Linux sysadmin cheatsheet
Users and groups
# list users
$ cat /etc/passwd | cut -d: -f 1
# create new user
$ adduser USERNAME
# delete a user
$ deluser --remove-home USERNAME
# add user to group
$ usermod -aG GROUP USERNAME
$ adduser USERNAME GROUP # on Alpine
# remove user from group
$ gpasswd -d USERNAME GROUP
# create a new group
$ addgroup GROUP
# delete a group
$ delgroup GROUP
# list groups
$ getent group
# list groups user is in
$ groups USER
# change login shell
$ chsh
# if not available, manually edit /etc/passwd
Grant sudo privileges
Run sudo visudo and add this line (substitute actual username for iafisher):
iafisher ALL=(ALL) NOPASSWD: ALL
SSH
See ref/ssh
Network config
- Network config is in
/etc/network/interfaces - DNS config is in
/etc/resolve.conf - Hostname is at
/etc/hostname, runhostname -F /etc/hostnameto set - Custom hostname overrides are in
/etc/hosts
Check if any process is listening on a port:
$ sudo ss -ltnp | grep :22
Configure firewall (iptables)
# must be run as root
$ iptables -L
$ iptables -A INPUT -p tcp --dport 22 -j ACCEPT
$ iptables -A INPUT -p tcp --dport 22 -s 192.168.1.0/24 -j ACCEPT
# delete a rule
$ iptables -L --line-numbers
$ iptables -D INPUT 3
# deny everything except SSH/HTTP/HTTPS
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited
Configure firewall (firewalld)
$ firewall-cmd --list-all
# list open ports
# (only shows explicit ports, not those from services)
$ firewall-cmd --list-ports
# allow HTTP traffic
$ firewall-cmd --zone=public --add-service=http
# deny HTTP traffic
$ firewall-cmd --zone=public --remove-service=http
# save changes
$ firewall-cmd --runtime-to-permanent
$ firewall-cmd --get-active-zones
Disks and partitions
# list block devices
$ lsblk
# list partitions
$ fdisk -l
# create partition table
$ fdisk /dev/XXX
# list currently-mounted filesystems
$ mount # or
$ df -h
# format a disk with a filesystem
$ mkfs -t ext4 /dev/XXX
# mount a device
$ mount /dev/XXX path/to/mount
# unmount a device
$ umount path/to/mount
Package management
systemd
See ref/systemd