal
A process uses numbered channels called file descriptors to get input and send output. All processes have three file descriptors:
- Standard input (0) reads input from the keyboard
- Standard output (1) sends normal output to the terminal
- Standard error (2) sends error messages to the terminal
If a program opens separate connections to other files, it may use higher-numbered file descriptors
Redirecting Output to a File (Back to Index)
I/O redirection replaces the default channel destinations with file names representing output files or devices - process output and error mesages can be captured as file contents, sent to a device or discarded
Redirecting stdout suppresses process output from appearing on the terminal. Redirecting only stdout does not suppress stderr error messages. If the file does not exist, it gets created. The special file /dev/null quietly discards channel output
| Usage | Explanation |
|---|---|
| ">file" | Redirect stdout to overwrite a file |
| ">>file" | Redirect stdout to append to a file |
| "2>file" | Redirect stderr to overwrite a file |
| "2>/dev/null" | Discard stderr messages by redirecting to /dev/null |
| ">file2>&1 OR &>file | Redirect stdout and stderr to overwrite the same file" |
| ">>file2>&1 OR &>>file | Redirect stdout and stderr to append to the same file" |
The order of redirection operations is important. The sequence > file 2>&1 redirects standard output to file and then redirects standard error to the same place as standard output
The sequence 2>&1 > file redirects standard error to the default place for standard output and then redirects only standard output to file
Some people prefer to use the merging redirection operators
&>fileinstead of>file 2>&1&>>fileinstead of>>file 2>&1
Example For Output Redirection (Back to Index)
-
Save a timestamp for later reference
date > /tmp/saved-timestamp -
Copy the last 100 lines from a log file to another file
tail -n 100 /var/log/dmesg > /tmp/last-100-boot-messages -
Concatenate four files into one
cat file1 file2 file3 file4 > /tmp/all-four-in-one -
List the home directory's hidden and regular file names into a file
ls -a > /tmp/my-file-names -
Append output to an existing file
echo "new line of information" >> /tmp/many-lines-of-informationdiff previous-file current-file >> /tmp/tracking-changes-made -
Redirecting errors to a file while viewing normal comand output
find /etc -name passwd 2> /tmp/errors -
Save process output and error messages to separate files
find /etc -name passwd > /tmp/output 2> /tmp/errors -
Ignore and discard error messages
find /etc -name passwd > /tmp/output 2> /dev/null -
Store output and generated errors together
find /etc -name passwd &> /tmp/save-both -
Append output and generated errors to an existing file
find /etc -name passwd >> /tmp/save-both 2>&1
Constructing Pipelines (Back to Index)
A pipeline is a sequence of one or more commands separated by the pipe character - it connects standard output to standard input of next command
Pipelines allow the output of a process to be manipulated and formatted by other processes before it is output to the terminal
Pipeline Examples (Back to Index)
ls -l /usr/bin | less takes the output of ls and uses less to display it on the terminal
ls | wc -l takes output of ls and gets piped to wc -l which counts the number of lines
ls -t | head -n 10 > /tmp/ten-last-changed-files takes the output of ls, takes the first 10 lines of that output and redirects the final output to a file
Pipeline, Redirection and Tee (Back to Index)
When redirection is combined with a pipeline, the shell first steps up the entire pipeline, then it redirects input/output - this means if output redirection is used in the middle of a pipeline, the output will go to the file and not to the next command in the pipeline
The example ls > /tmp/saved-output | less takes the output of the ls command and puts it in the file and less will display nothing on the terminal
The tee command is used to work around this - it copies its standard input to its standard output and will redirect its standard output to the files named as arguments
Pipeline Examples Using the tee Command (Back to Index)
ls -l | tee /tmp/saved-output | less redirects the output of ls to the file and passes it to less to be displayed on the terminal
If tee is used at the end of a pipeline, the final output of a command can be saved and output to the terminal at the same time
ls -t | head -n 10 | tee /tmp/ten-last-changed-files
The following example is more sophisticated - it takes advantage of a special device file that exists that represents the terminal. The name of the device file for a particular terminal can be determined by running the tty command at its shell prompt. Then tee can be used to redirect output to that file to display it on the terminal window, while standard output can be passed to some other program through a pipe. In this case, mail will email the output
ls -l | tee /dev/pts/0 | mail student@desktop1.example.com
Pipeline Knowledge Quiz (Back to Index)
| Result Needed | Redirection Syntax Used |
|---|---|
| Display command output to terminal, ignore all errors | 2>/dev/null |
| Send command output to file; errors to different file | >file 2>file2 |
| Send output and errors to the same new, empty file | &>file |
| Send output and errors to the same file, but preserve existing content | >>file 2>&1 |
| Run a command, but throw away all possible terminal displays | &>/dev/null |
| Send command output to both the screen and a file at the same time | ` |
| Run command, save output in a file, discard error messages | > file2> /dev/null |
Editing Files with Vim (Back to Index)
A key design principle of Linux - information is stored in text-based files. Text files include both flat files with rows of similiar information such as configuration files in /etc and Extensible Markup Language (XML) fles which define data structure through text tags seen in application configuration files throughout both /etc and /usr
Vim is highly configurable and efficient - split screen editing, color formatting, and highlighting for editing text
Vim starts up in command mode which is used for navigation, cut and paste, and other text manipulation
Press i enters insert mode where all text typed becomes file content - pressing Esc returns to command mode
Pressing v enters visual mode, where multiple characters may be selected for text manipulation. Use V for multi-line and Ctrl+V for block selection. The same keystroke used to enter visual mode is used to exit
Pressing : begins extended command mode for tasks like writing the file to save it, and quitting the Vim editor
Pressing u inside insert mode undoes mistaken edits
Pressing x deletes a selection of text
To save or exit, :w saves the file and remains in command mode, :wq saves and quits Vim and :q! quits Vim and discards all file changes
Rearranging Existing Text (Back to Index)
In Vim, copy and paste is known as yank and put using command characters y and p. Begin by positioning the cursor on the first character to be selected and enter visual mode. Use the arrow keys to expand the visual selection. When ready, pres y to yank the selection into memory. Position the cursor at the new location, then press p to put the selection at the cursor
Lab 10 - Using Vim (Back to Index)
Please refer to Activities for the lab exercises
Quick Summary of Lab:
- Cursor is moved using either arrow keys or h, j, k, l keys
- Starting vim by typing
vim <filename> - To exit vim, type
<ESC> :q!to not save or<ESC> :wqto save changes - To delete character at cursor, type
x - To insert or append text, typing
i <text> <ESC>to insert before cursor orA <text> <ESC>to append after the line - Pressing ESC will place you in Normal mode or cancels an unwanted and partially completed command
Editing Files with GEdit (Back to Index)
Gedit is a full-featured text editor for GNOME. GNOME Help includes a gedit help guide which is found in Applications --> Favourites --> Help from the GNOME menu
Perform many file management tasks using gedit's menu:
- To create a new file in gedit, click the toolbar icon or hit CTRL+N
- To save a file, hit the floppy disk or CTRL+S
- To open an existing file, click open or hit CTRL+O
Copying Text Between Graphical Windows (Back to Index)
Text can be copied between documents, text windows and command windows. Selected text is duplicated using copy and paste or moved using cut and paste - whether cut or copiued, the text is held in memory for pasting
To paste quicker, simply hit the middle mouse button to paste the copied text. The keyoard shortcut method can also be used -CTRL+X to cut, CTRL+C to copy, CTRL+V to paste and CTRL+SHIFT+C to copy in a terminal
Lab 11 - Editing with Gedit (Back to Index)
Please refer to Activities for the lab exercises
Lab 12 - Editing a File using Vim's Visual Mode (Back to Index)
Please refer to Activities for the lab exercises
Module 5 - Users and Groups
Table of Contents
- What Are Users & Groups
- Users and Groups Review
- The Root User
- Switching Users with
su - Running Commands as Root with
sudo - Lab 13 - Running Commands as Root
- Managing Local Users
- Lab 14 - Creating Users
- Managing Supplementary Groups
- Lab 15 - Supplementary Groups
- Shadow Passwords and Password Policy
- Lab 16 - Setting Unique Password Policies
What Are Users/Groups? (Back to Index)
Access to files and directories are restricted by user. User associated with a running proccess determines the files and directories accesible to that process
The id command shows info about current logged-in user
To view user associated with file or directory, use ls -l cxommand
To view process info, use ps. Use ps -a to view all processes. Use ps -u to see user associated with process
Mapping of names to numbers defined in databases of account info. Systems use /etc/passwd file to store info about local users. The format of /etc/passwd is in order:
- username is mapping of UID to name
- password is where passwords were kept
- UID is User ID which identifies the user at the fundamental level
- GID is the user's primary group ID number
- GECOS field includes user's real name
- /home/dir is location of user's personal data
- shell is the program that runs as the user logs in
Groups have names and numbers (GID). Groups defined in /etc/group. Every user has one primary group defined by the GID. Primary group owns new files created by the user. Primary group of a newly created user is a newly created group with the same name as the user.
Users may be a member of zero or more supplementary groups. Users of these groups are listed in the last field of group's entry in /etc/group. For local groups, user membership determined by list of users found in last field of /etc/group
Supplementary group membership is used to help ensure users have access perms
Users and Groups Review (Back to Index)
| Description | Keyword |
|---|---|
| Number that identifies the user at fundamental level | UID |
| Program that provides user's CLI | login shell |
| Location of local group info | /etc/group |
| Location of user's personal files | home directory |
| Number that identifies group at fundamental level | GID |
| Location of local user account information | /etc/passwd |
| Fourth field of /etc/passwd | priamry group |
The Root User (Back to Index)
Root user has power to override normal privileges and used to manage the system. Root perms needed to install/remove software and manage system files/directories
Removable devices such as USBs are allowed to be controlled by a normal user. Only root is allowed to manage fixed hard drives.
Recommended that admins do NOT login directly as root but escalate only when necessary
Switching Users with su (Back to Index)
The su command allows users to switch to a different user. If no user is specified, root is default.
The su <username> command starts a non-login shell. The command su - <user> starts a login shell. In most cases, admins want to run su - to get the user's normal settings
Running Commands as Root with sudo (Back to Index)
All users requiring superuse privileges must know the root password. The sudo command allows a user to be permitted to run a command as root based on settings in the /etc/sudoers file. Sudo requires users to enter their own password.
One benefit of sudo is all commands using sudo are logged to /var/log/secure
In RHEL7, all members of group wheel can use sudo to run commands as any user. In RHEL6, users who were members of wheel did not get this admin access by default
To enable similiar behaviour on earlier versions of RHEL, edit the config file and uncomment the line allowing group wheel to run all commands
Lab 13 - Running Commands as Root (Back to Index)
Please refer to Activities for the lab exercises
Managing Local Users (Back to Index)
Number of tools can be used to manage local user accounts:
-
useradd <user>sets reasonable defaults for all fields in /etc/passwd if run without options, does not set any valid password and user cannot login until password is set -
useradd --helpdisplays basic options to override defaults - Some defaults such as range of valid UID numbers & default password aging rules are read from /etc/login.defs
-
userdel <user>removes user from /etc/passwd but leaves home directory -
userdel -r <user>removes user and their home directory -
passwd <user>is used to either set initial password or change it
The root user can set a password to any value. A regular user must choose a password which is 8 characters and not based on a dictionary word, the username or previous password
The usermod --help displays basic options to modify an account such as:
| usermod options | Description |
|---|---|
| -c, --comment COMMENT | Adds a value such as full name to the GECOS field |
| -g, --gid GROUP | Specify primary group for user |
| -G, --groups GROUPS | Specify list of supplementary groups for user |
| -a, --append | Used with -G to append user to supplemental groups |
| -d, --home HOME_DIR | Specify new home directory for user |
| -m, --move-home | Move user home directory to new location (must be used with -d option) |
| -s, --shell SHELL | Specify new login shell for user |
| -L, --lock | Lock user account |
| -U, --unlock | Unlock user account |
Specific UID numbers and ranges of numbers are used for specific purposes:
- UID 0 is assigned to root
- UID 1-200 is a range of system users assigned statically to system processes
- UID 201-999 is a range of system users used by system processes that do not own files on the system. Typically assigned dynamically from pool when software is installed that needs them
- UID 1000+ is the range available for regular users
Lab 14 - Creating Users (Back to Index)
Please refer to Activities for the lab exercises
Managing Supplementary Groups (Back to Index)
A group MUST exist before a user can be added. The groupadd <group_name> command without options uses the next available GID from the range specified in the /etc/login.defs file. The -g <number> option is used to specify a specific GID. It is generally recommended to set aside a range of GID numbers to be used for supplementary groups
The -r option creates a system group using a GID from the range of valid system GID numbers listed in /etc/login.defs
Groupmod Command
The groupmod command changes a group name to a GID mapping - -n specifies a new name
The -g option specifies a new GID
Groupdel Command
The groupdel command removes a group. A group may NOT be removed if it is the primary group of any existing user
The membership of a group is controlled with user management. To change a user's primary group, use the usermod -g <name> command
To add a user to a supplementary group, use the usermod -aG <name> <user>
Lab 15 - Supplementary Groups (Back to Index)
Please refer to Activities for the lab exercises
Shadow Passwords and Password Policy (Back to Index)
Encrypted passwords were stored in /etc/passwd file but has since moved to the /etc/shadow file
There are three pieces of information stored in a modern password hash such as $1$gCjLa2/Z$6Pu0EK0AzfCjxjv2hoLOB/:
-
$1$ is the hashing algorithm. The number 1 indicates an MD5 hash and the number 6 indicates a SHA-512 hash - gCjLa2/Z is the salt used to encrypt the hash and is chosen as random
- 6Pu0EK0AzfCjxjv2hoLOB/ is the encrypted hash
When a user logs in, the system looks up the entry for the user, combines the salt with the unencrypted password that was typed and encrypts them - if it matches, the user is logged in
The default algorithm can be changed by the root user by running the command authconfig --passalgo with one of the arguments md5, sha256, or sha512
The Shadow File
The format of the /etc/shadow file follows:
name:password:lastchange:minage:maxage:warning:inactive:\expire:blank
- The login
name- must be a valid account on the system - The encrypted
password- password field that starts with an exclamation mark meaning the password is locked - The date of
last change- represented as the number of days since 1970.01.01 - The minimum number of days before change - 0 means no minimum age requirement
- The maximum number of days before change
- The
warning period- warning when password is about to expire, 0 means no warning - The number of days an account remains active after expired password - after this number, the account is locked
- The account
expiration- represented as number of days since 1970.01.01 - The
blankfield - reserved for future use
Password Aging
Some of the most popular commands to change password settings are:
-
chage -d 0 <user>will force a password update on next login -
chage -l <user>will list a username's current settings -
chage -E YYYY-MM-DD <user>will expire an account on a specific day
The date command can be used to calculate a date in the future via the date -d "+45 days" command for example
Restricting Access
With the chage command, an account expiration can be set. Once that date is reached, the user cannot log in interactively - the usermod command can lock an account with the -L option
When a user has left the company, the admin may lock and expire an account with a single usermod command - the date MUST be given as the number of days since 1970.01.01
The nologin Shell
Sometimes a user needs an account with a password to authenticate to a system but does not need an interactive shell. A common solution is to set the user's login shell to /sbin/nologin - if the user attempts to login to the system directly, the nologin shell will simply close the connection
Lab 16 - Setting Unique Password Policies (Back to Index)
Please refer to Activities for the lab exercises
Lab 17 - Performance Checklist (Back to Index)
Please refer to Activities for the lab exercises
Module 6 - File System Permissions
- Linux File System Permissions
- Viewing Permissions and Ownership
- Example
- Changing Permissions
- Changing User or Group Ownership
- Lab 18 - Changing Permissions
- Special Permissions
- Default Permissions
- Lab 19 - Controlling Default Permissions
- Lab 20 - Performance Checklist
Linux File System Permissions (Back to Index)
Access to files by users are controlled by file permissions. Files have three categories of users to which permissions apply. The file is owned by a user - normally the one who created the file. The file is also owned by a single group - usually the primary group of the user who created the file
Different permissions can be set for the owning user, the owning group and for all other users. The most specific permissions apply - user permissions override group permissions which override other permissions
There are three categories of permissions which apply - read, write and execute
| Permission | Effect on files | Effect on directories |
|---|---|---|
| r (read) | Contents of file can be read | Contents of the directory can be listed |
| w (write) | Contents of file can be changed | Any file in the directory may be created/deleted |
| x (execute) | File can be executed as commands | Contents of directory can be accessed |
Users normally have read/exec on read-only directories - can list directory and access its contents. If user has only read access, the names of the files in it can be listed only. If users has only execute access, they cannot list the names of the files but they can access the contents by specifying the file name.
A file may be removed by anyone who has write permission to the directory regardless of the ownership or permissions on the file itself
Viewing Permissiosn and Onwership (Back to Index)
The ls -l command will expand the file listing to include both the permissions and ownership. The command ls -l <dir> will show the expanded listing of all files that reside in the directory - to prevent the descent into the directory, add the -d option
Linux permissions ONLY apply to the directory or file that they are set on. Permissions are not inherited automatically by the subdirectories and files within it. All permissions in Linux are set directly on each file or directory
Example (Back to Index)
| Allowed/Denied Behaviour | Controlling Permissions |
|---|---|
| lucy is the only person who can change the contents of lfile1 | lucy has write permissions on the file lfile1. No one is listed as a member of the group lucy. The permissions for other do not include write permissions |
| ricky can view the contents of lfile2 but cannot modify the contents | ricky is a member of the group ricardo which has read-only permissions on lfile2. Even though other has write permissions, group permissions take precedence |
| ricky can delete lfile1 and lfile2 | ricky has write permissions on the directory containing both files |
| ethel can change contents of lfile2 | Since ethel is not lucy, and is not a member of the ricardo group, other permissions apply to her and those include write permissions |
| lucy can change contents of rfile1 | lucy is a member of the ricardo group which has both read and write permissions on rfile1 |
| ricky can view and modify the contents of rfile2 | ricky owns the file and has both read and write access |
| lucy can view but not modify the contents of rfile2 | lucy is a member of the ricardo group which has read-only access |
| ethel and fred do not have any access to rfile2 | other permissions apply to ethel and fred which do not include read/write permissions |
Changing Permissions (Back to Index)
The command used to change permissions from the command line is chmod. The chmod command takes a permission instruction followed by a list of files/directories to change - can be issued either symbolically or numerically
The symbolic method of changing file permissions uses letters to represent the different groups of permissions: u for user, g for group, o for other and a for all
With the symbolic method, it is not necessary to set a complete new group of permissions. It is possible to change one or more of the existing permissions - + for adding, - for removing and = to replace the entire set. The permissions themselves are represented by a single letter - r for read, w for write and x for execute
When using chmod to change permissions with the symbolic method, using a capital X as the permission flag will add execute permission only if the file is a directory or already has execute set for user, group or other
Using the numeric method, permissions are represented by a three-digit octal number. A single octal digit goes from 0-7. The chmod command supports the -R option to recursively set permissions on the files in an entire directory tree
Changing User or Group Ownership (Back to Index)
A newly created file is owned by the user who creates the file. By default, the new file has a group ownership which is the primary group of the user creating the file - RHEL uses user private groups which only has the single user as a member
File ownership can be changed with the chown command. To grant ownership of the file foofile to student, the following command could be used - chown student foofile
The chown command can be used with the -R option to recursively change the ownership of an entire directory tree. The following command would grant ownership of foodir and all files and subdirectories to student - chown -R student foodir
The chown command can also be used to change group ownership of a file by preceding the group name with a colon. For example, the following command will change the group foodir to admins - chown :admins foodir
The chown command can also be used to change both owner and group at the same time by using the syntax onwer:group. To change the ownership of foodir to visitor and the group to guests, use chown visitor:guests foodir
Only root can change the ownership of a file. Group ownership can be set by root or the file's owner. Root can grant ownership to any group while non-root users can grant ownership only to groups they belong to
Lab 18 - Changing Permissions (Back to Index)
Please refer to Activities for the lab exercises
Special Permissions (Back to Index)
The setuid or setgid permission on an executable file means that the command will run as the user or group of the file and NOT as the user that ran the command. The setuid permission is represented as a s where the user x permission would normally be located.
The sticky bit for a directory sets a special restriction on deletion of files - only the owner of the file can delete files within the directory. The sticky bit permission is represented as a t where the other x permission would normally be located
Lastly, setgid on a directory means that files created in the directory will inherit the group affiliation from the directory rather than inheriting it from the creating user. You can spot the setgid permissions by a lowercase s where you would normally expect the group execute permissions to be
| Special Permissions | Effect on files | Effect on directories |
|---|---|---|
| u+s (suid) | File executes as the user that owns the file | No effect |
| g+s (sgid) | File executes as the group that owns the file | Files newly created in the directory have their group owner set to match the group owner of the directory |
| o+t (sticky) | No effect | Users with write on the directory can only remove files they own |
Symbolically:
- setuid (u+s)
- setgid (g+s)
- sticky (o+t)
Numerically (fourth digit):
- setuid (4)
- setgid (2)
- sticky (1)
Default Permissions (Back to Index)
The default permissions for files are set by the processes that create them. The umask command without arguments will display the current value of the shell's umask.
Every process on the system has a umask, which is an octal bitmask that is used to clear the permissions of new files and directories that are created by the process. You can use the umask command with a single numerica argument to change the umask of the current shell. The numeric argument should be an octal value corresponding to the new umask value.
The system default umask values for Bash shell users are defined in the /etc/profile and /etc/bashrc files. Users can override the system defaults in their .bash_profile and .bashrc files
Lab 19 - Controlling Default Permissions (Back to Index)
Please refer to Activities for the lab exercises
Lab 20 - Performance Checklist (Back to Index)
Please refer to Activities for the lab exercises
Module 7 - Processes
- What Is A Process?
- Process States
- Listing Processes
- Jobs and Sessions
- Running Jobs in the Background
- Lab 21 - Suspending User Processes
- Process Control Using Signals
- Logging Users Out Administratively
- Lab 22 - Multiple Shell Processes
- Load Average
- Understanding the Linux Load Average Calculation
- Real-time Process Monitoring
- Lab 23 - Using the Top Command
- Lab 24 - Performance Checklist
What Is A Process? (Back to Index)
A process is a running instance of a launched, executable program. A process consists of:
- An address space of allocated memory
- Security properties including ownership credentials and privileges
- One or more execution threads of program code
- The process state
The environment of a process includes:
- Local and global variables
- A current scheduling context
- Allocated system resources such as file descriptors and network ports
An existing (parent) process duplicates its own address space (fork) to create a new (child) process structure. Every new process is assigned a unique PID for tracking and security. The PID and PPID are elements of the new process environment. Any process may create a child process. All processes are descendants of the first system process (systemd) on RHEL7
Through the fork routine, a child process inheries security identities, previous and current file descriptors, port and resource privileges, environment variables and program code. A child process may then exec its own program code.
Normally, a parent process sleeps while the child process runs, setting a request to be signaled when the child completes. Upon exit, the child process has already closed or discarded its resources and environment - the remainder is referred to as a zombie
Process States (Back to Index)
In a multitasking OS, each CPU can be working on one process at a single point in time. As a process runs, its immediate requirements for CPU time and resource allocation change. Processes are assigned a state, which changes as circumstances require
The Linux process states are described as follows:
| Name | Flag | Kernel-defined state name and description |
|---|---|---|
| Running | R | TASK_RUNNING: The process is either executing on a CPU or waiting to run. Process can be executing user routines or kernel routines (system calls), or be queued and ready when in the Running (or Runnable) state. |
| Sleeping | S | TASK_INTERRUPTIBLE: The process is waiting for some condition: a hardware request, system resource access, or signal. When an event or signal satisfies the condition, the process returns to Running. |
| Sleeping | D | TASK_UNINTERRUPTIBLE: This process is also Sleeping, but unlike S state, will not respond to delivered signals. Used only under specific conditions in which process interruption may cause an unpredictable device state. |
| Sleeping | K | TASK_KILLABLE: Identical to the uninterruptible D state, but modified to allow the waiting task to respond to a signal to be killed (exited completely). Utilities frequently display Killable processes as D state. |
| Stopped | T | TASK_STOPPED: The process has been Stopped (suspended), usually by being signaled by a user or another process. The process can be continued (resumed) by another signal to return to Running. |
| Stopped | T | TASK_TRACED: A process that is being debugged is also temporarily Stopped and shares the same T state flag. |
| Zombie | Z | EXIT_ZOMBIE: A child process signals its parent as it exits. All resources except for the process identity (PID) are released. |
| Zombie | X | EXIT_DEAD: When the parent cleans up (reaps) the remaining child process structure, the process is now released completely. This state will never be observed in process-listing utilities. |
Listing Processes (Back to Index)
The ps command is used for listing current processes. The command can provide detailed process information including:
- The user identification (UID) which determines process privileges
- The unique process identification (PID)
- The CPU and real time already expended
- How much memory the process has allocated in various locations
- The location of process STDOUT, known as the controlling terminal
- The current process state
A common display listing (options aux) displays all processes, with columns in which users will be interested and includes processes without a controlling terminal. A long listing (options lax) provides more technical detail but may display faster by avoiding the username lookup. The similiar UNIX syntax uses the options "-ef" to display all processes
By default, ps with NO options selects all processes with the same effective user ID (EUID) as the current user and associated with the same terminal where ps was invoked
- Processes in brackets (usually at the top) are scheduled kernel threads
- Zombies show up in a ps listing as exiting or defunct
psdisplays once. Use top(1) for a repetitive update process displaypscan display in tree format to view parent/child relationships- Default output is unsorted. Display order matches that of the system process table which reuses table rows as processes die and new ones are created. Output may appear chronological, but is NOT guaranteed unless explicit.
-0or--sortoptions are used
| Description | State |
|---|---|
| Process has been stopped (suspended) | T |
| Process has released all its resources except its PID | Z |
| Process is running or waiting to run on a CPU | R |
| Process is sleeping until some condition is met | S |
| Process is waiting for I/O or some condition to be met and must not respond to signals | D |
Jobs and Sessions (Back to Index)
Job control is a feature of the shell which allows a single shell instance to run and manage multiple commands. A job is associated with each pipeline entered at a shell prompt. All processes in that pipeline are part of the job and are members of the same process group
Only one job can read input and keyboard-generated signals at a time. Processes that are part of that job are foreground processes of that controlling terminal
A background process of that controlling terminal is a member of any other job associated with that terminal. Background processes of a terminal can NOT read input or receive keyboard-generated interrupts from the terminal, but may be able to write to the terminal. A job in the background may be stopped or it may be running. If a running background job tries to read from the terminal, it will be suspended
The ps command will show the device name of the controlling terminal of a process in the TTY column. Some processes, such as system daemons, are started by the system - do NOT have a controlling terminal, are not members of a job and can NOT be brought to the foreground
Running Jobs in the Background (Back to Index)
Any command or pipeline can be started in the background by appending an ampersand (&) to the end of the command. When backgrounding a pipeline with an ampersand, the PID of the last command in the pipeline wioll be the one that is output.
The bash shell tracks jobs, per session, in a table displayed with the jobs command. A background job can be brought to the foreground by using the fg command with its job ID. To send a foreground process to the background, first press the keyboard-generated suspend request (CTRL+Z) on the terminal - the job is immediately placed in the background and suspended
The ps j command displays information relating to jobs. The PGID is the PID of the process group leader - normally the first process in the jobs pipeline. The SID is the PID of the session leader, which for a job is normally the interactive shell that is running on its controlling terminal
To start a suspended process running in the background, use the bg command with the same job ID
Lab 21 - Suspending User Processes (Back to Index)
Please refer to Activities for the lab exercises
Process Control Using Signals (Back to Index)
A signal is a software interrupt delivered to a process. Signals report events to an executing program. Events that generate a signal can be an error, external event or by explicit request
The following table lists the fundamental signals used by sys admins for routine process management
| Signal Number | Short Name | Definition | Purpose |
|---|---|---|---|
| 1 | HUP | Hangup | Used to report termination of the controlling process of a terminal |
| 2 | INT | Keyboard interrupt | Causes program termination. Can be blocked or handled. Sent by pressing CTRL+C |
| 3 | QUIT | Keyboard quit | Similiar to SIGINT, but also produces a process dump at termination |
| 9 | KILL | Kill, unblockable | Causes abrupt program termination |
| 15 (default) | TERM | Terminate | Causes program termination. Unlike SIGKILL, can be blocked |
| 18 | CONT | Continue | Resume if stopped. Cannot be blocked |
| 19 | STOP | Stop, unblockable | Suspends the process |
| 20 | TSTP | Keyboard stop | Can be blocked |
Each signal has a default action, usually one of the following:
- Term - cause a program to terminate at once
- Core - cause a program to save memory image then terminate
- Stop - cause a program to stop executing and wait to continue
Commands for Sending Signals by Explicit Request
Users signal their current foreground process by pressing a keyboard control sequence to suspend (CTRL+Z), kil (CTRL+C) or core dump (CTRL+\) the process. To signal a background process requires a signal-sending command
Signals can be specified either by name or by number. Users may kill their own process but root privilege is required to kill processes owned by others
The kill command sends a signal to a process by ID. Despite its name, the kill command can be used for sending any signal
Use killall to send a signal to one or more processes matching selection criteria, such as a command name, processes owned, or all system-wide processes
The pkill command can signal multiple processes. It uses advanced selection criteria which can include combinations of:
- Command
- UID
- GID
- Parent
- Terminal
Logging Users Out Administratively (Back to Index)
The w command views users currently logged in and their activities. All users have a controlling terminal listed as pts/N while working in a GUI window or ttyw on a system console. Remote users display their connecting system name in the FROM column when using the -f option
Processes and sessions can be individually or collectively signaled. To terminal ALL processes for one user, use the pkill command. Because the initial process in a login session is designed to handle session termination requests, killing all of a user's processes and login shells requires using the SIGKILL signal
When processes requiring attention are in the same login session, it may not be necessary to kill all of a user's processes. Determining the controlling terminal for the session using the w command then kill only processes which reference the same terminal ID
The same selective process termination can be applied using parent and child process relationships. Use the pstree command to view a process tree for the system or a single user. Use the parent's process PID to kill all children they have created
Lab 22 - Multiple Shell Processes (Back to Index)
Please refer to Activities for the lab exercises
Load Average (Back to Index)
The Linux kernel calculates a load average metric as an exponential moving average of the load number, a cumulative CPU count of active system resource requests
- Active requests are counted from per-CPU queues for running threads and threads waiting for I/O, as the kernel tracks process resource activity and corresponding process state changes
- Load number is a calculation routing run every five seconds by default which accumulates and averages the active requests into a single number for all CPUs
- Exponential moving average is a mathematical formula to smooth out trending data highs and lows, increase current activity significance and decrease aging quality
- Load average is the load number calculation routing result. Collectively, it refers to the three displayed values of system activity data averaged for the last 1,5 and 15 minutes
Understanding the Linux Load Average Calculation (Back to Index)
The load average represents the perceived system load over a time period. Linux implements the load average calculation as a representation of expected service wait times - for CPU, disk and network I/O
- Linux counts not only processes, but threads individually as separate tasks. CPU request queues for running threads (nr_running) and threads waiting for I/O resources (nr_iowait) reasonably correspond to process states R (Running) and D (Uninterruptable Sleeping)
- The load number is a global counter calculation which is sum-totaled for all CPUs
- Linux counts each physical CPU core and microprocessor hyperthread as separate execution units, logically represented and referred to as individual CPUs
- Some UNIX systems only considered CPU utilization or run queue length to indicate system load.
The three values represent the weighted values over the last 1,5 and 15 minutes
- top, uptime, w and gnome-system-monitor display load average vaLues
- Divide the displayed load average values by the number of logical CPUs in the system - value below 1 indicates satisfactory resource utilization and minimal wait times. A value above 1 indicates resource saturation and some amount of service waiting times
- An idle CPU queue has a load number of 0
- Processes sleeping for I/O due to a busy disk are included in the count
- Until resource saturation, a load average will remain below 1
Real-time Process Monitoring (Back to Index)
The top program is a dynamic view of the system processes. It continuously refreshes at a configurable interval. It provides capabilities for column reordering, sorting, and highlighting
Default output columns are recognizable from other resource tools:
- The process ID (PID)
- User name (USER) is the process owner
- Virtual memory (VIRT) is all memory the process is using
- Resident memory (RES) is the physical memory used by the process
- Process state (S) displays as
- D = Uninterruptable Sleeping
- R = Running or Runnable
- S = Sleeping
- T = Stopped or Traced
- Z = Zombie
- CPU time (TIME) is the total processing time since the process started
- The process command name (COMMAND)
| Key | Purpose |
|---|---|
| ? or h | Help for interactive keystrokes |
| l, t, m | Toggles for load, threads and memory header lines |
| 1 | Toggle showing individual CPUs or a summary for all CPUs in header |
| s | Change the refresh rate in decimal seconds |
| b | Toggle reverse highlighting for Running processes |
| B | Enables use of bold in display, in the header, and for running processes |
| H | Toggle threads, show process summary or individual threads |
| u, U | Filter for any user name |
| M | Sorts process listing by memory usage, in descending order |
| P | Sorts process listing by processor utilization, in descending order |
| k | Kill a process |
| r | Renice a process |
| W | Write the current display configuration for use next time |
| q | Quit |
Lab 23 - Using the Top Command (Back to Index)
Please refer to Activities for the lab exercises
Lab 24 - Performance Checklist (Back to Index)
Please refer to Activities for the lab exercises