Linux - Httqm's Docs

In other words : Why do many programs that are configured via /etc/myProgram.conf also allow/suggest to store their configuration into /etc/myProgram.d/myConfFile.conf ?

Near the end of /etc/myProgram.conf, you'll find something like :
```
if /etc/myProgram.d/ is a directory {
	include /etc/myProgram.d/*.conf
	}
```
This means, whether you configure myProgram via its main configuration file or with file(s) from its .d/ directory, nobody will be forgotten.
Actually, this helps splitting the configuration into distinct chunks, making it more modular + readable + easier to maintain.
One more advantage is that, when upgrading myProgram, its main configuration file _may_ be overwritten without deleting the whole configuration.

The normal permissions for /tmp are 1777, which ls shows as drwxrwxrwt. That is: wide open, except that only the owner of a file can remove it (that's what this extra t bit means for a directory).

/etc/profile :

defines :
- system-wide shell settings (not only Bash)
- some environment variables
fires all /etc/profile.d/*.sh scripts
- that can override /etc/profile
- What do the scripts in /etc/profile.d do?

PRNG based on the system's hardware-derived entropy pool

read from it :
od -l -N 4 < /dev/random | head -1
see the entropy pool drying up :
od -Ax -t x1 /dev/random

/var/log/lastlog :

—despite its misleading name— is NOT an actual log file
is the list of the last logins to the system
is a binary file
is a sparse file, meaning that :
- some storage space is pre-allocated for this file
- but only the data that's actually stored in this file uses space
- filesystem commands that are not aware of sparse files may show unexpected behaviors :
  - ls will report a filesize up to hundreds of GB, even TB (details)
  - cp will have a hard time (trying to) copy it
- you can get its actual size with :
  - du -h /var/log/lastlog
```
68K	/var/log/lastlog
```
  - ls -s h /var/log/lastlog
```
68K /var/log/lastlog
```
can be queried with lastlog, doing something similar to what last does

Things will stop abruptly if running out of space on /, the root partition.

Commands below must be run as root
If unsure about deleting some files, move them instead to an other partition "just in case"

find what's eating space (as root) :
1. cd /
2. du -x m . --max-depth=1 | sort -nr | head -15
3. cd into the biggest subdirectory and repeat the du command until you find stuff you can safely remove
this one is pretty efficient on "old" installs :
apt clean

/ system root

bin for executable programs which are needed in single user mode and to bring the system up or repair it

opt for monolithic non-distribution packages (mostly for large, poorly behaved third-party packages such as Oracle)

sbin Like /bin, holds commands needed to boot the system, but which are usually not executed by normal users

usr

bin primary directory for executable programs (i.e. distribution-managed normal user programs)

local where programs which are local to the site typically go

bin for normal user programs not managed by the distribution package manager (locally compiled packages or programs provided as a single binary)

sbin locally installed programs for system administration

sbin program binaries for system administration which are not essential for the boot process, for mounting /usr, or for system repair

By default, /etc/resolv.conf is managed dynamically by various network service daemons. This is intended for laptops and other highly mobile systems which may connect to different networks. This is why trying to change it manually doesn't work.

Several solutions exist to workaround this behavior : Configuring /etc/resolv.conf.

Test the DNS servers defined in /etc/resolv.conf :

awk '/^nameserver/ {print $2}' /etc/resolv.conf | xargs -I ipAddress nc -vzu ipAddress 53

No change should be made to /etc/sudoers. Instead, sudo privileges can be configured in /etc/sudoers.d/kevin (which must be "chmod 440")
sudoers must belong to the sudo group, don't forget to : usermod -aG sudo kevin
The #include and #includedir lines are NOT commented : they use the C pre-processor-like #include syntax (which is extremely misleading, source). sudo 1.9.1 introduced the less confusing @include and @includedir directives.

Syntax (source) :

This is basically :

sudoUser	SUDOHOST=(sudoRunAs)	sudoCommand	sudoOption

SUDOHOST is a string of uppercase letters, numbers and underscores starting with an uppercase letter (source).

Example 1 :

stuart ALL=(kevin) /usr/bin/vi

means that Stuart can run /usr/bin/vi on any machine as Kevin. This is equivalent to :

stuart@localhost:~$ sudo -u kevin vi anyFile

Example 2 :

To let Bob run nmap as root on myServer, add to the sudoers file :

bob		MYSERVER=(root)		/usr/bin/nmap

This way, Bob will have to enter his own password to run nmap.
We can also configure sudo so that Bob doesn't need to enter any password :

bob		MYSERVER=(root)		NOPASSWD:/usr/bin/nmap

Detailed syntax (source) :

The sudoers file has 2 types of entries :

aliases : key/value pairs used to set mnemonics to (possibly long / complex) values
- There are 4 types of aliases :
  - User_Alias :
    - refer to (source) :
      - userName
      - #uid
      - %group
      - %#gid
      - +netgroup
    - these are the users who are granted extra privileges
    - there are advanced rules to use these fields (prefixes, separators, ...), quote special characters, negate one entry (with !), ... :
  - Runas_Alias : refer to users (similar grammar than User_Alias) to "run commands as"
  - Host_Alias :
    - refer to one or more machines via hostname, IP address, network number (subnet + mask), ...
    - there are advanced rules to use this, define lists, ... :
  - Cmnd_Alias :
    - one or more commands (wildcards accepted) with or without arguments
    - plenty of options here too :
- It is possible to put several alias definitions of the same type on a single line, joined by a colon : (source) :
```
Alias_Type NAME = item1, item2, item3 : NAME = item4, item5
```
  : found in Cmnd_Alias definitions must be escaped with a \
user specifications : who's allowed to do what

Example :

sudoers file snippet :

Host_Alias	myServer = 10.2.0.188


User_Alias	APP_DEVELOPPER = stuart
Cmnd_Alias	IMPORT_DATA = /path/to/script/importData *
APP_DEVELOPPER	myServer = (root)NOPASSWD: IMPORT_DATA


User_Alias	OTHER_USER = kevin
Cmnd_Alias	DO_SOME_STUFF = /path/to/scriptThatGetsThingsDone *
Cmnd_Alias	RUN_SQL = /path/to/script.sql *
OTHER_USER	myServer = (root)NOPASSWD: RUN_SQL, (root)NOPASSWD: DO_SOME_STUFF


Runas_Alias	DATA_EXTRACTOR = stuart					see note below
Cmnd_Alias	EXTRACT_DATA = /path/to/scripts/extract.sh *
OTHER_USER	myServer = (DATA_EXTRACTOR)NOPASSWD: EXTRACT_DATA
APP_DEVELOPPER	myServer = (DATA_EXTRACTOR)NOPASSWD: EXTRACT_DATA

This example was inspired by a configuration found on a server at my company. I don't see the point of the 4^th line of this block, where stuart is allowed to run the EXTRACT_DATA command... as himself (looks like an error to me).
This also explains the last line of the output below.

Result of sudo -l, run as stuart :

User stuart may run the following commands on this host:
	(root) NOPASSWD: /path/to/script/importData *
	(root) NOPASSWD: /path/to/script.sql *
	(stuart) NOPASSWD: /path/to/scripts/extract.sh *

About NOPASSWD :

https://askubuntu.com/questions/334318/sudoers-file-enable-nopasswd-for-user-all-commands
	for a single user :
		myuser ALL=(ALL) NOPASSWD: ALL
	for a group :
		%sudo  ALL=(ALL) NOPASSWD: ALL

http://www.ducea.com/2006/06/18/linux-tips-password-usage-in-sudo-passwd-nopasswd/

A funny sudo option, insults :

Provided everything is configured adequately, you'll be prompted for your password after typing any sudo command. If you fail that step, sudo will return :

Sorry, try again.

But you can configure it to return something funnier, like insults :

Your mind just hasn't been the same since the electro-shock, has it?

To do so, append to /etc/sudoers (with visudo) :

Defaults	insults

As root : echo -e "Defaults\tinsults" >> /etc/sudoers

This is a work in progress on a topic not (yet) clear to me.

WHERE MOUNT OPTIONS COME FROM FOR THE ROOT FILESYSTEM '/' :
 - mount options are not read from /etc/fstab since this file not available yet at boot time. '/' mount options are passed via the kernel boot options (http://man7.org/linux/man-pages/man7/bootparam.7.html)

 - some sources suggest that SYSTEMD reads '/' mount options from /etc/fstab to prepare boot options parameters (??? not clear ???)

==========================================8<=========================================================
https://www.suse.com/support/kb/doc/?id=7016840

the mount option(s) have to be specified on the kernel command line, via the grub2 bootloader.

While SUSE is in the process of developing a final fix for this, a workaround would be to:

Edit the grub2 boot loader config at /etc/default/grub and add the:

	rootflags=

option with the file system flag added to the GRUB_CMDLINE_LINUX_DEFAULT="" variable, for example:

	GRUB_CMDLINE_LINUX_DEFAULT="rootflags=discard"


	==> then "update-grub" ?

The systemd fstab generator, used to mount the root filesystem, only takes into account the mount options specified in the kernel command line through the "rootflags=" variable.
If this variable is not specified, the root filesystem is mounted firstly with the default mount options and then remounted with the options specified in /etc/fstab.

==========================================8<=========================================================
BOOT ARGUMENTS

http://www.tldp.org/HOWTO/BootPrompt-HOWTO-3.html#ss3.1

==========================================8<=========================================================
How does a kernel mount the root partition?

https://unix.stackexchange.com/questions/9944/how-does-a-kernel-mount-the-root-partition#answer-18055

https://unix.stackexchange.com/questions/9944/how-does-a-kernel-mount-the-root-partition#answer-9962
	The kernel can accept command line arguments like any other program. GRUB, or most other bootloaders can accept command line arguments as user input, or store them and make various combinations of command line arguments available via a menu. The bootloader passes the command line arguments to the kernel when it loads it (I don't know the name or mechanics of this convention but it's probably similar to how an application receives command line arguments from a calling process in a running kernel).
	One of those command line options is root, where you can specify the root filesystem, i.e. root=/dev/sda1.
==========================================8<=========================================================
SYSTEMD

systemctl list-units
	-.mount				loaded active mounted	Root Mount
	boot.mount			loaded active mounted	/boot


systemctl status -- -.mount
	● -.mount - Root Mount
	   Loaded: loaded (/etc/fstab; generated; vendor preset: enabled)
	   Active: active (mounted) since Mon 2017-11-27 08:26:54 CET; 4 days ago
	    Where: /
	     What: /dev/mapper/caramba--vg-root
	     Docs: man:fstab(5)
	           man:systemd-fstab-generator(8)
	    Tasks: 0 (limit: 4915)
	   CGroup: /system.slice/-.mount

systemctl show -- -.mount
	Where=/
	What=/dev/mapper/caramba--vg-root
	Options=rw,relatime,errors=remount-ro,data=ordered
	Type=ext4
	TimeoutUSec=1min 30s
	ControlPID=0
	DirectoryMode=0755
	...


systemctl list-unit-files -- -.mount

https://www.freedesktop.org/software/systemd/man/systemd.mount.html
https://en.wikipedia.org/wiki/Linux_startup_process#systemd

==========================================8<=========================================================
FLAGS :

http://man7.org/linux/man-pages/man7/bootparam.7.html
	'rootflags=...'
		This parameter sets the mount option string for the root filesystem (see also fstab(5)).
==========================================8<=========================================================
https://unix.stackexchange.com/questions/92720/does-initramfs-use-etc-fstab

THE BOOT PROCESS :
bios
MBR / whatever
boot loader (grub2)
load the kernel (initrd / initramfs)
is instructed who's '/' with the 'root=...' boot parameter
may have additional parameters (such as 'rootflags')
kernel mounts / read-only
start /sbin/init (or systemd ?)
one of the 'init' jobs reads /etc/fstab and "mount -o remount,rw /"

/etc/group lists the groups of users and the group members. There is one entry per line, with fields separated with a colon : :

dba:x:1000:oracle

Each line has the following format :

group name
password. Seldom used, and generally set to x
group ID
group members : list of user names separated with commas ,

By default, /etc/group has 644 permissions.

This file being unreadable by non-root users will lead to things like :

$ ll
-rw------- 1 stuart 1000  22K Jul  2 15:06 myFile			numerical GID only 
drwx------ 2 stuart 1000 1.0K Jul  2 10:40 myDir
$ id
uid=1000(stuart) gid=1000 groups=1000,24,25,27,29,30,44,46,102,108,111,116,123,998,999		numerical GIDs again

After restoring the right permissions :

$ ll
-rw------- 1 stuart developers  22K Jul  2 15:06 myFile		group names are back 
drwx------ 2 stuart developers 1.0K Jul  2 10:40 myDir
$ id
uid=1000(stuart) gid=1000(developers) groups=1000(developers),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plugdev),102(systemd-journal),108(netdev),111(scanner),116(bluetooth),123(lpadmin),998(docker),999(vboxsf)

While wandering in the /proc/ tree, I found some processes having a fd symlinking a socket :

ls -l /proc/26207/fd

total 0
lrwx------ 1 root root 64 nov.	2 09:19 0 -> /dev/null
lrwx------ 1 root root 64 nov.	2 09:19 1 -> /dev/null
lrwx------ 1 root root 64 nov.	2 09:19 2 -> /dev/null
lr-x------ 1 root root 64 nov.	2 09:19 3 -> socket:[145565953]
l-wx------ 1 root root 64 nov.	2 09:19 4 -> /dev/ptmx
lrwx------ 1 root root 64 nov.	2 09:19 5 -> socket:[145565284]

What does socket:[145565953] refer to ?

The netstat approach :

netstat -laputen | grep 145565953

tcp	0	64	192.168.1.101:22	a.b.c.d:7840	ESTABLISHED	0	145565953	26207/sshd:	bob

Bob is using an SSH connection from a.b.c.d:7840 to this host.

The "let's get dirty" approach :

/proc/net/tcp (as well as /proc/net/udp and /proc/net/unix) can tell us more about sockets :

head -n1 < /proc/net/tcp; grep -a 145565953 /proc/net/tcp

sl	local_address	rem_address	st	tx_queue rx_queue	tr tm->when	retrnsmt	uid	timeout	inode
8:	6501A8C0:0016	xxxxxxxx:1EA0	01	00000110:00000000	01:0000001B	00000000	0	0	145565953 4 ffff8801172c9240 29 4 29 10 -1

The ports (source) :

The local_address and rem_address columns respectively display : 6501A8C0:0016 and xxxxxxxx:1EA0. Let's compute the ports numbers in decimal :

echo 'ibase=16; 0016; 1EA0' | bc

22
7840

The IP addresses :

6501A8C0 is the local IP address in network notation (4 hex bytes, i.e. 8 chars). To convert it to the usual dotted quad notation (12.34.56.78) :

echo [0xc0, 0xa8, 0x01, 0x65] | irb (source): [192, 168, 1, 101]
printf "%d.%d.%d.%d\n" 0xc0 0xa8 0x01 0x65 (source): 192.168.1.101

/etc/fstab data fields :

/etc/fstab contains mount information about all the system filesystems and devices. Each line is made of 6 parameters :

Number	Parameter	Usage
1	device	This can be specified as a device name (/dev/sdb1), or using the device ID returned by blkid (UUID=5FF1-07D3) Linux : /dev/hda1 FreeBSD : /dev/ad0s1a
2	mount point
3	filesystem type	Linux : ext2, ext3, reiserfs, swap, msdos, vfat, ntfs, auto, ... FreeBSD : ufs, swap, cd9660, msdosfs, ...
4	options details full details : man mount	file times (source) : atime : write atime every time a file is read. This implies nodiratime : DRY noatime : never write atime relatime : update atime only if the previous atime was earlier than the current mtime or ctime (sources : 1, 2) In addition : since Linux 2.6.30 AND when the defaults, atime or no options at all are specified AND when the previous atime was more than 24 hours old atime is always updated. The purpose of relatime is to provide a mix between atime (need access times) and noatime (limit disk I/O). auto / noauto : automount (allow mount with mount -a) / NO automount (explicit mount only). details about automounting at boot time defaults : use default settings : rw,suid,dev,exec,auto,nouser,async exec / noexec : allow / forbid execution of binaries stored on this filesystem mode=value : set the mode of all files to value & 0777 disregarding the original permissions ro / rw : read only / read write suid / nosuid : enable / disable effect of setuid and setgid bits sync / async : physically write data synchronously (when a write command is launched) / asynchronously (cache data and write later) uid=value, gid=value : "force" the owner and group of the files in the filesystem for non-extn filesystems only : on extn filesystems, these options are ignored since the permissions and ownerships are stored in the filesystem metadata (source). looks like using names instead of IDs is ok (source) user / users / nouser : user : mountable by an ordinary user (i.e. non-root). The name of this user is written in /etc/mtab so that only this user can unmount the filesystem. users : mountable by an ordinary user (i.e. non-root). Any ordinary user can unmount the filesystem (source). nouser : mountable by root only. NFS-specific options (sources : man 5 nfs, 1, 2, 3) : intr : deprecated by kernel >2.6.25 ~~allows NFS requests to be interrupted if the server becomes unreachable. This option is preferred to using soft because it is significantly less likely to result in data corruption.~~ soft : the NFS client will report an error when the NFS server is unresponsive after waiting for a period of time (defined by timeo). In certain cases soft can cause data corruption and loss of data, so it is recommended to use hard + intr instead. hard : should the NFS server become unreachable, the NFS requests will be retried indefinitely (see intr). When the NFS server comes back online, the process can be continued from where it was while the server became unresponsive. timeo=n : time (in tenths of a second) the NFS client waits for a response before it retries an NFS request
5	dump	Boolean allowing the filesystem to be backuped by dump. The root partition "/" is usually set to 1, and others to 0. 0 or nothing means it is not backuped.
6	pass	A number telling the order in which the filesystems should be checked at reboot time by fsck : 0 : don't fsck this filesystem 1 : fsck this filesystem 1^st 2 : fsck this filesystem after The root partition "/" should be 1.

Don't forget the noauto option on removable devices, or this will block the boot process if the filesystem is missing. The Internetz suggest nobootwait to prevent this, but this option is unknown to fstab documentation (not found here, nor here, ).
Only root can mount devices that are not listed in /etc/fstab, which implies non-root users can mount devices only if :
- the corresponding device appears in /etc/fstab
- options are set accordingly : user / users and permissions are granted
The uid / gid options don't apply to Ext filesystems.
By default, /etc/fstab has 644 permissions (source), otherwise, having user / users keywords would be pointless.
Errors in /etc/fstab can lead a machine to boot in Emergency Mode.

Fields are separated with colons :, and are :

Username

up to 8 characters. Case-sensitive, usually all lowercase

Password

An x in this field means the password is stored in /etc/shadow.

UID

This is assigned by adduser. Unix uses this field, plus the following group field, to identify which files belong to the user. (Reserved UIDs / GIDs on Debian)

GID

Red Hat uses GIDs in a fairly unique manner for enhanced file security. Usually the GID will match the UID. (Reserved UIDs / GIDs on Debian)

User's full name

I'm not sure what the maximum length for this field is, but try to keep it reasonable (under 30 characters).

User's home directory

Usually /home/username. All user's personal files and settings will be stored here.

User's shell

Typically set to /bin/bash to provide access to the Bash shell.
May also have values like /sbin/nologin or /bin/false

The safe way to edit /etc/passwd is with vipw.
File permissions must be 644.
If your shell prompt (formatted like stuart@myWorkstation) suddenly turns into I have no name!@myWorkstation, it may be because of improper file permissions.

File permissions
Format
Exclamation marks and asterisks in the password field

File permissions (sources : 1, 2) :

The default permissions for /etc/shadow are actually 000 :

ls -l /etc/shadow

---------- 1 root shadow 1633 Nov 29 09:21 /etc/shadow

The idea behind this is

to protect /etc/shadow from being accessed by daemons, even those run as root
to ensure that access is controlled by capabilities : 600 and 000 permissions aren't functionally identical :
- 600 grants read-write to the file owner
- 000 only grants access to processes with the DAC_OVERRIDE capability
/usr/bin/passwd doesn't need read/write permissions because it has the suid bit set, then runs as root.

Format (source) :

/etc/shadow has 9 fields separated by colons : :

Username, up to 8 characters. Case-sensitive, usually all lowercase. A direct match to the username found in /etc/passwd.
Encrypted password or status exception value. The encrypted password is formatted like : $id$salt$hashed, with :
- id : ID of the algorithm used. Among available values, 6 (i.e. SHA-512) is common on GNU/Linux.
- salt
- hashed
number of days since January 1, 1970 since the password was last changed
number of days before password may be changed (0 indicates it may be changed at any time)
number of days after which password must be changed (99999 indicates user can keep his or her password unchanged for many, many years)
number of days to warn user of an expiring password (7 for a full week)
number of days after password expires that account is disabled
number of days since January 1, 1970 that an account expires
reserved for future use

The safe way to edit this file is with vipw.

Exclamation marks and asterisks in the password field

The documentation says :

If the password field contains some string that is not a valid result of crypt (for instance ! or *), the user will not be able to use a unix password to log in (but the user may log in the system by other means).
This field may be empty (::), in which case no passwords are required to authenticate as the specified login name. However, some applications which read /etc/shadow may decide not to permit any access at all if the password field is empty.
A password field which starts with a exclamation mark (!) means that the password is locked. The remaining characters on the line represent the password field before the password was locked.

In order to clarify the contents of the password field described above, and what can / can not be done, let's experiment and see what happens :

Commands below must be run as root .

Let's create a user account with default settings :

useradd -m bob; grep bob /etc/{passwd,shadow}

/etc/passwd:bob:x:1001:1001::/home/bob:/bin/sh
/etc/shadow:bob:!:16679:0:99999:7:::

The x in /etc/passwd indicates the password is stored in /etc/shadow.
I can not log in as Bob. su bob prompts for a password and always fails.

Let's give Bob an empty password :

passwd bob fails if we just press . Let's do something BAD and edit /etc/shadow : vipw -s and remove the !.
Then grep bob /etc/{passwd,shadow}

/etc/passwd:bob:x:1001:1001::/home/bob:/bin/sh
/etc/shadow:bob::16679:0:99999:7:::

Now the ! is gone, I still can't su bob, but I can log in as Bob without being prompted for a password.

Return of the ! :

Editing again /etc/shadow to have :

bob:!:16679:0:99999:7:::
bob:!!:16679:0:99999:7:::
bob:*:16679:0:99999:7:::
bob:foo:16679:0:99999:7:::

Gives the same result : can not log in, can not su bob.

Let's give a password to Bob, then lock its account :

passwd bob bob bob, then grep bob /etc/{passwd,shadow}

/etc/passwd:bob:x:1001:1001::/home/bob:/bin/sh
/etc/shadow:bob:$6$b3AMx8c1$6DF/Ux9qhlOQSPdC0WNycWK3DYQ7tfsBgWLG74qtpW/ZO39fInB6jnTUF0alL8oH0Z7bF62BiOJ8wkNi1UEqQ/:16679:0:99999:7:::

Finally : a password !
Let's lock it : usermod -L bob; grep bob /etc/{passwd,shadow}

/etc/passwd:bob:x:1001:1001::/home/bob:/bin/sh
/etc/shadow:bob:!$6$b3AMx8c1$6DF/Ux9qhlOQSPdC0WNycWK3DYQ7tfsBgWLG74qtpW/ZO39fInB6jnTUF0alL8oH0Z7bF62BiOJ8wkNi1UEqQ/:16679:0:99999:7:::

The password now has a leading ! showing it is locked.

As a summary :

:: (empty password field) : no password required to authenticate
! or !! or * or any string : can not log in with password, but other means may work
!any string : the password is locked. Can not log in with password, but other means may work

Don't forget to delete the insecure account Bob we've created to experiment :

userdel -r bob; grep bob /etc/{passwd,shadow}

(should return nothing)

/ system root

bin

dev devices and pseudo-devices

full aka the always full device : a special file that always returns the No space left on device error on writing; usually used when testing the behaviour of a program when it encounters a "disk full" error (details : 1, 2)

null a device file that discards all data written to it but reports that the write operation succeeded (details, Please send complaints to Dave NULL.)

random PRNG based on the system's hardware-derived entropy pool

shm RAMdisk

tcp pseudo-device

urandom PRNG that is not cryptographically secure

zero special file providing as many null characters (ASCII NUL, 0x00) as are read from it

etc host-specific system configuration

adduser.conf config for adduser

apt (Debianoids only!) config for APT

sources.list lists the sources from which packages can be obtained

apt.conf.d

60recommends configuration values for recommends and suggests parameters (and others...)

bashrc or /etc/bash.bashrc : system-wide Bash settings (global ~/.bashrc)

default

locale see How to reconfigure locales on Debianoids ?

environment system-wide definition of environment variables (details)

fstab mount information about filesystems and devices

group information about local system groups and group members

hostname where the current hostname is stored. How to change it.

localtime refers to the current timezone file (symlink on Red Hatoids / copy on Debianoids. details)

mtab Lists all currently mounted filesystems along with their initialization options (details).

modules list of kernel modules to load at boot. To add moduleName : echo moduleName >> /etc/modules

modules-load.d

modules.conf Symlink to /etc/modules on Debian Strech/Sid

modprobe.d

whatever.conf List of modules and settings to be loaded by udev + modprobe during system boot (source). blacklist may be specified to forbid loading a specific module (source)

network

interfaces network interfaces configuration (example 1, example 2)

interfaces.d/ like /etc/network/interfaces, but allows breaking multiple interfaces configuration into distinct files

passwd users accounts information (login, home directory, shell, UID, ...)

profile system-wide shell settings (not only Bash), sets some environment variables, fires /etc/profile.d/*.sh scripts

profile.d directory for overrides to /etc/profile.

resolv.conf domain settings + name servers to query for DNS resolution

security

limits.conf Can be used to set some quotas on resources usage.

services service names and ports numbers assigned by the IANA (see also)

shadow password and account expiration information for users

ssh

ssh_config system-wide SSH client settings

ssh_known_hosts system-wide list of known SSH host keys

sudoers

sysconfig

clock Current timezone settings (Red Hatoids)

timezone Current timezone settings (Debianoids)

udev

rules.d

70-persistent-net.rules match MAC addresses to ethx interfaces

home users' personal directories

bob Bob's personal directory (details on privacy of this directory)

.bash_aliases Bash command aliases (see alias)

.bash_history history of all commands typed in Bash shell as Bob (see history, how to disable it, how to display the timestamp of each entry)

.bashrc Bob's Bash settings

.screenrc Bob's Screen settings

.ssh directory for Bob's SSH settings

config Bob's personal settings for the SSH client

known_hosts list of hosts Bob already connected to via SSH

.xinitrc sourced when running startx and other programs which call xinit (source : 1, 2). To launch a script upon X session start, consider ~/.xsession instead (details).

lib essential shared libraries and kernel modules

firmware firmwares used by some hardware components such as wireless controllers

modules

$(uname -r) kernel modules

lost+found corrupted files recovered by e2fsck. Details about these files : for i in $(ls /mnt/mountPoint/lost+found/); do file $i; done

opt

proc pseudo filesystem for stuff created when the machine is up. Information found here is read by ps, top, free, .... (see also)

loadavg Stats on system loads and processes. Also returned by uptime

meminfo information on memory usage

mounts Records the same information than /etc/mtab except that it is more up-to-date. This is especially valuable when / turns read-only and /etc/mtab can not be updated. (details)

PID directory containing full details about the process PID

cmdline command line of the process PID, including arguments

cwd Link to the current working directory

environ Values of environment variables

exe symlink to the process binary (if any)

fd file descriptors. About fd 0, 1 and 2, fd symlinking to a socket

maps Memory maps

mem Memory held by the process PID

root Link to the root directory of the process PID

stat Process status

statm Process memory status information

status Process status in human readable form

scsi

usb-storage

n metadata about USB storage number n

sys

kernel

pid_max The (max number +1) a PID can have (32768 for 32 bits systems, 2²² for 64 bits). Starts over (from 2 ?) after reaching this limit. (details, man -P 'less -p pid_max' 5 proc)

run (read details in Debian Wheezy documentation)

shm RAMdisk, symlink to /dev/shm (found on Debianoids, does not exist on Red Hatoids)

sbin

sys pseudo-filesystem used for exporting kernel objects (details)

class

scsi_host

hostn symlink to /sys/devices/pci0000:00/0000:00:07.1/ata2/hostn/scsi_host/hostn

fs

cgroup conventionally used as a mount point for a tmpfs filesystem containing mount points for cgroups filesystems

tmp

usr usually mounted from a separate partition. It should hold only shareable, read-only data, so that it can be mounted by various machines running Linux

share

zoneinfo Timezone definition files (more)

var persistent, variable system data

cache

apt

archives Can be cleaned with apt autoclean (even better than apt-get clean)

lib

dhcp

dhclient.wlan0.leases DHCP leases for interface wlan0

logrotate

status date of latest log rotation by logrotate

log persistent system logs

auth.log authentication log

lastlog log of last logins

kern.log kernel log

syslog system log

spool

mail users mailboxes

cron

crontabs all users' crontabs. found on Debianoids but not on Red Hatoids.

www-data www-data's crontab. Not to be edited as-is.

For even more details : man hier

/proc/meminfo lists MANY fields of information (which are read by free) :

Dirty: The total amount of memory waiting to be written back to the disk. Watch it with :
watch -n 1 -d 'grep Dirty /proc/meminfo'

cat /proc/loadavg outputs : 0.16 0.20 0.19 1/441 20304, which means :

0.16 : load1
0.20 : load5
0.19 : load15
1 : number of runnable kernel entities (processes or threads). This is ≤ number of CPU
441 : total number of kernel scheduling entities
20304 : newest PID

Monitor server loads :

watch -n 1 -d 'for serverId in {8..12}; do serverName=myServer$serverId; echo $serverName; ssh -i /home/bob/.ssh/id_rsa bob@$serverName cat /proc/loadavg; done'

Linux - System files

What are the /etc/something.d/ directories for ?

/tmp

/etc/profile

/dev/random

/var/log/lastlog

How to free space on the / (aka root) partition ?

/bin, /sbin, /usr/bin, /usr/local/bin & al.

/etc/resolv.conf

Test the DNS servers defined in /etc/resolv.conf :

/etc/sudoers

Syntax (source) :

Example 1 :

Example 2 :

Detailed syntax (source) :

Example :

sudoers file snippet :

Result of sudo -l, run as stuart :

About NOPASSWD :

A funny sudo option, insults :

How to specify custom mount options for the root filesystem "/" ?

/etc/group

/proc/26207/fd/3 -> socket:[145565953]

The netstat approach :

The "let's get dirty" approach :

The ports (source) :

The IP addresses :

/etc/fstab

/etc/fstab data fields :

/etc/passwd

/etc/shadow

Table of contents

File permissions (sources : 1, 2) :

Format (source) :

Exclamation marks and asterisks in the password field

GNU/Linux file tree

/proc/meminfo

Format of /proc/loadavg

Monitor server loads :