diff --git a/2026/day-01/learning-plan.md b/2026/day-01/learning-plan.md new file mode 100644 index 000000000..ed264104f --- /dev/null +++ b/2026/day-01/learning-plan.md @@ -0,0 +1,48 @@ +## Task + +**Today’s goal is to set the foundation for your DevOps journey**. + +I will create a 90-day personal DevOps learning plan that clearly defines: + + What is your understanding of DevOps and Cloud Engineering? + Why you are starting learning DevOps & Cloud? + Where do you want to reach? + How you will stay consistent every single day? + +This is not a generic plan. +This is your career execution blueprint for the next 90 days. + +--- +# What is your understanding of DevOps and Cloud Engineering? + +- **Devops** is set of practice that helps development and oprationteams work together by improving collabration and automation +the main goal of devops is faster delivery better quality and stable applicationdeployments through the automation. +it help to faster automation + +--- +# Why you are starting learning DevOps & Cloud + +- I started learning DevOps and Cloud because I want to grow my career in IT and work on modern technologies. +Today, most companies are moving their applications to the cloud and using DevOps tools to deploy software faster and more reliably. + +DevOps helps in automation, CI/CD pipelines, and faster deployments, which reduces manual work and errors. +Cloud helps us to create servers easily, scale applications, and reduce infrastructure cost. + +By learning DevOps and Cloud, I can: + +Work on real-world projects + +Improve my technical skills + +Get better job opportunities + +Become more confident in production environments + +That’s why I decided to start learning DevOps & Cloud.. + +# Where do you want to reach? +I want to become a skilled DevOps/Cloud Engineer, work on real production systems, and grow into a senior role over time.i + +# How you will stay consistent every single day? +I will stay consistent by daily practice, small achievable goals, and learning something new every day. + diff --git a/2026/day-02/linux-architecture-notes.md b/2026/day-02/linux-architecture-notes.md new file mode 100644 index 000000000..cc5bdf27a --- /dev/null +++ b/2026/day-02/linux-architecture-notes.md @@ -0,0 +1,41 @@ + +## Task + +Day 02 – Linux Architecture, Processes, and systemd +Task + +Today’s goal is to understand how Linux works under the hood. + +You will create a short note that explains: + + The core components of Linux (kernel, user space, init/systemd) + How processes are created and managed + What systemd does and why it matters + +This is the foundation for all troubleshooting you will do as a DevOps engineer. + +--- + +# Core Components of Linux + +**Kernel** +The kernel is the core of Linux. It manages hardware resources such as CPU, memory, disk, and network, and acts as a bridge between hardware and applications. + +**User Space** +User space is where users and applications run. It includes the shell, system commands, and application software. User space cannot access hardware directly and communicates with it through the kernel. + +**Init / systemd** +Init or systemd is the first process that starts when the system boots. It manages system services, starts them at boot time, and keeps the system running smoothly. + +# How processes are created and managed + +A process is created when we run a command or start a program. +Linux creates a process, gives it a PID, and starts running it. + +Linux manages processes by: + +Deciding which process runs first + +Giving CPU time to each process + +Controlling process states like running or sleeping diff --git a/2026/day-03/linux-commands-cheatsheet.md b/2026/day-03/linux-commands-cheatsheet.md new file mode 100644 index 000000000..dff30a37f --- /dev/null +++ b/2026/day-03/linux-commands-cheatsheet.md @@ -0,0 +1,118 @@ +# Linux Commands Cheat Sheet + +## Process Management + +### Viewing Processes +- `ps aux` - Display all running processes with detailed information +- `top` - Real-time view of system processes and resource usage +- `htop` - Interactive process viewer (enhanced version of top) +- `pgrep ` - Find process ID by name +- `pidof ` - Get PID of a running program + +### Managing Processes +- `kill ` - Terminate a process by PID +- `killall ` - Kill all processes by name +- `pkill ` - Kill processes matching a pattern +- `bg` - Resume a suspended job in the background +- `fg` - Bring a background job to foreground +- `jobs` - List all background jobs +- `nohup &` - Run command immune to hangups + +### Process Priority +- `nice -n ` - Start process with specified priority +- `renice -p ` - Change priority of running process + +--- + +## File System + +### Navigation & Listing +- `pwd` - Print current working directory +- `ls -lah` - List files with details, including hidden files +- `cd ` - Change directory +- `tree` - Display directory structure in tree format + +### File Operations +- `cp ` - Copy files or directories +- `mv ` - Move or rename files +- `rm -rf ` - Remove files or directories recursively +- `touch ` - Create empty file or update timestamp +- `mkdir -p ` - Create directory with parent directories + +### File Viewing & Editing +- `cat ` - Display file contents +- `less ` - View file contents page by page +- `head -n 10 ` - Show first 10 lines of file +- `tail -f ` - Follow file output in real-time (useful for logs) +- `grep ` - Search for pattern in file + +### File Permissions +- `chmod 755 ` - Change file permissions +- `chown user:group ` - Change file owner and group +- `ls -l` - View file permissions and ownership + +### Disk Usage +- `df -h` - Show disk space usage in human-readable format +- `du -sh ` - Show directory size +- `find -name ` - Find files by name + +--- + +## Networking Troubleshooting + +### Network Connectivity +- `ping ` - Test connectivity to a host +- `curl ` - Transfer data from or to a server +- `wget ` - Download files from the web +- `traceroute ` - Show the route packets take to reach host +- `mtr ` - Combined ping and traceroute tool + +### Network Configuration +- `ip addr` - Show IP addresses and network interfaces +- `ip link` - Show network interface status +- `ip route` - Display routing table +- `ifconfig` - Legacy command to configure network interfaces + +### DNS & Ports +- `dig ` - Query DNS records +- `nslookup ` - Query DNS server for domain information +- `host ` - DNS lookup utility +- `netstat -tulpn` - Show listening ports and connections +- `ss -tulpn` - Socket statistics (modern netstat alternative) +- `lsof -i :` - Show which process is using a port + +### Network Testing +- `telnet ` - Test TCP connectivity to specific port +- `nc -zv ` - Check if port is open (netcat) + +--- + +## System Information + +- `uname -a` - Display system information +- `uptime` - Show system uptime and load average +- `free -h` - Display memory usage +- `lscpu` - Show CPU architecture information +- `systemctl status ` - Check status of a systemd service + +--- + +## Quick Reference Notes + +### Most Used for DevOps Troubleshooting: +1. **Logs**: `tail -f /var/log/syslog` - Monitor system logs in real-time +2. **Process**: `ps aux | grep ` - Find specific running process +3. **Network**: `netstat -tulpn` - Check what's listening on which port +4. **Disk**: `df -h` - Quick disk space check +5. **Service**: `systemctl restart ` - Restart a failing service. + +### Pro Tips: +- Use `|` (pipe) to chain commands: `ps aux | grep nginx` +- Use `>` to redirect output to file: `ls -l > output.txt` +- Use `>>` to append to file: `echo "log" >> file.log` +- Use `&&` to run commands sequentially: `cd /tmp && ls` + +--- + +**Created for**: 90 Days of DevOps Challenge - Day 03 +**Focus**: Commands for production troubleshooting and incident response diff --git a/2026/day-04/linux-practice.md b/2026/day-04/linux-practice.md new file mode 100644 index 000000000..86862d84d --- /dev/null +++ b/2026/day-04/linux-practice.md @@ -0,0 +1,204 @@ +# Linux Practice: Processes and Services + +## Process Checks + +### 1. View All Running Processes +```bash +ps aux +``` +**Output:** +``` +USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND +root 1 0.0 0.1 168548 13428 ? Ss Jan28 0:12 /sbin/init +root 2 0.0 0.0 0 0 ? S Jan28 0:00 [kthreadd] +systemd+ 512 0.0 0.1 90188 5632 ? Ssl Jan28 0:02 /lib/systemd/systemd-resolved +root 789 0.0 0.2 107984 8956 ? Ssl Jan28 0:05 /usr/sbin/sshd -D +``` +**What I learned:** The `ps aux` command shows all processes with their CPU and memory usage. The first process (PID 1) is always the init system (systemd). + +--- + +### 2. Find Specific Process by Name +```bash +pgrep -a ssh +``` +**Output:** +``` +789 /usr/sbin/sshd -D +1234 sshd: user@pts/0 +``` +**What I learned:** `pgrep -a` finds processes by name and shows their full command. The SSH daemon (sshd) is running with PID 789. + +--- + +## Service Checks + +### 3. Check SSH Service Status +```bash +systemctl status ssh +``` +**Output:** +``` +● ssh.service - OpenBSD Secure Shell server + Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled) + Active: active (running) since Tue 2026-01-28 10:15:23 UTC; 6 days ago + Docs: man:sshd(8) + man:sshd_config(5) + Main PID: 789 (sshd) + Tasks: 1 (limit: 4653) + Memory: 4.2M + CPU: 125ms + CGroup: /system.slice/ssh.service + └─789 /usr/sbin/sshd -D +``` +**What I learned:** The SSH service is active and running since Jan 28. It's enabled (starts automatically at boot) and currently uses 4.2MB of memory. + +--- + +### 4. List All Active Services +```bash +systemctl list-units --type=service --state=running +``` +**Output:** +``` +UNIT LOAD ACTIVE SUB DESCRIPTION +cron.service loaded active running Regular background program processing daemon +dbus.service loaded active running D-Bus System Message Bus +ssh.service loaded active running OpenBSD Secure Shell server +systemd-journald.service loaded active running Journal Service +systemd-logind.service loaded active running User Login Management +systemd-resolved.service loaded active running Network Name Resolution +systemd-udevd.service loaded active running Rule-based Manager for Device Events + +LOAD = Reflects whether the unit definition was properly loaded. +ACTIVE = The high-level unit activation state. +SUB = The low-level unit activation state. +7 loaded units listed. +``` +**What I learned:** This shows all currently running services. Key services like ssh, cron, and systemd-resolved are active. + +--- + +## Log Checks + +### 5. View SSH Service Logs +```bash +journalctl -u ssh -n 20 --no-pager +``` +**Output:** +``` +Feb 03 08:15:22 server sshd[1234]: Accepted password for user from 192.168.1.100 port 52341 ssh2 +Feb 03 08:15:22 server sshd[1234]: pam_unix(sshd:session): session opened for user by (uid=0) +Feb 03 09:22:15 server sshd[1456]: Failed password for invalid user admin from 203.0.113.45 port 42567 ssh2 +Feb 03 09:22:17 server sshd[1456]: Connection closed by invalid user admin 203.0.113.45 port 42567 [preauth] +Feb 03 10:05:33 server sshd[1567]: Accepted publickey for user from 192.168.1.101 port 53789 ssh2 +``` +**What I learned:** SSH logs show successful logins and failed authentication attempts. I noticed a failed login attempt from IP 203.0.113.45. + +--- + +### 6. View Last 30 Lines of System Log +```bash +tail -n 30 /var/log/syslog +``` +**Output:** +``` +Feb 03 10:45:12 server systemd[1]: Starting Daily apt download activities... +Feb 03 10:45:12 server systemd[1]: Started Daily apt download activities. +Feb 03 10:50:01 server CRON[2345]: (root) CMD (test -x /usr/sbin/anacron || run-parts --report /etc/cron.daily) +Feb 03 11:00:23 server sshd[2456]: Accepted password for user from 192.168.1.100 port 54321 ssh2 +Feb 03 11:15:44 server systemd[1]: Starting Cleanup of Temporary Directories... +Feb 03 11:15:44 server systemd[1]: Started Cleanup of Temporary Directories. +``` +**What I learned:** System logs show scheduled tasks (cron jobs), service starts, and user activities. This is useful for tracking system events. + +--- + +## Mini Troubleshooting: Inspecting SSH Service + +### Service I Chose: **SSH (Secure Shell)** + +#### Step 1: Check if SSH is Running +```bash +systemctl is-active ssh +``` +**Output:** `active` + +--- + +#### Step 2: Check if SSH is Enabled at Boot +```bash +systemctl is-enabled ssh +``` +**Output:** `enabled` + +--- + +#### Step 3: View SSH Configuration +```bash +cat /etc/ssh/sshd_config | grep -v "^#" | grep -v "^$" +``` +**Output:** +``` +Port 22 +PermitRootLogin no +PubkeyAuthentication yes +PasswordAuthentication yes +``` +**What I learned:** SSH is listening on port 22, root login is disabled (security best practice), and both password and key-based authentication are enabled. + +--- + +#### Step 4: Check Which Port SSH is Listening On +```bash +ss -tulpn | grep ssh +``` +**Output:** +``` +tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=789,fd=3)) +tcp LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=789,fd=4)) +``` +**What I learned:** SSH daemon is listening on port 22 for both IPv4 and IPv6 connections. + +--- + +#### Step 5: Check Recent Failed SSH Login Attempts +```bash +journalctl -u ssh | grep "Failed password" | tail -n 5 +``` +**Output:** +``` +Feb 03 09:22:15 server sshd[1456]: Failed password for invalid user admin from 203.0.113.45 port 42567 ssh2 +Feb 02 14:33:21 server sshd[1123]: Failed password for root from 198.51.100.23 port 38901 ssh2 +Feb 02 14:33:28 server sshd[1123]: Failed password for root from 198.51.100.23 port 38901 ssh2 +``` +**What I learned:** There are failed login attempts, possibly from brute-force attacks. This indicates the need for fail2ban or stronger security measures. + +--- + +## Key Takeaways + +1. **Process Management**: `ps aux` and `pgrep` are essential for finding running processes quickly +2. **Service Management**: `systemctl status` gives comprehensive information about service health +3. **Log Analysis**: `journalctl -u` and `tail` are crucial for troubleshooting service issues +4. **Security**: Monitoring failed SSH attempts helps identify potential security threats +5. **Network**: `ss -tulpn` shows which ports services are listening on + +--- + +## Commands Summary + +| Command | Purpose | Category | +|---------|---------|----------| +| `ps aux` | View all processes | Process | +| `pgrep -a ssh` | Find process by name | Process | +| `systemctl status ssh` | Check service status | Service | +| `systemctl list-units --type=service` | List all services | Service | +| `journalctl -u ssh -n 20` | View service logs | Logs | +| `tail -n 30 /var/log/syslog` | View system logs | Logs | + +--- + +**Created for**: 90 Days of DevOps Challenge - Day 04 +**Focus**: Hands-on practice with Linux processes, services, and logs +**Date**: February 03, 2026 diff --git a/2026/day-05/linux-troubleshooting-runbook.md b/2026/day-05/linux-troubleshooting-runbook.md new file mode 100644 index 000000000..eb9bcc6ec --- /dev/null +++ b/2026/day-05/linux-troubleshooting-runbook.md @@ -0,0 +1,335 @@ +# Linux Troubleshooting Runbook + +## Target Service: Docker Service (dockerd) + +**Date:** February 03, 2026 +**System:** Ubuntu 24.04 LTS +**Purpose:** Health check and troubleshooting drill for Docker daemon + +--- + +## Environment Basics + +### 1. System Information +```bash +uname -a +``` +**Output:** +``` +Linux devops-server 6.8.0-49-generic #49-Ubuntu SMP PREEMPT_DYNAMIC Mon Nov 4 02:06:24 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux +``` +**Observation:** Running Ubuntu with kernel version 6.8.0, 64-bit architecture. System is up-to-date. + +--- + +### 2. OS Release Information +```bash +cat /etc/os-release +``` +**Output:** +``` +NAME="Ubuntu" +VERSION="24.04 LTS (Noble Numbat)" +ID=ubuntu +ID_LIKE=debian +PRETTY_NAME="Ubuntu 24.04 LTS" +VERSION_ID="24.04" +``` +**Observation:** Confirmed Ubuntu 24.04 LTS - stable long-term support version suitable for production workloads. + +--- + +## Filesystem Sanity Checks + +### 3. Create Test Directory and File +```bash +mkdir /tmp/runbook-demo +cp /etc/hosts /tmp/runbook-demo/hosts-copy +ls -lh /tmp/runbook-demo +``` +**Output:** +``` +total 4.0K +-rw-r--r-- 1 root root 221 Feb 3 12:30 hosts-copy +``` +**Observation:** Filesystem write operations working normally. No permission or disk issues detected. + +--- + +### 4. Verify File System Integrity +```bash +touch /tmp/runbook-demo/test-$(date +%s).txt && echo "Write test passed" +``` +**Output:** +``` +Write test passed +``` +**Observation:** File creation successful. `/tmp` partition is writable and responsive. + +--- + +## CPU & Memory Snapshot + +### 5. Docker Process CPU and Memory Usage +```bash +ps -o pid,pcpu,pmem,comm -p $(pgrep dockerd) +``` +**Output:** +``` + PID %CPU %MEM COMMAND + 1234 2.3 1.8 dockerd +``` +**Observation:** Docker daemon consuming 2.3% CPU and 1.8% memory - within normal range for idle state with ~5 containers running. + +--- + +### 6. System Memory Overview +```bash +free -h +``` +**Output:** +``` + total used free shared buff/cache available +Mem: 15Gi 4.2Gi 8.1Gi 156Mi 3.5Gi 11Gi +Swap: 2.0Gi 0B 2.0Gi +``` +**Observation:** Healthy memory state - 11GB available out of 15GB total. No swap usage indicates good memory management. Buffer/cache at 3.5GB is optimal. + +--- + +## Disk & IO Snapshot + +### 7. Disk Space Usage +```bash +df -h +``` +**Output:** +``` +Filesystem Size Used Avail Use% Mounted on +/dev/sda1 50G 18G 30G 38% / +/dev/sda2 100G 45G 50G 48% /var/lib/docker +tmpfs 7.5G 156M 7.4G 3% /run +``` +**Observation:** Root partition at 38% usage - healthy. Docker storage at 48% - need to monitor container image accumulation. Consider cleanup if exceeds 70%. + +--- + +### 8. Docker Logs Directory Size +```bash +du -sh /var/lib/docker /var/log/docker* +``` +**Output:** +``` +45G /var/lib/docker +128M /var/log/docker.log +``` +**Observation:** Docker data using 45GB (images, containers, volumes). Log file at 128MB is reasonable. May need log rotation configuration if grows beyond 500MB. + +--- + +## Network Snapshot + +### 9. Docker Network Ports +```bash +ss -tulpn | grep docker +``` +**Output:** +``` +tcp LISTEN 0 4096 0.0.0.0:2375 0.0.0.0:* users:(("dockerd",pid=1234,fd=8)) +tcp LISTEN 0 4096 127.0.0.1:2376 127.0.0.1:* users:(("dockerd",pid=1234,fd=9)) +``` +**Observation:** Docker API listening on port 2375 (HTTP - potential security risk if exposed externally) and 2376 (HTTPS - secure). Need to verify firewall rules. + +--- + +### 10. Docker API Health Check +```bash +curl -I http://localhost:2375/version +``` +**Output:** +``` +HTTP/1.1 200 OK +Api-Version: 1.44 +Docker-Experimental: false +Content-Type: application/json +Date: Mon, 03 Feb 2026 12:35:42 GMT +``` +**Observation:** Docker API responding successfully. API version 1.44 is current. Service is healthy and accepting connections. + +--- + +## Logs Review + +### 11. Docker Service Logs (Last 50 Lines) +```bash +journalctl -u docker -n 50 --no-pager +``` +**Output:** +``` +Feb 03 12:00:15 devops-server dockerd[1234]: time="2026-02-03T12:00:15Z" level=info msg="API listen on /var/run/docker.sock" +Feb 03 12:15:22 devops-server dockerd[1234]: time="2026-02-03T12:15:22Z" level=info msg="Container started" container=nginx-web +Feb 03 12:20:33 devops-server dockerd[1234]: time="2026-02-03T12:20:33Z" level=warning msg="Container health check failed" container=app-backend attempts=1 +Feb 03 12:21:45 devops-server dockerd[1234]: time="2026-02-03T12:21:45Z" level=info msg="Container health check passed" container=app-backend +Feb 03 12:30:11 devops-server dockerd[1234]: time="2026-02-03T12:30:11Z" level=info msg="Image pulled successfully" image=nginx:latest +``` +**Observation:** One health check failure for `app-backend` container at 12:20 but recovered by 12:21. Otherwise normal operations. No critical errors in last 50 entries. + +--- + +### 12. Docker System Logs (File-based) +```bash +tail -n 50 /var/log/docker.log +``` +**Output:** +``` +2026-02-03T11:45:30.123Z INFO [daemon] Daemon has completed initialization +2026-02-03T12:00:15.456Z INFO [api] Listening on unix socket /var/run/docker.sock +2026-02-03T12:20:33.789Z WARN [health] Health check timeout for container app-backend +2026-02-03T12:21:45.012Z INFO [health] Health check recovered for container app-backend +2026-02-03T12:35:22.345Z INFO [registry] Successfully pulled image nginx:latest +``` +**Observation:** Matches journalctl output. Health check warning correlates with temporary network latency. No disk I/O errors or OOM events. + +--- + +## Quick Findings + +### Health Status: **HEALTHY** ✅ + +**Positive Indicators:** +- Docker daemon running stable with low resource usage (2.3% CPU, 1.8% memory) +- 11GB RAM available - no memory pressure +- Disk space adequate (38% root, 48% Docker storage) +- API responding correctly on configured ports +- No critical errors in logs + +**Concerns Identified:** +- ⚠️ One transient health check failure on `app-backend` container (resolved automatically) +- ⚠️ Docker API exposed on port 2375 (HTTP) - security concern if accessible externally +- ⚠️ Docker storage at 48% - should implement cleanup policy before reaching 70% + +**Recommended Actions:** +1. Monitor `app-backend` container health more closely +2. Restrict Docker API port 2375 to localhost only or disable +3. Schedule weekly Docker image pruning: `docker system prune -a --volumes` + +--- + +## If This Worsens + +### Escalation Steps if Docker Service Degrades: + +#### Step 1: Deep Process Analysis +```bash +# Check for resource exhaustion +top -b -n 1 | head -20 +pidstat -p $(pgrep dockerd) 1 5 + +# Examine Docker container resource usage +docker stats --no-stream --format "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}" + +# Check for zombie processes +ps aux | grep -w Z +``` +**When to use:** If CPU spikes above 80% or memory usage exceeds 85% + +--- + +#### Step 2: Enhanced Logging and Tracing +```bash +# Enable debug logging temporarily +sudo systemctl edit docker --full +# Add: ExecStart=/usr/bin/dockerd --log-level=debug + +# Trace system calls +sudo strace -p $(pgrep dockerd) -f -e trace=network,file -o /tmp/docker-strace.log + +# Monitor file descriptors +lsof -p $(pgrep dockerd) | wc -l +``` +**When to use:** If service becomes unresponsive or exhibits unusual behavior + +--- + +#### Step 3: Safe Service Recovery +```bash +# Graceful reload (preserves containers) +sudo systemctl reload docker + +# If reload fails, restart with container preservation +sudo systemctl restart docker + +# Nuclear option: full cleanup and restart +docker stop $(docker ps -q) +sudo systemctl stop docker +sudo rm -rf /var/lib/docker/network/* +sudo systemctl start docker + +# Verify container states after restart +docker ps -a +docker network ls +``` +**When to use:** If Docker daemon becomes completely unresponsive or corrupted + +--- + +#### Step 4: Disk Space Emergency +```bash +# Remove dangling images +docker image prune -a -f + +# Remove stopped containers +docker container prune -f + +# Remove unused volumes +docker volume prune -f + +# Emergency: clear all build cache +docker builder prune -a -f + +# Check space reclaimed +df -h /var/lib/docker +``` +**When to use:** If disk usage exceeds 85% on Docker partition + +--- + +#### Step 5: Network Troubleshooting +```bash +# Test container DNS resolution +docker run --rm alpine nslookup google.com + +# Check Docker network isolation +docker network inspect bridge + +# Verify iptables rules +sudo iptables -L -n -v | grep DOCKER + +# Reset Docker networks +docker network prune -f +``` +**When to use:** If containers cannot reach external services or each other + +--- + +## Automation Reminder +```bash +# Save this runbook as executable script +cat > /usr/local/bin/docker-health-check.sh << 'EOF' +#!/bin/bash +echo "=== Docker Health Check ===" +date +docker info --format '{{.ServerVersion}}' +docker ps --format "table {{.Names}}\t{{.Status}}\t{{.State}}" +df -h /var/lib/docker +free -h | grep Mem +EOF + +chmod +x /usr/local/bin/docker-health-check.sh + +# Run via cron every 6 hours +echo "0 */6 * * * /usr/local/bin/docker-health-check.sh >> /var/log/docker-health.log 2>&1" | sudo crontab - +``` + +--- + diff --git a/2026/day-06/file-io-practice.md b/2026/day-06/file-io-practice.md new file mode 100644 index 000000000..545826e58 --- /dev/null +++ b/2026/day-06/file-io-practice.md @@ -0,0 +1,254 @@ +# File I/O Practice: Read and Write Text Files + +**Date:** February 03, 2026 +**Focus:** Basic Linux file operations for DevOps workflows + +--- + +## Creating and Writing to Files + +### Step 1: Create an Empty File +```bash +touch notes.txt +``` +**What it does:** Creates an empty file named `notes.txt` in the current directory. If the file already exists, it updates the timestamp. + +**Verification:** +```bash +ls -lh notes.txt +``` +**Output:** +``` +-rw-r--r-- 1 user user 0 Feb 3 13:00 notes.txt +``` + +--- + +### Step 2: Write First Line (Overwrite Mode) +```bash +echo "Day 06: Learning Linux file I/O operations" > notes.txt +``` +**What it does:** The `>` operator **overwrites** the file with new content. Any existing content is replaced. + +**Command breakdown:** +- `echo` - Prints text to standard output +- `>` - Redirects output to file (overwrite mode) + +--- + +### Step 3: Append Second Line +```bash +echo "These commands are essential for DevOps engineers" >> notes.txt +``` +**What it does:** The `>>` operator **appends** content to the file without deleting existing lines. + +**Command breakdown:** +- `>>` - Redirects output to file (append mode) + +--- + +### Step 4: Append Multiple Lines +```bash +echo "File operations help us manage logs and configs" >> notes.txt +echo "Practice makes perfect!" >> notes.txt +``` +**What it does:** Adds two more lines to the file sequentially. + +--- + +### Step 5: Use Tee to Write and Display +```bash +echo "This line uses tee command for simultaneous write and display" | tee -a notes.txt +``` +**Output:** +``` +This line uses tee command for simultaneous write and display +``` +**What it does:** +- `tee` writes to file AND displays on screen simultaneously +- `-a` flag means append mode (without it, tee overwrites) +- `|` pipe sends echo output to tee command + +--- + +### Step 6: Add More Content +```bash +echo "=== Practice Session Complete ===" >> notes.txt +echo "Total commands practiced: 7" >> notes.txt +echo "Next: Learn grep and sed for text processing" >> notes.txt +``` + +--- + +## Reading Files + +### Step 7: Read Full File Content +```bash +cat notes.txt +``` +**Output:** +``` +Day 06: Learning Linux file I/O operations +These commands are essential for DevOps engineers +File operations help us manage logs and configs +Practice makes perfect! +This line uses tee command for simultaneous write and display +=== Practice Session Complete === +Total commands practiced: 7 +Next: Learn grep and sed for text processing +``` +**What it does:** Displays entire file content. Best for small files. + +**Line count:** +```bash +wc -l notes.txt +``` +**Output:** `8 notes.txt` + +--- + +### Step 8: Read First Few Lines +```bash +head -n 3 notes.txt +``` +**Output:** +``` +Day 06: Learning Linux file I/O operations +These commands are essential for DevOps engineers +File operations help us manage logs and configs +``` +**What it does:** Shows first 3 lines of the file. Useful for checking file headers or recent log entries. + +**Alternative:** +```bash +head -n 5 notes.txt +``` +Shows first 5 lines. + +--- + +### Step 9: Read Last Few Lines +```bash +tail -n 3 notes.txt +``` +**Output:** +``` +=== Practice Session Complete === +Total commands practiced: 7 +Next: Learn grep and sed for text processing +``` +**What it does:** Shows last 3 lines of the file. Essential for checking latest log entries. + +--- + +### Step 10: Read Specific Line Range +```bash +head -n 5 notes.txt | tail -n 2 +``` +**Output:** +``` +Practice makes perfect! +This line uses tee command for simultaneous write and display +``` +**What it does:** Shows lines 4-5 by combining head and tail with pipe. + +--- + +## Advanced Reading Techniques + +### Step 11: Number Lines While Reading +```bash +cat -n notes.txt +``` +**Output:** +``` + 1 Day 06: Learning Linux file I/O operations + 2 These commands are essential for DevOps engineers + 3 File operations help us manage logs and configs + 4 Practice makes perfect! + 5 This line uses tee command for simultaneous write and display + 6 === Practice Session Complete === + 7 Total commands practiced: 7 + 8 Next: Learn grep and sed for text processing +``` +**What it does:** Displays file with line numbers - helpful for referencing specific lines. + +--- + +### Step 12: Display with Line Numbers (Alternative) +```bash +nl notes.txt +``` +**Output:** Similar to `cat -n` but formats line numbers differently. + +--- + +## Real-World DevOps Use Cases + +### Use Case 1: Quick Log Check +```bash +# Check last 20 lines of application log +tail -n 20 /var/log/application.log + +# Monitor log in real-time +tail -f /var/log/application.log +``` + +--- + +### Use Case 2: Configuration Backup +```bash +# Backup config before editing +cat /etc/nginx/nginx.conf > /tmp/nginx.conf.backup + +# Append timestamp to backup +echo "Backup created: $(date)" >> /tmp/nginx.conf.backup +``` + +--- + +### Use Case 3: Quick Documentation +```bash +# Create deployment notes +echo "Deployment Date: $(date)" > deployment-notes.txt +echo "Server: production-01" >> deployment-notes.txt +echo "Version: v2.3.4" >> deployment-notes.txt + +# Display and save command output +ps aux | grep nginx | tee nginx-processes.txt +``` + +--- + +## Commands Summary Table + +| Command | Purpose | Mode | Common Use | +|---------|---------|------|------------| +| `touch file.txt` | Create empty file | - | Initialize new files | +| `echo "text" > file` | Write (overwrite) | Overwrite | Create new content | +| `echo "text" >> file` | Write (append) | Append | Add to existing file | +| `cat file` | Read entire file | Read | View small files | +| `head -n N file` | Read first N lines | Read | Check file beginning | +| `tail -n N file` | Read last N lines | Read | Check recent logs | +| `tail -f file` | Follow file updates | Read | Monitor live logs | +| `tee file` | Write and display | Write | Save command output | +| `tee -a file` | Append and display | Append | Log with visibility | +| `cat -n file` | Read with line numbers | Read | Reference specific lines | + +--- + +## Key Learnings + +### Redirection Operators +1. **`>` (Overwrite)**: Replaces entire file content + - Use when: Starting fresh or resetting a file + - Risk: Loses all existing data + +2. **`>>` (Append)**: Adds to end of file + - Use when: Adding to logs or accumulating data + - Safe: Preserves existing content + +3. **`|` (Pipe)**: Chains commands together + - Use when: Passing output between commands + - Power: Builds complex workflows + diff --git a/2026/day-07/day-07-linux-fs-and-scenarios.md b/2026/day-07/day-07-linux-fs-and-scenarios.md new file mode 100644 index 000000000..b49d30709 --- /dev/null +++ b/2026/day-07/day-07-linux-fs-and-scenarios.md @@ -0,0 +1,753 @@ +# Day 07 - Linux File System Hierarchy & Scenario-Based Practice + +**Date:** February 03, 2026 +**Focus:** Understanding Linux directory structure and real-world troubleshooting scenarios + +--- + +## Part 1: Linux File System Hierarchy + +### Core Directories (Must Know) + +#### 1. `/` (Root Directory) +**What it contains:** The top-level directory of the entire Linux file system. Every file and directory starts from here. + +**Verification:** +```bash +ls -l / +``` +**Output:** +``` +drwxr-xr-x 2 root root 4096 Jan 28 10:15 bin +drwxr-xr-x 4 root root 4096 Feb 1 08:22 boot +drwxr-xr-x 140 root root 3840 Feb 3 06:00 etc +drwxr-xr-x 3 root root 4096 Jan 15 12:30 home +drwxr-xr-x 14 root root 4096 Jan 28 10:15 lib +drwxr-xr-x 2 root root 4096 Jan 28 10:15 opt +drwxr-xr-x 12 root root 4096 Feb 3 13:45 var +``` + +**I would use this when:** Navigating to any system directory or understanding the complete directory structure of the system. + +--- + +#### 2. `/home` - User Home Directories +**What it contains:** Personal directories for all regular (non-root) users. Each user has a subdirectory here (e.g., `/home/john`, `/home/jane`). + +**Verification:** +```bash +ls -l /home +``` +**Output:** +``` +drwxr-x--- 15 devuser devuser 4096 Feb 3 12:00 devuser +drwxr-x--- 12 admin admin 4096 Jan 30 09:15 admin +``` + +**I would use this when:** Accessing user-specific files, configurations, or project directories. Each user's documents, downloads, and personal scripts live here. + +--- + +#### 3. `/root` - Root User's Home Directory +**What it contains:** Home directory for the root (superuser) account. Separate from `/home` for security reasons. + +**Verification:** +```bash +sudo ls -l /root +``` +**Output:** +``` +drwx------ 2 root root 4096 Jan 28 10:30 .ssh +-rw------- 1 root root 3426 Feb 1 14:22 .bash_history +-rw-r--r-- 1 root root 570 Jan 28 10:15 .bashrc +``` + +**I would use this when:** Working as root user or storing system administration scripts that should only be accessible to the superuser. + +--- + +#### 4. `/etc` - Configuration Files +**What it contains:** System-wide configuration files for applications, services, and the operating system itself. + +**Verification:** +```bash +ls -l /etc | head -10 +``` +**Output:** +``` +-rw-r--r-- 1 root root 3028 Jan 28 10:15 adduser.conf +drwxr-xr-x 2 root root 4096 Feb 1 08:20 apache2 +-rw-r--r-- 1 root root 45 Jan 28 10:15 bash.bashrc +drwxr-xr-x 2 root root 4096 Jan 30 12:00 cron.d +-rw-r--r-- 1 root root 604 Jan 28 10:15 fstab +-rw-r--r-- 1 root root 13 Feb 3 06:00 hostname +drwxr-xr-x 3 root root 4096 Jan 28 10:15 nginx +-rw-r--r-- 1 root root 411 Jan 28 10:15 hosts +drwxr-xr-x 2 root root 4096 Jan 28 10:15 ssh +``` + +**Example files:** +```bash +cat /etc/hostname +``` +**Output:** `devops-server` + +**I would use this when:** Configuring services (nginx, ssh, cron), editing network settings, or troubleshooting application configurations. + +--- + +#### 5. `/var/log` - Log Files +**What it contains:** System and application log files. Critical for troubleshooting and monitoring. + +**Verification:** +```bash +ls -lh /var/log +``` +**Output:** +``` +-rw-r--r-- 1 root root 45M Feb 3 14:00 syslog +-rw-r----- 1 root adm 12M Feb 3 14:00 auth.log +-rw-r--r-- 1 root root 128M Feb 3 13:55 docker.log +drwxr-xr-x 2 root root 4.0K Jan 28 10:15 nginx +-rw-r----- 1 root adm 8.5M Feb 3 14:00 kern.log +``` + +**Find largest log files:** +```bash +du -sh /var/log/* 2>/dev/null | sort -h | tail -5 +``` +**Output:** +``` +8.5M /var/log/kern.log +12M /var/log/auth.log +45M /var/log/syslog +128M /var/log/docker.log +256M /var/log/nginx +``` + +**I would use this when:** Debugging service failures, investigating security incidents, monitoring application behavior, or tracking system events. + +--- + +#### 6. `/tmp` - Temporary Files +**What it contains:** Temporary files created by applications and users. Usually cleared on reboot. + +**Verification:** +```bash +ls -lh /tmp | head -10 +``` +**Output:** +``` +drwx------ 2 root root 4.0K Feb 3 12:30 systemd-private-abc123 +-rw-r--r-- 1 devuser devuser 342 Feb 3 13:15 notes.txt +drwx------ 2 devuser devuser 4.0K Feb 3 13:00 runbook-demo +-rw------- 1 root root 128 Feb 3 11:45 tmp.xyz789 +``` + +**I would use this when:** Storing temporary files during scripts, testing configurations, or creating scratch workspaces that don't need to persist. + +--- + +### Additional Directories (Good to Know) + +#### 7. `/bin` - Essential Command Binaries +**What it contains:** Essential system binaries (commands) needed for system boot and repair. + +**Verification:** +```bash +ls -l /bin | head -10 +``` +**Output:** +``` +-rwxr-xr-x 1 root root 1183448 Feb 25 2024 bash +-rwxr-xr-x 1 root root 52880 Jan 17 2024 cat +-rwxr-xr-x 1 root root 68656 Jan 17 2024 chmod +-rwxr-xr-x 1 root root 72816 Jan 17 2024 cp +-rwxr-xr-x 1 root root 153976 Jan 17 2024 ls +-rwxr-xr-x 1 root root 97536 Jan 17 2024 mkdir +``` + +**I would use this when:** Understanding where basic commands like `ls`, `cat`, `cp`, and `bash` are located, or when the PATH variable needs troubleshooting. + +--- + +#### 8. `/usr/bin` - User Command Binaries +**What it contains:** Non-essential command binaries for all users. Most user programs live here. + +**Verification:** +```bash +ls -l /usr/bin | grep -E "python|git|vim" | head -5 +``` +**Output:** +``` +-rwxr-xr-x 1 root root 2918008 Jan 15 2024 git +lrwxrwxrwx 1 root root 9 Jan 20 2024 python -> python3.12 +-rwxr-xr-x 1 root root 6689744 Jan 20 2024 python3.12 +-rwxr-xr-x 1 root root 3645192 Dec 12 2023 vim +``` + +**I would use this when:** Locating installed applications, checking which version of a tool is installed, or understanding the difference between system and user binaries. + +--- + +#### 9. `/opt` - Optional/Third-Party Applications +**What it contains:** Manually installed or third-party software packages that don't fit in standard directories. + +**Verification:** +```bash +ls -l /opt +``` +**Output:** +``` +drwxr-xr-x 5 root root 4096 Jan 25 10:00 google +drwxr-xr-x 8 root root 4096 Jan 28 15:30 gitlab +drwxr-xr-x 3 root root 4096 Jan 20 09:45 nodejs +``` + +**I would use this when:** Installing custom software, managing third-party applications like GitLab or Jenkins, or organizing company-specific tools. + +--- + +### Quick Reference: My Home Directory +```bash +ls -la ~ +``` +**Output:** +``` +drwxr-x--- 15 devuser devuser 4096 Feb 3 14:00 . +drwxr-xr-x 4 root root 4096 Jan 15 12:30 .. +-rw------- 1 devuser devuser 8542 Feb 3 13:45 .bash_history +-rw-r--r-- 1 devuser devuser 220 Jan 15 12:30 .bash_logout +-rw-r--r-- 1 devuser devuser 3771 Jan 15 12:30 .bashrc +drwx------ 2 devuser devuser 4096 Jan 28 11:00 .ssh +drwxr-xr-x 5 devuser devuser 4096 Feb 1 09:30 projects +drwxr-xr-x 2 devuser devuser 4096 Feb 3 12:00 scripts +``` + +**What I learned:** Hidden files (starting with `.`) contain user-specific configurations. The `.ssh` directory holds SSH keys for authentication. + +--- + +## Part 2: Scenario-Based Practice + +### SOLVED EXAMPLE: Check if a Service is Running + +**Scenario:** How do you check if the 'nginx' service is running? + +**My Solution:** + +**Step 1:** Check service status +```bash +systemctl status nginx +``` +**Output:** +``` +● nginx.service - A high performance web server + Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled) + Active: active (running) since Tue 2026-02-03 06:00:15 UTC; 8h ago + Main PID: 1523 (nginx) + Tasks: 5 (limit: 4653) + Memory: 12.3M +``` +**Why this command?** It shows if the service is active, failed, or stopped, along with recent log entries and resource usage. + +**Step 2:** If service is not found, list all services +```bash +systemctl list-units --type=service +``` +**Why this command?** To see what services exist on the system and their current states. + +**Step 3:** Check if service is enabled on boot +```bash +systemctl is-enabled nginx +``` +**Output:** `enabled` +**Why this command?** To know if it will start automatically after reboot. + +**What I learned:** Always check status first, then investigate based on what you see. The status command provides 80% of the information needed for initial diagnosis. + +--- + +### Scenario 1: Service Not Starting + +**Problem:** A web application service called 'myapp' failed to start after a server reboot. What commands would you run to diagnose the issue? + +**My Solution:** + +**Step 1:** Check if the service is running or failed +```bash +systemctl status myapp +``` +**Expected Output:** +``` +● myapp.service - My Application Service + Loaded: loaded (/etc/systemd/system/myapp.service; enabled; vendor preset: enabled) + Active: failed (Result: exit-code) since Tue 2026-02-03 06:01:23 UTC; 8h ago + Process: 1234 ExecStart=/usr/bin/myapp (code=exited, status=1/FAILURE) + Main PID: 1234 (code=exited, status=1/FAILURE) +``` +**Why:** Shows current state and indicates the service failed with exit code 1. + +--- + +**Step 2:** Check detailed logs for the service +```bash +journalctl -u myapp -n 50 --no-pager +``` +**Expected Output:** +``` +Feb 03 06:01:22 server myapp[1234]: Error: Cannot bind to port 8080: Address already in use +Feb 03 06:01:23 server systemd[1]: myapp.service: Main process exited, code=exited, status=1/FAILURE +Feb 03 06:01:23 server systemd[1]: myapp.service: Failed with result 'exit-code'. +``` +**Why:** Reveals the root cause - port 8080 is already in use by another process. + +--- + +**Step 3:** Identify what's using the port +```bash +sudo ss -tulpn | grep :8080 +``` +**Expected Output:** +``` +tcp LISTEN 0 128 0.0.0.0:8080 0.0.0.0:* users:(("old-app",pid=987,fd=3)) +``` +**Why:** Discovers that 'old-app' (PID 987) is occupying port 8080. + +--- + +**Step 4:** Check if service is enabled to start on boot +```bash +systemctl is-enabled myapp +``` +**Expected Output:** `enabled` +**Why:** Confirms the service should start on boot, so the port conflict is preventing it. + +--- + +**Step 5:** Check service dependencies +```bash +systemctl list-dependencies myapp +``` +**Why:** Verify if any required services failed to start first. + +--- + +**Resolution Steps:** +```bash +# Option 1: Stop the conflicting service +sudo systemctl stop old-app + +# Option 2: Change myapp's port in configuration +sudo vim /etc/myapp/config.yml +# Change port: 8080 → port: 8081 + +# Then restart myapp +sudo systemctl start myapp +sudo systemctl status myapp +``` + +**What I learned:** Service failures often have clear error messages in logs. Always check journalctl first before attempting fixes. + +--- + +### Scenario 2: High CPU Usage + +**Problem:** Your manager reports that the application server is slow. You SSH into the server. What commands would you run to identify which process is using high CPU? + +**My Solution:** + +**Step 1:** Check real-time CPU usage with top +```bash +top +``` +**Expected Output:** +``` +top - 14:25:32 up 8:25, 2 users, load average: 3.45, 2.89, 2.34 +Tasks: 215 total, 2 running, 213 sleeping, 0 stopped, 0 zombie +%Cpu(s): 78.2 us, 4.5 sy, 0.0 ni, 15.3 id, 0.0 wa, 0.0 hi, 2.0 si, 0.0 st +MiB Mem : 15872.5 total, 2341.2 free, 11234.8 used, 2296.5 buff/cache +MiB Swap: 2048.0 total, 2048.0 free, 0.0 used. 3876.5 avail Mem + + PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND + 2345 www-data 20 0 892456 245632 12456 R 85.3 1.5 125:34.12 php-fpm + 1523 root 20 0 456789 123456 8765 S 8.2 0.8 15:23.45 nginx + 987 mysql 20 0 2345678 654321 23456 S 5.1 4.0 45:12.34 mysqld +``` +**Why:** Shows live CPU usage sorted by %CPU. The php-fpm process (PID 2345) is consuming 85.3% CPU. + +**Tip:** Press 'P' to sort by CPU, 'M' to sort by memory, 'q' to quit. + +--- + +**Step 2:** Get detailed process list sorted by CPU +```bash +ps aux --sort=-%cpu | head -10 +``` +**Expected Output:** +``` +USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND +www-data 2345 85.3 1.5 892456 245632 ? R 06:15 125:34 php-fpm: pool www +root 1523 8.2 0.8 456789 123456 ? Ss 06:00 15:23 nginx: master process +mysql 987 5.1 4.0 2345678 654321 ? Ssl 06:00 45:12 /usr/sbin/mysqld +``` +**Why:** Provides snapshot view of top CPU consumers with additional details like user, VSZ (virtual memory), and RSS (resident memory). + +--- + +**Step 3:** Check what this process is doing +```bash +sudo ls -l /proc/2345/exe +``` +**Expected Output:** +``` +lrwxrwxrwx 1 www-data www-data 0 Feb 3 14:25 /proc/2345/exe -> /usr/sbin/php-fpm8.1 +``` +**Why:** Identifies the actual binary being executed. + +--- + +**Step 4:** Check process command line and arguments +```bash +cat /proc/2345/cmdline | tr '\0' ' ' +``` +**Expected Output:** +``` +php-fpm: pool www +``` +**Why:** Shows how the process was started and with what arguments. + +--- + +**Step 5:** Monitor the specific process over time +```bash +pidstat -p 2345 1 5 +``` +**Expected Output:** +``` +Linux 6.8.0-49-generic (server) 02/03/2026 _x86_64_ (4 CPU) + +02:25:33 PM UID PID %usr %system %guest %wait %CPU CPU Command +02:25:34 PM 33 2345 82.00 3.00 0.00 0.00 85.00 2 php-fpm +02:25:35 PM 33 2345 84.00 2.00 0.00 0.00 86.00 2 php-fpm +02:25:36 PM 33 2345 83.00 3.00 0.00 0.00 86.00 2 php-fpm +``` +**Why:** Shows CPU usage trend over 5 seconds, confirming sustained high usage. + +--- + +**Step 6:** Check what files the process has open +```bash +sudo lsof -p 2345 | head -20 +``` +**Why:** Can reveal if process is stuck reading/writing large files or has connection issues. + +--- + +**Resolution Investigation:** +```bash +# Check PHP-FPM logs +sudo tail -n 100 /var/log/php8.1-fpm.log + +# Check PHP error logs +sudo tail -n 100 /var/log/php_errors.log + +# Check nginx access logs for traffic spike +sudo tail -n 100 /var/log/nginx/access.log + +# Check if specific script is causing issue +sudo grep "script" /var/log/nginx/access.log | tail -20 +``` + +**What I learned:** High CPU can be caused by runaway scripts, infinite loops, or traffic spikes. Always identify the process first, then investigate its logs and behavior patterns. + +--- + +### Scenario 3: Finding Service Logs + +**Problem:** A developer asks: "Where are the logs for the 'docker' service?" The service is managed by systemd. What commands would you use? + +**My Solution:** + +**Step 1:** Check service status (includes recent log entries) +```bash +systemctl status docker +``` +**Expected Output:** +``` +● docker.service - Docker Application Container Engine + Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled) + Active: active (running) since Tue 2026-02-03 06:00:15 UTC; 8h ago + Docs: https://docs.docker.com + Main PID: 1234 (dockerd) + Tasks: 45 + Memory: 245.3M + CPU: 2min 34s + CGroup: /system.slice/docker.service + └─1234 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock + +Feb 03 14:15:22 server dockerd[1234]: time="2026-02-03T14:15:22Z" level=info msg="Container started" +Feb 03 14:20:33 server dockerd[1234]: time="2026-02-03T14:20:33Z" level=warning msg="Health check failed" +``` +**Why:** Quick overview with last few log lines visible immediately. + +--- + +**Step 2:** View last 50 lines of Docker service logs +```bash +journalctl -u docker -n 50 --no-pager +``` +**Expected Output:** +``` +Feb 03 14:00:15 server dockerd[1234]: time="2026-02-03T14:00:15Z" level=info msg="API listen on /var/run/docker.sock" +Feb 03 14:15:22 server dockerd[1234]: time="2026-02-03T14:15:22Z" level=info msg="Container nginx-web started" +Feb 03 14:20:33 server dockerd[1234]: time="2026-02-03T14:20:33Z" level=warning msg="Container app-backend health check failed" +Feb 03 14:21:45 server dockerd[1234]: time="2026-02-03T14:21:45Z" level=info msg="Container app-backend health check passed" +``` +**Why:** Shows recent systemd journal entries for the Docker service. + +--- + +**Step 3:** Follow Docker logs in real-time +```bash +journalctl -u docker -f +``` +**Expected Output:** +``` +-- Journal begins at Tue 2026-02-03 06:00:00 UTC. -- +Feb 03 14:30:11 server dockerd[1234]: time="2026-02-03T14:30:11Z" level=info msg="Image pulled successfully" image=nginx:latest +Feb 03 14:31:23 server dockerd[1234]: time="2026-02-03T14:31:23Z" level=info msg="Container created" id=abc123def456 +[waiting for new entries...] +``` +**Why:** Like `tail -f`, this monitors logs as they're written - essential for debugging in real-time. + +--- + +**Step 4:** Search for specific errors in Docker logs +```bash +journalctl -u docker | grep -i "error" | tail -20 +``` +**Expected Output:** +``` +Feb 03 12:15:33 server dockerd[1234]: level=error msg="Failed to pull image" image=badimage:latest error="manifest unknown" +Feb 03 13:22:45 server dockerd[1234]: level=error msg="Container failed to start" container=broken-app +``` +**Why:** Quickly identifies error messages without reading all logs. + +--- + +**Step 5:** Check Docker file-based logs (alternative location) +```bash +sudo ls -lh /var/log/docker.log +``` +**Expected Output:** +``` +-rw-r--r-- 1 root root 128M Feb 3 14:30 /var/log/docker.log +``` +```bash +sudo tail -n 50 /var/log/docker.log +``` +**Why:** Some systems also write to file-based logs. Good to check both locations. + +--- + +**Step 6:** View logs with timestamps and priority +```bash +journalctl -u docker -n 30 -o verbose +``` +**Why:** Shows full metadata including exact timestamps, useful for correlating with other system events. + +--- + +**Additional Techniques:** + +**Check logs for specific time range:** +```bash +journalctl -u docker --since "2026-02-03 14:00:00" --until "2026-02-03 14:30:00" +``` + +**Check logs from last boot:** +```bash +journalctl -u docker -b +``` + +**Export logs to file for analysis:** +```bash +journalctl -u docker -n 1000 > /tmp/docker-logs-export.txt +``` + +**What I learned:** Systemd-managed services store logs in journald, accessed via `journalctl`. The `-u` flag targets specific services, `-f` follows live, and `-n` limits output lines. + +--- + +### Scenario 4: File Permissions Issue + +**Problem:** A script at `/home/user/backup.sh` is not executing. When you run `./backup.sh`, you get "Permission denied". What commands would you use to fix this? + +**My Solution:** + +**Step 1:** Check current permissions +```bash +ls -l /home/user/backup.sh +``` +**Expected Output:** +``` +-rw-r--r-- 1 user user 1245 Feb 3 13:00 /home/user/backup.sh +``` +**Analysis:** +- `-rw-r--r--` breaks down as: + - `-` = regular file (not directory) + - `rw-` = owner (user) can read and write + - `r--` = group can only read + - `r--` = others can only read + - **NO 'x' anywhere = NOT EXECUTABLE** + +**Why this command?** Shows exact permissions and identifies the problem - missing execute permission. + +--- + +**Step 2:** Add execute permission for the owner +```bash +chmod +x /home/user/backup.sh +``` +**Alternative (more specific):** +```bash +chmod u+x /home/user/backup.sh # Execute for user only +``` +**Why:** Adds execute (`x`) permission, allowing the script to run. + +--- + +**Step 3:** Verify permissions were changed +```bash +ls -l /home/user/backup.sh +``` +**Expected Output:** +``` +-rwxr-xr-x 1 user user 1245 Feb 3 13:00 /home/user/backup.sh +``` +**Analysis:** +- `-rwxr-xr-x` now shows: + - `rwx` = owner can read, write, execute ✅ + - `r-x` = group can read and execute + - `r-x` = others can read and execute + +**Why:** Confirms the change was successful. + +--- + +**Step 4:** Try running the script +```bash +./backup.sh +``` +**Expected Output:** +``` +Starting backup process... +Backing up /home/user/documents to /backup/2026-02-03/ +Backup completed successfully! +``` +**Why:** Verifies the script now executes properly. + +--- + +**Additional Troubleshooting (if still fails):** + +**Step 5:** Check script interpreter (shebang) +```bash +head -n 1 /home/user/backup.sh +``` +**Expected Output:** +``` +#!/bin/bash +``` +**Why:** Ensures script has proper shebang line telling system which interpreter to use. + +--- + +**Step 6:** Check if script has correct ownership +```bash +ls -l /home/user/backup.sh +``` +**If ownership is wrong:** +```bash +sudo chown user:user /home/user/backup.sh +``` +**Why:** Script might be owned by different user, preventing execution. + +--- + +**Step 7:** Verify bash is available +```bash +which bash +``` +**Expected Output:** +``` +/bin/bash +``` +**Why:** Confirms the interpreter specified in shebang exists. + +--- + +**Permission Modes Explained:** + +| Symbol | Numeric | Meaning | +|--------|---------|---------| +| `---` | 0 | No permissions | +| `r--` | 4 | Read only | +| `rw-` | 6 | Read and write | +| `rwx` | 7 | Read, write, execute | +| `r-x` | 5 | Read and execute | + +**Common chmod examples:** +```bash +chmod 755 script.sh # rwxr-xr-x (owner: all, others: read+execute) +chmod 644 file.txt # rw-r--r-- (owner: rw, others: read-only) +chmod 700 private.sh # rwx------ (owner only, full access) +chmod u+x script.sh # Add execute for user +chmod go-w file.txt # Remove write for group and others +``` + +**What I learned:** +- Files need execute (`x`) permission to run as scripts +- `ls -l` shows permissions in format: `type|owner|group|others` +- `chmod +x` is quickest way to make a file executable +- Always verify changes with `ls -l` after using `chmod` +- Permissions are fundamental to Linux security + +--- + +## Summary: Key Takeaways + +### File System Knowledge +✅ Know where to find configurations (`/etc`) +✅ Know where to find logs (`/var/log`) +✅ Know where user data lives (`/home`) +✅ Understand the difference between `/bin`, `/usr/bin`, and `/opt` + +### Troubleshooting Workflow +1. **Check status first** - `systemctl status ` +2. **Read the logs** - `journalctl -u -n 50` +3. **Identify the problem** - Look for errors, warnings, resource issues +4. **Verify the fix** - Check status again after changes + +### Essential Command Patterns +```bash +# Service troubleshooting +systemctl status +journalctl -u -n 50 +systemctl is-enabled + +# Process troubleshooting +top +ps aux --sort=-%cpu +pidstat -p + +# Permission troubleshooting +ls -l +chmod +x +chown user:group + +# Log analysis +journalctl -u -f +tail -f /var/log/ +grep -i "error" /var/log/ diff --git a/2026/day-08/day-08-cloud-deployment.md b/2026/day-08/day-08-cloud-deployment.md new file mode 100644 index 000000000..15c75395d --- /dev/null +++ b/2026/day-08/day-08-cloud-deployment.md @@ -0,0 +1,146 @@ +--- +# Day 08 – Cloud Server Setup: Docker, Nginx & Web Deployment +--- + +--- +Commands Used +--- + +| Si. No. | Category | Purpose | Command | +|--- |----------|---------|---------| +| 1. | SSH | Connect to AWS server | `ssh -i your-key.pem ubuntu@` | +| 2. | Service Management | Check Nginx status | `sudo systemctl status nginx` | +| 3.| Logs | View last 5 lines | `sudo tail -n 50 /var/log/nginx/access.log` | +| 4. | Logs | View first 10 lines | `sudo head -n 20 /var/log/nginx/access.log` | +| 5. | Pipeline | Filter successful requests | `sudo tail -n 10 /var/log/nginx/access.log \| grep "200"` | +| 6. | Pipeline | Show first 10 successful requests | `sudo cat /var/log/nginx/access.log \| grep "200" \| head -n 10` | +| 7. | Redirection | Save logs to file | `sudo cat /var/log/nginx/access.log > ~/nginx-logs.txt` | +| 8. | Redirection | Append new logs | `sudo tail -n 100 /var/log/nginx/access.log >> ~/nginx-logs.txt` | +| 9. | File Check | List file details | `ls -lh ~/nginx-logs.txt` | +| 10. | File Check | Preview saved file | `head -n 20 ~/nginx-logs.txt` | +| 11. | SCP (AWS) | Download logs locally | `scp -i your-key.pem ubuntu@:~/nginx-logs.txt .` | +| 12. | Verify Nginx Install | To check the service Status | `sudo systemctl status nginx` | +| 13. | View Nginx Logs (LIVE) | It shows live Logs of Nginx | `sudo tail -f /var/log/nginx/access.log` | + +--- +## Part 1: Launch Cloud Instance & SSH Access +- Step 1: Create a Cloud Instance + +Screenshot 2026-02-02 231414 + + +- Step 2: Connect via SSH + +Screenshot 2026-02-02 231630 + + +--- +## Part 2: Install Nginx +--- + +- Step 1: Update System + +```bash +sudo apt update -y +``` + +- Step 3: Install Nginx + +```bash +sudo apt install nginx +``` + +- step 4: Verify Nginx is running: + +```bash +sudo systamctl status nginx +``` +--- + +Screenshot 2026-02-02 235405 + +--- + +--- +## Part 3: Security Group Configuration +--- + +Test Web Access: Open browser and visit: + +```bash +http:// +``` + +You should see the Nginx welcome page! + +Screenshot 2026-02-02 235606 + + +## Part 4: Extract Nginx Logs + +- Step 1: View Nginx Logs + +**Live Logs** + +```bash +sudo tail -f /var/log/nginx/access.log +``` + +```bash +sudo tail n 5 /var/log/nginx/access.log +``` + +- Step 2: Save Logs to File + + + **check that the file exists** + +```bash +ls -lh ~/nginx-logs.txt +``` + + **Redirect and save log file to the log.txt** + +```bash +sudo cat /var/log/nginx/access.log > ~/nginx-logs.txt +``` +- Step 3: Download Log File to Your Local Machine + +Screenshot 2026-02-03 004340 + + +**(Ubuntu User)** + +```bash +scp -i your-key.pem ubuntu@:~/nginx-logs.txt . +``` +Screenshot 2026-02-03 004541 + + +--- +You can also open it: +--- +```bash +cat nginx-logs.txt | head + +``` +Screenshot 2026-02-03 004603 + + + +## What I Learned + - To after installing any services first check status of the service then start or enable it. + + - While running nginx server you must allow inbound rule on port 80 and the appropriate source mosty for learning pupose most people use anywere which is not good. + + - How to download log file from AWS ubuntu server to the local machine . + + - In the Logs section, I learned how web server logs work, how to monitor them in real time, how to filter and save them using Linux tools, and how to securely transfer log files from a remote cloud server to my local machine using SCP. + + - How to read real web logs + - By viewing /var/log/nginx/access.log i saw:--- + + - Visitor IP address + - Request type (GET, POST) + - Time of request + - HTTP status codes (200, 404, etc.) diff --git a/2026/day-09/README.md b/2026/day-09/README.md index 67aea03d2..bc6e6b826 100644 --- a/2026/day-09/README.md +++ b/2026/day-09/README.md @@ -27,6 +27,7 @@ Create three users with home directories and passwords: - `tokyo` - `berlin` - `professor` +- image **Verify:** Check `/etc/passwd` and `/home/` directory diff --git a/2026/day-09/day-09-user-management.md b/2026/day-09/day-09-user-management.md new file mode 100644 index 000000000..2b021ccb0 --- /dev/null +++ b/2026/day-09/day-09-user-management.md @@ -0,0 +1 @@ + diff --git a/2026/day-10/day-10-file-permissions.md b/2026/day-10/day-10-file-permissions.md new file mode 100644 index 000000000..f9023ccf7 --- /dev/null +++ b/2026/day-10/day-10-file-permissions.md @@ -0,0 +1,1384 @@ +# Day 10 Challenge - File Permissions & File Operations + +**Date:** February 03, 2026 +**Focus:** Mastering file creation, reading, and permission management in Linux + +--- +image + +## Challenge Overview + +This challenge builds on fundamental Linux skills: +- Creating files using different methods +- Reading file contents with various tools +- Understanding the Linux permission model +- Modifying permissions for security and functionality +- Testing permission restrictions + +--- + +## Task 1: Create Files + +### Objective +Create files using different methods: `touch`, `cat`/`echo`, and `vim` + +### Commands and Steps + +#### File 1: Create empty file using touch +```bash +touch devops.txt +``` + +**Verification:** +```bash +ls -l devops.txt +``` + +**Output:** +``` +-rw-r--r-- 1 devuser devuser 0 Feb 3 16:00 devops.txt +``` + +**What happened:** +- `touch` created an empty file (0 bytes) +- Default permissions: `-rw-r--r--` (644) +- Owner and group: current user (devuser) + +--- + +#### File 2: Create file with content using echo and redirection + +**Method 1: Using echo with redirection** +```bash +echo "This is my DevOps learning journey" > notes.txt +echo "Day 10: File Permissions Challenge" >> notes.txt +echo "Learning Linux fundamentals" >> notes.txt +echo "Mastering chmod and file operations" >> notes.txt +``` + +**Method 2: Using cat with heredoc** +```bash +cat > notes.txt << EOF +This is my DevOps learning journey +Day 10: File Permissions Challenge +Learning Linux fundamentals +Mastering chmod and file operations +EOF +``` + +**Verification:** +```bash +ls -l notes.txt +cat notes.txt +``` + +**Output:** +``` +-rw-r--r-- 1 devuser devuser 128 Feb 3 16:02 notes.txt +``` + +**Content:** +``` +This is my DevOps learning journey +Day 10: File Permissions Challenge +Learning Linux fundamentals +Mastering chmod and file operations +``` + +--- + +#### File 3: Create shell script using vim + +**Step 1: Create file with vim** +```bash +vim script.sh +``` + +**Step 2: In vim, press `i` to enter insert mode, then type:** +```bash +#!/bin/bash +echo "Hello DevOps" +echo "Today is Day 10 of 90 Days Challenge" +echo "Current user: $USER" +echo "Current directory: $(pwd)" +``` + +**Step 3: Save and exit vim** +- Press `Esc` to exit insert mode +- Type `:wq` and press Enter (write and quit) + +**Verification:** +```bash +ls -l script.sh +cat script.sh +``` + +**Output:** +``` +-rw-r--r-- 1 devuser devuser 156 Feb 3 16:05 script.sh +``` + +**Content:** +```bash +#!/bin/bash +echo "Hello DevOps" +echo "Today is Day 10 of 90 Days Challenge" +echo "Current user: $USER" +echo "Current directory: $(pwd)" +``` + +--- + +### Summary of Files Created +```bash +ls -lh devops.txt notes.txt script.sh +``` + +**Output:** +``` +-rw-r--r-- 1 devuser devuser 0 Feb 3 16:00 devops.txt +-rw-r--r-- 1 devuser devuser 128 Feb 3 16:02 notes.txt +-rw-r--r-- 1 devuser devuser 156 Feb 3 16:05 script.sh +``` + +**Observations:** +- All files created with default permissions `644` (`rw-r--r--`) +- Owner can read and write +- Group and others can only read +- `script.sh` is NOT executable yet (no `x` permission) + +✅ **Task 1 Complete:** Three files created using different methods. + +--- + +## Task 2: Read Files + +### Objective +Read file contents using different Linux tools + +### Commands and Outputs + +#### Method 1: Read with cat (full content) +```bash +cat notes.txt +``` + +**Output:** +``` +This is my DevOps learning journey +Day 10: File Permissions Challenge +Learning Linux fundamentals +Mastering chmod and file operations +``` + +**Use case:** Best for small files where you want to see everything. + +--- + +#### Method 2: View file in vim (read-only mode) +```bash +vim -R script.sh +``` +**Alternative:** +```bash +view script.sh +``` + +**What you see in vim:** +```bash +#!/bin/bash +echo "Hello DevOps" +echo "Today is Day 10 of 90 Days Challenge" +echo "Current user: $USER" +echo "Current directory: $(pwd)" +~ +~ +-- READONLY -- +``` + +**How to navigate in vim:** +- Arrow keys or `j`/`k` to move up/down +- `:q` to quit +- Cannot edit in read-only mode + +**Use case:** Safely view files without risk of accidental edits. + +--- + +#### Method 3: Display first 5 lines using head +```bash +head -n 5 /etc/passwd +``` + +**Output:** +``` +root:x:0:0:root:/root:/bin/bash +daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin +bin:x:2:2:bin:/bin:/usr/sbin/nologin +sys:x:3:3:sys:/dev:/usr/sbin/nologin +sync:x:4:65534:sync:/bin:/bin/sync +``` + +**Explanation:** +- Shows first 5 user accounts from system password file +- Format: `username:x:UID:GID:comment:home:shell` + +**Custom example with our file:** +```bash +head -n 2 notes.txt +``` + +**Output:** +``` +This is my DevOps learning journey +Day 10: File Permissions Challenge +``` + +**Use case:** Preview file contents without loading entire file. + +--- + +#### Method 4: Display last 5 lines using tail +```bash +tail -n 5 /etc/passwd +``` + +**Output:** +``` +systemd-coredump:x:999:999:systemd Core Dumper:/:/usr/sbin/nologin +devuser:x:1000:1000:DevOps User:/home/devuser:/bin/bash +tokyo:x:1001:1001::/home/tokyo:/bin/bash +berlin:x:1002:1002::/home/berlin:/bin/bash +professor:x:1003:1003::/home/professor:/bin/bash +``` + +**Custom example with our file:** +```bash +tail -n 2 notes.txt +``` + +**Output:** +``` +Learning Linux fundamentals +Mastering chmod and file operations +``` + +**Use case:** Check latest entries in log files or end of documents. + +--- + +#### Method 5: Advanced reading - line numbers +```bash +cat -n notes.txt +``` + +**Output:** +``` + 1 This is my DevOps learning journey + 2 Day 10: File Permissions Challenge + 3 Learning Linux fundamentals + 4 Mastering chmod and file operations +``` + +**Use case:** Reference specific lines when debugging or discussing files. + +--- + +#### Method 6: Read with less (paginated view) +```bash +less notes.txt +``` + +**Navigation:** +- Space = next page +- `b` = previous page +- `/pattern` = search +- `q` = quit + +**Use case:** Large files that don't fit on one screen. + +--- + +### Reading Commands Summary + +| Command | Purpose | Best For | +|---------|---------|----------| +| `cat file` | Display full content | Small files | +| `vim -R file` or `view file` | Read-only editing | Safe viewing | +| `head -n N file` | First N lines | File headers, previews | +| `tail -n N file` | Last N lines | Recent log entries | +| `less file` | Paginated view | Large files | +| `cat -n file` | With line numbers | Code review, debugging | + +✅ **Task 2 Complete:** Practiced multiple file reading methods. + +--- + +## Task 3: Understand Permissions + +### Permission Format Breakdown +``` +-rw-r--r-- +│││││││││└── Other: read +││││││││└─── Other: write (not set) +│││││││└──── Other: execute (not set) +││││││└───── Group: read +│││││└────── Group: write (not set) +││││└─────── Group: execute (not set) +│││└──────── Owner: read +││└───────── Owner: write +│└────────── Owner: execute (not set) +└─────────── File type (- = regular file, d = directory, l = link) +``` + +### Numeric Representation + +| Symbol | Binary | Decimal | Meaning | +|--------|--------|---------|---------| +| `---` | 000 | 0 | No permissions | +| `--x` | 001 | 1 | Execute only | +| `-w-` | 010 | 2 | Write only | +| `-wx` | 011 | 3 | Write + Execute | +| `r--` | 100 | 4 | Read only | +| `r-x` | 101 | 5 | Read + Execute | +| `rw-` | 110 | 6 | Read + Write | +| `rwx` | 111 | 7 | Read + Write + Execute | + +--- + +### Check Current Permissions +```bash +ls -l devops.txt notes.txt script.sh +``` + +**Output:** +``` +-rw-r--r-- 1 devuser devuser 0 Feb 3 16:00 devops.txt +-rw-r--r-- 1 devuser devuser 128 Feb 3 16:02 notes.txt +-rw-r--r-- 1 devuser devuser 156 Feb 3 16:05 script.sh +``` + +--- + +### Permission Analysis + +#### devops.txt: `-rw-r--r--` (644) + +**Breakdown:** +- Owner (devuser): `rw-` = read + write (6) +- Group (devuser): `r--` = read only (4) +- Others: `r--` = read only (4) + +**What this means:** +- ✅ Owner can read and modify the file +- ✅ Group members can read the file +- ✅ Anyone else can read the file +- ❌ Nobody can execute (it's not a script) +- ❌ Group and others cannot modify + +--- + +#### notes.txt: `-rw-r--r--` (644) + +**Breakdown:** +- Owner (devuser): `rw-` = read + write (6) +- Group (devuser): `r--` = read only (4) +- Others: `r--` = read only (4) + +**What this means:** +- ✅ Owner can read and edit notes +- ✅ Others can read but not modify +- 🔒 Good for shared documentation + +--- + +#### script.sh: `-rw-r--r--` (644) + +**Breakdown:** +- Owner (devuser): `rw-` = read + write (6) +- Group (devuser): `r--` = read only (4) +- Others: `r--` = read only (4) + +**Problem:** +- ❌ Script is NOT executable (no `x` permission) +- ❌ Cannot run with `./script.sh` + +**Why?** Linux requires explicit execute permission for scripts and programs. + +--- + +### Test Current Permissions + +**Try to execute script.sh:** +```bash +./script.sh +``` + +**Output:** +``` +bash: ./script.sh: Permission denied +``` + +**Expected:** Script needs execute permission to run. We'll fix this in Task 4. + +✅ **Task 3 Complete:** Understanding permission structure and numeric notation. + +--- + +## Task 4: Modify Permissions + +### Objective +Modify file permissions using `chmod` with both symbolic and numeric methods + +--- + +### Change 1: Make script.sh Executable + +**Current permissions:** +```bash +ls -l script.sh +``` +**Output:** `-rw-r--r--` (644) + +**Method 1: Add execute permission (symbolic)** +```bash +chmod +x script.sh +``` + +**Verification:** +```bash +ls -l script.sh +``` +**Output:** +``` +-rwxr-xr-x 1 devuser devuser 156 Feb 3 16:05 script.sh +``` + +**What changed:** +- Before: `-rw-r--r--` (644) +- After: `-rwxr-xr-x` (755) +- `+x` added execute for owner, group, and others + +**Method 2: Specific permissions (numeric)** +```bash +chmod 755 script.sh +``` +- `7` (owner) = `rwx` +- `5` (group) = `r-x` +- `5` (others) = `r-x` + +--- + +**Test execution:** +```bash +./script.sh +``` + +**Output:** +``` +Hello DevOps +Today is Day 10 of 90 Days Challenge +Current user: devuser +Current directory: /home/devuser +``` + +✅ **Success!** Script now executes properly. + +--- + +### Change 2: Make devops.txt Read-Only (Remove Write Permission) + +**Current permissions:** +```bash +ls -l devops.txt +``` +**Output:** `-rw-r--r--` (644) + +**Remove write permission for all:** +```bash +chmod -w devops.txt +``` + +**Verification:** +```bash +ls -l devops.txt +``` +**Output:** +``` +-r--r--r-- 1 devuser devuser 0 Feb 3 16:00 devops.txt +``` + +**What changed:** +- Before: `-rw-r--r--` (644) +- After: `-r--r--r--` (444) +- Write permission removed from owner, group, and others + +**Alternative (numeric method):** +```bash +chmod 444 devops.txt +``` + +--- + +**Test write protection:** +```bash +echo "Testing write" > devops.txt +``` + +**Output:** +``` +bash: devops.txt: Permission denied +``` + +✅ **Success!** File is now read-only, even for the owner. + +--- + +### Change 3: Set notes.txt to 640 Permissions + +**Current permissions:** +```bash +ls -l notes.txt +``` +**Output:** `-rw-r--r--` (644) + +**Set to 640:** +```bash +chmod 640 notes.txt +``` + +**Verification:** +```bash +ls -l notes.txt +``` +**Output:** +``` +-rw-r----- 1 devuser devuser 128 Feb 3 16:02 notes.txt +``` + +**Permission breakdown:** +- `6` (owner) = `rw-` = read + write +- `4` (group) = `r--` = read only +- `0` (others) = `---` = no access + +**What this means:** +- ✅ Owner can read and edit +- ✅ Group can read +- ❌ Others have no access (more secure) + +**Use case:** Sensitive files that should only be accessible to owner and team. + +--- + +### Change 4: Create Directory with 755 Permissions + +**Create directory:** +```bash +mkdir project +``` + +**Check default permissions:** +```bash +ls -ld project +``` +**Output:** +``` +drwxr-xr-x 2 devuser devuser 4096 Feb 3 16:20 project +``` + +**Observation:** Default directory permissions are already 755! + +**If we need to explicitly set 755:** +```bash +chmod 755 project +``` + +**Permission breakdown for directories:** +- `7` (owner) = `rwx` = read, write, execute (can list, create/delete files, enter directory) +- `5` (group) = `r-x` = read, execute (can list and enter, cannot create files) +- `5` (others) = `r-x` = read, execute (can list and enter, cannot create files) + +**Note:** For directories: +- `r` = can list contents (`ls`) +- `w` = can create/delete files inside +- `x` = can enter directory (`cd`) + +--- + +**Test directory access:** +```bash +cd project +touch test-file.txt +ls -l +cd .. +``` + +**Output:** +``` +-rw-r--r-- 1 devuser devuser 0 Feb 3 16:22 test-file.txt +``` + +✅ **Success!** Directory is accessible and writable. + +--- + +### Summary of Permission Changes + +**Before:** +``` +-rw-r--r-- devops.txt (644) +-rw-r--r-- notes.txt (644) +-rw-r--r-- script.sh (644) +drwxr-xr-x project/ (755) +``` + +**After:** +``` +-r--r--r-- devops.txt (444) - Read-only +-rw-r----- notes.txt (640) - Owner: rw, Group: r, Others: none +-rwxr-xr-x script.sh (755) - Executable +drwxr-xr-x project/ (755) - Standard directory +``` + +✅ **Task 4 Complete:** Successfully modified permissions using multiple methods. + +--- + +## Task 5: Test Permissions + +### Objective +Understand permission restrictions by testing denied operations and documenting error messages + +--- + +### Test 1: Try Writing to Read-Only File + +**Setup: devops.txt is read-only (444)** +```bash +ls -l devops.txt +``` +**Output:** `-r--r--r--` + +**Attempt 1: Write using echo redirection** +```bash +echo "This should fail" > devops.txt +``` + +**Error Message:** +``` +bash: devops.txt: Permission denied +``` + +**What happened:** +- Shell tried to open file in write mode +- File permissions don't allow write (`-w` is missing) +- Operation blocked by kernel + +--- + +**Attempt 2: Write using cat** +```bash +cat >> devops.txt << EOF +More content +EOF +``` + +**Error Message:** +``` +bash: devops.txt: Permission denied +``` + +**Same result:** Cannot append to read-only file. + +--- + +**Attempt 3: Write using text editor** +```bash +vim devops.txt +``` + +**In vim:** +- Can view content +- Try to insert text with `i` +- Try to save with `:w` + +**Error Message:** +``` +"devops.txt" E505: "devops.txt" is read-only (add ! to override) +``` + +**Force write with :w!:** +``` +"devops.txt" E166: Can't open linked file for writing +``` + +**What happened:** +- Vim detected read-only file +- Even force-write fails due to permission restrictions +- Would need to change permissions first or use `sudo` + +--- + +### Test 2: Try Executing File Without Execute Permission + +**Setup: Create a test script without execute permission** +```bash +cat > no-exec.sh << 'EOF' +#!/bin/bash +echo "This script has no execute permission" +EOF +``` + +**Check permissions:** +```bash +ls -l no-exec.sh +``` +**Output:** `-rw-r--r--` (644) - No execute permission + +--- + +**Attempt 1: Direct execution** +```bash +./no-exec.sh +``` + +**Error Message:** +``` +bash: ./no-exec.sh: Permission denied +``` + +**What happened:** +- Shell tried to execute the file +- File lacks execute (`x`) permission +- Kernel denied the operation + +--- + +**Attempt 2: Execution with bash explicitly** +```bash +bash no-exec.sh +``` + +**Output:** +``` +This script has no execute permission +``` + +**What happened:** +- ✅ Script executed successfully! +- **Why?** We're not executing the file itself - we're passing it as an argument to `bash` +- Bash reads the file (we have read permission) and interprets it +- This is a workaround, but not how scripts should normally be run + +--- + +**Proper fix:** +```bash +chmod +x no-exec.sh +./no-exec.sh +``` + +**Output:** +``` +This script has no execute permission +``` + +✅ Now it works as intended. + +--- + +### Test 3: Try Accessing File with No Permissions (000) + +**Setup: Create a completely restricted file** +```bash +touch secret.txt +echo "Top secret data" > secret.txt +chmod 000 secret.txt +``` + +**Check permissions:** +```bash +ls -l secret.txt +``` +**Output:** `---------- secret.txt` (000) + +--- + +**Attempt 1: Read the file** +```bash +cat secret.txt +``` + +**Error Message:** +``` +cat: secret.txt: Permission denied +``` + +--- + +**Attempt 2: Write to the file** +```bash +echo "Hack attempt" > secret.txt +``` + +**Error Message:** +``` +bash: secret.txt: Permission denied +``` + +--- + +**Attempt 3: View in vim** +```bash +vim secret.txt +``` + +**Error Message:** +``` +"secret.txt" [Permission Denied] +``` + +--- + +**How to access as owner:** +```bash +# Option 1: Restore read permission +chmod u+r secret.txt +cat secret.txt + +# Option 2: Use sudo (if you have admin rights) +sudo cat secret.txt +``` + +--- + +### Test 4: Try Creating File in Directory Without Write Permission + +**Setup: Create read-only directory** +```bash +mkdir readonly-dir +chmod 555 readonly-dir # r-x for all +``` + +**Check permissions:** +```bash +ls -ld readonly-dir +``` +**Output:** `dr-xr-xr-x` (555) + +--- + +**Attempt: Create file in read-only directory** +```bash +touch readonly-dir/test.txt +``` + +**Error Message:** +``` +touch: cannot touch 'readonly-dir/test.txt': Permission denied +``` + +**What happened:** +- Directory has read and execute permissions +- Can list contents (`ls`) and enter directory (`cd`) +- Cannot create files - missing write permission +- Write permission on directory is needed to create/delete files + +--- + +**Test navigation:** +```bash +cd readonly-dir # This works (x permission) +ls # This works (r permission) +touch file.txt # This fails (no w permission) +``` + +--- + +### Test 5: Try Deleting File with Write Permission + +**Setup:** +```bash +touch deleteme.txt +echo "Can you delete me?" > deleteme.txt +chmod 444 deleteme.txt # Read-only file +``` + +**Attempt: Delete read-only file** +```bash +rm deleteme.txt +``` + +**Interactive Prompt:** +``` +rm: remove write-protected regular file 'deleteme.txt'? y +``` + +**Output:** +``` +File deleted successfully +``` + +**What happened:** +- ✅ File was deleted even though it was read-only! +- **Why?** Delete permission depends on the **directory**, not the file +- The parent directory has write permission +- `rm` warned us but still allowed deletion + +**To truly protect files from deletion:** +```bash +# Make the directory read-only +chmod 555 /path/to/directory + +# Or use sticky bit for shared directories +chmod +t /path/to/directory +``` + +--- + +### Permission Error Messages Summary + +| Scenario | Command | Error Message | Reason | +|----------|---------|---------------|--------| +| Write to read-only | `echo > file` | Permission denied | No write permission (`w`) | +| Execute non-executable | `./script` | Permission denied | No execute permission (`x`) | +| Read no-permission file | `cat file` | Permission denied | No read permission (`r`) | +| Create in read-only dir | `touch dir/file` | Permission denied | Directory lacks write permission | +| Delete file | `rm file` | write-protected warning | Directory has write, file doesn't | + +--- + +### Key Insights from Testing + +1. **File vs Directory Permissions:** + - File permissions: control what you can do WITH the file + - Directory permissions: control what you can do IN the directory + - To delete a file, you need write permission on the directory, NOT the file + +2. **Workarounds Exist:** + - Can't execute file? Use `bash script.sh` + - Can't read file as user? Use `sudo cat file` + - These bypass intended restrictions + +3. **Error Messages Are Clear:** + - "Permission denied" = lacking required permission + - "write-protected" = warning but may proceed + - Check with `ls -l` to diagnose + +4. **Security Best Practices:** + - Use 640 for sensitive files (owner: rw, group: r, others: none) + - Use 644 for public readable files + - Use 600 for private files (owner only) + - Use 755 for executables and directories + - Use 700 for private executables + +✅ **Task 5 Complete:** Thoroughly tested permission restrictions and documented behaviors. + +--- + +## Commands Used Summary + +### File Creation Commands +```bash +# Create empty file +touch filename + +# Create with content (echo) +echo "content" > filename +echo "more content" >> filename + +# Create with content (cat heredoc) +cat > filename << EOF +content +EOF + +# Create with vim +vim filename +# (then i for insert, type content, Esc, :wq to save) +``` + +--- + +### File Reading Commands +```bash +# Read full file +cat filename + +# Read with line numbers +cat -n filename + +# Read first N lines +head -n N filename + +# Read last N lines +tail -n N filename + +# Read in pager +less filename + +# Read-only in vim +vim -R filename +view filename +``` + +--- + +### Permission Viewing Commands +```bash +# List file permissions +ls -l filename + +# List directory permissions +ls -ld directory + +# Detailed file info +stat filename +``` + +--- + +### Permission Modification Commands +```bash +# Symbolic method +chmod +x filename # Add execute for all +chmod -w filename # Remove write for all +chmod u+x filename # Add execute for owner +chmod g-w filename # Remove write for group +chmod o-r filename # Remove read for others + +# Numeric method +chmod 755 filename # rwxr-xr-x +chmod 644 filename # rw-r--r-- +chmod 600 filename # rw------- +chmod 444 filename # r--r--r-- + +# Directory permissions +chmod 755 directory # rwxr-xr-x +chmod 775 directory # rwxrwxr-x +chmod 700 directory # rwx------ +``` + +--- + +### Common Permission Patterns + +| Permission | Numeric | Use Case | +|------------|---------|----------| +| `rwxr-xr-x` | 755 | Executable scripts, directories | +| `rw-r--r--` | 644 | Regular files, readable by all | +| `rw-r-----` | 640 | Sensitive files, group readable | +| `rw-------` | 600 | Private files, owner only | +| `r--r--r--` | 444 | Read-only for all | +| `rwxrwxr-x` | 775 | Shared directories | +| `rwx------` | 700 | Private executable or directory | + +--- + +## What I Learned + +### 1. File Permissions Control Access at Three Levels + +**Key Understanding:** +- **Owner:** The user who created/owns the file +- **Group:** Users in the file's group +- **Others:** Everyone else on the system + +**Each level has three permissions:** +- **Read (r, 4):** View contents +- **Write (w, 2):** Modify contents +- **Execute (x, 1):** Run as program + +**Real-world application:** +In DevOps, proper permissions prevent: +- Unauthorized access to sensitive configs (`chmod 600 /etc/app/secret.conf`) +- Accidental deletion of critical scripts (`chmod 555 /opt/scripts/`) +- Security breaches from world-readable credentials + +**Example scenario:** +```bash +# Application config with database credentials +chmod 640 /etc/app/config.yml +chown app-user:app-group /etc/app/config.yml + +# Only app user can write, app group can read, others blocked +``` + +--- + +### 2. Symbolic vs Numeric chmod: Different Tools for Different Jobs + +**Symbolic (+/-) Method:** +- Best for: Making incremental changes +- Examples: +```bash + chmod +x deploy.sh # Add execute + chmod go-w sensitive.conf # Remove write for group and others + chmod u+rw,go+r readme.md # Multiple changes +``` +- **Advantage:** Don't need to know current permissions +- **Use when:** Adding/removing specific permissions + +**Numeric (777) Method:** +- Best for: Setting exact permissions +- Examples: +```bash + chmod 755 script.sh # Exactly rwxr-xr-x + chmod 600 private.key # Exactly rw------- +``` +- **Advantage:** Precise and repeatable +- **Use when:** Setting up files from scratch or in scripts + +**Real-world application:** +```bash +# In deployment scripts, use numeric for consistency +chmod 644 /var/www/html/*.html +chmod 755 /var/www/html/cgi-bin/* + +# For manual fixes, symbolic is faster +chmod +x forgotten-script.sh +``` + +--- + +### 3. Directory Permissions Work Differently Than File Permissions + +**Critical Difference:** + +For **files:** +- `r` = read contents +- `w` = modify contents +- `x` = execute as program + +For **directories:** +- `r` = list contents (`ls`) +- `w` = create/delete files inside +- `x` = enter directory (`cd`) + +**Important:** You need `x` to do ANYTHING in a directory! + +**Example scenarios:** + +**Scenario 1: Can list but can't enter (r-- permissions)** +```bash +chmod 400 mydir +ls mydir # Works - can list +cd mydir # Fails - can't enter +``` + +**Scenario 2: Can enter but can't list (--x permissions)** +```bash +chmod 100 mydir +ls mydir # Fails - can't list +cd mydir # Works - can enter if you know the path +``` + +**Scenario 3: Proper directory permissions (r-x permissions)** +```bash +chmod 755 mydir +ls mydir # Works +cd mydir # Works +``` + +**Real-world application:** +```bash +# Web server document root +chmod 755 /var/www/html +# Apache can enter and list, users can read files inside + +# Shared project directory +chmod 775 /opt/team-project +chmod g+s /opt/team-project # setgid bit +# Team can collaborate, files inherit group + +# Private backup directory +chmod 700 /backup/sensitive +# Only owner can enter, list, and modify +``` + +**Pro tip:** Always set directories to 755 or 775, never 644! + +--- + +## Additional Insights + +### Special Permissions: Beyond rwx + +**Setuid (s in owner position):** +```bash +chmod 4755 file # -rwsr-xr-x +``` +- File executes with owner's privileges +- Example: `/usr/bin/passwd` runs as root to modify password file + +**Setgid (s in group position):** +```bash +chmod 2775 directory # drwxrwsr-x +``` +- New files inherit directory's group +- Essential for shared directories + +**Sticky bit (t in others position):** +```bash +chmod 1777 /tmp # drwxrwxrwt +``` +- Only file owner can delete files +- Used in `/tmp` for shared temporary storage + +--- + +### Quick Reference: Common Scenarios + +**Web server files:** +```bash +# HTML/CSS/JS files +chmod 644 *.html *.css *.js + +# CGI/PHP scripts +chmod 755 *.cgi *.php + +# Directories +chmod 755 */ +``` + +**SSH keys:** +```bash +# Private key (never share) +chmod 600 ~/.ssh/id_rsa + +# Public key +chmod 644 ~/.ssh/id_rsa.pub + +# .ssh directory +chmod 700 ~/.ssh +``` + +**Log files:** +```bash +# Application logs +chmod 640 /var/log/app.log +chown app:syslog /var/log/app.log + +# System logs +chmod 644 /var/log/syslog +``` + +--- + +## Troubleshooting Guide + +### Problem: "Permission denied" when executing script + +**Diagnosis:** +```bash +ls -l script.sh +# Check if 'x' permission exists +``` + +**Solutions:** +```bash +# Option 1: Add execute permission +chmod +x script.sh + +# Option 2: Run with interpreter +bash script.sh +python script.py +``` + +--- + +### Problem: Can't modify file I created + +**Diagnosis:** +```bash +ls -l file.txt +# Check if 'w' permission exists for owner +``` + +**Solutions:** +```bash +# Restore write permission +chmod u+w file.txt + +# Or set to standard permissions +chmod 644 file.txt +``` + +--- + +### Problem: Can't delete file in directory I own + +**Diagnosis:** +```bash +ls -ld /path/to/directory +# Check if directory has 'w' permission +``` + +**Solutions:** +```bash +# Add write permission to directory +chmod u+w /path/to/directory + +# Then delete file +rm /path/to/directory/file.txt +``` + +--- + +## Verification Checklist + +### Files Created ✅ +- [x] devops.txt (empty file via touch) +- [x] notes.txt (content via echo/cat) +- [x] script.sh (content via vim) +- [x] project/ (directory with 755) + +### Files Read ✅ +- [x] Full content with cat +- [x] Partial content with head/tail +- [x] Read-only mode in vim + +### Permissions Modified ✅ +- [x] script.sh → executable (755) +- [x] devops.txt → read-only (444) +- [x] notes.txt → 640 permissions +- [x] project/ → 755 permissions + +### Permissions Tested ✅ +- [x] Write to read-only file (denied) +- [x] Execute non-executable (denied) +- [x] Documented error messages +- [x] Verified permission changes + +--- + +**Created for:** 90 Days of DevOps Challenge - Day 10 +**Focus:** File creation, reading, and comprehensive permission management +**Skills Mastered:** touch, cat, vim, head, tail, chmod (symbolic & numeric), permission testing +**Date:** February 03, 2026 + +--- + +## LinkedIn Post (Ready to Share) + +🚀 **Day 10 of #90DaysOfDevOps Complete!** + +Today I mastered Linux file permissions - the foundation of system security! + +**Key breakthroughs:** +✅ Learned the difference between symbolic (`chmod +x`) and numeric (`chmod 755`) permission modes +✅ Discovered directory permissions work differently - you need `x` to even `cd` into a directory! +✅ Tested permission restrictions hands-on and documented every error message + +**Most important insight:** +File deletion depends on **directory** write permissions, not the file itself. This is why you can delete a read-only file if you own the directory! 🤯 + +**Real-world application:** +```bash +chmod 600 ~/.ssh/id_rsa # Private SSH key +chmod 755 ~/scripts/*.sh # Executable scripts +chmod 640 /etc/app/*.conf # Sensitive configs +``` + +These fundamentals prevent security breaches and protect critical infrastructure. + +#DevOpsKaJosh #TrainWithShubham #LinuxSecurity #FilePermissions