Linux CLI & System Fundamentals
How Linux actually works under the hood — filesystem layout, permissions, processes, piping, and signals. Each section has an interactive widget so you can see the concepts in action.
The filesystem hierarchy
Everything in Linux is a file — including devices, sockets, and kernel state. The Filesystem Hierarchy Standard (FHS) defines where things live. Click any directory below to learn what it contains.
One subtlety: /proc and /sys are virtual filesystems. Nothing is stored on disk — the kernel generates the content on the fly when you read from them. cat /proc/cpuinfo does not read a file; it asks the kernel to describe the CPU.
# Real examples — try these in your terminal
cat /proc/uptime # seconds since boot
cat /proc/meminfo # live memory stats
ls /proc/$$ # inspect your own shell process
cat /sys/class/net/eth0/speed # NIC link speed in MbpsFile permissions
Every file has a 9-bit permission mask split across three groups: owner, group, and other. Each group gets three bits — read, write, execute. Toggle the bits below to build a permission mask.
The execute bit on a directory means something different: it controls whether you can cd into it or traverse its path. A directory with r but no x lets you list names, but not access them.
ls -la /etc/passwd
# -rw-r--r-- 1 root root 2847 Apr 3 09:21 /etc/passwd
# ^ ^ ^
# │ │ └── other: r only (world-readable)
# │ └───── group: r only
# └──────── owner: rw (root can write)
chmod 755 script.sh # rwxr-xr-x — owner full, others read+exec
chmod 600 ~/.ssh/id_rsa # rw------- — private key, owner only
chown www-data:www-data /var/www/html # change owner and groupsetuid, setgid, sticky bit
Three special bits live above the normal nine. setuid on an executable runs it as the file's owner (how sudo gains root). setgid on a directory makes new files inherit the directory's group. The sticky bit on a directory prevents users from deleting files they don't own — that's why /tmp is 1777.
ls -la /usr/bin/sudo
# ---s--x--x 1 root root — setuid: runs as root regardless of caller
ls -la /tmp
# drwxrwxrwt — the 't' at the end is the sticky bitPiping & redirection
The pipe | connects stdout of one process to stdin of the next. Data flows left to right through a chain of single-purpose tools. Click each stage below to see what the data looks like at that point.
Redirection sends or receives streams to/from files rather than other processes.
| Operator | Meaning | Example |
|---|---|---|
> | Redirect stdout (overwrite) | ls > out.txt |
>> | Redirect stdout (append) | echo hi >> log.txt |
2> | Redirect stderr | cmd 2> err.log |
2>&1 | Merge stderr into stdout | cmd > all.log 2>&1 |
< | Redirect stdin from file | sort < names.txt |
tee | Split stdout to file and pipe | cmd | tee out.txt | wc -l |
Processes & signals
Every running program is a process with a unique PID. Processes form a tree rooted at init (PID 1). The kernel communicates with processes by sending signals — asynchronous notifications that interrupt normal execution.
Signals
Click a signal to see what it does and when to use it.
# Useful process commands
ps aux # snapshot of all processes
ps aux | grep nginx # find a specific process
top # live process monitor (q to quit)
htop # nicer version of top
kill -15 <pid> # ask nicely (SIGTERM) — default
kill -9 <pid> # force kill (SIGKILL) — last resort
kill -1 <pid> # reload config (SIGHUP)
killall nginx # kill all processes named nginx
# Background jobs
./long-script.sh & # run in background
jobs # list background jobs
fg %1 # bring job 1 to foreground
Ctrl+Z # suspend foreground process → SIGTSTP
bg %1 # resume suspended job in backgroundUsers & groups
/etc/passwd stores user account info. Despite the name, passwords have not been stored here since the 1980s — they moved to /etc/shadow (readable only by root). Click each field in the entry below to understand the format.
# User management
whoami # your current username
id # uid, gid, and group memberships
groups # list your groups
useradd -m -s /bin/bash alice # create user with home dir
passwd alice # set password
usermod -aG sudo alice # add alice to sudo group
userdel -r alice # delete user and home directory
# Privilege escalation
sudo command # run one command as root
sudo -i # open root shell (use sparingly)
su - alice # switch to user aliceHow sudo works
sudo is a setuid binary owned by root. When you run it, it executes as root regardless of who called it. It checks /etc/sudoers to decide whether your user is allowed to run the requested command, then either runs it or refuses. The sudoers file is edited with visudo — which validates syntax before saving, preventing you from locking yourself out.
# /etc/sudoers examples
alice ALL=(ALL:ALL) ALL # full sudo access
bob ALL=(ALL) NOPASSWD: /sbin/reboot # passwordless reboot only
%developers ALL=(ALL) /usr/bin/docker # group: docker onlyPackage management
Different distros use different package managers, but they all do the same thing: download software from repositories, resolve dependencies, and install/remove files in the right places.
| Distro family | Manager | Install | Remove | Search |
|---|---|---|---|---|
| Debian / Ubuntu | apt | apt install pkg | apt remove pkg | apt search pkg |
| Fedora / RHEL | dnf | dnf install pkg | dnf remove pkg | dnf search pkg |
| Arch | pacman | pacman -S pkg | pacman -R pkg | pacman -Ss pkg |
| Alpine | apk | apk add pkg | apk del pkg | apk search pkg |
# What happens when you run: apt install nginx
1. apt reads /etc/apt/sources.list for repository URLs
2. Downloads package metadata (if cache is stale)
3. Resolves dependency graph — pulls everything nginx needs
4. Downloads .deb packages to /var/cache/apt/archives/
5. Unpacks files into the filesystem
6. Runs post-install scripts (creates system user, sets up service)
7. Updates /var/lib/dpkg/status — the installed packages database