Linux Basics

= Linux Booting Process = Source: technochords.com

The following are the 6 high level stages of a typical Linux boot process:


 * 1) BIOS
 * MBR
 * 1) GRUB
 * 2) Kernel
 * 3) Init
 * 4) Runlevel programs

Detailed explanation of each stage:


 * BIOS
 * Performs some system integrity checks (POST-Power On Self Test)
 * Searches, loads, and executes the boot loader program.
 * It looks for boot loader in floppy, cd-rom, or hard drive.
 * You can press a key (typically F12 of F2, but it depends on your system) during the BIOS startup to change the boot sequence.
 * Once the boot loader program is detected and loaded into the memory, BIOS gives the control to it.
 * In simple terms BIOS loads and executes the MBR boot loader.


 * MBR
 * MBR stands for Master Boot Record.
 * It is located in the 1st sector of the bootable disk.
 * Typically /dev/hda, or /dev/sda
 * MBR is less than 512 bytes in size.
 * This has three components:
 * 1) primary boot loader info in 1st 446 bytes,
 * 2) partition table info in next 64 bytes(16,16,16,16) 4 partitions,
 * 3) magic numbers as mbr validation check in last 2 bytes.
 * It contains information about GRUB (or LILO in old systems).
 * In simple terms MBR loads and executes the GRUB boot loader.


 * GRUB
 * GRUB stands for Grand Unified Bootloader.
 * It is a Multiboot boot loader.
 * If you have multiple kernel images installed on your system, you can choose which one to be executed.
 * GRUB displays a splash screen, waits for few seconds, if you don’t enter anything, it loads the default kernel image as specified in the grub configuration file.
 * GRUB has the knowledge of the filesystem (the older Linux loader LILO didn’t understand filesystem).
 * Grub configuration file is /boot/grub/grub.conf (/etc/grub.conf is a link to this).
 * As you notice from the above info, it contains kernel and initrd image.
 * So, in simple terms GRUB just loads and executes Kernel and initrd images.


 * Kernel
 * Once the control is given to kernel which is the central part of all your OS and act as a mediator between hardware and software.
 * Kernel once loaded into to RAM it always resides on RAM until the machine is shutdown.
 * Once the Kernel starts its operations the first thing it do is executing INIT process.

0 – halt 1 – Single user mode 2 – Multiuser, without NFS 3 – Full multiuser mode 4 – unused 5 – X11 6 – reboot
 * Init (initialization)
 * Looks at the /etc/inittab file to decide the Linux run level.
 * Following are the available run levels


 * Init identifies the default initlevel from /etc/inittab and uses that to load all appropriate program.
 * Execute ‘grep initdefault /etc/inittab’ on your system to identify the default run level
 * If you want to get into trouble, you can set the default run level to 0 or 6. Since you know what 0 and 6 means, probably you might not do that.
 * Typically you would set the default run level to either 3 or 5.

Run level 0 – /etc/rc.d/rc0.d/ Run level 1 – /etc/rc.d/rc1.d/ Run level 2 – /etc/rc.d/rc2.d/ Run level 3 – /etc/rc.d/rc3.d/ Run level 4 – /etc/rc.d/rc4.d/ Run level 5 – /etc/rc.d/rc5.d/ Run level 6 – /etc/rc.d/rc6.d/
 * Runlevel programs
 * When the Linux system is booting up, you might see various services getting started.
 * For example, it might say “starting sendmail …. OK”.
 * Those are the runlevel programs, executed from the run level directory as defined by your run level.
 * Depending on your default init level setting, the system will execute the programs from one of the following directories.


 * Please note that there are also symbolic links available for these directory under /etc directly.
 * So, /etc/rc0.d is linked to /etc/rc.d/rc0.d.
 * Under the /etc/rc.d/rc*.d/ directories, you would see programs that start with S and K.
 * 1) Programs starts with S are used during startup. S for startup.
 * 2) Programs starts with K are used during shutdown. K for kill.
 * 3) There are numbers right next to S and K in the program names.
 * 4) Those are the sequence number in which the programs should be started or killed.
 * 5) For example, S12syslog is to start the syslog deamon, which has the sequence number of 12.
 * 6) S80sendmail is to start the sendmail daemon, which has the sequence number of 80.
 * So, syslog program will be started before sendmail.

= Linux file system layout =

This is a layout file system structure from a CentOS linux, depends on the system and linux distro, the structure may vary, and directories may be removed or added.


 * / – The Root Directory


 * Everything on Linux system is located under the / or root directory.
 * The meaning of / or root and root user are often confusing to new Linux users.
 * In Linux, the root directory “/” is a separator between a file and a directory contains all underlying directories and files, yet root user is a super user or administrator user with has administrative privileges on the system vs Linux privileged users who only have limited privileges to protect system security.


 * /bin – Essential command binaries


 * The /bin directory is a place contains most commonly essential executable terminal binaries programs or file required during booting, repairing like cat, ls, mount, rm, du, df, tar, rpm, wc, etc.


 * /boot – Boot loader files


 * All of the required files to boot the system contains in /boot directory, including GRUB boot loader’s files, Linux kernels, the Linux initial RAM disk (initrd),


 * /dev – Device Files


 * All of the hardware devices on the machine like cdrom, cpu, hard drives, etc will be stored as special device files that represent all the devices in /dev directory. Device files are created during your Linux system installation.


 * /etc – Configuration Files


 * Contain host-specific files and directories, e.g. information about system and application configuration files like startup, shutdown, start, stop script for every individual program.
 * In another word /etc data is very similar to Control panel in Microsoft Windows.


 * /home – Home Directory


 * Home directory of the users. Every time you create a new user, a new directory with user’s name is created in /home directory for users to store their own files within their own home’s directory.
 * Most common automatic directories created within /home ‘s user are Desktop, Downloads, Documents, Music, Movie, etc.
 * Most programs configuration file for a specific user will be saved in it’s users /home directory like web browser settings, web browser bookmarks, desktop wallpaper, themes, and passwords.


 * /lib – Essential Libraries


 * Similar to Windows ‘dll’ files, all Linux shared libraries and kernel modules files stores in /lib directory.
 * These important Linux dynamic libraries are required to boot the system and run commands in the root file system.


 * /lost+found – Recovering Files


 * Sounds weird but yes we have lost+found in Linux file system structure.
 * Every Linux file system and partitions has a lost+found in it’s directory.
 * In the even your system is crashed or unexpected shutdown, you can run fsck command to check and repair the filesystem, fsck will turn any corrupted or almost-deleted files back into files that you can recover them later in /lost+founddirectory.


 * /media – Removable Media Devices


 * Every time you insert a removable device such as external hard drive, floppy disk, zip drive, CDs, DVDs, flash drive to a Linux system, a new directory will automatically be created inside the /media directory.
 * It is a temporary mount directory for removable devices.


 * /mnt – Temporarily mounted filesystems


 * While /media is where the system automatically mounts removable media, /mnt is for you to mount things (partitions, file systems, devices) manually and temporarily.


 * /opt – Optional software packages


 * The /opt directory is reserved to store addition software or extra and third-party software for your system, those addition software usually don’t follow the standard file system hierarchy and not handled by the package manager.


 * /proc – Kernel & Process Information


 * Similar to /dev, /proc directory contains information about running process, system resources and information.
 * You can view information about any running process with a specific process-id (pid) or hardware’s information such as memory, cpu, io, etc.


 * /root – Root Home Directory


 * Don’t be confused with “/” or root directory, /root is a root account’s home directory determined by developer or local preference rather than /home/root to allow for booting the system even if /home/ is not available.
 * Sometimes /home is located on a different partition or even on another separate system and it’s inaccessible to “root”, that is why “root’s home directory” need to be in the same partition as “/” directory.


 * /sbin – System binaries


 * Similar to /bin, /sbin contains essential binaries that are generally intended to be run by the root user for system administration and maintenance purpose.
 * For example iptables, reboot, fdisk, ifconfig, swapon, init, ip, mount


 * /selinux – Security-Enhanced Linux


 * Selinux comes with RedHat based distro (fedora, centos), selinux is a security architecture integrated into the 2.6.x kernel using the Linux Security Modules (LSM).
 * For some reason Centos 6 created an emtpry selinux directory in root directory, the real selinux directory with its configuration files are stored in /etc/selinux/ directory.


 * /srv – Service Data


 * Server (srv) contains data of services such as HTTP, FTP, rsync, cvs


 * /sys – virtual filesystem


 * Some newer Linux distros have /sys directory with sysfs virtual filesystem to store information and statistics about (physical and virtual) device and device names.
 * It is newly added since Linux kernel 2.6 /sys contains similar information with /proc which display device information about the kernel’s view of the system.


 * /tmp – Temporary files


 * System’s Temporary Directory, all users and programs in your system can access/read/write in this directory.
 * Most files in this directory are required temporarily.
 * Many programs use /tmp to create lock file to save temporary data or files.
 * Normally don’t delete files from /tmp unless you know what you are doing because most files are required for current running programs.
 * You should not save or store any important files/directories under /tmp since all files will be removed after system is rebooted.


 * /usr – binaries, documentation, source code, libraries


 * Pronounced as ‘user’, /usr contains the majority of user utilities, programs, libraries, documentation etc for all user-related second level programs rather than applications and files used by the system.
 * Some user programs are stored here like telnet, ftp, etc.. /usr is shareable between various FHS-compliant hosts but can not be written to.


 * /var – Variable Files


 * Variable or /var contains data that is expected to change and grow as the system is running (system log files, mail, printer spool, temporary files).
 * Some sub directories under /var are not shareable between systems like /var/log, /var/lock, or /var/run, while other sub directories are shareable like /var/mail, var/cache/man, var/cache/fonts, and /var/spool/news

= File Details=

Passwd file

 * Password file /etc/passwd is human readable file.
 * By default /etc/passwd file permission is 644 i.e. -rw-r–r– and ownership root:root.
 * Means file is world readable and only root users can edit it.
 * However it is not recommended it manually.

root:x:0:0:ROOT account:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin myuser:x:513:520:Test User:/home/myuser:/bin/bash - output truncated -
 * 1) cat /etc/passwd


 * For every user (row) there are 7 fields defined separated by colon

Username Encrypted password   x means encrypted password is stored in /etc/shadow file UID GID Comment Home directory Shell

Shadow file

 * Located in /etc/shadow, it is not world readable and can be read by root user only.
 * Shadow file permissions are 400 i.e. -r——– and ownership is root:root.
 * Means it can be only read and by root users only.
 * Reason for such security is password related information which is being stored in this file.

root:$1$UFnkhP.mzcMyajdD9OEY1P80:17413:0:99999:7::: bin:*:15069:0:99999:7::: daemon:*:15069:0:99999:7::: adm:*:15069:0:99999:7::: testuser:$1$FrWa$ZCMQ5zpEG61e/wI45N8Zw.:17413:0:33:7:::
 * 1) cat /etc/shadow

There are total of 8 fields in shadow file separated by colon Username Encrypted password Last password change Min days Max days Warn days Inactive days Expiry

= Command Editing Shortcuts =

Ctrl + a – go to the start of the command line Ctrl + e – go to the end of the command line Ctrl + k – delete from cursor to the end of the command line Ctrl + u – delete from cursor to the start of the command line Ctrl + w – delete from cursor to start of word (i.e. delete backwards one word) Ctrl + y – paste word or text that was cut using one of the deletion shortcuts (such as the one above) after the cursor Ctrl + xx – move between start of command line and current cursor position (and back again) Alt + b – move backward one word (or go to start of word the cursor is currently on) Alt + f – move forward one word (or go to end of word the cursor is currently on) Alt + d – delete to end of word starting at cursor (whole word if cursor is at the beginning of word) Alt + c – capitalize to end of word starting at cursor (whole word if cursor is at the beginning of word) Alt + u – make uppercase from cursor to end of word Alt + l – make lowercase from cursor to end of word Alt + t – swap current word with previous Ctrl + f – move forward one character Ctrl + b – move backward one character Ctrl + d – delete character under the cursor Ctrl + h – delete character before the cursor Ctrl + t – swap character under cursor with the previous one

Command Recall Shortcuts

Ctrl + r – search the history backwards Ctrl + g – escape from history searching mode Ctrl + p – previous command in history (i.e. walk back through the command history) Ctrl + n – next command in history (i.e. walk forward through the command history) Alt +. – use the last word of the previous command

Command Control Shortcuts

Ctrl + l – clear the screen Ctrl + s – stops the output to the screen (for long running verbose command) Ctrl + q – allow output to the screen (if previously stopped using command above) Ctrl + c – terminate the command Ctrl + z – suspend/stop the command

Bash Bang (!) Commands

Bash also has some handy features that use the ! (bang) to allow you to do some funky stuff with bash commands.

!! – run last command !blah – run the most recent command that starts with ‘blah’ (e.g. !ls) !blah:p – print out the command that !blah would run (also adds it as the latest command in the command history) !$ – the last word of the previous command (same as Alt + .) !$:p – print out the word that !$ would substitute !* – the previous command except for the last word (e.g. if you type ‘find some_file.txt /‘, then !* would give you ‘find some_file.txt‘) !*:p – print out what !* would substitute

= Manually Boot using Grub =

Source: viktorpetersson.com

Locate where the vmlinuz and initrd.* files are located

grub> ls (hd0) (hd0,msdos5) (hd1) (hd1,msdos0)

Boot the system:

grub> linux (hd1,msdos1)/install/vmlinuz root=/dev/sdb1 grub> initrd (hd1,msdos1)/install/initrd.gz grub> boot

This should even work if your BIOS doesn’t support booting off of USB.


 * References