Cheat sheet on Linux for users

This is my favourite way, and seems to be available on many different distros hostnamectl You can also change your name with hostnamectl set-hostname

cat /etc/os-release

cat /etc/redhat-release
cat /etc/centos-release
cat /etc/fedora-release

cat /etc/debian_version

cat /etc/lsb-release

cat /etc/gentoo_release

From mitre.org, ~/.bash_profile and ~/.bashrc are shell scripts that contain shell commands. These files are executed in a user's context when a new shell opens or when a user logs in so that their environment is set correctly. ~/.bash_profile is executed for login shells and ~/.bashrc is executed for interactive non-login shells.

This means that when a user logs in (via username and password) to the console (either locally or remotely via something like SSH), the ~/.bash_profile script is executed before the initial command prompt is returned to the user.

Subsequently, every time a new shell is opened, the ~/.bashrc script is executed. This allows users more fine-grained control over when they want certain commands executed. These shell scripts are meant to be written to by the local user to configure their own environment.

The macOS Terminal.app is a little different in that it runs a login shell by default each time a new terminal window is opened, thus calling ~/.bash_profile each time instead of ~/.bashrc.

You can edit this in your root directory and add after which you save the changes, exit, then run source .bashrc to re-read and initialize the new .bashrc

alias [name[='value']]

No spaces allowed next the = sign. If value has spaces, it must be enclosed in "" marks.

alias[name[=value]]

alias lst='ls -lart'
alias font22='setfont LatGrkCyr-12x22.psfu.gz' 
alias font16='setfont LatGrkCyr-8x16.psfu.gz' 
alias ip4='nmcli -f ip4 device show'
alias ip4='nmcli -f ip4 device show'
alias skip='sed "/^$/d ; /^ *#/d"'   # Strip blanks and comments from files.

• ls -S is sort by size, but I would not make that an alias.

export PS1="Monty > "   # only display Monty >
export PS1="\u "        # only display the username
export PS1="\u@\h "      # display the username and host
export PS1="\u@\H "      # display the username and FQDN
export PS1="\u@\h\\$ "   # display the username@host $
export PS1="\u@\h\ \s \\$ "         # display the username@host >bash $
export PS1="\u@\h\ \s\v \\$ "         # display the username@host >bash4.4 $
export PS1="\w \\$"      # display only the current path and $
export PS1="\W"         # will remove the first / in the path displayed
export PS1="[\!] $"     # show the history line number i.e. [15] $

The export command sets the value of the TERM variable to xterm-color. In addition, xterm-color is a terminal type that supports colorization. We can also interpret the other parts of the script:

PS1: defines the shell prompt \u: represents the username \h: represents the hostname \w: represents the current working directory \[\e[31m\]: changes the text to red \[\e[0m\]: sets the color to default

You can edit this in your root directory and add after which you save the changes, exit, then run source .cshrc to re-read and initialize the new .cshrc

There are multiple ways to set colors: LSCOLORS env variable LS_COLORS env variable

In zsh using:

PROMPT="%B%{$fg[yellow]%}%d%(?:%{$fg_bold[green]%}[%h]:%{$fg_bold[red]%}[%h]) $%{$reset_color"

In bash shell using ANSI escape codes \e or \033

This is controlled by gnome settings. Per session settings are: gsettings set org.gnome.desktop.wm.preferences focus-mode 'mouse'

So save this permanently? Apparently the gsettings above IS permanently saved; so no need to do anything else.

Two very useful commands related to uptime are last and who -b So together they are:

• uptime shows time since last reboot. Also uptime -s
• last will show you all the users that have logged in and when as well as when and how many times the system was rebooted. Can also use last reboot
• last -x will also show you reboots and other system level changes.
• who -b just shows the last time the system was rebooted.

This lists the kill signals used by the system. May be slightly different from distro to distro, or linux to mac OSX, BSD etc.

from another tty, issue the command who Note the tty session, e.g. pts/0 (psuedo terminal ssh 0 )

ps -ef | grep pts to see the associated process

kill processid # of the tty process.

To kill all processess that contain "brave" killall brave

other tools similar to tree are broot

cut -d" " -f 1 # means use a space as the delimiter and return field 1. cut -d| -f 3-4 # means use a "|" as the delimiter and return fields 3 & 4. cut -f 2,4-6 # means use a tab as the delimiter and return field 2, 4 to 6 cut -c 2 # means use a tab as the delimiter and return field 2.

rename files can rename files, replacing all occurances of strng1 with strng2. for example renamin all occurances of "ciscospark" with "webexapi" you could

• rename 's/ciscospark/webexapi/' *.py should work on linux, but not macosx
• sed for macosx should do.

for f in ./*.*; do
       cp $f ciscospark-$f;   # this did not work, but is a naive way to try.
done


for file in ACDC*.xxx; do
    mv "$file" "${file//ACDC/AC-DC}"
done

for file in webex-*.py; do
    mv "$file" "${file//webex/ciscospark}"
done

# including subdirectories
find . -type f -name webex\*.py -print0 | while read -r -d '' file; do
    mv "$file" "${file//webex/ciscospark}"
done

find . -type f -name "ACDC*" -print0 | while read -d $'\0' f
do
   new=`echo "$f" | sed -e "s/webex/ciscospark/"`
   mv "$f" "$new"
done

ansible@c8host ~[1174] $
true && echo "ok it worked"
ok it worked

ansible@c8host ~[1175] $
false && echo "ok it worked"

<nothing was echoed here, but that is hard to show, hence this explanation>
ansible@c8host ~[1176] $

That was taken from the MIT missing lecture series on youtube

This is the AND operator &&:

The second command will ONLY run if the first command succeeded. So, here is a better example, good for handling ugly errors:

cat ".bashrc" ;  echo "this is my profile"
cat ".bashrc" && echo "this is my profile"

• The first choice above will fail with an ugly error if there is no file called .bashrc.
• The second choice will print "this is my profile" only if there really was a profile. Much better.

A common use of this is to set the bash prompt different whenever the last command returned an error:

\[\033[30m\] : Black
\[\033[31m\] : Red
\[\033[32m\] : Green
\[\033[33m\] : Yellow
\[\033[34m\] : Blue
\[\033[35m\] : Purple
\[\033[36m\] : Cyan
\[\033[37m\] : White
 # loops:  export PS1='$(if [ $? -eq 0 ]; then printf "\033[01;32m""\xE2\x9C\x93"; else printf "\033[01;31m""\xE2\x9C\x95"; fi) \[\e[00;32m\]\u@\h\[\e[00;30m\]:\[\e[01;33m\]\w\[\e[01;37m\]\$ '

  export PS1='... \e[01;31m$(code=${?##0};echo ${code:+[error: ${code}]})\e[00m'

 # on Linux
  export PS1="\$([ \$? == 0 ] && echo ✅ || echo ⚠️ ) \[\033[01;36m\]\u\[\033[01;32m\]@\h\w[\!] \[\033[01;31m\]$\[\033[00m\]\n"
  export PS1="\[\033[01;36m\]\u\[\033[01;32m\]@\h\w[\!] \[\033[01;31m\]$\[\033[00m\]\$([ \$? == 0 ] && echo ✅ || echo ⚠️ )\n"
  export PS1="\[\033[01;36m\]\u\[\033[01;34m\]@\h\w[\!]\$([ \$? == 0 ] && echo ✅ || echo ⚠️ ) \[\033[01;31m\]$\[\033[00m\]\n"
  export PS1="\[\033[01;36m\]\u\[\033[01;34m\]@\h\w[\!]\$([ \$? == 0 ] && echo ✅ || echo '\[\033[01;31m\]⚠️ ') \[\033[01;31m\]$\[\033[00m\]\n"
  export PS1="\[\033[01;36m\]\u\[\033[01;34m\]@\h\w[\!]\$([ \$? == 0 ] && echo ✅ || echo '\[\033[01;31m\]⚠️ ') \[\033[01;31m\]$\[\033[00m\]\n"
  export PS1="\[\033[01;36m\]\u\[\033[01;34m\]@\h\w[\!]\$([ \$? == 0 ] && echo ✅ || echo '\[\033[01;31m\]⚠️ ') \[\033[01;31m\]$\[\033[00m\]\n"
  export PS1="\[\033[01;36m\]\u\[\033[01;34m\]@\h\w[\!]\$([ \$? == 0 ] && echo \[\033[01;36m\] ✅ || echo ⚠️ ) \[\033[01;31m\]$\[\033[00m\]\n"
  export PS1="\[\033[01;36m\]\u\[\033[01;33m\]@\h\w[\!]\$([ \$? == 0 ] && echo '\[\033[01;32m\]✅' || echo '\[\033[01;31m\]⚠️ ') \[\033[01;31m\]$\[\033[00m\]\n"
  export PS1="\[\033[01;36m\]\u\[\033[01;33m\]@\h\w[\!]\$([ \$? == 0 ] && echo '\[\033[01;32m\]✅' || echo '\[\033[01;31m\]⚠️ ') \[\033[01;31m\]$\[\033[00m\]\n"
  export PS1="\[\033[01;36m\]\u\[\033[01;33m\]@\h\w\$([ \$? == 0 ] && echo '\[\033[01;32m\][\!] ✅' || echo '\[\033[01;31m\][\!] ⚠️ ')\[\033[00m\]\n"
  export PS1="\[\033[01;36m\]\u\[\033[01;33m\]@\h\w\$([ \$? == 0 ] && echo '\[\033[01;32m\][\!] ✅' || echo '\[\033[01;31m\][\!] ⚠️ ')\[\033[00m\]\n"
  export PS1="\[\033[01;36m\]\u\[\033[01;33m\]@\h\w\$([ \$? == 0 ] && echo '\[\033[01;32m\][\!] ✅' || echo '\[\033[01;31m\][\!] ⚠️ ')\[\033[00m\]\n"i
  #               cyan       user   yellow     @host path                          green                           red                   reset colour
  zintis@vm1~[202] ✅

  # on zintis.net
  export PS1="\[\033[01;34m\]\u@\h.net\[\033[01;33m\] \$PWD\[\`if [[ \$? = "0" ]]; then echo '\e[32m[\!]\e[0m'; else echo '\e[31m[\!]\e[0m' ; fi\`:\n\$ "
  # on macbook zsh
  export PS1="\[\033[01;33m\]\$PWD\[\`if [[ \$? = "0" ]]; then echo '\e[32m[\!]\e[0m'; else echo '\e[31m[\!]\e[0m' ; fi\`:\n\$ "

The second choice will print the message ONLY if the first command failed. If the first command succeeded, the second command will NOT run.

The above still might have an ugly error, which you can supress by redirecting to null, stderr is &2, i.e. &2 > /dev/null

ansible@c8host ~[1172] $
false || echo "logical OR says false was false"
logical OR says false was false

ansible@c8host ~[1173] $
true || echo "logical OR says false was false"

ansible@c8host ~[1174] $

In bash shell scripts you can do 'cd .. || exit' as a safe way to run a command and if that fails, simply exit the script altogether.

echo "first" ; echo "second will always print too" The first command completes, before the second command runs.

This is the same as the shell &, i.e. "put this in the background" sleep 5 ; echo "all done." sleep 5 & echo "all done."

The first command will print "all done" only after waiting 5 seconds. the second commnd will print "all done" right away, but the script will still take 5 more seconds to finish (less the time it took to echo all done)

add) asktype && askinfo && tryconnect && finalize || delete ;;

This will run each of these commands in order, and continue as long as each of them runs successfully. As soon as one fails, all the others will fail, until you get to the || which will run if any of the previous failed. If they all succeeded, then the delete will NOT run.

Slick and effective.

Depending on which shell you are running, it will contain commands for interactive job control. For example, in bash, when a user runs an interactive command or program, you can temporarily suspend the program with C-z / ^z followed by the command bg or background.

When you run ^z on a running process, then issue the command jobs you will see that the state of that job is suspended. after running bg the state will have changed to running.

Linux signals are always at your fingertips if you remember man signal

common

Linux also has keyboard shortcuts as well as kill commands for the most common signals, i.e. kill -TERM 555 to terminate PID 555 See man kill for a listing of these signal names, and more information.

kill -s TERM %2 and kill -15 %2 and kill -TERM %2 are all equivalent, and all terminate job 2. And since the default signal is SIGTERM these all are also equivalent to simply kill %2 And since the default job number is %1, if you want to kill the

Check out this simple python program that you can use to get familiar with signals. The program will not stop for most signals, but SIGKILL will always override, so that is how you get out of the infinite loop below:

  #!/usr/bin/env python
import signal, time

def handler(signum, time):
    print(f"\n   I got a SIGINT, but will keep going")

signal.signal(signal.SIGINT, handler)

# infite loop
print(" Press ^C i.e. SIGKILL to exit this program")

i = 0
while Ture:
    time.sleep(0.1)
    print(f"\r{i}", end="")
    i += 1

SIGKILL should be used with caution when that process has spawned child processes, because SIGKILL will terminate the process and leave the child processes orphaned, and keep running. Will get weird behaviour.

logging out of a session will send a SIGHUP.

There are several ways. It is good to know several as there are differences between the shells you are running, and one method may work for one and not the other.

1. echo $0 Most shells store the current shell in the variable $0
2. echo $SHELL Another common variable set to the shell you are running
3. echo $$ Most shells set the PID of the currently running process to the special variable $$ You can follow up with ps -p PID
4. ps -p $$ does the above in one command
5. echo $BASH within a bash shell
6. echo $VERSION within a tcsh shell
7. if [ -z "$BASH" ]; then echo "Run script $0 with bash please"; exit; fi Actually $0 is set to the current running process. From within a shell that is obviously the shell itself, but $0 would be the script name from within a running bash script etc. (-z object) means if object exists return true.

The pid of the current instance of shell is echo "$$" Then, find the process of that pid with ps -p <PID>

Or putting it in a single command: ps -p "$$"

Notice that $$ is NOT the pid in fish. For fish you need to use $fish_pid.

This will persistently change the default shell for you. Logout and back in to see the effects.

When I had set my terminal default shell to be /bin/bash, then I got this error when opening a new terminal window:

The default interactive shell is now zsh.
To update your account to use zsh, please run `chsh -s /bin/zsh`.
For more details, please visit https://support.apple.com/kb/HT208050.

Here is me on Darwin, changing my default shell to bash.

$ chsh -s /bin/bash
Changing shell for zintis.
Password for zintis: 
chsh: no changes made

No changes were made because it was already /bin/bash.

usermod is a utility for modifying a user's account details that are store in /etc/passwd.

One could just sudo vi /etc/passwd and not make ANY mistakes, but usermod is a safer option.

• usermod --shell /usr/bin/tcsh zintis

Then confirm by grep zintis /etc/passwd

does the same thing usermod does, but only for changing a users shell.

• chsh --shell /usr/bin/tcsh zintis

From linuxconfig.org Each time a new user is created, automatically a new group with the same name of the user is created too, and the user becomes its sole member. This is what is called a primary or private group.

Each user has its own primary group, named after himself, with no other members. This setup makes possible to change the default umask value: traditionally it was 022 (this means 644 permissions for files and 755 for directories), now it is usually set to to 002 (664 permissions for files and 775 for directories). (mask is subtracted from 666 for files and 777 for directories. … -1 is the same as 0)

Since, by default, each file or directory created by a user is created with that user's primary group, this setup, while preserving security (a user can still modify only its own files), simplifies resources sharing and collaboration between users which are members of the same group when the setgid bit is used, by allowing write permissions for the group.

chown -R owner:group * .[^.]*

This adds a new group to /etc/group

chgrp super kaapvall/ sarmation/
chmod g+s kaapvall/ sarmation/

This forces new files created inside the directories kaapvall and sarmation to have the group ownership "super" instead of the user's group.

To set the default group permissions, you will have to use ACLs. Set a "default" ACL:

• setfacl -m "default:group::rwx" /var/www

To also adjust subdirectories: find /var/www -type d -exec setfacl -m d:g::rwx {} +

Note: The file system must have ACL support enabled. Sometimes it is on by default; on ext3 or ext4 you might get "Operation not supported", in which case it must be enabled manually:

For a currently mounted filesystem: mount -o remount,acl /

Permanently – one of the methods below:

• at fstab level: edit /etc/fstab to have acl in the options field
• at filesystem level: tune2fs -o acl /dev/diskname

When a process creates a file, the file has certain default permissions, for example, -rw-rw-r–. These initial permissions are partially defined by the file mode creation mask, also called file permission mask or umask. Every process has its own umask, for example, bash has umask 0022 by default. Process umask can be changed.

When a file or directory is created, the permissions are set by the process that created that file or directory. For example, when using the touch command to create a new file, the default permissions set by that process for files is 0666. If the UMASK were set to 0000, then the file permissions would be 0666.

From that I gather that the touch proccess has default permissions of 0666

The umask is the value that is subtracted from 666 (rw-rw-rw-) permissions when creating new files, or from 777 (rwxrwxrwx) when creating new directories.

For example, if the default umask is 002, new files will be created with the 664 (rw-rw-r–) permissions, and new directories with the 775 (rwxrwxr-x) permissions.

If umask is 0026 new files will have chmod 640 new dirs will have chomd 751

A umask consists of bits corresponding to standard file permissions. For example, for umask 0137, the digits mean that:

0 = no meaning, it is always 0 (umask does not affect special bits) 1 = for owner permissions, the execute bit is set 3 = for group permissions, the execute and write bits are set 7 = for others permissions, the execute, write, and read bits are set Umasks can be represented in binary, octal, or symbolic notation. For example, the octal representation 0137 equals symbolic representation u=rw-,g=r–,o=—.

Symbolic notation specification is the reverse of the octal notation specification: it shows the allowed permissions, not the prohibited permissions.

umask by itself will display what the current umask is set to. umask <octalno.> will set it to the octalno value.

umask 0000 touch one two three ls -l * umask 0002 touch four fix six ls -l *

The above will show you that: UMASK did not allow the others component to have write permission. The way that the UMASK works is it defines what is allowed or permissible. With all zeros, it’s saying that read, write and execute permissions are permissible, so it’s not restricting anything and the permissions will be set by the process. Yet in our second example with a UMASK set to 0002, this is restricting the access for others to not have write permission.

UMASK did not allow the others component to have write permission. The way that the UMASK works is it defines what is allowed or permissible.

With a umask set to all zeros, it’s saying that read, write and execute permissions are all permissible,

it’s not restricting anything and the permissions will be set by the process.

With a UMASK set to 0002, it's saying to remove write permission.

Put another way: Linux umask bits define what is forbidden. SAMBA create bit masks define what is allowed.

chgrp super kaapvall/ sarmation/ # makes group 'super' for these 2 directories chmod g+s kaapvall/ sarmation/ # makes new files have group 'super' in these 2

This forces new files created inside the directories kaapvall and sarmation to have the group ownership "super" instead of the user's group.

This works quite differently than the Linux environment UMASK. Instead of defining what is restricted, it defines what is allowed. With the create mask and create directory mask options, a setting of 0777 would allow all bits to be set, thus leaving the permissions to be set by the requested user. Furthermore, the force create mode and force directory mode would force a particular bit to be set, even if it wasn’t requested by the user.

As an example, consider the following option settings as you would define them for a share in smb.conf:

create mask = 0770 force create mode = 060 create directory mask = 0770 force directory mode = 070

This would allow both files and directories to have read, write and execute permissions for user and group, but not others. At the same time, it forces the group permissions to be read/write for files and read/write/execute for directories.

When extracting a tar archive from another vm or Linux host, you may have different owners defined on one machine to the next. In order to over-ride the original tarred owner of files, use the --no-same-owner option.

This will make the onwer of the new un-tarred files yourself. Otherwise you will see some user id number as the owner for these files, that may not even be a valid user on your system, or even worse, make an unsuspecting innocent valid user on your system the owner of these files, which of course they should not be.

First of all, selinux (Secure Enterprise Linux) config files are in: /etc/selinux/config where you can change SELinux from enforcing to not.

I had the same problem, but everything like mask directives did not work for me (Samba 4.3.11):

create mask = 0664 force create mode = 0664 directory mask = 02775 force directory mode = 02775 The only option that worked was under the [global] or share section:

inherit permissions = yes Just change all folder and file permissions to your need, so future folders and files will inherit the same permissions.

3

There is a very similar problem when connecting from other Unix / Linux / OSX / MacOS devices: all of the settings are ignored unless you specify

[global]

unix extensions = no And connect with smb://<serverhost> instead of cifs://<serverhost>.

another: [html] comment = admin access path = /var/www/html browsable = yes guest ok = no writable = yes valid users = @admin create mask = 664 force create mode = 664 security mask = 664 force security mode = 664 directory mask = 2775 force directory mode = 2775 directory security mask = 2775 force directory security mode = 2775

SOLVED (seems to be)

The problem was in the obey PAM restrictions parameter. By default it is turned off, and I could not remember why I turned it on. The SAMBA config was partially taken from older installation may be I had reasons to be obeyant there :-)

When it is ON, then SAMBA-created files are under UMASK restrictions. I don't know, if it is correctable via login defaults (what is the user?), but umask command gives me "0022" which means "u+a g-w o-w".

Hope, it will help to someone with similar problem.

shareimprove this answerfollow

/etc/samba/smb.conf file. For my Music share, I added the following options:

create mask = 664 force create mode = 664 security mask = 664 force security mode = 664 directory mask = 2775 force directory mode = 2775 directory security mask = 2775 force directory security mode = 2775

Start with the very simple: for i in (ls) echo $i end

Note how that is different from bash that would use backtics for subcommands `ls`

Shell variables are created when you first assign a value to them:

MYVAR = 314159
echo "MYVAR is set to $MYVAR"

You can have a global, unexported var such as MYVAR in the above example, and then inside a function do set -lx MYVAR =value to create a locally scoped instance, that is different from 314159. When control returns from the function the global scope var pops back into existence and won't be exported.

Variables that are NOT exported are called shell variables.

An exported variable is visible to commands and child processes run by that shell. All shells opened beneath this shell will still have this variable set to the same value. This is what is known as an environment variable, because it holds for the entire environment below it.

A full example of a shell variable:

$ MYVAR=314159
$ echo "MYVAR is set to $MYVAR"
MYVAR is set to 314159    
$ bash
$ echo "MYVAR is set to $MYVAR"
MYVAR is set to
$

Now as an environment variable:

$ export MYVAR = 314159
$ echo "MYVAR is set to $MYVAR"
MYVAR is set to 314159    
$ bash
$ echo "MYVAR is set to $MYVAR"
MYVAR is set to 314159
$

** Useful environment variables In no particular order:

HISTTIMEFORMAT="%Y-%m-%d %T"
# used by logs and other processes.. year month day and time

There are several special shell variables set by most shells (not all). They are:

In bash:

1. ${$} the current running process ID, i.e. PID
2. ${n} positional parameters Where ${1} is the first parameter, $2 is 2nd parm etc. Where the n is a number, the curly braces are options.
3. $0 Special case of the above, but results in the current running job/command
4. ${@} all parameters All of them. Can say $@
5. ${*} all parameters All of them. Can say $* But output has the IFS between parameters For example myscript 40 myfile.txt results in $* as 40;myfile.txt when IFS is ";"
6. ${#} how many parameters exist
7. ${?} the error code of the last command
8. ${!} the PID of the last background job/command
9. ${_} the last parameter

In most cases the curly braces are optional, so you can use:

1. $$
2. $3
3. $0
4. $@
5. $*
6. $#
7. $?
8. $!
9. $_

Not to be confused with the command line history commands that all begin with the 'bang' character, like !! and !$ and !* and !-3 as in:

• !! previous command, often used with sudo !!
• !$ previous command's last argument, often used with ls *.*~; rm !$
• M-. does the same as !$ i.e. the previous command's last argument
• !-2 two commands ago
• !-n n commands ago
• !545 the 545th command, often used after history | grep somestring

Let's say your command is "dnf uninstall" And the list of apps you want to uninstall came from a grep: dnf list --installed | grep microsoft | xargs | dnf uninstall will issue the command dnf uninstall arg (one at a time where arg is the list of apps tht include microsoft) you could test this first with dnf info in place of dnf uninstall.

Let's say you want to change all python programs, (ending in .py) in the current directory, to be executable, and belong to the zintis group.

ls *.py | xargs chmod 740 
ls *.py | xargs chgrp zintis

And you are done!

Notice that you don't actually put the file as an argument at the end of the chmod or chgrp command. If that makes it confusing for you, the following two command are identical in action.

ls *.py | xargs -I{} chmod 740 {}
ls *.py | xargs -I{} chgrp zintis {}

One final point, these xargs examples actually generates just one chmod or chgrp command, ef chmod 740 file1.py file2.ph file3.py …. filen.py

If you want to issue the command itself once for each file to get chmod 740 file1.py chmod 740 file2.py . . chmod 740 filen.py

Then you must also include -n 1, so ls *.py | xargs -n 1 chmod 740

On Darwin (Mac OSX) the sections are The standard sections of the manual include:

1 User Commands

2 System Calls

3 C Library Functions

4 Devices and Special Files

5 File Formats and Conventions

6 Games et. Al.

7 Miscellanea

8 System Administration tools and Deamons

On CentOS the sections are The standard sections of the manual include:

1 User Commands

visudo > this command opens up vi with the sudoers file add the user after the line for root: i.e.:

## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL
zintis  ALL=(ALL)       ALL

By default the sudo timeout is fairly short (well depending where you are I guess). It extend the timeout to say, 25 minutes you can do the following:

sudo visudo edit the line: Defaults env_reset to add: Defaults env_reset, timestamp_timeout=30 Defaults env_reset,timestamp_timeout=30 not sure if a space comes after the comma…

Or, just add a line by itself as in: Defaults timestamp_timeout=30

You can see the value by sudo grep timeout /etc/sudoers

hostname # to display it hostname -s to hostname -f # display the FQDN

To permanently change it, use hostnamectl set-hostname your-new-hostname

This worked, and changed it in /etc/hostname

There is also sudo vi /etc/sysconfig/network

With lines like: HOSTNAME=c8host.zintis.net

And /etc/hosts where you can add 192.168.122.76 c8host.zintis.net c8host

Can also set the hostname to "arthur_dent" by: nmcli general hostname arthur_dent

If you want to go with the flow and want to config DNS, you can add entries to /etc/sysconfig/network-scripts/ifcfg-eth0 like these two lines: DNS1=208.67.222.222 DNS2=208.67.220.220

Can straight edit this file too (needs SU priviledges) add HOSTNAME=myserver.cisco.com

The easiest is nmcli network off; nmcli network on

/etc/init.d/network restart In general Centos does not use service, but other Linux distributions still do. They would run sudo service postfix restart in place of sudo systemctl restart postfix Just for those times you are not on a CentOS, or RHEL, or Fedora or Ubuntuu system. Like Cisco switches for example.

This is the traditional approach, which has been replaced by systemctl When looking in the directory /etc/init.d the CentOS developers were good enough to leave you a note: as follows:

You are looking for the traditional init scripts in /etc/rc.d/init.d, and they are gone?

Here's an explanation on what's going on:

You are running a systemd-based OS where traditional init scripts have been replaced by native systemd services files. Service files provide very similar functionality to init scripts. To make use of service files simply invoke systemctl, which will output a list of all currently running services (and other units). Use systemctl list-unit-files to get a listing of all known unit files, including stopped, disabled and masked ones. Use systemctl start foobar.service and systemctl stop foobar.service to start or stop a service, respectively. For further details, please refer to systemctl(1).

Note that traditional init scripts continue to function on a systemd system. An init script /etc/rc.d/init.d/foobar is implicitly mapped into a service unit foobar.service during system initialization.

Thank you!

Further reading: man:systemctl(1) man:systemd(1) http://0pointer.de/blog/projects/systemd-for-admins-3.html https://www.freedesktop.org/wiki/Software/systemd/Incompatibilities

ip link help ip link show ip addr show ip -4 address show (use tab completion, and double-tab to see options)

shutdown -h now # actually halts the server, then you manually start it shutdown -r now # reboots reboot init 6

reboot and shutdown are both symbolic links to systemctl.

I was now getting the responses I was looking for. For example:

zintis@c8host ~$ modprobe -a kvm_intel
zintis@c8host ~$ cat /sys/module/kvm
kvm/       kvm_intel/ 
zintis@c8host ~$ cat /sys/module/kvm_intel/parameters/nested
Y
zintis@c8host ~$ 

To make this stick: edit /etc/inittab and look for a line that begin with id:5. Replace the 5 in that line by 3. You can find a brief description of runlevels here, but shortly:

- Runlevel 0 and 6: halt and reboot the machine, respectively.
- Runlevel 1: No services running, only root can login.
- Runlevel 2: Users can login but no networking.
- Runlevel 3: Networking and text-mode.
- Runlevel 4: unused.
- Runlevel 5: GUI.

You can use the -mtime +5 option of the find command to find files that are older than 5 days

Other find time attributes:

-atime n  access time
-mtime n  modified time

n can be an exact time, i.e. 5 would be 5 days ago (5 X 24 hrs) but +5 is 5 days or older ago.

An example to move *.jpg files older than 30 days is:

find /path/to/files/ -type f -name '*.jpg' -mtime +30 -exec mv {} /path/to/archive/ \;

df and du of course, but here's how you can easily find the largest 20 files

1. du -a /dir | sort -n -r | head -20 du -a . | sort -n -r | head

There are a few alternatives to du the most popular one being ncdu. -ncdu is written in c and users ncurses library, hence the name ncdu. To install ncdu you simply brew install du or sudo dnf install ncdu or apt install ncdu

But others are dust, written in rust programming language, diskus and others.

• find . -name src -type d
• find . -path '**/test/*.py' -type f

grep -R to recursively look for the string in all files and all subdirectories.

Much like spotlight on mac, it indexes files on your system once a day.

Searches your path for executable files.

Gives you a brief man summary for a command

"route" is an alias for "netstat -nr"

Easiest is to interactively test the fonts using setfont. The available console fonts are located in the different directories for different distros:

/usr/share/consolefonts (Debian/etc.), /usr/lib/kbd/consolefonts (Fedora, RHEL, CentOS), /usr/share/kbd/consolefonts (openSUSE)…

setfont UniCyr_8x14.psf.gz setfont sun12x22.psfu.gz setfont LatGrkCyr-8x16.psfu.gz setfont LatGrkCyr-12x22.psfu.gz

Enter the app called "tweaks" then add the app you want started automatically, "Startup Applications" You may have to install "tweaks", if so use dnf install gnome-tweaks

within the gnome screen, upper right, click zintis/account settings Then click on avatar and choose a file or a picture. Easy-peasy.

[Desktop]
Session=kde-plasma

You might haver to add a kde.desktop file if not already in the xsessions directory mentioned above

If so, try to specify a default session for a user in :

• /var/lib/AccountsService/users/*username* file.

  [User]
  Language=
  XSessions=plasma
  

  One user suggested this:

  From dir /usr/share/xsessions move all *.desktop file to another
  directory(unnecessary_env, for example) and leave only one you need(in my
  case - xfce.desktop):
  
  $ ls /usr/share/xsessions
  xfce.desktop  unnecessary_env/
  
  After logout/reboot XFCE will be loaded by default
  
  Note! You won't be able to choose between GUI
  
  
  

exec "usr/bin/startkde" >> ~/.xinitrc startx use systemctl instead.

In /etc/ssh/sshd_config

PermitRootLogin without-password is deprecated alias: use prohibit password PermitRootLogin prohibit-password in combination with: PubkeyAuthentication yes

This results in root being able to login, but ONLY with a public key authentication. i.e. NOT with username password.

Interesting that the lab specifically asked to set PermitRootLogin to yes the line before asking to permit root login ONLY using key authentication. —there might be more going on. See man sshd_config that states that prohibit-password means password and keyboard-interactive authentication are disabled for root.

have to restart sshd for these changes to take effect so: sudo systemctl restart sshd (or for older systems service sshd restart

in /etc/ssh there is the file sshd_config (not to be confused with the client config file ssh_config

You can think of it as sending your password ahead of time to the server you want to connect to. But rather than pre-sending your password, which would obviously be a huge security risk, you send just your public key. The public key will be used by the server to confirm that you are you, as only you, i.e. the possessor of the matching private key, could have sent a session key that was encrypted with the private key. That session key is decrypted using your pre-shared public key, and if it is a match, then the server knows that you are you.

As user:

• ssh-keygen -t rsa
• ssh-keygen -t rsa -b 2048
• ssh-keygen -t rsa -b 4096
• ssh-keygen -t dsa
• ssh-keygen -t ecdsa -b 521
• ssh-keygen -t ed25519

I recommend using rsa. It is the most widely accepted key type.

• ssh-keygen -l -f <filename> # i.e. in my case ~/.ssh/id_rsa.pub
• ssh-keygen -lv -f <filename>

The -l option is to list fingerprint.

• ssh-keygen -lv -f ~/.ssh/known_hosts
• ssh-keygen -lv -f ~/.ssh/id_rsa.pub
• ssh-keygen -lv -f ~/.ssh/id_rsa

So I had success with command-line options to override the supported handshake

• sudo ssh -oKexAlgorithms=+diffie-hellman-group-exchange-sha1 ansible@r0 (of course I had previously set r0 in the /etc/hosts file on the Alpine server on CML

You could also fix it more permanently (for yourself only) by adding this to your ~/.ssh/config file:

Host 10.255.252.1
  Ciphers 3des-cbc
  KexAlgorithms +diffie-hellman-group-exchange-sha1

If you usually login to the same user on a particular host you can also add the userid like this:

Host 192.168.111.33
  Ciphers 3des-cbc
  KexAlgorithms +diffie-hellman-group-exchange-sha1
  User ansible

The above did not work when I added that to /etc/ssh/ssh_config That is because this config was ONLY offering support for the 3des-cbc cipher. The error message was clear so that the fix was easy: Unable to negotiate with 192.168.111.38 port 22: no matching cipher found. Their offer: aes128-ctr,aes192-ctr,aes256-ctr

So I changed the above host specific sections to this:

Host r0
  Ciphers 3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr
  KexAlgorithms +diffie-hellman-group-exchange-sha1
  User ansible

Host r1
  Ciphers 3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr
  KexAlgorithms +diffie-hellman-group-exchange-sha1
  User ansible

Host r2
  Ciphers 3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr
  KexAlgorithms +diffie-hellman-group-exchange-sha1
  User ansible

Host r3
  Ciphers 3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr
  KexAlgorithms +diffie-hellman-group-exchange-sha1
  User ansible

Host r4
  Ciphers 3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr
  KexAlgorithms +diffie-hellman-group-exchange-sha1
  User ansible

Host r5
  Ciphers 3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr
  KexAlgorithms +diffie-hellman-group-exchange-sha1
  User ansible

Next I should clean that up under Host * section.

ls -l > long-list-output.txt # redirects stdout to a file. Since 1 is the file descriptor for stdout as well, leaving the file descriptor out is just a shortcut to 1> So these two are identical:

ls -lart >  long-list-output.txt
ls -lart 1> long-list-output.txt

grep da * 2> grep-output-errors.txt # redirects errors, 2 to a file

When running a script from a cron job, i.e NOT from the standard terminal you can redirect &1 and &2 to some other location, typically a file, and often the same file.

• batchjob.py > ~/batchoutput 2>&1

To break this down:

• the standard output is redirected, > to the file ~/batchoutput
• which also is automatically assigned the standard file descriptor 1.
• By adding the 2>&1 we are also telling bash to also redirect stderr to the same place i.e. redirect 2 to what &1 is, and in this case file ~/batchoutput
• The &1 is needed when the file redirect is the target. When the file redirect is the source, you do not need the &. &1 is ~/batchouput.

rm -f $(find /home/zintis -name \*.junk ) &> /dev/null

This will redirect all outputs to /dev/null. You may want to check what it was doing by redirecting both to a file with &> all-outputs.txt

rm -f $(find /home/zintis -name \*.junk ) &> /home/zintis/junk-removal.log

2>1 it would simply rediredt standard errors to a file called '1'

job &2>&1 it would run "job" in the background, & There does not have to be a space between the first & and the 2, so that simply takes "2" which is stderr and redirects it to, in this case &1, which is stdout.

figlet zintis

 ______       _   _     
|__  (_)_ __ | |_(_)___ 
  / /| | '_ \| __| / __|_
 / /_| | | | | |_| \__ \
/____|_|_| |_|\__|_|___/

figlet `date +%A\ %b%e` figlet `date +%A\ %b%e` figlet `date +%A\ %b%e`

You can set the environment variable BROWSER=lynx and or BROWSER=w3m to open web pages in a command line browser. After that, you can run web searches such as googler or … to run command line web searches.

Open source Google search from the command line. Make sure your BROWSER env variable is set to a command line browser such as lynx or w3m to get the results on the command line too. See ddgr if you are restricting google for your personal reasons.

• googler ? will give you the quick instructions.

To install, use dnf install googler as an example.

You can set the BROWSER variable directly on the same command that you run googler, or even set an alias goog='BROWSER=w3m googler -j'

Open source Duck-Duck-Go, ddg search from the command line. Just like with googler, make sure your BROWSER env variable is set and expoerted to a command line browser such as lynx or w3m to get the results on the command line too.

• googler ? will give you the quick instructions.

To install, use dnf install googler as an example.

You can set the BROWSER variable directly on the same command that you run googler, or even set an alias goog='BROWSER=w3m googler -j'

The oldest command line search tool, available on http://surfraw.org

You can tell surfraw to search a specific search service like google or duck duck go. Surfraw has many, that are listed in elvi from the surfraw.org home page or direclty here: https://gitlab.com/surfraw/Surfraw/-/wikis/current-elvi

BROSWER=w3m surfraw google "figure eight knot"
BROSWER=w3m surfraw duckduckgo "figure eight knot"

I installed it on my mac with:

• brew install fzf or
• brew --cask install fzf

Note, that this installs fzf as well as the related fzf-tmux. More on that later.

There is no .config file for fzf. All preferences are stored in environment variables.

   FD_OPTIONS="--follow --exclude .git --exclude node_modules --hidden"  
   # no need to export FD_OPTIONS as they are only used in this file itself
   export FZF_DEFAULT_OPTS="--height 50% -1 --reverse --multi --inline-info --preview='[[ \$(file --mime {}) =~ --binary ]] && echo {} is a binary file || (bat --style=numbers --color=always {} || cat {}) 2> /dev/null | head -300 --prview-window='right:hidden:wrap' --bind='f3: execute(bat --style=numbers {} || less -f {}),f2:toggle-preview,ctrl-d:half-page-down,ctrl-u:half-page-up,ctrl-a:select-all+accept,ctrl-y:execute-silent(echo {+} | pbcopy)'"
   export FZF_DEFAULT_OPTS='--no-height --color=bg+:#eeee00,gutter:-1,pointer:#fd3b00,info:#dada00,hl:#11eded,h1+#22dfff'
   export FZF_DEFAULT_COMMAND='find * -type f -not -path "*/\.*"'
   export FZF_DEFAULT_COMMAND="fd --type f --type l $FD_OPTIONS "
   export FZF_DEFAULT_COMMAND="git ls-files --cached --others --exclude-standard | fd --type f --type l $FD_OPTIONS "
   export FZF_DEFAULT_COMMAND="git ls-files --cached --others --exclude-standard | fd --type f --type l $FD_OPTIONS "
   #The above will use git-ls-files inside a git repo, otherwise will use fd

   # --color=bg+:#eeee00,gutter:-1,pointer:#fd3b3c,info:#dada05'


   # C-t searches files and directories (works nicely)
   export FZF_CTRL_T_COMMAND="fd $FD_OPTIONS"
   export FZF_CTRL_T_OPTS="--preview 'cat --color=always --line-range :60 {}' "
#  export FZF_CTRL_T_OPTS="--preview 'cat --color=always --line-range :60 {}' "
#  export FZF_CTRL_T_OPTS="--preview 'less {}' "

#  M-c  = cd.  Searches only directories, and then cd's into them (works nicely)
#  export FZF_ALT_C_COMMAND='find * -type f -not -path "*/\.*"'
   export FZF_ALT_C_COMMAND="fd --type d $FD_OPTIONS "
   export FZF_ALT_C_OPTS="--preview 'tree -C {} | head -60'"

   export BAT_PAGER="less -R"

Other colour settings can be set just when you execute fzf as follows:

export FZF_DEFAULT_OPTS="--color=fg:#ffffff,bg:#252c31,hl:#c678dd,fg+:#ffffff,bg+:#4b5263,hl+:#d858fe,info:#98c379,prompt:#61afef,pointer:#be5046,marker:#e5c07b,spinner:#61afef,header:#61afef"
fzf --color=fg:#ffffff,bg:#252c31,hl:#c678dd,fg+:#ffffff,bg+:#4b5263,hl+:#d858fe,info:#98c379,prompt:#61afef,pointer:#be5046,marker:#e5c07b,spinner:#61afef,header:#61afef
env fzf --color=fg:#ff0000,bg:#ffff00
export FZF_DEFAULT_OPTS="--color=fg:#ffffff,bg:#252c31,hl:#c678dd,fg+:#ffffff,bg+:#4b5263,hl+:#d858fe,info:#98c379,prompt:#61afef,pointer:#be5046,marker:#e5c07b,spinner:#61afef,header:#61afef"

If I'm not mistaken, terminal.app doesn't support 24-bit colors (https://github.com/termstandard/colors#not-supporting-truecolor),

• fzf –color=fg:#ff0000,bg:#ffff00

will not work as expected. But it supports 256 ANSI colors fine, you can get identical colors with

• fzf –color=fg:196,bg:226

I was getting:

invalid color specification: h1+#22dfff

And I found my ~/.config/zsh/zsh-exports file had this line:

• export FZF_DEFAULTOPTS='–no-height –color=bg+:#eeee00,gutter:-1,pointer:#fd3b00,#dada00,hl:#11eded,h1+#22dfff'

If I removed the characters: ,hl:#11eded,h1+#22dfff' fzf would work but with colour codes not translated to proper colours but left as

When installed, fzf sets up these three default key bindings. They can be changed using environment variables.

• C-r searches history
• C-t searches for both files and directories
• M-c searches for directories and switches (cd) into them

These fzf defaults did not work for me as they conflicted with other key bindings I had already set. Maybe I will return to this later.

You can use the brew install bat to preview files found with fd

In fact you can change your default fzf command from find to fd by setting the environment variable, FZF_DEFAULT_COMMAND TO BE 'fd

Then tried these fzf options to learn what they would do:

• echo 'red\ngreen\nblue'
• echo 'red\ngreen\nblue' | fzf # use the up and down arrow keys and hammer
• echo 'red\ngreen\nblue' | fzf --multi # now add TAB key on several lines
• echo 'red\ngreen\nblue' | fzf --multi --cycle # now keep pressing up/down
• -e restrict finds to exact matches only (like forcing a ')

While interacting with fzf, you can be quite flexible in what fzf will eventually filter for you. Here's the most useful:

With no parameters, fzf defaults to using a list of all files in the current directory, including all subdirectories.

So, vim -R | fzf will let you search what file you want to edit.

By piping the output of fzf into xargs, you can take action on your selected lines very easily.

fzf -m | xargs ls -la
fzf -m | xargs chmod 740

this xargs works with fzf, but does NOT work with –multi ??? Find out why.

Use of the ** as arguments to a command is also very convenient, and most likely will be more useful than using back-tics as described above.

Usage examples would be:

• vim **<tab> # should only present files that I can edit
• chmod 740 **<tab> # should only present files that I can chmod
• ssh **<tab> # only presents hosts in my .ssh_hosts file.
• git add C-t # only finds files that are not part of .gitignore. test this.

this was not working for me…. need to figure out why. vim kind of worked, and allowed me to fuzzy find a file, but hammer just echoed that line out, and had dropped the "vim". hmmmm …..

also git add C-t while it did present all files for me to fuzzy find, it did NOT restrict those fuzzy files found to ones that needed to be git added. AFAIK, this is broken. See this youtube video on this feature. Maybe the dude has a .zshrc file or git page that has his settings for me to compare with mine, to see why mine is not working.

** is also command sensitive, and will present find options that make sense with the command it is used with. For example, cd only makes sense if the parameter after is a directory, so fzf will only present directories.

This too was not working for me. I had the zsh tell me "too many parameters".

You can use the tradtional find command and pipe it into fzf for a much more powerfull find:

# find everthing: *
# type is a file: -type f
# no hidden files: -not -path '*/\.*'

find * -type f -not -path '*/\.*' | fzf

You will see that the find show a counter of the thousands of files found so far. Just start typing a string, and very quickly you will show all files names that contain that string.

Finding files is so common that the default fzf (no parameters) is actually equivalent to find * -type f | fzf.

However, you can choose to make this an alias, or even better set up your default FZF command to use the find or perhaps fd to just what you like to see. See the section fzf environment variables above.

You can create functions and run them in your .bash_profile, or just source them from a file, say fzf-functions Note that this itself is not a bash script, as you can easily source them when you need them during an interactive bash shell session.

# fd - cd to selected directory
fd() {
  local dir
  dir=$(find ${1:-.} -path '*/\.*' -prune \
                  -o -type d -print 2> /dev/null | fzf +m) &&
  cd "$dir"
}
# fh - search in your command history and execute selected command
fh() {
  eval $( ([ -n "$ZSH_NAME" ] && fc -l 1 || history) | fzf +s --tac | sed 's/ *[0-9]* *//')
}

This is not done in fzf, but in the find or fd commands.

For instance, usually I'll have my options set like this:

FD_OPTIONS="--follow --exclude .git --exclude node_modules --hidden"  

export FZF_DEFAULT_COMMAND="fd --type f --type l $FD_OPTIONS "

export FZF_CTRL_T_COMMAND="fd $FD_OPTIONS"
export FZF_CTRL_T_OPTS="--preview 'cat --color=always --line-range :60 {}' "

You can use M-c as shown above, but you can also simply use the cd command like this:

• cd $(find . -type d -print | fzf)