CHAPTER 6

File permissions

Linux follows long Unix history, and has the same kinds of permission and ownership of files and directories. In this
chapter, we will learn in detail about the same.
Let us look at the output of ls -l command.

$ ls -l
total 24
drwxrwxr-x. 2 fedora fedora 4096 Jun 24 08:00 dir1
-rw-rw-r--. 1 fedora fedora 174 Jun 23 13:26 files.tar.bz2
-rw-rw-r--. 1 fedora fedora 164 Jun 23 13:20 files.tar.gz
-rw-rw-r--. 1 fedora fedora 19 Jun 23 14:14 hello.txt
lrwxrwxrwx. 1 fedora fedora 13 Jun 23 12:32 name -> /etc/hostname

The first column contains the permission details of each file and directory. The permissions are displayed using groups
of three values, r for read access, w for write access, and x for execute access. These 3 values are mentioned for owner,
group, and other user accounts. The first - can be d for directories or l for links.
There’s another way to calculate the same file permissions, using numbers.

Read 4
Write 2
Execute 1

This means, if you want to give read and write access only to the owner and group, you mention it like this “660”,
where the first digit is for the owner, second digit is for the group, and the third digit is for the other users. We can use
this format along with the chmod command to change permissions of any file or directory.

6.1 chmod command

chmod is the command which changes the file mode bits. Through chmod command one can alter the access permis-
sions (i.e to permissions to read, write and execute) to file system objects (i.e files and directories). If we look at the
command closely chmod is the abbreviation of change mode. A few examples are given below.

33
Linux command line for you and me Documentation, Release 0.1

$ echo "hello" > myfile.txt

$ cat myfile.txt
hello
$ ls -l myfile.txt
-rw-rw-r--. 1 fedora fedora 6 Jun 25 03:42 myfile.txt
$ chmod 000 myfile.txt
$ ls -l myfile.txt
----------. 1 fedora fedora 6 Jun 25 03:42 myfile.txt
$ cat myfile.txt
cat: myfile.txt: Permission denied
$ chmod 600 myfile.txt
$ ls -l myfile.txt
-rw-------. 1 fedora fedora 6 Jun 25 03:42 myfile.txt
$ cat myfile.txt
hello

In the first line, we created a new file called myfile.txt using the echo command (we redirected the output of echo into
the file). Using the chmod 000 myfile.txt command, we removed the read/write permissions of the file, and as you can
see in the next line, even the owner of the file cannot read it. Setting the mode to 600 brings back read/write capability
to the owner of that particular file.
The executable permission bit is required for directory access, and also for any file you want to execute.

6.2 PATH variable

The PATH is a shell variable. When we type a command in the bash shell, it searches for the command in the directories
mentioned in the succeeding/sequential order, in the PATH variable. We can see the current PATH value using the echo
command.

$ echo $PATH
/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/fedora/.local/bin:/home/
˓→fedora/bin

The different directories are separated by :. To a search a particular command the shell will search in the following
sequential order -
• /usr/local/bin
• /usr/bin
• /usr/local/sbin
• /usr/sbin
• /home/fedora/.local/bin
• /home/fedora/bin
You can see the /home/fedora/bin directory is mentioned in the path. This means if we have that directory, and an
executable file is in there, we can use it as a normal command in our shell. We will see an example of this, later in the
book.

6.3 ~/.bash_profile file

~/.bash_profile is the configuration file for bash for the users who are allowed to login (via GUI or via ssh). On Fedora
systems this file also read configuration from the ~/.bashrc file.

34 Chapter 6. File permissions

 Linux command line for you and me Documentation, Release 0.1

# Get the aliases and functions

if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi

One can set environment variables, update $PATH or any other important variables, or commands to execute after
login using this file. But, remember to relogin or source the file (source ~/.bash_profile) after making the change.

6.4 .bashrc file

The ~/.bashrc is a special configuration file for your bash terminal used for the users who can not login via the standard
methods. These accounts will have nologin marked in the /etc/passwd file. For example:

mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin

You can define or delete or update environment variables and add commands to execute when a new interactive shell
opens up for the users who can not login.
For example, if want to add a new directory path to the PATH variable, then we can add the following line at the end
of the ~/.bashrc file.

export PATH=/mnt/myproject/bin:$PATH

After modifying the .bashrc file you will have to source it, or open a new tab in your terminal to see the change.

Important: To know more, read the man page of bash command.

6.5 /etc/profile file

This file is used to configure whenever a new login shell is created. This configures system wide, means if you add
any variable here, that will be available for all users who can login to the system.

6.6 which command

We use the which command, to find the exact path of the executable being used by a command in our shell.

$ which chmod
/usr/bin/chmod
$ which tree
/usr/bin/which: no tree in (/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/
˓→fedora/.local/bin:/home/fedora/bin)

The second example shows the output in case the which command cannot find the executable mentioned.

6.4. .bashrc file 35

Linux command line for you and me Documentation, Release 0.1

6.7 Use which command to see how $PATH variable works

$ asakj
bash: asakj: command not found...

$ which asakj
/usr/bin/which: no asakj in (/home/adas/.local/bin:/home/adas/bin:/home/adas/.cargo/
˓→bin:/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin)

There is no command as asakj. The shell searched for asakj in the directory as designated under the $PATH varible in
the .bashrc file and not found it - bash: asakj: command not found. . . Then with the which command we can actually
see how does that search work.

6.8 she-bang or sha-bang in executable files

she-bang or sha-bang is the first line in scripts; which starts with #! and then the path of the interpreter to be used for
the rest of the file. We will create a simple bash hello world script using the same, and then execute it.

$ vim hello.sh
$ chmod +x hello.sh
$ ./hello.sh
Hello World!

36 Chapter 6. File permissions

 CHAPTER 7

Processes in Linux

A process is a program (think about any Linux application) in a running state. It contains various details, like the
memory space the program needs, a process id, the files opened by the process, etc.

7.1 How to view all running processes?

The following command shows all the processes from your computer.

$ ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 215356 4984 ? Ss May29 0:28 /usr/lib/systemd/
˓→systemd --system --deserialize 19

root 2 0.0 0.0 0 0 ? S May29 0:00 [kthreadd]

root 4 0.0 0.0 0 0 ? S< May29 0:00 [kworker/0:0H]
root 6 0.0 0.0 0 0 ? S May29 0:11 [ksoftirqd/0]
root 7 0.0 0.0 0 0 ? S May29 8:27 [rcu_sched]
... long output

You can see that the output also tells you under which user the process is running, what the actual command being
used is, and the percentage of CPU and memory usage.
The PID column shows the process id; you can see that the systemd process has PID 1, which means it is the first
process to start in the system.

7.2 How to find a particular process?

Let’s say, I want to know the process id of the Firefox browser in my system. I can use the following command to find
that information.

37
Linux command line for you and me Documentation, Release 0.1

$ ps aux | grep firefox

kdas 26752 96.1 9.7 2770724 763436 ? Sl 16:16 0:35 /usr/lib64/firefox/
˓→firefox

kdas 26919 0.0 0.0 118520 980 pts/3 S+ 16:17 0:00 grep --color=auto
˓→firefox

Here, we are first running the ps command, and then passing the output of that to the next command using the |
character. In this case, as you see, grep is that second command. We can find and look for text using the grep tool. We
will learn more about grep in the future.

7.3 How to kill/stop a particular process?

We can kill/stop any process using the kill command. We found out, in the last example, that the id of the Firefox
process in my computer is 26752, we can use that id to kill it.

$ kill 26752

If there is no error message, you’ll find that Firefox has disappeared.

7.4 Finding out list of open files

lsof command will show list of all open files. The man page has more details about the different command line options
available.

7.5 Signals

Signals are a limited way to communicate to a process. You can think about them as notifications to a process,
and depending on the signal handler in the code, the process does something with that signal. The kill command
actually sends a signal to the given process id, the default signal is TERM, which says to terminate the process. To
directly/forcibly kill a process, you can send the KILL signal.

$ kill -9 26752

Here 9 is number representation of the KILL signal. To know more about Linux signals, read the man page.

$ man 7 signal

kill command also has a -l flag, which prints all of the signal names, and numbers on the screen.

$ kill -l
1) SIGHUP 2) SIGINT 3) SIGQUIT 4) SIGILL 5) SIGTRAP
6) SIGABRT 7) SIGBUS 8) SIGFPE 9) SIGKILL 10) SIGUSR1
11) SIGSEGV 12) SIGUSR2 13) SIGPIPE 14) SIGALRM 15) SIGTERM
16) SIGSTKFLT 17) SIGCHLD 18) SIGCONT 19) SIGSTOP 20) SIGTSTP
21) SIGTTIN 22) SIGTTOU 23) SIGURG 24) SIGXCPU 25) SIGXFSZ
26) SIGVTALRM 27) SIGPROF 28) SIGWINCH 29) SIGIO 30) SIGPWR
31) SIGSYS 34) SIGRTMIN 35) SIGRTMIN+1 36) SIGRTMIN+2 37) SIGRTMIN+3
38) SIGRTMIN+4 39) SIGRTMIN+5 40) SIGRTMIN+6 41) SIGRTMIN+7 42) SIGRTMIN+8
43) SIGRTMIN+9 44) SIGRTMIN+10 45) SIGRTMIN+11 46) SIGRTMIN+12 47) SIGRTMIN+13
48) SIGRTMIN+14 49) SIGRTMIN+15 50) SIGRTMAX-14 51) SIGRTMAX-13 52) SIGRTMAX-12
(continues on next page)

38 Chapter 7. Processes in Linux

 Linux command line for you and me Documentation, Release 0.1

(continued from previous page)

53) SIGRTMAX-11 54) SIGRTMAX-10 55) SIGRTMAX-9 56) SIGRTMAX-8 57) SIGRTMAX-7
58) SIGRTMAX-6 59) SIGRTMAX-5 60) SIGRTMAX-4 61) SIGRTMAX-3 62) SIGRTMAX-2
63) SIGRTMAX-1 64) SIGRTMAX

7.6 top command

top is a very useful command while using a Linux system. It’s a quick way to know about all the running processes in
the system, and their related status about CPU and memory usage in general. To get out of top, press the key q.

top - 17:37:28 up 24 days, 11:52, 2 users, load average: 0.57, 0.73, 0.75
Tasks: 372 total, 2 running, 370 sleeping, 0 stopped, 0 zombie
%Cpu(s): 11.6 us, 2.6 sy, 0.0 ni, 84.9 id, 0.1 wa, 0.3 hi, 0.5 si, 0.0 st
KiB Mem : 7858752 total, 1701052 free, 4444136 used, 1713564 buff/cache
KiB Swap: 3268604 total, 1558396 free, 1710208 used. 2431656 avail Mem

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND

28300 kdas 20 0 1502016 287340 44396 R 25.0 3.7 290:56.60 chrome
2668 kdas 9 -11 2067292 9756 7164 S 6.2 0.1 166:06.48 pulseaudio
15122 kdas 20 0 771844 33104 11352 S 6.2 0.4 39:24.60 gnome-terminal-
24760 kdas 20 0 1945840 209128 76952 S 6.2 2.7 1:41.15 code
27526 kdas 20 0 156076 4268 3516 R 6.2 0.1 0:00.01 top
1 root 20 0 215356 4880 3108 S 0.0 0.1 0:28.25 systemd
2 root 20 0 0 0 0 S 0.0 0.0 0:00.66 kthreadd
4 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kworker/0:0H
6 root 20 0 0 0 0 S 0.0 0.0 0:11.79 ksoftirqd/0
7 root 20 0 0 0 0 S 0.0 0.0 8:28.06 rcu_sched
... long output

By the way, feel free to press 1 and see if anything changes in the top command output.

7.7 Load average

If you look at the top output carefully, you will find load average mentioned. Actually, there are 3 numbers provided;
these are the load averages of the system in the last one minute, 5 minutes ago, and 15 minutes ago.

load average: 0.57, 0.73, 0.75

In simple words, load average means the average time any process has to wait to get access to the CPU (or other
resources), in idle state the load average is 0. This information is a quick way to learn about the system, if the system
is slow to respond, just looking at the load-average, and then the rest of the top output should be a good starting point.

7.8 htop tool

htop is a modern version of the top tool. It has many more features, interactiveness being the biggest amongst them.
htop does not come by default in most of the Linux installations, which means you will have to install it using the
system’s package management tool.
These are the ways to install it in Fedora and in Debian/Ubuntu

7.6. top command 39

Linux command line for you and me Documentation, Release 0.1

$ sudo dnf install htop -y

$ sudo apt-get install htop

To know more about htop, please read the man page.

$ man htop

7.9 More about Linux processes

You can learn more about Linux processes in the glibc manual. Use the info command to find out more.

$ info libc process

7.10 /proc directory

/proc is a special directory in our filesystem. This is a virtual filesystem which contains information about all the
running processes, and information about the hardware present in the system. You will find that the files in the virtual
filesystem are 0 in size.
Now we’ll learn about a few files inside this directory.

40 Chapter 7. Processes in Linux

 Linux command line for you and me Documentation, Release 0.1

7.11 /proc/cpuinfo

/proc/cpuinfo file has information about the CPU in your system. It includes the model number, and also the various
flags available in that particular CPU model.

7.12 /proc/cmdline

/proc/cmdline file has all the parameters passed to the kernel at the bootup time. The following is a cloud-based virtual
machine.

$ cat /proc/cmdline
BOOT_IMAGE=/boot/vmlinuz-4.8.6-300.fc25.x86_64 root=UUID=9be70055-35f2-4a57-b120-
˓→5a003dfdb504 ro no_timer_check console=tty1 console=ttyS0,115200n8 rhgb quiet

˓→console=ttyS1 LANG=en_US.UTF-8 initrd=/boot/initramfs-4.8.6-300.fc25.x86_64.img

7.13 /proc/meminfo

/proc/meminfo contains information related to the memory in the system. You can see the total amount RAM, the
available memory and other values there.

$ cat /proc/meminfo
MemTotal: 4046820 kB
MemFree: 2960568 kB
MemAvailable: 3696216 kB
Buffers: 53756 kB
Cached: 830052 kB
SwapCached: 0 kB
Active: 347216 kB
Inactive: 575692 kB
Active(anon): 39388 kB
Inactive(anon): 196 kB
Active(file): 307828 kB
Inactive(file): 575496 kB
Unevictable: 0 kB
Mlocked: 0 kB
SwapTotal: 0 kB
SwapFree: 0 kB
Dirty: 4 kB
Writeback: 0 kB
AnonPages: 39120 kB
Mapped: 42032 kB
Shmem: 488 kB
Slab: 141692 kB
SReclaimable: 114996 kB
SUnreclaim: 26696 kB
KernelStack: 1360 kB
PageTables: 2700 kB
NFS_Unstable: 0 kB
Bounce: 0 kB
WritebackTmp: 0 kB
CommitLimit: 2023408 kB
Committed_AS: 127752 kB
(continues on next page)

7.11. /proc/cpuinfo 41
Linux command line for you and me Documentation, Release 0.1

(continued from previous page)

VmallocTotal: 34359738367 kB
VmallocUsed: 0 kB
VmallocChunk: 0 kB
HardwareCorrupted: 0 kB
AnonHugePages: 0 kB
ShmemHugePages: 0 kB
ShmemPmdMapped: 0 kB
CmaTotal: 0 kB
CmaFree: 0 kB
HugePages_Total: 0
HugePages_Free: 0
HugePages_Rsvd: 0
HugePages_Surp: 0
Hugepagesize: 2048 kB
DirectMap4k: 61296 kB
DirectMap2M: 4132864 kB
DirectMap1G: 2097152 kB

7.14 /proc/uptime

$ cat /proc/uptime
52820.32 104802.84

The first value in this file shows the number of seconds the system is up. The second value is the total number of idle
seconds for each CPU, so for the modern systems, this value can be more than the first value.

7.15 /proc/sys/ & sysctl command

This directory is a special one for system administrators. This not only provides information, but also allows you to
quickly change (enable/disable) different kernel features.
We use the sysctl command to view or edit the values for /proc/sys/. If you want to see all the different settings, use
the following command.

$ sudo sysctl -a
[sudo] password for kdas:
abi.vsyscall32 = 1
crypto.fips_enabled = 0
debug.exception-trace = 1
debug.kprobes-optimization = 1
dev.cdrom.autoclose = 1
dev.cdrom.autoeject = 0
dev.cdrom.check_media = 0
dev.cdrom.debug = 0
dev.cdrom.info = CD-ROM information, Id: cdrom.c 3.20 2003/12/17
... long output

7.16 Enabling IP forward with sysctl

To enable IP forwarding to the VM(s), use the following command.

42 Chapter 7. Processes in Linux

 Linux command line for you and me Documentation, Release 0.1

$ sudo sysctl -w net.ipv4.ip_forward=1

To check the current value, use the following command.

$ sysctl net.ipv4.ip_forward

You can see the same value in the /proc/sys/net/ipv4/ip_forward file too.

$ cat /proc/sys/net/ipv4/ip_forward
1

To make the change permanent, write the following in the /etc/sysctl.conf file.

net.ipv4.ip_forward = 1

Then, enable the changes using the following command.

$ sudo sysctl -p /etc/sysctl.conf

7.16. Enabling IP forward with sysctl 43

Linux command line for you and me Documentation, Release 0.1

44 Chapter 7. Processes in Linux

 CHAPTER 8

Linux Services

This is also a chapter related to the systemd tool.

8.1 What is a service?

A service is a process or application which is running in the background, either doing some predefined task or waiting
for some event. If you remember our process chapter, we learned about systemd for the first time there. It is the first
process to run in our system; it then starts all the required processes and services. To know about how the system boots
up, read the bootup man page. Click here to read it online.

$ man bootup

8.2 What is a daemon?

Daemon is the actual term for those long-running background processes. A service actually consists of one or more
daemons.
Make sure that you don’t get confused between Daemons and Demons :) Here is a gem from Internet:

8.3 What is the init system?

If you look at Unix/Linux history, you will find the first process which starts up, is also known as init process. This
process used to start other processes by using the rc files from /etc/rc.d directory. In the modern Linux systems,
systemd has replaced the init system.

45
Linux command line for you and me Documentation, Release 0.1

8.4 Units in systemd

Units are a standardized way for the systemd to manage various parts of a system. There are different kinds of units,
.service is for system services, .path for path based ones. There is also .socket which are socket based systemd units.
There are various other types, we can learn about those later.

8.5 .service units in systemd

These are service units, which explains how to manage a particular service in the system. In our daily life, we generally
only have to work with these unit files.

8.6 How to find all the systemd units in the system?

$ systemctl
... long output
-.mount loaded active
˓→mounted /
boot.mount loaded active
˓→mounted /boot
dev-hugepages.mount loaded active
˓→mounted Huge Pages File System
dev-mqueue.mount loaded active
˓→mounted POSIX Message Queue File System
home.mount loaded active
˓→mounted /home
proc-fs-nfsd.mount loaded active
˓→mounted NFSD configuration filesystem
run-user-1000-doc.mount loaded active
˓→mounted /run/user/1000/doc
run-user-1000-gvfs.mount loaded active
˓→mounted /run/user/1000/gvfs
run-user-1000.mount loaded active
˓→mounted /run/user/1000
run-user-42.mount loaded active
˓→mounted /run/user/42
... long output

In the output of the systemctl command, you should be able to see all the different kinds of units in the system. If you
want to see only the service units, then use the following command.

46 Chapter 8. Linux Services

 Linux command line for you and me Documentation, Release 0.1

$ systemctl --type=service

8.7 Working with a particular service

Let us take the sshd.service as an example. The service controls the sshd daemon, which allows us to remotely login
to a system using the ssh command.
To know the current status of the service, I execute the following command.

$ sudo systemctl status sshd

sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; disabled; vendor preset:
˓→enabled)

Active: inactive (dead)

Docs: man:sshd(8)
man:sshd_config(5)

Jun 19 12:07:29 kdas-laptop sshd[19533]: Accepted password for kdas from 192.168.1.
˓→101 port 61361 ssh2

Jun 20 17:57:53 kdas-laptop sshd[30291]: Connection closed by 192.168.1.101 port

˓→63345 [preauth]

Jun 20 17:58:02 kdas-laptop sshd[30293]: Accepted password for kdas from 192.168.1.
˓→101 port 63351 ssh2

Jun 20 18:32:11 kdas-laptop sshd[31990]: Connection closed by 192.168.1.101 port

˓→64352 [preauth]

Jun 20 18:32:17 kdas-laptop sshd[32039]: Accepted password for kdas from 192.168.1.
˓→101 port 64355 ssh2

Jun 20 18:45:57 kdas-laptop sshd[32700]: Accepted password for kdas from 192.168.1.
˓→101 port 64824 ssh2

Jun 21 08:44:39 kdas-laptop sshd[15733]: Accepted password for kdas from 192.168.1.
˓→101 port 51574 ssh2

Jun 22 18:17:24 kdas-laptop systemd[1]: Stopping OpenSSH server daemon...

Jun 22 18:17:24 kdas-laptop sshd[20932]: Received signal 15; terminating.
Jun 22 18:17:24 kdas-laptop systemd[1]: Stopped OpenSSH server daemon.

To start the service, I’ll use the following command, and then I can use the status argument to the systemctl to check
the service status once again.

$ sudo systemctl start sshd

$ sudo systemctl status sshd
sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; disabled; vendor preset:
˓→enabled)

Active: active (running) since Thu 2017-06-22 18:19:28 IST; 1s ago

Docs: man:sshd(8)
man:sshd_config(5)
Main PID: 3673 (sshd)
Tasks: 1 (limit: 4915)
CGroup: /system.slice/sshd.service
3673 /usr/sbin/sshd -D

Jun 22 18:19:28 kdas-laptop systemd[1]: Starting OpenSSH server daemon...

Jun 22 18:19:28 kdas-laptop sshd[3673]: Server listening on 0.0.0.0 port 22.
Jun 22 18:19:28 kdas-laptop sshd[3673]: Server listening on :: port 22.
Jun 22 18:19:28 kdas-laptop systemd[1]: Started OpenSSH server daemon.

8.7. Working with a particular service 47

Linux command line for you and me Documentation, Release 0.1

In the same way, we can use either the stop or restart arguments to the systemctl command.

8.8 Enabling or disabling a service

Even if you start a service, you’ll find that after you reboot the computer, the service did not start at the time of boot
up. To do so, you will have to enable the service, or to stop a service from starting at boot, you will have to disable the
service.

$ sudo systemctl enable sshd.service

Created symlink /etc/systemd/system/multi-user.target.wants/sshd.service → /usr/lib/
˓→systemd/system/sshd.service.

$ sudo systemctl disable sshd.service

Removed /etc/systemd/system/multi-user.target.wants/sshd.service.

8.9 Shutdown or reboot the system using systemctl

We can also reboot or shutdown the system using the systemctl command.

$ sudo systemctl reboot

$ sudo systemctl shutdown

8.10 journalctl

systemd runs the systemd-journald.service, which stores logs in the journal from the different services maintained by
systemd. We use journalctl command to read these log entries from the journal. If you execute the command without
any arguments, it will show you all the log entries starting from the oldest in the journal. One needs to be root to be
able to use the journalctl command. Remember that systemd-journald stores all the logs in binary format, means you
can not just less the files and read them.
If you want any normal user to execute journalctl command, then add them into systemd-journal group.

8.11 Finding the logs of a service

We can use the journalctl command to find the log of a given service. The general format is journalctl -u service-
name”. Like below is the log for *sshd service.

$ sudo journalctl -u sshd

-- Logs begin at Thu 2017-06-22 14:16:45 UTC, end at Fri 2017-06-23 05:21:29 UTC. --
Jun 22 14:17:39 kushal-test.novalocal systemd[1]: Starting OpenSSH server daemon...
Jun 22 14:17:39 kushal-test.novalocal systemd[1]: sshd.service: PID file /var/run/
˓→sshd.pid not readable (yet?) after start: No such file or directory

Jun 22 14:17:39 kushal-test.novalocal sshd[827]: Server listening on 0.0.0.0 port 22.

Jun 22 14:17:39 kushal-test.novalocal sshd[827]: Server listening on :: port 22.
Jun 22 14:17:39 kushal-test.novalocal systemd[1]: Started OpenSSH server daemon.
Jun 22 14:22:08 kushal-test.novalocal sshd[863]: Accepted publickey for fedora from
˓→103.249.881.17 port 56124 ssh2: RSA SHA256:lvn4rIszmfB14PBQwh4k9C

Jun 22 14:29:24 kushal-test.novalocal systemd[1]: Stopping OpenSSH server daemon...

Jun 22 14:29:24 kushal-test.novalocal sshd[827]: Received signal 15; terminating.
(continues on next page)

48 Chapter 8. Linux Services

 Linux command line for you and me Documentation, Release 0.1

(continued from previous page)

Jun 22 14:29:24 kushal-test.novalocal systemd[1]: Stopped OpenSSH server daemon.
Jun 22 14:29:24 kushal-test.novalocal systemd[1]: Starting OpenSSH server daemon...
Jun 22 14:29:24 kushal-test.novalocal sshd[2164]: Server listening on 0.0.0.0 port 22.
Jun 22 14:29:24 kushal-test.novalocal sshd[2164]: Server listening on :: port 22.
Jun 22 14:29:24 kushal-test.novalocal systemd[1]: Started OpenSSH server daemon.
Jun 22 14:54:26 kushal-test.novalocal sshd[13522]: Invalid user from 139.162.122.110
˓→port 51012

Jun 22 14:54:26 kushal-test.novalocal sshd[13522]: input_userauth_request: invalid

˓→user [preauth]
Jun 22 14:54:26 kushal-test.novalocal sshd[13522]: Failed none for invalid user from
˓→139.162.122.110 port 51012 ssh2

Jun 22 14:54:26 kushal-test.novalocal sshd[13522]: Connection closed by 139.162.122.

˓→110 port 51012 [preauth]

Jun 22 15:15:29 kushal-test.novalocal sshd[13541]: Did not receive identification

˓→string from 5.153.62.226 port 48677

8.12 To view only the last N entries

You can use the -n argument to the journalctl command to view only the last N number of entries. For example, to
view the last 10 entries.

# journalctl -n 10

8.13 Continuous stream of logs

In case you want to monitor the logs of any service, that is keep reading the logs in real time, you can use -f flag with
the journalctl command.

$ sudo journalctl -f -u sshd

-- Logs begin at Thu 2017-06-22 14:16:45 UTC. --
Jun 23 03:39:09 kushal-test.novalocal sshd[14095]: Did not receive identification
˓→string from 158.85.81.118 port 10000

Jun 23 04:13:32 kushal-test.novalocal sshd[14109]: Received disconnect from 221.194.

˓→47.242 port 55028:11: [preauth]
Jun 23 04:13:32 kushal-test.novalocal sshd[14109]: Disconnected from 221.194.47.242
˓→port 55028 [preauth]

Jun 23 04:33:59 kushal-test.novalocal sshd[14115]: Received disconnect from 59.45.175.

˓→64 port 36248:11: [preauth]
Jun 23 04:36:53 kushal-test.novalocal sshd[14121]: Did not receive identification
˓→string from 82.193.122.22 port 58769

Jun 23 04:42:01 kushal-test.novalocal sshd[14123]: Received disconnect from 221.194.

˓→47.233 port 51797:11: [preauth]
Jun 23 04:42:01 kushal-test.novalocal sshd[14123]: Disconnected from 221.194.47.233
˓→port 51797 [preauth]

Jun 23 04:51:46 kushal-test.novalocal sshd[14130]: Did not receive identification

˓→string from 191.253.13.227 port 4668

Jun 23 05:05:16 kushal-test.novalocal sshd[14189]: Received disconnect from 59.45.175.

˓→88 port 33737:11: [preauth]
Jun 23 05:05:16 kushal-test.novalocal sshd[14189]: Disconnected from 59.45.175.88
˓→port 33737 [preauth]

I can see that someone was trying to break into this VM by trying random ports :)

8.12. To view only the last N entries 49

Linux command line for you and me Documentation, Release 0.1

8.14 Listing of previous boots

In systems like Fedora, journalctl by default keeps history from past boots. To know about all available boot history,
type the following command.

$ sudo journalctl --list-boots

[sudo] password for fedora:
-112 7a88e13a76434a1199f82ad90441ae7f Tue 2014-12-09 03:41:08 IST--Tue 2014-12-09
˓→03:41:08 IST

-111 b86086ed59b84b228e74f91ab08a66b3 Sun 2015-06-28 23:54:26 IST--Sun 2015-07-12

˓→07:27:48 IST

-110 71d3f6024f514653bfd2574243d096d1 Sun 2016-06-05 01:51:05 IST--Sun 2016-06-05

˓→01:51:16 IST

-109 b7721878a5144d009418cf269b5eea71 Fri 2016-08-19 19:47:57 IST--Sat 2016-08-20

˓→01:16:07 IST

-108 6102102fc7804379b888d83cea66838b Sat 2016-08-20 01:21:36 IST--Sun 2016-08-21

˓→00:05:38 IST

... long output

To know about any particular boot log, you can use the hash along with -b flag to the journalctl command.

$ sudo journalctl -b 7a88e13a76434a1199f82ad90441ae7f

-- Logs begin at Tue 2014-12-09 03:41:08 IST, end at Sat 2017-06-24 13:40:49 IST. --
Dec 09 03:41:08 localhost.localdomain systemd[1344]: Stopping Default.
Dec 09 03:41:08 localhost.localdomain systemd[1344]: Stopped target Default.
Dec 09 03:41:08 localhost.localdomain systemd[1344]: Starting Shutdown.
Dec 09 03:41:08 localhost.localdomain systemd[1344]: Reached target Shutdown.
Dec 09 03:41:08 localhost.localdomain systemd[1344]: Starting Exit the Session..

8.15 Time-based log viewing

We can also use journalctl to view logs for a certain time period. For example, if we want to see all the logs since
yesterday, we can use the following command.

$ sudo journalctl --since yesterday

[sudo] password for fedora:
-- Logs begin at Tue 2014-12-09 03:41:08 IST, end at Sat 2017-06-24 15:21:54 IST. --
Jun 23 00:00:00 kushal-test.novalocal /usr/libexec/gdm-x-session[28622]: (evolution-
˓→alarm-notify:11609): evolution-alarm-notify-WARNING **: alarm.c:253: Reques

Jun 23 00:01:01 kushal-test.novalocal CROND[22327]: (root) CMD (run-parts /etc/cron.

˓→hourly)

... long output

You can also use date time following YYYY-MM-DD HH:MM:SS format.

$ sudo journalctl --since "2015-11-10 14:00:00"

-- Logs begin at Tue 2014-12-09 03:41:08 IST, end at Sat 2017-06-24 15:25:30 IST. --
Jun 05 01:51:05 kushal-test.novalocal systemd[5674]: Reached target Timers.
Jun 05 01:51:05 kushal-test.novalocal systemd[5674]: Reached target Paths.
Jun 05 01:51:05 kushal-test.novalocal systemd[5674]: Starting D-Bus User Message Bus
˓→Socket.

Jun 05 01:51:05 kushal-test.novalocal systemd[5674]: Listening on D-Bus User Message

˓→Bus Socket.

Jun 05 01:51:05 kushal-test.novalocal systemd[5674]: Reached target Sockets.

(continues on next page)

50 Chapter 8. Linux Services

 Linux command line for you and me Documentation, Release 0.1

(continued from previous page)

Jun 05 01:51:05 kushal-test.novalocal systemd[5674]: Reached target Basic System.
Jun 05 01:51:05 kushal-test.novalocal systemd[5674]: Reached target Default.

8.16 Total size of the journal logs

Use the –disk-usage flag to find out total amount entries and archive can be stored. The following is the output from
an Ubuntu Focal (20.04) system.

# journalctl --disk-usage
Archived and active journals take up 56.0M in the file system.

8.17 Writing your own service file

In case you are developing a new service, or you want to run some script as a systemd service, you will have to write
a service file for the same.
For this example, we will add a new executable under /usr/sbin called myserver. We will use Python3’s builtin
http.server module to expose the current directory as a simple server.

#!/usr/bin/sh
python3 -m http.server 80

Note: Remember to use chmod command to mark the file as executable.

Next, we will create the actual service file, which is configuration file written in INI format.
Add the following to the /etc/systemd/system/myserver.service file.

[Unit]
Description=My Web Server
After=network.target

[Service]
Type=simple
WorkingDirectory=/web/amazing
ExecStart=/usr/sbin/myserver
Restart=always

[Install]
WantedBy=multi-user.target

Using ExecStart we are specifying which executable to use, we can even pass any command line argument to that. We
are also mentioning the directory this service will start. We are also saying in case of a failure, or unclean exit code, or
or on signal always restart the service. The service will also start after the network is up. We are also mentioning that
the service will have /web/amazing as the working directory. So, we should also create that. We also add an index.html
to the same directory for testing.

# mkdir -p /web/amazing
# echo "Hello from Python." > /web/amazing/index.html

8.16. Total size of the journal logs 51

Linux command line for you and me Documentation, Release 0.1

To understand the other options you will have to read two man pages,
• man systemd.service
• man systemd.unit.
After adding the service file, reload the daemons.

# systemctl daemon-reload

Unless you do this, systemd will complain to you that something changed, and you did not reloadl. Always remember
to reload after you make any changes to any systemd service files.
Now we can start and enable the service.

# systemctl enable myserver

# systemctl start myserver
# systemctl status myserver
myserver.service - My Web Server
Loaded: loaded (/etc/systemd/system/myserver.service; enabled; vendor preset:
˓→disabled)

Active: active (running) since Sat 2022-03-12 10:03:25 UTC; 1 day 3h ago
Main PID: 21019 (myserver)
Tasks: 2 (limit: 50586)
Memory: 9.6M
CGroup: /system.slice/myserver.service
21019 /usr/bin/sh /usr/sbin/myserver
21020 python3 -m http.server 80

Mar 12 10:03:25 selinux systemd[1]: Started My Web Server.

8.17.1 Verifying the service

We can verify that our new webservice is running properly via curl.

$ curl http://localhost/
Hello from Python.

52 Chapter 8. Linux Services