Overview
This guide focuses on practical day-to-day Linux administration. It targets Debian-based systems like Ubuntu and Linux Mint, and covers:
- essential commands
- system inspection and maintenance
- networking
- services and processes
- storage and filesystem maintenance
- security basics
- recommended tools
Shell and Navigation
| Task | Command |
|---|---|
| List files/details | ls -la |
| Change directory | cd /path |
| Current directory | pwd |
| Search file contents | grep -Rin "pattern" /path |
| Find files by name | find /path -name "filename*" |
| Recent files | find /path -mtime -1 |
| Disk usage by directory | `du -sh /path/* |
| Free space | df -h |
System Information
uname -acat /etc/os-releasehostnamectltimedatectluptimelscpufree -hlsblk -f
Package Management (APT)
sudo apt update
sudo apt upgrade -y
sudo apt install -y package
sudo apt remove -y package
sudo apt autoremove -y
dpkg -l | grep keyword
apt list --installed | grep keyword
Useful package tools:
aptitudefor improved dependency handlingapt-cache searchto discover packages before installingdeborphan/debfosterto clean orphaned libraries
Service Management (systemd)
systemctl status servicesystemctl restart servicesystemctl enable servicesystemctl disable servicesystemctl list-units --type=service --state=failedjournalctl -u service -n 50 --no-pagersystemctl list-timers
Processes and Resource Usage
ps auxtop/htoppgrep -af "pattern"kill pidkill -9 pidlsof -iTCP -sTCP:LISTEN -P -nss -tulnp
Files and Permissions
chmod 750 filechown username:group fileumaskstat filename- Protect config files with
chattr +iif needed - Use
setfaclfor advanced ACL permissions when simple Unix permissions are not enough
Storage
lsblk -fblkidmount | grep sdafindmnttune2fs -l /dev/sdXfsckonly on unmounted filesystems
RAID and LVM basics:
cat /proc/mdstatlvdisplayvgdisplaypvdisplay
Shared network storage
Choose the right method based on who needs access (Linux-only vs mixed OS), performance needs, and security requirements.
1) NFS (Network File System)
Best when all clients are Linux/Unix and you want low-overhead, native POSIX file sharing.
Install (server + Ubuntu/Debian):
sudo apt install -y nfs-kernel-server
Server setup:
sudo mkdir -p /srv/nfs/share
sudo chown nobody:nogroup /srv/nfs/share
sudo chmod 777 /srv/nfs/share
# Export to specific host or subnet
echo "/srv/nfs/share 192.168.1.0/24(rw,sync,no_subtree_check)" | sudo tee -a /etc/exports
sudo exportfs -ra
sudo systemctl enable --now nfs-server
Client setup:
sudo apt install -y nfs-common
sudo mkdir -p /mnt/nfs-share
sudo mount server:/srv/nfs/share /mnt/nfs-share
# Persistent mount in /etc/fstab:
# server:/srv/nfs/share /mnt/nfs-share nfs defaults 0 0
Troubleshooting:
- Verify exports:
sudo exportfs -v - Check firewall: allow
nfson trusted network only - NFSv4 is preferred; force with
-o nfsvers=4
2) Samba/SMB
Best when you have Windows, macOS, or Linux clients needing the same share.
Install:
sudo apt install -y samba
Server setup:
sudo mkdir -p /srv/samba/share
sudo chown nobody:nogroup /srv/samba/share
sudo chmod 777 /srv/samba/share
# Add share to /etc/samba/smb.conf
cat << 'EOF' | sudo tee -a /etc/samba/smb.conf
[Shared]
path = /srv/samba/share
browsable = yes
writable = yes
guest ok = no
read only = no
create mask = 0664
directory mask = 0775
EOF
# Set Samba password
sudo smbpasswd -a username
sudo systemctl enable --now smbd nmbd
Client (Linux):
sudo apt install -y cifs-utils
sudo mkdir -p /mnt/samba-share
sudo mount //server/Shared /mnt/samba-share -o username=username,iocharset=utf8
# Persistent mount in /etc/fstab:
# //server/Shared /mnt/samba-share cifs username=user,password=pass,iocharset=utf8,uid=1000 0 0
Client (Windows/macOS): use \\server\Shared in file manager.
Troubleshooting:
- Test with
smbclient //server/Shared -U username - Check netbios discovery:
smbtree - Review Samba logs:
journalctl -u smbd
3) SSHFS
Best for occasional ad-hoc access, encrypted transit, and when you don’t want to run a dedicated file server.
Install:
sudo apt install -y sshfs
Mount:
sudo mkdir -p /mnt/sshfs-share
sudo sshfs -o allow_other,default_permissions user@server:/srv/nfs/share /mnt/sshfs-share
# Persistent mount in /etc/fstab:
# sshfs#user@server:/srv/nfs/share /mnt/sshfs-share fuse.sshfs defaults,_netdev 0 0
Notes:
- Use key-based auth to avoid password prompts in fstab
allow_otherrequiresuser_allow_otherin/etc/fuse.conf- Best for low-to-medium traffic; not ideal for database files or high IOPS
4) Nextcloud server + desktop/mobile clients
Best for document sync, collaboration, remote access over internet, and versioned sharing.
Quick concept:
- Run Nextcloud as a Docker container (or local web app)
- Mount local storage as Nextcloud
datadirectory - Clients use WebDAV/desktop/mobile apps
- Access anywhere via HTTPS
Minimum effort approach:
# Using Docker Compose snippet
docker run -d \
--name nextcloud \
--restart unless-stopped \
-v /srv/nextcloud/data:/var/www/html \
-v /srv/nextcloud/apps:/var/www/html/apps \
-p 8080:80 \
nextcloud:stable-apache
Then complete web installer at http://host:8080.
5) High-level comparison
| Option | Best for | OS support | Encryption in transit | Typical overhead | Notes |
|---|---|---|---|---|---|
| NFS | Linux LAN shares | Linux/Unix | No (or Kerberos for NFSv4) | Low | Fastest LAN option |
| Samba/SMB | Mixed OS | All | Optional (SMB 3+) | Medium | Default for Windows shares |
| SSHFS | Ad-hoc/remote | Linux/macOS | Yes (SSH) | Higher | No server daemon required |
| Nextcloud | Sync/collab | All | Yes (HTTPS) | Higher | Best for internet + sync |
6) Shared storage hardening
- Export shares to specific subnets, not
* - Use firewalls to restrict file share ports to trusted networks
- Enable SMB signing and NFSv4 Kerberos where feasible
- For internet-exposed shares, terminate TLS with a reverse proxy
- Back up share metadata (
/etc/exports, Samba config, Nextcloud database)
Networking
ip aip routeresolvectl statusss -tulnpping -c 4 hosttraceroute hostmtr hostdig domaincurl -I https://example.comtcpdump -i any -nn port 443iptables -L -n -vornft list ruleset
Firewall guidance:
- Verify rules after changes
- Allow least privilege only
- Test SSH rules before applying lockouts
- Prefer
ufwornftablesdepending on distro defaults
Logs
journalctl -u service -n 200 --no-pagerjournalctl -p err -bsudo dmesg | tail/var/log/syslog/var/log/auth.log/var/log/apt/history.log
Users and Authentication
id usernamegetent passwd usernamepasswdusermod -aG group userchsh -s /bin/bash user/etc/ssh/sshd_configfor hardened SSH
SSH hardening checklist:
- Use key auth, disable
PasswordAuthentication - Restrict
AllowUserswhere appropriate - Set
PermitRootLogin no - Use
fail2banorufwrate limiting
Backup Strategy
- Full system backups with
timeshift - Home and config snapshots with
rsync borgbackupfor deduplicated encrypted backups- Database backups before upgrades
Security
sudo apt update && sudo apt upgrade -ysudo apt autoremove -ysudo needrestart -rafter updates- Check fail2ban jail status
- Review
journalctl -p err -b - Monitor logins in
/var/log/auth.log - Enable automatic security updates where appropriate
- Keep unused services disabled
Security awareness:
- Prefer
sudoover root login - Verify downloads with checksums and GPG
- Prefer system repos over random instructions
- Apply principle of least privilege
Troubleshooting Cheatsheet
| Symptom | Direction |
|---|---|
| Disk full | df -h, `du -sh /* |
| High CPU | top, pidstat, journalctl -p err -b |
| Service down | systemctl status, journalctl -u service |
| Network down | ping, ip a, ss -tulnp, DNS checks |
| SSH refused | sshd -t, journalctl -u ssh, TCP wrapper or firewall |
| Slow boot | systemd-analyze blame |
Recommended Tools
htopncduripgrepfdezazoxidebatfzfjqcurl/httpiejumpneofetchorfastfetch
For scripting and automation:
- Use Python or Bash depending on complexity
- Use shellcheck
- Use
atorsystemd timersfor scheduled tasks
Best Practices
- Keep
/home,/etc, and/varon dedicated or well-monitored partitions - Monitor disk, memory, and temperature
- Enable automatic security updates
- Document changes in a changelog or Git repo
- Use
tmuxorscreenfor long-running sessions - Maintain a restore plan before major changes