Unix / Linux Essentials

Unix-fluency shows up in three interview moments: a system-design discussion that drops into how you'd debug a hot host, an SRE / platform round that grills tooling, and the take-home where the reviewer judges your shell hygiene. The shell is also where 90% of incident response happens. Knowing the right command in the right shape is faster than reaching for any GUI, every time.

/

Root of the filesystem. Everything else hangs off this.

/bin, /sbin

Essential user / system binaries available in single-user mode. Modern distros symlink these to /usr/bin and /usr/sbin.

/usr/bin, /usr/sbin

Non-essential user / admin binaries installed by the distro.

/usr/local

Locally-installed software (not managed by the distro package manager). /usr/local/bin is conventional for hand-installed tools.

/etc

System-wide configuration. Read on boot or by daemons. /etc/hosts, /etc/passwd, /etc/ssh/sshd_config.

/var

Variable data: logs (/var/log), spool (/var/spool), caches (/var/cache), state (/var/lib).

/tmp

Temporary files. World-writable + sticky bit. Often cleared on reboot. Don't rely on persistence.

/home

User home directories. /home/alice. Typically the only writable location for non-root users.

/proc

Pseudo-filesystem exposing kernel + process state. /proc/cpuinfo, /proc/meminfo, /proc/<pid>/status.

/sys

Pseudo-filesystem for kernel-exposed device + driver state. Used by udev, lsblk.

/dev

Device nodes. /dev/null, /dev/zero, /dev/random, /dev/sda, /dev/tty.

/opt

Self-contained third-party software (typically vendor-installed): /opt/<vendor>/<product>.

SIGHUP (1)

Hangup. Conventionally used to tell daemons to reload config without restarting (nginx, syslog).

SIGINT (2)

Interrupt. What Ctrl+C sends. Apps can catch + clean up.

SIGQUIT (3)

Quit + core dump. Ctrl+\ in terminal.

SIGKILL (9)

Hard kill. Cannot be caught, blocked, or ignored. No cleanup. Use only when SIGTERM was ignored.

SIGTERM (15)

Polite shutdown. Default of kill. Apps catch this to flush, drain, then exit.

SIGSTOP / SIGTSTP / SIGCONT (19/20/18)

Stop / continue. Ctrl+Z sends TSTP; bg / fg sends CONT. SIGSTOP is uncatchable.

SIGUSR1 / SIGUSR2 (10/12)

Application-defined. Many daemons use these for log-rotate signals or runtime toggles.

SIGPIPE (13)

Write to a pipe with no reader. Default kills the process - the source of "why does my pipeline die when I head -1 it."

Octal modes

r=4, w=2, x=1. 755 = rwxr-xr-x (owner full, others read+exec). 644 = rw-r--r-- (owner write, others read). 600 = rw------- (owner only). 700 = rwx------ (private bin / dir).

chmod

chmod 644 file, chmod -R u+rwX,go=rX dir/. Symbolic: u (user), g (group), o (other), a (all). +/-/= (add/remove/set). X = exec only on dirs / already-exec files.

chown / chgrp

chown alice:devs file. chown -R alice:devs dir/. Requires root for cross-user changes.

umask

Default mask subtracted from 0777 (dirs) / 0666 (files) on creation. 022 -> dirs 755, files 644. 077 -> dirs 700, files 600 (paranoid).

Special bits

Setuid (4000) - run as file owner (e.g. /usr/bin/passwd). Setgid (2000) - run as group, or on dirs make new files inherit the dir's group. Sticky (1000) - on world-writable dirs, only the owner can delete their files (/tmp).

sudo

Run a command as another user (default: root). sudo -u alice cmd. sudo -i (interactive root shell). Configured in /etc/sudoers (edit with visudo).

• ·#!/usr/bin/env bash - first line. Use env so the script honors PATH.
• ·set -euo pipefail - fail fast: -e exit on error, -u error on unset var, -o pipefail propagates errors through pipes. Add this to every non-trivial script.
• ·Variables: name=value (no spaces). Use "$name" with quotes to handle whitespace. Arrays: arr=(a b c); echo "${arr[@]}".
• ·Conditionals: if [[ -f "$file" ]]; then ...; fi. Prefer [[ ... ]] over [ ... ] in bash. Common tests: -f (file), -d (dir), -z (empty), -n (non-empty), -eq -ne -lt -gt (numeric).
• ·Loops: for x in *.txt; do ...; done. while read -r line; do ...; done < file.
• ·Command substitution: result=$(cmd). Don't use backticks (deprecated).
• ·Functions: foo() { local x=$1; echo "hi $x"; }. Always declare local for function-scoped vars.
• ·Trap cleanup: trap 'rm -f "$tmp"' EXIT - guarantees the temp file is cleaned up on any exit (success, error, signal).
• ·Process substitution: diff <(cmd1) <(cmd2). Pass command output where a filename is expected.
• ·Default values: ${var:-default} (use default if unset/empty). ${var:?error message} (fail if unset).
• ·Heredoc: cat <<EOF ... EOF. Use <<'EOF' (quoted) to disable variable expansion.
• ·$? - exit status of last command. 0 = success, non-zero = failure. $! - PID of last background command. $# - argument count. $@ - all args (use "$@" with quotes).

• ·Modes: NORMAL (default, navigation/commands), INSERT (typing text), VISUAL (selection), COMMAND-LINE (typed after :).
• ·Esc - back to NORMAL from any mode. (Press it twice if unsure.)
• ·i - insert before cursor. a - append after cursor. o - new line below + insert. O - new line above + insert.
• ·h j k l - left, down, up, right. (Use arrow keys if you don't have the muscle memory yet.)
• ·w / b - jump forward / back by word. 0 / $ - start / end of line. gg / G - top / bottom of file. <N>G - jump to line N.
• ·x - delete character. dd - delete line. dw - delete word. d$ - delete to end of line. D - same as d$.
• ·yy - yank (copy) line. yw - yank word. p - paste after cursor. P - paste before.
• ·u - undo. Ctrl+R - redo. . (period) - repeat last change.
• ·/pattern - search forward. ?pattern - search backward. n / N - next / previous match.
• ·:%s/old/new/g - replace all in file. :%s/old/new/gc - confirm each. :s/old/new/g - replace on current line.
• ·:w - save. :q - quit. :wq - save + quit. :q! - quit without saving (escape hatch when stuck).
• ·:set number - line numbers. :set paste / :set nopaste - toggle paste mode (use before pasting from terminal to prevent auto-indent disasters).
• ·v - VISUAL mode (char). V - VISUAL line mode. Then d (cut), y (copy), > / < (indent / dedent).
• ·:e <file> - open another file. :bn / :bp - next / previous buffer. :bd - close buffer.
• ·ZZ - save + quit (uppercase, no colon). ZQ - quit without saving. Faster than typing :wq.