Linux

LABS
4.1 Introduction
This is Lab 4: Command Line Basics. By performing this lab, students will learn how to use basic
features of the shell.
In this lab, you will perform the following tasks:
 Explore Bash features

 Use shell variables
 Understand how to use globbing
 Be able to make use of quoting
 Previous
 Next
4.2 Files and Directories

In this task, we will access the Command Line Interface (CLI) for Linux to explore how to execute
basic commands and what affects how they can be executed.
Most users are probably more familiar with how commands are executed using a Graphical User
Interface (GUI). So, this task will likely present some new concepts to you, if you have not
previously worked with a CLI. To use a CLI, you will need to type the command that you want to
run.
The window where you will type your command is known as a terminal emulator application.
Inside of the Terminal window the system is displaying a prompt, which currently contains a
prompt following by a blinking cursor:
sysadmin@localhost:~$
Remember: You may need to press Enter in the window to display the prompt.
The prompt tells you that you are user sysadmin; the host or computer you are
using: localhost; and the directory where you are at: ~, which represents your home directory.
When you type a command it will appear at the text cursor. You can use keys such as
the home, end, backspace, and arrowkeys for editing the command you are typing.
Once you have typed the command correctly, press Enter to execute it.
 Previous
 Next
4.2.1 Step 1
The following command will display the same information that you see in the first part of the
prompt. Make sure that you have selected (clicked on) the Terminal window first and then type
the following command followed by the Enter key:
whoami
Your output should be similar to the following:
sysadmin@localhost:~$ whoami
sysadmin
The output of the whoami command, sysadmin, displays the user name of the current user.
Although in this case your username is displayed in the prompt, this command could be used to
obtain this information in a situation when the prompt did not contain this information.
 Previous
 Next
4.2.2 Step 2
The next command displays information about the current system. To be able to see the name of
the kernel you are using, type the following command into the terminal:
uname
sysadmin@localhost:~$ uname
Linux
Many commands that are executed produce text output like this. You can change what output is
produced by a command by using options after the name of the command.
Options for a command can be specified in several ways. Traditionally in UNIX, options were
expressed by a hyphen followed by another character, for example: -n.
In Linux, options can sometimes also be given by two hyphen characters followed by a word, or
hyphenated word, for example: --nodename.
Execute the uname command again twice in the terminal, once with the option -n and again with
the option --nodename. This will display the network node hostname, also found in the prompt.
uname -n
uname --nodename
sysadmin@localhost:~$ uname -n
localhost
sysadmin@localhost:~$ uname --nodename
localhost
 Previous
 Next
4.2.3 Step 3
The pwd command is used to display your current "location" or current "working" directory. Type
the following command to display the working directory:
pwd
sysadmin@localhost:~$ pwd
/home/sysadmin
The current directory in the example above is /home/sysadmin. This is also referred to as
your home directory, a special place where you have control of files and other users normally
have no access. By default, this directory is named the same as your username and is located
underneath the /home directory.
As you can see from the output of the command, /home/sysadmin, Linux uses the forward
slash / to separate directories to make what is called a path. The initial forward slash represents
the top level directory, known as the root directory. More information regarding files, directories
and paths will be presented in later labs.
The tilde ~ character that you see in your prompt is also indicating what the current directory is.
This character is a "shortcut" way to represent your home.
Consider This: pwd stands for "print working directory". While it doesn't actually "print" in modern
versions, older UNIX machines didn't have monitors and output of commands went to a printer,
hence the funny name of pwd.
 Previous
 Next
4.3 Shell Variables

Shell variables are used to store data in Linux. This data is used by the shell itself as well as
programs and users.
The focus of this section is to learn how to display the values of shell variables.
 Previous
 Next
4.3.1 Step 1
The echo command can be used to print text, the value of a variable and show how the shell
environment expands metacharacters (more on metacharacters later in this lab). Type the
following command to have it output literal text:
echo Hello Student
sysadmin@localhost:~$ echo Hello Student

Hello Student
 Previous
 Next
4.3.2 Step 2
Type the following command to display the value of the PATH variable:
echo $PATH
sysadmin@localhost:~$ echo $PATH

/home/sysadmin/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:
/bin:/usr/games
The PATH variable is displayed by placing a $ character in front of the name of the variable.
This variable is used to find the location of commands. Each of the directories listed above are
searched when you run a command. For example, if you try to run the date command, the shell
will first look for the command in the /home/sysadmin/bin directory and then in
the /usr/local/sbin directory and so on. Once the date command is found, the shell "runs
it”.
 Previous
 Next
4.3.3 Step 3
Use the which command to determine if there is an executable file named date that is located in
a directory listed in the PATH value:
which date

sysadmin@localhost:~$ which date
/bin/date
The output of the which command tells you that when you execute the date command, the
system will run the command /bin/date. The which command makes use of the PATH variable
to determine the location of the date command.
 Previous
 Next
4.4 Globbing
The use of glob characters in Linux is similar to what many operating systems refer to as
"wildcard" characters. Using glob characters, you match filenames using patterns.
Glob characters are a shell feature, not something that is particular to any specific command. As
a result, you can use glob characters with any Linux command.
When glob characters are used, the shell will "expand" the entire pattern to match all files in the
specified directory that matches the pattern.
For demonstration purposes, we will use the echo command to display this expansion process.
 Previous
 Next
4.4.1 Step 1
Use the following echo command to display all filenames in the current directory that matches the
glob pattern *:
echo *
sysadmin@localhost:~$ echo *
Desktop Documents Downloads Music Pictures Public Templates Videos
The asterisk * matches "zero or more" characters in a file name. In the example above, this
results in matching all filenames in the current directory.
The echo command, in turn, displays the filenames that were matched.
 Previous
 Next
4.4.2 Step 2
The following commands will display all the files in the current directory that start with the letter D,
and the letter P:
echo D*
echo P*
sysadmin@localhost:~$ echo D*
Desktop Documents Downloads
sysadmin@localhost:~$ echo P*
Pictures Public
Think of the first example, D*, as "match all filenames in the current directory that begin with a
capital d character and have zero or more of any other character after the D".
 Previous
 Next
4.4.3 Step 3
The asterisk * can be used anywhere in the string. The following command will display all the
files in your current directory that end in the letter s:
echo *s
sysadmin@localhost:~$ echo *s
Documents Downloads Pictures Templates Videos
 Previous
 Next
4.4.4 Step 4
Notice that the asterisk can also appear multiple times or in the middle of several characters:
echo D*n*s
sysadmin@localhost:~$ echo D*n*s

Documents Downloads
The next glob metacharacter that we will examine is the question mark ?. The question mark
matches exactly one character. This single character can be any possible character.
Like the asterisk it can be used anywhere in a string and can appear multiple times.
 Previous
 Next
4.4.5 Step 5
Since each question mark matches one unknown character, typing six of them will match six
character filenames. Type the following to display the filenames that are exactly six characters
long:
echo ??????
sysadmin@localhost:~$ echo ??????

Public Videos
Important: Each ? character must match exactly one character in a filename, no more and no
less than one character.
 Previous
 Next
4.4.6 Step 6
Using the question mark with other characters will limit the matches. Type the following to display
the file names that start with the letter D and are exactly nine characters long:
echo D????????
sysadmin@localhost:~$ echo D????????

Documents Downloads
 Previous
 Next
4.4.7 Step 7
Wildcards or glob characters can be combined together. The following command will display file
names that are at least six characters long and end in the letter s.
echo ?????*s
sysadmin@localhost:~$ echo ?????*s

Documents Downloads Pictures Templates Videos
Think of the pattern ?????*s to mean "match filenames that begin with any five characters, then
have zero or more of any characters and then end with an s character".
 Previous
 Next
4.4.8 Step 8
The next glob is similar to the question mark glob to specify one character.
This glob uses a pair of square brackets [ ] to specify which one character will be allowed. The
allowed characters can be specified as a range, a list, or by what is known as a character class.
The allowed characters can also be negated with an exclamation point !.
In the first example, the first character of the file name can be either a D or a P. In the second
example, the first character can be any character except a D or P:
echo [DP]*
echo [!DP]*
sysadmin@localhost:~$ echo [DP]*

Desktop Documents Downloads Pictures Public
sysadmin@localhost:~$ echo [!DP]*
Music Templates Videos
 Previous
 Next
4.4.9 Step 9
In these next examples, a range of characters will be specified. In the first example, the first
character of the file name can be any character starting at D and ending at P. In the second
example, this range of characters is negated, meaning any single character will match as long as
it is not between the letters D and P:
echo [D-P]*
echo [!D-P]*
sysadmin@localhost:~$ echo [D-P]*

Desktop Documents Downloads Music Pictures Public
sysadmin@localhost:~$ echo [!D-P]*
Templates Videos
You may be asking yourself "who decides what letters come between D and P ?". In this case the
answer is fairly obvious (E, F, G, H, I, J, K, L, M, N and O), but what if the range was [1-A]?
The ASCII text table is used to determine the range of characters. You can view this table by
searching for it on the Internet or typing the following command: ascii
So, what characters does the glob [1-A] match? According to the ASCII text
table: 1, 2, 3, 4, 5, 6, 7, 8, 9, :, ;, <, =, >, ?, @ and A.
 Previous
 Next
4.5 Quoting
There are three types of quotes used by the Bash shell: single quotes ('), double quotes (") and
back quotes (`). These quotes have special features in the Bash shell as described below.
To understand single and double quotes, consider that there are times that you don't want the
shell to treat some characters as "special". For example, as you learned earlier in this lab,
the * character is used as a wildcard. What if you wanted the *character to just mean an
asterisk?
Single quotes prevent the shell from "interpreting" or expanding all special characters. Often
single quotes are used to protect a string from being changed by the shell, so that the string can
be interpreted by a command as a parameter to affect the way the command is executed.
Double quotes stop the expansion of glob characters like the asterisk (*), question mark (?), and
square brackets ( [ ] ). Double quotes do allow for both variable expansion and command
substitution (see back quotes) to take place.
Back quotes cause "command substitution" which allows for a command to be executed within
the line of another command.
When using quotes, they must be entered in pairs or else the shell will not consider the command
complete.
While single quotes are useful for blocking the shell from interpreting one or more characters, the
shell also provides a way to block the interpretation of just a single character called "escaping"
the character. To "escape" the special meaning of a shell metacharacter, the
backslash \ character is used as a prefix to that one character.
 Previous
 Next
4.5.1 Step 1
Execute the following command to use back quotes ` to execute the date command within the
line of the echo command:
echo Today is `date`
sysadmin@localhost:~$ echo Today is `date`

Today is Tue Jan 19 15:48:57 UTC 2016
 Previous
 Next
4.5.2 Step 2
You can also place $( before the command and ) after the command to accomplish command
substitution:
echo Today is $(date)
sysadmin@localhost:~$ echo Today is $(date)

Today is Tue Jan 19 15:51:09 UTC 2016
Why two different methods that accomplish the same thing? Backquotes look very similar to
single quotes, making it harder to "see" what a command is supposed to do. Originally shells
used backquotes; the $(command) format was added in a later version of the Bash shell to make
the statement more visually clear.
 Previous
 Next
4.5.3 Step 3
If you don't want the backquotes to be used to execute a command, place single quotes around
them. Execute the following:
echo This is the command '`date`'
sysadmin@localhost:~$ echo This is the command '`date`'

This is the command `date`
 Previous
 Next
4.5.4 Step 4
Note that you could also place a backslash character in front of each backquote character.
Execute the following:
echo This is the command \`date\`
sysadmin@localhost:~$ echo This is the command \`date\`

This is the command `date`
 Previous
 Next
4.5.5 Step 5
Double quote characters don't have any effect on backquote characters. The shell will still use
them as command substitution. Execute the following to see a demonstration:
echo This is the command "`date`"

sysadmin@localhost:~$ echo This is the command "`date`"
This is the command Tue Jan 19 16:05:41 UTC 2016
 Previous
 Next
4.5.6 Step 6
Double quote characters will have an effect on wildcard characters, disabling their special
meaning. Execute the following:
echo D*
echo "D*"
sysadmin@localhost:~$ echo D*
Desktop Documents Downloads
sysadmin@localhost:~$ echo "D*"
D*
Important:
Quoting may seem trivial and weird at the moment, but as you gain more experience working in
the command shell, you will discover that having a good understanding of how different quotes
work is critical to using the shell.
 Previous
 Next
4.6 Control Statements

Typically, you type a single command and you execute it when you press Enter. The Bash shell
offers three different statements that can be used to separate multiple commands typed together.
The simplest separator is the semicolon (;). Using the semicolon between multiple commands
allows for them to be executed one right after another, sequentially from left to right.
The && characters create a logical and statement. Commands separated by && are conditionally
executed. If the command on the left of the && is successful, then the command to the right of
the && will also be executed. If the command to the left of the && fails, then the command to the
right of the && is not executed.
The || characters create a logical or statement, which also causes conditional execution. When
commands are separated by ||, then only if the command to the left fails, does the command to
the right of the || execute. If the command to the left of the || succeeds, then the command to
the right of the || will not execute.
To see how these control statements work, you will be using two special
executables: true and false. The true executable always succeeds when it executes,
whereas, the false executable always fails. While this may not provide you with realistic
examples of how && and || work, it does provide a means to demonstrate how they work without
having to introduce new commands.
 Previous
 Next
4.6.1 Step 1
Execute the following three commands together separated by semicolons:
echo Hello; echo Linux; echo Student
As you can see the output shows all three commands executed sequentially:
sysadmin@localhost:~$ echo Hello; echo Linux; echo Student

Hello
Linux
Student
 Previous
 Next
4.6.2 Step 2
Now, put three commands together separated by semicolons, where the first command executes
with a failure result:
false; echo Not; echo Conditional
sysadmin@localhost:~$ false; echo Not; echo Conditional

Not
Conditional
Note that in the previous example, all three commands still executed even though the first one
failed. While you can't see from the output of the false command, it did execute. However, when
commands are separated by the ; character, they are completely independent of each other.
 Previous
 Next
4.6.3 Step 3
Next, use "logical and" to separate the commands:
echo Start && echo Going && echo Gone
sysadmin@localhost:~$ echo Start && echo Going && echo Gone

Start
Going
Gone
Because each echo statement executes correctly, a return value of success is provided, allowing
the next statement to also be executed.
 Previous
 Next
4.6.4 Step 4
Use "logical and" with a command that fails as shown below:
echo Success && false && echo Bye
sysadmin@localhost:~$ echo Success && false && echo Bye

Success
The first echo command succeeds and we see its output. The false command executes with a
failure result, so the last echostatement is not executed.
 Previous
 Next
4.6.5 Step 5
The "or" characters separating the following commands demonstrates how the failure before the
"or" statement causes the command after it to execute; however, a successful first statement
causes the command to not execute:
false || echo Fail Or

true || echo Nothing to see here
sysadmin@localhost:~$ false || echo Fail Or

Fail Or
sysadmin@localhost:~$ true || echo Nothing to see here
 Previous
 Next
4.7 Shell History

The Bash shell maintains a history of the commands that you type. Previous commands can be
easily accessed in this history in several ways.
The first and easiest way to recall a previous command is to use the up arrow key. Each press of
the up arrow key goes backwards one command through history. If you accidentally go back too
far, then the down arrow key will go forwards through the history of commands.
When you find the command that you want to execute, you can use the left arrow keys and right
arrow keys to position the cursor for editing. Other useful keys for editing include
the Home, End, Backspace and Delete keys.
Another way to use your command history is to execute the history command to be able to view
a numbered history list. The number listed to the left of the command can be used to execute the
command again. The history command also has a number of options and arguments which can
manipulate which commands will be stored or displayed.
 Previous
 Next
4.7.1 Step 1
Execute a few commands and then execute the history command:
date
clear
echo Hi
history
Remember: The date command will print the time and date on the system. The clear command
clears the screen.
sysadmin@localhost:~$ echo Hi
Hi
sysadmin@localhost:~$ history
1 date
2 clear
3 echo Hi
4 history
Your command numbers will likely differ from those provided above. This is because you likely
have executed a different number of commands.
 Previous
 Next
4.7.2 Step 2
To view a limited number of commands, the history command can take a number as a
parameter to display exactly that many recent entries. Type the following command to display the
last five commands from your history:
history 5
sysadmin@localhost:~$ history 5
185 false || Fail Or
186 false || echo Fail Or
187 true || echo Nothing to see here
188 history
189 history 5
 Previous
 Next
4.7.3 Step 3
To execute a command again, type the exclamation point and the history list number. For
example, to execute the 94th command in your history list, you would execute the following:
!94
 Previous
 Next
4.7.4 Step 4
Next, experiment with accessing your history using the up arrow keys and down arrow keys.
Keep pressing the up arrow keyuntil you find a command you want to execute. If necessary use
other keys to edit the command and then press Enter to execute the command.
 Previous
 Next
5.1 Introduction
This is Lab 5: Getting Help. By performing this lab, students will learn how to get help on
commands and find files.
 Use several help systems to get help for commands.

 Learn how to locate commands.
 Previous
 Next
5.2 Getting Help

In this task, you will explore the how to get help. This will be a very useful thing to know how to do
when you find yourself stuck or when you can't remember how a command works.
In addition to Internet searches, the Linux Operating System provides a variety of techniques to
learn more about a given command or feature. Knowing these different techniques will allow you
to more easily and quickly find the answer you need.
 Previous
 Next
5.2.1 Step 1
Execute commands in the bash shell by typing the command and then pressing the Enter key.
For example, type the following command to display today's date:
date
The output should be similar to the following:
sysadmin@localhost:~$ date
Tue Jan 19 17:27:20 UTC 2016
 Previous
 Next
5.2.2 Step 2
To learn more about commands, access the manual page for the command with
the man command. For example, execute the following command to learn more about
the date command:
man date
sysadmin@localhost:~$ man date
DATE(1) User Commands

DATE(1)
NAME
date - print or set the system date and time
SYNOPSIS
date [OPTION]... [+FORMAT]
date [-u|--utc|--universal] [MMDDhhmm[[CC]YY][.ss]]
DESCRIPTION
Display the current time in the given FORMAT, or set the system date
.
-d, --date=STRING
display time described by STRING, not `now'
-f, --file=DATEFILE
like --date once for each line of DATEFILE
-r, --reference=FILE
display the last modification time of FILE
-R, --rfc-2822
output date and time in RFC 2822 format. Example: Mon, 07
Aug
Manual page date(1) line 1 (press h for help or q to quit)
Note: Documents that are displayed with the man command are called "Man Pages".
If the man command can find the manual page for the argument provided, then that manual page
will be displayed using a command called less. The following table describes useful keys that
can be used with the less command to control the output of the display:
Key Purpose
H or h Display the help
Q or q Quit the help or manual page
Spacebar or f or PageDown Move a screen forward
b or PageUp Move a screen backward
Enter or down arrow Move down one line
Up arrow Move up one line
/ followed by text to search Start searching forward
? followed by text to search Start searching backward
n Move to next text that matches search
N Move to previous matching text

 Previous
 Next
5.2.3 Step 3
Type the letter h to see a list of movement commands. After reading the movement commands,
type the letter q to get back to the document.
SUMMARY OF LESS COMMANDS
Commands marked with * may be preceded by a number, N.

Notes in parentheses indicate the behavior if N is given.
A key preceded by a caret indicates the Ctrl key; thus ^K is ctrl-K.
h H Display this help.

q :q Q :Q ZZ Exit.
-----------------------------------------------------------------------
MOVING
e ^E j ^N CR * Forward one line (or N lines).

y ^Y k ^K ^P * Backward one line (or N lines).
f ^F ^V SPACE * Forward one window (or N lines).
b ^B ESC-v * Backward one window (or N lines).
z * Forward one window (and set window to N).
w * Backward one window (and set window to N).
ESC-SPACE * Forward one window, but don't stop at end-of-file.
d ^D * Forward one half-window (and set half-window to N)
u ^U * Backward one half-window (and set half-window to N)
ESC-) RightArrow * Left one half screen width (or N positions).
HELP -- Press RETURN for more, or q when done
Note that the man pages might be a bit of a mystery to you now, but as you learn more about
Linux, you will find they are a very valuable resource.
 Previous
 Next
5.2.4 Step 4
Searches are not case sensitive and do not "wrap" around from the bottom to top, or vice versa.
Start a forward search for the word "file" by typing:
/file
Note that what you are typing will appear at the bottom left portion of the screen.
-R, --rfc-2822
Aug
/file
 Previous
 Next
5.2.5 Step 5
Notice that the text matching the search is highlighted. You can move forward to the next match
by pressing n. Also try moving backwards through the matches by pressing N:
-f, --file=DATEFILE
like --date once for each line of DATEFILE
-R, --rfc-2822
Aug
2006 12:34:56 -0600
--rfc-3339=TIMESPEC
output date and time in RFC 3339 format. TIMESPEC=`date', `s
ec-
onds', or `ns' for date and time to the indicated precisi
on.
Date and time components are separated by a single spa
ce:
2006-08-07 12:34:56-06:00
-s, --set=STRING
set time described by STRING
-u, --utc, --universal

print or set Coordinated Universal Time
--help display this help and exit

Manual page date(1) line 18/204 24% (press h for help or q to quit)
 Previous
 Next
5.2.6 Step 6
Use the movement commands previously described (such as using the spacebar to move down
one screen) to read the man page for the date command. When you are finished reading,
type q to exit the man page.
 Previous
 Next
5.2.7 Step 7
In some cases you may not remember the exact name of the command. In these cases you can
use the -k option to the mancommand and provide a keyword argument. For example, execute
the following command to display a summary of all man pages that have the keyword "password"
in the description:
man -k password
sysadmin@localhost:~$ man -k password
chage (1) - change user password expiry information
chgpasswd (8) - update group passwords in batch mode
chpasswd (8) - update passwords in batch mode
cpgr (8) - copy with locking the given file to the password or
gr...
cppw (8) - copy with locking the given file to the password or
gr...
expiry (1) - check and enforce password expiration policy
login.defs (5) - shadow password suite configuration
pam_pwhistory (8) - PAM module to remember last passwords
pam_unix (8) - Module for traditional password authentication
passwd (1) - change user password
passwd (1ssl) - compute password hashes
passwd (5) - the password file
pwck (8) - verify integrity of password files
pwconv (8) - convert to and from shadow passwords and groups
shadow (5) - shadowed password file
shadowconfig (8) - toggle shadow passwords on and off
unix_chkpwd (8) - Helper binary that verifies the password of the curr
en...
unix_update (8) - Helper binary that updates the password of a given u
ser
vipw (8) - edit the password, group, shadow-password or shadow-
gr...
The -k option to the man command will often produce a huge amount of output. You will learn a
technique in a later lab to either limit this output or allow you to easily scroll though the data. For
now, just use the scrollbar on the right hand side of the terminal window to move the display up
and down as needed.
 Previous
 Next
5.2.8 Step 8
Note that the apropos command is another way of viewing man page summaries with a keyword.
Type the following command:
apropos password
sysadmin@localhost:~$ apropos password
chage (1) - change user password expiry information
chgpasswd (8) - update group passwords in batch mode
chpasswd (8) - update passwords in batch mode
cpgr (8) - copy with locking the given file to the password or
gr...
cppw (8) - copy with locking the given file to the password or
gr...
expiry (1) - check and enforce password expiration policy
login.defs (5) - shadow password suite configuration
pam_pwhistory (8) - PAM module to remember last passwords
pam_unix (8) - Module for traditional password authentication
pwck (8) - verify integrity of password files
pwconv (8) - convert to and from shadow passwords and groups
shadow (5) - shadowed password file
shadowconfig (8) - toggle shadow passwords on and off
unix_chkpwd (8) - Helper binary that verifies the password of the curr
en...
unix_update (8) - Helper binary that updates the password of a given u
ser
vipw (8) - edit the password, group, shadow-password or shadow-
gr...
Note: There is no difference between man -k and the apropos command.
 Previous
 Next
5.2.9 Step 9
There are often multiple man pages with the same name. For example, the previous command
showed three pages for passwd. Execute the following command to view the man pages for the
word passwd:
man -f passwd
sysadmin@localhost:~$ man -f passwd
The fact that there are different man pages for the same "name" is confusing for many beginning
Linux users. Man pages are not just for Linux commands, but also for system files and other
"features" of the Operating System. Additionally, there will sometimes be two commands with the
same name, as in the example provided above.
The different man pages are distinguished by "sections". By default there are nine default
sections of man pages:
 Executable programs or shell commands

 System calls (functions provided by the kernel)
 Library calls (functions within program libraries)
 Special files (usually found in /dev)
 File formats and conventions, e.g. /etc/passwd
 Games
 Miscellaneous (including macro packages and conventions), e.g. man(7)>, groff(7)
 System administration commands (usually only for root)
 Kernel routines [Non standard]
When you type a command such as man passwd, the first section is searched and, if a match is
found, the man page is displayed. The man -f passwd command that you previously executed
shows that there is a section 1 man page for passwd: passwd (1). As a result, that is the one
that is displayed by default.
 Previous
 Next
5.2.10 Step 10
To display a man page for a different section, provide the section number as the first argument to
the man command. For example, execute the following command:
man 5 passwd
PASSWD(5) File Formats and Conversions PASSWD
(5)
NAME
passwd - the password file
DESCRIPTION
/etc/passwd contains one line for each user account, with seven fiel
ds
delimited by colons (":"). These fields are:
o login name
o optional encrypted password
o numerical user ID
o numerical group ID
o user name or comment field
o user home directory

o optional user command interpreter
Manual page passwd(5) line 1 (press h for help or q to quit)
 Previous
 Next
5.2.11 Step 11
Instead of using man -f to display all man page sections for a name, you can also use
the whatis command:
whatis passwd
sysadmin@localhost:~$ whatis passwd
Note: There is no difference between man -f and the whatis command.
 Previous
 Next
5.2.12 Step 12
Almost all system features (commands, system files, etc.) have man pages. Some of these
features also have a more advanced feature called info pages. For example, execute the
following command:
info date
File: coreutils.info, Node: date invocation, Next: arch invocation, Up:
Syst\
em context
21.1 `date': Print or set system date and time

==============================================
Synopses:
date [OPTION]... [+FORMAT]
date [-u|--utc|--universal] [ MMDDhhmm[[CC]YY][.ss] ]
Invoking `date' with no FORMAT argument is equivalent to invoking it

with a default format that depends on the `LC_TIME' locale category.
In the default C locale, this format is `'+%a %b %e %H:%M:%S %Z %Y'',
so the output looks like `Thu Mar 3 13:47:51 PST 2005'.
Normally, `date' uses the time zone rules indicated by the `TZ'
environment variable, or the system default rules if `TZ' is not set.
*Note Specifying the Time Zone with `TZ': (libc)TZ Variable.
If given an argument that starts with a `+', `date' prints the

current date and time (or the date and time specified by the `--date'
--zz-Info: (coreutils.info.gz)date invocation, 41 lines --Top--------------
-----
Welcome to Info version 4.13. Type h for help, m for menu item.
Many beginning Linux users find info pages to be easier to read. They are often written more
like "lessons" while man pages are written purely as documentation.
 Previous
 Next
5.2.13 Step 13
While viewing the info page from the previous step, type the letter h to see a list of movement
commands. Note that they are different from the movement commands used in man pages. After
reading the movement commands, type the letter l (lowercase L) to return to viewing the
document.
 Previous
 Next
5.2.14 Step 14
Use the movement commands to read the info page for the date command. When you are done,
put your cursor anywhere on the line that reads *Examples of date:: and then press
the Enter key. A new document will be displayed that shows examples of date.
 Previous
 Next
5.2.15 Step 15
Type the l key to return to the previous screen. When you are finished reading, type q to exit the
info page.
 Previous
 Next
5.2.16 Step 16
Another way of getting help is by using the --help option to a command. Most commands allow
you to pass an argument of --help to view basic command usage:
date --help
sysadmin@localhost:~$ date --help
Usage: date [OPTION]... [+FORMAT]
or: date [-u|--utc|--universal] [MMDDhhmm[[CC]YY][.ss]]
Display the current time in the given FORMAT, or set the system date.
-d, --date=STRING display time described by STRING, not `now'

-f, --file=DATEFILE like --date once for each line of DATEFILE
-r, --reference=FILE display the last modification time of FILE
-R, --rfc-2822 output date and time in RFC 2822 format.
Example: Mon, 07 Aug 2006 12:34:56 -0600
--rfc-3339=TIMESPEC output date and time in RFC 3339 format.
TIMESPEC=`date', `seconds', or `ns' for
date and time to the indicated precision.
Date and time components are separated by
a single space: 2006-08-07 12:34:56-06:00
-s, --set=STRING set time described by STRING
-u, --utc, --universal print or set Coordinated Universal Time
--help display this help and exit
--version output version information and exit
 Previous
 Next
5.2.17 Step 17
Some system features also have more detailed help documents located in
the /usr/share/doc directory structure. Execute the following command to view the contents
of this document:
ls /usr/share/doc
sysadmin@localhost:~$ ls /usr/share/doc
adduser libdrm2 libx11-data
apt libedit2 libxau6
ascii libelf1 libxcb1
base-files libffi6 libxdmcp6
base-passwd libgcc1 libxext6
bash libgcrypt11 libxml2
bind9 libgdbm3 libxmuu1
bind9-host libgeoip1 locales
bind9utils libgettextpo0 login
bsdmainutils libglib2.0-0 logrotate
bsdutils libgnutls26 lsb-base
busybox-initramfs libgomp1 makedev
bzip2 libgpg-error0 man-db
ca-certificates libgpm2 mawk
coreutils libgssapi-krb5-2 mc
cpio libgssapi3-heimdal mc-data
cron libhcrypto4-heimdal mime-support
curl libheimbase1-heimdal mlocate
dash libheimntlm0-heimdal module-init-tools
Note that in almost all cases, the man pages and info pages will provide you with the information
that you need. However, if you need more in-depth information (something that system
administrators sometimes need), then you may find this information in the files located in
the /usr/share/doc directory.
 Previous
 Next
5.3 Finding Files

In this task, we will explore how to search for a file on the system. This is useful to know in
situations when you can't find a file on the system, either one that you created or one that was
created by someone else.
 Previous
 Next
5.3.1 Step 1
An easy way to search for a file is to use the locate command. For example, you can find the
location of the crontab file by executing the following command:
locate crontab
sysadmin@localhost:~$ locate crontab
/etc/crontab
/usr/bin/crontab
/usr/share/doc/cron/examples/crontab2english.pl
/usr/share/man/man1/crontab.1.gz
/usr/share/man/man5/crontab.5.gz
 Previous
 Next
5.3.2 Step 2
Note that the output from the previous example includes files that have crontab as part of their
name. To find files that are just named crontab, use the following command:
locate -b "\crontab"
sysadmin@localhost:~$ locate -b "\crontab"
/etc/crontab
/usr/bin/crontab
Note: The locate command makes use of a database that is traditionally updated once per day
(normally in the middle of the night). This database contains a list of all files that were on the
system when the database was last updated.
As a result, any files that you created today will not normally be searchable with
the locate command. If you have access to the system as the root user (the system
administrator account), you can manually update this file by running the updatedbcommand.
Regular users can not update the database file.
Another possible solution to searching for "newer" files is to make use of the find command. This
command searches the live filesystem, rather than a static database. The find command isn't
part of the Linux Essentials objectives for this lab, so it is only mentioned here. Execute man
find if you want to explore this command on your own or wait for the lab that explores
the findcommand.
 Previous
 Next
5.3.3 Step 3
You may just want to find where a command (or its man pages) is located. This can be
accomplished with the whereis command :
whereis passwd
sysadmin@localhost:~$ whereis passwd
passwd: /usr/bin/passwd /etc/passwd /usr/share/man/man1/passwd.1.gz /usr/sh
are/man/man1/passwd.1ssl.gz /usr/share/man/man5/passwd.5.gz
The whereis command only searches for commands and man pages, not just any file.
Recall from earlier that there is more than one passwd man page on the system. This is why you
see multiple file names and man pages (the files that end in .gz are man pages) when you
execute the previous command.
 Previous
 Next
6.1 Introduction
This is Lab 6: Listing Files and Directories. By performing this lab, students will learn how to
navigate and manage files and directories.
 List files and directories

 Copy, move and delete files and directories
 Previous
 Next
6.2 Files and Directories

In this task you will explore the concepts of files and directories.
On a Linux OS, data is stored in files and files are stored in directories. You may be used to the
term folders to describe directories.
Directories are actually files, too; the data that they hold are the names of the files that have been
entered into the them, along with the inode number (a unique identifier number assigned to each
file) for where the data for that file exists on the disk.
As a Linux user, you will want to know how to manipulate these files and directories, including
how to list files in a directory, copy, delete and move files.
Warning: File and directory names in Linux are case sensitive. This means that a file
named ABC is not the same as a file named abc.
 Previous
 Next
6.2.1 Step 1
Type the following command to print the working directory:
pwd
/home/sysadmin
The working directory is the directory that your terminal window is currently "in". This is also
called the current directory. This will be important for when you are running future commands as
they will behave differently based on the directory you are currently in.
The output of the pwd command (/home/sysadmin in the example above) is called the path.
The first slash represents the root directory, the top level of the directory structure.
In the output above, home is a directory under the root directory and sysadmin is a directory
under the home directory.
When you first open a terminal window, you will be placed in your home directory. This is a
directory where you have full access and other users normally have no access by default. To see
the path to your home directory, you can execute the following command to view the value of
the HOME variable:
echo $HOME
sysadmin@localhost:~$ echo $HOME
/home/sysadmin
 Previous
 Next
6.2.2 Step 2
You can use the cd command with a path to a directory to change your current directory. Type
the following command to make the root directory your current working directory and verify with
the pwd command:
cd /
pwd
sysadmin@localhost:~$ cd /
sysadmin@localhost:/$ pwd
/
sysadmin@localhost:/$
 Previous
 Next
6.2.3 Step 3
To change back to your home directory, the cd command can be executed without a path.
Change back to your home directory and verify by typing the following commands:
cd
pwd
sysadmin@localhost:/$ cd
/home/sysadmin
Notice the change in the prompt. The tilde ~ character represents your home directory. This part
of the prompt will tell you what directory you are currently in.
 Previous
 Next
6.2.4 Step 4
The cd command may be entered with a path to a directory specified as an argument. Execute
the cd command with the /home directory as an argument by typing the following:
cd /home
pwd
sysadmin@localhost:~$ cd /home
sysadmin@localhost:/home$ pwd
/home
sysadmin@localhost:/home$
When the path that is provided as an argument to the cd command starts with the forward
slash /, that path is referred to as an “absolute path”. Absolute paths are always complete paths
from the root directory to a sub-directory or file.
 Previous
 Next
6.2.5 Step 5
Change back to your home directory, using the cd command with the tilde ~ as an argument:
cd ~
pwd
sysadmin@localhost:/home$ cd ~
/home/sysadmin
When the path that is provided as an argument to cd command starts with a tilde ~ character, the
terminal will expand the character to the home directory of a user with an account on the system.
If either no other characters or a forward slash follows the tilde, then it will expand to the home
directory of the user currently active in the shell.
If a user name immediately follows the tilde character, then the shell will expand the tilde and
user name to the home directory of that user name. For example, ~bob would be expanded
to /home/bob.
Paths that start with a tilde are considered absolute paths because after the shell expands the
tilde path, an absolute path is formed.
 Previous
 Next
6.2.6 Step 6
Use the echo command below to display some other examples of using the tilde as part of path:
echo ~ ~sysadmin ~root ~mail ~nobody

sysadmin@localhost:~$ echo ~ ~sysadmin ~root ~mail ~nobody
/home/sysadmin /home/sysadmin /root /var/mail /nonexistent
 Previous
 Next
6.2.7 Step 7
Attempt to change to the home directory of the root user by typing the following command:
cd ~root
sysadmin@localhost:~$ cd ~root
-bash: cd: /root: Permission denied
Notice the error message; it indicates that the shell attempted to execute cd with /root as an
argument and it failed due to permission being denied. You will learn more about file and
directory permissions in a later lab.
 Previous
 Next
6.2.8 Step 8
Using an absolute path, change to the /usr/bin directory and display the working directory by
using the following commands:
cd /usr/bin
pwd
sysadmin@localhost:~$ cd /usr/bin
sysadmin@localhost:/usr/bin$ pwd
/usr/bin
sysadmin@localhost:/usr/bin$
 Previous
 Next
6.2.9 Step 9
Use an absolute path to change the /usr directory and display the working directory by issuing
the following commands:
cd /usr
pwd
sysadmin@localhost:/usr/bin$ cd /usr
sysadmin@localhost:/usr$ pwd
/usr
sysadmin@localhost:/usr$
 Previous
 Next
6.2.10 Step 10
Use an absolute path the change to the /usr/share/doc directory and display the working
directory by issuing the following commands:
cd /usr/share/doc
pwd
sysadmin@localhost:/usr$ cd /usr/share/doc
sysadmin@localhost:/usr/share/doc$ pwd
/usr/share/doc
sysadmin@localhost:/usr/share/doc$
Absolute vs. Relative pathnames
Suppose you are in the /usr/share/doc directory and you want to go to

the /usr/share/doc/bash directory. Typing the command cd /usr/share/doc/bash results
in a fair amount of typing. In cases like this, you want to use relative pathnames.
With relative pathnames you provide "directions" of where you want to go from the current
directory. The following examples will illustrate using relative pathnames.
 Previous
 Next
6.2.11 Step 11
Using a relative path, change to the /usr/share/doc/bash directory and display the working
directory by issuing the following commands:
cd bash
pwd
sysadmin@localhost:/usr/share/doc$ cd bash
sysadmin@localhost:/usr/share/doc/bash$ pwd
/usr/share/doc/bash
sysadmin@localhost:/usr/share/doc/bash$
Note: If there wasn't a bash directory under the current directory, the previous command would
fail.
 Previous
 Next
6.2.12 Step 12
Use a relative path to change to the directory above the current directory:
cd ..
pwd
sysadmin@localhost:/usr/share/doc/bash$ cd ..
sysadmin@localhost:/usr/share/doc$ pwd
/usr/share/doc
sysadmin@localhost:/usr/share/doc$
The .. represents one level above your current directory location.
 Previous
 Next
6.2.13 Step 13
Use a relative path to change up one level from the current directory and then down into
the dict directory:
cd ../dict
pwd
sysadmin@localhost:/usr/share/doc$ cd ../dict
sysadmin@localhost:/usr/share/dict$ pwd
/usr/share/dict
sysadmin@localhost:/usr/share/dict$
 Previous
 Next
6.3 Listing Files and Directories

In this task, you will explore the how to list files and directories.
 Previous
 Next
6.3.1 Step 1
To list the contents of the current directory, use the ls command:
cd
ls
sysadmin@localhost:/usr/share/dict$ cd
sysadmin@localhost:~$ ls
In the output of the previous ls command the file names were placed in a light blue color. This is
a feature that many distributions of Linux automatically provide through a feature called
an alias (more on this feature in a later lab).
The color indicates what type the item is. The following table describes some of the more
common colors:
Color Type of File
Black or White Regular file
Blue Directory file
Cyan Symbolic link file (a file that points to another file)
Green Executable file (AKA, a program)
 Previous
 Next
6.3.2 Step 2
Not all files are displayed by default. There are files, called hidden files, that are not displayed by
default. To display all files, including hidden files, use the -a option to the ls command:
ls -a
sysadmin@localhost:~$ ls -a
. .bashrc .selected_editor Downloads Public
.. .cache Desktop Music Templates
.bash_logout .profile Documents Pictures Videos
Hidden files begin with a period (a dot character). Typically these files and often directories are
hidden because they are not files you normally want to see.
For example, the .bashrc file shown in the example above contains configuration information for
the bash shell. This is a file that you normally don't need to view on a regular basis.
Two important "dot files" exist in every directory: . (which represents the current directory)
and .. (which represents the directory above the current directory).
 Previous
 Next
6.3.3 Step 3
By itself, the ls command just provided the names of the files and directories within the specified
(or current) directory. Execute the following command to see how the -l option provides more
information about a file:
ls -l /etc/hosts
sysadmin@localhost:~$ ls -l /etc/hosts
-rw-r--r-- 1 root root 150 Jan 22 15:18 /etc/hosts
So, what does all of this extra output mean? The following table provides a brief breakdown of
what each part of the output of ls -l means:
- The first character, a - in the previous example, indicates what type of "file" this is. A - character is
while a d character would be for a directory.
rw-r--r-- This represents the permissions of the file. Permissions are discussed in a later lab.
1 This represents something called a hard link count (discussed later).
root The user owner of the file.
root The group owner of the file.

150 The size of the file in bytes
Jan 22 The date/time when the file was last modified.

15:18
 Previous
 Next
6.3.4 Step 4
Sometimes you want to see not only the contents of a directory, but also the contents of the
subdirectories. You can use the -Roption to accomplish this:
ls -R /etc/udev
sysadmin@localhost:~$ ls -R /etc/udev
/etc/udev:
rules.d udev.conf
/etc/udev/rules.d:
70-persistent-cd.rules README
The -R option stands for "recursive". All of the files in the /etc/udev directory will be displayed
as well as all of the files in each subdirectory, in this case the rules.d subdirectory.
Be careful of the -R option. Some directories are very, very large!
 Previous
 Next
6.3.5 Step 5
You can use file globbing (wildcards) to limit which files or directories you see. For example,
the * character can match "zero or more of any characters" in a filename. Execute the following
command to display only the files that begin with the letter s in the /etc directory:
ls -d /etc/s*
sysadmin@localhost:~$ ls -d /etc/s*
/etc/securetty /etc/sgml /etc/shells /etc/ssl /etc/sysctl.conf
/etc/security /etc/shadow /etc/skel /etc/sudoers /etc/sysctl.d
/etc/services /etc/shadow- /etc/ssh /etc/sudoers.d /etc/systemd
Note that the -d option prevents files from subdirectories from being displayed. It should always
be used with the ls command when you are using file globbing.
 Previous
 Next
6.3.6 Step 6
The ? character can be used to match exactly 1 character in a file name. Execute the following
command to display all of the files in the /etc directory that are exactly four characters long:
ls -d /etc/????
sysadmin@localhost:~$ ls -d /etc/????
/etc/bind /etc/init /etc/motd /etc/perl /etc/skel
/etc/dpkg /etc/ldap /etc/mtab /etc/sgml /etc/udev
 Previous
 Next
6.3.7 Step 7
By using square brackets [ ] you can specify a single character to match from a set of
characters. Execute the following command to display all of the files in the /etc directory that
begin with the letters a, b, c or d:
ls –d /etc/[abcd]*
sysadmin@localhost:~$ ls -d /etc/[abcd]*
/etc/adduser.conf /etc/blkid.conf /etc/cron.weekly
/etc/adjtime /etc/blkid.tab /etc/crontab
/etc/alternatives /etc/ca-certificates /etc/dbus-1
/etc/apparmor.d /etc/ca-certificates.conf /etc/debconf.conf
/etc/apt /etc/calendar /etc/debian_version
/etc/bash.bashrc /etc/cron.d /etc/default
/etc/bash_completion.d /etc/cron.daily /etc/deluser.conf
/etc/bind /etc/cron.hourly /etc/depmod.d
/etc/bindresvport.blacklist /etc/cron.monthly /etc/dpkg
 Previous
 Next
6.4 Copying, Moving and Renaming Files and

Directories
In this task, you will copy, move, and remove files and directories.
 Previous
 Next
6.4.1 Step 1
Make a copy of the /etc/hosts file and place it in the current directory. Then list the contents of
the current directory before and after the copy:
ls
cp /etc/hosts hosts
ls
sysadmin@localhost:~$ cp /etc/hosts hosts
Desktop Downloads Pictures Templates hosts
Documents Music Public Videos
Notice how the second ls command displays a copy of the hosts file.
 Previous
 Next
6.4.2 Step 2
Next you will remove the file, then copy it again, but have the system tell you what is being done.
This can be achieved using the -v or --verbose option. Enter the following commands:
rm hosts
ls
cp –v /etc/hosts hosts
ls
Note that the rm command is used to delete a file. More information on this command will be
provided later in this lab.
sysadmin@localhost:~$ rm hosts
sysadmin@localhost:~$ cp -v /etc/hosts hosts
`/etc/hosts' -> `hosts'
Note that the -v switch displays the source and target when the cp command is executed.
 Previous
 Next
6.4.3 Step 3
Enter the following commands to copy the /etc/hosts file, using the period . character to
indicate the current directory as the target:
rm hosts
ls
cp –v /etc/hosts .
ls
sysadmin@localhost:~$ cp -v /etc/hosts .
`/etc/hosts' -> `hosts'
The period . character is a handy way to say "the current directory". It can be used with all Linux
commands, not just the cpcommand.
 Previous
 Next
6.4.4 Step 4
Enter the following commands to copy from the source directory and preserve file attributes by
using the -p option:
rm hosts
ls
cd /etc
ls -l hosts
cp –p hosts /home/sysadmin
cd
ls –l hosts
sysadmin@localhost:~$ cd /etc
sysadmin@localhost:/etc$ ls -l hosts
-rw-r--r-- 1 root root 150 Jan 22 15:18 hosts
sysadmin@localhost:/etc$ cp -p hosts /home/sysadmin
sysadmin@localhost:/etc$ cd
sysadmin@localhost:~$ ls -l hosts
-rw-r--r-- 1 sysadmin sysadmin 150 Jan 22 15:18 hosts
Notice that the date and permission modes were preserved. Note that the timestamp in the output
above is the same for both the original and the copy (Jan 22 15:18) in the example provided
above. Your output may vary.
 Previous
 Next
6.4.5 Step 5
Type the following commands to copy using a different target name:
rm hosts
cp -p /etc/hosts ~
cp hosts newname
ls –l hosts newname
rm hosts newname
sysadmin@localhost:~$ cp -p /etc/hosts ~
sysadmin@localhost:~$ cp hosts newname
sysadmin@localhost:~$ ls -l hosts newname
-rw-r--r-- 1 sysadmin sysadmin 150 Jan 22 15:18 hosts
-rw-r--r-- 1 sysadmin sysadmin 150 Jan 22 16:29 newname
sysadmin@localhost:~$ rm hosts newname
The first copy with the -p option preserved the original timestamp. Recall that the
tilde ~ represents your home directory (/home/sysadmin).
The second copy specified a different filename (newname) as the target. Because it was issued
without the -p option, the system used the current date and time for the target, thus, it did not
preserve the original timestamp found in the source file /etc/hosts.
Finally, note that you can remove more than one file at a time as shown in the last rm command.
 Previous
 Next
6.4.6 Step 6
To copy all files in a directory use the -R option. For this task, you will copy
the /etc/udev directory and display the contents of the copied directory:
mkdir Myetc
cp –R /etc/udev Myetc
ls –l Myetc
ls –lR Myetc
sysadmin@localhost:~$ mkdir Myetc
sysadmin@localhost:~$ cp -R /etc/udev Myetc
sysadmin@localhost:~$ ls -l Myetc
total 0
drwxr-xr-x 1 sysadmin sysadmin 32 Jan 22 16:35 udev
sysadmin@localhost:~$ ls -lR Myetc
Myetc:
total 0
drwxr-xr-x 1 sysadmin sysadmin 32 Jan 22 16:35 udev
Myetc/udev:
total 4
drwxr-xr-x 1 sysadmin sysadmin 56 Jan 22 16:35 rules.d
-rw-r--r-- 1 sysadmin sysadmin 218 Jan 22 16:35 udev.conf
Myetc/udev/rules.d:
total 8
-rw-r--r-- 1 sysadmin sysadmin 306 Jan 22 16:35 70-persistent-cd.rules
-rw-r--r-- 1 sysadmin sysadmin 1157 Jan 22 16:35 README
 Previous
 Next
6.4.7 Step 7
To remove a directory use the -r option to the rm command:
ls
rm -r Myetc
ls
Desktop Downloads Myetc Public Videos
Documents Music Pictures Templates
sysadmin@localhost:~$ rm -r Myetc
Note that the rmdir command can also be used to delete directories, but only if the directory is
empty (if it contains no files).
Also note the -r option. This option removes directories and their contents recursively.
 Previous
 Next
6.4.8 Step 8
Moving a file is analogous to a "cut and paste". The file is “cut” (removed) from the original
location and “pasted” to the specified destination. Move a file in the local directory by executing
the following commands:
touch premove
ls
mv premove postmove
ls
rm postmove
Linux Command Description
touch premove Creates an empty file called premove
mv premove postmove This command “cuts” the premove file and “pastes” it to a file called postmove
rm postmove Removes postmove file
sysadmin@localhost:~$ touch premove

Desktop Downloads Pictures Templates premove
sysadmin@localhost:~$ mv premove postmove
Desktop Downloads Pictures Templates postmove
 Previous
 Next
7.1 Introduction
This is Lab 7: Archiving and Unarchiving Files. By performing this lab, students will learn how to
work with archive files.
 Create archive files using tar with and without compression

 Compress and uncompress files into a gzip archive file
 Compress and uncompress files into a bzip2 archive file
 Use zip and unzip to compress and uncompress archive files
 Previous
 Next
7.2 Archiving Commands

In this task, we will use gzip, bzip2, tar and zip/unzip to archive and restore files. These
commands are designed to either merge multiple files into a single file or compress a large file
into a smaller one. In some cases the commands will perform both functions.
The task of archiving data is important for several reasons, including but not limited to the
following:
a. Large files may be difficult to transfer. Making these files smaller helps make transfer
quicker.
b. Transferring multiple files from one system to another can become tedious when there
are many files. Merging them into a single file for transport makes this process easier.
c. Files can quickly take up a lot of space, especially on smaller removable media like thumb
drives. Archiving reduces this problem.
One potential area of confusion that a beginning Linux user may experience stems from the
following question: why are there so many different archiving commands? The answer is that
these commands have different features (for example, some of them allow you to password
protect the archive file) and compression techniques used.
The most important things to know for now is how these different commands function. Over time
you will learn to pick the correct archive tool for any given situation.
 Previous
 Next
7.2.1 Step 1
Use the following tar command to create an archive of the /etc/udev directory. Save the
backup in the ~/mybackupsdirectory:
cd
mkdir mybackups
tar –cvf mybackups/udev.tar /etc/udev
ls mybackups
sysadmin@localhost:~$ cd
sysadmin@localhost:~$ mkdir mybackups
sysadmin@localhost:~$ tar -cvf mybackups/udev.tar /etc/udev
tar: Removing leading `/' from member names
/etc/udev/
/etc/udev/rules.d/
/etc/udev/rules.d/70-persistent-cd.rules
/etc/udev/rules.d/README
/etc/udev/udev.conf
sysadmin@localhost:~$ ls mybackups/
udev.tar
The tar command is used to merge multiple files into a single file. By default it does not
compress the data.
The -c option tells the tar command to create a tar file. The -v option stands for "verbose",
which instructs the tarcommand to demonstrate what it is doing. The -f option is used to specify
the name of the tar file.
FYI: tar stands for Tape ARchive. This command was originally used to create tape backups, but
today it is more commonly used to create archive files.
Important: You are not required to use the .tar extension to the archive file name, however it is
helpful for determining the file type. It is considered "good style" when sending an archive file to
another person.
 Previous
 Next
7.2.2 Step 2
Display the contents of a tar file (t = list contents, v = verbose, f = filename):
tar –tvf mybackups/udev.tar
sysadmin@localhost:~$ tar -tvf mybackups/udev.tar

drwxr-xr-x root/root 0 2015-01-28 16:32 etc/udev/
drwxr-xr-x root/root 0 2015-01-28 16:32 etc/udev/rules.d/
-rw-r--r-- root/root 306 2015-01-28 16:32 etc/udev/rules.d/70-persist
ent-cd.rules
-rw-r--r-- root/root 1157 2012-04-05 19:18 etc/udev/rules.d/README
-rw-r--r-- root/root 218 2012-04-05 19:18 etc/udev/udev.conf
Notice that files were backed up recursively using relative path names. This is important because
when you extract the files, they will be placed in your current directory, not override the current
files.
 Previous
 Next
7.2.3 Step 3
To create a tar file that is compressed use -z option:
tar –zcvf mybackups/udev.tar.gz /etc/udev

ls –lh mybackups
sysadmin@localhost:~$ tar -zcvf mybackups/udev.tar.gz /etc/udev

/etc/udev/
/etc/udev/rules.d/
/etc/udev/rules.d/70-persistent-cd.rules
/etc/udev/rules.d/README
/etc/udev/udev.conf
sysadmin@localhost:~$ ls -lh mybackups/
total 16K
-rw-rw-r-- 1 sysadmin sysadmin 10K Jan 25 04:00 udev.tarf
-rw-rw-r-- 1 sysadmin sysadmin 1.2K Jan 25 04:34 udev.tar.gz
Notice the difference in size; first backup (10 Kbytes) is larger than the second backup (1.2
Kbytes).
The -z option makes use of the gzip utility to perform compression.
 Previous
 Next
7.2.4 Step 4
Extract the contents of an archive. Data is restored to the current directory by default:
cd mybackups
tar –xvf udev.tar.gz
ls
ls etc
ls etc/udev
ls etc/udev/rules.d
sysadmin@localhost:~$ cd mybackups
sysadmin@localhost:~/mybackups$ ls
udev.tar udev.tar.gz
sysadmin@localhost:~/mybackups$ tar -xvf udev.tar.gz
etc/udev/
etc/udev/rules.d/
etc/udev/rules.d/70-persistent-cd.rules
etc/udev/rules.d/README
etc/udev/udev.conf
sysadmin@localhost:~/mybackups$ ls
etc udev.tar udev.tar.gz
sysadmin@localhost:~/mybackups$ ls etc
udev
sysadmin@localhost:~/mybackups$ ls etc/udev
rules.d udev.conf
sysadmin@localhost:~/mybackups$ ls etc/udev/rules.d
70-persistent-cd.rules README
sysadmin@localhost:~/mybackups$
If you wanted the files to "go back" into their original location, you could first cd to the / directory
and then run the tarcommand. However, in this example, this would require you to be logged in
as an administrator because creating files in the /etc directory can only be done by the
administrator.
 Previous
 Next
7.2.5 Step 5
To add a file to an existing archive, use the -r option to the tar command. Execute the following
commands to perform this action and verify the existence of the new file in the tar archive:
tar -rvf udev.tar /etc/hosts

tar –tvf udev.tar
sysadmin@localhost:~/mybackups$ tar -rvf udev.tar /etc/hosts

/etc/hosts
sysadmin@localhost:~/mybackups$ tar -tvf udev.tar
drwxr-xr-x root/root 0 2015-01-28 16:32 etc/udev/
drwxr-xr-x root/root 0 2015-01-28 16:32 etc/udev/rules.d/
-rw-r--r-- root/root 306 2015-01-28 16:32 etc/udev/rules.d/70-persist
ent-c
d.rules
-rw-r--r-- root/root 1157 2012-04-05 19:18 etc/udev/rules.d/README
-rw-r--r-- root/root 218 2012-04-05 19:18 etc/udev/udev.conf
-rw-r--r-- root/root 172 2017-08-21 23:28 etc/hosts
 Previous
 Next
7.2.6 Step 6
In the following examples, you will use gzip and gunzip to compress and uncompress a file.
Execute the following commands to compress a copy of the words file:
cp /usr/share/dict/words .
ls -l words
gzip words
ls -l words.gz
sysadmin@localhost:~/mybackups$ cp /usr/share/dict/words .
sysadmin@localhost:~/mybackups$ ls -l words
-rw-r--r-- 1 sysadmin sysadmin 938848 Jan 25 07:39 words
sysadmin@localhost:~/mybackups$ gzip words
sysadmin@localhost:~/mybackups$ ls -l words.gz
-rw-r--r-- 1 sysadmin sysadmin 255996 Jan 25 07:39 words.gz
Notice the size of the zipped file (255996 bytes in the example above) is much smaller than the
original file (938848 bytes in the example above).
Very important: When you use gzip, the original file is replaced by the zipped file. In the
example above, the file words was replaced with words.gz.
When you unzip the file, the zipped file will be replaced with the original file.
 Previous
 Next
7.2.7 Step 7
Execute the following commands to uncompress the words.gz file:
ls -l words.gz
gunzip words.gz
ls -l words
sysadmin@localhost:~/mybackups$ ls -l words.gz
-rw-r--r-- 1 sysadmin sysadmin 255996 Jan 25 07:39 words.gz
sysadmin@localhost:~/mybackups$ gunzip words.gz
Linux provides a large number of compression utilities in addition to gzip/gunzip. Each of them
have pros and cons (faster compression, better compression rates, more flexible, more portable,
faster decompression, etc.).
The gzip/gunzip commands are very popular in Linux, but you should be aware
that bzip2/bunzip2 are also popular on some Linux distributions. It is fortunate that most of the
functionality (the way you run the commands) and options are the same as gzip/gunzip.
 Previous
 Next
7.2.8 Step 8
Using bzip2 and bunzip2 to compress and uncompress a file is very similar to
using gzip and gunzip. The compressed file is created with a .bz2 extension. The extension is
removed when uncompressed. Execute the following commands to compress a copy of
the words file:
ls -l words
bzip2 words
ls -l words.bz2
sysadmin@localhost:~/mybackups$ bzip2 words
sysadmin@localhost:~/mybackups$ ls -l words.bz2
-rw-r--r-- 1 sysadmin sysadmin 335405 Jan 25 07:39 words.bz2
If you compare the resulting .bz2 file size (335405) to the .gz file size (255996) from Step #7,
you will notice that gzipdid a better job compressing this particular file.
 Previous
 Next
7.2.9 Step 9
Execute the following commands to uncompress the words.bz2 file:
ls -l words.bz2
bunzip2 words.bz2
ls -l words
sysadmin@localhost:~/mybackups$ ls -l words.bz2
-rw-r--r-- 1 sysadmin sysadmin 335405 Jan 25 07:39 words.bz2
sysadmin@localhost:~/mybackups$ bunzip2 words.bz2
While gzip and bzip archive files are commonly used in Linux, the zip archive type is more
commonly used by other operating systems, such as Windows. In fact, the Windows Explorer
application has built-in support to extract zip archive files.
Therefore, if you are planning to share an archive with Windows users, it is usually preferred to
use the zip archive type. Unlike gzip and bzip2, when a file is compressed with
the zip command, a copy of the original file is compressed and the original remains
uncompressed.
 Previous
 Next
7.2.10 Step 10
Use the zip command to compress the words file:
zip words.zip words

ls -l words.zip
sysadmin@localhost:~/mybackups$ zip words.zip words

adding: words (deflated 73%)
sysadmin@localhost:~/mybackups$ ls -l words.zip
-rw-rw-r-- 1 sysadmin sysadmin 256132 Jan 25 21:25 words.zip
The first argument (words.zip in the example above) of the zip command is the file name that
you wish to create. The remaining arguments (words in the example above) are the files that you
want placed in the compressed file.
Important: You are not required to use the .zip extension to the compressed file name;
however, it is helpful for determining the file type. It is also considered "good style" when sending
an archive file to another person.
 Previous
 Next
7.2.11 Step 11
Compress the /etc/udev directory and its contents with zip compression:
zip -r udev.zip /etc/udev

ls -l udev.zip
sysadmin@localhost:~/mybackups$ zip -r udev.zip /etc/udev

adding: etc/udev/ (stored 0%)
adding: etc/udev/rules.d/ (stored 0%)
adding: etc/udev/rules.d/70-persistent-cd.rules (deflated 29%)
adding: etc/udev/rules.d/README (deflated 50%)
adding: etc/udev/udev.conf (deflated 24%)
sysadmin@localhost:~/mybackups$ ls -l udev.zip
-rw-rw-r-- 1 sysadmin sysadmin 1840 Jan 25 21:33 udev.zip
The tar command discussed earlier in this lab automatically descends through any
subdirectories of a directory specified to be archived. With the bzip2, gzip, and zip commands
the -r option must be specified in order to perform recursion into subdirectories.
 Previous
 Next
7.2.12 Step 12
To view the contents of a zip archive, use with the -l option with the unzip command:
unzip -l udev.zip
sysadmin@localhost:~/mybackups$ unzip -l udev.zip

Archive: udev.zip
Length Date Time Name
--------- ---------- ----- ----
0 2015-01-28 16:32 etc/udev/
0 2015-01-28 16:32 etc/udev/rules.d/
306 2015-01-28 16:32 etc/udev/rules.d/70-persistent-cd.rules
1157 2012-04-05 19:18 etc/udev/rules.d/README
218 2012-04-05 19:18 etc/udev/udev.conf
--------- -------
1681 5 files
 Previous
 Next
7.2.13 Step 13
To extract the zip archive, use the unzip command without any options. In this example we first
need to delete the files that were created in the earlier tar example:
rm -r etc
unzip udev.zip
sysadmin@localhost:~/mybackups$ rm -r etc
sysadmin@localhost:~/mybackups$ unzip udev.zip
Archive: udev.zip
creating: etc/udev/
creating: etc/udev/rules.d/
inflating: etc/udev/rules.d/70-persistent-cd.rules
inflating: etc/udev/rules.d/README
inflating: etc/udev/udev.conf
 Previous
 Next
8.1 Introduction
This is Lab 8: Pipes, Redirection and REGEX. By performing this lab, students will learn how to
redirect text streams, use regular expressions, and commands for filtering text files.
1. Learn how to redirect and pipe standard input, output and error channels.
2. Use regular expressions to filter output of commands or file content.
3. View large files or command output with programs for paging, and viewing selected
portions.
8.2 Command Line Pipes and Redirection

Normally, when you execute a command, the output is displayed in the terminal window. This
output (also called a channel) is called standard output, symbolized by the term stdout. The file
descriptor number for this channel is 1.
Standard error (stderr) occurs when an error occurs during the execution of a command; it has
a file descriptor of 2. Error messages are also sent to the terminal window by default.
In this lab, you will use characters that redirect the output from standard output (stdout) and
standard error (stderr) to a file or to another command instead of the terminal screen.
Standard input, stdin, usually is provided by you to a command by typing on the keyboard; it
has a file descriptor of 0. However, by redirecting standard input, files can also be used
as stdin.
 Previous
 Next
8.2.1 Step 1
Use the redirection symbol > to redirect the output from the normal output of stdout (terminal) to
a file. Type the following:
echo "Hello World"

echo "Hello World" > mymessage
cat mymessage
sysadmin@localhost:~$ echo "Hello World"

Hello World
sysadmin@localhost:~$ echo "Hello World" > mymessage
sysadmin@localhost:~$ cat mymessage
Hello World
The first command echos the message (stdout) to the terminal.

The second command redirects the output; instead of sending it to the terminal, the output is sent
to a file called mymessage.
The last command displays the contents of the mymessage file.
 Previous
 Next
8.2.2 Step 2
When you use the > symbol to redirect stdout, the contents of the file are first destroyed. Type
the following commands to see a demonstration:
cat mymessage
echo Greetings > mymessage
cat mymessage

Hello World
sysadmin@localhost:~$ echo Greetings > mymessage
Greetings
Notice that using one redirection symbol overwrites an existing file. This is called "clobbering" a
file.
 Previous
 Next
8.2.3 Step 3
You can avoid clobbering a file by using >> instead of >. By using >> you append to a file.
Execute the following commands to see a demonstration of this:
cat mymessage
echo "How are you?" >> mymessage
cat mymessage

Greetings
sysadmin@localhost:~$ echo "How are you?" >> mymessage
Greetings
How are you?
Notice that by using >> all existing data is preserved and the new data is appended at the end of
the file.
 Previous
 Next
8.2.4 Step 4
The find command is a good command to demonstrate how stderr works. This command
searches the filesystem for files based on criteria such as filename. Run the following command
and observe the output:
find /etc -name hosts
sysadmin@localhost:~$ find /etc -name hosts

find: `/etc/ssl/private': Permission denied
/etc/hosts
Notice the error message indicating you do not have permission to access certain
files/directories. This is because as a regular user, you don't have right to "look inside" some
directories. These types of error messages are sent to stderr, not stdout.
The find command will be covered in greater detail later. The command is just being used now
to demonstrate the difference between stdout and stderr.
 Previous
 Next
8.2.5 Step 5
To redirect stderr (error messages) to a file issue the following command:
find /etc -name hosts 2> err.txt

cat err.txt
sysadmin@localhost:~$ find /etc -name hosts 2> err.txt

/etc/hosts
sysadmin@localhost:~$ cat err.txt
Recall that the file descriptor for stderr is the number 2, so it is used along with the > symbol to
redirect the sdterroutput to a file called err.txt. Note that 1> is the same as >.
Note: The previous example demonstrates why knowing redirection is important. If you want to
"ignore" the errors that the find command displays, you can redirect those messages into a file
and look at them later, making it easier to focus on the rest of the output of the command.
 Previous
 Next
8.2.6 Step 6
You can also redirect stdout and stderr into two separate files.
find /etc -name hosts > std.out 2> std.err

cat std.err
cat std.out
sysadmin@localhost:~$ find /etc -name hosts > std.out 2> std.err

sysadmin@localhost:~$ cat std.err
sysadmin@localhost:~$ cat std.out
/etc/hosts
Notice that a space is permitted but not required after the > redirection symbol.
 Previous
 Next
8.2.7 Step 7
To redirect both standard output (stdout) and standard error (stderr) to one file, first
redirect stdout to a file and then redirect stderr to that same file by using the notation 2>&1.
find /etc -name hosts >find.out 2>&1

cat find.out
sysadmin@localhost:~$ find /etc -name hosts > find.out 2>&1

sysadmin@localhost:~$ cat find.out
/etc/hosts
The 2>&1 part of the command means send the stderr (channel 2) to the same place
where stdout (channel 1) is going.
 Previous
 Next
8.2.8 Step 8
Standard input (stdin) can also be redirected. Normally stdin comes from the keyboard, but
sometimes you want it to come from a file instead. For example, the tr command translates
characters, but it only accepts data from stdin, never from a filename given as an argument.
This is great when you want to do something like capitalize data that is inputted from the
keyboard (Note: Press Control+d, to signal the tr command to stop processing standard input):
tr a-z A-Z
this is interesting
how do I stop this?
^D
sysadmin@localhost:~$ tr a-z A-Z

this is interesting
THIS IS INTERESTING
how do I stop this?
HOW DO I STOP THIS?
Note: ^D symbolizes Control+d
 Previous
 Next
8.2.9 Step 9
The tr command accepts keyboard input (stdin), translates the characters and then sends the
output to stdout. To create a file of all lower case characters, execute the following:
tr A-Z a-z > myfile

Wow, I SEE NOW
This WORKS!
sysadmin@localhost:~$ tr A-Z a-z > myfile

Wow, I SEE NOW
This WORKS!
Press the Enter key to make sure your cursor is on the line below "This works!", then
use Control+d to stop input. To verify you created the file, execute the following command:
cat myfile
sysadmin@localhost:~$ cat myfile

wow, i see now
this works!
 Previous
 Next
8.2.10 Step 10
Execute the following commands to use the tr command by redirecting stdin from a file:
cat myfile
tr a-z A-Z < myfile
sysadmin@localhost:~$ cat myfile

wow, i see now
this works!
sysadmin@localhost:~$ tr a-z A-Z < myfile
WOW, I SEE NOW
THIS WORKS!
 Previous
 Next
8.2.11 Step 11
Another popular form of redirection is to take the output of one command and send it into another
command as input. For example, the output of some commands can be massive, resulting in the
output scrolling off the screen too quickly to read. Execute the following command to take the
output of the ls command and send it into the more command which displays one page of data at
a time:
ls -l /etc | more
sysadmin@localhost:~$ ls -l /etc | more

total 372
-rw-r--r-- 1 root root 2981 Jan 28 2015 adduser.conf
-rw-r--r-- 1 root root 10 Jan 28 2015 adjtime
drwxr-xr-x 1 root root 900 Jan 29 2015 alternatives
drwxr-xr-x 1 root root 114 Jan 29 2015 apparmor.d
drwxr-xr-x 1 root root 168 Oct 1 2014 apt
-rw-r--r-- 1 root root 2076 Apr 3 2012 bash.bashrc
drwxr-xr-x 1 root root 72 Jan 28 2015 bash_completion.d
drwxr-sr-x 1 root bind 342 Jan 29 2015 bind
-rw-r--r-- 1 root root 356 Apr 19 2012 bindresvport.blacklist
-rw-r--r-- 1 root root 321 Mar 30 2012 blkid.conf
lrwxrwxrwx 1 root root 15 Jun 18 2014 blkid.tab -> /dev/.blkid.tab
drwxr-xr-x 1 root root 16 Jan 29 2015 ca-certificates
-rw-r--r-- 1 root root 7464 Jan 29 2015 ca-certificates.conf
drwxr-xr-x 1 root root 14 Jan 29 2015 calendar
drwxr-xr-x 1 root root 24 Jan 29 2015 cron.d
drwxr-xr-x 1 root root 134 Jan 29 2015 cron.daily
drwxr-xr-x 1 root root 24 Jan 29 2015 cron.hourly
drwxr-xr-x 1 root root 24 Jan 29 2015 cron.monthly
-rw-r--r-- 1 root root 2969 Mar 15 2012 debconf.conf
--More--
You will need to press the spacebar to continue or you can also press CTRL+c to escape this
listing.
The cut command is useful for extracting fields from files that are either delimited by a character,
like the colon (:) in /etc/passwd, or that have a fixed width. It will be used in the next few
examples as it typically provides a great deal of output that we can use to demonstrate using
the | character.
 Previous
 Next
8.2.12 Step 12
In the following example, you will use a command called cut to extract all of the usernames from
a database called /etc/passwd (a file that contains user account information). First, try running
the command cut by itself:
cut -d: -f1 /etc/passwd
A portion of the command output is shown in the graphic below.
sysadmin@localhost:~$ cut -d: -f1 /etc/passwd

root
daemon
bin
sys
sync
games
man
lp
mail
news
uucp
proxy
www-data
backup
list
irc
gnats
nobody
libuuid
syslog
bind
sshd
operator
 Previous
 Next
8.2.13 Step 13
The output in the previous example was unordered and scrolled off the screen. In the next step
you are going to take the output of the cut command and send it into the sort command to
provide some order to the output:
cut -d: -f1 /etc/passwd | sort
A portion of the command output is shown in the graphic below.
sysadmin@localhost:~$ cut -d: -f1 /etc/passwd | sort

backup
bin
bind
daemon
games
gnats
irc
libuuid
list
lp
mail
man
news
nobody
operator
proxy
root
sshd
sync
sys
 Previous
 Next
8.2.14 Step 14
Now the output is sorted, but it still scrolls off the screen. Send the output of the sort command
to the more command to solve this problem:
cut -d: -f1 /etc/passwd | sort | more

sysadmin@localhost:~$ cut -d: -f1 /etc/passwd | sort | more
backup
bin
bind
daemon
games
gnats
irc
libuuid
list
lp
mail
man
news
nobody
operator
proxy
root
sshd
sync
sys
sysadmin
syslog
uucp
--More--
 Previous
 Next
8.3 Using find to Find Files

In this task, you will use the find command to find files.
The find command is a very flexible command with a host of options allowing users to locate
files based on a vast array of criteria such as filename, size, date, type and permission. The basic
command construct is:
find <directory to start search> -criteria <argument for criteria>
The command will begin the search in the directory specified and recursively search all of the
subdirectories.
 Previous
 Next
8.3.1 Step 1
Search for files beginning in your home directory containing the name bash.
find ~ -name "*bash*"
sysadmin@localhost:~$ find ~ -name "*bash*"

/home/sysadmin/.bash_logout
/home/sysadmin/.bashrc
Remember that ~ is used to represent your home directory.
 Previous
 Next
8.3.2 Step 2
Find files that were modified (or created) less than 5 minutes ago in the specified directory by
find ~/Music -mmin -5

touch ~/Music/mysong
sysadmin@localhost:~$ find ~/Music -mmin -5

sysadmin@localhost:~$ touch ~/Music/mysong
/home/sysadmin/Music
/home/sysadmin/Music/mysong
The first find command does not find files that were modified within the time specified. You then
created a file by using the touch command and ran the find command again, resulting in
the find command discovering the new file.
The Music directory was displayed with the second find command because the directory was
modified, the result of a file being added to the directory.
 Previous
 Next
8.3.2 Step 2
Find files that were modified (or created) less than 5 minutes ago in the specified directory by

touch ~/Music/mysong

sysadmin@localhost:~$ touch ~/Music/mysong
/home/sysadmin/Music
/home/sysadmin/Music/mysong
The first find command does not find files that were modified within the time specified. You then
created a file by using the touch command and ran the find command again, resulting in
the find command discovering the new file.
The Music directory was displayed with the second find command because the directory was
modified, the result of a file being added to the directory.
 Previous
 Next
8.3.4 Step 4
Find files of type “directory” in the specified location.
find /usr/share/bug -type d
sysadmin@localhost:~$ find /usr/share/bug -type d

/usr/share/bug
/usr/share/bug/apt
/usr/share/bug/gnupg
/usr/share/bug/initramfs-tools
/usr/share/bug/procps
/usr/share/bug/cron
/usr/share/bug/file
/usr/share/bug/libmagic1
/usr/share/bug/logrotate
/usr/share/bug/man-db
/usr/share/bug/vim-tiny
 Previous
 Next
8.3.5 Step 5
To verify that the output displays directories, use the -ls option. The find command uses the -
print option by default which displays just file names. The -ls option provides file details:
find /usr/share/bug -type d -ls
sysadmin@localhost:~$ find /usr/share/bug -type d -ls

2280 0 drwxr-xr-x 1 root root 138 Jan 29 2015 /usr/sha
re/bug
re/bu
g/apt
re/bug/gnupg
re/bug/initramfs-tools
re/bug/procps
re/bug/cron
re/bug/file
re/bug/libmagic1
re/bug/logrotate
10795 0 drwxr-xr-x 1 root root 14 Jan 29 2015 /usr/shar
e/bu
g/man-db
re/bug/vim-tiny
Recall that the d character before the permissions rwxr-x-r-x indicates that the file is actually
a directory.
 Previous
 Next
8.4 Viewing Large Text Files

Although large text files can be viewed with the cat command, it is inconvenient to scroll
backwards towards the top of the file. Additionally, really large files can't be displayed in this
manner because the terminal window only stores a specific number of lines of output in memory.
The use of the more or less commands allows for the user to the view data a "page" or a line at a
time. These "pager" commands also permit other forms of navigation and searching that will be
demonstrated in this section.
Note: examples are given using both the more and less commands. Most of the time, the
commands work the same, however the less command is more advanced and has more
features. The more command is still important to know because some Linux distributions don't
have the less command, but all Linux distributions have the more command.
If you are not interested in viewing the entire file or output as a command, then there are
numerous commands that are able to filter the contents of the file or output. In this section, you
will learn the use of the head and tail commands to be able to extract information from the top
or bottom of the output of a command or file contents.
 Previous
 Next
8.4.1 Step 1
The /etc/passwd is likely too large to be displayed on the screen without scrolling the screen.
To see a demonstration of this, use the cat command to display the entire contents of
the /etc/passwd file:
cat /etc/passwd
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
syslog:x:101:103::/home/syslog:/bin/false
bind:x:102:105::/var/cache/bind:/bin/false
sshd:x:103:65534::/var/run/sshd:/usr/sbin/nologin
operator:x:1000:37::/root:/bin/sh
sysadmin:x:1001:1001:System Administrator,,,,:/home/sysadmin:/bin/bash
 Previous
 Next
8.4.2 Step 2
Use the more command to display the entire contents of the /etc/passwd file:
more /etc/passwd
root:x:0:0:root:/root:/bin/bash
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
--More--(92%)
Note: The --More--(92%) indicates you are "in" the more command and 92% through the
current data.
 Previous
 Next
8.4.3 Step 3
While you are in the more command, you can view the help screen by pressing the h key:
Most commands optionally preceded by integer argument k. Defaults in brack

ets
Star (*) indicates argument becomes new default.
---------------------------------------------------------------------------
---
<space> Display next k lines of text [current screen size]
z Display next k lines of text [current screen size]*
<return> Display next k lines of text [1]*
d or ctrl-D Scroll k lines [current scroll size, initially 11]*
q or Q or <interrupt> Exit from more
s Skip forward k lines of text [1]
f Skip forward k screenfuls of text [1]
b or ctrl-B Skip backwards k screenfuls of text [1]
' Go to place where previous search started
= Display current line number
/<regular expression> Search for kth occurrence of regular expression [1]
n Search for kth occurrence of last r.e [1]
!<cmd> or :!<cmd> Execute <cmd> in a subshell
v Start up /usr/bin/vi at current line
ctrl-L Redraw screen
:n Go to kth next file [1]
:p Go to kth previous file [1]
:f Display current file name and line number
. Repeat previous command
---------------------------------------------------------------------------
---
--More--(92%)
 Previous
 Next
8.4.4 Step 4
Press the Spacebar to view the rest of the document:
<SPACE>
In the next example, you will learn how to search a document using either
the more or less commands.
Searching for a pattern within both the more and less commands is done by typing the slash, /,
followed by the pattern to find. If a match is found, the screen should scroll to the first match. To
move forward to the next match, press the n key. With the less command you can also move
backwards to previous matches by pressing the N (capital n) key.
 Previous
 Next
8.4.5 Step 5
Use the less command to display the entire contents of the /etc/passwd file. Then search for
the word bin, use n to move forward, and N to move backwards. Finally, quit the less pager by
typing the letter q:
less /etc/passwd
/bin
nnnNNNq
Important: Unlike the more command which automatically exits when you reach the end of a file,
you must press a quit key such as q to quit the less program.
 Previous
 Next
8.4.6 Step 6
You can use the head command to display the top part of a file. By default, the head command
will display the first ten lines of the file:
head /etc/passwd
sysadmin@localhost:~$ head /etc/passwd

 Previous
 Next
8.4.7 Step 7
Use the tail command to display the last ten lines of the /etc/passwd file:
tail /etc/passwd
sysadmin@localhost:~$ tail /etc/passwd

 Previous
 Next
8.4.8 Step 8
Use the head command to display the first two lines of the /etc/passwd file:
head -2 /etc/passwd
sysadmin@localhost:~$ head -2 /etc/passwd

 Previous
 Next
8.4.9 Step 9
Execute the following command line to pipe the output of the ls command to the tail command,
displaying the last five file names in the /etc directory:
ls /etc | tail -5
sysadmin@localhost:~$ ls /etc | tail -5

update-motd.d
updatedb.conf
vim
wgetrc
xml
As you've seen, both head and tail commands output ten lines by default. You could also use
an option -# (or you can use the option -n #, where # is a number of lines to output). Both
commands can be used to read standard input from a pipe that receives output from a command.
You have also seen where head and tail commands are different: the head command starts
counting its lines to output from the top of the data, whereas the tail command counts the
number of lines to output from the bottom of the data. There are some additional differences
between these two commands as demonstrated in the next few tasks.
 Previous
 Next
8.4.10 Step 10
Another way to specify how many lines to output with the head command is to use the option -n
-#, where # is number of lines counted from the bottom of the output to exclude. Notice the minus
symbol - in front of the #. For example, if the /etc/passwd contains 24 lines and the following
command will display lines 1-4, excluding the last twenty lines:
head -n -20 /etc/passwd

sysadmin@localhost:~$ head -n -20 /etc/passwd
 Previous
 Next
8.5 Searching Text Using Regular Expressions

In this task, you will use the grep family of commands with regular expressions in order to search
for a specific string of characters in a stream of data (for example, a text file).
The grep command uses basic regular expressions, special characters like wildcards that match
patterns in data. The grepcommand returns the entire line containing the pattern that matches.
The -E option to the grep command can be used to perform searches with extended regular
expressions, essentially more powerful regular expressions. Another way to use extended regular
expressions is to use the egrep command.
The fgrep command is used to match literal characters, ignoring the special meaning of regular
expression characters.
 Previous
 Next
8.5.1 Step 1
The use of grep in its simplest form is to search for a given string of characters, such as sshd in
the /etc/passwd file. The grep command will print the entire line containing the match:
cd /etc
grep sshd passwd
sysadmin@localhost:~$ cd /etc
sysadmin@localhost:/etc$ grep sshd passwd
sysadmin@localhost:/etc$
 Previous
 Next
8.5.2 Step 2
Regular expressions are "greedy" in the sense that they will match every single instance of the
specified pattern:
grep root passwd
sysadmin@localhost:/etc$ grep root passwd

Note the red highlights indicate what exactly was matched. You can also see that all occurrences
of root were matched on each line.
 Previous
 Next
8.5.3 Step 3
To limit the output, you can use regular expressions to specify a more precise pattern. For
example, the caret ( ^ ) character can be used to match a pattern at the beginning of a line; so
when you execute the following command line, only lines that begin with root should be
matched and displayed:
grep '^root' passwd
sysadmin@localhost:/etc$ grep '^root' passwd

Note that there are two additional instances of the word root but only the one appearing at the
beginning of the line is matched (displayed in red).
Best Practice: Use single quotes (not double quotes) around regular expressions to prevent the
shell program from trying to interpret them.
 Previous
 Next
8.5.4 Step 4
Match the pattern sync anywhere on a line:
grep 'sync' passwd
sysadmin@localhost:/etc$ grep 'sync' passwd

 Previous
 Next
8.5.5 Step 5
Use the $ symbol to match the pattern sync at the end of a line:
grep 'sync$' passwd
sysadmin@localhost:/etc$ grep 'sync$' passwd

The first command matches every instance; the second only matches the instance at the end of
the line.
 Previous
 Next
8.5.6 Step 6
Use the period character . to match any single character. For example, execute the following
command to match any character followed by a 'y':
grep '.y' passwd
sysadmin@localhost:/etc$ grep '.y' passwd

 Previous
 Next
8.5.7 Step 7
The pipe character, |, or "alternation operator", acts as an "or" operator. For example, execute
the following to attempt to match either sshd, root or operator:
grep 'sshd|root|operator' passwd
sysadmin@localhost:/etc$ grep 'sshd|root|operator' passwd

Observe that the grep command does not recognize the pipe as the alternation operator by
default. The grep command is actually including the pipe as a plain character in the pattern to be
matched. The use of either grep -E or egrep will allow the use of the extended regular
expressions including alternation.
 Previous
 Next
8.5.8 Step 8
Use the -E switch to allow grep to operate in extended mode in order to recognize the alternation
operator:
grep -E 'sshd|root|operator' passwd
sysadmin@localhost:/etc$ grep -E 'sshd|root|operator' passwd

 Previous
 Next
8.5.9 Step 9
Use another extended regular expression, this time with egrep with alternation in a group to
match a pattern. The strings nob and non will match:
egrep 'no(b|n)' passwd

sysadmin@localhost:/etc$ egrep 'no(b|n)' passwd
Note: The parenthesis, ( ), were used to limit the "scope" of the | character. Without them, such
as nob|n, the pattern would have meant "match either nob or n”
 Previous
 Next
8.5.10 Step 10
The [ ] characters can also be used to match a single character, however unlike the period
character ., the [ ]characters are used to specify exactly what character you want to match. For
example, if you want to match a numeric character, you can specify [0-9]. Execute the following
command for a demonstration:
head passwd | grep '[0-9]'
sysadmin@localhost:/etc$ head passwd | grep '[0-9]'

Note: The head command was used to limit the output of the grep command.
 Previous
 Next
8.5.11 Step 11
Suppose you want to search for a pattern containing a sequence of three digits. You can use {
} characters with a number to express that you want to repeat a pattern a specific number of
times; for example: {3} The use of the numeric qualifier requires the extended mode of grep:
grep -E '[0-9]{3}' passwd
sysadmin@localhost:/etc$ grep -E '[0-9]{3}' passwd

 Previous
 Next
9.1 Introduction
This is Lab 9: Scripting Commands of the Linux Essentials. By performing this lab, students will
learn how to use the vi editor to create basic shell scripts using basic shell commands, variables
and control statements.
 Use the vi editor to create and edit text files.

 Create simple shell scripts.
 Create shell scripts with conditional execution.
 Use loops in the script for repetition.
 Previous
 Next
9.2 Basic Text Editing

Most distributions of Linux have more than one text editor. These may include simple text-only
editors, such as nano, or graphical editors, such as gedit.
In this task, you will explore some of the basic text editing features of the vi editor. All
distributions have some version of vi. The vi editor is a powerful text editor with a bit of a
learning curve, but capable of performing a wide variety of text editing tasks.
The vi editor has two modes: insert and command. In insert mode, you add text to a document.
In command mode, operations can be performed such as navigation, searching, saving, and
exiting the editor.
 Previous
 Next
9.2.1 Step 1
To create a new file, execute the following command:
vi myfile
Type an i to enter the “insert” mode of vi (more about this later). Then enter the following text:
Welcome to the vi editor.

It is a very powerful text editor.
Especially for those who master it.
Then press the Esc key to leave insert mode. Type :wq to write the file to disk and quit.
Note: Each of the previous commands will be covered in greater detail later in this lab. The
purpose of the previous step was to create a file to work with during this lab.
 Previous
 Next
9.2.2 Step 2
Invoke the vi editor to modify the file you created. When vi is invoked ,you are placed
in command mode by default:
vi myfile

~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
"myfile" 3 lines, 97 characters
Notice in the bottom-left, the file name, the number of lines, and the number of characters in the
file are displayed.
 Previous
 Next
9.2.3 Step 3
Press each of the following keys two times and observe how the cursor moves. Remember that
you are in command mode:
Key Function
j Moves cursor down one line (same as down arrow)
k Moves cursor up line (same as up arrow)
l Moves cursor to the right one character (same as right arrow)
h Moves cursor to the left one character (same as left arrow)

Key Function
w Moves cursor to beginning of next word
e Moves cursor to end of word
b Moves cursor to beginning of previous word
Warning: If you type any other keys then those listed above, you may end up in insert mode.
Don't panic! Press the Esckey, then :q! + the Enter key. This should exit vi without saving any
changes. Then execute vi myfile and you are back in the vi editor!
 Previous
 Next
9.2.4 Step 4
More vi cursor navigation: Press the following keys and observe how the cursor moves:
Keys Function
$ Moves cursor to end of current line (same as End key)
0 (zero) Moves cursor beginning of current line (same as Home key)
3G Jumps to third line (nG jumps to the nth line)
1G Jumps to first line
Shift+G Jumps to the last line
 Previous
 Next
9.2.5 Step 5
Move the cursor to the beginning of the word "very" by pressing the following keys:
G
k
8l (that's the number eight followed by the letter "l")
The cursor should be on the letter v of the word "very" as shown below:

~
~
 Previous
 Next
9.2.6 Step 6
Delete the word “very” by issuing the command dw (delete word):
dw
Your screen should look similar to the following:

It is a powerful text editor.
~
 Previous
 Next
9.2.7 Step 7
Undo the last operation:

~
~
 Previous
 Next
9.2.8 Step 8
Delete two words:
2dw

It is a text editor.
~
~
 Previous
 Next
9.2.9 Step 9

~
~
 Previous
 Next
9.2.10 Step 10
Delete four characters, one at a time:
xxxx

It is a powerful text editor.
~
~
 Previous
 Next
9.2.11 Step 11
Undo the last 4 operations and recover the deleted characters:
4u

~
~
 Previous
 Next
9.2.12 Step 12
Delete 14 characters:
14x

It is a text editor.
~
~
 Previous
 Next
9.2.13 Step 13

~
~
 Previous
 Next
9.2.14 Step 14
Delete the five characters to the left of the cursor (type 5 then Shift+x):
5X

It very powerful text editor.
~
~
 Previous
 Next
9.2.15 Step 15

~
~
 Previous
 Next
9.2.16 Step 16
Delete the current line:
dd

~
~
 Previous
 Next
9.2.17 Step 17
Whatever was lasted deleted or yanked can be “pasted”. Paste the deleted lines below the
current line:

~
~
 Previous
 Next
9.2.18 Step 18
Undo the last two operations:
2u

~
~
 Previous
 Next
9.2.19 Step 19
Delete two lines, the current and the next:
2dd

~
~
 Previous
 Next
9.2.20 Step 20

~
~
 Previous
 Next
9.2.21 Step 21
Move to the fourth word then delete from the current position to end of line Shift+D:
4w
D

It is a very
~
~
The command d$ also deletes to end of line. The $ character, as seen earlier, advances to end of
line. Thus, d$ deletes to end of line.
 Previous
 Next
9.2.22 Step 22
u

~
~
 Previous
 Next
9.2.23 Step 23
Join two lines, the current and the next by typing a capital J (Shift+J):

It is a very powerful text editor. Especially for those who master it.
~
~
 Previous
 Next
9.2.24 Step 24

~
~
 Previous
 Next
9.2.25 Step 25
Copy (or “yank”) the current word:
yw
When you copy text, no change will take place on the screen.
 Previous
 Next
9.2.26 Step 26
Paste (or “put”) the copied word before the current cursor:

It is a very powerful powerful text editor.
~
~
 Previous
 Next
9.2.27 Step 27

~
~
 Previous
 Next
9.2.28 Step 28
Move to the first line, then join three lines:
1G
3J
Welcome to the vi editor. It is a very powerful text editor. Especially fo

r those who master it.
~
~
 Previous
 Next
9.2.29 Step 29

~
~
 Previous
 Next
9.2.30 Step 30
Search for and delete the word text (add a space after the word text):
:%s/text //g

~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
:%s/text //g
 Previous
 Next
9.2.31 Step 31
Navigate to beginning of file, then press i to enter insert mode to add text:
Keys Function
1G Go to beginning of file (Shift+G)

Keys Function
i Enter insert mode
Hello and Add text to document with a space after “and”
Hello and Welcome to the vi editor.

~
~
 Previous
 Next
9.2.32 Step 32
Exit insert mode and return to command mode by pressing the Escape key:
ESC
 Previous
 Next
9.2.33 Step 33
Move forward one space by pressing the lower case l to place the cursor on the W and toggle it to
lower case by pressing the tilde (~):
Keys Function
l Lowercase ‘L’ moves forward one space
~ Shift+` changes letter to lower case
Hello and welcome to the vi editor.

~
~
 Previous
 Next
9.2.34 Step 34
Save the file. Press the Esc key to ensure you are in command mode. Then type :w and
the Enter key:
:w
 Previous
 Next
9.2.35 Step 35
When you press Enter to commit the change, note the message in lower left indicating the file
has been written:
~
~
"myfile" 3 lines, 102 characters written
 Previous
 Next
9.2.36 Step 36
Navigate to the space between the word "powerful" and "editor" in the second line as shown
in the image below. You could press j followed by 10l or use the arrow keys:
Command Function/Keys
j Move down to second line

10l 10 followed by the lowercase ‘L’

It is a very powerful editor.
~
~
 Previous
 Next
9.2.37 Step 37
Append text to the right of the cursor by pressing the letter a. This moves the cursor to the right
and enters insert mode. Type the word text followed by a space as shown in image below:
a Enter insert mode.
text text followed by a space

~
~
 Previous
 Next
9.2.38 Step 38
Exit insert mode by pressing the Esc key.
 Previous
 Next
9.2.39 Step 39
Open a blank line below the current line by typing a lowercase letter o:

_
~
~
 Previous
 Next
9.2.40 Step 40
Enter the following text:
This line added by pressing lowercase o.

This line was added by pressing lowercase o.
~
~
 Previous
 Next
9.2.41 Step 41
 Previous
 Next
9.2.42 Step 42
Open a blank line above the current line by pressing uppercase O:


~
~
 Previous
 Next
9.2.43 Step 43
Enter the following text:
You just pressed O to open a line above.

~
~
 Previous
 Next
9.2.44 Step 44
 Previous
 Next
9.2.45 Step 45
Save the file and close the vi editor using any one of the following methods that saves changes:
:x Will save and close the file.
:wq Will write to file and quit.
:wq! Will write to a read-only file, if possible, and quit.
ZZ Will save and close. Notice that no colon : is used in this case.
:q! Exit without saving changes
:e! Discard changes and reload file
:w! Write to read-only, if possible.
 Previous
 Next
9.2.46 Step 46
Once again open myfile using the vi editor:
vi myfile
 Previous
 Next
9.2.47 Step 47
Navigate to the third line, delete the third and fourth lines:
3G
2dd

~
~
 Previous
 Next
9.2.48 Step 48
Press the Esc key to confirm you are in command mode.
 Previous
 Next
9.2.49 Step 49
Quit the vi editor without saving your changes:
:q!
 Previous
 Next
9.2.50 Step 50
Open myfile with the vi editor:
vi myfile
Notice that lines 3 and 4 are still present.
 Previous
 Next
9.2.51 Step 51
Search forward for the word line. You’ll notice the cursor moves to the beginning of the first
instance of the word line as shown in image below:
/line

~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
/ line
 Previous
 Next
9.2.52 Step 52
Search for the next instance of the word line by pressing the letter n:

~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
/ line
 Previous
 Next
9.2.53 Step 53
Search backward for the word line. You’ll notice the cursor moves to the beginning of the
previous instance of the word line as shown in image below:
?line

~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
?line
 Previous
 Next
9.2.54 Step 54
Search for the previous instance of the word line by pressing the letter n. Since there are none
in this direction, vi will wrap around the document:

~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
search hit TOP, continuing at BOTTOM
 Previous
 Next
9.2.55 Step 55
You will replace the word line with the word entry. When you press cw the word line will
disappear and you will be in insert mode:
cw
entry

This entry was added by pressing lowercase o.
~
~
 Previous
 Next
9.2.56 Step 56
Press Esc key to exit insert mode.
 Previous
 Next
9.2.57 Step 57
Add text at the beginning of a line. Enter insert mode again and add a line by pressing upper
case i:

~
~
Insert modes include: i, I, a, A, o, and O.

 Previous
 Next
9.2.58 Step 58
Press the Esc key to return to command mode.
 Previous
 Next
9.2.59 Step 59
Add text at the end of a line (uppercase A). First move to the second line and add the
phrase Indeed!:
2G
A
[Space]Indeed!
Press the Esc key to return to command mode.


It is a very powerful text editor. Indeed!
~
~
 Previous
 Next
9.2.60 Step 60
Save your changes and exit vi:
:x
 Previous
 Next
9.3 Basic Shell Scripting
Shell scripting allows you to take a complex sequence of commands, place them into a file and
then run the file as a program. This saves you the time of having to repeatedly type a long
sequence of commands that you routinely use.
This lab will focus on how to create simple shell scripts. For the purpose of this lab, it is assumed
that you know how to use a text editor. Feel free to use the editor of your
choice: vi, nano, gedit or any other editor that you like.
 Previous
 Next
9.3.1 Step 1
To create a simple shell script, you just need to create a text file and add commands. Create a file
called sample.sh and add the following lines:
echo "Hello there! Here is the calendar for this month:"

cal
cal
~
~
 Previous
 Next
9.3.2 Step 2
To make it clear that this is a BASH shell script, you need to include a special line at the top of
the file called a "shbang" (or "shebang"). This line starts with #! and then contains the path to the
BASH shell executable. Add the following line at the top of the sample.sh file:
#!/bin/bash
#!/bin/bash
cal
~
~
 Previous
 Next
9.3.3 Step 3
One way that you can run this program is by typing bash before the filename. Execute the
following:
bash sample.sh
sysadmin@localhost:~$ bash sample.sh
Hello there! Here is the calendar for this month:
April 2016
Su Mo Tu We Th Fr Sa
1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
 Previous
 Next
9.3.4 Step 4
You can avoid having to type bash in front of the filename by making the file "executable" for all
users. Run the following commands:
ls -l sample.sh
chmod a+x sample.sh
ls -l sample.sh
./sample.sh
sysadmin@localhost:~$ ls -l sample.sh
-rw-rw-r-- 1 sysadmin sysadmin 73 Apr 9 22:44 sample.sh
sysadmin@localhost:~$ chmod a+x sample.sh
sysadmin@localhost:~$ ./sample.sh
April 2016
1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
The chmod command is used to change permissions on the file so that the file can be executed.
 Previous
 Next
9.3.5 Step 5
A common feature used in scripting is "backquoting". With this technique, you can run a shell
command "within" another shell command. The outcome of the internal command will be returned
as an argument to the external command. Add the following to the bottom of the sample.sh file:
echo "Today is" `date +%A`
Now execute it:
cat sample.sh
./sample.sh
sysadmin@localhost:~$ cat sample.sh
#!/bin/bash
cal
echo "Today is" `date +%A`
sysadmin@localhost:~$ ./sample.sh
April 2016
1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
Today is Friday
 Previous
 Next
9.3.6 Step 6
You have been using ./ in front of the sample.sh filename to indicate that the file is in the
current directory. Execute the following to see how the shell would fail to find the file if you don't
use the ./:
sample.sh
Your screen should look like the following:
sysadmin@localhost:~$ sample.sh
-bash: sample.sh: command not found
 Previous
 Next
9.3.7 Step 7
Recall that the $PATH variable is used to search for commands that you type. Execute the
following to see the $PATHvariable for the sysadmin account:
echo $PATH
sysadmin@localhost:~$ echo $PATH
/home/sysadmin/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:
/bin:/usr/games
 Previous
 Next
9.3.8 Step 8
Note that /home/sysadmin/bin is one of the directories in the $PATH variable. This is a great
place to put your shell scripts:
mkdir bin
mv sample.sh bin
sample.sh
sysadmin@localhost:~$ mkdir bin
sysadmin@localhost:~$ mv sample.sh bin
sysadmin@localhost:~$ sample.sh
April 2016
1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
Today is Friday
 Previous
 Next
9.4 Conditional and Repetitive Execution

Note that during this section examples that are more complex will be demonstrated. When doing
so, you will be using a technique to describe what is happening in the program. The technique will
look like the following:
Enter this column into drive.sh This column describes the code (don't enter into the file)
echo "Please enter your age" # print a prompt
read age # read user input and place in $age variable
When following the instructions provided, you are to enter the text from the left column into the
specified file (drive.sh in the example above). The right column is used to describe specific
lines in the program. The pound sign # character is used because in a shell script, you can place
comments within your program by using a # character.
 Previous
 Next
9.4.1 Step 1
Scripts that are more complex may make use of conditional execution. A conditional expression,
like the if statement, can make use of the outcome of a command called test.
The test statement compares two numbers (or two strings) for things like "equal to", "less than",
etc.
Create the following file (drive.sh) and make it executable to see how
the if and test statements work. Begin by placing the following in drive.sh:
Enter this column into drive.sh This column describes the code (don't enter into the f
#!/bin/bash
echo "Please enter your age" # print a prompt
read age # read user input and place in the $age variable
if test $age -lt 16 # test $age -lt 16 returns "true" if $age is numerically le
then
echo "You are not old enough to drive." # executes when test is true
else
echo "You can drive!" # executes when test is false
fi # This ends the if statement
Then make the file executable and run it:
cat drive.sh
chmod a+x drive.sh
./drive.sh
sysadmin@localhost:~$ cat drive.sh

#!/bin/bash
echo "Please enter your age"
read age
if test $age -lt 16
then
echo "You are not old enough to drive."
else
echo "You can drive!"
fi
sysadmin@localhost:~$ chmod a+x drive.sh
sysadmin@localhost:~$ ./drive.sh
Please enter your age
14
You are not old enough to drive.
Verbally, you could read the if statement as "If $age is less than 16, then echo 'You are not old
enough to drive', else echo 'You can drive!'". The fi ends the if statement.
Note: $age must be an integer value. If not, the program will crash.
 Previous
 Next
9.4.2 Step 2
The test statement is automatically called when you place its arguments within square brackets [
] surrounded by spaces. Modify the if line of drive.sh so it looks like the following:
if [ $age -lt 16 ]
Then run the program again:
cat drive.sh
./drive.sh
sysadmin@localhost:~$ cat drive.sh

#!/bin/bash
echo "Please enter your age"
read age
if [ $age -lt 16 ]
then
echo "You are not old enough to drive."
else
echo "You can drive!"
fi
sysadmin@localhost:~$ ./drive.sh
Please enter your age
21
You can drive!
To see a full list of test conditions, run the command man test.
Important: There must be spaces around the square brackets. [$age -lt 16] would fail, but [
$age -lt 16 ]would work.
 Previous
 Next
9.4.3 Step 3
You can also use the outcome of other shell commands as they all return "success" or "failure".
For example, create and run the following program, which can be used to determine if a user
account is on this system. Add the following to check.sh:
#!/bin/bash
echo "Enter a username to check: "
read name
if grep $name /etc/passwd > /dev/null
then
echo "$name is on this system"
else
echo "$name does not exist"
fi
Then run the following commands:
chmod a+x check.sh

./check.sh
When prompted for a username, give the value of "root". Execute the command again
(./check.sh) and provide the value of "bobby". Your screen should look like the following:
sysadmin@localhost:~$ cat check.sh
#!/bin/bash
echo "Enter a username to check: "
read name
if grep $name /etc/passwd > /dev/null
then
echo "$name is on this system"
else
echo "$name does not exist"
fi
sysadmin@localhost:~$ chmod a+x check.sh
sysadmin@localhost:~$ ./check.sh
Enter a username to check:
root
root is on this system
sysadmin@localhost:~$ ./check.sh
Enter a username to check:
bobby
bobby does not exist
 Previous
 Next
9.4.4 Step 4
Another common conditional statement is called the while loop. This statement is used to
execute code repeatedly as long as a conditional check returns "true". Begin by placing the
following in a file named num.sh:
Enter this column into num.sh This column describes the code (don't enter in
#!/bin/bash
echo "Please enter a number greater than 100"
read num
Enter this column into num.sh This column describes the code (don't enter in
while [ $num -le 100 ] # Execute code from "do" to "done if test cond
do
echo "$num is NOT greater than 100."
read num
done # This ends the while statement
echo "Finally, $num is greater than 100"
Then make the file executable and run it:
chmod a+x num.sh

./num.sh
When prompted for a number, enter 25. When prompted again, enter 99. Finally, enter 101 when
prompted for a number the third time. Your screen should look like the following:
sysadmin@localhost:~$ cat num.sh

#!/bin/bash
read num
while [ $num -le 100 ]
do
echo "$num is NOT greater than 100."
echo "Please enter a number greater than 100."
read num
done
echo "Finally, $num is greater than 100"
sysadmin@localhost:~$ chmod a+x num.sh
sysadmin@localhost:~$ ./num.sh
Please enter a number greater than 100
25
25 is NOT greater than 100.
Please enter a number greater than 100.
99
99 is NOT greater than 100.
Please enter a number greater than 100.
101
Finally, 101 is greater than 100
If the conditional check for the while statement ( [ $num -le 100 ] ) returns true, then the
statements between doand done are executed.
Once those statements have completed executing, the conditional check for the while statement
is checked again. If true again, then again the statements between do and done are executed.
This will continue repeating until the while condition returns false, or when the value is greater
than 100.
 Previous
 Next
9.4.5 Step 5
Scripting code is part of the BASH shell, which means you can use these statements on the
command line just like you use them in a shell script. This can be useful for a statement like
the for statement, a statement that will assign a list of values one at a time to a variable. This
allows you to perform a set of operations on each value. For example, run the following on the
command line:
for name in /etc/passwd /etc/hosts /etc/group

do
wc $name
done
sysadmin@localhost:~$ for name in /etc/passwd /etc/hosts /etc/group

> do
> wc $name
> done
24 30 1001 /etc/passwd
7 15 161 /etc/hosts
46 46 561 /etc/group
Note that the wc command was run three times: once for /etc/passwd, once
for /etc/hosts and once for /etc/group.
 Previous
 Next
9.4.6 Step 6
Often the seq command is used in conjunction with the for statement. The seq command can
generate a list of integer values, for instance from 1 to 10. For example, run the following on the
command line to create 12 files named test1, test2, test3, etc. (up to test12):
ls
for num in `seq 1 12`
do
touch test$num
done
ls
Desktop Downloads Pictures Templates check.sh num.sh
Documents Music Public Videos drive.sh
sysadmin@localhost:~$ for num in `seq 1 12`
> do
> touch test$num
> done
Desktop Music Templates drive.sh test10 test2 test5 test8
Documents Pictures Videos num.sh test11 test3 test6 test9
Downloads Public check.sh test1 test12 test4 test7
 Previous
 Next
10.1 Introduction
This is Lab 10: Understanding Computer Hardware. By performing this lab, students will learn
about commands to display information about the computer's hardware.
 Use commands to list hardware.
 Previous
 Next
10.2 Listing Computer Hardware

In this task, you will execute some commands and examine some files to display your hardware
configuration.
 Previous
 Next
10.2.1 Step 1
In order to determine the type of CPU execute the lscpu command:
lscpu
Your output will be similar to the following:
Being able to display CPU information can be important when trying to determine if more
advanced Linux features can be used on your system. For even more details about your CPU(s),
you can examine the /proc/cpuinfo file, especially, the "flags" that are listed that determine
whether or not your CPU has certain features.
 Previous
 Next
10.2.2 Step 2
View the /proc/cpuinfo file:
cat /proc/cpuinfo
 Previous
 Next
10.2.3 Step 3
To discover how much RAM and swap space is being used, use the free command:
free -m
free -g
The output shows the amount of memory in megabytes when the -m option is used and in
gigabytes when the -g option is used:
In the output above, you can see that the system has 16049 megabytes (roughly 15 gigabytes) of
physical memory (RAM). Of that only 1066 megabytes are being used, a good sign that you have
enough memory for your system's needs.
In the event that you run out of memory, Swap is used. Swap is hard drive space that is used to
temporarily store data that is supposed to be stored in RAM.
 Previous
 Next
10.2.4 Step 4
To see what devices are connected to the PCI bus, use the lspci command:
lspci
Notice from the partial output below, that many of the devices connected to the system board are
displayed:
The output of the lspci command can be very important to identify devices that are not
supported by the Linux kernel. Some devices like video cards may only provide basic functionality
without installing proprietary driver software.
 Previous
 Next
10.2.5 Step 5
Use the lspci command with the -k option to show devices along with the kernel driver and
modules used:
 Previous
 Next
10.2.6 Step 6
Attempt to list the USB connected devices:
lsusb
The output of this command is unusual since no USB devices are detected:
sysadmin@localhost:~$ lsusb
unable to initialize libusb: -99
Due to this system being virtualized, the USB devices do not appear as they normally would
when executing the lsusbcommand. Normally, if USB devices are present, it would have shown
something like this:
sysadmin@localhost:~$ lsusb
Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
HAL is the Hardware Abstraction Layer. The daemon for HAL is hald, which gathers information
about devices connected to the system. When events occur that somehow change the state of
the connected devices, then hald broadcasts this information to any processes that have
registered for the events. On systems that use HAL, the lshal command will be able to list the
devices of that system.
 Previous
 Next
10.2.7 Step 7
For hardware to function, the Linux kernel usually loads a driver or module. Use
the lsmod command to view the currently loaded modules:
lsmod
Partial output of the command is shown below. The first column is the module name, and the
second is the amount of memory used by the module. The number in the "Used by" column
indicates how many other modules are using the module. The names of the other modules using
the module may also be listed in the "Used by" column, but is often incomplete:
 Previous
 Next
10.2.8 Step 8
The system board of many computers contains what is known as BIOS, or a Basic Input and
Output System. System Management BIOS, or SMBIOS, is a standard defining the data
structures and how to communicate information about computer hardware.
The dmidecode command is able to read and print the information from the SMBIOS of many
systems. We will not demonstrate the command here, since it does not function properly within a
virtual environment.
The fdisk command can be used in two ways: interactively and non-interactively.
When the -l option is used with fdisk, then the command will non-interactively list block
devices, which includes disks (hard drives) and logical volumes.
Without the -l option the fdisk command enters an interactive mode that is typically used to
modify partitions on a disk device.
 Previous
 Next
10.2.9 Step 9
Execute the fdisk command to list the disk devices non-interactively, in sectors, and without
DOS compatibility warnings:
fdisk -cul
The partial output of this command below shows the first couple of
disks, /dev/sda and /dev/sdb, and their partitions. The third disk, /dev/sdc, and the logical
volumes that followed it have been omitted:
The -u option causes the fdisk command to display units in sectors instead of cylinders. The -
c option prevents the fdiskcommand from printing warnings that affect DOS compatibility.
 Previous
 Next
11.1 Introduction
This is Lab 11: Linux Data Locations. By performing this lab, students will learn about the
locations of kernel information, process information, libraries, log files, and software packages.
 Investigate how the /proc filesystem is used by the kernel.

 Use the ps command to view process information
 Learn how to manage processes by starting, stopping, and resuming them.
 Viewing log files
 Manage the ability to load shared libraries
 Previous
 Next
11.2 The kernel and /proc

In this task, you will explore the /proc directory and commands which communicate with the
Linux kernel. The /procdirectory appears to be an ordinary directory, like /usr or /etc, but it is
not. Unlike /usr or /etc directories, which are usually written to a disk drive,
the /proc directory is a pseudo filesystem maintained in the memory of the computer.
The /proc directory contains a subdirectory for each running process on the system. Programs
such as ps and top read the information about running processes from these directories.
The /proc directory also contains information about the operating system and its hardware in
files like /proc/cpuinfo, /proc/meminfo and /proc/devices.
The /proc/sys subdirectory contains pseudo files that can be used to alter the settings of the
running kernel. As these files are not "real" files, an editor should not be used to change them;
instead you should use either the echo or sysctlcommand to overwrite the contents of these
files. For the same reason, do not attempt to view these files in an editor, but use
the cat or sysctl command instead.
For permanent configuration changes, the kernel uses the /etc/sysctl.conf file. Typically,
this file is used by the kernel to make changes to the /proc files when the system is starting up.
 Previous
 Next
11.2.1 Step 1
In this task, you will examine some of the files contained in the /proc directory:
ls /proc
sysadmin@localhost:~$ ls /proc
1 cpuinfo kallsyms mpt sysrq-trigger
19 crypto kcore mtrr sysvipc
23 devices key-users net thread-self
25 diskstats keys pagetypeinfo timer_list
41 dma kmsg partitions timer_stats
50 driver kpagecount sched_debug tty
62 execdomains kpageflags schedstat uptime
74 fb loadavg scsi version
acpi filesystems locks self version_signature
buddyinfo fs mdstat slabinfo vmallocinfo
bus interrupts meminfo softirqs vmstat
cgroups iomem misc stat zoneinfo
cmdline ioports modules swaps
consoles irq mounts sys
Recall that the directories that have numbers for names represent running processes on the
system. The first process is always /sbin/init, so the directory /proc/1 will contain files with
information about the running init process.
The cmdline file inside the process directory (/proc/1/cmdline, for example) will show the
command that was executed. The order in which other processes are started varies greatly from
system to system. Since the content of this file does not contain a new line character,
an echo command will be executed to cause the prompt to go to a new line.
 Previous
 Next
11.2.2 Step 2
Use cat and then ps to view information about the /sbin/init process (Process IDentifier
(PID) of 1):
cat /proc/1/cmdline; echo

ps -p 1
Your output should look something like this:
sysadmin@localhost:~$ cat /proc/1/cmdline; echo

/sbin/init
Note: The echo command in this example is executed immediately after the cat command. Since
it has no argument, it functions only to put the following command prompt on a new line. Execute
the cat command alone to see the difference.
sysadmin@localhost:~$ ps -p 1
PID TTY TIME CMD
1 ? 00:00:00 init
The other files in the /proc directory contain information about the operating system. The
following tasks will be used to view and modify these files.
 Previous
 Next
11.2.3 Step 3
View the /proc/cmdline file to see what arguments were passed to the kernel at boot time:
cat /proc/cmdline
The output of the command should be similar to this:
sysadmin@localhost:~$ cat /proc/cmdline

BOOT_IMAGE=/vmlinuz-4.2.0-34-generic root=/dev/mapper/vlabs--vg-root ro cgr
oup_enable=memory swapaccount=1
 Previous
 Next
11.3 Managing Processes

In this task you will start and stop processes.
 Previous
 Next
11.3.1 Step 1
From the terminal, type the following command:
ping localhost > /dev/null
sysadmin@localhost:~$ ping localhost > /dev/null
The output of the ping is being redirected to the /dev/null file (which is commonly known as
the bit bucket).
Notice that the terminal appears to hang up at this command. This is due to running this
command in the “foreground”. The system will continue to ping until the process is terminated or
suspended by the user.
 Previous
 Next
11.3.2 Step 2
Terminate the foreground process by pressing Ctrl-C.
sysadmin@localhost:~$ ping localhost > /dev/null
^C
 Previous
 Next
11.3.3 Step 3
Next, to start the same process in the background, type:
ping localhost > /dev/null &
sysadmin@localhost:~$ ping localhost > /dev/null &

[1] 158
By adding the ampersand & to the end of the command, the process is started in the background
allowing the user to maintain control of the terminal.
An easier way to enter the above command would be to take advantage of the command history.
You could have pressed the Up Arrow Key ↑ on the keyboard, add a Space and & to the end of
the command and then pressed the Enter key. This is a time-saver when entering similar
commands.
Notice that the previous command returns the following information:
[1] 158
This means that this process has a job number of 1 (as demonstrated by the output of [1]) and a
Process ID (PID) of 158. Each terminal/shell will have unique job numbers. The PID is system-
wide; each process has a unique ID number.
This information is important when performing certain process manipulations, such as stopping
processes or changing their priority value.
Note: Your Process ID will likely be different than the one in the example.
 Previous
 Next
11.3.4 Step 4
To see which commands are running in the current terminal, type the following command:
jobs
sysadmin@localhost:~$ jobs
[1]+ Running ping localhost > /dev/null &
 Previous
 Next
11.3.5 Step 5
Next, start another ping command in the background by typing the following:

[2] 100
Notice the different job number and process ID for this new command.
 Previous
 Next
11.3.6 Step 6
Now, there should be two ping commands running in the background. To verify, issue
the jobs command again:
jobs
[1]- Running ping localhost > /dev/null &
 Previous
 Next
11.3.7 Step 7
Once you have verified that two ping commands are running, bring the first command to the
foreground by typing the following:
fg %1
sysadmin@localhost:~$ fg %1
 Previous
 Next
11.3.8 Step 8
Notice that, once again, the ping command has taken control of the terminal. To suspend
(pause) the process and regain control of the terminal, type Ctrl-Z:
sysadmin@localhost:~$ fg %1
^Z
[1]+ Stopped ping localhost > /dev/null
 Previous
 Next
11.3.9 Step 9
To have this process continue executing in the background, execute the following command:
bg %1
sysadmin@localhost:~$ bg %1
[1]+ ping localhost > /dev/null &
 Previous
 Next
11.3.10 Step 10
Issue the jobs command again to verify two running processes :
jobs
 Previous
 Next
11.3.11 Step 11
Next, start one more ping command by typing the following:

[3] 101
 Previous
 Next
11.3.12 Step 12
Issue the jobs command again to verify three running processes :
jobs
[1] Running ping localhost > /dev/null &
 Previous
 Next
11.3.13 Step 13
Using the job number, stop the last ping command with the kill command and verify it was
stopped executing the jobscommand:
kill %3
jobs
sysadmin@localhost:~$ kill %3
[1] Running ping localhost > /dev/null &
[3]+ Terminated ping localhost > /dev/null
 Previous
 Next
11.3.14 Step 14
Finally, you can stop all of the ping commands with the killall command. After executing
the killall command, wait a few moments, and then run the jobs command to verify that all
processes have stopped:
killall ping
jobs
sysadmin@localhost:~$ killall ping

[1]- Terminated ping localhost > /dev/null
 Previous
 Next
11.4 Use Top to View Processes

In this task, you will use the top command to work with processes. By default the top program
sorts the processes in descending order of percentage of CPU usage, so the busiest programs
will be at the top of its listing.
 Previous
 Next
11.4.1 Step 1
From the terminal window, type the following commands:


[1] 112
[2] 113
Make note of the PIDs output by the above commands! They will be different than the
examples that we are providing. You will use the PIDs in subsequent steps.
 Previous
 Next
11.4.2 Step 2
Next, start the top command by typing the following in the terminal:
top
top - 00:56:34 up 8:18, 1 user, load average: 0.09, 0.14, 0.20

Tasks: 10 total, 1 running, 9 sleeping, 0 stopped, 0 zombie
Cpu(s): 2.1%us, 1.8%sy, 0.0%ni, 96.1%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0
%st
Mem: 65969788k total, 7629004k used, 58340784k free, 266340k buffers
Swap: 2097148k total, 0k used, 2097148k free, 939076k cached
PID USER PR NIVIRT RES SHR S %CPU %MEM TIME+ COMMAND

1 root 20 0 17868 2872 2624 S 0 0.0 0:00.14 init
19 syslog 20 0 171m 2796 2420 S 0 0.0 0:00.05 rsyslogd
23 root 20 0 19120 2020 1824 S 0 0.0 0:00.00 cron
25 root 20 0 50048 3416 2812 S 0 0.0 0:00.00 sshd
41 bind 20 0 376m 19m 5988 S 0 0.0 0:00.04 named
50 root 20 0 54460 2584 2176 S 0 0.0 0:00.00 login
62 sysadmin 20 0 18084 3200 2700 S 0 0.0 0:00.01 bash
112 sysadmin 20 0 6504 1824 1688 S 0 0.0 0:00.46 ping
113 sysadmin 20 0 6504 1788 1656 S 0 0.0 0:00.40 ping
114 sysadmin 20 0 17212 2240 2008 R 0 0.0 0:00.01 top
Note: The output of the top command changes every 2 seconds.
 Previous
 Next
11.4.3 Step 3
The top command is an interactive program, which means that you can issue commands within
the program. You will use the top command to kill the ping processes. First type the letter k.
Notice a prompt has appeared underneath Swap:
top - 01:52:14 up 9:13, 1 user, load average: 0.04, 0.11, 0.19

Tasks: 10 total, 1 running, 9 sleeping, 0 stopped, 0 zombie
Cpu(s): 4.2%us, 2.6%sy, 0.0%ni, 93.0%id, 0.1%wa, 0.0%hi, 0.1%si, 0.0
%st
Mem: 65969788k total, 8137188k used, 57832600k free, 286512k buffers
Swap: 2097148k total, 0k used, 2097148k free, 1110844k cached
PID to kill:
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1 root 20 0 17868 2872 2624 S 0 0.0 0:00.14 init
19 syslog 20 0 171m 2796 2420 S 0 0.0 0:00.07 rsyslogd
23 root 20 0 19120 2020 1824 S 0 0.0 0:00.00 cron
25 root 20 0 50048 3416 2812 S 0 0.0 0:00.00 sshd
41 bind 20 0 376m 19m 5988 S 0 0.0 0:00.07 named
50 root 20 0 54460 2584 2176 S 0 0.0 0:00.00 login
62 sysadmin 20 0 18084 3200 2700 S 0 0.0 0:00.01 bash
103 sysadmin 20 0 6504 1824 1688 S 0 0.0 0:00.96 ping
104 sysadmin 20 0 6504 1788 1656 S 0 0.0 0:00.85 ping
108 sysadmin 20 0 17212 2240 2008 R 0 0.0 0:01.03 top
 Previous
 Next
11.4.4 Step 4
At the PID to kill: prompt, type the PID of the first running ping process, then press Enter.
Notice that the prompt changes as below:
 Previous
 Next
11.4.5 Step 5
At the Kill PID with signal [15]: prompt, enter the signal to send to this process. In this
case, just press the Enterkey to use the default signal. Notice that the first ping command is
removed and only one ping command remains in the listing (you may need to wait a few seconds
as the top command refreshes):
Consider This
There are several different numeric values that can be sent to a process. These are predefined
values, each with a different meaning. If you want to learn more about these values, type man
kill in a terminal window.
The prompt indicates that the default signal is the terminate signal indicated bySIGTERM or the
number 15.
 Previous
 Next
11.4.6 Step 6
Next, kill the remaining ping process as before, except this time, at the signal prompt Kill PID
with signal [15]:prompt, use a value of 9 instead of accepting the default of 15.
Press Enter to accept then entry.
Consider This
The kill signal 9 or SIGKILL is a "forceful" signal that cannot be ignored, unlike the default value
of 15. Notice that all references to the ping command are now removed from top.
 Previous
 Next
11.4.7 Step 7
Type q to exit the top command. The following screen reflects that both ping commands were
terminated:
[1]- Terminated ping localhost > /dev/null

[2]+ Killed ping localhost > /dev/null
 Previous
 Next
11.5 Use pkill and kill To Terminate Processes

In this task, we will continue to work with processes. You will use pkill and kill to terminate
processes.
 Previous
 Next
11.5.1 Step 1
To begin, type the following commands in the terminal:
sleep 888888 &

sleep 888888 &
sysadmin@localhost:~$ sleep 888888 &

[1] 85
sysadmin@localhost:~$ sleep 888888 &
[2] 86
The sleep command is typically used to pause a program (shell script) for a specific period of
time. In this case it is used just to provide a command that will take a long time to run.
Make sure to note the PIDs on your system of the sleep processes for the next steps! Your PIDs
will be different than those demonstrated in the lab.
 Previous
 Next
11.5.2 Step 2
Next, determine which jobs are currently running by typing:
jobs
[1]- Running sleep 888888 &
[2]+ Running sleep 888888 &
 Previous
 Next
11.5.3 Step 3
Now, use the kill command to stop the first instance of the sleep command by typing the
following (substitute PID with the process id of your first sleep command). Also, execute jobs to
verify the process has been stopped:
kill PID
jobs
sysadmin@localhost:~$ ps
PID TTY TIME CMD
62 ? 00:00:00 bash
89 ? 00:00:00 sleep
90 ? 00:00:00 sleep
91 ? 00:00:00 ps
sysadmin@localhost:~$ kill 89
[1]- Terminated sleep 888888
[2]+ Running sleep 888888 &
Helpful Hint: If you can't remember the PID of the first process, just type the ps (process)
command, as shown above.
 Previous
 Next
11.5.4 Step 4
Next, use the pkill command to terminate the remaining sleep command, using the name of
the program rather than the PID:
pkill -15 sleep
sysadmin@localhost:~$ pkill -15 sleep

[2]+ Terminated sleep 888888
 Previous
 Next
11.6 Using ps to Select and Sort Processes

The ps command can be used to view processes. By default, the ps command will only display
the processes running in the current shell.
 Previous
 Next
11.6.1 Step 1
Start up a background process using ping and view current processes using the ps command:

ps

[1] 98
sysadmin@localhost:~$ ps
PID TTY TIME CMD
62 ? 00:00:00 bash
98 ? 00:00:00 ping
99 ? 00:00:00 ps
Make note of the PID of the ping, you will use the PID in a subsequent step.
 Previous
 Next
11.6.2 Step 2
Execute the ps command using the option -e, so all processes are displayed.
ps -e
sysadmin@localhost:~$ ps -e
PID TTY TIME CMD
1 ? 00:00:00 init
19 ? 00:00:00 rsyslogd
23 ? 00:00:00 cron
25 ? 00:00:00 sshd
41 ? 00:00:00 named
50 ? 00:00:00 login
62 ? 00:00:00 bash
98 ? 00:00:00 ping
100 ? 00:00:00 ps
Due to this environment being a virtualized operating system, there are far fewer processes than
what would normally be shown with Linux running directly on hardware.
 Previous
 Next
11.6.3 Step 3
Use the ps command with the -o option to specify which columns to output.
ps -o pid,tty,time,%cpu,cmd
sysadmin@localhost:~$ ps -o pid,tty,time,%cpu,cmd
PID TT TIME %CPU CMD
62 ? 00:00:00 0.0 -bash
98 ? 00:00:00 0.0 ping localhost
102 ? 00:00:00 0.0 ps -o pid,tty,time,%cpu,cmd
 Previous
 Next
11.6.4 Step 4
Use the --sort option to specify which column(s) to sort by. By default, a column specified for
sorting will be in ascending order, this can be forced with placing a plus + symbol in front of the
column name. To specify a descending sort, use the minus - symbol in front of the column name.
Sort the output of ps by %mem:
ps -o pid,tty,time,%mem,cmd --sort %mem
sysadmin@localhost:~$ ps -o pid,tty,time,%mem,cmd --sort %mem

PID TT TIME %MEM CMD
103 ? 00:00:00 0.0 ps -o pid,tty,time,%mem,cmd --sort %mem
98 ? 00:00:00 0.0 ping localhost
62 ? 00:00:00 0.0 -bash
 Previous
 Next
11.6.5 Step 5
While the ps command can show the percentage of memory that a process is using,
the free command will show overall system memory usage:
free
sysadmin@localhost:~$ free
total used free shared buffers cached
Mem: 65969788 6242744 59727044 0 300852 1062284
-/+ buffers/cache: 4879608 61090180
Swap: 2097148 0 2097148
 Previous
 Next
11.6.6 Step 6
Stop the ping command with the following kill command and verify with the jobs command:
kill PID
jobs
sysadmin@localhost:~$ kill 98
 Previous
 Next
11.7 Viewing System Logs

System logs are critical for many tasks, including fixing operating system problems and ensuring
that your system is secure. Knowing where the system log files are stored and how to maintain
them is important for a system administrator.
There are two daemons that handle log messages: the syslogd daemon and the klogd daemon.
Typically you don't need to worry about klogd; it only handles kernel log messages and it sends
its log information to the syslogd daemon.
Messages that were generated by the kernel at boot time are stored in
the /var/log/dmesg file. The dmesg command allows viewing of current kernel messages, as
well as providing control of whether those messages will appear in a terminal console window.
The main log file that is written to by syslogd is /var/log/messages.
In addition to the logging done by syslogd, many other processes perform their own logging.
Some examples of processes that do their own logging include the Apache web server (log file
resides in the /var/log/httpd directory), the Common Unix Printing System
(/var/log/cups) and the auditd daemon (/var/log/audit).
Note: On CentOS systems, the syslogd is called rsyslogd.
 Previous
 Next
11.7.1 Step 1
Because the next few commands that you will run in this lab require superuser rights, use
the su command to switch to the root account:
su - root
{Enter the password: netlab123}
sysadmin@localhost:~$ su - root
Password:
root@localhost:~#
 Previous
 Next
11.7.2 Step 2
System logs are stored in the /var/log directory. List the files in this directory:
ls /var/log
root@localhost:~# ls /var/log
alternatives.log boot cron.log faillog lastlog news wtm
p
apt bootstrap.log dmesg fsck mail.err syslog
auth.log btmp dpkg.log kern.log mail.log upstart
root@localhost:~#
 Previous
 Next
11.7.3 Step 3
Each log file represents a service or feature. For example, the auth.log file displays information
regarding authorization or authentication, such as user login attempts. New data is stored at the
bottom of the file. Execute the following commands to see an example:
ssh localhost
{At the first prompt, type yes}
{At the second prompt, type abc}
{At the third prompt, type abc}
{At the fourth prompt, type abc}
tail -5 /var/log/auth.log
root@localhost:~# ssh localhost
The authenticity of host 'localhost (::1)' can't be established.
ECDSA key fingerprint is 5f:e2:43:0f:f9:26:e5:d5:77:ba:9e:95:72:9e:ee:64.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
root@localhost's password:
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password).
root@localhost:~# tail -5 /var/log/auth.log
Apr 8 20:25:13 localhost sshd[117]: pam_unix(sshd:auth): authentication fa
ilure; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost user=root
Apr 8 20:25:16 localhost sshd[117]: Failed password for root from ::1 port
58940 ssh2
Apr 8 20:25:28 sshd[117]: last message repeated 2 times
Apr 8 20:25:28 localhost sshd[117]: Connection closed by ::1 [preauth]
Apr 8 20:25:28 localhost sshd[117]: PAM 2 more authentication failures; lo
gname= uid=0 euid=0 tty=ssh ruser= rhost=localhost user=root
root@localhost:~#
The ssh command was used to generated data in the /var/log/auth.log file. Note the failed
login attempts are logged in the /var/log/auth.log file.
 Previous
 Next
11.7.4 Step 4
To see another example of log entries, execute the following commands:
crontab -e
Then add the following line to the document (recall that i will allow you to enter the insert mode)
and then save and exit with ESC, :wq, Enter:
0 2 * * 0 who >> /tmp/whothere
After you have completed the edits, view the log file for the crontab service:
crontab -l | tail -2
tail /var/log/cron.log
root@localhost:~# crontab -l | tail -2
# m h dom mon dow command
0 2 * * 0 who >> /tmp/whothere
root@localhost:~# tail /var/log/cron.log
Apr 8 17:33:32 localhost /usr/sbin/cron[22]: (CRON) INFO (pidfile fd = 3)
Apr 8 17:33:32 localhost /usr/sbin/cron[23]: (CRON) STARTUP (fork ok)
Apr 8 17:33:32 localhost /usr/sbin/cron[23]: (CRON) INFO (Running @reboot
jobs)
Apr 8 18:17:01 localhost /USR/SBIN/CRON[79]: (root) CMD ( cd / && run-pa
rts -
-report /etc/cron.hourly)
rts -
rts -
Apr 8 20:31:18 localhost crontab[121]: (root) BEGIN EDIT (root)
Apr 8 20:32:42 localhost crontab[121]: (root) REPLACE (root)
Apr 8 20:32:42 localhost crontab[121]: (root) END EDIT (root)
Apr 8 20:33:19 localhost crontab[132]: (root) LIST (root)
root@localhost:~#
 Previous
 Next
11.7.5 Step 5
View the last five lines of the file /var/log/dmesg to see kernel messages from boot time and
execute the dmesgcommand piped to the tail command to view the last five kernel messages:
tail -5 /var/log/dmesg
dmesg | tail -5
root@localhost:~# tail -5 /var/log/dmesg
[ 2.922003] type=1400 audit(1386098331.347:10): apparmor="STATUS" operat
ion="profile_load" name="/usr/sbin/tcpdump" pid=848 comm="apparmor_parser"
[ 2.989112] Bridge firewalling registered
[ 3.007035] ip_tables: (C) 2000-2006 Netfilter Core Team
[ 3.010733] nf_conntrack version 0.5.0 (16384 buckets, 65536 max)
[ 3.020096] input: ImPS/2 Generic Wheel Mouse as /devices/platform/i8042
/serio1/input/input2
root@localhost:~# dmesg | tail -5
[279447.718341] device veth0pl17180 left promiscuous mode
[279447.718408] br998ad950-b830: port 1(veth0pl17180) entered disabled stat
e
[279448.519497] bre2e72298-4b5e: port 1(veth0pl17664) entered disabled stat
e
[279448.525087] device veth0pl17664 left promiscuous mode
[279448.525091] bre2e72298-4b5e: port 1(veth0pl17664) entered disabled stat
e
root@localhost:~#
Right about now you are likely thinking "what do all of these messages actually mean?". The
answer to that question isn't a simple one, however the point behind this lesson isn't to explain
the meaning of all of the log messages, but rather to learn where to find log messages.
As you gain more experience in Linux, you will start to troubleshoot problems. In most cases the
first place you want to look is the log files.
In order to provide you a realistic troubleshooting example, follow the next set of tasks.
 Previous
 Next
11.7.6 Step 6
Enter the following command to disable the ability of the sysadmin user from
creating crontab entries and exit back to the sysadmin user:
echo "sysadmin" > /etc/cron.deny

exit
root@localhost:~# echo "sysadmin" > /etc/cron.deny
root@localhost:~# exit
logout
 Previous
 Next
11.7.7 Step 7
Attempt to execute the following crontab command:
crontab -e
sysadmin@localhost:~$ crontab -e
You (sysadmin) are not allowed to use this program (crontab)
See crontab(1) for more information
Note: This command fails because of the entry in the /etc/cron.deny. If a username exists in
this file, then that user can not use the crontab command.
 Previous
 Next
11.7.8 Step 8
Instead of switching users to root with the su command, use sudo to execute the following
command with root privileges:
sudo tail -5 /var/log/cron.log

{Enter the password: netlab123}
sysadmin@localhost:~$ sudo tail -5 /var/log/cron.log
[sudo] password for sysadmin:
Apr 8 20:31:18 localhost crontab[121]: (root) BEGIN EDIT (root)
Apr 8 20:32:42 localhost crontab[121]: (root) REPLACE (root)
Apr 8 20:32:42 localhost crontab[121]: (root) END EDIT (root)
Apr 8 20:33:19 localhost crontab[132]: (root) LIST (root)
Apr 8 20:47:06 localhost crontab[139]: (sysadmin) AUTH (crontab command no
t allowed)
As you can see from the last line of the output of the tail command, the sysadmin user is not
allowed to use the crontabcommand.
 Previous
 Next
11.8 Shared Libraries

Shared libraries are files that contain code that executable program files can link to in order to
use that code. Because multiple programs often link to a single library file, this helps to reduce
the amount of space needed for this code since each program does not have to have its own
copy of the library code.
These library files are most often stored in the /lib and /usr/lib directories. Additional
directories can be added either by editing the configuration file, /etc/ld.so.conf. You can
also create files with names ending in .conf and place them in
the /etc/ld.so.conf.d directory. Finally, you can also set
the LD_LIBRARY_PATH environment variable as well.
 Previous
 Next
11.8.1 Step 1
When executed as the root user, the ldconfig command can be used to update the cache and
the symbolic links for the shared libraries on the system. As an ordinary user, you will execute
the ldconfig command to print the list of shared libraries:
ldconfig -p | less
Remember to press q to quit the less pager.
 Previous
 Next
11.8.2 Step 2
In order to view what libraries are linked to an executable, such as /bin/bash, execute
the ldd command:
ldd /bin/bash
Your output should appear similar to the following:
sysadmin@localhost:~$ ldd /bin/bash

linux-vdso.so.1 => (0x00007ffce6fbd000)
libtinfo.so.5 => /lib/x86_64-linux-gnu/libtinfo.so.5 (0x00007fb32ae
94000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fb32ac90000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fb32a8d1000)
/lib64/ld-linux-x86-64.so.2 (0x0000563ddfa4e000)
 Previous
 Next
12.1 Introduction
This is Lab 12: Poking the Network. By performing this lab, students will learn about the
configuration of your computer on the network.
 Examine network configuration information
 Previous
 Next
12.2 Exploring the Network

In this task, you will execute some commands and examine some files to display your network
configuration.
 Previous
 Next
12.2.1 Step 1
In order to determine your Internet Protocol (IP) address, execute the ifconfig command:
sysadmin@localhost:~$ ifconfig
eth0 Link encap:Ethernet HWaddr 3a:3b:65:10:f6:43
inet addr:192.168.1.2 Bcast:0.0.0.0 Mask:255.255.255.0
inet6 addr: fe80::383b:65ff:fe10:f643/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:15 errors:0 dropped:0 overruns:0 frame:0
TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1206 (1.2 KB) TX bytes:690 (690.0 B)
lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
The output shows two main blocks of information. The first block, indented by eth0, reflects
information about your first Ethernet network card. The second block, indented by lo, reflects
information about the loopback or internal network interface.
The second line in each block contains the pertinent information for version 4 of the Internet
Protocol (called IPv4) while the third line has the information for version 6 of the Internet Protocol
(IPv6). IPv4 is an older method of identifying machines with a series of numbers. It is still widely
used today despite the fact that the improved IPv6 method has been available for many years.
The IPv4 addresses are displayed as four decimal numbers ranging from 0 to 255 separated by
periods.
The IPv6 addresses are 128 bit numbers which are displayed as hexadecimal digits ranging
from 0 to f. The hexadecimal digits are generally organized into groups of four digits separated
by colons. If a number of consecutive hexadecimal digits have the value of zero, then they are
replaced with two colons.
 Previous
 Next
12.2.2 Step 2
Having an IP address will allow your system to communicate with other systems on the same
network. With routing devices you are able to communicate with systems on other networks. To
view the table of routing information, use the route command:
route
route -n
sysadmin@localhost:~$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Ifa
ce
192.168.1.0 * 255.255.255.0 U 0 0 0 eth
0
sysadmin@localhost:~$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Ifa
ce
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth
0
Notice that the output of the first route command, names were provided for some items (like *). In
the output of the second route command, numbers were provided in place of names, the result
of using the -n option to the route command.
When connecting to other computers, either an IP address or a hostname may be used.
Hostnames can be used if they are entered into the /etc/hosts file along with their associated
IP address or if a Domain Name Server (DNS) provides IP address to host name translation.
A couple of names that are commonly in the /etc/hosts file are localhost,
and localhost.localdomain, both of which are used to refer to the current machine.
 Previous
 Next
12.2.3 Step 3
Verify that the IP address 127.0.0.1 has an entry in the /etc/hosts file:
grep 127.0.0.1 /etc/hosts
The output should appear as follows, defining the localhost names:
sysadmin@localhost:~$ grep 127.0.0.1 /etc/hosts

127.0.0.1 localhost
The ping command may be used to tell if a system is presently connected to a network.
Sometimes, a system may be configured to not respond to ping requests. Therefore, the lack of
a response to a pingcommand does not mean a system is not connected to a network. A quick
response to a ping command does indicate, however that a system is connected to a network.
 Previous
 Next
12.2.4 Step 4
Test to see if the localhost machine will respond to four ping requests:
ping -c4 localhost

sysadmin@localhost:~$ ping -c4 localhost
PING localhost (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_req=1 ttl=64 time=0.045 ms
--- localhost ping statistics ---

4 packets transmitted, 4 received, 0% packet loss, time 2998ms
rtt min/avg/max/mdev = 0.028/0.036/0.045/0.007 ms
Unlike the ping command that is available in the Microsoft Windows operating system, the
Linux ping command does not stop making requests by default. If you forget to specify the -
c option, then you will have to manually stop the command by holding the Control key and
pressing C (CTRL+C).
Hostnames can also be used if they are registered with a Domain Name Service (DNS) server. If
your system is connected to a network with DNS servers, then the nameserver entry in
the /etc/resolv.conf file configures your system to use these servers to resolve hostnames
into IP addresses.
 Previous
 Next
12.2.5 Step 5
View the /etc/resolv.conf file to see if any nameserver entries exists:
cat /etc/resolv.conf
The output should show one nameserver entry:
sysadmin@localhost:~$ cat /etc/resolv.conf

nameserver 127.0.0.1
 Previous
 Next
12.2.6 Step 6
Use the dig command to resolve the localhost.localdomain name to an IP address:
dig localhost.localdomain
sysadmin@localhost:~$ dig localhost.localdomain
; <<>> DiG 9.8.1-P1 <<>> localhost.localdomain

;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35943
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;localhost.localdomain. IN A
;; ANSWER SECTION:
localhost.localdomain. 86400 IN A 127.0.0.1
;; AUTHORITY SECTION:
localdomain. 86400 IN NS localhost.localdomain.
;; Query time: 803 msec

;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Apr 11 13:33:03 2016
;; MSG SIZE rcvd: 69
Notice the output shows that the first nameserver that was listed in
the /etc/resolv.conf file is the one that responded with the answer in the ANSWER
SECTION of the output.
 Previous
 Next
12.2.7 Step 7
You can use the dig command to resolve other fully qualified domain names. Use
the dig command to resolve the cserver.example.com hostname to an IP address:
dig cserver.example.com
sysadmin@localhost:~$ dig cserver.example.com
; <<>> DiG 9.8.1-P1 <<>> cserver.example.com
;; Got answer:
;cserver.example.com. IN A
;; ANSWER SECTION:
cserver.example.com. 86400 IN A 192.168.1.2
example.com. 86400 IN NS example.com.
;; ADDITIONAL SECTION:
example.com. 86400 IN A 192.168.1.2
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Apr 11 13:45:38 2016
A fully qualified domain name (FQDN) includes not just the hostname, but also the domain that
the hostname is "in". For the FQDN cserver.example.com, cserver is the hostname
and example.com is the domain.
 Previous
 Next
12.2.8 Step 8
Use the dig command to resolve the IP address 192.168.1.2 to a hostname:
dig -x 192.168.1.2
sysadmin@localhost:~$ dig -x 192.168.1.2
; <<>> DiG 9.8.1-P1 <<>> -x 192.168.1.2
;; Got answer:
;2.1.168.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
2.1.168.192.in-addr.arpa. 86400 IN PTR cserver.example.com.
2.1.168.192.in-addr.arpa. 86400 IN PTR example.com.
1.168.192.in-addr.arpa. 86400 IN NS example.com.
;; ADDITIONAL SECTION:
example.com. 86400 IN A 192.168.1.2
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Apr 11 13:57:50 2016
 Previous
 Next
12.2.9 Step 9
The netstat command performs a large variety of tasks related to networking. To get an idea of
some of its capabilities, execute the command with the --help option:
netstat --help
sysadmin@localhost:~$ netstat --help
usage: netstat [-vWeenNcCF] [<Af>] -r netstat {-V|--version|-h|--he
lp
netstat [-vWnNcaeol] [<Socket> ...]
netstat { [-vWeenNac] -i | [-cWnNe] -M | -s }
-r, --route display routing table

-i, --interfaces display interface table
-g, --groups display multicast group memberships
-s, --statistics display networking statistics (like SNMP
-M, --masquerade display masqueraded connections
-v, --verbose be verbose

-W, --wide don't truncate IP addresses
-n, --numeric don't resolve names
--numeric-hosts don't resolve host names
--numeric-ports don't resolve port names
--numeric-users don't resolve user names
-N, --symbolic resolve hardware names
-e, --extend display other/more information
-p, --programs display PID/Program name for sockets
One of the common uses of netstat is to determine which services are listening to or waiting for
an incoming connection. For example, a service that is used to allow users to perform remote or
network logins is called Secure SHell or SSH. SSH normally will listen to TCP port 22.
Well-known ports are the port numbers in the range of 0-1023, typically used by system
processes to provide network services. A list of service names and associated port numbers can
be found in the /etc/services file.
 Previous
 Next
12.2.10 Step 10
Use the netstat command to see if the TCP port for ssh, 22, has a process listening:
netstat -tl
netstat -tln
sysadmin@localhost:~$ netstat -tl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 example.com:domain *:* LISTEN
tcp 0 0 localhost:domain *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 localhost:953 *:* LISTEN
tcp6 0 0 [::]:domain [::]:* LISTEN
tcp6 0 0 [::]:ssh [::]:* LISTEN
tcp6 0 0 localhost:953 [::]:* LISTEN
 Previous
 Next
12.2.11 Step 11
The -t option to the netstat command limits the listing to TCP ports; the -l option limits the
output to ports with listening services; the -n shows the network addresses numerically:
sysadmin@localhost:~$ netstat -ltn

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 192.168.1.2:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN
tcp6 0 0 :::53 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:953 :::* LISTEN
 Previous
 Next
13.1 Introduction
This is Lab 13: See Who's on your System. By performing this lab, students will be able to
monitor who has been attempting to log in to the system, and view any of their running
processes.
 Learn the difference between the superuser account and regular user accounts.
 View user account information.
 Previous
 Next
13.2 User and Group Accounts

In this task, you will learn about user accounts and the files and commands that display user
account information.
 Previous
 Next
13.2.1 Step 1
User and system accounts are defined in the /etc/passwd and /etc/shadow files. View the
first ten lines from the /etc/passwd file:
head /etc/passwd
sysadmin@localhost:~$ head /etc/passwd

Notice that this file contains a colon delimited database of all user and system accounts available
on this system.
User accounts are assigned to users, to allow them access to the operating system.
The sysadmin account that you used to log in to the system is a typical user account.
The root account is a special user account that has virtually unlimited access and control over
the system. It is sometimes referred to as the "superuser" account.
System accounts are used by the operating system or services running processes on it. By not
having these services run as the root user, the system is kept more secure by limiting the
damage that a comprised service account could cause. System accounts are never used directly
by regular users.
 Previous
 Next
13.2.2 Step 2
Use the grep command to view the record for your sysadmin account:
grep sysadmin /etc/passwd

sysadmin@localhost:~$ grep sysadmin /etc/passwd
By using the grep command, the output only includes the account information for that one
username.
Another way to retrieve the account information for a user is by running the following
command: getent passwd username. The getent command has the advantage over
the grep command as it is also able to access user accounts that are not defined locally. In other
words, the getent command is able to get user information for users who may be defined on
network directory servers such as LDAP, NIS, Windows Domain, or Active Directory Domain
servers.
 Previous
 Next
13.2.3 Step 3
Use the getent command to retrieve the information about the sysadmin:
getent passwd sysadmin
sysadmin@localhost:~$ getent passwd sysadmin
Note: In this case we don't have any network accounts, so the output displayed is just like looking
at the /etc/passwd file.
 Previous
 Next
13.2.4 Step 4
You can view the documentation of the fields in the /etc/passwd file with the following
command:
man 5 passwd
Remember while viewing a man page, press Enter to move forward line by line, Space page by
page and q to quit.
The colon delimited /etc/passwd file has the following fields:
account:password:UID:GID:GECOS:directory:shell
A breakdown of these fields:
a. The account field is the username.

b. This field was originally used to store the password, however, it is now typical for the
password to be stored in the etc/shadow file. The x is serving as a placeholder.
c. The UID is user's identification number.
d. The GID is the user's primary group identification number.
e. GECOS is the field that is typically used to store the full name of the user.
f. The directory is the home directory of the user, where they are placed upon first logging
into the system.
g. The shell field defines the shell such as /bin/bash for a normal user,
or /sbin/nologin for an account used by the system or a service.
 Previous
 Next
13.2.5 Step 5
You can view account information for your account, or a specified user account, using
the id command:
id
id root
sysadmin@localhost:~$ id
uid=1001(sysadmin) gid=1001(sysadmin) groups=1001(sysadmin),4(adm),27(sudo
sysadmin@localhost:~$ id root
uid=0(root) gid=0(root) groups=0(root)
The output of the commands shows your user identity as a number and
name: uid=1001(sysadmin). It also displays your primary group
identity, gid=1001(sysadmin), and all the groups that you belong
to, groups=1001(sysadmin), 4(adm)and 27(sudo). In this case, your user account only
belongs to three groups.
The file /etc/group, together with /etc/passwd, determines your group memberships. Your
default primary group is determined by matching your GID found in /etc/passwd to the GID
defined for a group in the /etc/group. Any secondary group memberships are defined in
the /etc/group file.
The format of entries in the /etc/group file for each line is:
group_name:password:GID:user_list
 Previous
 Next
13.2.6 Step 6
The getent command can retrieve information about entries in the /etc/group file.
Use getent to retrieve information about the sysadmin and adm groups:
getent group sysadmin

getent group adm
sysadmin@localhost:~$ getent group sysadmin
sysadmin:x:1001:
sysadmin@localhost:~$ getent group adm
adm:x:4:sysadmin
Groups are used for controlling access to files.

By default any new file that you create will be owned by your primary group. To have any new
files you create owned by one of your secondary groups, use the newgrp command. The basic
format for this command is newgrp group_name. You must be a member of a group to use
the newgrp command. The id command will then display that group_name as your primary
group.
To change the group owner of one of the existing files that your user owns, you can use
the chgrp command. The basic format for this command is chgrp group_name file_name
You must be a member of a group to change a file group ownership to that group and you must
own the file.
 Previous
 Next
13.2.7 Step 7
Two commands with simple output for understanding your identity are whoami and groups.
The groups command can also be used get the list of groups for another user. Use
the whoami and groups command for your account and the groups command for the root user:
whoami
groups
groups root
sysadmin@localhost:~$ whoami
sysadmin
sysadmin@localhost:~$ groups
sysadmin adm sudo
sysadmin@localhost:~$ groups root
root : root
 Previous
 Next
13.3 Who is on the System

In this task, you will execute some commands to see who is logged into the system.
 Previous
 Next
13.3.1 Step 1
Use the who command to get the current list of users on the system:
who
sysadmin@localhost:~$ who
sysadmin tty Apr 11 14:32
The output of the who command has four columns:

Username: the first column shows the name of the user (sysadmin in the example above).
Terminal: the second column shows an identifier for a terminal type (tty in the example above).
Each terminal has a separate name that is used by the superuser to control processes.
Date/Time: the third column is the date and time that the login was initiated (Apr 11 14:32 in
the first line of output in the example above).
Host: although there is no output for the fourth column in this case, it can be the name or IP
address of a local or remote host. The following forms indicate local logins: (:#) or (:#.#).
Otherwise, a remote host may be shown by name (if resolvable) or by IP address.
 Previous
 Next
13.3.2 Step 2
Use the w command to get a more detailed view of the users who are currently on your system:
Your output from the w command displays:
sysadmin@localhost:~$ w
15:17:08 up 6 days, 15 min, 1 user, load average: 0.39, 0.34, 0.37
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
sysadmin console 14:32 4.00s 0.16s 0.00s w
A summary of how long the system has been running, how many users are logged in and the
system load averages for the past 1, 5, and 15 minutes.
An entry for each user with their login name, tty name, host, login time, idle time, JCPU (CPU
time used by background jobs), PCPU (CPU time used by the current process) and what is
executing on the current command line.
 Previous
 Next
13.4 The root user

In this task, you will learn how to access the root user account in a couple of different ways.
The account of the root user is special in Linux as it has a practically unlimited amount of control
and access to the system. It's actually not the name of the user, but the UID with a value of zero
that grants this authority.
In general, it is not considered a good practice to login to the system as the root user. This is
especially true of the graphical environment.
To access the root user account, the su or sudo commands are normally used.
The su command usually is used to switch users to start a new shell as another user; the default
being the root user. The sucommand is normally used when a series of commands need to be
executed as the root user.
The sudo command is typically used to execute a single command as the root user by prefixing
that command with sudo. The sudo command must be configured by the root user before an
ordinary user can use it.
 Previous
 Next
13.4.1 Step 1
To set up the sudo command for regular users, use the visudo command. This requires root
access as the visudo command will fail when regular users execute the command. Attempt to
configure access to the sudo command:
visudo
sysadmin@localhost:~$ visudo
visudo: /etc/sudoers: Permission denied
visudo: /etc/sudoers: Permission denied
The output shows that the visudo command failed because it attempts to modify
the /etc/sudoers file, a file that regular users can't modify due to permissions. This file controls
access to the sudo command and should never be modified directly, but rather with
the visudo command.
 Previous
 Next
13.4.2 Step 2
Switch users to the root user and provide the root password of netlab123 when prompted:
su -
netlab123
sysadmin@localhost:~$ su -
Password:
root@localhost:~#
The dash or hyphen after the su command is an abbreviation for the option -l, which makes the
login performed by su a complete login by executing the login scripts belonging to the root user.
Without the -, or -l, the su command will switch your user identity, but it will not execute the login
scripts of the new user. This can cause some problems, especially when switching to
the root account. In most cases when you switch users you want a complete login to be
performed so that environment variables, functions and aliases that are normally initialized for a
user will be initialized.
 Previous
 Next
13.4.3 Step 3
Now that you are logged in as the root user, you should be able to execute the command to
configure sudo access:
visudo
root@localhost:~# visudo
 Previous
 Next
13.4.4 Step 4
To enable basic access to the use of the sudo command, an entry must be added to
the /etc/sudoers file that you are now editing. Since you are in the vi editor by default, type
the following to find this entry:
What to Type Meaning
G Go to the end of the file
o Open a new line below cursor
sysadmin ALL=(ALL) ALL The entry permitting sysadmin sudo access
ESC The Escape key returns to command mode

What to Type Meaning
:wq Save changes and exit
#includedir /etc/sudoers.d
sysadmin ALL=(ALL) ALL
-- INSERT --
If you type the data into the file correctly, you should be placed back at a shell prompt.
However, if upon exiting the edit, you are presented with a prompt that says "What now?", then
press Enter to see your choices. It is recommended that you type x to exit without saving
changes to the sudoers file and repeat this step over.
 Previous
 Next
13.4.5 Step 5
Return to the sysadmin account to verify that sudo provides root access by typing the following:
exit
root@localhost:~# exit
logout
 Previous
 Next
13.4.6 Step 6
Try to view the first few lines of /etc/shadow file, a file that contains the users' encrypted
passwords and information about aging them:
head -3 /etc/shadow
sysadmin@localhost:~$ head -3 /etc/shadow
head: cannot open `/etc/shadow' for reading: Permission denied
Notice the error message the head command displays. This is because the sysadmin user has
no rights to view this file. The root user, however, can display this file.
 Previous
 Next
13.4.7 Step 7
Notice that the permissions on the /etc/shadow file indicate that only members of
the shadow group have permission to view the file:
ls -l /etc/shadow
Keep in mind that the root user can view any file. This is due to the root account having
special privileges that transcend regular file permissions.
sysadmin@localhost:~$ ls -l /etc/shadow
-rw-r----- 1 root shadow 838 Mar 14 17:34 /etc/shadow
 Previous
 Next
13.4.8 Step 8
Use the sudo command to view the first few lines of /etc/shadow file:
sudo head -3 /etc/shadow

(provide the password of the sysadmin user: netlab123)
sysadmin@localhost:~$ sudo head -3 /etc/shadow
[sudo] password for sysadmin:
root:$6$T3W2rbrt$N/2Jrt1EzQ8TqOvxWkYjEpIf3tCbPOyFwU7ZYkToosXB4AGmtb0.W6f8Gb
7Vmihnj76yZezNPwMbTGoQFs5Kx1:16874:0:99999:7:::
daemon:*:16863:0:99999:7:::
bin:*:16863:0:99999:7:::
Important Note: The password that you provided was for your sysadmin account, not
the root account. Once sudohas been configured for your account, you don't need to know
the root password to run sudo commands as the rootuser.
 Previous
 Next
14.1 Introduction
This is Lab 14: Creating a User. By performing this lab, students will learn about how to create a
new user account, establish the initial password for this account, and make other modifications
such as making them a member of a secondary group.
 Create a new user with the useradd command

 Set and reset a user's password with the passwd command
 Make changes to the user account with the usermod command
 Previous
 Next
14.2 Creating Users and Groups

In this task, you will create group and user accounts.
Group accounts can be helpful to be able to assign permissions on files shared by a group of
users.
User accounts in Linux distributions based upon Red Hat, like the CentOS distribution, start with
the first User ID (UID) at 500, the next UID given at 501, and so on. The current trend followed by
many other distributions is to have the first UID be 1000, the second to be 1001, and so on.
If managing accounts for multiple systems, then it is desirable to have a network-based
authentication server, where accounts can be created once, but used on many machines.
Otherwise, managing multiple accounts on multiple machines can be challenging as it can be
difficult to ensure that the user, and all the groups they belong to all have the same UIDs and
GIDs on all machines.
Another issue with multiple machine accounts that can be difficult is trying to keep the passwords
to each account synchronized across all machines.
Managing accounts for local users is still useful for individual machines, even if they have access
to a network-based authentication server. In this lab, you will manage local group and user
accounts.
 Previous
 Next
14.2.1 Step 1
In order to administer the user and group accounts, you will want to switch users to
the root account with the following command:
su -
(Provide the root password "netlab123" when prompted)
sysadmin@localhost:~$ su -
Password:
root@localhost:~#
 Previous
 Next
14.2.2 Step 2
Use the groupadd command to create a group called "research":
groupadd -r research
root@localhost:~# groupadd -r research
root@localhost:~#
The research group that was just added was added in the reserved range (between 1-999)
because the -r option was used. Group Identifiers (GIDs) are automatically assigned with a value
of less than the lowest normal user UID with this option. The groupadd command modifies
the /etc/group file where group account information is stored.
The groupmod command could be used with a -n option to change the name of this group or
the -g option in order to change the GID for this group. The groupdel command can be used to
delete this group, as long as it has not been made the primary group for a user.
 Previous
 Next
14.2.3 Step 3
Use a getent command to retrieve information about the new group:
getent group research
Your output should appear similar to the following, although the GID that was assigned may be
different:
root@localhost:~# getent group research

research:x:999:
root@localhost:~#
Now that the research group has been created, existing or new users can be made a member
of this group. The usermodoption -G must have a comma separated list of all secondary groups
the user is to belong.
When usermod is used with the -a and -G options, then only the new group will need to be
specified and it will be added to the existing secondary group memberships.
 Previous
 Next
14.2.4 Step 4
Use the usermod command to add the research group as a secondary group for
the sysadmin user:
usermod -aG research sysadmin

root@localhost:~# usermod -aG research sysadmin
root@localhost:~#
Users who are actively logged into the system will not be able to use any new group
memberships until the next time they log into the system.
 Previous
 Next
14.2.5 Step 5
There are several commands that could be used to verify the new group membership. Use
the groups, id and getentcommands to verify the sysadmin's membership:
groups sysadmin
id sysadmin
The output of the previous commands should appear similar to:
root@localhost:~# groups sysadmin

sysadmin : sysadmin adm sudo research
root@localhost:~# id sysadmin
uid=1001(sysadmin) gid=1001(sysadmin) groups=1001(sysadmin),4(adm),27(sudo)
,999(research)
research:x:999:sysadmin
root@localhost:~#
The useradd command will create a new user account and, in Red Hat-based distributions, a
new group for that user. This new group will be named after the user and that will be their primary
group.
Red Hat-based distributions use what is known as "User Private Groups", or UPG, each user is a
primary member of their own private group.
For distributions that do not use UPG, all new users belong to the users group as their primary
group.
 Previous
 Next
14.2.6 Step 6
Create a new user named student who is a secondary member of the research group and a
primary member of their own private group. Use a comment of Linux Student that will appear
as the full name of the user when they do a graphical login. Make sure that their home directory
will be created by specifying the -m option:
useradd -G research -c 'Linux Student' -m student

root@localhost:~# useradd -G research -c 'Linux Student' -m student
root@localhost:~#
The user's account information is stored in the /etc/passwd and /etc/shadow files. The
user's group information can be found in /etc/passwd and /etc/group file.
 Previous
 Next
14.2.7 Step 7
Using the getent command, view the research group members again, but also use getent to
show the student group, and the passwd and shadow databases for the student user:

getent group student
getent passwd student
getent shadow student
research:x:999:sysadmin,student
root@localhost:~# getent group student
student:x:1002:
root@localhost:~# getent passwd student
student:x:1002:1002:Linux Student:/home/student:/bin/sh
root@localhost:~# getent shadow student
student:!:16902:0:99999:7:::
root@localhost:~#
The output should now show that both sysadmin and student are secondary members of
the research group.
The GID of the student group matches the fourth field of the passwd information. This is what
makes the student a primary member of the student group.
Finally, the ! appearing in the password field (second field) of the shadow file, shows that the
password for the student has not been set.
 Previous
 Next
14.2.8 Step 8
Use the passwd command to set the password, netlab123 for the student user and view
the shadow file entry for the student user again:
passwd student
(type the same password twice)
getent shadow student
The output from the /etc/shadow file now shows an encrypted password in the second field:
root@localhost:~# passwd student

Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
root@localhost:~# getent shadow student
student:$6$pIEEdvAX$GBo0beYhojL3/vDrOP2UAQR6uVCWMZXxMPqImREJWw/5oR2WTtM6dH3
H83VjrmG6hGd9ux2I9FQFWQLtg3/:16902:0:99999:7:::
root@localhost:~#
 Previous
 Next
14.2.9 Step 9
Just because a user has a password doesn't mean that they have ever logged into the system.
Use the last command to see if the student has ever logged in:
last
last student
The output of the last command should show that the sysadmin user has logged in before, but
not the student user:
root@localhost:~# last
sysadmin console Mon Apr 11 19:08 still logged in
sysadmin console Mon Apr 11 19:08 - 19:08 (00:00)
wtmp begins Mon Apr 11 18:25:26 2016
root@localhost:~# last student
wtmp begins Mon Apr 11 18:25:26 2016
root@localhost:~#
There is also a lastb command, which works similar to the last command except that it shows
"bad" or failed log in attempts.
If you no longer wanted the student user to have access to the system, then the usermod -L
student command could be used to "lock" the account. The account could be unlocked with
the usermod -U student command.
A more permanent solution to preventing access to the student account would be to delete the
account with either the userdel student or userdel -r student commands. Using the -
r option with the userdel command removes the user's home directory and mail, in addition to
deleting the user's account.
 Previous
 Next
14.2.10 Step 10
Delete the student account and remove the user's home directory:
userdel -r student
Executing the command should look like this:
root@localhost:~# userdel -r student

root@localhost:~#
 Previous
 Next
15.1 Introduction
This is Lab 15: Ownerships and Permissions. By performing this lab, students will learn how to
set and view the ownerships and permissions of files and directories.
 View and understand permissions on files and directories.

 Use the chmod command to change permissions.
 Change ownerships with the chown and chgrp commands.
 Previous
 Next
15.2 File Permissions and Ownerships

In this task, you will create files and directories, view and set their permissions and ownerships.
 Previous
 Next
15.2.1 Step 1
Create two directories and two files in the /tmp directory:
cd /tmp
mkdir priv-dir pub-dir
touch priv-dir/priv-file
touch pub-dir/pub-file
sysadmin@localhost:~$ cd /tmp
sysadmin@localhost:/tmp$ mkdir priv-dir pub-dir
sysadmin@localhost:/tmp$ touch priv-dir/priv-file
sysadmin@localhost:/tmp$ touch pub-dir/pub-file
sysadmin@localhost:/tmp$
 Previous
 Next
15.2.2 Step 2
View the contents of the directories:
ls -l priv-dir
ls -l pub-dir
You output should contain the following:
sysadmin@localhost:/tmp$ ls -l priv-dir
total 0
-rw-rw-r-- 1 sysadmin sysadmin 0 Apr 11 21:26 priv-file
sysadmin@localhost:/tmp$ ls -l pub-dir
total 0
-rw-rw-r-- 1 sysadmin sysadmin 0 Apr 11 21:27 pub-file
Notice that for each file displayed, the first character of the line is the hyphen, -. This conveys
that the items are regular files. The first character of the listing indicates the type of file,
where d indicates a directory, - is a regular file, l is a symbolic link, b is a block device file, c is
a character device file, p is a pipe file and s is a socket file.
The next nine characters are in three groups of three characters. The first group of three
characters (rw- in the example above) are the user owner's permissions, the next three
characters (rw- in the example above) are the group owner's permissions and the last three
characters (r-- in the example above) represent everyone else's permissions (referred to as
"others").
When viewing permissions, r indicates the read permission, w indicates the write permission
and x indicates executepermission. A - character indicates that that permission has not been
granted.
Following the permissions is a link count number, indicating how many files are linked to this file.
Next, you see the user owner, the group owner, the size of the file, the date/time the file was last
modified and the file name.
 Previous
 Next
15.2.3 Step 3
If you want to make a directory more private, then you can use the chmod command to remove
permissions that others have on the directory. Use the chmod command to remove the other's
permissions for read and execute:
ls -ld priv-dir/
chmod o-rx priv-dir/
ls -ld priv-dir/
The output now shows that others have no permission or access to the priv-dir:
sysadmin@localhost:/tmp$ ls -ld priv-dir/

drwxrwxr-x 2 sysadmin sysadmin 4096 Apr 11 21:26 priv-dir/
sysadmin@localhost:/tmp$ chmod o-rx priv-dir/
sysadmin@localhost:/tmp$ ls -ld priv-dir/
drwxrwx--- 2 sysadmin sysadmin 4096 Apr 11 21:26 priv-dir/
You used the chmod command to modify the permissions for others by using an o character
followed by either a + character or a - character to add or subtract permissions. The = character
can be used to set an exact permission.
You can use a u character instead of an o character to modify the permissions of the user owner.
Use a g character if you want to change permissions for the group owner.
To modify everyone's permissions use an a character instead of o, u or g.
Examples:
chmod a+x file #gives everyone execute permission
chmod g-w file #removes write permission for group owners
chmod go+r file #adds read permission for group owner and others
chmod o=rwx #sets others permissions to read, write and execute
 Previous
 Next
15.2.4 Step 4
If you want to make a directory more public, then you can use the chmod command to add write
permission for others:
ls -ld pub-dir/
chmod o+w pub-dir/
ls -ld pub-dir/
Your output now shows that others have write permission on the directory (the ability to add or
delete files inside the directory):
sysadmin@localhost:/tmp$ ls -ld pub-dir/

drwxrwxr-x 2 sysadmin sysadmin 4096 Apr 11 21:27 pub-dir/
sysadmin@localhost:/tmp$ chmod o+w pub-dir/
sysadmin@localhost:/tmp$ ls -ld pub-dir/
drwxrwxrwx 2 sysadmin sysadmin 4096 Apr 11 21:27 pub-dir/
 Previous
 Next
15.2.5 Step 5
Use the chmod command to remove any permission from the group or others on the priv-file:
ls -l priv-dir/priv-file
chmod g-rw,o-r priv-dir/priv-file
sysadmin@localhost:/tmp$ ls -l priv-dir/priv-file
-rw-rw-r-- 1 sysadmin sysadmin 0 Apr 11 21:26 priv-dir/priv-file
sysadmin@localhost:/tmp$ chmod g-rw,o-r priv-dir/priv-file
sysadmin@localhost:/tmp$ ls -l priv-dir/priv-file
-rw------- 1 sysadmin sysadmin 0 Apr 11 21:26 priv-dir/priv-file
 Previous
 Next
15.2.6 Step 6
Grant all users the same read and write permission of the pub-file:
ls -l pub-dir/pub-file
chmod a=rw pub-dir/pub-file
sysadmin@localhost:/tmp$ ls -l pub-dir/pub-file
-rw-rw-r-- 1 sysadmin sysadmin 0 Apr 11 21:27 pub-dir/pub-file
sysadmin@localhost:/tmp$ chmod a=rw pub-dir/pub-file
sysadmin@localhost:/tmp$ ls -l pub-dir/pub-file
-rw-rw-rw- 1 sysadmin sysadmin 0 Apr 11 21:27 pub-dir/pub-file
 Previous
 Next
15.2.7 Step 7
Create a test.sh file in the /tmp containing the content "date":
echo "date" > test.sh

sysadmin@localhost:/tmp$ echo "date" > test.sh
If a file contains commands, then those commands can be run, or executed, if the file has
execute permission for the user. The process of making a file into an executable file requires
giving the execute permission on the file. Without this permission, the file can't be treated as a
program.
 Previous
 Next
15.2.8 Step 8
Attempt to execute the test.sh file; it should fail. View the permissions on the file to see why:
./test.sh
ls -l test.sh
sysadmin@localhost:/tmp$ ./test.sh
-bash: ./test.sh: Permission denied
sysadmin@localhost:/tmp$ ls -l test.sh
-rw-rw-r-- 1 sysadmin sysadmin 5 Apr 11 22:27 test.sh
 Previous
 Next
15.2.9 Step 9
Only the user owner of a file (or the root user) is allowed to change permissions on a file. Give
yourself, the user owner, execute permission and then execute test.sh:
chmod u+x test.sh

ls -l test.sh
./test.sh
The output shows the added execute permission for the user owner and the current date and time
from executing the datecommand inside of your test.sh script file:
sysadmin@localhost:/tmp$ chmod u+x test.sh

-rwxrw-r-- 1 sysadmin sysadmin 5 Apr 11 22:27 test.sh
sysadmin@localhost:/tmp$ ./test.sh
Mon Apr 11 22:35:23 UTC 2016
So far, you have seen how to use the chmod command with symbolic notation, where symbols are
used to represent who (u, g, o, and a), how (+, -, or =), and what to change (r, w, and x).
The chmod command can also be used with a numeric value representing the permissions of the
user owner, group owner and others in what is called octal notation.
To use the chmod command with octal notation, you must first understand the octal value of the
permissions:
Read (r) 4
Write (w) 2
Execute (x) 1
From the last listing of the test.sh file, the permissions were shown to be rwx for the user
owner, rw for the group owner, and r for others. To express these permissions in octal notation,
a total is calculated for each ownership.
As a result the user's permission total would be calculated as 4 + 2 + 1, or 7, where 4 is for the
read, 2 is for the write and 1 is for the execute permission.
The group's permission total would be 4 + 2 or 6, where 4 is for the read permission, and 2 is for
the write permission.
The others' ownership permission would simply be 4 for the read permission that they have.
Putting it all together the octal value for the current permissions would be 764.
 Previous
 Next
15.2.10 Step 10
Use the stat command to verify that the octal value for the permissions (access) to
the test.sh:
stat test.sh
sysadmin@localhost:/tmp$ stat test.sh
File: `test.sh'
Size: 5 Blocks: 8 IO Block: 4096 regular file
Device: fc00h/64512d Inode: 3540004 Links: 1
Access: (0764/-rwxrw-r--) Uid: ( 1001/sysadmin) Gid: ( 1001/sysadmin)
Access: 2016-04-11 22:27:24.987740243 +0000
Modify: 2016-04-11 22:27:24.987740243 +0000
Change: 2016-04-11 22:35:08.335757863 +0000
Birth: -
If you wanted to change these permissions using octal notation to give the group and others
execute permission, then you would use the following three numbers:
 7 (read, write and execute) for the user owner

 7 (read, write and execute) for the group owner
 5 (read and execute) for others
The new mode, or octal number, for the permissions would then be 775.
 Previous
 Next
15.2.11 Step 11
Using octal notation, modify the permissions of the test.sh file, so everyone would be able to
execute the file:
chmod 775 test.sh

ls -l test.sh
sysadmin@localhost:/tmp$ chmod 775 test.sh
-rwxrwxr-x 1 sysadmin sysadmin 5 Apr 11 22:27 test.sh
There are two commands that can affect the ownership of files. The chown command can only be
executed by the root user and it can change the user that owns a file or both the user and group
that owns a file.
The chgrp command can be used by either the user who owns a file or by the root user.
The chgrp command only changes the group that owns a file.
When a non-root user uses the chgrp command they can only change the group ownership to a
group of which they are a member. The root user can use chgrp to change the group ownership
of any file to any group.
 Previous
 Next
15.2.12 Step 12
Switch to the root user so you will be able to execute both the chown and chgrp commands to
change group ownerships to any group:
su -
(provide the root password: netlab123)
sysadmin@localhost:/tmp$ su -
Password:
root@localhost:~#
 Previous
 Next
15.2.13 Step 13
Change to the /tmp directory and list the details of the pub-dir, and then its contents:
cd /tmp
ls -ld pub-dir
Notice the output shows the directory and the file owned by the sysadmin user, and
the sysadmin group:
root@localhost:~# cd /tmp
root@localhost:/tmp# ls -ld pub-dir/
drwxrwxrwx 2 sysadmin sysadmin 4096 Apr 11 22:48 pub-dir/
root@localhost:/tmp# ls -l pub-dir/pub-file
-rw-rw-rw- 1 sysadmin sysadmin 0 Apr 11 22:48 pub-dir/pub-file
root@localhost:/tmp#
 Previous
 Next
15.2.14 Step 14
Use the chown command to change the user and group owner of the pub-dir to the root user
and the root group. Then view the details of the directory:
chown root:root pub-dir

ls -ld pub-dir
Your output should show both the user and group owners have changed:
root@localhost:/tmp# chown root:root pub-dir

root@localhost:/tmp# ls -ld pub-dir/
drwxrwxrwx 2 root root 4096 Apr 11 22:48 pub-dir/
 Previous
 Next
15.2.15 Step 15
Use the chown command to change the user owner of the pub-file to the bin user:
chown bin pub-dir/pub-file

The output now shows that the user owner has been updated to bin:
root@localhost:/tmp# chown bin pub-dir/pub-file

root@localhost:/tmp# ls -l pub-dir/pub-file
-rw-rw-rw- 1 bin sysadmin 0 Apr 11 22:48 pub-dir/pub-file
 Previous
 Next
15.2.16 Step 16
View the details of the priv-dir and its contents:
ls -ld priv-dir
The output should show that priv-dir is owned by the sysadmin user and sysadmin group:
root@localhost:/tmp# ls -ld priv-dir

drwxrwx--- 2 sysadmin sysadmin 4096 Apr 11 22:48 priv-dir
root@localhost:/tmp# ls -l priv-dir/priv-file
 Previous
 Next
15.2.17 Step 17
Change the group owner of the priv-dir and priv-file to the users group recursively with
the chgrp command and view the updated files:
ls -ld priv-dir
chgrp -R users priv-dir
ls -ld priv-dir
drwxrwx--- 2 sysadmin sysadmin 4096 Apr 11 22:48 priv-dir
root@localhost:/tmp# chgrp -R users priv-dir
drwxrwx--- 2 sysadmin users 4096 Apr 11 22:48 priv-dir
-rw------- 1 sysadmin users 0 Apr 11 22:48 priv-dir/priv-file
Your output reflects that when applying changes recursively to a directory, that the changes apply
to the directory and anything it contains. This would mean that every sub directory under priv-
dir and every file in priv-dir and all of its subdirectories would have this change applied.
 Previous
 Next
16.1 Introduction
This is Lab 16: Special Permissions. By performing this lab, students will learn about special
permissions and different kinds of link files.
 View files with special permissions

 Create hard and soft links
 Previous
 Next
16.2 Viewing Special Permissions
In this task, you will find and understand the purpose of special permissions beyond read, write,
and execute.
 Previous
 Next
16.2.1 Step 1
List the details of the /tmp and /var/tmp directories:
ls -ld /tmp
ls -ld /var/tmp
The output shows the permissions on these directories to be the same:
sysadmin@localhost:~$ ls -ld /tmp

drwxrwxrwt 2 root root 4096 Mar 14 17:34 /tmp
sysadmin@localhost:~$ ls -ld /var/tmp
drwxrwxrwt 2 root root 4096 Apr 19 2012 /var/tmp
The /tmp and /var/tmp directories are read, write and executable for everyone. Besides the
users' home directories, these two "temporary" directories are the locations in the filesystem
where ordinary users can create new files or directories.
This does pose a problem: if all users can create new files, they are also able to delete existing
files. This is because the write permission on a directory grants users the ability to add and delete
files in a directory.
The t in the execute column for the others permissions indicates that this directory has the sticky
bit permission set. This special permission means that even though everyone can add files in
these directories, only the user who creates a file can delete that file.
The root user is not affected by this permission as that account can delete all files in the directory,
regardless of ownership.
 Previous
 Next
16.2.2 Step 2
View the permissions on the /etc/shadow file:
ls -l /etc/shadow
The output shows that the root user has read and write permissions, members of the shadow
group have read permission, and others have no permission on this file:
sysadmin@localhost:~$ ls -l /etc/shadow
-rw-r----- 1 root shadow 838 Mar 14 17:34 /etc/shadow
Like the other files found in the /etc directory, the /etc/shadow file contains host-specific
configuration information. Specifically, the /etc/shadow file contains the encrypted passwords
of all local user accounts and information about password aging (how long a password is good).
Since this is very sensitive information, access to this file is limited to the root user and
commands executing as root, as well as members of the shadow group.
When a user updates their password with the passwd command, the passwd command executes
with a special permission called setuid. The setuid permission causes a file to execute as the
user that owns the file, instead of the user that is actually running the command.
If you are coming from a Microsoft Windows background, you can think of setuid to be like the
"Run as administrator" feature provided in Windows.
 Previous
 Next
16.2.3 Step 3
View the permissions of the /usr/bin/passwd file:
ls -l /usr/bin/passwd
The listing of this file shows:
sysadmin@localhost:~$ ls -l /usr/bin/passwd
-rwsr-xr-x 5 root root 42824 Sep 12 2012 /usr/bin/passwd
Notice the s in the user's execute permission column. This indicates that this file has the setuid
permission set, so it executes as the user who owns it (root) instead of the user running the
command.
Thus, the passwd command is able to update the /etc/shadow file, as it executes as
the root user (recall that the root user can edit any file, regardless of the permissions on the file).
 Previous
 Next
16.2.4 Step 4
View the permissions on the /usr/bin/wall command:
ls -l /usr/bin/wall
The output now shows the s in the execute column for the group:
sysadmin@localhost:~$ ls -l /usr/bin/wall
-rwxr-sr-x 5 root tty 18976 Jun 18 2014 /usr/bin/wall
The s in the group execute column indicates that this file has the setgid permission set, so it
executes as the group who owns it (tty) instead of the group of the user running the command.
Thus, the wall command is able to write to all terminals (ttys) as it executes as the tty group.
Note: This is very similar to the setuid permission, but instead of running the command as the
user owner of the program, the command runs as the group owner of the program.
So far, you've seen three types of special permissions: sticky bit on a directory, setuid on an
executable file and setgid on an executable file. As you have seen, these three types exist on a
typical system.
One more special permission type can be used; The setgid permission can also be applied to a
directory.
If you see the s in the execute column for the group that owns directory, then the directory has
the setgid permission. When a directory has the setgid permission, then any new file or directory
created in that directory will automatically be owned by the group that owns the directory, not by
the group of the user who created the file.
 Previous
 Next
16.3 Hard and Soft Links

In this task, you will create and use hard and soft links.
 Previous
 Next
16.3.1 Step 1
Change to your home directory:
cd
 Previous
 Next
16.3.2 Step 2
Create a file named source containing the text "data" by using redirection:
echo "data" > source
 Previous
 Next
16.3.3 Step 3
View the details and inode information of the source file:
ls -li source
The highlighted output shows that the file has an inode number of 2076 (this number will vary
from one system to another) and a link count of 1:
sysadmin@localhost:~$ ls -li source

2076 -rw-rw-r-- 1 sysadmin sysadmin 5 Apr 12 13:27 source
The Linux operating system uses inodes to keep track of the information about a file. A directory
entry associates an inode with a file name.
Creating a hard link creates another directory entry associated with an existing inode, and will
increase the link count number.
Hard links allow you to have multiple names to refer to the same file. If any one of these names is
removed, then the other names can still be used to refer to the file.
In fact, these other names can even be used to create additional links. All of these names are
considered equivalent as they all refer to an existing inode.
Note: You cannot create hard links to directories. Also, a hard link to a file also must exist within
the same filesystem (partition) as the file that it links to.
 Previous
 Next
16.3.4 Step 4
Use the ln command to create a hard link. View the details and inode information of the source
and new hard link file:
ln source hardlink
ls -li source hardlink
Notice that the hardlink file and the original source file share the same inode:
sysadmin@localhost:~$ ln source hardlink

sysadmin@localhost:~$ ls -li source hardlink
2076 -rw-rw-r-- 2 sysadmin sysadmin 5 Apr 12 13:27 hardlink
 Previous
 Next
16.3.5 Step 5
Use the ln command to create another hard link to the source file. View the details and inode
information of the source and new hard link files:
ln hardlink hardtoo
ls -li hardlink hardtoo source
Notice the output continues to show the hardlinks share the same inode and the link count
increases on all links when a link is added:
sysadmin@localhost:~$ ln source hardtoo

sysadmin@localhost:~$ ls -li hardlink hardtoo source
2076 -rw-rw-r-- 3 sysadmin sysadmin 5 Apr 12 13:27 hardtoo
 Previous
 Next
16.3.6 Step 6
Remove the last link that was created and list the source and hardlink files:
rm hardtoo
ls -li source hardlink
Notice that the link count decreases when one of the hard linked files is removed:
sysadmin@localhost:~$ rm hardtoo
sysadmin@localhost:~$ ls -li source hardlink
 Previous
 Next
16.3.7 Step 7
Remove the hardlink file and list the source file details:
rm hardlink
ls -li source
sysadmin@localhost:~$ rm hardlink
sysadmin@localhost:~$ ls -li source
Another type of link that can be created is known as a symbolic link or soft link. Symbolic links do
not increase the link count of files with which they are linked.
Symbolic link files have their own inode and type of file. Instead of linking and sharing an inode,
they link to the file name. Unlike hard links, soft links can be linked to directories and can cross
devices and partitions to their targets.
 Previous
 Next
16.3.8 Step 8
Create a symbolic link to the source file and view the details of both files:
ln -s source softlink
ls -li source softlink
The highlighted output shows that the softlink and the source file have different inodes.
Notice that the link type of file is created when making a symbolic link. The permissions of the link
are irrelevant, as it is the permissions of the target file that determine access:
sysadmin@localhost:~$ ln -s source softlink

sysadmin@localhost:~$ ls -li source softlink
2086 lrwxrwxrwx 1 sysadmin sysadmin 6 Apr 12 13:56 softlink -> source
 Previous
 Next
16.3.9 Step 9
Create a symbolic link to the /proc directory and display the link:
ln -s /proc crossdir
ls -l crossdir
The success of these commands shows that soft links can refer to directories, and they can cross
from one filesystem to another, which are two things that hard links cannot do:
sysadmin@localhost:~$ ln -s /proc crossdir

sysadmin@localhost:~$ ls -l crossdir
lrwxrwxrwx 1 sysadmin sysadmin 5 Apr 12 14:00 crossdir -> /proc
 Previous
 Next

Linux

Uploaded by

Copyright:

Available Formats

Linux

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Linux

Uploaded by

Copyright:

Available Formats

LABS

 Explore Bash features

4.2 Files and Directories

Your output should be similar to the following:

Your output should be similar to the following:

Your output should be similar to the following:

Your output should be similar to the following:

4.3 Shell Variables

echo Hello Student

Your output should be similar to the following:

sysadmin@localhost:~$ echo Hello Student

Your output should be similar to the following:

sysadmin@localhost:~$ echo $PATH

Your output should be similar to the following:

Your output should be similar to the following:

Your output should be similar to the following:

Your output should be similar to the following:

sysadmin@localhost:~$ echo D*n*s

Your output should be similar to the following:

sysadmin@localhost:~$ echo ??????

Your output should be similar to the following:

sysadmin@localhost:~$ echo D????????

Your output should be similar to the following:

sysadmin@localhost:~$ echo ?????*s

Your output should be similar to the following:

sysadmin@localhost:~$ echo [DP]*

Your output should be similar to the following:

sysadmin@localhost:~$ echo [D-P]*

echo Today is `date`

Your output should be similar to the following:

sysadmin@localhost:~$ echo Today is `date`

echo Today is $(date)

Your output should be similar to the following:

sysadmin@localhost:~$ echo Today is $(date)

echo This is the command '`date`'

Your output should be similar to the following:

sysadmin@localhost:~$ echo This is the command '`date`'

echo This is the command \`date\`

Your output should be similar to the following:

sysadmin@localhost:~$ echo This is the command \`date\`

echo This is the command "`date`"

Your output should be similar to the following:

Your output should be similar to the following:

4.6 Control Statements

echo Hello; echo Linux; echo Student

sysadmin@localhost:~$ echo Hello; echo Linux; echo Student

false; echo Not; echo Conditional

Your output should be similar to the following:

sysadmin@localhost:~$ false; echo Not; echo Conditional

echo Start && echo Going && echo Gone

Your output should be similar to the following:

sysadmin@localhost:~$ echo Start && echo Going && echo Gone

echo Success && false && echo Bye

Your output should be similar to the following:

sysadmin@localhost:~$ echo Success && false && echo Bye

false || echo Fail Or

Your output should be similar to the following:

sysadmin@localhost:~$ false || echo Fail Or

4.7 Shell History

sysadmin@localhost:~$ echo Dns