My Story
As a fresher DevOps engineer, I didn't start with production experience — I started with curiosity. Most of my first steps in Linux came from setting up small projects on my laptop and cloud free-tiers: spinning up an EC2 instance, SSH-ing into it, breaking things, and then figuring out how to fix them. Every "command not found" error, every "permission denied" taught me something new.
That's when it clicked for me: Linux isn't just an operating system, it's the foundation of DevOps and SRE. This guide is a collection of what I've learned so far — the exact concepts and commands that helped me go from "where do I even start?" to "I can confidently work on Linux in my DevOps journey."
1. What is Linux?
Linux is an open-source operating system kernel first released by Linus Torvalds in 1991. Over the years, it grew into a family of distributions (distros) such as Ubuntu, CentOS, Debian, and Amazon Linux.
Unlike Windows or macOS, Linux is:
- Free and open-source: anyone can inspect, modify, and distribute it.
- Stable and secure: runs most of the world's servers and cloud infrastructure.
- Lightweight and customizable: you only install what you need, no bloat.
💡 Fun fact: Over 90% of cloud servers and 100% of Kubernetes clusters run on Linux. If you're in DevOps/SRE, Linux isn't optional — it's the default.
2. Why Linux is Used in DevOps & SRE
So, why does every DevOps/SRE engineer swear by Linux?
- Runs the Cloud: All major cloud providers (AWS, GCP, Azure) use Linux-based images for VMs, containers, and managed services.
- Automation-Friendly: Tools like Ansible, Terraform, and Kubernetes integrate naturally with Linux.
- Security: Strong permission model and open-source review make it a security-first OS.
- Flexibility: From a Raspberry Pi to a 1000-node Kubernetes cluster, Linux scales everywhere.
- Ecosystem: Docker, Kubernetes, Jenkins, Prometheus — all cloud-native tooling runs best on Linux.
Example: When your AWS EC2 server is unresponsive, you'll likely SSH into a Linux box, check logs in /var/log/, restart services with systemctl, and debug with journalctl.
That's why Linux mastery = faster incident resolution.
3. Problems Linux Solves
What?
Before Linux, organizations relied on proprietary, closed-source operating systems (like Windows Server or Solaris) that were costly, less flexible, and not cloud-native.
Why?
Linux solves key problems that modern DevOps/SRE teams face:
- Vendor Lock-in: Proprietary OS meant paying high license fees. Linux is open-source and free.
- Scalability Issues: Old systems weren't built for cloud-native workloads; Linux scales effortlessly.
- Limited Automation: Windows had GUI-heavy operations; Linux enables automation with scripts and tools.
- Performance & Stability: Linux is lightweight, stable, and can run for months without a reboot.
- Community & Ecosystem: Thousands of engineers contribute, so bugs/security issues are fixed quickly.
Example: If your Kubernetes cluster runs 500 microservices, Linux ensures consistency across all nodes. Running that on a GUI-heavy OS would be inefficient, costly, and unstable.
4. Advantages (Why Linux is Loved in DevOps/SRE)
- Open Source & Free: No license fees, huge community support.
- Security: Strong permission and user model, SELinux, AppArmor.
- Stability & Reliability: Servers can run for years without downtime.
- Performance: Optimized for resource usage — perfect for cloud workloads.
- Customizability: Choose minimal distros for containers or full-featured ones for enterprise.
- Automation-First: Command-line interface is powerful and scriptable.
- Cloud-Native: All major cloud tools and orchestration platforms are Linux-first.
5. Disadvantages (Where Linux is Hard)
- Steep Learning Curve: For beginners, CLI feels overwhelming.
- Fragmentation: Many distros, slightly different commands (apt vs yum).
- Desktop Usage: Limited adoption in consumer laptops → less exposure before entering industry.
- Support Needs: Enterprise support often requires Red Hat/SUSE subscriptions.
💡 Tip for Juniors: Don't worry about mastering all distros. Focus on 1–2 (like Ubuntu + CentOS/RHEL) and build confidence.
5. Linux Distributions (Distros) for DevOps/SRE
What?
A Linux distribution (distro) is a version of Linux that includes the kernel, package managers, and tools. Each distro is tailored for different use cases.
Why?
Different distros are optimized for enterprise servers, cloud workloads, containers, or desktop usage. As a DevOps/SRE, you'll encounter multiple distros, so it’s important to know where each fits.
🔹 Common Distros & Their Use Cases
Example in Real Work:
- If you spin up an AWS EC2 instance, you'll often see Amazon Linux as default.
- If you work in an enterprise with strict compliance, they'll likely use RHEL.
- If you're practicing as a beginner, Ubuntu is the most friendly starting point.
📚 Files & Directories in Linux
What is a Filesystem?
A filesystem is how an operating system organizes and stores data on disk. In Linux, everything is a file — regular files, directories, devices, sockets, even processes.
Example:
-
/dev/sda→ your disk is treated like a file -
/proc/cpuinfo→ your CPU info is a file
Linux Directory Hierarchy
/ → Root directory (everything starts here)
├── bin/ → Essential user binaries
│ ├── ls # list files
│ ├── cp # copy files
│ └── mv # move/rename files
├── boot/ → Bootloader & kernel files
│ ├── vmlinuz # Linux kernel image
│ ├── initrd.img # initial RAM disk for boot
│ └── grub/ # GRUB bootloader configs
├── dev/ → Device files (hardware abstraction)
│ ├── sda # disk drives
│ ├── tty # terminals
│ └── null # null device
├── etc/ → System configuration files
│ ├── passwd # user accounts
│ ├── shadow # encrypted passwords
│ ├── group # group definitions
│ ├── ssh/ # SSH server configs
│ └── nginx/ # web server configs
├── home/ → Home directories for regular users
│ ├── alice/ # user alice's data
│ └── bob/ # user bob's data
├── lib/ → Shared libraries
│ ├── libpthread.so.0 # threading library
│ └── libm.so # math library
├── media/ → Mount points for removable media
│ └── usb/ # USB mount point
├── mnt/ → Temporary mount points
│ └── iso/ # mounted ISO images
├── opt/ → Optional/third-party software
│ └── docker/ # docker installation files
├── proc/ → Virtual filesystem for kernel & processes
│ ├── cpuinfo # CPU details
│ ├── meminfo # Memory details
│ └── 1234/ # process info (PID 1234)
├── root/ → Home directory for root user
├── sbin/ → System binaries (admin tasks)
│ ├── shutdown # shutdown server
│ ├── mount # mount/unmount filesystems
│ └── ifconfig # network configuration (older)
├── tmp/ → Temporary files (cleared on reboot)
├── usr/ → User programs & libraries
│ ├── bin/ # non-essential binaries
│ ├── lib/ # libraries
│ ├── include/ # header files for compilation
│ └── share/ # shared resources (docs, man pages)
└── var/ → Variable data
├── log/ # system logs
│ ├── syslog # general logs
│ └── auth.log # authentication logs
├── spool/ # mail & print queues
└── cache/ # cached data for apps
Explanation & Best Practices for Each Directory
-
/bin – Essential user commands
- Use: Commands every user needs, even in single-user mode.
-
Best practice: Don’t add custom binaries here; use
/usr/local/bin/instead.
-
/boot – Boot files
- Use: Kernel images, bootloader configs.
- Best practice: Only modify with caution. Backup configs before upgrading kernels.
-
/dev – Devices
-
Use: Represents hardware devices as files (e.g.,
/dev/sda). -
Best practice: Never edit these files directly; use tools like
mountorfdisk.
-
Use: Represents hardware devices as files (e.g.,
-
/etc – Configurations
- Use: Central place for system & application configs.
- Best practice: Backup before editing; version-control configs if possible.
-
/home – User data
- Use: Personal files, scripts, and workspace for users.
- Best practice: Limit sensitive data in home dirs; backup regularly.
-
/lib – Libraries
-
Use: Required by binaries in
/binand/sbin. - Best practice: Don’t manually delete libraries; use package managers.
-
Use: Required by binaries in
-
/media & /mnt – Mount points
- Use: Temporary or removable storage.
- Best practice: Unmount devices after use to avoid data corruption.
-
/opt – Optional software
- Use: Third-party software installations (Docker, Oracle, custom software).
-
Best practice: Install large apps here to avoid cluttering
/usr/bin.
-
/proc – Virtual filesystem
- Use: Access kernel and process info.
-
Best practice: Read-only; don’t try to write files here (except for tuning like
/proc/sys).
-
/root – Root home
- Use: Admin user workspace.
- Best practice: Don’t store scripts for multiple users here.
-
/sbin – System binaries
- Use: Commands for system administration.
-
Best practice: Use
sudoto run commands; don’t add personal scripts.
-
/tmp – Temporary files
- Use: Scratch files, temporary data for apps.
- Best practice: Avoid storing important data; auto-cleared on reboot.
-
/usr – User programs & resources
- Use: Non-essential binaries, libraries, documentation.
- Best practice: Don’t modify manually; use package managers.
-
/var – Variable data
- Use: Logs, caches, print/mail spools.
-
Best practice: Rotate logs regularly (
logrotate) and monitor disk usage (du/df).
Linux File & Directory Commands — DevOps/SRE Cheat Sheet
1. Create, Update, Delete Files
touch file.txt # Create an empty file
echo "Hello World" > file.txt # Create file with content (overwrite if exists)
echo "Append this line" >> file.txt # Append content to file
cat > newfile.txt # Create file and type content (Ctrl+D to save)
rm file.txt # Delete a file
rm -i file.txt # Delete with interactive prompt
2. Directories — Create, Delete, Navigate
mkdir mydir # Create directory
mkdir -p parent/child/grand # Create nested directories
rmdir emptydir # Remove empty directory
rm -rf mydir # Remove non-empty directory recursively
pwd # Print current directory
cd /path/to/dir # Change directory
cd ~ # Go to home directory
cd - # Go to previous directory
ls # List files in current directory
ls -l # List with detailed info (permissions, owner, size)
ls -a # List including hidden files
3. Copy, Move, Rename
cp file.txt /backup/ # Copy file to another location
cp -r mydir /backup/ # Copy directory recursively
mv file.txt newfile.txt # Rename a file
mv file.txt /new/path/ # Move file to new location
4. Permissions & Metadata
ls -l file.txt # Show permissions, owner, size, modification time
stat file.txt # Detailed metadata of file
chmod 644 file.txt # Set permissions (owner=r/w, group/others=r)
chmod +x script.sh # Make file executable
chown user:group file.txt # Change owner and group
umask # Show default permission mask
5. Disk Usage & Space
df -h # Show disk usage per filesystem (human-readable)
du -sh * # Show size of files/directories in current folder
du -sh /var/log/* # Find size of logs
du -ah /home/ubuntu/ | sort -rh | head -10 # Top 10 largest files/directories
6. Search Files & Content
find /var/log -name "*.log" # Find all .log files
find /home -type f -size +100M # Find files larger than 100MB
grep "error" file.txt # Search for "error" inside a file
grep -i "timeout" /etc/nginx/ -r # Recursive search, case-insensitive
grep "failed" /var/log/auth.log | awk '{print $1, $2, $5}' # Extract date & user
7. Archiving & Syncing
tar -czvf archive.tar.gz /path/to/dir # Compress directory into tar.gz
tar -xzvf archive.tar.gz -C /restore/ # Extract archive to target folder
rsync -av /source/ /destination/ # Sync directories recursively (preserve attributes)
rsync -av --dry-run /source/ /destination/ # Test sync without making changes
Linux Processes & Services
Processes
A process is any running program in Linux. Every command you execute, every script, and every daemon is a process.
Why it matters:
Processes consume CPU, memory, and other system resources. Monitoring them helps prevent crashes, high CPU usage, and memory leaks.
Services (Daemons)
A service is a long-running background process that provides a specific function, such as:
- Web server →
nginx - Database →
mysql - Monitoring agent →
prometheus
Why it matters:
Services ensure your applications, monitoring, and infrastructure run continuously without manual intervention.
1. Process Monitoring with ps
ps # List processes for current shell
ps -ef # Full list of all processes
ps aux # Alternative format showing user, CPU, memory
ps -u ubuntu # Show processes by user 'ubuntu'
Example:
Check if a service is running after a failure:
ps -ef | grep nginx
Helps identify if the process crashed or didn’t start.
2. Real-time Process Monitoring with top / htop
top # Interactive real-time process viewer
htop # Enhanced interactive view (if installed)
top -u ubuntu # Show processes for specific user
Example:
CPU spike alert: top shows which process is consuming CPU → investigate memory leaks or runaway processes.
3. Managing Process Priority (nice / renice)
nice -n 10 ./backup.sh # Start process with lower priority (10)
renice -n 5 -p 1234 # Change priority of PID 1234 to 5
Example:
During high-load on production, lower priority of non-critical scripts so main services remain responsive.
4. Tracing Process Calls (strace / ltrace)
strace -p 1234 # Trace system calls of PID 1234
strace -o output.log -p 1234 # Save trace output to file
ltrace ./app # Trace library calls of a binary
Example:
Identify why a program fails to open a file → strace shows "Permission denied" or missing library.
5. Service Management (systemctl / service)
systemctl status nginx # Check status of nginx service
systemctl start nginx # Start service
systemctl stop nginx # Stop service
systemctl restart nginx # Restart service
systemctl enable nginx # Enable service at boot
systemctl disable nginx # Disable service at boot
systemctl list-units --type=service # List all active services
Example:
After deployment, nginx not serving pages:
systemctl status nginx
journalctl -u nginx -b
Shows logs and reasons why it failed to start.
6. Log Analysis with journalctl
journalctl # View all system logs
journalctl -u nginx # Logs for specific service
journalctl -f # Follow logs in real-time (like tail -f)
journalctl --since "2 hours ago" # Logs from last 2 hours
journalctl -p err # Only show error-level logs
Example:
Troubleshooting system boot failures:
journalctl -b -p err
Displays errors only from the last boot.
Best Practices for Processes & Services
- Always check logs first with
journalctlbefore restarting services. - Use
systemctl enablefor critical services to auto-start after reboot. - Monitor resource usage (
top,htop) to detect runaway processes early. - Use
strace/ltracefor deep debugging only when necessary (CPU intensive). - Prioritize scripts with
niceto avoid disrupting production workloads.
Linux Networking — DevOps/SRE Cheat Sheet
1. What is Networking in Linux?
Networking is how computers and devices communicate over a network (LAN, WAN, or the Internet).
Linux networking involves:
- Interfaces (eth0, ens33, etc.)
- IP addresses
- Ports & protocols
- Routing tables
Why it matters for DevOps/SRE:
- Troubleshooting connectivity issues
- Monitoring network traffic and latency
- Ensuring services are reachable and secure
2. IP Address and Interface Management (ip)
ip addr show # Show all network interfaces and IP addresses
ip link show # Show interface details (up/down, MTU)
ip route show # Show routing table
ip addr add 192.168.1.10/24 dev eth0 # Assign IP to interface
ip link set eth0 up # Bring interface up
ip link set eth0 down # Bring interface down
Example:
ip addr show
Output shows your server's network interfaces and assigned IPs.
3. Socket Statistics (ss)
ss -tuln # Show listening TCP/UDP ports with numeric info
ss -s # Summary of socket connections
ss -p # Show process using each socket
Example:
ss -tuln
Shows which ports are open and which services are listening.
4. Legacy Network Connections (netstat)
netstat -tuln # Show active TCP/UDP ports (similar to ss)
netstat -rn # Show routing table
netstat -p # Show PID of processes using ports
Example:
netstat -tuln
Lists active ports and listening services.
5. Network Requests (curl)
curl http://example.com # Fetch HTTP response from URL
curl -I http://example.com # Show only HTTP headers
curl -v http://example.com # Verbose output with connection info
Example:
curl -I https://google.com
Checks HTTP headers to verify connectivity and response.
6. DNS Queries (dig / nslookup)
dig example.com # Get DNS records for domain
dig A example.com # Get A record (IP)
dig MX example.com # Get mail server records
nslookup example.com # Alternative to dig
Example:
dig google.com
Shows IP addresses and DNS info for Google.
7. Network Path Tracing (traceroute)
traceroute example.com # Trace path packets take to destination
traceroute -n example.com # Numeric IP only, skip DNS resolution
Example:
traceroute github.com
Shows each hop from your server to GitHub, useful for latency analysis.
8. Packet Capture (tcpdump)
tcpdump -i eth0 # Capture all packets on interface eth0
tcpdump -i eth0 port 80 # Capture HTTP traffic
tcpdump -i eth0 -nn # Numeric addresses, no DNS resolution
tcpdump -r capture.pcap # Read previously saved capture file
Example:
tcpdump -i eth0 port 22
Monitors SSH traffic for troubleshooting connection issues.
Linux Users, Groups & Permissions — DevOps/SRE Guide
Users
A user is any person or system entity that can log in to Linux.
Each user has:
- Username
- Password
- Home directory
- Permissions defining what they can access
Example: alice, root, ubuntu
Groups
A group is a collection of users.
Assigning permissions to groups simplifies access control.
Example: sudo, devops, docker
Permissions
Linux uses:
- Read (r)
- Write (w)
- Execute (x)
These are applied to:
- Owner
- Group
- Others
Why it matters for DevOps/SRE:
- Control access to sensitive files (
/etc,/var/log) - Ensure only authorized users run scripts or manage services
- Enforce security best practices via least privilege
1. User Management (useradd, adduser, usermod, userdel)
sudo useradd alice # Create new user 'alice'
sudo adduser alice # Alternative way to create 'alice'
sudo passwd alice # Set password for 'alice'
sudo usermod -aG sudo alice # Add 'alice' to 'sudo' group
sudo userdel -r olduser # Delete user 'olduser' and remove home dir
Example:
sudo useradd john
sudo passwd john
sudo usermod -aG docker john
Creates user
john, sets a password, and adds him to thedockergroup.
2. Group Management (groupadd, gpasswd, groups)
sudo groupadd devops # Create group 'devops'
sudo gpasswd -a alice devops # Add 'alice' to group
groups alice # Show groups 'alice' belongs to
sudo gpasswd -d alice devops # Remove 'alice' from group
Example:
sudo groupadd monitoring
sudo gpasswd -a john monitoring
groups john
Manages access for multiple users to shared resources (logs, scripts, etc.).
3. File & Directory Permissions (chmod, chown, chgrp)
ls -l file.txt # View permissions, owner, group
chmod 644 file.txt # rw-r--r-- → owner=read/write, others=read
chmod +x script.sh # Make script executable
chown alice:devops file.txt # Change owner to 'alice' and group to 'devops'
chgrp devops file.txt # Change only the group
umask 002 # Default permission mask for new files
Example:
chmod 755 /home/alice/scripts/deploy.sh
chown alice:devops /var/log/myapp.log
Ensures only authorized users can execute scripts or read/write logs.
4. Password Management (passwd, chage)
sudo passwd alice # Change password
sudo passwd -l alice # Lock user account
sudo passwd -u alice # Unlock user account
sudo chage -l alice # View password expiry
sudo chage -M 90 alice # Force password expiry every 90 days
Example:
sudo passwd -l john # Temporarily lock user
sudo chage -M 60 john # Force password rotation every 60 days
Helps maintain security best practices.
5. Sudo Access & Safety (sudoers)
sudo visudo # Edit sudoers safely
alice ALL=(ALL) NOPASSWD:ALL # Give 'alice' passwordless sudo
Best Practice:
- Always use
visudoto prevent syntax errors. - Limit sudo access to essential users only.
Best Practices for Users & Permissions
- Principle of Least Privilege: Only give users the access they need.
- Groups for Shared Access: Use groups instead of giving sudo/root access.
- Secure Sensitive Files: Limit access to logs, configs, and scripts.
- Use umask and chmod wisely: Ensure new files have proper permissions.
-
Audit regularly: Check
/etc/passwd,/etc/group,/etc/sudoersfor anomalies.
Logs in Linux — DevOps/SRE Guide
Logs are records of events, activities, or messages generated by the system, applications, and services. They help in:
- Monitoring system health
- Debugging issues
- Auditing actions
- Performing Root Cause Analysis (RCA)
Logs are essential for DevOps/SRE engineers to detect incidents, understand system behavior, and resolve problems quickly.
Linux stores logs in plain text files, making them easy to read, search, and process.
1. Systemd Logs — journalctl
journalctl is used to view logs managed by systemd (modern Linux systems).
journalctl -u nginx --since "1 hour ago" # Logs for nginx from last hour
journalctl -f # Follow logs in real-time
journalctl -b # Logs since last boot
journalctl -p err # Show only error-level logs
Example:
journalctl -u nginx --since "1 hour ago"
Displays logs for the nginx service from the last hour, useful for real-time debugging or checking recent service failures.
2. Traditional Log Files — /var/log
Linux stores logs in /var/log. Common logs include:
-
/var/log/syslog→ general system logs -
/var/log/messages→ important system messages -
/var/log/auth.log→ authentication logs -
/var/log/nginx/→ web server logs
Example commands:
less /var/log/syslog # Scroll through system logs
tail -f /var/log/nginx/access.log # Monitor nginx access logs in real-time
less→ scrollable output,tail -f→ real-time monitoring.
3. Log Rotation — logrotate
Problem: Logs grow over time and can fill up disk space.
Solution: logrotate automatically rotates, compresses, and deletes old logs.
Example /etc/logrotate.d/nginx snippet:
/var/log/nginx/*.log {
daily
rotate 14
compress
missingok
notifempty
create 0640 www-data adm
sharedscripts
postrotate
systemctl reload nginx
endscript
}
Rotates nginx logs daily, keeps 14 old copies, compresses them, and reloads the service after rotation.
4. Searching & Filtering Logs
Use grep pipelines to quickly find relevant entries:
grep -i error /var/log/app.log | less # Search "error" in logs
grep -i timeout /var/log/nginx/error.log # Search "timeout" in nginx error log
tail -f /var/log/syslog | grep CRON # Real-time monitoring for cron jobs
-
-i→ case-insensitive -
| less→ scrollable output
Combine
grep,awk,tailfor efficient log analysis.
Best Practices for Logs
- Centralize logs: Use ELK Stack (Elasticsearch, Logstash, Kibana) or Prometheus + Grafana.
- Rotate & compress logs: Save disk space and prevent storage issues.
-
Filter & analyze efficiently: Use
grep,awk, and pipelines. - Monitor critical logs in real-time: Detect incidents proactively.
Package Management & Updates — DevOps/SRE Guide
What is Package Management?
Package management is the process of installing, updating, removing, and maintaining software on a Linux system.
Linux uses package managers to automate software handling instead of manually downloading binaries.
Why it matters for DevOps/SRE:
- Keep servers up-to-date and secure
- Install essential tools and dependencies consistently
- Automate patching and deployments
1. Debian/Ubuntu — apt
sudo apt update # Update package index (repo info)
sudo apt upgrade # Upgrade all installed packages
sudo apt install nginx # Install a package (nginx web server)
sudo apt remove nginx # Remove package but keep config files
sudo apt purge nginx # Remove package + config files
sudo apt search docker # Search for a package
sudo apt show nginx # Show package details
Example:
sudo apt update
sudo apt install htop
Updates repo info and installs
htopfor process monitoring.
2. RHEL/CentOS/Fedora — yum / dnf
YUM: Traditional package manager
DNF: Newer, faster replacement in Fedora/RHEL 8+
Commands (YUM):
sudo yum update # Update all packages
sudo yum install httpd # Install Apache web server
sudo yum remove httpd # Remove Apache
sudo yum search nginx # Search for a package
sudo yum info nginx # Show package info
Commands (DNF):
sudo dnf update # Update all packages
sudo dnf install nginx # Install nginx
sudo dnf remove nginx # Remove nginx
sudo dnf list installed # List all installed packages
sudo dnf repoquery nginx # Show package info from repo
Example:
sudo dnf install git
sudo dnf remove nano
Installs Git and removes nano editor.
3. Unattended / Automatic Updates
Automatically patches the system without manual intervention — critical for production security.
Ubuntu/Debian:
sudo apt install unattended-upgrades
sudo dpkg-reconfigure --priority=low unattended-upgrades
Configures automatic security updates.
RHEL/CentOS/Fedora:
sudo yum install yum-cron
sudo systemctl enable --now yum-cron
Enables automatic updates in the background.
Best Practices for Package Management
- Always update package index before installing:
sudo apt update
sudo dnf check-update
- Prioritize security updates on production servers.
- Automate package updates for multiple servers (Ansible, Puppet, or scripts).
- Keep a record of installed packages for auditing:
dpkg --get-selections > packages_list.txt # Debian/Ubuntu
rpm -qa > packages_list.txt # RHEL/CentOS
- Test updates in staging before production to avoid downtime.
Linux Fundamentals Guide for DevOps/SRE is complete, covering:
- Linux Overview & File System
- File & Directory Commands
- Processes & Services
- Networking Commands
- Users, Groups & Permissions
- Logs
- Package Management & Updates
Top comments (0)