Managing Access to Trinity User with Pudu Privileges

=====================================================

To define a policy for our Trinity user and let her run any sudu command, we need to add a line that specifies a policy for all users in the developers group. We can write this line as follows:

```

sudo -P "%users@* : /bin/sudo, !root"

```

This line allows the developers group to use sudo commands with no root login and no sudu. We can also specify additional policies by adding more fields to the line.

For example, to limit Trinity's ability to run sudu commands to only LS and Stat commands, we can write:

```

sudo -P "%users@trinity : /bin/sudo, !root, ls, stat"

```

This line allows Trinity to use sudo commands with no root login and only run the LS and Stat commands.

Temporary Root Access

---------------------

To temporarily become root when needed, we can use Pudu. When we run a command using Pudu, it's basically the same as if the root user would have executed that command. For example:

```

sudo su -c "ls /home/Trinity"

```

This command logs us in as root and runs the LS command on Trinity's home directory.

However, there are situations where we may want to log in as root for a user with pseudo access. In such cases, we can use Pudu's login feature:

```

sudo su

```

To exit from a root session, we can type "log out".

Unlocking the Root Account

-------------------------

If the root account is locked due to a forgotten password or other reasons, we can unlock it using either the long or short form of the password unlock command. For example:

```

sudo -u root password lock --unlock

```

Alternatively, we can use the short form:

```

sudo su -u root password unlock

```

After unlocking the account, we can log in as root by typing the new password.

Locking the Root Account

-----------------------

To prevent unauthorized access to the root account, we can lock it using the `lock` option of the `password` command. For example:

```

sudo -u root password lock

```

This line locks the root account and prevents any logins except for those that were previously set up using SSH private keys or other secure methods.

Virtualization

--------------

While we've covered the basics of Linux, there's much more to learn about networking, service configuration, storage management, troubleshooting, monitoring, process management, and virtualization. These topics are all covered in the Linux learning path, which includes three certification courses: the Linux Foundation certified systems administrator, the LPIC-1 series, and the Red Hat certified systems administrator course.

Conclusion

----------

In this Linux crash course, we've covered the basics of Linux, including managing access to Trinity user with Pudu privileges. We've also discussed temporary root access, unlocking and locking the root account, virtualization, and more. While there's much more to learn about Linux, I hope you enjoyed this material and gained experience to help you on your Linux journey.

**Linux Learning Path**

* [Linux Foundation Certified Systems Administrator](https://www.linuxfoundation.org/certification/certified-system-administrator)

* [LPIC-1 Series](https://lpiccertifications.com/)

* [Red Hat Certified Systems Administrator](https://www.redhat.com/en/training/certification/rhel-certification)

**Subscribe to our Channel**

For the latest videos about Cloud native and Kubernetes, be sure to subscribe to our channel.

"WEBVTTKind: captionsLanguage: enthis Linux course covers a wide range of essential Linux topics from beginner to Advanced the course also includes interactive labs to provide hands-on experience with the skills you'll learn Linux specialist Aaron Locker created this course in this course Aaron teaches you the basics of the Linux operating system including how to log into a host through a local remote console how to read and use system documentation how to work with files and directories how to create and manage hard and soft Sim links lists set and change file permissions he search fil with grep how to analyze text with regular expression how to manage user accounts and how to manage resources also and then how to manage user access privileges as well as access to the root account which is kind of the primary account of the system this course is about 2 hours of video and 2 hours of Hands-On lab time by the end of this course you should aim to get a high level understanding of Linux and not just the theory but also the experience with the Hands-On practice now each concept taught in this video is followed by a Hands-On lab our labs open right up in your browser and it comes absolutely free with this course so there's no need to spend any time on setting up your own environments you go from watching a video to practicing it in less than 30 seconds the labs are challenge based and so each lab is specifically designed to help you practice the concepts that you just saw in the video so here's how I recommend that you take this course set aside 4 hours of time for this entire video and course turn off the notifications on your mobile phone turn off any desktop notifications like slack email Discord or any other distractions and just get into that focus zone make sure you are ready to block out a few hours of your time and aim to stick to the curriculum in labs in order to finish the course so before we begin head over to this link to download the deck with notes used in this course and to access the labs that come free with this course go to code. Wiki so k o DWI Ki SL Linux dlabs or scan the QR code that you see on the screen once you are on the page click on the button to enroll for free the first topic has the deck with the resources that you can download and this is Handy to keep while you're working on the labs so that you can use it for reference the remaining topics are the labs so select a topic and click the start button and that's going to load the lab in your browser but you don't have to start them now we'll let you know when to access which Labs so enroll in the labs download the deck and then come back here to continue the course hello and welcome to code Cloud's Linux tutorial I'm aarin lockart and I'll be your instructor for this course as for stack overflows insights the most common and the most loved platform used for development work happen Happ s to be Linux here's what you'll learn in this course log into local and remote graphical and text mode consoles read and use system documentation create delete copy and move files and directories create manage hard links and soft links list set and change standard file permissions use pagers in the bi editor search files using grep analyze text using basic regular expressions and extended regular Expressions create delete and modify user accounts local groups and group memberships configure user resource limits manage user Privileges and how to manage access to the root account this is primarily a Hands-On course with interactive videos and Labs that will help you learn Linux our crisp and concise lectures simplify complex Concepts using illustrations and animations other concepts are explained by demonstration videos these will be live demonstrations where I will walk you through a task or a concept with a video example and of course you have access to Labs where you can get Hands-On practice on everything we teach since you'll be learning to perform tasks a system administrator would normally perform you'll need to get practice so it's important that you spend time working with the labs for the course our Hands-On labs open right in your browser so you won't need to set anything up for yourself to practice each lab will have a series of questions or exercises and a terminal for you to perform the necessary tasks there are also hints and Solutions in case you get stuck but always try to work out the solutions for yourself you'll get instant feedback from the lab system when you check your answer and you can work with the lab as many times as you want for each set of lessons until you're comfortable with performing the tasks before moving on to the next set of lessons well I'm excited to get started in this lecture we'll talk about how to log into a Linux system locally and remotely in both graphical and text mode consoles this will be a very practical course we'll take a look at why we need to do certain things then we'll explain how to do those things we'll experiment with a few commands at the beginning of each lesson then we'll explain the theory behind those commands this should make the course more fun engaging and easier to understand so let's Dive Right In and start with some simple Concepts we're all used to logging into apps or websites by providing a username and password logging into a Linux system is pretty much the same so there's not much mystery here we'll look at four ways to log in logging into a local Linux system using the local text mode console logging into a local Linux system using the graphical mode console logging into a remote Linux system using a text mode login and logging into a remote Linux system using a graphical mode login you'll often hear terms like console virtual terminal and terminal emulator it may be hard to understand why they're called this way nowadays a console is just a screen where your operating system displays some text and where it allows you to log in or type commands and a terminal emulator is nothing more than a graphical app that runs in a window and does a similar thing shows you text output and allows you to type commands these terms come from the old days of computing computers were incredibly expensive so a building may have had a single one available for the entire building but multiple people could connect to it and do their work by using physical devices that allow them to type text and commands and also display on a screen what was currently happening those devices were consoles or ter teral so instead of buying 25 super expensive computers you could have just one but 25 people could use it even at the same time nowadays consoles and terminals in lenux are usually things that exist in software rather than hardware for example when you see Linux Boot and a bunch of text appears on the screen telling you what's happening as the operating system is loading that's the console after a Linux machine has booted if you press control alt F2 on the keyboard you'll see a virtual terminal in this case bt2 if you have Linux installed on your desktop with a graphical user interface when you want to type commands you open a terminal emulator let's move back to logins in practice most often you'll log into remote Linux systems but let's start with some less common scenarios local is just a tech word for something that is in front of you or something you can physically access a computer on your desk is a local a server running on Google cloud is remote usually when Linux is installed on servers it's installed without a gooey uh no graphical user interface components there's no mouse pointer no buttons no windows no menus nothing of that sort just text but you might sometimes run across servers that include this goey logging in is super easy as it's all in your face you'll see a list of users you can choose from and you can then type your users password and don't forget to log out when you finished your work if the device has the typical server oriented Linux OS installed without any guey components logging in locally is also easy you'll usually see something like this on your screen there's no list of users this time but you can just type your username and then your password and no note that you won't see your password as you type when your work is done you should type exit to log out again most Linux operating systems running on servers will have no gooey components installed but you'll sometimes run into exceptions connecting to a remote server that has a graphical user interface is slightly more tricky first of all there's no standard set in stone whoever configured that server chose their preferred way of dealing with these remote graphical logins they could have chosen to install a BNC Solution that's virtual network computing in this case you'd need to download the proper VNC client also called a VNC viewer to connect to it this might be tight VNC or real VNC or something else entirely it all depends on the VNC server running on the remote system and which VNC clients your local operating system supports if the administrator of that server wanted to let Windows users connect easily it might mean that they use a solution allowing for RDP connections or remote desktop protocol this means that you could just click on Windows start button and type remote desktop connection open that app and then enter the username and password you've been provided whatever it might be connecting to a remote graphical console is pretty easy it all boils down to downloading the application that lets you do that entering the remote systems IP address followed by a username and a password initiating a text based remote connection to a Linux system is pretty standard that's because almost every Linux server uses the same tool that allows for remote logins the open SSH Damon that's a program that runs in the background on the server all the time SSH comes from secure shell until SSH something called tet was the standard tnet was highly insecure as it did not encrypt communication between you and the server you were connecting to this meant that anyone on the same network with you could steal your Linux user password and see everything you did on that server during your tnet session the SSH protocol uses strong encryption to avoid this and the op SSH Damon is built very carefully to avoid security bugs as much as possible long story short op SSH is used by millions of servers and has stood the test of time proving to be very hard to have for these reasons everybody happily uses it and trusts that it can do a pretty good job at only letting authorized people log into their operating systems while keeping bad people out in case you're following Along on your virtual machine log in locally directly from the virtual machine window and then enter this command that's IP space a you'll see which IP your machine uses I've outlined the information we're looking for in yellow we'll use this IP in our case 1 192.168.0.1 to simulate a situation where we have a server in a remote location now to recap we have an SSH Damon program running on the server this listens for any incoming connections to be able to connect to this remote SSH Damon we'll need something called an SSH client yet another program this client will run on our current laptop or desktop computer Mac OS systems and Linux based operating systems such as Ubuntu already have an SSH client pre-installed if you're on Mac OS or Linux open a terminal emulator window in the past if you were running Windows you needed to install an SSH client like putty on the latest Windows 10 this is no longer necessary as an SSH client is also pre-installed if you're on window Windows click the start menu and type CMD to open up command prompt to connect to a remote Linux system through SSH type SSH space the username you would like to use on the remote Linux system an at symbol and then the IP address of the machine here we have Aaron at1 192.168.0.1 of course replace eron with the actual username you created inside your Linux OS running in the virtual machine and do the same with the IP address from here on we'll stay inside this ss8 session to go through all the exercises in the upcoming lessons here we're going to demonstrate a graphical login for a local machine we're going to demonstrate a remote login using RDP on a remote machine graph L and we'll also demonstrate a text mode login via SSH so to get started we have a Centos svm here already booted up uh so we have the graphical package installed and we'll select our username it's going to be a pretty familiar process the same one that you use at home or on your work computer you'll provide your username after selecting that you'll provide your password and click sign in after a moment it'll load the default operating environment which for C OS is going to be gnome so we can go ahead and log out of that particular session next up I've configured another BM to accept Windows remote desktop connections so you open your remote desktop tool provide the IP address which we already have filled in here and click connect that loads a little bit different uh log in screen it's already pre-populated the username because I've used this before that username is student so we'll provide the password Here click okay that's going to load a remote graphical session using that Windows remote desktop tool you can see the IP address of the machine at the top and while we're here going to go over to activities and select the gnome terminal to open a b a terminal emulator and here we can see that we are student at LF cs- Centos S2 this the host name so here we'll type SSH we're going to do Aaron at 192.168.0.1 which is the IP address for the first client that we logged into using the local login it's going to prompt us for the password which as you'll recall from the lecture video is not going to show anything when we type go ahead and hit enter and now we can see our last login and we'll see that we are Aon at lfcs dentos which was the first host you can go ahead and exit to end your SSH session now you see that we're back as student at lfcs dentos S2 we can type exit to close the terminal emulator and then we'll go over and log out there will be many commands we will use in Linux and each command has a lot of command line switches how are we supposed to remember them all as we use a command repeatedly we'll learn everything about it and memorize what each option does but in the beginning we might forget about these options after just one or two uses that's why Linux gives you multiple ways to access help manuals and documentation right at the command line let's say you want to see that long listing format with ls to get a good look at file permissions but you forgot what the correct option was was it- P for permissions we can get a quick reminder with ls-- help this will show us a lot of output but if we scroll up we'll find what we're looking for the DL flag in this case you can see how command line options are sorted alphabetically and described with short text that's why the d-el option per commands will very often be helpful when we forget about these options and we will as there are so many of them preach command d-el will usually show a condensed form of help with very short explanations for LS that's okay as it's a very simple command other commands however are very complex and we need to read longer explanations to understand what they do and how we use them so let's take Journal CTL as an example it's a command that lets us read system logs Journal CTL d-el will show us this notice that this opens in a slightly different way you can take a look at the bottom left corner and you'll see lines 1 through 27 this opened in what Linux calls a pager it's simply a text viewer of sorts that lets us scroll up and down with our arrow keys or page up and page down and to exit this help page we press Q all important commands in Linux have their own manuals or Man pages to access a command's manual enter man followed by the name of the command in our case we'd use man journal CTL so now we get a short description of what the command does in the name section a general Syntax for the command in the synopsis section a detailed description of the command how it works and so on in the description section it could be a detailed description of command line options in the option section and some manual pages even have some examples near the end of the manual sometimes you'll have two manual pages with the same name an example is print app print app is a command but print app is also a function that can be used by programmers manual pages can fall into one of these categories or sections and we can see these by looking at the man page for man Itself by typing man man if you want to read the man page about printf the command you tell man that you want to consult print F from section one like this man one print F if you want to read about print F the function you tell man that you want to look at section three Man 3 print F it's useful to know that during online exams the Linux foundation will let you use man and --el try to use help if you forgot a command line option as that gives you the fastest results diving deep into a manual page will eat up more time but this is all well and good when we know what command we want to explore but what if we can't even remember the name of the command that we need to use imagine you forgot the name of the command that lets you create a new directory how would you search for it opoo is a command that lets you search through Man pages it looks at the short descriptions of each man page and tries to see if it matches the text we entered for example with this line we can search for all Man pages that have the word director in their short descriptions we'll use director and not directory director will match commands that contain the word directory but also ones that contain directories so we keep it more generic this way the first time we run oper propo director we'll get an error that's because opopo relies on a database a program must refresh it periodically since we just started this virtual machine the database hasn't been created yet we can create it manually with sudu man DB on servers that have already run for days there should be no need to do this as it will be done automatically now the opero command should work if we scroll up we can see the ENT that we're looking for which is MK deer but those are a lot of entries it makes it hard to spot what we're looking for you see opero doesn't just list commands it also lists some other things we don't need currently we see stuff like the two in parenthesis that signals that the entry is in section two of the manual pages that's system calls provided by the Linux Kel is to Advan for our purposes commands will be found in sections 1 and 8 and we can tell opao to only filter out results that lead to commands from these sections we do this by using the- S option followed by a list of the sections we need such as oo- s1a 8 director and we can spot what we're looking for more easily so notice how mk's descript contains the word directories if we'd used the word directory in our Opera post search this command wouldn't have appeared since directory wouldn't have matched directories this is something to keep in mind when you want to make your searches as open as possible and match more stuff another thing that'll save you a lot of time is autoc completion for example type system C and then press tap that'll give you system C TL although this is not technically system documentation it can still be helpful many commands have suggestions on what you can type next for example try this type system CTL add a space after the command but don't press enter and now press tab twice you'll get a huge list of suggestions this can help you figure out what your options for that command are although you should not always rely on it it's not necessary that absolutely all options are included in this suggestion list let's do a little more add to that list dasde and then press tab you'll see that indenes will get added to the end and you get system CTL list- dependencies this is tab autoc completion and many commands support it when you press tab once if your command interpreter can figure out what you want to do it will automatically fill in the letters if there are many Auto complete options and it can't figure out which one you want press tab again and it will show the list of suggestions we observed earlier these will be huge Time Savers in the long run and they might even help you in the exam to shave off a few seconds here and there which might add up and let you explore an extra question or two tab suggestions and autoc completions also work profile names or directory names for example try typing LSU and then hitting tab that'll give you SL USR slash now if you do it again so press Tab 2 more times you can see the directories available in SL USR SL without even needing to explore this directory with ls beforehand and if we had a long file name like WordPress archive. tgz we might be able to just type w press Tab and that long name will be autocom completed so here's a recommendation while manuals and d-el pages are super helpful the first few times you use them it might be hard to figure out how to do something with that info alone we recommend you take a command you know nothing about and try to figure out with just man and d-el how to do something with it this practice will help you develop the ability to quickly look for help when you're taking the lfcs exam there will be questions about theory that you either don't know about or you just forgot if you know how to quickly figure out the answer with a man page or d-el you'll be able to pass the exam much more easily it's time to gain hands-on experience with the code Cloud labs this course is designed for you to have a seamless experience from start to finish and that's why we have Labs after each concept that will help you gain hands-on experience on exactly what you learned up until that moment so to begin with we're going to work on an exist Linux host that's already set up and this will help you get familiarized with the Linux operating system the Linux command line interface and it will get your hands dirty to borrow a phrase at the end of this course we'll share instructions on setting up your own local environment for you to continue your studies we do not want you to be distracted with any issues that might come up when you try to build your own Linux system or Linux cluster so my recommendation is to aim to complete this course only using the labs that we provide in the browser and go from start to finish without any Interruption if this is a 2-hour course then you should aim to complete it in 2 or 4 hours at the maximum so head over to the labs using the links given below and come back here once you are done now we'll look at how to create delete copy and move B files and directories and lenux before we dive into this lesson we need to understand a few basic things what is a file system tree what is an absolute path and what is a relative path to list files and directories in your current or working directory we use the ls command in Linux using LS in your home directory might look like this LS comes from list on Linux files and directories can have a name that begins with a DOT an example would be the SSH directory these won't be displayed by a simple LS command they are in a way hidden to list all files and directories even the ones beginning with a DOT use ls- a the- a flag comes from the word all of course to list files and directories from a different location we just type the directory path at the end of Ls like lsbar log or ls- lbar log to list files and directories in a different format called a long listing format that's going to show us more details for each entry like the permissions for a file or directory what user or group owns each entry and when it was last modified we can combine the- a and- l command line options like this either by writing ls- A-L or ls- this will display entries in the long listing format and also so show us the pseudo hidden files and directories which have a name beginning with a dot it doesn't matter which order you put the plags and you don't have to put a dash in front of each of them however the last form is preferred as it's faster to write there's also a command line option DH that show sizes in human readable format like bytes kilobytes megabytes and so on and this has to be combined with the dasl option if we wanted to use all three options we could use ls- a and there we can see all of our previous information but also the human readable sizes like bytes kilobytes and megabytes Linux organizes files and directories in what it calls the file system tree why is it called a file system tree that's because like a tree we'd see in nature this also has a root branches and leaves except linux's file system tree is inverted the root is at the top and its branches and leaves grow downward the root directory is Slash and this is the top level directory there can be no other directories above it under slash there are a few subdirectories like home bar Etsy and so on these subdirectories may also contain other subdirectories themselves to access a file or directory on our command line we must specify its file path or directory path this path can be written in two different ways the easiest to understand is the absolute path slome Aron do/ invoice. PDF is an example of such a path absolute paths always start out with the root directory represented by slash then we specify the subdirectories we want to descend into in this case first home then Aaron then documents and we can see the subdirectory names are represented by a slash finally we get to the file we want to access which is invoice. PDF an absolute path can end with the name of a file but also with the name of a directory if we'd want to refer to the document directory we could specify a path like slome Aon doents to understand a relative path we must first explore what the current directory means this is also called The Working directory to see our current or working directory we can type PWD and that stands for print working directory when we're working at the command line we're always inside of a directory for example example if we log in as a user Aaron on some server our starting directory might be slome Aon and every user starts in its home directory so Jane might have it atome Jane and root the super user or administrator has it at /root to change our current directory we use the CD command and CD stands for change directory so if we entered CD SLB bar/ log that would change our current directory to/ barlog and here we used an absolute path but we can also change directories in another way uh for example using cd. dot which would take us one directory up so if we were to CD first into slome eron running cd. dot would take us into slome which becomes the new current directory dot dot always refers to the Parent Directory of our current directory so this was a pretty simple example of using a relative path so let's dive a little deeper let's imagine our current directory is slome Saron with relative paths we can refer to other places in one of three main ways the first is locations under our current directory so for example documents invoice. PDF since we're inhome Erin typing a path like documents invoice. PDF is like typing slome aandd invoice. PDF our relative path gets added to the current directory and we get our PDF file we can also refer to locations in our current directory so typing invoice. PDF will'll access the file at/ homes /ar invoice. PDF we can also refer to locations that are above our current directory typing do.in PDF points to the file atome invoice. PDF since we used do slash we basically said go One Directory up and we can use dot dot multiple times do. invoice. PDF points to the file at/ invoice. PDF the first dot dot moved the relative path to home and the next moved it to slash so a few extra tips if you're in SLB barlog currently and you want to move to slash you could run the command CD slash and it will take you to the root directory you can return to your previous working directory with the cd- or CD minus minus command that would take you back to /b barlog so if you're in the SLB barlog directory and you want to return to your home directory which in our case is slome Aaron you'd just use CD by itself CD without any options or paths after it will always take you back to your home directory so let's assume we're in our home directory and we want to create a new file to do this we use Touch for example to create a file named receipt. PDF we would type touch receipt. PDF and this will create it inside the current directory to create it at another location we could use Touch slome Jan re.pdf and since we're inhome Aron we could also use the relative path to create the file inhome Jane by typing touch do dojan SL re.pdf both commands would work the same because all the commands will discuss except both absolute and relative paths so we won't mention these alternatives for each one just know that after the command you can use any kind of path you want to create a new directory use mkd for example mkd receipts mkd comes from make directory to copy a file we use the CP command which is short for copy CP is followed by the path to the file we want to copy which is our source and then the path to the destination where we want to copy it to copy receipt. PDF to the receipts directory we'd use CP receipt. PDF receipts slash notice how we terminated the path to the to the receipts Direct with a slash to make it receipt slash without the slash it would have worked too but it's good practice to end your directories with a slash this way you'll form a healthy habit and get a visual indicator that tells you when receipts without a slash might be a file and receipts with a slash might be a directory to copy receipt. PDF to the receipts directory but also choose a new name for it we could use CPR receipt. PDF receipts receip copy.pdf to copy a directory and all its contents to another directory run the CP command as before but with the dasr option the- R is a command line option they're also called command line flags and that tells CP to copy recursively and that means to copy the directory itself but also descend into the directory and copy everything else it contains like files other subdirectories it may have and so on so for example say I have a lot of directories subdirectories and files under the receipts directory I'd like to back up all the contents into a backup directory named backup of receipts to do this we'd run the command cp-r receipts SL backup of receipts slash this copies all subdirectories and files from the receipts folder into the backup of receipts folder the name you choose for your clone directory must not exist at your destination so for example if we already had a directory at slome aandb backup of receipts then this will just move receipts there and it would end up at documents SLB backup of receipts SL receipts slash so we saw that the copy operation copies a file from one place to another resulting in two copies of the files the original one and the one in the new location but what if we want to move a file from one location to another so that the file is not present in the original location and is only present in the new location for this use the MV command MV stands for move run the command MV receipt. PDF receipt slash to move the file from receipt. PDF to the receipts folder the file is moved and there is only one copy of the file available to rename a file we can use MB re.pdf old receipt. PDF to rename a directory we can use the new name as the destination such as MV receipts SL old receipts slash notice here that you don't need to use the dasr recursive flag when you use MV MV takes care of all of that itself to delete a file we use the RM command RM comes from remove to delete the file invoice. PDF we can use RM invoice. PDF to delete a directory like the invoices directory we' use rm- R invoices slash to make it recursive so once again the- R option makes it recursive deleting the directory along with its subdirectories and files so whenever you copy or delete directories remember to always add the- R option in this lecture we'll look at how Linux manages hard links to understand hard links and soft links we must first learn some very basic things about file systems so let's imagine a Linux computer is shared between two users Aaron and Jane Aaron logs in with his own username and password and Jane logs in with her own username and password this lets them use the same computer but have different desktops different program settings and so on so Aaron takes a picture of the family dog and saves it tohome aonp picturesfamily dog.jpg let's simulate a file like this with this we created a file at picturesfamily dog.jpg and stored the text picture of Milo the dog inside there's a command on Linux that lets see some interesting things about files and directories that's the stat command so here we'll notice an iode number well what is this file systems like xfs ext4 and others keep track of data with the help of iodes our picture might have blocks of data scattered all over the disc but the I node remembers where all the pieces are stored it also keeps track of metadata things like permissions when the data was last modified or last accessed and so on would it be pretty inconvenient to tell your computer hey show me inode 529 46177 so we work with files instead the one called familycore dog.jpg in this case the file points to the iode and the iode points to all the blocks of data that we require and finally we're going to get to what interests us here we notice this in the output of our stat command there's already one link to our iode yes there is when we create a file something like this happens we tell Linux hey save this data under this file name familycore dog.jpg and Linux says okay we'll group all this files data under inode 529 46177 data blocks and iode are created will hardlink the file family dog.jpg to inode 529 46177 so now when we want to read the file we say hey Linux give me the data for familycore dog.jpg and Linux says okay let me see where that inode links to here's all the data you requested for inode 529 46177 so the number shown as links in the output of the stat command is the number of hard links to this iode from files or file names it's pretty easy to understand but why would we need more than one hard link for this data well Jane has her own Bolder of pictures at slome janp pictures how could eron share this picture with Jane the easy answer is just copy slome aonp picturesfamily dog.jpg tohome janp picturesfamily dog.jpg no problem right but now imagine we must do this for 5,000 pictures we would have to store 20 gigs of data twice so why use 40 gigs of data when we could just use 20 how can we do that so instead of copying slome aonp picturesfamily dog.jpg to /home janp picturesfamily dog.jpg we could hardlink it tohome janp picturesfamily dog.jpg and the syntax of the command to do that is like this Ln path to the Target path to the link file the target file is the file you want to link with and the link file is simply the name of this new hard link we create technically the hard link created at the destination is a file like any other the only special thing about it is that instead of pointing to a new I Noe it points to the same I node as the target file in our imaginary scenario we'd use a command like lenhome aonp picturesfamily dog.jpg slome janp picturesfamily dog.jpg now our pictures only stored once but the same data can be accessed different locations through different file names and if we were to run the stat command now we'd see the links are now two as the I node now has two hard links pointing to it and another beautiful thing about hard links is this say Aaron and Jane share the same 5,000 pictures through hard links and maybe Aaron decides to delete his hardlink ofhome aonp picturesfamily dog.jpg what will happen to Jane's picture nothing she'll still have access to that data but why because the iode still has one hard link to it before it had two now it has one but if Jane also decides to delete her hard link to the picture atome janp picturesfamily dog.jpg the I node will have zero links to it and when there are zero links the data itself will be erased from the dis the beauty of this approach is that people that share hard links can freely delete what they want without having a negative impact on other users that still need that data but once everyone deletes their hard links to that data the data itself will be erased so data is intelligently removed only when everyone involved decides they don't need it anymore there are some limitations for hard links and lenux you can only hard link to files and not to directories you can also only hard link to files on the same file system if you had an external drive mounted at/ mntb backups for example you would not be able to hard link a file from your ssdh homeerin uh to some other file on SL mn/ backups since that's a different file system there are some other things to take into consideration when you hard link first make sure that you have the proper permissions to create the link file at the destination in our case we need write permissions atome janp pictures and second when you hardlink a file make sure that all users involved have the required permissions to access that file for Aaron and Jane this might mean that we might have to add both their usernames to the same group for example family then we'd use a command to let the group called family read and write to this file you only need to change permissions on one of the hard links and that's because you're actually changing permissions stored by the iode so once you change permissions at slome SARP picturesfamily dog.jpg slome janp picturesfamily dog.jpg and all other hard links will show the same new sets of permissions let's look now at how Linux manages soft links you know how when you install a program on Windows you might get a shortcut on your desktop you doubleclick on that shortcut and the application gets launched the application is obviously not installed on your desktop it may have its file stored in the cprogram filmcool app directory and when you double click on the shortcut this only points to an executable file at cprogram filey application. exe so the double click on that shortcut basically redirects you to the file see and/ programfiles mycool application. exe which then gets executed soft links in Linux are very similar a hard link pointed to an iode but a soft link is nothing more than a file that points to a path instead it's almost like a text file with a path to a file or directory inside the syntax of the command to create a soft link which is also known as a symbolic link is the same as before but we add the- s or-- symbolic option so it look something like this ln- s path to the Target file followed by the path to the link file where the path to the Target is the file or directory that our soft link is going to point to and the path to the link file is where our soft link will actually be created so for example to create a symbolic link that points to the slome ainp picturesfamily dog.jpg file we can run the following command Ln dsome a/p picturesfamily dog.jpg familycore doog short cut.jpg now if we list the files and directories in Long listing format with the ls- L command we'll see output like this and the L at the beginning shows us that this is a soft link and ls- L even displays the path that the soft link points to if this path is long LSL might not show the entire path an alternative command to see the path stored in a soft soft link is readlink uh followed by the path to the soft link so in our case that would be readlink familycore dogor shortcut. jpg you may also notice that all the permission bits are WX read write and execute seem to be enabled for this file and that's because the permissions of a soft link do not matter if you were to try to write to a file like FST tabore shortcut and this would be denied because the permissions of the destination file apply and/ Etc FS tab does not allow regular users to write here so in our first command we used an absolute path uh that was slome aonp picturesfamily dog.jpg we ever changed the directory name Aaron in the future to something else this soft link will break you can see broke links highlighted in red in the output of the ls- L command uh to tackle this you could create a soft link with a relative path uh say for example you were in the home directory of Aaron you could create a soft link using the relative path of the familycore dog file instead of specifying the complete path so that way when someone tries to read relative uncore picture uncore shortcut they would get directed to pictures slamily dog.jpg relative to the directory where the soft link is since soft links are nothing more than paths pointing to a file you can also soft link to directory so something like ln- s pictures slash followed by a shortcut to the directory would be valid and you can also soft link to files or directories on a different file system which differs from the way that Linux handles hard links so head over to the labs using the links given below and come back here once you are done we'll now discuss how to list set and change standard file permissions in lenux to understand how file and directory permissions work on lenux we must first look at file and directory owners if we Type ls- L we'll see something like this any file or directory is owned by a user in this case we see that the file familycore dog.jpg is owned by the user called Aaron only the owner of a file or directory can change permissions in this case Aon The Only Exception is the root user that's the super user or administrator account which can change permissions of any file or directory in the second field we see that this file also has a group associated with it and that's the family group we'll see later what the role of groups are to change the group of a file or directory we use the chgrp command and that stands for change group and its syntax is chgrp followed by the group name followed by the file or directory name so for example to change this file's group to wheel we'd use chgrp wheel familycore dog.jpg if we do another ls- l we can see that the group has now changed to wheel we can only change to groups that our user is a part of and to see which groups our current user belongs to we can use the groups command so this means we could change the group of our file to Aaron wheel or family there's also a command to change the user owner of a file or directory and that's CH WN or Chow that stands for chain owner and its syntax is CH followed by the user that we'd like to change it to and the file or directory's name so for example to change ownership of this file to Jane we'd use CH Jane family dog.jpg but only the root user can change the user owner so we'd have to use the sudu command to temporarily get root privileges and that's why here we have sudu CH Jane family dog.jpg so with another ls- L we can see the user has now changed to Jane we can change both the user owner and the group with a different syntax of chow it be Chow user colon group follow by the name of the file or directory and again since only root can change user ownership we're going to set the user back to Aaron and the group to family to RT all of our changes by using sudu Chow Aaron colon family family dog.jpg and one last ls- L will show us that the owner is aing again and the group is family our ls- L command also shows us the permissions of all files and directories in our current directory the first character on that line shows us what type of an entry this is so whether it's a file a special file a directory and so on so for example we'd see D for a directory L for a soft link or dash for a regular file and here's a table that shows the different identifiers and what they stand for we'll learn about some of these file types later in this course the next nine characters show us permissions so the first three are permissions for the user that owns the file the next three are permissions for the group that the file F belongs to and the last three are permissions for other users that's any user that is not Aaron or not part of the family group in the example we've been working with so let's see what RW and x mean in two different context because they act in a certain way for files and have a slightly different behavior for directories so here for a file R means that the user group or other users can read the content of this file a dash means they cannot read it w means the user group or other users can write to this file to modify its contents and X means the user group or other users can execute this file some files can be programs or shell scripts list of instructions we can execute so to be able to run this programmer shell script we must have the X permission a dash permission here means the programmer shell script cannot be executed for directories we must think a little differently unlike a file that may contain text to be read executed and modified directories do not have such contents their contents are the files and subdirectories they hold so read write and execute refers to these files and subdirectories they have inside so R means the user group or other users can read the contents of this directory we need an R permission to be able to run a command like LS pictures SL and view what files and subdirectories we have in the directory w means the user group or other users can write to this directory we need W to be able to create or delete entries in that directory like adding or deleting files or subdirectories as when we use the MK deer command and X means we can execute into this directory we need X to be able to do CD pictures and enter into the pictures directory when directories are meant to be accessible you'll normally find both the r and the X permissions enabled whenever you're on a Linux system you're logged in as a particular user we've changed permissions in an interesting way to make this easier to understand so look at the permissions for the familycore dog. JP G file it's set to- r-- RW d--- uh that's uh read only for the owner read right for the group and no permissions for others we see that the current owner of the file is Aaron and we know Aaron is part of the family group can Aaron write to this file considering the fact that the OWN owner has readon permissions it might seem that he should be able to do that as he's part of the family group and that group has read write permissions but if we try to add a line of text this file it fails and why is that because permissions are evaluated in a linear fashion from left to right with these permissions in mind let's see how the operating system decides if you're allowed to do something it goes through a logic like this who's trying to access the file well that's Aaron and who owns this file Aaron is the owner and owner permissions apply Aaron can read the file but cannot write to it so write permission is denied it does not evaluate the permissions of the group because it already matched you to the first set of permissions the ones for the owner of the file if you're logged in as a different user for example Jane the logic would be more like this so who's trying to access the file Jane and who owns the file Aaron okay owner permissions do not apply uh moving on to group permissions is Jane in the family group yes she is okay so group permissions apply Jane has read write permissions so she can read and write to the file if the user trying to access the file is not the owner and is also not in the family group the last three permissions would apply the permissions for other users so now that we have a basic understanding of permissions let's move on to how we can change them to suit our needs to change permissions we use the chod command and the basic syntax of the chod command is chod followed by the list of permissions that we want to change and then the name of the file or directory we're changing permissions for we can specify these permissions in many ways so let's start out with some simple examples we saw that our owner Aaron cannot write to this file so let's fix that to specify what permissions we want to add on top of the existing ones we use this syntax to add permissions for the user or owner it's U plus a list of permissions so some examples would be U plus w u + RW or U plus rwx to add permissions for the group it would be G plus the list of permissions and to add permissions for other users it would be o plus a list of permissions in our case we want to add the right permission for our user owner of the file so here we would use chod u+ wamore dog.jpg now the old r-- becomes our w- with the newly added W permission so we fixed our problem and Aaron can write to this file to remove permissions for the user owner we would use U followed by a list of permission so some examples would be u-w or u- RW or U dwx to remove permissions for the group it would be g-list of permissions and to remove permissions for other users be o- the list of permissions so at this point we have the permission r- dash for other users that means anyone on this system can read our familycore dog.jpg file if we want only the user owner and group to be able to read it but hide it from everyone else we can remove this R permission with chod o-r family dog.jpg now only Aon or the family group can read this file and no one else with plus and minus we saw that we can add permissions on top of the pre-existing ones or remove some of them from preexisting ones so if a file has rwx and we remove X we end up with RW DH if another file has r-x and we remove X we end up with r-- if we only care about removing the execute permission and we don't care what the other permissions are this is perfect but sometimes we'll have a different requirement we want to make sure that permissions are set exactly to certain values and we can do this with the equals sign and just like before this is done with the format U equals followed by a list of permissions or g equals followed by the list or o equals followed by the list an example we want to make sure that the group can only read this file but not write to it or execute it to do that we can run chod gals R familycore dog.jpg we can see that before group permissions were rw- we didn't tell chod to actually remove the w permissions but by saying g equals r we told it to make the group permissions exactly R d-h This only affects the group permissions and not the user or other permissions if we'd want to let the group read and write but not execute we could use chod g equals rwam dog.jpg we can see that whatever letter is missing will make chod disable permissions for that thing no X here means no execute permission will be present on the file which leads us to the next thing what if we omit all of the letters no r no W no X just chod g equals family dog.jpg this is like saying make group permissions all empty another command that does the same thing would be chod g- rwx undor dog.jpg and that's going to do the same thing but following a bit different logic that will remove all the permissions from the group r w and X so we saw how to add permissions with plus remove with minus and set exactly to with equals we can group all of these specifications in one single command by separating our permissions for the user group and others with a comma for example let's consider this scenario we want the user to be able to read and write to the file and don't care if execute permission is on or off we want the group to only be able to read exactly this permission and we want others to have no permissions at all our Command could be chod u+ RW comma G equal R comma o equals family dog.jpg or let's say we want the user to only be able to read and write but we want to remove the WR permissions for the group and leave all other group permissions as they were and we don't care about permissions that apply to other users we could use chod = RW comma g-w to family dog.jpg chod supports another way to set and modify permissions and that's through octal values first let's look at another command that shows us permissions and that's the stat command so we could do stat familycore dog.jpg and here's the list of permissions displayed by stat we can see that rw- r d d-- d has an octal value of 640 you can ignore the first 0o because that's for special permissions like set uid set GID and the sticky bit if we break this down 640 means the user owner permissions are six the group permissions are four and the other permissions are zero but how are these calculated let's take a closer look at this permission we have r w for user R for group and none set for others each permission is represented in binary if it's set the binary is set to one or else it's set to zero in this case the first part is 1 1 0 the second part is 1 0 0 and the third part is zero converting this binary to decimal would give give us six for the first part four for the second part and 0o for the third part here's a quick binary table for your reference let's take another example this time rwx r-x and r-x so the binary format would be 111 1 1 1 1 the decimal of which is 75 five in the last example it's read write and execute for all so it's one for all of the bits so the decimal value is 777 if you find binary difficult another approach would be to use the octal table and it's much simpler for each permission assign an octal value for example four for read two for right and one for execute then whichever permission is set consider the respective value for that and for the permission bit not set consider it to be zero once done add up the numbers within each group so you would get 4 + 2 = 6 4 + 0 + 0 is 4 and the last group is 0o let's look at using the same approach for the other examples as well so rwx r-x and r-x gives us 7 5 five and full permissions give us 7 77 once we identify the number we want to set it to we can use the same in the chod command as well instead of specifying the permissions for each group we could just provide a number like this chod 640 familycore dog.jpg so head over to the labs using the links given below and come back here once you are done in this demo we'll be showing off pagers and the Vim text editor pagers are programs that allow you to open multiple pages of text and navigate through them while on the terminal and the two pages Fe that we'll be looking at are called less and more the first one we'll look at is less it's a bit more feature Rich than more and to access it you first type its name followed by the name of the file that you want to open in this case I'm going to use the log file for the dnf package manager because that has enough information in it to really show off our pages so that's located at this location we press enter so now we've opened in the pager and one of the ways you can tell that you're in a pager because other programs might open them for you is that in the bottom left corner you'll see the name of the file highlighted there so with the last pager you can use the arrow keys up and down to move up and down in the file and you can also have things like search functions so for example to search for text you press the slash key you'll see that down in the bottom left hand corner followed by the term you'd like to search for I'll search for debug since I know that appears several times in this file so you'll see on the first line here it's been highlighted where it occurs and to get to the next instance on a line where it would occur you would press the in key that will continue to move to each new instance of debug but you'll notice that it's skipping some of them and that's because the case is sensitive uh so to make it case insensitive you need to pass the dash me Dash I option to ignore case and that will start getting all of the instances of debug and to move backward through previous results you would hold the shift key and press press n so a capital N will move upward through the previous results and lastly For Less in order to exit the pager you press Q to quit it's a brief overview of the L pager more does not have as many features but you do access it the same way and you'll see you'll know you're in more because it will let you know down at the bottom it will say more and show you a percentage and for more you move through things by pressing the space bar and that moves a page at a time and to get out of more you press the q key so that is it for pagers Let Me Clear My screen for you now we'll move on to the Vim text editor that is VI improved when you open it you open it with BM it'll give you this nice little greeting screen with your blank file and a couple of things that you can do shows you a few of the commands that you can have them is mode sensitive so it has different modes to be in and different keys and functions are available depending on the mode that you are in uh in order to write text into a file you need to press the I key that's for insert you'll notice down at the bottom left hand corner it now says insert and you can start typing text all right so we have this as our text for our Vim demo I'll give a couple of blank lines here all right so some things that you can do with Vim uh you press escape to go back to its default mode and you can't typee anything in the default mode so for Vim uh to search you can use the slash key just like you did in Les when you're in the default mode so I'll search for this and it doesn't find that because it is case sensitive so I can search for one that we can find so it'll highlight all instances of is if I type Ty is if you want it to be case insensitive you can do this followed by an escape character so that's a slash going the other way and then the letter c lowercase letter C think of C for case so that'll make it case insensitive okay the next thing we would want to look at uh in the default mode you can go to a particular line number by typing a colon followed by the line number so I've got about three lines in here so to go to line three we'll take our cursor to line three I type two you can see we've gone back up to two and of course one will take us back to the original line number right and to uh copy a line of text an entire line of text when you're in command mode you hit the Y y key two times Okay so we've copied it and then to paste that line of text you can use the P key in command mode so it'll paste it wherever you have it you can also cut a line of text by using the D key two times so DD we cut it and you can also paste things that you have cut with the P key so if you need to replace a line go to a particular line and replace it uh when you're working with a file those are some useful Vim commands now probably the most complicated thing about Vim the first time you open it is how do you get out of it a lot of people have trouble with that it's not really that hard if you have made changes to a file and you want to save them you hit the colon key and you type when first to save changes you would type w for write we haven't given it a file name so it has nothing to write to but to quit and write changes new colon WQ of course it's not going to let me do that because I did not give it a file name so in order to quit without making changes or saving changes that's important if you get yourself in a situation like this where you did not provide a file name then you would do en Q for quit and then exclamation mark as if you're saying you know I told you to quit and being emphatic about it and that will allow you to quit the Vim text editor without making any changes if we were to have provided a file name when we started we can do bimm test file it's already a file that we have created here so I'll just go ahead and make some changes to it it's not really important what what's in this file right and then we would do WQ write and quit and that would let us exit the pile we can actually see that that went into our file by using our cat command we see our new changes down at the bottom so that is a brief overview of the functions of less more and BM let's look at searching text using GP and Linux let's look at some basic ways to search for text at times you may have a large text file that contains a lot of data and you might want to find specific information within it for example lines containing some particular text one important Linux command that lets you search through text files is grap so let's see how it works the general syntax we will use with GP is grap followed by the search options then the search pattern file and then the file we can emit command line options but we should specify a search pattern and a file we want to search through for example to search through the SLC os- relase file and find all lines that contain the text sent OS we'd use this command uh search is case sensitive so this command would show show us different lines that would have this word with all the letters in lowercase if we want to make the search case insensitive to find both Cent OS with the capital letters and C OS lowercase or even C OS in all capital letters or any such variation we can use the - I command line option - I stands for ignore case instead of searching through a specific file we can also search for all files that exist under a directory and its subdirectories to do this we add the dasr option and instead of specifying a path to a file we specify the path to a directory R stands for recursive we can group recursive search with the ignore case option using- IR our regular user cannot read most of these files so we get permission denied errors if we want to search through system files that only the administrator account can access we have to use sudu along with our GP command so sudu gr-ir cnos SLC would give us the following output we can also invert search results uh for for example we can search for lines that don't contain the text Centos by adding the- V option that's for invert match now consider this command this matches both red hat and red but what if we're only interested in matching the word red and not a bigger word that just contains the text readed within it we can use the- option to match only words and finally notice how GP displays the entire line that has matched this is useful as it shows us some context showing us where these matched characters or words have been found but sometimes we'll only want to extract the results themselves not caring about the rest of the line we can tell grep to do this by passing the- o or only matching option to grab let's look at analyzing text using basic regular expressions and Linux in our previous commands we used simple search patterns looking for some specific pieces of text like cnos but what if we need more complex search conditions so imagine we have some documentation scattered in hundreds of files and we need to extract all IP addresses mentioned in these documents and that would require more advanced search instructions an IP has a form like 20312 3.5 but we can't just make a search pattern look for numbers with a DOT between them as this would also match numbers like 1.2 which are not IP addresses so in math we can say something like X is an integer and X is bigger than three and that X is smaller than 8 and this would mean that X is either four 5 6 or S regular Expressions work in a similar way we specify some conditions tie all of them together and our search pattern only matches what perfectly fits within those conditions so let's start out with some super simple examples and then build up to slightly more advanced Expressions so all regular expressions are built with the help of operators like the carrot dollar sign period asterisk plus sign braces the question mark the vertical pipe brackets parentheses and brackets with carrot so let's see what each one of them does so here's a file with the set of names and we need to find names that start with s when we do a grep for Sam we get names that start with Sam but also names that have Sam anywhere in them and that's not what we want we just want the words that start with Sam and not those that have Sam in them so that's where we use the line begins with operator so this is usually the alternate character on the number six key on most keyboards and using this operator within the search string only Returns the lines that start with the given search term and not all lines that contain this term and just to show another example we could look for lines that start exactly with these four letters P a SS like this in the same example as before we would like to only get the names that end with with Sam so for this uh we would use the line ends with operator which is a dollar sign and we place this operator at the end of the search term to indicate interest to display only lines that end with a search term so in this case it would list the name basan so here are some other examples uh say we need to list lines that end with the number seven using a simple grip with the number seven lists multiple lines that contain this number and we can tell our regex to look for a line that ends with seven with an expression like this that gives us a pretty clean result so just like with the carrot with the dollar sign we can look for lines that end with the sequence of characters uh to look for all lines that end with the text male do something like this so please take note of how the operators are placed differently if you mix up their location you won't get any results which can lead to confusion about why your reg X is not working so to easily remember their locations uh think like this the line begins with operator should be placed at the beginning of my search pattern and the line ends with operator the dollar sign should go at the end of the pattern so anywhere you add a period in your expression it will match any character in that spot so for example uh C.T would match cat Cut sit caught and even c1t or C pound sign T but it won't match CT there must be exactly one random character between C and T and with C period period T there have to be two characters so an example would look like this and we can see that even execute is a match because that sequence fits inside of that word so if we'd only want to match the whole word with this and not parts of words we can use greps dasw option you can think of DW as word and that would match only full instan of that and not partial word matches or word that contain it and this brings us to an interesting problem this period has a special meaning in regular Expressions but what if we need to search for an actual period in our text well this won't work as this reg X will basically match each character one by one so the solution however is simple uh we look for a regular period by escaping the character so escaping is how we tell our regular expression hey don't consider this period a mat match any one character operator instead interpret it as a regular period so to escape some special character we just add a backs slash before it so instead of a period we would write backs slash period so our GP command to search for a regular period to end a sentence let's say would look like this so let's say that we we have an expression like L asterisk so this is going to match several things it'll match L but it's also going to match l l l and so on no matter how many T's are at the end so another way of saying this is that the asterisk allows the previous element the T in this case to be either omitted entirely to appear once or to appear multiple times so in a GP command we could use it like this and we can see instances such as file where it does not have the T appearing at all and we can see instances say letter where it appears more than once so the asterisk operator can be paired up with other operators so for example to look for something for say sequences that begin with a forward slash uh have have zero or more characters in between and end with another forward slash we could use a pattern like this and since the period matches only any one character and asteris says previous element can exist 0o one two or many more times we basically allow any sequence of characters to exist between the forward slashes let's say we want to find all sequences of characters where zero appears one or more times so we might be tempted to use an expression like this but as we can see this also matches lines that contain no zeros at all and why is that that's because the asterisk lets the previous character exist one more times but also zero times it basically allows that element to be optional in our search so we need another operator that forces the element to exist at least one time or many more and the Plus sign does this so let's explore this a little more 0 plus would match strings like 0 0 0 0 0 0 and so on so we might think that we could write this in grep and find what we're looking for but this doesn't look like the result we want our plus works like a literal plus sign instead of an operator why is this that's because by default GP uses basic regular Expressions the manual page for GP has this to say in basic regular Expressions The Meta characters question mark plus bracket vertical pipe parenthesis lose their special meaning instead use the backs slashed versions or escaped versions that means to use plus as an operator here we have to add the backslash before it to make it back SL plus so our Command becomes this but this can be confusing pretty fast we uh saw already that we use something like back SL period to turn the period operator into a regular period and now we're using uh the back slash to turn a regular plus into the plus operator so it' be hard to keep track of what to backslash and what not to so we can go the easier route and use extended regx and dead which doesn't require us to backslash anything and we can use the extended regex uh by adding the- capital E option to GP or even easier we can use the command eegp and we're going to look at GP and with a dash capital E and EGP in our next video so we can make it a habit to always use EGP instead of GP to avoid mistakes where we forget to back slash one of our regex operators now let's build on our previous video on basic regular expressions and take a look at extended regular Expressions that we can use in lenux so we ended the last video talking about using the back slash character or to turn the period operator into a regular period so we also talked about using the back slash to turn a regular plus sign into the plus operator so we mentioned that we would use the- e option for grap or the even easier e grap let's take a look at those using the dash capital E option so that we don't have to use the back slash Escape character we would have our Zer plus with plus as an operator look like this or the equivalent EGP command would look like this so it is a good habit to develop to always use grap just in case you want to avoid those backs slash characters and any mistakes that might come along with them right so let's look at some more types of regex operators uh say we want to find all strings that contain at least three zeros so we do this with brackets brackets say that the previous element can exist or the contained element I guess we could say can could exist this many times so this would give you one where it matches three zeros at least so to find all strings that contain a one followed by at most three zeros we'd have an expression that looks like this so note that this will also match ones followed by no zeros it's matching at most and to find all strings that contain exactly three zeros we have construction that looks like this so the brackets are the previous element can exist this many times so a question mark will let the previous element exists precisely zero or one times it basically makes it optional it can exist once or not at all so let's say we're trying to find all text that says disabled or disable so this means that the last D is optional so we can write an expression like this with disabled question mark to use in GP and I want you to note that this also matches the word disables and this is a case where the letter D did not come at the end and disable still matches right so we may have an expression like zero and then our bracket so we have a minimum value a comma and a maximum value that's going to be used to find and match uh zero must exist at least the minimum number of times and at most the maximum number of times so to find all strings that contain three four or five zeros you would write an expression which looks like this and that way we can give a range of how many Zer we would like to find so if we want to match enabled or disabled we could use the vertical pipe which is what we use to symbolize or construct a graph expression that looks like this basically matches what it finds on its left side or its right side and we could combine this with a previous trick where we made the last letter D optional using the question mark to also find variations like enable or enabled or disable or disabled and that graphic expression would look like this so a range is specified in the form of for example A to Z so this will match any one lowercase letter uh from a b CDE e all the way to Z uh we could do it numerically Express a numeric range 0 through 9 will match any one digit from 0 to 9 and sets are specified in a form like this so this particular set would match any one character with an a b z 9 five or four so say to find all strings that contain the text cat or cut we could use a regular expression that looks like this and that would leave either the a or the U inside the brackets to match cat or cut so with ranges and set so we can make our searches both wide and specific even at the same time so for example let's ask ourselves how would we find all special device files which have names like SLB sba1 or similar well we could think like this uh find all strings that contain SL Dev slash followed by any random characters so we might be tempted to write an expression like this with dot for a random character and an asterisk this kind of matches some weird stuff because dot asterisk is really greedy it matches way too many things after it captures what we're looking for so we can make our search wide enough to catch all/ Deb devices but specific enough to only capture the parts we need and we're going to do that using ranges so we can say after SL slash match any number that's going to be the asterisk of lower case characters from A to Z we could use an expression which looks like this so that's looks a little bit better but we can see that some things are still missed uh sltw is matched but instead of the entire sltw Zer so how can we catch the digits at the end too well that's pretty easy we specify that a digit from 0 to 9 should exist there and we'd craft a grab expression like this but now we run into another problem only things that have a digit at the end are matched with this new regex we'll only find SL de sda1 for example but notd SDA going to need to do a little more work that's a pretty easy fix uh we can just make the digit at the end optional with a question mark so we could craft a regular expression like this and that's starting to look much better now so let's talk about sub expressions in math we could see an expression like this 1 + 2 * 3 and we know that that's 1 + 6 so that equals 7 that's because first multiplication will be done and then addition but what if we first want to add one and two and then multiply by three we'd write it this way in parentheses and that way we know that this would evaluate to 3 * 3 which would be 9 so in regular Expressions we can do a very similar thing so let's take a look at the last expression that we had used so if we were to scroll up in the output we'll see that we still don't match everything we need perfectly uh we have for example SL Deb tty0 P0 the P0 is left out so why is that that's because our expression apparate findd matches any number of a toz characters and then a digit at the end so that's it that's where the match ends so in/ de tty0 P0 after this first zero uh is hit our reg X is happy with a partial result so how could we correct this so we could tell it that after SL de we have some letters and a digit at the end but after that the same thing can repeat 0 1 2 3 or many more times so there can be other sequences of letters followed by a digit so this wayd tty0 would first match and then p 0 would be added uh to this match by that repetition so we would basically want to say that this is part of this regular expression and it should look for this pattern existing 0 1 2 3 or however many more times so it can match things like our TTY y0 p 0 so what makes regx look for an expression like TTY y0 p 0 and what makes it look for something to exist zero or more times so that's going to be the asterisk but if we add the asterisk to the end uh that's not going to be good the asterisk would apply to the previous element only and again uh that's going to we want it to apply to our whole construct so this is an easy solution we just wrap the entire construct in parentheses and this way the asteris will apply to the entire sub expression wrapped in the parenthesis instead of the last element only end up looking like this so now we're going to get a match for our full expression SL de tty0 P0 and but if we scroll up in our results list we're going to find some things that still don't quite work for instance /b/ TTY s0 with the s0 not matching because we didn't include uppercase letters in the regular expression so we could tell our expression to look for lowercase letters or uppercase with the vertical pipe operator okay but writing it like this would be a mistake that's because the asterisk would only apply to the uppercase A to Z range and we need it to apply to the entire expression for lowercase and uppercase letters so once again we can wrap our expression in parenthesis depi this we end up with a little bit more complex but more precise expression that looks like this and we can see that now our TTY s0 matches and if we go on we could look back and find other things things that don't match like this/ Deb term SLA uh because our regex stops when it encounters the next slash and so on so uh this is the kind of logic and fine-tuning we would go through when fixing our regular expressions or making them laser focused on what we need to find so imagine we want to search for links to website addresses that don't use encryption this means that we would want to search for HTTP strings but exclude HT GPS so we saw how sets are in the form of say ABC 23 and ranges take the form of a through z so if we add a carrot in here we can negate them we can tell regex the elements in this set range should not exist in this position so we're going to use carrot with brackets so to look for HTTP links uh we could have a reg that makes sure HTTP is not followed by the letter s look like this and our reg X would function this way so in this case we used a set with only one character but we can use multiple if we want for example we could tell our pattern after a slash there should not be any lowercase letter we use a set that looks like this so keep in mind that for any pattern you're trying to match there are multiple Reg X Solutions you may find to get this right you should practice until you feel comfortable with regular expressions and it's worth noting that regx is not limited to GP you can use regular expressions in a lot of programs that deal with search patterns so for example the said utility also supports regular expressions and you can find additional uh resources for regular Expressions at this address that's reg xr.com so head over to the labs using the links given below and come back here once you are done now let's look at how to create delete and modify local user accounts in Linux each person that needs to log in our Linux server should have their own separate user account this allows them to have personal files and directories protected by proper permissions they also get to choose their own settings for whatever tools they use and it also helps us as a administrators we can limit the Privileges of each user to only what they require to do their job this can sometimes reduce or prevent the damage when someone accidentally writes the wrong command and it can help with the overall security of the system it'll be up to us to manage these user accounts which are sometimes simply called users so let's Dive Right In and see how we create a new user on a Linux system the command that lets us add a new user is intuitively called user ad and the simplest form we can use looks like this where John can be replaced with whatever username we want to choose for this specific account so after we run this command the following things would happen a new user called John is added to the system and a new group also called JN is automatically created the group John will be set to be the primary group of the user John a home directory is created with this account at /home joh and this is where JN can store his personal files and subdirectories plus his program settings their default shell will be set to be the program found at /bin/bash whenever John logs in this is the application he'll be dropped into effectively his entire login session will run inside this app and all the files from Etsy skll will be copied to the user home directory slome joh and you can explore it with ls- ety scale if you're curious to see what's inside we'll see why this so-called skeleton directory is useful in one of the next lessons and also we need to note that the count will never expire uh we'll see what this means later in this lesson all of these things happen because the operating system is configured to take some default actions for each new newly created account we can explore these defaults with the following commands a long form and a short form note the capital D for the short form other defaults related to account creation can be seen by exploring this file the comments explain what each setting does okay at this point we have an account for John but how does he log in his account has no password right now to set a password for him we can use this command and if later we want to delete an account such as John's account we can use the user Dell command note however that this will only delete the John user account and also the group with the same name JN might get Auto removed but John's home directory atome joh will remain and that's normal because his personal files might still be needed but if we're certain that those files aren't necessary anymore we can make the user Dell command also remove the user's home directory and his or her mail spool using this command and of course its equivalent short form now coming back to our user ad command if we're not happy with the defaults we could choose a different shell and a home directory with a command like this or its short form on the second line of course if we only want to choose a different shell but keep the default location for the home directory we can just pass this option these Account Details such as usernames user IDs group IDs preferred shells home directories Etc are stored in the file at Etsy password and we can see them if we type cat aty password so we'll see a line that looks like this the first number 1001 is the ID number associated with J's username the next 101 is the numeric ID of its primary group also called John in this case then we can see the home directory and the preferred login shell user ad will automatically select a proper numeric ID from the available IDs and it'll be incrementally done uh just by adding one to the last one so for the first user the ID will be 1,000 for the next one it'll be 1,1 and so on if we want to manually select a different ID we can use a command like this where it's equivalent short form the user Smith will have the numeric ID 1100 but also the group called Smith will get a numeric ID of 1100 if we want to see what user name and group owns files or directories we can do so with the usual ls- l in this case we'll use the home group or home folder rather uh but if we want to see the numeric IDs of the user and group owners we can add the dash in for numeric option and they'll be shown to us it might also be useful sometimes to find out more about the users we're currently logged in as we can see the username were logged in as plus groups were're members of alongside their respective IDs with the ID command to print out just the username you can type who am I up until now we've created user accounts but there's another type we can create called system accounts to create a system account called cisac we just add the system option to user ad the numeric IDs of system accounts are also numbers smaller than 1,000 so we might see an ID like 976 or 978 for our CIS ACC account so why would we create these user accounts are intended for people and system accounts are intended for programs so there will be no home directory created since it's not needed and usually Damons use system accounts we might see something like a database program running under a system account now let's remove these users and their personal files if you're following along these will be the commands that you would use to get rid of John and Smith and if we ever forget the options for the user ad command we can get a quick reminder by using the help option now let's say we create the user John again but later we decide that we want to change some details for this account the command user mod or user modify that's what it stands for is used for this purpose so for example if we want to change John's home directory we could use user mod with these options the first line is the long version and the second line that appeared is the short version the move home option ensures that the old directory will be moved or renamed so that JN can still access his old files in our case slome joh was renamed to home/ other directory to change the username from John to Jane we could use either of these commands the long form or the short form and to change a user's login shell we could use either of these an often used option with user mod is lock or the equivalent short option with a capital l this effectively disables the account but without deleting it the user will not be able to log in with his or her password anymore however they might still be able to log in with an SSH key if such a login method has been previously set up to cancel this and unlock the account we can use the unlock option or its equivalent short form with a capital u uh we can set a date at which a user's account expires and to do that we'd use a command looks something like this after expiration they won't be able to log in and need to contact a system administrator to reenable their account if we want to immediately set an account as expired we can just choose a date that is in the past and the date format works like this it's year month and then day so to remove the expiration date just specify an empty date you'll use two quotes with nothing inside we can also set an expiration date on the password so please keep in mind that this is not the same as account expiration account expiration completely disables user logins password expiration forces the user to change their password the next time they log in they can still use the account we want to immediately set the password has expired we can use this command and chh change stands for change age so we would just set the last day to zero for Jane's account next time Jane logs in she'll have to change her password if we want to cancel this we can unexpire the password by passing ne1 and if we want to make sure that a user changes their password once every 30 days we could use the max days option and pass the parameter for 30 so if we want to make sure their password never expires we can set max days toga1 and to see when the account password expires we can use the list option to see that information in case you follow along with this exercise you want to delete the user called Jane and the group called John and you can do so with these commands way if you haven't done so already don't forget to subscribe to our Channel now let's explore how to create delete and modify local groups and group memberships in Linux each user can belong to one or more groups and why are these useful well here are a few examples we have a directory full of files that our developers need to work on so they all need read and write permissions we'd have to allow three user accounts to edit these files John Jack and Jane An Elegant solution to this problem is to create a new group called developers then we add our three users to the developers group and finally we make the developers group the owner of those files and we change permissions so that the developers group can read and write to them now John being part of the developers group can easily edit those files and if we want to temporarily deny John access we just remove him from the developers group or if a new member joins our team we can just add their user account to the developers group and boom they have read and write access to those files we can see how this makes things easier to understand from an administrator's perspective it's like assigning roles to user accounts or like user accounts have a label is a developer or is not a developer all of this by simply deciding if they will be part of the developers group or not a part of that group and speaking of roles for user accounts groups can have other special effects for example being part of some group can grant special privileges on the system two common examples one is the users in the wheel or pseudo group who are allowed to do pretty much anything on the system they can run any program with root privileges with root being the most powerful user account in Linux another would be users in the docker group who can manage Docker containers we said that a user can belong to multiple groups but one of these groups is special one of them is the primary group while all of the others are secondary or supplementary groups the primary group is also called a login group that's because as soon as the user logs in this becomes his or her main group but it's hard to understand with Theory alone so let's see what so special about this primary group here are two practical examples when a user laun is a program it is said that it runs under that user account and group otherwise said the program runs with the same privileges that the user account and its primary group have and here's another perhaps more visible example when a user creates a file this file will automatically be owned by the user account and their primary or login group if you want to follow along with this exercise you'll need a user called John beforehand you can create one using the user ad command and it's easy enough to create a new group called developers with a command like this using group AD but how do we add our user John to this group the easiest way to add a user to a group is with the help of the G password command this name comes from the words group password but don't let the name fool you nowadays group passwords are almost never used in practice so the main use case for the G password utility is to add or remove users from certain groups and to add users we can use this G password command or its equivalent short form command and if we want to confirm that this has worked we can see the groups that John belongs to using the groups command so in this output the first group after the colon is the primary or login group and anything else that follows that are the secondary or supplementary groups and if we want to remove a user from a group we can use the delete option or the corresponding /d short option on rare occasions we might want to change the user's primary or login Group which is the group that was automatically created with the user account and has the same name as the user and we can do that with a command like this using user- lowercase G and a user can be part of multiple groups uh secondary groups are created separately from user accounts and a user can only have one primary group we have many secondary groups so while we're working with user mod it's important not to confuse this lowercase G with the capital G as the capital G option changes the secondary groups and not the primary one so to avoid this mistake we can make a habit to use the equivalent long option d-g instead of- lowercase G so now if we take a look at John's groups he's only a member of for the developer group that shows that it's his primary group has changed also like you to note a difference here G password first expects the username and then the group but user mod has a reverse order of group name and then the username and if you find yourself needing help and a refresher on this you can always use G password d-el to take a look at these options and that will show the corresponding syntax showing that the username name must come first when using G password now to rename the group called developers to programmers we could use a group mod command like this give it the new name option or we could use the equivalent short form command which is- in if we want to delete a group we have the group Dell command and if we try to run that we're going to see an error if it's someone's primary group say group cannot remove the primary group of user JN for example so to fix this we can change J's primary group back to the John group with this user mod command and now we can finally delete the programmer group so if a user is part of a secondary group and we want to delete it the command will work without any issues there's no need to First remove the user from that group before deleting it so head over to the labs using the links given below and come back here once you are done now let's look at managing user resource limits and Linux when we have a lot of users logging into the system we may want to impose limits on what resources they can use this way we can ensure that user a does not use 80% of the CPU leaving very little topair for the others to set such a limit we can edit this file we can see as we look through it that it's a Well documented file uh we want to move down until we see this so we can see that the Syntax for setting a limit is domain type item and then value so let's break this down into easy to understand Parts first the domain what we what can we specify here usually it's one of these three things one is the username uh in this case we can just simply type the name of the user such as Trinity uh we can use a group name to set a limit for everyone in the developers group we just add an at symbol in front of its name so we'd write at developers to get such a group limit and the next thing that we can use is an asteris which will match everything uh setting a limit for asteris basically says set this limit for every user on the system so it's a way to set a default limit why default because this limit will only apply to every user that is not mentioned in this list a user limit overrides an asterisk limit so for example uh one asterisk limit can specify that everyone can only launch 10 processes but then another limit for the user Trinity says she can launch 20 processes in this case the Li for everyone will be 10 that's the default but for Trinity it will be set at 20 next is the type which can be three different values hard soft and dash a hard limit cannot be overridden by a regular user if a hard limit says they can only run 30 processes they cannot go above that so it's basically the top the max maximum value for a resource someone can use so to set a hard limit just specify it there in the second field a soft limit on the other hand is different instead of a max value this is more like the startup limit the initial value for the limit when the user logs in if a user has a soft limit of 10 maximum processes and a hard limit of 20 the following happens when they log in the limit will be set to 10 process processes but if the user has some temporary need to increase this they can raise it to 11 12 15 or even 20 processes this way they can get a slight increase when absolutely required so they can manually raise it to anything they require but never above the hard limit and last we have the dash sign this specifies that this is both a hard limit and a soft limit with this we're saying our triny should be able to run 20 processes at the most when she logs in she should be able to use up to her entire allocation without needing to manually raise her limit next up is the item value this decides what this limmit is for we can have things such as inoc and inoc sets the maximum number of processes that can be open in a user session we could have IDE is which sets the maximum file size that can be created in this user session the size is in kilobytes so 1024 here means the maximum file size is 1,24 kilobytes which is exactly 1 Megabyte we can also use CPU and CPU sets the limit for CPU time this is specified in minutes so when a process uses 100% of a CPU core for 1 second it will use up 1 second of its allocated time if it uses 50% of one core for 1 second it will use up 0.5 seconds of its allocation even if a process was open 3 hours ago it might have only used 2 seconds of CPU time if you want to see more stuff that can be limited just consult the user manual for this limits.on file using the man command Let's test our knowledge and add a limit for our user called Trinity to ensure that she can open a maximum number of three processes so first we'd find this line in the file and to do that we would add a line that looks like this we want to make sure there's no pound sign or hash sign number sign uh whatever you would like to call that comment sign at the beginning of this line the Vim editor might automatically add it when you press enter to add a new line here so make sure to delete the proceeding sign otherwise the line would be commented and have no effect now let's save our file and exit to log in as Trinity we can enter this command I instructs sudu to do a real login and you specifies the user we want to log in as so at this moment only one process is permanently running in her session The Bash shell so we should be able to run two more processes let's launch PS and pipe the the output to the less pager we can see it works and now it got us to running three processes the maximum limit now what would happen if we tried to launch the fourth process so let's press Q to quit the L pager and then try the following this would try to launch three new processes LS GP and less plus bash already running which would total four processes and we'll see this failing as expected we cannot run more than three processes so let's type log out to exit from Trinity session so if we want to see the limits for our current session we can type UL limit d a we have small hints between parentheses for example we can see-u displayed for Max user processes this means that we could type UL li- th000 to set our limit to 5,000 processes by default a user can only lower his limits not raise them the exception is when there are hard and soft limits in that case the user can raise his or her limit all the way up to the hard value but only once after the limit is raised with a U liit command the next command can only lower it it cannot be raised the second time even if the hard limit would allow it now let's examine how to manage user privileges in lenux every time we had to make some important changes to the system we used Pudu in our commands that's because only the root user also called super user can make changes to important areas of the operating system whenever we put sudu in front of a command that command runs as if the root user executed it so how come our user is allowed to use sudu if we type the groups command we'll see our user is part of the wheel group whoever is part of this group is automatically allowed to use sudu this means that the easiest way to give another user sudu privileges is to add them to the wheel group to add our user Trinity to the wheel group use a command like this and that's it now this user can get administrator privileges whenever they want but this gives them power to do anything they want on our system what if we want a more fine-tuned control then we could take a different approach there's a special file at Etsy PSE sudoers that defines who can use sudu and under what conditions what commands they can run and so on but we should not edit this file directly we use a utility called vudo this utility can check if our edits are correct to help us avoid mistakes in the file so first let's remove Trinity from the wheel group to make sure she can't use Pudu anymore and instead Define a different Pudu policy for her later we can remove her with this command and then to start editing the Etsy sudoers file we use sudu Vu and this opens in the Vim editor the file is Thoroughly commented but we're not interested in the first few parts so let's navigate to the end and we'll notice this line now we see why any user added to the wheel group can run any command with Pudu so let's break down this line into four different parts and analyze what they do the first is the user or group here we Define who this policy is for the second is the host here we could specify that these rules only apply if our server's host name or IP address has a specific value not useful for our purposes so we'll just type all for this host field the third is the run as field here we could type a list of usernames normally sudu uh LS would run the ls command as root because that's what sudu does it runs the command after it as a different user but sudu can also also be used so that Aaron can run commands as Jane or vice versa we'll see more about this later so if we list Aaron comma Jane in this run as field then sudu can only be used to run commands as the user Aaron or Jane but not root and finally the fourth field is the list of commands that can be executed with Pudu so we could say the Syntax for policy defined in the sudo file looks like this now let's go through some examples to define a policy for our Trinity user and let her run any sudu command we would need to add a line that looks like this to specify a policy for all users in the developers group we would add a line like this we mentioned sudu lets us run commands as root but also as non-root regular users so for example to run the ls home Trinity command as the user called Trinity we could write this as a command after the dasu we specify the username we want to run as so if this third field is all then this policy allows someone to run sudu commands as any user but if we'd want to have Trinity to only be able to run sudu commands as the users Aaron or John we could write a line like this also uh note that this is wrapped in parenthesis which hints to us that the field is optional so a line like this is also valid and we mentioned that in the fourth field we can specify a list of commands with our previous entries the user or group granted Pudu privileges could execute any command but we could limit them like this now Trinity could only run commands such as sudu LS or sudu stat bin only LS and Stat commands would work if trity tries a command like this she would get an error and since we specify the Third Field as optional this line could also be written to look like this we know that the first time we run a Pudu command in a session it asks for our current user's password and our Pudu file we see a hint above how we could get rid of this requirement so we could use the example in the comments which looks like this and figure out how to apply this for our user Trinity if we want her to be able to run pseudo commands without providing her password we could write this line in the sudoers file so head over to the labs using the links given below and come back here once you are done now let's examine how to manage access to the root account in Linux we already saw one method to temporarily become root whenever needed when we run a command such as this using Pudu it's basically the same as if the root user would have executed that command but what if we want to log in as root for a user with pseudo access we can enter this command or its equivalent short form command and that's it we're logged in as root to exit from root session we'll type log out if the user does not have Pudu privileges but knows Roots password they can use su- or s-l or the long form with-- login all of these commands do the same thing they log you in as root some systems might have the root account locked this does not mean that we can't use the root user it just means that we can't do a regular login with a password when root is locked we can still use sudu login to login as root but we can't use su- as that would ask us for roots password which is currently locked if we want to allow people to log in as root with a password we have two options if root and never had a password set we could just choose a new password for it or if root had a password set in the past but then the account was locked for some reason we can unlock it using either long or short form of the password unlock command and after using one of those steps then we can use su- and type the password for root to log in of course we could find ourselves in the reverse scenario imagine this currently people can log in as root we f figure that this is a bit insecure and so we can lock password based logins to the root account with the lock function of the password command either the long or the short version would do the same thing so other logins might still be possible if they were previously set up for example if an administrator has set up logins via an SSH private key they'll still be able to log in even if the root account is locked make sure to only lock root if your user can use sudu commands with no root login and no sudu you'll find yourself in the situation of not being able to become root at all but effectively locking yourself out not able to change important system settings anymore so here we are at the end of this Linux crash course I hope you enjoyed the material and gained experience to the labs we've covered the basics of Linux but there's a lot more there's more to learn about networking service configur configuration storage management troubleshooting monitoring Process Management and so much more like virtualization for example all of these are covered in the Linux learning path so this covers three certification courses the Linux Foundation certified systems administrator the lpic-1 series and the red hat certified systems administrator course don't forget to subscribe to our Channel as we release new videos about Cloud native and kubernetes all of the time until next time goodbyethis Linux course covers a wide range of essential Linux topics from beginner to Advanced the course also includes interactive labs to provide hands-on experience with the skills you'll learn Linux specialist Aaron Locker created this course in this course Aaron teaches you the basics of the Linux operating system including how to log into a host through a local remote console how to read and use system documentation how to work with files and directories how to create and manage hard and soft Sim links lists set and change file permissions he search fil with grep how to analyze text with regular expression how to manage user accounts and how to manage resources also and then how to manage user access privileges as well as access to the root account which is kind of the primary account of the system this course is about 2 hours of video and 2 hours of Hands-On lab time by the end of this course you should aim to get a high level understanding of Linux and not just the theory but also the experience with the Hands-On practice now each concept taught in this video is followed by a Hands-On lab our labs open right up in your browser and it comes absolutely free with this course so there's no need to spend any time on setting up your own environments you go from watching a video to practicing it in less than 30 seconds the labs are challenge based and so each lab is specifically designed to help you practice the concepts that you just saw in the video so here's how I recommend that you take this course set aside 4 hours of time for this entire video and course turn off the notifications on your mobile phone turn off any desktop notifications like slack email Discord or any other distractions and just get into that focus zone make sure you are ready to block out a few hours of your time and aim to stick to the curriculum in labs in order to finish the course so before we begin head over to this link to download the deck with notes used in this course and to access the labs that come free with this course go to code. Wiki so k o DWI Ki SL Linux dlabs or scan the QR code that you see on the screen once you are on the page click on the button to enroll for free the first topic has the deck with the resources that you can download and this is Handy to keep while you're working on the labs so that you can use it for reference the remaining topics are the labs so select a topic and click the start button and that's going to load the lab in your browser but you don't have to start them now we'll let you know when to access which Labs so enroll in the labs download the deck and then come back here to continue the course hello and welcome to code Cloud's Linux tutorial I'm aarin lockart and I'll be your instructor for this course as for stack overflows insights the most common and the most loved platform used for development work happen Happ s to be Linux here's what you'll learn in this course log into local and remote graphical and text mode consoles read and use system documentation create delete copy and move files and directories create manage hard links and soft links list set and change standard file permissions use pagers in the bi editor search files using grep analyze text using basic regular expressions and extended regular Expressions create delete and modify user accounts local groups and group memberships configure user resource limits manage user Privileges and how to manage access to the root account this is primarily a Hands-On course with interactive videos and Labs that will help you learn Linux our crisp and concise lectures simplify complex Concepts using illustrations and animations other concepts are explained by demonstration videos these will be live demonstrations where I will walk you through a task or a concept with a video example and of course you have access to Labs where you can get Hands-On practice on everything we teach since you'll be learning to perform tasks a system administrator would normally perform you'll need to get practice so it's important that you spend time working with the labs for the course our Hands-On labs open right in your browser so you won't need to set anything up for yourself to practice each lab will have a series of questions or exercises and a terminal for you to perform the necessary tasks there are also hints and Solutions in case you get stuck but always try to work out the solutions for yourself you'll get instant feedback from the lab system when you check your answer and you can work with the lab as many times as you want for each set of lessons until you're comfortable with performing the tasks before moving on to the next set of lessons well I'm excited to get started in this lecture we'll talk about how to log into a Linux system locally and remotely in both graphical and text mode consoles this will be a very practical course we'll take a look at why we need to do certain things then we'll explain how to do those things we'll experiment with a few commands at the beginning of each lesson then we'll explain the theory behind those commands this should make the course more fun engaging and easier to understand so let's Dive Right In and start with some simple Concepts we're all used to logging into apps or websites by providing a username and password logging into a Linux system is pretty much the same so there's not much mystery here we'll look at four ways to log in logging into a local Linux system using the local text mode console logging into a local Linux system using the graphical mode console logging into a remote Linux system using a text mode login and logging into a remote Linux system using a graphical mode login you'll often hear terms like console virtual terminal and terminal emulator it may be hard to understand why they're called this way nowadays a console is just a screen where your operating system displays some text and where it allows you to log in or type commands and a terminal emulator is nothing more than a graphical app that runs in a window and does a similar thing shows you text output and allows you to type commands these terms come from the old days of computing computers were incredibly expensive so a building may have had a single one available for the entire building but multiple people could connect to it and do their work by using physical devices that allow them to type text and commands and also display on a screen what was currently happening those devices were consoles or ter teral so instead of buying 25 super expensive computers you could have just one but 25 people could use it even at the same time nowadays consoles and terminals in lenux are usually things that exist in software rather than hardware for example when you see Linux Boot and a bunch of text appears on the screen telling you what's happening as the operating system is loading that's the console after a Linux machine has booted if you press control alt F2 on the keyboard you'll see a virtual terminal in this case bt2 if you have Linux installed on your desktop with a graphical user interface when you want to type commands you open a terminal emulator let's move back to logins in practice most often you'll log into remote Linux systems but let's start with some less common scenarios local is just a tech word for something that is in front of you or something you can physically access a computer on your desk is a local a server running on Google cloud is remote usually when Linux is installed on servers it's installed without a gooey uh no graphical user interface components there's no mouse pointer no buttons no windows no menus nothing of that sort just text but you might sometimes run across servers that include this goey logging in is super easy as it's all in your face you'll see a list of users you can choose from and you can then type your users password and don't forget to log out when you finished your work if the device has the typical server oriented Linux OS installed without any guey components logging in locally is also easy you'll usually see something like this on your screen there's no list of users this time but you can just type your username and then your password and no note that you won't see your password as you type when your work is done you should type exit to log out again most Linux operating systems running on servers will have no gooey components installed but you'll sometimes run into exceptions connecting to a remote server that has a graphical user interface is slightly more tricky first of all there's no standard set in stone whoever configured that server chose their preferred way of dealing with these remote graphical logins they could have chosen to install a BNC Solution that's virtual network computing in this case you'd need to download the proper VNC client also called a VNC viewer to connect to it this might be tight VNC or real VNC or something else entirely it all depends on the VNC server running on the remote system and which VNC clients your local operating system supports if the administrator of that server wanted to let Windows users connect easily it might mean that they use a solution allowing for RDP connections or remote desktop protocol this means that you could just click on Windows start button and type remote desktop connection open that app and then enter the username and password you've been provided whatever it might be connecting to a remote graphical console is pretty easy it all boils down to downloading the application that lets you do that entering the remote systems IP address followed by a username and a password initiating a text based remote connection to a Linux system is pretty standard that's because almost every Linux server uses the same tool that allows for remote logins the open SSH Damon that's a program that runs in the background on the server all the time SSH comes from secure shell until SSH something called tet was the standard tnet was highly insecure as it did not encrypt communication between you and the server you were connecting to this meant that anyone on the same network with you could steal your Linux user password and see everything you did on that server during your tnet session the SSH protocol uses strong encryption to avoid this and the op SSH Damon is built very carefully to avoid security bugs as much as possible long story short op SSH is used by millions of servers and has stood the test of time proving to be very hard to have for these reasons everybody happily uses it and trusts that it can do a pretty good job at only letting authorized people log into their operating systems while keeping bad people out in case you're following Along on your virtual machine log in locally directly from the virtual machine window and then enter this command that's IP space a you'll see which IP your machine uses I've outlined the information we're looking for in yellow we'll use this IP in our case 1 192.168.0.1 to simulate a situation where we have a server in a remote location now to recap we have an SSH Damon program running on the server this listens for any incoming connections to be able to connect to this remote SSH Damon we'll need something called an SSH client yet another program this client will run on our current laptop or desktop computer Mac OS systems and Linux based operating systems such as Ubuntu already have an SSH client pre-installed if you're on Mac OS or Linux open a terminal emulator window in the past if you were running Windows you needed to install an SSH client like putty on the latest Windows 10 this is no longer necessary as an SSH client is also pre-installed if you're on window Windows click the start menu and type CMD to open up command prompt to connect to a remote Linux system through SSH type SSH space the username you would like to use on the remote Linux system an at symbol and then the IP address of the machine here we have Aaron at1 192.168.0.1 of course replace eron with the actual username you created inside your Linux OS running in the virtual machine and do the same with the IP address from here on we'll stay inside this ss8 session to go through all the exercises in the upcoming lessons here we're going to demonstrate a graphical login for a local machine we're going to demonstrate a remote login using RDP on a remote machine graph L and we'll also demonstrate a text mode login via SSH so to get started we have a Centos svm here already booted up uh so we have the graphical package installed and we'll select our username it's going to be a pretty familiar process the same one that you use at home or on your work computer you'll provide your username after selecting that you'll provide your password and click sign in after a moment it'll load the default operating environment which for C OS is going to be gnome so we can go ahead and log out of that particular session next up I've configured another BM to accept Windows remote desktop connections so you open your remote desktop tool provide the IP address which we already have filled in here and click connect that loads a little bit different uh log in screen it's already pre-populated the username because I've used this before that username is student so we'll provide the password Here click okay that's going to load a remote graphical session using that Windows remote desktop tool you can see the IP address of the machine at the top and while we're here going to go over to activities and select the gnome terminal to open a b a terminal emulator and here we can see that we are student at LF cs- Centos S2 this the host name so here we'll type SSH we're going to do Aaron at 192.168.0.1 which is the IP address for the first client that we logged into using the local login it's going to prompt us for the password which as you'll recall from the lecture video is not going to show anything when we type go ahead and hit enter and now we can see our last login and we'll see that we are Aon at lfcs dentos which was the first host you can go ahead and exit to end your SSH session now you see that we're back as student at lfcs dentos S2 we can type exit to close the terminal emulator and then we'll go over and log out there will be many commands we will use in Linux and each command has a lot of command line switches how are we supposed to remember them all as we use a command repeatedly we'll learn everything about it and memorize what each option does but in the beginning we might forget about these options after just one or two uses that's why Linux gives you multiple ways to access help manuals and documentation right at the command line let's say you want to see that long listing format with ls to get a good look at file permissions but you forgot what the correct option was was it- P for permissions we can get a quick reminder with ls-- help this will show us a lot of output but if we scroll up we'll find what we're looking for the DL flag in this case you can see how command line options are sorted alphabetically and described with short text that's why the d-el option per commands will very often be helpful when we forget about these options and we will as there are so many of them preach command d-el will usually show a condensed form of help with very short explanations for LS that's okay as it's a very simple command other commands however are very complex and we need to read longer explanations to understand what they do and how we use them so let's take Journal CTL as an example it's a command that lets us read system logs Journal CTL d-el will show us this notice that this opens in a slightly different way you can take a look at the bottom left corner and you'll see lines 1 through 27 this opened in what Linux calls a pager it's simply a text viewer of sorts that lets us scroll up and down with our arrow keys or page up and page down and to exit this help page we press Q all important commands in Linux have their own manuals or Man pages to access a command's manual enter man followed by the name of the command in our case we'd use man journal CTL so now we get a short description of what the command does in the name section a general Syntax for the command in the synopsis section a detailed description of the command how it works and so on in the description section it could be a detailed description of command line options in the option section and some manual pages even have some examples near the end of the manual sometimes you'll have two manual pages with the same name an example is print app print app is a command but print app is also a function that can be used by programmers manual pages can fall into one of these categories or sections and we can see these by looking at the man page for man Itself by typing man man if you want to read the man page about printf the command you tell man that you want to consult print F from section one like this man one print F if you want to read about print F the function you tell man that you want to look at section three Man 3 print F it's useful to know that during online exams the Linux foundation will let you use man and --el try to use help if you forgot a command line option as that gives you the fastest results diving deep into a manual page will eat up more time but this is all well and good when we know what command we want to explore but what if we can't even remember the name of the command that we need to use imagine you forgot the name of the command that lets you create a new directory how would you search for it opoo is a command that lets you search through Man pages it looks at the short descriptions of each man page and tries to see if it matches the text we entered for example with this line we can search for all Man pages that have the word director in their short descriptions we'll use director and not directory director will match commands that contain the word directory but also ones that contain directories so we keep it more generic this way the first time we run oper propo director we'll get an error that's because opopo relies on a database a program must refresh it periodically since we just started this virtual machine the database hasn't been created yet we can create it manually with sudu man DB on servers that have already run for days there should be no need to do this as it will be done automatically now the opero command should work if we scroll up we can see the ENT that we're looking for which is MK deer but those are a lot of entries it makes it hard to spot what we're looking for you see opero doesn't just list commands it also lists some other things we don't need currently we see stuff like the two in parenthesis that signals that the entry is in section two of the manual pages that's system calls provided by the Linux Kel is to Advan for our purposes commands will be found in sections 1 and 8 and we can tell opao to only filter out results that lead to commands from these sections we do this by using the- S option followed by a list of the sections we need such as oo- s1a 8 director and we can spot what we're looking for more easily so notice how mk's descript contains the word directories if we'd used the word directory in our Opera post search this command wouldn't have appeared since directory wouldn't have matched directories this is something to keep in mind when you want to make your searches as open as possible and match more stuff another thing that'll save you a lot of time is autoc completion for example type system C and then press tap that'll give you system C TL although this is not technically system documentation it can still be helpful many commands have suggestions on what you can type next for example try this type system CTL add a space after the command but don't press enter and now press tab twice you'll get a huge list of suggestions this can help you figure out what your options for that command are although you should not always rely on it it's not necessary that absolutely all options are included in this suggestion list let's do a little more add to that list dasde and then press tab you'll see that indenes will get added to the end and you get system CTL list- dependencies this is tab autoc completion and many commands support it when you press tab once if your command interpreter can figure out what you want to do it will automatically fill in the letters if there are many Auto complete options and it can't figure out which one you want press tab again and it will show the list of suggestions we observed earlier these will be huge Time Savers in the long run and they might even help you in the exam to shave off a few seconds here and there which might add up and let you explore an extra question or two tab suggestions and autoc completions also work profile names or directory names for example try typing LSU and then hitting tab that'll give you SL USR slash now if you do it again so press Tab 2 more times you can see the directories available in SL USR SL without even needing to explore this directory with ls beforehand and if we had a long file name like WordPress archive. tgz we might be able to just type w press Tab and that long name will be autocom completed so here's a recommendation while manuals and d-el pages are super helpful the first few times you use them it might be hard to figure out how to do something with that info alone we recommend you take a command you know nothing about and try to figure out with just man and d-el how to do something with it this practice will help you develop the ability to quickly look for help when you're taking the lfcs exam there will be questions about theory that you either don't know about or you just forgot if you know how to quickly figure out the answer with a man page or d-el you'll be able to pass the exam much more easily it's time to gain hands-on experience with the code Cloud labs this course is designed for you to have a seamless experience from start to finish and that's why we have Labs after each concept that will help you gain hands-on experience on exactly what you learned up until that moment so to begin with we're going to work on an exist Linux host that's already set up and this will help you get familiarized with the Linux operating system the Linux command line interface and it will get your hands dirty to borrow a phrase at the end of this course we'll share instructions on setting up your own local environment for you to continue your studies we do not want you to be distracted with any issues that might come up when you try to build your own Linux system or Linux cluster so my recommendation is to aim to complete this course only using the labs that we provide in the browser and go from start to finish without any Interruption if this is a 2-hour course then you should aim to complete it in 2 or 4 hours at the maximum so head over to the labs using the links given below and come back here once you are done now we'll look at how to create delete copy and move B files and directories and lenux before we dive into this lesson we need to understand a few basic things what is a file system tree what is an absolute path and what is a relative path to list files and directories in your current or working directory we use the ls command in Linux using LS in your home directory might look like this LS comes from list on Linux files and directories can have a name that begins with a DOT an example would be the SSH directory these won't be displayed by a simple LS command they are in a way hidden to list all files and directories even the ones beginning with a DOT use ls- a the- a flag comes from the word all of course to list files and directories from a different location we just type the directory path at the end of Ls like lsbar log or ls- lbar log to list files and directories in a different format called a long listing format that's going to show us more details for each entry like the permissions for a file or directory what user or group owns each entry and when it was last modified we can combine the- a and- l command line options like this either by writing ls- A-L or ls- this will display entries in the long listing format and also so show us the pseudo hidden files and directories which have a name beginning with a dot it doesn't matter which order you put the plags and you don't have to put a dash in front of each of them however the last form is preferred as it's faster to write there's also a command line option DH that show sizes in human readable format like bytes kilobytes megabytes and so on and this has to be combined with the dasl option if we wanted to use all three options we could use ls- a and there we can see all of our previous information but also the human readable sizes like bytes kilobytes and megabytes Linux organizes files and directories in what it calls the file system tree why is it called a file system tree that's because like a tree we'd see in nature this also has a root branches and leaves except linux's file system tree is inverted the root is at the top and its branches and leaves grow downward the root directory is Slash and this is the top level directory there can be no other directories above it under slash there are a few subdirectories like home bar Etsy and so on these subdirectories may also contain other subdirectories themselves to access a file or directory on our command line we must specify its file path or directory path this path can be written in two different ways the easiest to understand is the absolute path slome Aron do/ invoice. PDF is an example of such a path absolute paths always start out with the root directory represented by slash then we specify the subdirectories we want to descend into in this case first home then Aaron then documents and we can see the subdirectory names are represented by a slash finally we get to the file we want to access which is invoice. PDF an absolute path can end with the name of a file but also with the name of a directory if we'd want to refer to the document directory we could specify a path like slome Aon doents to understand a relative path we must first explore what the current directory means this is also called The Working directory to see our current or working directory we can type PWD and that stands for print working directory when we're working at the command line we're always inside of a directory for example example if we log in as a user Aaron on some server our starting directory might be slome Aon and every user starts in its home directory so Jane might have it atome Jane and root the super user or administrator has it at /root to change our current directory we use the CD command and CD stands for change directory so if we entered CD SLB bar/ log that would change our current directory to/ barlog and here we used an absolute path but we can also change directories in another way uh for example using cd. dot which would take us one directory up so if we were to CD first into slome eron running cd. dot would take us into slome which becomes the new current directory dot dot always refers to the Parent Directory of our current directory so this was a pretty simple example of using a relative path so let's dive a little deeper let's imagine our current directory is slome Saron with relative paths we can refer to other places in one of three main ways the first is locations under our current directory so for example documents invoice. PDF since we're inhome Erin typing a path like documents invoice. PDF is like typing slome aandd invoice. PDF our relative path gets added to the current directory and we get our PDF file we can also refer to locations in our current directory so typing invoice. PDF will'll access the file at/ homes /ar invoice. PDF we can also refer to locations that are above our current directory typing do.in PDF points to the file atome invoice. PDF since we used do slash we basically said go One Directory up and we can use dot dot multiple times do. invoice. PDF points to the file at/ invoice. PDF the first dot dot moved the relative path to home and the next moved it to slash so a few extra tips if you're in SLB barlog currently and you want to move to slash you could run the command CD slash and it will take you to the root directory you can return to your previous working directory with the cd- or CD minus minus command that would take you back to /b barlog so if you're in the SLB barlog directory and you want to return to your home directory which in our case is slome Aaron you'd just use CD by itself CD without any options or paths after it will always take you back to your home directory so let's assume we're in our home directory and we want to create a new file to do this we use Touch for example to create a file named receipt. PDF we would type touch receipt. PDF and this will create it inside the current directory to create it at another location we could use Touch slome Jan re.pdf and since we're inhome Aron we could also use the relative path to create the file inhome Jane by typing touch do dojan SL re.pdf both commands would work the same because all the commands will discuss except both absolute and relative paths so we won't mention these alternatives for each one just know that after the command you can use any kind of path you want to create a new directory use mkd for example mkd receipts mkd comes from make directory to copy a file we use the CP command which is short for copy CP is followed by the path to the file we want to copy which is our source and then the path to the destination where we want to copy it to copy receipt. PDF to the receipts directory we'd use CP receipt. PDF receipts slash notice how we terminated the path to the to the receipts Direct with a slash to make it receipt slash without the slash it would have worked too but it's good practice to end your directories with a slash this way you'll form a healthy habit and get a visual indicator that tells you when receipts without a slash might be a file and receipts with a slash might be a directory to copy receipt. PDF to the receipts directory but also choose a new name for it we could use CPR receipt. PDF receipts receip copy.pdf to copy a directory and all its contents to another directory run the CP command as before but with the dasr option the- R is a command line option they're also called command line flags and that tells CP to copy recursively and that means to copy the directory itself but also descend into the directory and copy everything else it contains like files other subdirectories it may have and so on so for example say I have a lot of directories subdirectories and files under the receipts directory I'd like to back up all the contents into a backup directory named backup of receipts to do this we'd run the command cp-r receipts SL backup of receipts slash this copies all subdirectories and files from the receipts folder into the backup of receipts folder the name you choose for your clone directory must not exist at your destination so for example if we already had a directory at slome aandb backup of receipts then this will just move receipts there and it would end up at documents SLB backup of receipts SL receipts slash so we saw that the copy operation copies a file from one place to another resulting in two copies of the files the original one and the one in the new location but what if we want to move a file from one location to another so that the file is not present in the original location and is only present in the new location for this use the MV command MV stands for move run the command MV receipt. PDF receipt slash to move the file from receipt. PDF to the receipts folder the file is moved and there is only one copy of the file available to rename a file we can use MB re.pdf old receipt. PDF to rename a directory we can use the new name as the destination such as MV receipts SL old receipts slash notice here that you don't need to use the dasr recursive flag when you use MV MV takes care of all of that itself to delete a file we use the RM command RM comes from remove to delete the file invoice. PDF we can use RM invoice. PDF to delete a directory like the invoices directory we' use rm- R invoices slash to make it recursive so once again the- R option makes it recursive deleting the directory along with its subdirectories and files so whenever you copy or delete directories remember to always add the- R option in this lecture we'll look at how Linux manages hard links to understand hard links and soft links we must first learn some very basic things about file systems so let's imagine a Linux computer is shared between two users Aaron and Jane Aaron logs in with his own username and password and Jane logs in with her own username and password this lets them use the same computer but have different desktops different program settings and so on so Aaron takes a picture of the family dog and saves it tohome aonp picturesfamily dog.jpg let's simulate a file like this with this we created a file at picturesfamily dog.jpg and stored the text picture of Milo the dog inside there's a command on Linux that lets see some interesting things about files and directories that's the stat command so here we'll notice an iode number well what is this file systems like xfs ext4 and others keep track of data with the help of iodes our picture might have blocks of data scattered all over the disc but the I node remembers where all the pieces are stored it also keeps track of metadata things like permissions when the data was last modified or last accessed and so on would it be pretty inconvenient to tell your computer hey show me inode 529 46177 so we work with files instead the one called familycore dog.jpg in this case the file points to the iode and the iode points to all the blocks of data that we require and finally we're going to get to what interests us here we notice this in the output of our stat command there's already one link to our iode yes there is when we create a file something like this happens we tell Linux hey save this data under this file name familycore dog.jpg and Linux says okay we'll group all this files data under inode 529 46177 data blocks and iode are created will hardlink the file family dog.jpg to inode 529 46177 so now when we want to read the file we say hey Linux give me the data for familycore dog.jpg and Linux says okay let me see where that inode links to here's all the data you requested for inode 529 46177 so the number shown as links in the output of the stat command is the number of hard links to this iode from files or file names it's pretty easy to understand but why would we need more than one hard link for this data well Jane has her own Bolder of pictures at slome janp pictures how could eron share this picture with Jane the easy answer is just copy slome aonp picturesfamily dog.jpg tohome janp picturesfamily dog.jpg no problem right but now imagine we must do this for 5,000 pictures we would have to store 20 gigs of data twice so why use 40 gigs of data when we could just use 20 how can we do that so instead of copying slome aonp picturesfamily dog.jpg to /home janp picturesfamily dog.jpg we could hardlink it tohome janp picturesfamily dog.jpg and the syntax of the command to do that is like this Ln path to the Target path to the link file the target file is the file you want to link with and the link file is simply the name of this new hard link we create technically the hard link created at the destination is a file like any other the only special thing about it is that instead of pointing to a new I Noe it points to the same I node as the target file in our imaginary scenario we'd use a command like lenhome aonp picturesfamily dog.jpg slome janp picturesfamily dog.jpg now our pictures only stored once but the same data can be accessed different locations through different file names and if we were to run the stat command now we'd see the links are now two as the I node now has two hard links pointing to it and another beautiful thing about hard links is this say Aaron and Jane share the same 5,000 pictures through hard links and maybe Aaron decides to delete his hardlink ofhome aonp picturesfamily dog.jpg what will happen to Jane's picture nothing she'll still have access to that data but why because the iode still has one hard link to it before it had two now it has one but if Jane also decides to delete her hard link to the picture atome janp picturesfamily dog.jpg the I node will have zero links to it and when there are zero links the data itself will be erased from the dis the beauty of this approach is that people that share hard links can freely delete what they want without having a negative impact on other users that still need that data but once everyone deletes their hard links to that data the data itself will be erased so data is intelligently removed only when everyone involved decides they don't need it anymore there are some limitations for hard links and lenux you can only hard link to files and not to directories you can also only hard link to files on the same file system if you had an external drive mounted at/ mntb backups for example you would not be able to hard link a file from your ssdh homeerin uh to some other file on SL mn/ backups since that's a different file system there are some other things to take into consideration when you hard link first make sure that you have the proper permissions to create the link file at the destination in our case we need write permissions atome janp pictures and second when you hardlink a file make sure that all users involved have the required permissions to access that file for Aaron and Jane this might mean that we might have to add both their usernames to the same group for example family then we'd use a command to let the group called family read and write to this file you only need to change permissions on one of the hard links and that's because you're actually changing permissions stored by the iode so once you change permissions at slome SARP picturesfamily dog.jpg slome janp picturesfamily dog.jpg and all other hard links will show the same new sets of permissions let's look now at how Linux manages soft links you know how when you install a program on Windows you might get a shortcut on your desktop you doubleclick on that shortcut and the application gets launched the application is obviously not installed on your desktop it may have its file stored in the cprogram filmcool app directory and when you double click on the shortcut this only points to an executable file at cprogram filey application. exe so the double click on that shortcut basically redirects you to the file see and/ programfiles mycool application. exe which then gets executed soft links in Linux are very similar a hard link pointed to an iode but a soft link is nothing more than a file that points to a path instead it's almost like a text file with a path to a file or directory inside the syntax of the command to create a soft link which is also known as a symbolic link is the same as before but we add the- s or-- symbolic option so it look something like this ln- s path to the Target file followed by the path to the link file where the path to the Target is the file or directory that our soft link is going to point to and the path to the link file is where our soft link will actually be created so for example to create a symbolic link that points to the slome ainp picturesfamily dog.jpg file we can run the following command Ln dsome a/p picturesfamily dog.jpg familycore doog short cut.jpg now if we list the files and directories in Long listing format with the ls- L command we'll see output like this and the L at the beginning shows us that this is a soft link and ls- L even displays the path that the soft link points to if this path is long LSL might not show the entire path an alternative command to see the path stored in a soft soft link is readlink uh followed by the path to the soft link so in our case that would be readlink familycore dogor shortcut. jpg you may also notice that all the permission bits are WX read write and execute seem to be enabled for this file and that's because the permissions of a soft link do not matter if you were to try to write to a file like FST tabore shortcut and this would be denied because the permissions of the destination file apply and/ Etc FS tab does not allow regular users to write here so in our first command we used an absolute path uh that was slome aonp picturesfamily dog.jpg we ever changed the directory name Aaron in the future to something else this soft link will break you can see broke links highlighted in red in the output of the ls- L command uh to tackle this you could create a soft link with a relative path uh say for example you were in the home directory of Aaron you could create a soft link using the relative path of the familycore dog file instead of specifying the complete path so that way when someone tries to read relative uncore picture uncore shortcut they would get directed to pictures slamily dog.jpg relative to the directory where the soft link is since soft links are nothing more than paths pointing to a file you can also soft link to directory so something like ln- s pictures slash followed by a shortcut to the directory would be valid and you can also soft link to files or directories on a different file system which differs from the way that Linux handles hard links so head over to the labs using the links given below and come back here once you are done we'll now discuss how to list set and change standard file permissions in lenux to understand how file and directory permissions work on lenux we must first look at file and directory owners if we Type ls- L we'll see something like this any file or directory is owned by a user in this case we see that the file familycore dog.jpg is owned by the user called Aaron only the owner of a file or directory can change permissions in this case Aon The Only Exception is the root user that's the super user or administrator account which can change permissions of any file or directory in the second field we see that this file also has a group associated with it and that's the family group we'll see later what the role of groups are to change the group of a file or directory we use the chgrp command and that stands for change group and its syntax is chgrp followed by the group name followed by the file or directory name so for example to change this file's group to wheel we'd use chgrp wheel familycore dog.jpg if we do another ls- l we can see that the group has now changed to wheel we can only change to groups that our user is a part of and to see which groups our current user belongs to we can use the groups command so this means we could change the group of our file to Aaron wheel or family there's also a command to change the user owner of a file or directory and that's CH WN or Chow that stands for chain owner and its syntax is CH followed by the user that we'd like to change it to and the file or directory's name so for example to change ownership of this file to Jane we'd use CH Jane family dog.jpg but only the root user can change the user owner so we'd have to use the sudu command to temporarily get root privileges and that's why here we have sudu CH Jane family dog.jpg so with another ls- L we can see the user has now changed to Jane we can change both the user owner and the group with a different syntax of chow it be Chow user colon group follow by the name of the file or directory and again since only root can change user ownership we're going to set the user back to Aaron and the group to family to RT all of our changes by using sudu Chow Aaron colon family family dog.jpg and one last ls- L will show us that the owner is aing again and the group is family our ls- L command also shows us the permissions of all files and directories in our current directory the first character on that line shows us what type of an entry this is so whether it's a file a special file a directory and so on so for example we'd see D for a directory L for a soft link or dash for a regular file and here's a table that shows the different identifiers and what they stand for we'll learn about some of these file types later in this course the next nine characters show us permissions so the first three are permissions for the user that owns the file the next three are permissions for the group that the file F belongs to and the last three are permissions for other users that's any user that is not Aaron or not part of the family group in the example we've been working with so let's see what RW and x mean in two different context because they act in a certain way for files and have a slightly different behavior for directories so here for a file R means that the user group or other users can read the content of this file a dash means they cannot read it w means the user group or other users can write to this file to modify its contents and X means the user group or other users can execute this file some files can be programs or shell scripts list of instructions we can execute so to be able to run this programmer shell script we must have the X permission a dash permission here means the programmer shell script cannot be executed for directories we must think a little differently unlike a file that may contain text to be read executed and modified directories do not have such contents their contents are the files and subdirectories they hold so read write and execute refers to these files and subdirectories they have inside so R means the user group or other users can read the contents of this directory we need an R permission to be able to run a command like LS pictures SL and view what files and subdirectories we have in the directory w means the user group or other users can write to this directory we need W to be able to create or delete entries in that directory like adding or deleting files or subdirectories as when we use the MK deer command and X means we can execute into this directory we need X to be able to do CD pictures and enter into the pictures directory when directories are meant to be accessible you'll normally find both the r and the X permissions enabled whenever you're on a Linux system you're logged in as a particular user we've changed permissions in an interesting way to make this easier to understand so look at the permissions for the familycore dog. JP G file it's set to- r-- RW d--- uh that's uh read only for the owner read right for the group and no permissions for others we see that the current owner of the file is Aaron and we know Aaron is part of the family group can Aaron write to this file considering the fact that the OWN owner has readon permissions it might seem that he should be able to do that as he's part of the family group and that group has read write permissions but if we try to add a line of text this file it fails and why is that because permissions are evaluated in a linear fashion from left to right with these permissions in mind let's see how the operating system decides if you're allowed to do something it goes through a logic like this who's trying to access the file well that's Aaron and who owns this file Aaron is the owner and owner permissions apply Aaron can read the file but cannot write to it so write permission is denied it does not evaluate the permissions of the group because it already matched you to the first set of permissions the ones for the owner of the file if you're logged in as a different user for example Jane the logic would be more like this so who's trying to access the file Jane and who owns the file Aaron okay owner permissions do not apply uh moving on to group permissions is Jane in the family group yes she is okay so group permissions apply Jane has read write permissions so she can read and write to the file if the user trying to access the file is not the owner and is also not in the family group the last three permissions would apply the permissions for other users so now that we have a basic understanding of permissions let's move on to how we can change them to suit our needs to change permissions we use the chod command and the basic syntax of the chod command is chod followed by the list of permissions that we want to change and then the name of the file or directory we're changing permissions for we can specify these permissions in many ways so let's start out with some simple examples we saw that our owner Aaron cannot write to this file so let's fix that to specify what permissions we want to add on top of the existing ones we use this syntax to add permissions for the user or owner it's U plus a list of permissions so some examples would be U plus w u + RW or U plus rwx to add permissions for the group it would be G plus the list of permissions and to add permissions for other users it would be o plus a list of permissions in our case we want to add the right permission for our user owner of the file so here we would use chod u+ wamore dog.jpg now the old r-- becomes our w- with the newly added W permission so we fixed our problem and Aaron can write to this file to remove permissions for the user owner we would use U followed by a list of permission so some examples would be u-w or u- RW or U dwx to remove permissions for the group it would be g-list of permissions and to remove permissions for other users be o- the list of permissions so at this point we have the permission r- dash for other users that means anyone on this system can read our familycore dog.jpg file if we want only the user owner and group to be able to read it but hide it from everyone else we can remove this R permission with chod o-r family dog.jpg now only Aon or the family group can read this file and no one else with plus and minus we saw that we can add permissions on top of the pre-existing ones or remove some of them from preexisting ones so if a file has rwx and we remove X we end up with RW DH if another file has r-x and we remove X we end up with r-- if we only care about removing the execute permission and we don't care what the other permissions are this is perfect but sometimes we'll have a different requirement we want to make sure that permissions are set exactly to certain values and we can do this with the equals sign and just like before this is done with the format U equals followed by a list of permissions or g equals followed by the list or o equals followed by the list an example we want to make sure that the group can only read this file but not write to it or execute it to do that we can run chod gals R familycore dog.jpg we can see that before group permissions were rw- we didn't tell chod to actually remove the w permissions but by saying g equals r we told it to make the group permissions exactly R d-h This only affects the group permissions and not the user or other permissions if we'd want to let the group read and write but not execute we could use chod g equals rwam dog.jpg we can see that whatever letter is missing will make chod disable permissions for that thing no X here means no execute permission will be present on the file which leads us to the next thing what if we omit all of the letters no r no W no X just chod g equals family dog.jpg this is like saying make group permissions all empty another command that does the same thing would be chod g- rwx undor dog.jpg and that's going to do the same thing but following a bit different logic that will remove all the permissions from the group r w and X so we saw how to add permissions with plus remove with minus and set exactly to with equals we can group all of these specifications in one single command by separating our permissions for the user group and others with a comma for example let's consider this scenario we want the user to be able to read and write to the file and don't care if execute permission is on or off we want the group to only be able to read exactly this permission and we want others to have no permissions at all our Command could be chod u+ RW comma G equal R comma o equals family dog.jpg or let's say we want the user to only be able to read and write but we want to remove the WR permissions for the group and leave all other group permissions as they were and we don't care about permissions that apply to other users we could use chod = RW comma g-w to family dog.jpg chod supports another way to set and modify permissions and that's through octal values first let's look at another command that shows us permissions and that's the stat command so we could do stat familycore dog.jpg and here's the list of permissions displayed by stat we can see that rw- r d d-- d has an octal value of 640 you can ignore the first 0o because that's for special permissions like set uid set GID and the sticky bit if we break this down 640 means the user owner permissions are six the group permissions are four and the other permissions are zero but how are these calculated let's take a closer look at this permission we have r w for user R for group and none set for others each permission is represented in binary if it's set the binary is set to one or else it's set to zero in this case the first part is 1 1 0 the second part is 1 0 0 and the third part is zero converting this binary to decimal would give give us six for the first part four for the second part and 0o for the third part here's a quick binary table for your reference let's take another example this time rwx r-x and r-x so the binary format would be 111 1 1 1 1 the decimal of which is 75 five in the last example it's read write and execute for all so it's one for all of the bits so the decimal value is 777 if you find binary difficult another approach would be to use the octal table and it's much simpler for each permission assign an octal value for example four for read two for right and one for execute then whichever permission is set consider the respective value for that and for the permission bit not set consider it to be zero once done add up the numbers within each group so you would get 4 + 2 = 6 4 + 0 + 0 is 4 and the last group is 0o let's look at using the same approach for the other examples as well so rwx r-x and r-x gives us 7 5 five and full permissions give us 7 77 once we identify the number we want to set it to we can use the same in the chod command as well instead of specifying the permissions for each group we could just provide a number like this chod 640 familycore dog.jpg so head over to the labs using the links given below and come back here once you are done in this demo we'll be showing off pagers and the Vim text editor pagers are programs that allow you to open multiple pages of text and navigate through them while on the terminal and the two pages Fe that we'll be looking at are called less and more the first one we'll look at is less it's a bit more feature Rich than more and to access it you first type its name followed by the name of the file that you want to open in this case I'm going to use the log file for the dnf package manager because that has enough information in it to really show off our pages so that's located at this location we press enter so now we've opened in the pager and one of the ways you can tell that you're in a pager because other programs might open them for you is that in the bottom left corner you'll see the name of the file highlighted there so with the last pager you can use the arrow keys up and down to move up and down in the file and you can also have things like search functions so for example to search for text you press the slash key you'll see that down in the bottom left hand corner followed by the term you'd like to search for I'll search for debug since I know that appears several times in this file so you'll see on the first line here it's been highlighted where it occurs and to get to the next instance on a line where it would occur you would press the in key that will continue to move to each new instance of debug but you'll notice that it's skipping some of them and that's because the case is sensitive uh so to make it case insensitive you need to pass the dash me Dash I option to ignore case and that will start getting all of the instances of debug and to move backward through previous results you would hold the shift key and press press n so a capital N will move upward through the previous results and lastly For Less in order to exit the pager you press Q to quit it's a brief overview of the L pager more does not have as many features but you do access it the same way and you'll see you'll know you're in more because it will let you know down at the bottom it will say more and show you a percentage and for more you move through things by pressing the space bar and that moves a page at a time and to get out of more you press the q key so that is it for pagers Let Me Clear My screen for you now we'll move on to the Vim text editor that is VI improved when you open it you open it with BM it'll give you this nice little greeting screen with your blank file and a couple of things that you can do shows you a few of the commands that you can have them is mode sensitive so it has different modes to be in and different keys and functions are available depending on the mode that you are in uh in order to write text into a file you need to press the I key that's for insert you'll notice down at the bottom left hand corner it now says insert and you can start typing text all right so we have this as our text for our Vim demo I'll give a couple of blank lines here all right so some things that you can do with Vim uh you press escape to go back to its default mode and you can't typee anything in the default mode so for Vim uh to search you can use the slash key just like you did in Les when you're in the default mode so I'll search for this and it doesn't find that because it is case sensitive so I can search for one that we can find so it'll highlight all instances of is if I type Ty is if you want it to be case insensitive you can do this followed by an escape character so that's a slash going the other way and then the letter c lowercase letter C think of C for case so that'll make it case insensitive okay the next thing we would want to look at uh in the default mode you can go to a particular line number by typing a colon followed by the line number so I've got about three lines in here so to go to line three we'll take our cursor to line three I type two you can see we've gone back up to two and of course one will take us back to the original line number right and to uh copy a line of text an entire line of text when you're in command mode you hit the Y y key two times Okay so we've copied it and then to paste that line of text you can use the P key in command mode so it'll paste it wherever you have it you can also cut a line of text by using the D key two times so DD we cut it and you can also paste things that you have cut with the P key so if you need to replace a line go to a particular line and replace it uh when you're working with a file those are some useful Vim commands now probably the most complicated thing about Vim the first time you open it is how do you get out of it a lot of people have trouble with that it's not really that hard if you have made changes to a file and you want to save them you hit the colon key and you type when first to save changes you would type w for write we haven't given it a file name so it has nothing to write to but to quit and write changes new colon WQ of course it's not going to let me do that because I did not give it a file name so in order to quit without making changes or saving changes that's important if you get yourself in a situation like this where you did not provide a file name then you would do en Q for quit and then exclamation mark as if you're saying you know I told you to quit and being emphatic about it and that will allow you to quit the Vim text editor without making any changes if we were to have provided a file name when we started we can do bimm test file it's already a file that we have created here so I'll just go ahead and make some changes to it it's not really important what what's in this file right and then we would do WQ write and quit and that would let us exit the pile we can actually see that that went into our file by using our cat command we see our new changes down at the bottom so that is a brief overview of the functions of less more and BM let's look at searching text using GP and Linux let's look at some basic ways to search for text at times you may have a large text file that contains a lot of data and you might want to find specific information within it for example lines containing some particular text one important Linux command that lets you search through text files is grap so let's see how it works the general syntax we will use with GP is grap followed by the search options then the search pattern file and then the file we can emit command line options but we should specify a search pattern and a file we want to search through for example to search through the SLC os- relase file and find all lines that contain the text sent OS we'd use this command uh search is case sensitive so this command would show show us different lines that would have this word with all the letters in lowercase if we want to make the search case insensitive to find both Cent OS with the capital letters and C OS lowercase or even C OS in all capital letters or any such variation we can use the - I command line option - I stands for ignore case instead of searching through a specific file we can also search for all files that exist under a directory and its subdirectories to do this we add the dasr option and instead of specifying a path to a file we specify the path to a directory R stands for recursive we can group recursive search with the ignore case option using- IR our regular user cannot read most of these files so we get permission denied errors if we want to search through system files that only the administrator account can access we have to use sudu along with our GP command so sudu gr-ir cnos SLC would give us the following output we can also invert search results uh for for example we can search for lines that don't contain the text Centos by adding the- V option that's for invert match now consider this command this matches both red hat and red but what if we're only interested in matching the word red and not a bigger word that just contains the text readed within it we can use the- option to match only words and finally notice how GP displays the entire line that has matched this is useful as it shows us some context showing us where these matched characters or words have been found but sometimes we'll only want to extract the results themselves not caring about the rest of the line we can tell grep to do this by passing the- o or only matching option to grab let's look at analyzing text using basic regular expressions and Linux in our previous commands we used simple search patterns looking for some specific pieces of text like cnos but what if we need more complex search conditions so imagine we have some documentation scattered in hundreds of files and we need to extract all IP addresses mentioned in these documents and that would require more advanced search instructions an IP has a form like 20312 3.5 but we can't just make a search pattern look for numbers with a DOT between them as this would also match numbers like 1.2 which are not IP addresses so in math we can say something like X is an integer and X is bigger than three and that X is smaller than 8 and this would mean that X is either four 5 6 or S regular Expressions work in a similar way we specify some conditions tie all of them together and our search pattern only matches what perfectly fits within those conditions so let's start out with some super simple examples and then build up to slightly more advanced Expressions so all regular expressions are built with the help of operators like the carrot dollar sign period asterisk plus sign braces the question mark the vertical pipe brackets parentheses and brackets with carrot so let's see what each one of them does so here's a file with the set of names and we need to find names that start with s when we do a grep for Sam we get names that start with Sam but also names that have Sam anywhere in them and that's not what we want we just want the words that start with Sam and not those that have Sam in them so that's where we use the line begins with operator so this is usually the alternate character on the number six key on most keyboards and using this operator within the search string only Returns the lines that start with the given search term and not all lines that contain this term and just to show another example we could look for lines that start exactly with these four letters P a SS like this in the same example as before we would like to only get the names that end with with Sam so for this uh we would use the line ends with operator which is a dollar sign and we place this operator at the end of the search term to indicate interest to display only lines that end with a search term so in this case it would list the name basan so here are some other examples uh say we need to list lines that end with the number seven using a simple grip with the number seven lists multiple lines that contain this number and we can tell our regex to look for a line that ends with seven with an expression like this that gives us a pretty clean result so just like with the carrot with the dollar sign we can look for lines that end with the sequence of characters uh to look for all lines that end with the text male do something like this so please take note of how the operators are placed differently if you mix up their location you won't get any results which can lead to confusion about why your reg X is not working so to easily remember their locations uh think like this the line begins with operator should be placed at the beginning of my search pattern and the line ends with operator the dollar sign should go at the end of the pattern so anywhere you add a period in your expression it will match any character in that spot so for example uh C.T would match cat Cut sit caught and even c1t or C pound sign T but it won't match CT there must be exactly one random character between C and T and with C period period T there have to be two characters so an example would look like this and we can see that even execute is a match because that sequence fits inside of that word so if we'd only want to match the whole word with this and not parts of words we can use greps dasw option you can think of DW as word and that would match only full instan of that and not partial word matches or word that contain it and this brings us to an interesting problem this period has a special meaning in regular Expressions but what if we need to search for an actual period in our text well this won't work as this reg X will basically match each character one by one so the solution however is simple uh we look for a regular period by escaping the character so escaping is how we tell our regular expression hey don't consider this period a mat match any one character operator instead interpret it as a regular period so to escape some special character we just add a backs slash before it so instead of a period we would write backs slash period so our GP command to search for a regular period to end a sentence let's say would look like this so let's say that we we have an expression like L asterisk so this is going to match several things it'll match L but it's also going to match l l l and so on no matter how many T's are at the end so another way of saying this is that the asterisk allows the previous element the T in this case to be either omitted entirely to appear once or to appear multiple times so in a GP command we could use it like this and we can see instances such as file where it does not have the T appearing at all and we can see instances say letter where it appears more than once so the asterisk operator can be paired up with other operators so for example to look for something for say sequences that begin with a forward slash uh have have zero or more characters in between and end with another forward slash we could use a pattern like this and since the period matches only any one character and asteris says previous element can exist 0o one two or many more times we basically allow any sequence of characters to exist between the forward slashes let's say we want to find all sequences of characters where zero appears one or more times so we might be tempted to use an expression like this but as we can see this also matches lines that contain no zeros at all and why is that that's because the asterisk lets the previous character exist one more times but also zero times it basically allows that element to be optional in our search so we need another operator that forces the element to exist at least one time or many more and the Plus sign does this so let's explore this a little more 0 plus would match strings like 0 0 0 0 0 0 and so on so we might think that we could write this in grep and find what we're looking for but this doesn't look like the result we want our plus works like a literal plus sign instead of an operator why is this that's because by default GP uses basic regular Expressions the manual page for GP has this to say in basic regular Expressions The Meta characters question mark plus bracket vertical pipe parenthesis lose their special meaning instead use the backs slashed versions or escaped versions that means to use plus as an operator here we have to add the backslash before it to make it back SL plus so our Command becomes this but this can be confusing pretty fast we uh saw already that we use something like back SL period to turn the period operator into a regular period and now we're using uh the back slash to turn a regular plus into the plus operator so it' be hard to keep track of what to backslash and what not to so we can go the easier route and use extended regx and dead which doesn't require us to backslash anything and we can use the extended regex uh by adding the- capital E option to GP or even easier we can use the command eegp and we're going to look at GP and with a dash capital E and EGP in our next video so we can make it a habit to always use EGP instead of GP to avoid mistakes where we forget to back slash one of our regex operators now let's build on our previous video on basic regular expressions and take a look at extended regular Expressions that we can use in lenux so we ended the last video talking about using the back slash character or to turn the period operator into a regular period so we also talked about using the back slash to turn a regular plus sign into the plus operator so we mentioned that we would use the- e option for grap or the even easier e grap let's take a look at those using the dash capital E option so that we don't have to use the back slash Escape character we would have our Zer plus with plus as an operator look like this or the equivalent EGP command would look like this so it is a good habit to develop to always use grap just in case you want to avoid those backs slash characters and any mistakes that might come along with them right so let's look at some more types of regex operators uh say we want to find all strings that contain at least three zeros so we do this with brackets brackets say that the previous element can exist or the contained element I guess we could say can could exist this many times so this would give you one where it matches three zeros at least so to find all strings that contain a one followed by at most three zeros we'd have an expression that looks like this so note that this will also match ones followed by no zeros it's matching at most and to find all strings that contain exactly three zeros we have construction that looks like this so the brackets are the previous element can exist this many times so a question mark will let the previous element exists precisely zero or one times it basically makes it optional it can exist once or not at all so let's say we're trying to find all text that says disabled or disable so this means that the last D is optional so we can write an expression like this with disabled question mark to use in GP and I want you to note that this also matches the word disables and this is a case where the letter D did not come at the end and disable still matches right so we may have an expression like zero and then our bracket so we have a minimum value a comma and a maximum value that's going to be used to find and match uh zero must exist at least the minimum number of times and at most the maximum number of times so to find all strings that contain three four or five zeros you would write an expression which looks like this and that way we can give a range of how many Zer we would like to find so if we want to match enabled or disabled we could use the vertical pipe which is what we use to symbolize or construct a graph expression that looks like this basically matches what it finds on its left side or its right side and we could combine this with a previous trick where we made the last letter D optional using the question mark to also find variations like enable or enabled or disable or disabled and that graphic expression would look like this so a range is specified in the form of for example A to Z so this will match any one lowercase letter uh from a b CDE e all the way to Z uh we could do it numerically Express a numeric range 0 through 9 will match any one digit from 0 to 9 and sets are specified in a form like this so this particular set would match any one character with an a b z 9 five or four so say to find all strings that contain the text cat or cut we could use a regular expression that looks like this and that would leave either the a or the U inside the brackets to match cat or cut so with ranges and set so we can make our searches both wide and specific even at the same time so for example let's ask ourselves how would we find all special device files which have names like SLB sba1 or similar well we could think like this uh find all strings that contain SL Dev slash followed by any random characters so we might be tempted to write an expression like this with dot for a random character and an asterisk this kind of matches some weird stuff because dot asterisk is really greedy it matches way too many things after it captures what we're looking for so we can make our search wide enough to catch all/ Deb devices but specific enough to only capture the parts we need and we're going to do that using ranges so we can say after SL slash match any number that's going to be the asterisk of lower case characters from A to Z we could use an expression which looks like this so that's looks a little bit better but we can see that some things are still missed uh sltw is matched but instead of the entire sltw Zer so how can we catch the digits at the end too well that's pretty easy we specify that a digit from 0 to 9 should exist there and we'd craft a grab expression like this but now we run into another problem only things that have a digit at the end are matched with this new regex we'll only find SL de sda1 for example but notd SDA going to need to do a little more work that's a pretty easy fix uh we can just make the digit at the end optional with a question mark so we could craft a regular expression like this and that's starting to look much better now so let's talk about sub expressions in math we could see an expression like this 1 + 2 * 3 and we know that that's 1 + 6 so that equals 7 that's because first multiplication will be done and then addition but what if we first want to add one and two and then multiply by three we'd write it this way in parentheses and that way we know that this would evaluate to 3 * 3 which would be 9 so in regular Expressions we can do a very similar thing so let's take a look at the last expression that we had used so if we were to scroll up in the output we'll see that we still don't match everything we need perfectly uh we have for example SL Deb tty0 P0 the P0 is left out so why is that that's because our expression apparate findd matches any number of a toz characters and then a digit at the end so that's it that's where the match ends so in/ de tty0 P0 after this first zero uh is hit our reg X is happy with a partial result so how could we correct this so we could tell it that after SL de we have some letters and a digit at the end but after that the same thing can repeat 0 1 2 3 or many more times so there can be other sequences of letters followed by a digit so this wayd tty0 would first match and then p 0 would be added uh to this match by that repetition so we would basically want to say that this is part of this regular expression and it should look for this pattern existing 0 1 2 3 or however many more times so it can match things like our TTY y0 p 0 so what makes regx look for an expression like TTY y0 p 0 and what makes it look for something to exist zero or more times so that's going to be the asterisk but if we add the asterisk to the end uh that's not going to be good the asterisk would apply to the previous element only and again uh that's going to we want it to apply to our whole construct so this is an easy solution we just wrap the entire construct in parentheses and this way the asteris will apply to the entire sub expression wrapped in the parenthesis instead of the last element only end up looking like this so now we're going to get a match for our full expression SL de tty0 P0 and but if we scroll up in our results list we're going to find some things that still don't quite work for instance /b/ TTY s0 with the s0 not matching because we didn't include uppercase letters in the regular expression so we could tell our expression to look for lowercase letters or uppercase with the vertical pipe operator okay but writing it like this would be a mistake that's because the asterisk would only apply to the uppercase A to Z range and we need it to apply to the entire expression for lowercase and uppercase letters so once again we can wrap our expression in parenthesis depi this we end up with a little bit more complex but more precise expression that looks like this and we can see that now our TTY s0 matches and if we go on we could look back and find other things things that don't match like this/ Deb term SLA uh because our regex stops when it encounters the next slash and so on so uh this is the kind of logic and fine-tuning we would go through when fixing our regular expressions or making them laser focused on what we need to find so imagine we want to search for links to website addresses that don't use encryption this means that we would want to search for HTTP strings but exclude HT GPS so we saw how sets are in the form of say ABC 23 and ranges take the form of a through z so if we add a carrot in here we can negate them we can tell regex the elements in this set range should not exist in this position so we're going to use carrot with brackets so to look for HTTP links uh we could have a reg that makes sure HTTP is not followed by the letter s look like this and our reg X would function this way so in this case we used a set with only one character but we can use multiple if we want for example we could tell our pattern after a slash there should not be any lowercase letter we use a set that looks like this so keep in mind that for any pattern you're trying to match there are multiple Reg X Solutions you may find to get this right you should practice until you feel comfortable with regular expressions and it's worth noting that regx is not limited to GP you can use regular expressions in a lot of programs that deal with search patterns so for example the said utility also supports regular expressions and you can find additional uh resources for regular Expressions at this address that's reg xr.com so head over to the labs using the links given below and come back here once you are done now let's look at how to create delete and modify local user accounts in Linux each person that needs to log in our Linux server should have their own separate user account this allows them to have personal files and directories protected by proper permissions they also get to choose their own settings for whatever tools they use and it also helps us as a administrators we can limit the Privileges of each user to only what they require to do their job this can sometimes reduce or prevent the damage when someone accidentally writes the wrong command and it can help with the overall security of the system it'll be up to us to manage these user accounts which are sometimes simply called users so let's Dive Right In and see how we create a new user on a Linux system the command that lets us add a new user is intuitively called user ad and the simplest form we can use looks like this where John can be replaced with whatever username we want to choose for this specific account so after we run this command the following things would happen a new user called John is added to the system and a new group also called JN is automatically created the group John will be set to be the primary group of the user John a home directory is created with this account at /home joh and this is where JN can store his personal files and subdirectories plus his program settings their default shell will be set to be the program found at /bin/bash whenever John logs in this is the application he'll be dropped into effectively his entire login session will run inside this app and all the files from Etsy skll will be copied to the user home directory slome joh and you can explore it with ls- ety scale if you're curious to see what's inside we'll see why this so-called skeleton directory is useful in one of the next lessons and also we need to note that the count will never expire uh we'll see what this means later in this lesson all of these things happen because the operating system is configured to take some default actions for each new newly created account we can explore these defaults with the following commands a long form and a short form note the capital D for the short form other defaults related to account creation can be seen by exploring this file the comments explain what each setting does okay at this point we have an account for John but how does he log in his account has no password right now to set a password for him we can use this command and if later we want to delete an account such as John's account we can use the user Dell command note however that this will only delete the John user account and also the group with the same name JN might get Auto removed but John's home directory atome joh will remain and that's normal because his personal files might still be needed but if we're certain that those files aren't necessary anymore we can make the user Dell command also remove the user's home directory and his or her mail spool using this command and of course its equivalent short form now coming back to our user ad command if we're not happy with the defaults we could choose a different shell and a home directory with a command like this or its short form on the second line of course if we only want to choose a different shell but keep the default location for the home directory we can just pass this option these Account Details such as usernames user IDs group IDs preferred shells home directories Etc are stored in the file at Etsy password and we can see them if we type cat aty password so we'll see a line that looks like this the first number 1001 is the ID number associated with J's username the next 101 is the numeric ID of its primary group also called John in this case then we can see the home directory and the preferred login shell user ad will automatically select a proper numeric ID from the available IDs and it'll be incrementally done uh just by adding one to the last one so for the first user the ID will be 1,000 for the next one it'll be 1,1 and so on if we want to manually select a different ID we can use a command like this where it's equivalent short form the user Smith will have the numeric ID 1100 but also the group called Smith will get a numeric ID of 1100 if we want to see what user name and group owns files or directories we can do so with the usual ls- l in this case we'll use the home group or home folder rather uh but if we want to see the numeric IDs of the user and group owners we can add the dash in for numeric option and they'll be shown to us it might also be useful sometimes to find out more about the users we're currently logged in as we can see the username were logged in as plus groups were're members of alongside their respective IDs with the ID command to print out just the username you can type who am I up until now we've created user accounts but there's another type we can create called system accounts to create a system account called cisac we just add the system option to user ad the numeric IDs of system accounts are also numbers smaller than 1,000 so we might see an ID like 976 or 978 for our CIS ACC account so why would we create these user accounts are intended for people and system accounts are intended for programs so there will be no home directory created since it's not needed and usually Damons use system accounts we might see something like a database program running under a system account now let's remove these users and their personal files if you're following along these will be the commands that you would use to get rid of John and Smith and if we ever forget the options for the user ad command we can get a quick reminder by using the help option now let's say we create the user John again but later we decide that we want to change some details for this account the command user mod or user modify that's what it stands for is used for this purpose so for example if we want to change John's home directory we could use user mod with these options the first line is the long version and the second line that appeared is the short version the move home option ensures that the old directory will be moved or renamed so that JN can still access his old files in our case slome joh was renamed to home/ other directory to change the username from John to Jane we could use either of these commands the long form or the short form and to change a user's login shell we could use either of these an often used option with user mod is lock or the equivalent short option with a capital l this effectively disables the account but without deleting it the user will not be able to log in with his or her password anymore however they might still be able to log in with an SSH key if such a login method has been previously set up to cancel this and unlock the account we can use the unlock option or its equivalent short form with a capital u uh we can set a date at which a user's account expires and to do that we'd use a command looks something like this after expiration they won't be able to log in and need to contact a system administrator to reenable their account if we want to immediately set an account as expired we can just choose a date that is in the past and the date format works like this it's year month and then day so to remove the expiration date just specify an empty date you'll use two quotes with nothing inside we can also set an expiration date on the password so please keep in mind that this is not the same as account expiration account expiration completely disables user logins password expiration forces the user to change their password the next time they log in they can still use the account we want to immediately set the password has expired we can use this command and chh change stands for change age so we would just set the last day to zero for Jane's account next time Jane logs in she'll have to change her password if we want to cancel this we can unexpire the password by passing ne1 and if we want to make sure that a user changes their password once every 30 days we could use the max days option and pass the parameter for 30 so if we want to make sure their password never expires we can set max days toga1 and to see when the account password expires we can use the list option to see that information in case you follow along with this exercise you want to delete the user called Jane and the group called John and you can do so with these commands way if you haven't done so already don't forget to subscribe to our Channel now let's explore how to create delete and modify local groups and group memberships in Linux each user can belong to one or more groups and why are these useful well here are a few examples we have a directory full of files that our developers need to work on so they all need read and write permissions we'd have to allow three user accounts to edit these files John Jack and Jane An Elegant solution to this problem is to create a new group called developers then we add our three users to the developers group and finally we make the developers group the owner of those files and we change permissions so that the developers group can read and write to them now John being part of the developers group can easily edit those files and if we want to temporarily deny John access we just remove him from the developers group or if a new member joins our team we can just add their user account to the developers group and boom they have read and write access to those files we can see how this makes things easier to understand from an administrator's perspective it's like assigning roles to user accounts or like user accounts have a label is a developer or is not a developer all of this by simply deciding if they will be part of the developers group or not a part of that group and speaking of roles for user accounts groups can have other special effects for example being part of some group can grant special privileges on the system two common examples one is the users in the wheel or pseudo group who are allowed to do pretty much anything on the system they can run any program with root privileges with root being the most powerful user account in Linux another would be users in the docker group who can manage Docker containers we said that a user can belong to multiple groups but one of these groups is special one of them is the primary group while all of the others are secondary or supplementary groups the primary group is also called a login group that's because as soon as the user logs in this becomes his or her main group but it's hard to understand with Theory alone so let's see what so special about this primary group here are two practical examples when a user laun is a program it is said that it runs under that user account and group otherwise said the program runs with the same privileges that the user account and its primary group have and here's another perhaps more visible example when a user creates a file this file will automatically be owned by the user account and their primary or login group if you want to follow along with this exercise you'll need a user called John beforehand you can create one using the user ad command and it's easy enough to create a new group called developers with a command like this using group AD but how do we add our user John to this group the easiest way to add a user to a group is with the help of the G password command this name comes from the words group password but don't let the name fool you nowadays group passwords are almost never used in practice so the main use case for the G password utility is to add or remove users from certain groups and to add users we can use this G password command or its equivalent short form command and if we want to confirm that this has worked we can see the groups that John belongs to using the groups command so in this output the first group after the colon is the primary or login group and anything else that follows that are the secondary or supplementary groups and if we want to remove a user from a group we can use the delete option or the corresponding /d short option on rare occasions we might want to change the user's primary or login Group which is the group that was automatically created with the user account and has the same name as the user and we can do that with a command like this using user- lowercase G and a user can be part of multiple groups uh secondary groups are created separately from user accounts and a user can only have one primary group we have many secondary groups so while we're working with user mod it's important not to confuse this lowercase G with the capital G as the capital G option changes the secondary groups and not the primary one so to avoid this mistake we can make a habit to use the equivalent long option d-g instead of- lowercase G so now if we take a look at John's groups he's only a member of for the developer group that shows that it's his primary group has changed also like you to note a difference here G password first expects the username and then the group but user mod has a reverse order of group name and then the username and if you find yourself needing help and a refresher on this you can always use G password d-el to take a look at these options and that will show the corresponding syntax showing that the username name must come first when using G password now to rename the group called developers to programmers we could use a group mod command like this give it the new name option or we could use the equivalent short form command which is- in if we want to delete a group we have the group Dell command and if we try to run that we're going to see an error if it's someone's primary group say group cannot remove the primary group of user JN for example so to fix this we can change J's primary group back to the John group with this user mod command and now we can finally delete the programmer group so if a user is part of a secondary group and we want to delete it the command will work without any issues there's no need to First remove the user from that group before deleting it so head over to the labs using the links given below and come back here once you are done now let's look at managing user resource limits and Linux when we have a lot of users logging into the system we may want to impose limits on what resources they can use this way we can ensure that user a does not use 80% of the CPU leaving very little topair for the others to set such a limit we can edit this file we can see as we look through it that it's a Well documented file uh we want to move down until we see this so we can see that the Syntax for setting a limit is domain type item and then value so let's break this down into easy to understand Parts first the domain what we what can we specify here usually it's one of these three things one is the username uh in this case we can just simply type the name of the user such as Trinity uh we can use a group name to set a limit for everyone in the developers group we just add an at symbol in front of its name so we'd write at developers to get such a group limit and the next thing that we can use is an asteris which will match everything uh setting a limit for asteris basically says set this limit for every user on the system so it's a way to set a default limit why default because this limit will only apply to every user that is not mentioned in this list a user limit overrides an asterisk limit so for example uh one asterisk limit can specify that everyone can only launch 10 processes but then another limit for the user Trinity says she can launch 20 processes in this case the Li for everyone will be 10 that's the default but for Trinity it will be set at 20 next is the type which can be three different values hard soft and dash a hard limit cannot be overridden by a regular user if a hard limit says they can only run 30 processes they cannot go above that so it's basically the top the max maximum value for a resource someone can use so to set a hard limit just specify it there in the second field a soft limit on the other hand is different instead of a max value this is more like the startup limit the initial value for the limit when the user logs in if a user has a soft limit of 10 maximum processes and a hard limit of 20 the following happens when they log in the limit will be set to 10 process processes but if the user has some temporary need to increase this they can raise it to 11 12 15 or even 20 processes this way they can get a slight increase when absolutely required so they can manually raise it to anything they require but never above the hard limit and last we have the dash sign this specifies that this is both a hard limit and a soft limit with this we're saying our triny should be able to run 20 processes at the most when she logs in she should be able to use up to her entire allocation without needing to manually raise her limit next up is the item value this decides what this limmit is for we can have things such as inoc and inoc sets the maximum number of processes that can be open in a user session we could have IDE is which sets the maximum file size that can be created in this user session the size is in kilobytes so 1024 here means the maximum file size is 1,24 kilobytes which is exactly 1 Megabyte we can also use CPU and CPU sets the limit for CPU time this is specified in minutes so when a process uses 100% of a CPU core for 1 second it will use up 1 second of its allocated time if it uses 50% of one core for 1 second it will use up 0.5 seconds of its allocation even if a process was open 3 hours ago it might have only used 2 seconds of CPU time if you want to see more stuff that can be limited just consult the user manual for this limits.on file using the man command Let's test our knowledge and add a limit for our user called Trinity to ensure that she can open a maximum number of three processes so first we'd find this line in the file and to do that we would add a line that looks like this we want to make sure there's no pound sign or hash sign number sign uh whatever you would like to call that comment sign at the beginning of this line the Vim editor might automatically add it when you press enter to add a new line here so make sure to delete the proceeding sign otherwise the line would be commented and have no effect now let's save our file and exit to log in as Trinity we can enter this command I instructs sudu to do a real login and you specifies the user we want to log in as so at this moment only one process is permanently running in her session The Bash shell so we should be able to run two more processes let's launch PS and pipe the the output to the less pager we can see it works and now it got us to running three processes the maximum limit now what would happen if we tried to launch the fourth process so let's press Q to quit the L pager and then try the following this would try to launch three new processes LS GP and less plus bash already running which would total four processes and we'll see this failing as expected we cannot run more than three processes so let's type log out to exit from Trinity session so if we want to see the limits for our current session we can type UL limit d a we have small hints between parentheses for example we can see-u displayed for Max user processes this means that we could type UL li- th000 to set our limit to 5,000 processes by default a user can only lower his limits not raise them the exception is when there are hard and soft limits in that case the user can raise his or her limit all the way up to the hard value but only once after the limit is raised with a U liit command the next command can only lower it it cannot be raised the second time even if the hard limit would allow it now let's examine how to manage user privileges in lenux every time we had to make some important changes to the system we used Pudu in our commands that's because only the root user also called super user can make changes to important areas of the operating system whenever we put sudu in front of a command that command runs as if the root user executed it so how come our user is allowed to use sudu if we type the groups command we'll see our user is part of the wheel group whoever is part of this group is automatically allowed to use sudu this means that the easiest way to give another user sudu privileges is to add them to the wheel group to add our user Trinity to the wheel group use a command like this and that's it now this user can get administrator privileges whenever they want but this gives them power to do anything they want on our system what if we want a more fine-tuned control then we could take a different approach there's a special file at Etsy PSE sudoers that defines who can use sudu and under what conditions what commands they can run and so on but we should not edit this file directly we use a utility called vudo this utility can check if our edits are correct to help us avoid mistakes in the file so first let's remove Trinity from the wheel group to make sure she can't use Pudu anymore and instead Define a different Pudu policy for her later we can remove her with this command and then to start editing the Etsy sudoers file we use sudu Vu and this opens in the Vim editor the file is Thoroughly commented but we're not interested in the first few parts so let's navigate to the end and we'll notice this line now we see why any user added to the wheel group can run any command with Pudu so let's break down this line into four different parts and analyze what they do the first is the user or group here we Define who this policy is for the second is the host here we could specify that these rules only apply if our server's host name or IP address has a specific value not useful for our purposes so we'll just type all for this host field the third is the run as field here we could type a list of usernames normally sudu uh LS would run the ls command as root because that's what sudu does it runs the command after it as a different user but sudu can also also be used so that Aaron can run commands as Jane or vice versa we'll see more about this later so if we list Aaron comma Jane in this run as field then sudu can only be used to run commands as the user Aaron or Jane but not root and finally the fourth field is the list of commands that can be executed with Pudu so we could say the Syntax for policy defined in the sudo file looks like this now let's go through some examples to define a policy for our Trinity user and let her run any sudu command we would need to add a line that looks like this to specify a policy for all users in the developers group we would add a line like this we mentioned sudu lets us run commands as root but also as non-root regular users so for example to run the ls home Trinity command as the user called Trinity we could write this as a command after the dasu we specify the username we want to run as so if this third field is all then this policy allows someone to run sudu commands as any user but if we'd want to have Trinity to only be able to run sudu commands as the users Aaron or John we could write a line like this also uh note that this is wrapped in parenthesis which hints to us that the field is optional so a line like this is also valid and we mentioned that in the fourth field we can specify a list of commands with our previous entries the user or group granted Pudu privileges could execute any command but we could limit them like this now Trinity could only run commands such as sudu LS or sudu stat bin only LS and Stat commands would work if trity tries a command like this she would get an error and since we specify the Third Field as optional this line could also be written to look like this we know that the first time we run a Pudu command in a session it asks for our current user's password and our Pudu file we see a hint above how we could get rid of this requirement so we could use the example in the comments which looks like this and figure out how to apply this for our user Trinity if we want her to be able to run pseudo commands without providing her password we could write this line in the sudoers file so head over to the labs using the links given below and come back here once you are done now let's examine how to manage access to the root account in Linux we already saw one method to temporarily become root whenever needed when we run a command such as this using Pudu it's basically the same as if the root user would have executed that command but what if we want to log in as root for a user with pseudo access we can enter this command or its equivalent short form command and that's it we're logged in as root to exit from root session we'll type log out if the user does not have Pudu privileges but knows Roots password they can use su- or s-l or the long form with-- login all of these commands do the same thing they log you in as root some systems might have the root account locked this does not mean that we can't use the root user it just means that we can't do a regular login with a password when root is locked we can still use sudu login to login as root but we can't use su- as that would ask us for roots password which is currently locked if we want to allow people to log in as root with a password we have two options if root and never had a password set we could just choose a new password for it or if root had a password set in the past but then the account was locked for some reason we can unlock it using either long or short form of the password unlock command and after using one of those steps then we can use su- and type the password for root to log in of course we could find ourselves in the reverse scenario imagine this currently people can log in as root we f figure that this is a bit insecure and so we can lock password based logins to the root account with the lock function of the password command either the long or the short version would do the same thing so other logins might still be possible if they were previously set up for example if an administrator has set up logins via an SSH private key they'll still be able to log in even if the root account is locked make sure to only lock root if your user can use sudu commands with no root login and no sudu you'll find yourself in the situation of not being able to become root at all but effectively locking yourself out not able to change important system settings anymore so here we are at the end of this Linux crash course I hope you enjoyed the material and gained experience to the labs we've covered the basics of Linux but there's a lot more there's more to learn about networking service configur configuration storage management troubleshooting monitoring Process Management and so much more like virtualization for example all of these are covered in the Linux learning path so this covers three certification courses the Linux Foundation certified systems administrator the lpic-1 series and the red hat certified systems administrator course don't forget to subscribe to our Channel as we release new videos about Cloud native and kubernetes all of the time until next time goodbye\n"