Overview

This guide focuses on practical day-to-day Linux administration. It targets Debian-based systems like Ubuntu and Linux Mint, and covers:

  • essential commands
  • system inspection and maintenance
  • networking
  • services and processes
  • storage and filesystem maintenance
  • security basics
  • recommended tools

Shell and Navigation

TaskCommand
List files/detailsls -la
Change directorycd /path
Current directorypwd
Search file contentsgrep -Rin "pattern" /path
Find files by namefind /path -name "filename*"
Recent filesfind /path -mtime -1
Disk usage by directory`du -sh /path/*
Free spacedf -h

System Information

  • uname -a
  • cat /etc/os-release
  • hostnamectl
  • timedatectl
  • uptime
  • lscpu
  • free -h
  • lsblk -f

Package Management (APT)

sudo apt update
sudo apt upgrade -y
sudo apt install -y package
sudo apt remove -y package
sudo apt autoremove -y
dpkg -l | grep keyword
apt list --installed | grep keyword

Useful package tools:

  • aptitude for improved dependency handling
  • apt-cache search to discover packages before installing
  • deborphan / debfoster to clean orphaned libraries

Service Management (systemd)

  • systemctl status service
  • systemctl restart service
  • systemctl enable service
  • systemctl disable service
  • systemctl list-units --type=service --state=failed
  • journalctl -u service -n 50 --no-pager
  • systemctl list-timers

Processes and Resource Usage

  • ps aux
  • top / htop
  • pgrep -af "pattern"
  • kill pid
  • kill -9 pid
  • lsof -iTCP -sTCP:LISTEN -P -n
  • ss -tulnp

Files and Permissions

  • chmod 750 file
  • chown username:group file
  • umask
  • stat filename
  • Protect config files with chattr +i if needed
  • Use setfacl for advanced ACL permissions when simple Unix permissions are not enough

Storage

  • lsblk -f
  • blkid
  • mount | grep sda
  • findmnt
  • tune2fs -l /dev/sdX
  • fsck only on unmounted filesystems

RAID and LVM basics:

  • cat /proc/mdstat
  • lvdisplay
  • vgdisplay
  • pvdisplay

Shared network storage

Choose the right method based on who needs access (Linux-only vs mixed OS), performance needs, and security requirements.

1) NFS (Network File System)

Best when all clients are Linux/Unix and you want low-overhead, native POSIX file sharing.

Install (server + Ubuntu/Debian):

sudo apt install -y nfs-kernel-server

Server setup:

sudo mkdir -p /srv/nfs/share
sudo chown nobody:nogroup /srv/nfs/share
sudo chmod 777 /srv/nfs/share

# Export to specific host or subnet
echo "/srv/nfs/share 192.168.1.0/24(rw,sync,no_subtree_check)" | sudo tee -a /etc/exports
sudo exportfs -ra
sudo systemctl enable --now nfs-server

Client setup:

sudo apt install -y nfs-common
sudo mkdir -p /mnt/nfs-share
sudo mount server:/srv/nfs/share /mnt/nfs-share
# Persistent mount in /etc/fstab:
# server:/srv/nfs/share /mnt/nfs-share nfs defaults 0 0

Troubleshooting:

  • Verify exports: sudo exportfs -v
  • Check firewall: allow nfs on trusted network only
  • NFSv4 is preferred; force with -o nfsvers=4

2) Samba/SMB

Best when you have Windows, macOS, or Linux clients needing the same share.

Install:

sudo apt install -y samba

Server setup:

sudo mkdir -p /srv/samba/share
sudo chown nobody:nogroup /srv/samba/share
sudo chmod 777 /srv/samba/share

# Add share to /etc/samba/smb.conf
cat << 'EOF' | sudo tee -a /etc/samba/smb.conf
[Shared]
   path = /srv/samba/share
   browsable = yes
   writable = yes
   guest ok = no
   read only = no
   create mask = 0664
   directory mask = 0775
EOF

# Set Samba password
sudo smbpasswd -a username
sudo systemctl enable --now smbd nmbd

Client (Linux):

sudo apt install -y cifs-utils
sudo mkdir -p /mnt/samba-share
sudo mount //server/Shared /mnt/samba-share -o username=username,iocharset=utf8
# Persistent mount in /etc/fstab:
# //server/Shared /mnt/samba-share cifs username=user,password=pass,iocharset=utf8,uid=1000 0 0

Client (Windows/macOS): use \\server\Shared in file manager.

Troubleshooting:

  • Test with smbclient //server/Shared -U username
  • Check netbios discovery: smbtree
  • Review Samba logs: journalctl -u smbd

3) SSHFS

Best for occasional ad-hoc access, encrypted transit, and when you don’t want to run a dedicated file server.

Install:

sudo apt install -y sshfs

Mount:

sudo mkdir -p /mnt/sshfs-share
sudo sshfs -o allow_other,default_permissions user@server:/srv/nfs/share /mnt/sshfs-share
# Persistent mount in /etc/fstab:
# sshfs#user@server:/srv/nfs/share /mnt/sshfs-share fuse.sshfs defaults,_netdev 0 0

Notes:

  • Use key-based auth to avoid password prompts in fstab
  • allow_other requires user_allow_other in /etc/fuse.conf
  • Best for low-to-medium traffic; not ideal for database files or high IOPS

4) Nextcloud server + desktop/mobile clients

Best for document sync, collaboration, remote access over internet, and versioned sharing.

Quick concept:

  • Run Nextcloud as a Docker container (or local web app)
  • Mount local storage as Nextcloud data directory
  • Clients use WebDAV/desktop/mobile apps
  • Access anywhere via HTTPS

Minimum effort approach:

# Using Docker Compose snippet
docker run -d \
  --name nextcloud \
  --restart unless-stopped \
  -v /srv/nextcloud/data:/var/www/html \
  -v /srv/nextcloud/apps:/var/www/html/apps \
  -p 8080:80 \
  nextcloud:stable-apache

Then complete web installer at http://host:8080.

5) High-level comparison

OptionBest forOS supportEncryption in transitTypical overheadNotes
NFSLinux LAN sharesLinux/UnixNo (or Kerberos for NFSv4)LowFastest LAN option
Samba/SMBMixed OSAllOptional (SMB 3+)MediumDefault for Windows shares
SSHFSAd-hoc/remoteLinux/macOSYes (SSH)HigherNo server daemon required
NextcloudSync/collabAllYes (HTTPS)HigherBest for internet + sync

6) Shared storage hardening

  • Export shares to specific subnets, not *
  • Use firewalls to restrict file share ports to trusted networks
  • Enable SMB signing and NFSv4 Kerberos where feasible
  • For internet-exposed shares, terminate TLS with a reverse proxy
  • Back up share metadata (/etc/exports, Samba config, Nextcloud database)

Networking

  • ip a
  • ip route
  • resolvectl status
  • ss -tulnp
  • ping -c 4 host
  • traceroute host
  • mtr host
  • dig domain
  • curl -I https://example.com
  • tcpdump -i any -nn port 443
  • iptables -L -n -v or nft list ruleset

Firewall guidance:

  • Verify rules after changes
  • Allow least privilege only
  • Test SSH rules before applying lockouts
  • Prefer ufw or nftables depending on distro defaults

Logs

  • journalctl -u service -n 200 --no-pager
  • journalctl -p err -b
  • sudo dmesg | tail
  • /var/log/syslog
  • /var/log/auth.log
  • /var/log/apt/history.log

Users and Authentication

  • id username
  • getent passwd username
  • passwd
  • usermod -aG group user
  • chsh -s /bin/bash user
  • /etc/ssh/sshd_config for hardened SSH

SSH hardening checklist:

  • Use key auth, disable PasswordAuthentication
  • Restrict AllowUsers where appropriate
  • Set PermitRootLogin no
  • Use fail2ban or ufw rate limiting

Backup Strategy

  • Full system backups with timeshift
  • Home and config snapshots with rsync
  • borgbackup for deduplicated encrypted backups
  • Database backups before upgrades

Security

  • sudo apt update && sudo apt upgrade -y
  • sudo apt autoremove -y
  • sudo needrestart -r after updates
  • Check fail2ban jail status
  • Review journalctl -p err -b
  • Monitor logins in /var/log/auth.log
  • Enable automatic security updates where appropriate
  • Keep unused services disabled

Security awareness:

  • Prefer sudo over root login
  • Verify downloads with checksums and GPG
  • Prefer system repos over random instructions
  • Apply principle of least privilege

Troubleshooting Cheatsheet

SymptomDirection
Disk fulldf -h, `du -sh /*
High CPUtop, pidstat, journalctl -p err -b
Service downsystemctl status, journalctl -u service
Network downping, ip a, ss -tulnp, DNS checks
SSH refusedsshd -t, journalctl -u ssh, TCP wrapper or firewall
Slow bootsystemd-analyze blame
  • htop
  • ncdu
  • ripgrep
  • fd
  • eza
  • zoxide
  • bat
  • fzf
  • jq
  • curl / httpie
  • jump
  • neofetch or fastfetch

For scripting and automation:

  • Use Python or Bash depending on complexity
  • Use shellcheck
  • Use at or systemd timers for scheduled tasks

Best Practices

  • Keep /home, /etc, and /var on dedicated or well-monitored partitions
  • Monitor disk, memory, and temperature
  • Enable automatic security updates
  • Document changes in a changelog or Git repo
  • Use tmux or screen for long-running sessions
  • Maintain a restore plan before major changes