System Administration
User Management
User Account Management
# Create users
useradd username # Create user with default settings
useradd -m username # Create user with home directory
useradd -s /bin/bash -m username # Specify shell and home dir
adduser username # Interactive user creation (Debian/Ubuntu)
# Modify users
usermod -aG groupname username # Add user to group
usermod -s /bin/zsh username # Change user shell
usermod -d /new/home username # Change home directory
usermod -L username # Lock user account
usermod -U username # Unlock user account
# Delete users
userdel username # Delete user (keep home directory)
userdel -r username # Delete user and home directory
Password Management
# Password operations
passwd username # Set/change password
passwd -e username # Expire password (force change)
passwd -l username # Lock password
passwd -u username # Unlock password
# Password policies
chage -l username # Show password aging info
chage -M 90 username # Set password expiry to 90 days
chage -d 0 username # Force password change on next login
Group Management
# Group operations
groupadd groupname # Create group
groupadd -g 1001 groupname # Create group with specific GID
groupdel groupname # Delete group
groupmod -n newname oldname # Rename group
# Group membership
groups username # Show user's groups
id username # Show user and group IDs
gpasswd -a username groupname # Add user to group
gpasswd -d username groupname # Remove user from group
File System Management
Disk Partitioning
# Disk information
lsblk # List block devices
fdisk -l # List all partitions
parted -l # List partitions (parted)
# Create partitions
fdisk /dev/sda # Interactive partitioning
parted /dev/sda # Alternative partitioning tool
cfdisk /dev/sda # Curses-based partitioning
File System Creation
# Create filesystems
mkfs.ext4 /dev/sda1 # Create ext4 filesystem
mkfs.xfs /dev/sda1 # Create XFS filesystem
mkswap /dev/sda2 # Create swap filesystem
# Filesystem options
mkfs.ext4 -L "MyLabel" /dev/sda1 # Create with label
mkfs.ext4 -m 1 /dev/sda1 # Reserve 1% for root
Mount Management
# Mount operations
mount /dev/sda1 /mnt # Mount filesystem
mount -t ext4 /dev/sda1 /mnt # Specify filesystem type
mount -o ro /dev/sda1 /mnt # Mount read-only
umount /mnt # Unmount filesystem
umount -l /mnt # Lazy unmount
# Persistent mounts
echo "/dev/sda1 /mnt ext4 defaults 0 2" >> /etc/fstab
mount -a # Mount all filesystems in fstab
Logical Volume Management (LVM)
# Physical volumes
pvcreate /dev/sda1 # Create physical volume
pvdisplay # Display physical volumes
pvs # Short PV display
# Volume groups
vgcreate vg01 /dev/sda1 # Create volume group
vgextend vg01 /dev/sdb1 # Extend volume group
vgdisplay # Display volume groups
vgs # Short VG display
# Logical volumes
lvcreate -L 10G -n lv01 vg01 # Create 10GB logical volume
lvextend -L +5G /dev/vg01/lv01 # Extend logical volume
lvdisplay # Display logical volumes
lvs # Short LV display
# Resize filesystem after LV extension
resize2fs /dev/vg01/lv01 # For ext2/3/4
xfs_growfs /dev/vg01/lv01 # For XFS
Package Management
Debian/Ubuntu (APT)
# Package operations
apt update # Update package list
apt upgrade # Upgrade packages
apt install package # Install package
apt remove package # Remove package
apt purge package # Remove package and config files
apt autoremove # Remove unused packages
# Package information
apt search keyword # Search for packages
apt show package # Show package information
apt list --installed # List installed packages
dpkg -l # List installed packages (dpkg)
Red Hat/CentOS (YUM/DNF)
# Package operations
yum update # Update packages
yum install package # Install package
yum remove package # Remove package
yum search keyword # Search for packages
yum info package # Show package information
# DNF (newer systems)
dnf update # Update packages
dnf install package # Install package
dnf remove package # Remove package
Service Management
Systemd Service Management
# Service operations
systemctl start service # Start service
systemctl stop service # Stop service
systemctl restart service # Restart service
systemctl reload service # Reload service configuration
systemctl status service # Show service status
# Service enablement
systemctl enable service # Enable service at boot
systemctl disable service # Disable service at boot
systemctl is-enabled service # Check if service is enabled
# Service information
systemctl list-units # List all units
systemctl list-units --failed # List failed units
systemctl list-unit-files # List unit files
Creating Custom Services
# Create service file
cat > /etc/systemd/system/myapp.service << EOF
[Unit]
Description=My Application
After=network.target
[Service]
Type=simple
User=myuser
ExecStart=/usr/local/bin/myapp
Restart=always
[Install]
WantedBy=multi-user.target
EOF
# Enable and start service
systemctl daemon-reload
systemctl enable myapp
systemctl start myapp
Network Configuration
Network Interface Configuration
# Network information
ip addr show # Show IP addresses
ip route show # Show routing table
ip link show # Show network interfaces
# Configure network interface
ip addr add 192.168.1.100/24 dev eth0 # Add IP address
ip route add default via 192.168.1.1 # Add default route
ip link set eth0 up # Bring interface up
ip link set eth0 down # Bring interface down
Network Configuration Files
# Debian/Ubuntu - /etc/network/interfaces
auto eth0
iface eth0 inet static
address 192.168.1.100
netmask 255.255.255.0
gateway 192.168.1.1
# Red Hat/CentOS - /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=static
IPADDR=192.168.1.100
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
ONBOOT=yes
DNS Configuration
# DNS settings - /etc/resolv.conf
nameserver 8.8.8.8
nameserver 8.8.4.4
search example.com
# Hosts file - /etc/hosts
127.0.0.1 localhost
192.168.1.100 myserver.example.com myserver
System Security
Firewall Configuration
# UFW (Ubuntu)
ufw enable # Enable firewall
ufw disable # Disable firewall
ufw allow 22 # Allow SSH
ufw allow 80/tcp # Allow HTTP
ufw deny 23 # Deny telnet
ufw status # Show firewall status
# Firewalld (CentOS/RHEL)
firewall-cmd --permanent --add-service=ssh
firewall-cmd --permanent --add-port=80/tcp
firewall-cmd --reload
firewall-cmd --list-all
SSH Configuration
# SSH server configuration - /etc/ssh/sshd_config
Port 22
PermitRootLogin no
PasswordAuthentication yes
PubkeyAuthentication yes
MaxAuthTries 3
# Restart SSH service
systemctl restart sshd
# SSH key management
ssh-keygen -t rsa -b 4096 # Generate SSH key pair
ssh-copy-id user@host # Copy public key to remote host
File Permissions and Access Control
# Special permissions
chmod +t /tmp # Set sticky bit
chmod g+s /shared # Set SGID bit
chmod u+s /usr/bin/passwd # Set SUID bit
# Access Control Lists (ACLs)
setfacl -m u:username:rwx /path/file # Set user ACL
setfacl -m g:groupname:rx /path/file # Set group ACL
getfacl /path/file # View ACLs
System Monitoring and Logging
Log Management
# View logs
journalctl # View all logs
journalctl -u service # View service logs
journalctl -f # Follow logs
journalctl --since "2023-01-01" # Logs since date
# Traditional log files
tail -f /var/log/syslog # Follow system log
tail -f /var/log/auth.log # Follow authentication log
tail -f /var/log/apache2/access.log # Follow Apache access log
Log Rotation
# Configure log rotation - /etc/logrotate.d/myapp
/var/log/myapp/*.log {
daily
rotate 7
compress
delaycompress
create 644 myuser mygroup
postrotate
systemctl reload myapp
endscript
}
# Test log rotation
logrotate -d /etc/logrotate.d/myapp # Debug mode
logrotate -f /etc/logrotate.conf # Force rotation
System Monitoring
# Resource monitoring
top # Process monitor
htop # Enhanced process monitor
iotop # I/O monitor
nethogs # Network monitor
glances # System overview
# System information
uptime # System uptime and load
free -h # Memory usage
df -h # Disk usage
lscpu # CPU information
Backup and Recovery
File System Backups
# Rsync backups
rsync -avz /source/ /backup/ # Local backup
rsync -avz /source/ user@host:/backup/ # Remote backup
rsync -avz --delete /source/ /backup/ # Mirror backup
# Tar backups
tar -czf backup.tar.gz /path/to/backup # Create compressed backup
tar -xzf backup.tar.gz # Extract backup
Database Backups
# MySQL backup
mysqldump -u root -p database > backup.sql
mysql -u root -p database < backup.sql
# PostgreSQL backup
pg_dump -U postgres database > backup.sql
psql -U postgres -d database < backup.sql
System Backup Scripts
#!/bin/bash
# System backup script
DATE=$(date +%Y%m%d)
BACKUP_DIR="/backups"
SOURCE_DIRS="/home /etc /var/log"
for dir in $SOURCE_DIRS; do
tar -czf "$BACKUP_DIR/$(basename $dir)-$DATE.tar.gz" "$dir"
done
# Clean old backups (keep 7 days)
find $BACKUP_DIR -name "*.tar.gz" -mtime +7 -delete
Cron and Task Scheduling
Cron Job Management
# Edit cron jobs
crontab -e # Edit current user's cron
crontab -l # List cron jobs
crontab -r # Remove all cron jobs
# System cron jobs
echo "0 2 * * * /usr/local/bin/backup.sh" >> /etc/crontab
Systemd Timers
# Create timer unit - /etc/systemd/system/backup.timer
[Unit]
Description=Run backup daily
Requires=backup.service
[Timer]
OnCalendar=daily
Persistent=true
[Install]
WantedBy=timers.target
# Create service unit - /etc/systemd/system/backup.service
[Unit]
Description=Backup service
[Service]
Type=oneshot
ExecStart=/usr/local/bin/backup.sh
# Enable and start timer
systemctl enable backup.timer
systemctl start backup.timer
System Optimization
Performance Tuning
# CPU governor
echo performance > /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor
# Memory tuning
echo 1 > /proc/sys/vm/drop_caches # Clear cache
sysctl vm.swappiness=10 # Reduce swappiness
# I/O scheduler
echo deadline > /sys/block/sda/queue/scheduler
System Limits
# Configure limits - /etc/security/limits.conf
* soft nofile 65536
* hard nofile 65536
* soft nproc 32768
* hard nproc 32768
# Kernel parameters - /etc/sysctl.conf
fs.file-max = 65536
vm.swappiness = 10
net.core.rmem_max = 16777216
Troubleshooting
Common Issues
# Boot issues
systemctl --failed # Show failed services
journalctl -b # Boot log
dmesg # Kernel messages
# Permission issues
ls -la /path/file # Check permissions
namei -l /path/file # Check path permissions
# Network issues
ping google.com # Test connectivity
nslookup google.com # Test DNS
netstat -tuln # Check listening ports
Recovery Procedures
# Single user mode
# Add 'single' to kernel parameters at boot
# Reset root password
passwd root
# Filesystem check
fsck /dev/sda1
# Network interface reset
ifdown eth0 && ifup eth0
systemctl restart networking
Best Practices
Security Best Practices
- Regular updates - Keep system and packages updated
- Strong passwords - Enforce password policies
- Minimal services - Run only necessary services
- User privileges - Use sudo instead of root
- Firewall - Configure appropriate firewall rules
- Monitoring - Monitor logs and system activity
System Administration Workflow
- Document changes - Keep records of system modifications
- Test changes - Test in development before production
- Backup before changes - Always backup before major changes
- Monitor after changes - Watch for issues after modifications
- Automate tasks - Use scripts for repetitive tasks