#HOW-TOs

Linux Boot Process? Best Geeks Know It!

Nawaz Abbasi — Tue, 06 May 2025 16:00:00 +0000

The Linux boot process is a sequence of events that initializes a Linux system from a powered-off state to a fully operational state. The knowledge of Linux boot process is essential when it comes to technical interviews, but sometimes it becomes difficult to remember or recall the key steps in the process. This article discusses a quick and easy way to remember it - Best Geeks Know It! Yes, you only need to remember that.

Best Geeks Know It -> B – G – K – I -> BIOS – GRUB – KERNEL – INIT

This BGKI acronym provides a high-level overview of the Linux boot process. Each step builds upon the previous one, gradually bringing the system to a fully operational state. Of course, there are more detailed processes within each step, but this simplified version should give you a good foundation for understanding and remembering the Linux boot sequence.

Here's a concise expansion of B-G-K-I:

B - BIOS/UEFI

Performs Power-On Self-Test (POST)
Checks hardware: CPU, RAM, storage
Loads MBR (Master Boot Record) or GPT (GUID Partition Table)
Transfers control to bootloader

G - GRUB

Located in first 512 bytes of boot drive
Reads /boot/grub/grub.conf
Shows menu with kernel options
Loads selected kernel + initramfs (temporary root filesystem) into RAM
Passes boot parameters to kernel
Can handle multiple OS boot options

K - KERNEL

Decompresses itself into RAM
Initializes hardware and drivers
Mounts root filesystem, loads initramfs
Sets up memory management
Starts device detection
Creates kernel threads

I - INIT (systemd in modern systems)

PID 1 (first process)
Reads /etc/inittab (traditional) or unit files (systemd)
Sets default runlevel/target
Starts essential services in order:
- System services
- Network services
- Display manager
- User interface (CLI/GUI)
Reaches default target state

Key files to remember

/boot/grub/grub.conf - GRUB configuration

/etc/systemd/system/ - systemd unit files

/etc/inittab - Init configuration (traditional)

Go to Full Article

How to Build Custom Distributions from Scratch

George Whittaker — Thu, 01 May 2025 16:00:00 +0000

by George Whittaker

Introduction

In a world teeming with Linux distributions — from Ubuntu to Arch, Debian to Fedora — the idea of building your own may seem daunting, if not redundant. Yet, for many technologists, enthusiasts, and developers, creating a custom Linux distribution isn't just an exercise in reinvention; it's an act of empowerment. Whether your goal is to tailor a lightweight OS for embedded devices, create a secure workstation, develop an education-focused system, or simply understand Linux more intimately, building your own distribution is one of the most fulfilling journeys in open-source computing.

This guide walks you through every stage of creating your own Linux distribution — from selecting core components to building, customizing, and distributing your personalized operating system.

Understanding the Basics

What is a Linux Distribution?

A Linux distribution (or "distro") is a complete operating system built on the Linux kernel. It includes:

Kernel – The core interface between hardware and software.
Init System – Handles booting and service management (e.g., systemd, OpenRC).
Userland Tools – Basic utilities from projects like GNU Coreutils and BusyBox.
Package Manager – Tool to install, upgrade, and remove software (e.g., APT, Pacman, DNF).
Optional GUI – A desktop environment or window manager (e.g., GNOME, XFCE, i3).

Why Create Your Own Distribution?

Reasons vary, but common motivations include:

Learning – Deepen your understanding of system internals.
Performance – Remove bloat for a leaner, faster system.
Branding – Create a branded OS for an organization or product.
Customization – Tailor software stacks for specific use-cases.
Embedded Applications – Create firmware or OS images for hardware devices.

Planning Your Custom Linux Distro

Define Your Goals

Start by asking:

Who is the target user?
What hardware should it support?
Will it be a desktop, server, or headless system?
Should it boot live or be installed?

Choose a Foundation

You can either:

Build from scratch: Using projects like Linux From Scratch (LFS).

Go to Full Article

Linux Data Recovery: How to Salvage Lost or Corrupted Files

George Whittaker — Tue, 29 Apr 2025 16:00:00 +0000

by George Whittaker

Data loss is a nightmare for any computer user, and Linux users are no exception. Despite the robust architecture of Linux operating systems, disasters can strike in the form of accidental deletions, corrupted partitions, or failing storage devices. Whether you're a system administrator, developer, or everyday Linux user, understanding how to recover data can be the difference between a minor inconvenience and a major setback.

This guide will walk you through the practical strategies and essential tools for recovering lost or corrupted files on Linux.

Understanding Data Loss on Linux

Common Causes of Data Loss

Data loss can occur for various reasons:

Accidental Deletion: Files removed with rm or cleared trash.
Filesystem Corruption: Caused by improper shutdowns, power failures, or software bugs.
Partition Issues: Misconfigured or overwritten partition tables.
Hardware Failures: Hard drive degradation, bad sectors, or failing SSDs.

How Deletion Works on Linux

Linux filesystems like ext4 don’t immediately erase data when a file is deleted. Instead, the filesystem marks the file's space as free. Until that space is overwritten, the data may be recoverable. This behavior is the cornerstone of most recovery techniques.

First Steps After Data Loss

The most critical step is to minimize system activity on the affected drive. Any write operation can potentially overwrite recoverable data.

Disconnect and Mount Read-Only

If the loss happened on a secondary drive, physically disconnect it and mount it read-only on another machine:

sudo mount -o ro /dev/sdX1 /mnt/recovery

Create a Disk Image

Use tools like dd or ddrescue to create a complete image of the drive for analysis:

sudo dd if=/dev/sdX of=/mnt/external/backup.img bs=4M status=progress

Or with ddrescue, which handles read errors more gracefully:

sudo ddrescue /dev/sdX /mnt/external/recovery.img /mnt/external/logfile

Work from the image to preserve the original drive.

Boot from a Live Environment

To avoid using the target system, boot into a Live Linux distribution like:

SystemRescueCD – tailored for system repair.
Ubuntu Live CD – user-friendly and widely available.

Go to Full Article

Debugging and Profiling Linux Applications with GDB and strace

George Whittaker — Tue, 22 Apr 2025 16:00:00 +0000

by George Whittaker

Debugging and profiling are critical skills in a developer's toolbox, especially when working with low-level system applications. Whether you're tracking down a segmentation fault in a C program or understanding why a daemon fails silently, mastering tools like GDB (GNU Debugger) and strace can dramatically improve your efficiency and understanding of program behavior.

In this guide, we’ll dive deep into these two powerful tools, exploring how they work, how to use them effectively, and how they complement each other in diagnosing and resolving complex issues.

The Essence of Debugging and Profiling

What is Debugging?

Debugging is the systematic process of identifying, isolating, and fixing bugs—errors or unexpected behaviors in your code. It’s an integral part of development that ensures software quality and stability. While high-level languages may offer interactive debuggers, compiled languages like C and C++ often require robust tools like GDB for line-by-line inspection.

What is Profiling?

Profiling, on the other hand, is about performance analysis. It helps you understand where your application spends time, which functions are called frequently, and how system resources are being utilized. While GDB can aid in debugging, strace provides a view of how a program interacts with the operating system, making it ideal for performance tuning and root cause analysis of runtime issues.

Getting Hands-On with GDB

What is GDB?

GDB is the standard debugger for GNU systems. It allows you to inspect the internal state of a program while it’s running or after it crashes. With GDB, you can set breakpoints, step through code, inspect variables, view call stacks, and even modify program execution flow.

Preparing Your Program

To make your program debuggable with GDB, compile it with debug symbols using the -g flag:

gcc -g -o myapp myapp.c

This embeds symbol information like function names, variable types, and line numbers, which are essential for meaningful debugging.

Basic GDB Commands

Here are some fundamental commands you'll use frequently:

gdb ./myapp # Start GDB with your program run # Start the program inside GDB break main # Set a breakpoint at the 'main' function break filename:line# Break at specific line next # Step over a function step # Step into a function continue # Resume program execution print varname # Inspect the value of a variable backtrace # Show the current function call stack quit # Exit GDB

Go to Full Article

The Power of Linux Shell Environment Variables

George Whittaker — Tue, 08 Apr 2025 16:00:00 +0000

by George Whittaker

If you're working in a Linux environment, chances are you've encountered environment variables—even if you didn’t realize it at the time. They quietly power much of what goes on behind the scenes in your shell sessions, influencing everything from what shell prompt you see to which programs are available when you type a command. Whether you're an experienced sysadmin or a new Linux user, mastering environment variables is essential for customizing and controlling your shell experience.

In this guide, we'll take a dive into environment variables in the Linux shell. By the end, you'll not only know how to view and set these variables, but also how to persist them, use them in scripts, and troubleshoot issues effectively.

What Are Environment Variables?

At a basic level, environment variables are dynamic named values that affect the behavior of running processes on your Linux system. Think of them as configuration settings that your shell (like Bash or Zsh) and applications refer to in order to understand how they should operate.

For example:

The PATH variable tells the shell where to look for executable files.
The HOME variable stores the path to your home directory.
The LANG variable defines your system’s language and character encoding.

Environment Variables vs Shell Variables

There is an important distinction between shell variables and environment variables:

Shell variables are local to the shell session in which they are defined.
Environment variables are shell variables that have been exported, meaning they are inherited by child processes spawned from the shell.

Viewing Environment Variables

Before you can modify or use environment variables, it's important to know how to inspect them.

View All Environment Variables

printenv

env

Both commands list environment variables currently set for the session.

View a Specific Variable

echo $HOME

This will display the current user's home directory.

View All Shell Variables

set

This command displays all shell variables and functions. It's broader than printenv.

Setting and Exporting Environment Variables

You can define your own variables or temporarily change existing ones within your shell.

Go to Full Article

Mastering Linux File Permissions and Ownership

George Whittaker — Tue, 01 Apr 2025 16:00:00 +0000

by George Whittaker

In the world of Linux, where multi-user systems and server security are foundational principles, understanding file permissions and ownership is crucial. Whether you're a beginner exploring your first Linux distribution or a seasoned system administrator managing critical servers, knowing how permissions work is key to ensuring the integrity, privacy, and functionality of your system.

This guide will take you deep into the core of Linux file permissions and ownership—what they are, how they work, how to modify them, and why they matter.

Why File Permissions and Ownership Matter in Linux

Linux is built from the ground up as a multi-user operating system. This means:

Multiple users can operate on the same system simultaneously.
Different users have different levels of access and control.

Without a permissions system, there would be no way to protect files from unauthorized access, modification, or deletion. File permissions and ownership form the first layer of defense against accidental or malicious activity.

Linux Permission Basics: Read, Write, Execute

Each file and directory in Linux has three basic types of permissions:

Read (r) – Permission to view the contents of a file or list the contents of a directory.
Write (w) – Permission to modify a file or create, rename, or delete files within a directory.
Execute (x) – For files, allows execution as a program or script. For directories, allows entering the directory (cd).

Permission Categories: User, Group, Others

Permissions are assigned to three distinct sets of users:

User (u) – The file's owner.
Group (g) – A group associated with the file.
Others (o) – Everyone else.

So for every file or directory, Linux evaluates nine permission bits, forming three sets of rwx, like so:

rwxr-xr--

This breakdown means:

rwx for the owner
r-x for the group
r-- for others

Understanding the Permission String

When you list files with ls -l, you’ll see something like this:

-rwxr-xr-- 1 alice developers 4096 Apr 4 14:00 script.sh

Let’s dissect it:

Go to Full Article

How to List Groups in Linux Like a Pro

George Whittaker — Thu, 27 Mar 2025 16:00:00 +0000

by George Whittaker

In Linux, groups play a central role in managing user permissions and access control. Whether you're an experienced system administrator or a curious new user, understanding how to list and analyze group information is a fundamental skill. This guide explores everything you need to know about listing groups in Linux, using a variety of tools and techniques to get exactly the information you need.

What Are Groups in Linux and Why Do They Matter?

Linux is a multi-user operating system, and one of its strengths lies in the fine-grained control it offers over who can do what. Groups are a way to organize users so that multiple people can share access to files, devices, or system privileges.

Each group has:

A group name
A Group ID (GID)
A list of users who are members of the group

Types of Groups:

Primary group: Each user has one primary group defined in /etc/passwd. Files the user creates are associated with this group by default.
Secondary (or supplementary) groups: Users can belong to additional groups, which allow access to other resources.

How to List All Groups on a Linux System

To see every group that exists on the system, you can use the following methods:

getent group

This is the preferred method on modern systems because it queries the system’s name service switch configuration (NSS). It includes local and possibly remote group sources (like LDAP or NIS).

Example output:

sudo:x:27: docker:x:999:user1,user2 developers:x:1001:user3

cat /etc/group

This command prints the content of the /etc/group file, which is the local group database. It’s simple and fast, but it only shows local groups.

Each line is formatted as:

group_name:password_placeholder:GID:user1,user2,...

compgen -g (Bash built-in)

compgen -g

This command outputs only the group names, which is helpful for scripting or cleaner views.

How to List Groups for a Specific User

You might want to know which groups a particular user belongs to. Here’s how:

groups username

groups john

Outputs a space-separated list of groups that john belongs to. If no username is given, it shows groups for the current user.

id username

id alice

Go to Full Article

Essential Tools and Frameworks for Mastering Ethical Hacking on Linux

George Whittaker — Tue, 18 Mar 2025 16:00:00 +0000

by George Whittaker

Introduction

In today's digital world, cybersecurity threats are ever-growing, making ethical hacking and penetration testing crucial components of modern security practices. Ethical hacking involves legally testing systems, networks, and applications for vulnerabilities before malicious hackers can exploit them. Among the various operating systems available, Linux has established itself as the preferred choice for ethical hackers due to its flexibility, security, and extensive toolkit.

This article explores the most powerful ethical hacking tools and penetration testing frameworks available for Linux users, providing a guide to help ethical hackers and penetration testers enhance their skills and secure systems effectively.

Understanding Ethical Hacking and Penetration Testing

What is Ethical Hacking?

Ethical hacking, also known as penetration testing, is the practice of assessing computer systems for security vulnerabilities. Unlike malicious hackers, ethical hackers follow legal and ethical guidelines to identify weaknesses before cybercriminals can exploit them.

Difference Between Ethical Hacking and Malicious Hacking

Ethical Hacking	Malicious Hacking
Authorized and legal	Unauthorized and illegal
Aims to improve security	Aims to exploit security flaws
Conducted with consent	Conducted without permission
Reports vulnerabilities to system owners	Exploits vulnerabilities for personal gain

The Five Phases of Penetration Testing

Reconnaissance – Gathering information about the target system.
Scanning – Identifying active hosts, open ports, and vulnerabilities.
Exploitation – Attempting to breach the system using known vulnerabilities.
Privilege Escalation & Post-Exploitation – Gaining higher privileges and maintaining access.
Reporting & Remediation – Documenting findings and suggesting fixes.

Now, let's explore the essential tools used by ethical hackers and penetration testers.

Essential Ethical Hacking Tools for Linux

Reconnaissance & Information Gathering

These tools help gather information about a target before launching an attack.

Nmap (Network Mapper) – A powerful tool for network scanning, host discovery, and port scanning.

Go to Full Article

Stay Ahead of the Game: Essential Tools and Techniques for Linux Server Monitoring

George Whittaker — Thu, 27 Feb 2025 17:00:00 +0000

by George Whittaker

Introduction

In the ever-evolving digital world, Linux servers form the backbone of enterprises, web applications, and cloud infrastructure. Whether hosting websites, databases, or critical applications, ensuring the smooth operation of Linux servers is crucial. Effective monitoring and alerting help system administrators maintain performance, security, and uptime while proactively identifying potential issues before they escalate into major outages.

This guide explores essential Linux server monitoring tools, key performance metrics, and alerting techniques to keep your systems running optimally.

Understanding Linux Server Monitoring

Why is Monitoring Important?

Monitoring Linux servers is not just about tracking resource usage; it plays a crucial role in:

Performance Optimization: Identifying bottlenecks in CPU, memory, disk, or network usage.
Security Enhancement: Detecting unauthorized access attempts, abnormal activities, or potential vulnerabilities.
Resource Management: Ensuring efficient use of hardware and system resources.
Preventing Downtime: Alerting administrators before issues become critical failures.
Compliance & Auditing: Maintaining logs and metrics for regulatory or internal auditing.

Key Metrics to Monitor

System Performance Metrics:
- CPU Usage: Load percentage, idle time, and context switching.
- Memory Usage: RAM consumption, swap utilization, and buffer/cache metrics.
- Disk I/O: Read/write speeds, latency, and disk queue length.
Network Metrics:
- Bandwidth Usage: Incoming and outgoing traffic statistics.
- Latency & Packet Loss: Connectivity health and round-trip time.
- Open Ports & Connections: Identifying unauthorized or excessive connections.
System Health Metrics:
- Load Average: A measure of CPU demand over time.
- Disk Space Usage: Preventing full partitions that could disrupt services.
- System Temperature: Avoiding hardware failures due to overheating.
Security Metrics:
- Failed Login Attempts: Signs of brute-force attacks.

Go to Full Article

Linux Memory Management: Understanding Page Tables, Swapping, and Memory Allocation

George Whittaker — Thu, 20 Feb 2025 17:00:00 +0000

by George Whittaker

Introduction

Memory management is a critical aspect of modern operating systems, ensuring efficient allocation and deallocation of system memory. Linux, as a robust and widely used operating system, employs sophisticated techniques for managing memory efficiently. Understanding key concepts such as page tables, swapping, and memory allocation is crucial for system administrators, developers, and anyone working with Linux at a low level.

This article provides a look into Linux memory management, exploring the intricacies of page tables, the role of swapping, and different memory allocation mechanisms. By the end, readers will gain a deep understanding of how Linux handles memory and how to optimize it for better performance.

Understanding Linux Page Tables

What is Virtual Memory?

Linux, like most modern operating systems, implements virtual memory to provide processes with an illusion of a vast contiguous memory space. Virtual memory enables efficient multitasking, isolation between processes, and access to more memory than is physically available. The core mechanism facilitating virtual memory is the page table, which maps virtual addresses to physical memory locations.

How Page Tables Work

A page table is a data structure used by the Linux kernel to translate virtual addresses into physical addresses. Since memory is managed in fixed-size blocks called pages (typically 4KB in size), each process maintains a page table that keeps track of which virtual pages correspond to which physical pages.

Multi-Level Page Tables

Due to large address spaces in modern computing (e.g., 64-bit architectures), a single-level page table would be inefficient and consume too much memory. Instead, Linux uses a hierarchical multi-level page table approach:

Single-Level Page Table (Used in older 32-bit systems with small memory)
Two-Level Page Table (Improves efficiency by breaking down page tables into smaller chunks)
Three-Level Page Table (Used in some architectures for better scalability)
Four-Level Page Table (Standard in modern 64-bit Linux systems, breaking addresses into even smaller sections)

Each level helps locate the next portion of the page table until the final entry, which contains the actual physical address.

Page Table Entries (PTEs) and Their Components

A Page Table Entry (PTE) contains essential information, such as:

The physical page frame number.

Go to Full Article