A quick introduction to Linux for Windows administrators

This content is 18 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Linux penguin I’ve written previously about my various attempts to cross-train in Windows and Unix. Recently, I began running Sun Solaris 10 x86 on one of my machines, more recently I’ve installed SUSE Linux 10.0 and this week, I’m attending a training course to learn about Red Hat Enterprise Linux.

What follows might be useful for anyone thinking of making the switch (or just picking up some new skills). I should stress that I’m a Unix/Linux newbie (unless you count some Unix systems programming back at uni’ in the early 90s) so these notes are probably incomplete and I might come back and edit them later. I don’t intend this to be a guide for integrating Linux and Windows either – more of a quick conversion for Windows administrators starting to work with Linux. Also, whilst these notes are based on Red Hat Enterprise Linux 4, they should hold true for most recent Linux distributions (I’ve tested them on SUSE Linux 10.0) and they shouldn’t be too alien for other Unix variants (although the commands may be a little different).

Whatever the Linux distribution, the kernel is controlled by kernel.org. This is the part of the operating system based on the original work by Linus Torvalds. The differences between Linux variants come at the next level with the various utilities added as part of individual distributions, including the graphical environments (e.g. GNOME and KDE).

Some vendors (e.g. Red Hat and Novell) have split their products into a free-to-download version with frequent upgrades and rapid adoption of new technology (e.g. Fedora, SUSE) and a more stable version with predictable release cycles and a subscription-based licensing model including support (e.g. Red Hat Enterprise Linux, SUSE Enterprise Linux), aimed at corporates who need to maintain standards. Some distributions also include utilities for keeping the system up-to-date (although these may also require an appropriate entitlement).

Installation of a Linux system is generally straightforward. The major distributions make life easy with bootable CDs and DVDs and comprehensive setup/installation routines (e.g. YaST). Having said that, if problems are encountered, they are not always easy to resolve (it took me considerable time to resolve a recent issue with installing SUSE 10.0 on an IBM ThinkPad).

Once installed, Linux can be used in either command line interface (CLI) or graphical user interface (GUI) mode. Unlike modern Windows operating systems, the Linux GUI is separate from the operating system itself and it is possible to run several CLI and GUI sessions (called virtual consoles) simultaneously. By default Ctrl-Alt-F1 to Ctrl-Alt-F6 are CLI user virtual consoles, whilst Ctrl-Alt-F7 will run a GUI interface. Multiple GUI sessions can be started using the startx command.

The Linux root user is analogous to the Windows administrator but (largely because Linux expects users logged in as root to know what they are doing) Linux doesn’t tend to issue “are you sure?” prompts and so it is far easier to perform something destructive by mistake when logged in as root. Although it’s also good practice to run as an unprivileged user in Windows, this should definitely be the norm in Windows. Many GUI applications (and some CLI ones) allow for escalation of privileges (in a similar manner to the user access protection feature in Windows Vista).

As for Windows (with command, cmd, wsh and soon msh), Linux has a variety of shells/command interpreters available for use. Linux distributions use the Bourne-again shell (bash) by default but may also ship with other shells including the original Bourne shell (sh), C shell (csh) and Korn shell (ksh).

Linux uses the X Window system for GUI operation; however X Window doesn’t dictate the look and feel – it is simply an application that provides the ability to draw on the screen. X Window is a client/server application, with the X server handling the monitor, keyboard and mouse and various X clients interacting with the X server. Examples of these X clients include the display manager (handling logins), the window manager that controls the look and feel (e.g. Metacity, KWin), the desktop environment (e.g. GNOME, KDE) and a variety of other x client applications (file browsers, web browsers, terminals, etc.). The two main X Window systems are XOrg and XFree86.

Linux has a system of runlevels, similar to the Windows concepts of recovery console, the various safe modes, and normal operation. For Linux, the runlevels are:

0 – shut down.
1 – systems maintenance (single user mode).
2 – multi-user (no file sharing).
3 – multi-user with file sharing (effectively a running system without a GUI).
4 – not implemented.
5 – (default) fully running.
6 – reboot.

The init runlevel command is used to switch between runlevels but beware that some Unix versions will use different runlevels (e.g. init 5 will power off a Solaris system).

Whereas Windows systems store configuration information in a plethora of locations (registry, file system, Active Directory, etc.), Linux generally uses a series of text files; however, just like in Windows, these may be spread all over the file system. This is probably the most confusing element for an administrator converting from Windows and the following is a list of likely locations from the file system hierarchy in which to find information:

Home directories (/root, /home/username).
Binaries (essential in /bin, non-essential in /usr/bin, third-party in /usr/local/bin).
System binaries (essential in /sbin, non-essential in /usr/sbin, third-party in /usr/local/sbin).
Foreign file system mountpoints (/media, /mnt).
System configuration (/etc).
Temporary files (/tmp).
Kernel and bootloader (/boot).
Server data such as logs and spool files (/var, /srv).
System information (/proc, /sys).
Libraries (essential in /lib, non-essential in /usr/lib, third-party in /usr/local/lib).

Everything in Linux is represented as a file – even hardware (files within the /dev and /proc directories – note that files in /proc are memory-based, rather than disk-based). Hard disks use a naming convention with hd representing an IDE hard disk and sd representing a SCSI hard disk. This is followed with a letter to distinguish the first disk as a, second disk as b, etc. Finally, partition numbers are indicated with a numeric suffix, so /dev/hda1 is the first partition on the first IDE disk. The partition table can be listed with fdisk -l.

Although Linux does support directory services and other authentication mechanisms using pluggable authentication modules (PAMs), some local users and groups will inevitably be required. Users may be created using the useradd command and groups with groupadd. Each Linux user has a numeric user identifier (UID) – root is always 0. Users are associated with one or more groups (a primary group and optional secondary groups), each of which is identified by its group identifier – the GID. User information, including name, UID, default GID, home directory and shell, is stored in the /etc/passwd file. Group information is stored in /etc/group. Even though the passwd command is used to change a password, passwords are not actually stored in /etc/passwd – instead they are stored as a password hash in /etc/shadow, along with details of when the password was last changed and the account expiration policy. System-wide account expiration policies can be defined in /etc/login.defs.

Unlike in Windows, Linux filenames are case sensitive. Linux, in common with other Unix variants, uses a discretionary access control permissions model with the concept of owner, group and others, controlled using the chmod command. Each of these can be marked with read, write or execute flags, as well as special flags (set user ID, set group ID and sticky) and another flag which indicates if a file is a directory.

For regular files, read means examine the file contents, write means modify the file contents and execute means run the file as a command. For directories, read means list directory contents, write means add or remove files and execute means change directory into the directory and view its properties.

When talking about file permissions, they are often expressed as a 3 (or sometimes 4) digit number. If these numbers make no sense, think of each set of permissions (special, owner, group and others) in binary:

Linux file permissions

4+2=6, so 0666 (usually written as 666) is -rw-rw-rw-. Similarly 4+2+1=7 so 0777 (777) is -rwxrwxrwx. More commonly, 0644 is -rw-r–r–.

Standard Linux file permissions are 0666 (-rw-rw-rw-) for files and 0777 (drwxrwxrwx) for directories although these are masked with a umask such as 0022 to remove the unnecessarily high permissions for group and others (0022 would make 0666 become 0644 and 0777 become 0755).

In common with other systems that use Kerberos authentication (including domain-joined Windows PCs), time synchronisation is critical to Linux systems. It’s not so important that the correct time is used, so much as that all the systems agree on a common time, but in any case the date can be set using the date command and Linux systems also have support for the network time protocol (NTP).

Linux uses TCP/IP as its networking protocol suite. Network devices are named by type and a numeric instance number. Ethernet is eth (eth0, eth1, etc.), token-ring is tr, fibre channel is fddi, dial-up and ADSL are ppp and localhost or loopback (127.0.0.1) is lo. In some circumstances, more than one connection may run using the same piece of hardware, for example Ethernet (eth0) is used for an ADSL connection, but ppp0 will be the connection tunnelled through the Ethernet link. Virtual network devices can also be created, e.g. eth0:1. It’s worth noting that changes to interface configurations will not become effective until an interface is deactivated and activated again. This can be performed from the command line using ifdown interfacename and ifup interfacename.

Linux printing is usually achieved using the common Unix printing system (CUPS); however, just as in Windows there is support for local and networked printers, with a variety of drivers, Printing is one area which is often easiest to configure using the GUI.

Recent versions of Linux include a kernel feature known as secure Linux (SELinux), which replaces the traditional discretionary access control model described earlier, with policy-based mandatory access controls which enforce security within a defined context. As SELinux is relatively new feature, many applications and services are not aware of it and whilst disabling SELinux is discouraged, it can be set not to enforce policy (although violations will still be logged to /var/log/messages). Another security feature that should not be alien in principle to Windows administrators is the built-in packet filtering firewall, administered using the iptables command.

So that’s it – a quick introduction to Linux for Windows administrators. To find out more, I recommend installing one of the free distributions and giving it a go for yourself. For help, try one of the following: