Chapter 2.1: The Operating System (Linux)

The Foundation of Everything

Welcome to the single most important chapter in this entire roadmap. You can't build a house without understanding the ground (the OS). A developer who doesn't understand these fundamentals is just a "coder." A DevOps engineer who masters them is an "architect."

In Chapter 1, you learned how to write *scripts* (Bash, Python). In this chapter, you will learn *what* you are scripting. When you run docker ps, what is a "process"? When you write 192.168.1.1, what is an "IP address"? When you "open port 80," what does that *mean*?

Why Linux? Why Not Windows?

Linux is the undisputed king of the cloud. Over 90% of all public cloud servers (AWS, GCP, Azure) run some "flavor" of Linux. Why?

  • It's Free & Open Source: You don't pay licensing fees. You can see and modify the source code.
  • It's Stable: Linux servers are famous for running for *years* without a reboot.
  • It's Secure: The permission model (which we'll cover) is far more secure than traditional Windows.
  • It's Lightweight: You can run a Linux server with no GUI (Graphical User Interface), using only 100MB of RAM. This makes it fast and efficient.
  • It's Automation-First: Linux was *built* to be controlled from the command line, making it perfect for DevOps scripts.

Kernel vs. Shell vs. Distribution

These terms are often confused. Let's clarify.

  • The Kernel (Linux): This is the *core* of the OS. It's the central program that manages the CPU, memory, and hardware (like the hard drive). It's the "engine" of the car. The kernel itself is just one piece of software, created by Linus Torvalds.
  • The Shell (e.g., Bash): This is the program you interact with. It's the "steering wheel and pedals." It's a command-line interpreter that takes your commands (like ls) and tells the kernel what to do.
  • The Distribution (Distro): This is the *complete car*. It's the kernel *plus* the shell *plus* thousands of other pre-installed tools (like a package manager, a file system, a web server, etc.).

Part 1: Distributions & Package Management

There are hundreds of "distros," but you only need to know the two main "families." Their main difference is their **Package Manager** (the tool used to install, update, and remove software).

Family 1: Debian-based (e.g., Ubuntu, Debian)

This is the most popular family for beginners, startups, and cloud development. **Ubuntu Server** is the most common choice.

The Package Manager: apt (Advanced Packaging Tool)

apt is the command you use to manage .deb packages. It is powerful and easy to use.

Action 1: Update Package Lists (The First Command)

This is the **first command you must run** on any new server. It does *not* upgrade your software. It simply downloads the latest list of *available* packages and versions from the Ubuntu repositories (servers).

# 'sudo' means "SuperUser Do" - run this as an admin (root)
$ sudo apt update

Hit:1 http://security.ubuntu.com/ubuntu focal-security InRelease
Hit:2 http://us.archive.ubuntu.com/ubuntu focal InRelease
...
All packages are up to date.

Action 2: Install a Package

This installs a new piece of software, like the nginx web server.

# '-y' flag automatically says 'yes' to any prompts
$ sudo apt install -y nginx

Reading package lists... Done
Building dependency tree... Done
The following NEW packages will be installed:
  nginx
0 upgraded, 1 newly installed, 0 to remove...

Action 3: Upgrade All Packages

This command compares your *installed* packages to the *list* you downloaded with apt update. It then upgrades everything on your system to the latest version.

$ sudo apt upgrade

The following packages will be upgraded:
  libssl1.1 openssl
2 upgraded, 0 newly installed, 0 to remove...
Do you want to continue? [Y/n] Y

Action 4: Remove a Package

There are two ways to remove:

# 1. 'remove' - Uninstalls the program but LEAVES config files
# This is good if you plan to reinstall it later
$ sudo apt remove nginx

# 2. 'purge' - Uninstalls the program AND deletes its system-wide config files
# This is a complete, clean removal.
$ sudo apt purge nginx

Family 2: Red Hat-based (e.g., RHEL, CentOS, Fedora, Rocky)

This family is the standard for large, stable, corporate environments. **RHEL (Red Hat Enterprise Linux)** is the paid, supported version. **Rocky Linux** and **AlmaLinux** are free, 1-to-1 copies of RHEL.

The Package Manager: dnf (or yum)

yum was the original package manager. dnf (Dandified YUM) is the modern, faster replacement. The commands are almost identical.

# 1. Install a package (dnf/yum often install without 'update')
$ sudo dnf install -y nginx

# 2. Upgrade all packages
$ sudo dnf upgrade -y

# 3. Remove a package
$ sudo dnf remove nginx

Part 2: The Linux Filesystem Hierarchy (FHS)

When you first log into a Linux server and type ls /, you'll see a list of folders: /bin, /etc, /var, /home, etc. This isn't random. It's a standard called the **FHS (Filesystem Hierarchy Standard)**. Knowing what goes where is essential for finding files and understanding how the system works.

The Root (/) Directory

This is the top-level directory. Everything on the system, including other hard drives, lives inside this directory.

/bin (User Binaries) & /sbin (System Binaries)

  • /bin: Contains the most basic, essential **binaries** (commands) that *all* users need, like ls, cp, mv, grep, and bash.
  • /sbin: Contains essential **system** binaries, which are generally only used by the "root" (admin) user. Things like fdisk (for formatting disks) or iptables (firewall).
  • (Note: In many modern distros, /bin and /sbin are just "symlinks" pointing to /usr/bin and /usr/sbin.)

/etc (Configuration)

This is one of the **most important** folders for a DevOps engineer. /etc (Et Cetera) holds all the system-wide **configuration files**. If you install nginx, its config file will be at /etc/nginx/nginx.conf. If you want to change your SSH login settings, you edit /etc/ssh/sshd_config.

/home (User Home Directories)

This is where your personal files live. Each user gets their own directory (e.g., /home/msmaxpro, /home/aman). When you type cd ~, you are going to your home directory.

/root (The Root User's Home)

This is the special home directory for the "root" super-administrator. It is *not* /.

/var (Variable Files)

This is your *other* most important folder. /var holds files that are expected to **change (vary) all the time**. This is where your applications will write their data.

  • /var/log: The **System Log** directory. This is the first place you look when something goes wrong.
    • /var/log/syslog (or messages): General system messages.
    • /var/log/auth.log: Login attempts, SSH connections, sudo commands.
    • /var/log/nginx/access.log: A log of *every* user visit to your website.
    • /var/log/nginx/error.log: Errors from your web server.
  • /var/www/html: The default "document root" for Nginx/Apache. Your website's index.html file often lives here.
  • /var/lib/mysql: Your MySQL database files would be stored here.

/tmp (Temporary Files)

A folder for any process to write temporary files. This folder is a "free-for-all" and is often **wiped clean every time the server reboots**.

/usr (User Programs)

This is where most of the software you install with apt or dnf actually lives. When you run apt install python3, the python3 binary is placed in /usr/bin/python3.

/dev (Devices)

This is a special virtual folder. Linux treats *everything* as a file. Your hard drive is a file (/dev/sda), your USB stick is a file (/dev/sdb1), and even a "black hole" is a file (/dev/null). When you send output to /dev/null, it's thrown away forever.

Part 3: Core Commands & Text Tools (The "Verbs")

These are the commands you must know by heart. You will use them every single day.

File & Directory Navigation

# 1. 'ls' - List files and directories
$ ls
Desktop  Documents  Downloads  Music

# 'ls -l' (long format) - Shows permissions, owner, size, date
$ ls -l
drwxr-xr-x 2 user user 4096 Nov 10 10:00 Documents
-rw-r--r-- 1 user user 1024 Nov 10 10:05 file.txt

# 'ls -a' (all) - Shows hidden ".dotfiles" (like .bashrc)
$ ls -a
.  ..  .bashrc  .profile  Documents  file.txt

# 'ls -lh' (long + human-readable size) - The BEST combo!
$ ls -lh
-rw-r--r-- 1 user user 1.1K Nov 10 10:05 file.txt

# 2. 'pwd' - Print Working Directory (Where am I?)
$ pwd
/home/msmaxpro

# 3. 'cd' - Change Directory
$ cd Documents
$ pwd
/home/msmaxpro/Documents

$ cd ..  # Go up one level
$ cd ~   # Go to my home directory (/home/msmaxpro)
$ cd -   # Go to the *previous* directory I was in

File & Directory Manipulation

# 1. 'touch' - Create an empty file
$ touch new_file.txt

# 2. 'mkdir' - Make a directory
$ mkdir my_project
$ mkdir -p my_project/src/main # '-p' creates parent directories

# 3. 'cp' - Copy
$ cp new_file.txt new_file_copy.txt
$ cp new_file.txt my_project/ # Copy file into directory
$ cp -r my_project my_project_backup # '-r' (recursive) to copy a whole directory

# 4. 'mv' - Move (also used for Renaming)
$ mv new_file_copy.txt my_project/ # Move file
$ mv new_file.txt old_file.txt    # Rename file

# 5. 'rm' - Remove (Delete)
$ rm old_file.txt
$ rm -r my_project_backup # '-r' (recursive) to delete a directory
$ rm -f my_project      # '-f' (force) - no prompt, dangerous!
# The most dangerous command in Linux: rm -rf /
# ('-rf' = recursive + force, '/' = root)
# This will delete YOUR ENTIRE SERVER. Never run it.

Viewing File Content

# 1. 'cat' - Concatenate (Prints the *whole* file. For small files.)
$ cat /etc/os-release
NAME="Ubuntu"
VERSION="22.04.3 LTS (Jammy Jellyfish)"

# 2. 'less' - The best tool for big files (like logs)
# This opens an interactive pager. Press 'q' to quit, '/' to search.
$ less /var/log/syslog

# 3. 'head' / 'tail' - Show the top or bottom of a file
$ head -n 5 /var/log/syslog # Show first 5 lines
$ tail -n 20 /var/log/syslog # Show last 20 lines

# 4. 'tail -f' - (Follow) The #1 tool for debugging
# This opens the file and *watches* for new lines.
# Run this, then use your app. You'll see logs appear in real-time.
$ tail -f /var/log/nginx/access.log

find, grep, awk, sed

We covered these in Chapter 1 (Bash Scripting), but they are fundamental OS commands. find is new:

# 1. 'find' - Search for files in a directory hierarchy
# Find all .md files in the current directory (.)
$ find . -name "*.md"

# Find all directories (-type d) in /var
$ find /var -type d -name "log"

# Find all files (-type f) in /etc modified in the last 60 minutes (-mmin -60)
$ find /etc -type f -mmin -60

# Find all files larger than 100 Megabytes (+100M)
$ find / -size +100M

Part 4: Process & Service Management

A "process" is any program that is currently running. A "service" is a process that runs in the background (like a web server or database).

ps (Process Status)

Shows a "snapshot" of all currently running processes. The aux flags are standard.

$ ps aux

USER       PID  %CPU %MEM     VSZ    RSS TTY      STAT START   TIME COMMAND
root         1   0.0  0.1  167496  11096 ?        Ss   09:00   0:02 /sbin/init
root       123   0.0  0.2  229180  17540 ?        Ssl  09:00   0:05 /usr/lib/systemd/systemd-journald
nginx      876   0.1  0.5  123456  45000 ?        S    09:10   0:01 nginx: worker process
...
  • USER: Who owns the process.
  • PID: The **Process ID**. A unique number. This is how you "target" a process.
  • %CPU / %MEM: How much CPU and Memory it's using.
  • STAT: The status. S = Sleeping (idle), R = Running.
  • COMMAND: The command that was run.

top / htop (The "Task Manager")

ps is a static snapshot. top is a live, real-time dashboard that updates every few seconds. It shows you what's using your CPU and RAM *right now*. htop is a "prettier," more user-friendly version of top (you may need to install it: sudo apt install htop).

kill and Signals (Stopping a Process)

This command sends a "signal" to a process. You *must* give it the PID.

# Find the PID of the misbehaving process
$ ps aux | grep "my-buggy-script.py"
msmaxpro  12345  0.0  0.1 ... python3 my-buggy-script.py

# Send the TERM signal (15) - The "Polite" Way
# This asks the process to "please shut down gracefully"
$ kill 12345

# If it's stuck, send the KILL signal (9) - The "Force Quit"
# This kills the process immediately, no questions asked.
$ kill -9 12345

systemd and systemctl

kill is for any process. For "services" (like Nginx, Docker, databases), you should *always* use the official service manager: systemd. The command is systemctl.

# Check the status of the nginx web server
$ sudo systemctl status nginx

● nginx.service - A high performance web server
     Loaded: loaded (/lib/systemd/system/nginx.service; enabled)
     Active: active (running) since Tue 2025-11-10 09:10:01 UTC


# Stop the service
$ sudo systemctl stop nginx

# Start the service
$ sudo systemctl start nginx

# Restart the service (after changing /etc/nginx/nginx.conf)
$ sudo systemctl restart nginx

# CRITICAL: Make the service start automatically when the server reboots
$ sudo systemctl enable nginx

# Stop the service from starting on reboot
$ sudo systemctl disable nginx

journalctl (The Systemd Log Viewer)

systemd also has its own logging system. This is the *best* way to debug a service that *fails to start*.

# Show all logs for *only* the nginx service
$ sudo journalctl -u nginx

# Follow the logs in real-time (like tail -f)
$ sudo journalctl -u nginx -f

Part 5: User & Permission Management (CRITICAL)

This is the core of Linux security. Every file and folder is "owned" by a **User** and a **Group**. You can set permissions for three levels:

  1. User (u): The owner of the file.
  2. Group (g): Other users who are in the file's group.
  3. Others (o): Everyone else.

Run ls -l to see this in action:

$ ls -l

-rwxr-xr--  1 msmaxpro developers  4096 Nov 10 11:30 my_script.sh
drwxr-x---  2 msmaxpro developers  4096 Nov 10 11:30 my_folder

Let's break down -rwxr-xr--:

  • -: This is a file (d means directory).
  • rwx: The **User** (msmaxpro) can **R**ead, **W**rite, and e**X**ecute.
  • r-x: The **Group** (developers) can **R**ead and e**X**ecute, but **cannot Write**.
  • r--: **Others** can **R**ead, but **cannot Write or Execute**.

chmod (Change Mode)

This command changes those permissions.

Symbolic Mode (Easy to read)

# Make our script executable for the User (u)
$ chmod u+x my_script.sh

# Remove read permission for Others (o)
$ chmod o-r my_script.sh

# Give read AND write to Group (g), remove all for Others (o)
$ chmod g+rw,o-rwx my_script.sh

# Set permissions exactly (User=rwx, Group=r, Other=nothing)
$ chmod u=rwx,g=r,o= my_script.sh

Octal Mode (Fast/Common)

This uses numbers. r=4, w=2, x=1. You add them up.

  • 7 (rwx) = 4 + 2 + 1
  • 6 (rw-) = 4 + 2 + 0
  • 5 (r-x) = 4 + 0 + 1
  • 4 (r--) = 4 + 0 + 0
  • 0 (---) = 0 + 0 + 0

You write three numbers: (User)(Group)(Other).

# Set permissions to rwxr-xr-x (User=7, Group=5, Others=5)
# This is the most common permission for executable scripts.
$ chmod 755 my_script.sh

# Set permissions to rw-r--r-- (User=6, Group=4, Others=4)
# This is the most common permission for web files (like index.html).
$ chmod 644 index.html

# Set permissions to rwx------ (User=7, Group=0, Others=0)
# This is the most secure permission for private files (like keys).
$ chmod 700 my_secret_key

chown (Change Owner)

This command changes who "owns" the file. This is critical for security. Your Nginx web server runs as the nginx user. It *cannot* read your /home/msmaxpro files. You must chown your web files to the nginx user.

# Change the owner to 'nginx'
$ sudo chown nginx /var/www/html/index.html

# Change the owner AND group at the same time (user:group)
$ sudo chown nginx:nginx /var/www/html/index.html

# Change ownership of an entire directory (R = Recursive)
$ sudo chown -R nginx:nginx /var/www/html

sudo (SuperUser Do)

sudo is the command that lets you *temporarily* become the "root" (admin) user to run a single command (like apt install or chown). By default, the main user on an Ubuntu server is allowed to use sudo. You can add other users to this "sudo group".

# Add a new user named 'aman'
$ sudo adduser aman

# Add the user 'aman' to the 'sudo' group (on Debian/Ubuntu)
$ sudo usermod -aG sudo aman

# (On CentOS/RHEL, the group is named 'wheel')
# $ sudo usermod -aG wheel aman

Part 6: SSH (Secure Shell) - Your Gateway

SSH (running on **Port 22**) is the *most important* protocol for a DevOps engineer. It allows you to open a secure, encrypted command-line (shell) on a remote server. This is how you will log in to and manage all your servers.

Method 1: Password Authentication (The "Bad" Way)

This is the simple way. You log in with a username and password. This is **INSECURE** because hackers can "brute force" your password (try 10,000 passwords per second) until they get in.

$ ssh msmaxpro@172.104.22.11

msmaxpro@172.104.22.11's password: ********

Method 2: Public Key Authentication (The "Professional" Way)

This is the standard for all cloud platforms. It's 1000x more secure. You generate a "key pair" on your *local* machine (your laptop):

  1. A **Private Key** (id_rsa): You keep this secret. It's your passport.
  2. A **Public Key** (id_rsa.pub): You give this to everyone. You put this on any server you want to access.

The server (with the public key) can *verify* you are who you say you are, as only *you* have the matching private key.

Step 1: Generate your keys (On *your* laptop)

You only need to do this once.

# -t rsa (algorithm)
# -b 4096 (bit-strength, 4096 is very strong)
$ ssh-keygen -t rsa -b 4096 -C "msmaxpro@my-laptop"

Generating public/private rsa key pair.
Enter file in which to save the key (/home/msmaxpro/.ssh/id_rsa): [Press Enter]
Enter passphrase (empty for no passphrase): [Press Enter or type a password]

This creates id_rsa (private) and id_rsa.pub (public) in your ~/.ssh directory.

Step 2: Copy your Public Key to the Server

Linux has a magic command for this:

# This will ask for your password ONE LAST TIME
$ ssh-copy-id msmaxpro@172.104.22.11

This command logs into your server, finds the ~/.ssh/authorized_keys file, and pastes your public key into it.

Step 3: Log in (No Password)

$ ssh msmaxpro@172.104.22.11

Welcome to Ubuntu 22.04 LTS ...
msmaxpro@server:~$ 
# It logged you in instantly! No password needed.

Step 4: Disable Password Login (The Final Step)

Now that your key works, you should *disable* password login on your server forever to block all brute-force attacks.

  1. On the *server*, open /etc/ssh/sshd_config:
    $ sudo nano /etc/ssh/sshd_config
  2. Find the line #PasswordAuthentication yes.
  3. Change it to: PasswordAuthentication no (and remove the #).
  4. Save the file and restart the SSH service:
    $ sudo systemctl restart sshd

Now, no one in the world can log in to your server without your private key file.

Read More about Linux & SSH →
Next: Chapter 2.2: Networking →