Sign In
Sign In

Basic Linux Commands

Basic Linux Commands
Hostman Team
Technical writer
Linux
12.07.2024
Reading time: 9 min

Linux is an open-source operating system commonly used in server solutions that require high reliability, fault tolerance, and customization flexibility. To interact with a Linux-based OS, you execute commands in a console terminal, especially when managing remote hosts such as cloud servers.

This guide will cover the most basic terminal commands necessary for working with most known Linux distributions:

  • Debian

  • Ubuntu

  • Alt Linux

  • Kali Linux

This guide uses Ubuntu 22.04, installed on a Hostman cloud server.

Basic Linux commands vary in their purposes but  are most commonly needed for the following tasks:

  • Managing files and directories: creating, deleting, moving, copying, and changing permissions of files and directories.

  • System administration: managing processes, installing, and removing programs.

  • Managing network: managing network connections, checking network status, and configuring network interfaces.

Command Input and Output Streams

Before diving into the commands, it is important to understand a few basic principles of how Linux handles data.

Every process (program) in Linux has three standard data streams:

  • stdin (number 0): input stream.

  • stdout (number 1): output stream.

  • stderr (number 2): error stream.

The most basic are stdin and stdout.

Using standard data streams, Linux allows you to build data processing pipelines. In other words, instead of displaying the application's (launched by a command) result in the console, you can pass the data as input to another application, and so on.

For example, a trivial pipeline might look like this:

ls .. | grep 32

Output:

lib32
libx32

First, we execute the ls command, which displays a list of all system files and folders, and then pass its output to the grep command, which searches for directories whose names contain 32.

Environment, Directories, and File Management

This section covers the basic commands in Linux for navigating directories and managing files.

Current Directory Address (pwd)

To see which directory you are currently in, use:

pwd

For example, if you are in the /root directory, the console will display:

/root

Changing to a Specific Directory (cd)

Instead of specifying absolute paths when executing commands, it may be convenient to manually navigate between directories:

cd /usr

In this example, we have navigated to the system directory /usr. You can verify this by explicitly requesting the current directory:

pwd

Output:

/usr

To return to the root directory, execute the cd command without specifying a path:

cd

Let's navigate to another system directory:

cd /sys/devices

To go up one level, use two dots (..):

cd ..

Now we are in the /sys directory.

Listing Files and Directories in the Current Directory (ls)

To explore the contents of the file system, you can request a list of files and directories in the current directory by using the ls command in Linux.

ls

Output:

bin  games  include  lib  lib32  lib64  libexec  libx32  local  sbin  share  src

To see hidden files and directories, add the -A flag:

ls -A

Output:

.ansible  ._history  .rc  .cache  .lesshst  .profile  resize.log  snap  .ssh

A similar command that provides a bit more information about the file system contents, adding pointers to the current and higher levels, is:

ls -a

Output:

.  ..  .ansible  ._history  .rc  .cache  .lesshst  .profile  resize.log  snap  .ssh

You can check the contents of a directory without navigating into it:

ls /var

The console output will contain a list of files and directories of the specified directory, not the user's current location:

backups  cache  crash  lib  local  lock  log  mail  opt  run  snap  spool  tmp

To request a list of all system files and directories, add a slash (/) or two dots (..):

ls /

Or:

ls ..

Creating a Directory (mkdir)

When creating a directory, specify its name:

mkdir mywork

Verify that the directory was created:

ls

Output will show the new directory among others:

mywork  resize.log  snap

Directories can be created recursively (one inside another) using the -p flag:

mkdir myjob/inner -p

Check for the nested directory:

ls ./myjob

Output:

inner

The -p flag also prevents an error when creating an existing directory. For example, try creating the directory again in the usual way:

mkdir mywork

The console will display an error:

mkdir: cannot create directory 'mywork': File exists

However, with the -p flag, there will be no error:

mkdir mywork -p

Creating a File (nano)

Creating a file and filling it with content is done through the console text editor nano:

sudo nano myfile

The console terminal will switch to text editing mode. After finishing work with the file, press Ctrl + S to save it and Ctrl + X to close it.

The content of the created file be as follows:

My text

Copying a File or Directory (cp)

The cp command in Linux is used for copying files and directories. Copying creates an exact copy of the file or directory to the specified address:

cp myfile myfile2

Check the file system:

ls

Output shows our new file:

myfile  myfile2  myjob  mywork  resize.log  snap

Check its content:

sudo nano myfile2

It is identical to the content of the original file:

My text

Copying directories requires specifying the recursive execution flag -r:

cp mywork mywork2 -r

Check the current directory:

ls

The directory was successfully copied:

myfile  myfile2  myjob  mywork  mywork2  resize.log  snap

Deleting a File or Directory (rm)

Let's delete the previously created file:

rm myfile2

To delete directories, specify the -r flag:

rm mywork2 -r

You can also use a special command to delete a directory:

rmdir mywork2

Moving a File or Directory (mv)

Moving a file is similar to copying it, but the original file is deleted:

mv myfile mywork

The file will be located in the specified directory.

Moving directories is no different from moving files:

mv myjob mywork

Quick File Content Viewing (cat)

Instead of using the nano editor, you can immediately display the content of a file in the console using the Linux cat command:

cat mywork/myfile

The console will display the following:

My text

System and Network Information

Basic commands to display system data.

System Clock (date)

You can request the system date and time through the console terminal:

date

Output:

Sun Jul 07 09:27:16 PM BST 2024

List of Active Users (w)

You can request a list of all users currently logged into the system:

w

The console output will be similar to this:

05:00:30 up 40 min,  1 user,  load average: 0.02, 0.01, 0.00
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/0    91.206.179.207   04:51    1.00s  0.09s  0.00s w

List of Active Processes (ps)

You can request a list of running processes:

ps

Output:

PID TTY          TIME CMD
11643 pts/1    00:00:00
11671 pts/1    00:00:00 ps

Connecting to a Remote Server via SSH (ssh)

ssh is a frequently used Linux command for managing remote hosts through an SSH connection:

ssh root@91.206.179.207

The command above follows this structure:

ssh USER@IP

Replace USER with the remote user's name and IP with the remote host's IP address. The console terminal will then ask for the root password:

root@91.206.179.207's password:

Downloading Files via URL (wget)

Often, some programs are manually downloaded from remote repositories as regular files:

wget https://github.com/nginx/nginx/archive/refs/tags/release-1.25.4.tar.gz

In this example, we download an archive with the Nginx web server from the official GitHub repository. After that, you can check the current directory's status with the ls command to see that the downloaded archive has appeared.

Extracting Archives (tar)

Next you will need to extract files from the downloaded archive:

tar -xvf release-1.25.4.tar.gz

The flags indicate how to perform the extraction:

  • -x means extracting compressed files from the archive;

  • -v means displaying detailed information about the extraction process in the console;

  • -f means that the passed parameters are archive file names.

After extraction, a new folder with the extracted archive's name will appear in the current directory.

After extraction, you can remove the archive.

rm release-1.25.4.tar.gz

Installing and Removing Packages

Commands for managing Linux packages.

Updating the Repository List

Linux distributions have a standard package manager, apt. It is used by default in Debian and Ubuntu distributions. Typically, before using it, update the list of available repositories:

sudo apt update

It also makes sense to update already installed packages in the system:

sudo apt upgrade

You can also view the list of already installed packages in the system:

sudo apt list --installed

The console will display something like this:

Powershell Hr Xj Iijh Lv

Installing a Package

Packages are installed as follows:

sudo apt install nginx

For example, this way we installed the Nginx web server. Very often, during installation, the package manager asks additional questions, which can be answered with yes or no using the console inputs y and n. To have APT automatically answer yes to all questions during installation, add the -y flag:

sudo apt install nginx -y

Removing a Package

To remove a Linux package:

sudo apt remove nginx

Console Management

Commands for managing the console terminal.

Command History (history)

You can view the history of commands entered in the console terminal:

history

Clearing the Console Terminal (clear)

You can periodically clear the commands entered in the terminal:

clear

This will return the command line to its initial (clean) state.

Command Help (man)

You can always get help on any Linux command:

man ls

The console will display information about the command's structure, its possible flags, and parameters.

You can also obtain a shorter and less extensive version of the manual for as follows:

help

Conclusion

In this guide, we discussed the most frequently used commands in Linux. You can use it as a Linux commands cheat sheet, as these are the most basic commands that any user needs to know when working with Linux.

The official Linux kernel project website provides a complete list of commands and official documentation (including command guides, installation, and configuration guides).

Linux
12.07.2024
Reading time: 9 min

Similar

Linux

How to Set Up Backup with Bacula

Bacula is a cross-platform client-server open source backup software that enables you to back up files, directories, databases, mail server data (Postfix, Exim, Sendmail, Dovecot), system images, and entire operating systems. In this guide, we’ll walk you through the process of installing and configuring Bacula on Linux, as well as creating backups and restoring user data. To get started with Bacula, you’ll need a server or virtual machine running any Linux distribution. In this tutorial, we’ll be using a cloud server from Hostman with Debian 12. Bacula Architecture Bacula’s architecture consists of the following components: Director (Bacula Director) The core component responsible for managing all backup, restore, and verification operations. The Director schedules jobs, sends commands to other components, and writes information to the database. Storage Daemon (Bacula Storage) Handles communication with storage devices such as disks, cloud storage, etc. The Storage Daemon receives data from the File Daemon and writes it to the configured storage medium. File Daemon (Bacula File) The agent installed on client machines to perform the actual backup operations. Catalog A database (MySQL, PostgreSQL, or SQLite) used by Bacula to store information about completed jobs, such as backup metadata, file lists, and restore history. Console (Bacula Console, bconsole) A command-line utility for interacting with Bacula. The Console allows administrators to control the Director via a CLI. GUI tools such as Bacula Web and Baculum are also available. Monitor (Optional) A component for monitoring the Bacula system status. It tracks job statuses, daemon states, and storage device conditions. Creating Test Data for Backup Let’s create some test files to use in our backup. Create a test directory and navigate into it: mkdir /root/test_backups && cd /root/test_backups Now create six sequential files: touch file{1..6}.txt Also, create a directory in advance for storing restored files: mkdir /root/restored-files Installing Bacula In this tutorial, we will install all Bacula components on a single server. However, Bacula also supports a distributed setup where components such as the Director, Storage Daemon, Client, and database can be installed on separate servers. This decentralized setup is suitable for backing up multiple systems without overloading a single server. We'll be using Debian 12 and installing PostgreSQL (version 15) as the backend database. Update the package index and install Bacula (server and client components): apt update && apt -y install bacula-server bacula-client PostgreSQL 15 will also be installed during this process. During installation: When prompted with: “Configure database for bacula-director-pgsql with dbconfig-common?”, press ENTER. When asked to choose the database host, select localhost, since we are installing everything on one server. When prompted with: “PostgreSQL application password for bacula-director-pgsql”, set a password for the Bacula database.  Do not leave this field empty, or a random password will be generated. Re-enter the password when asked to confirm. The installation will then continue normally. After the installation is complete, verify the status of Bacula components and PostgreSQL. Check the status of the Bacula Director: systemctl status bacula-director Check the Storage Daemon: systemctl status bacula-sd Check the File Daemon: systemctl status bacula-fd Check PostgreSQL: systemctl status postgresql If all components display a status of active, then Bacula has been successfully installed and is running. Bacula Configuration Bacula is configured by editing the configuration files of the program components. By default, all Bacula configuration files are located in the /etc/bacula directory. Next, we will configure each Bacula component individually. Configuring Bacula Director Using any text editor, open the bacula-dir.conf configuration file for editing: nano /etc/bacula/bacula-dir.conf Let’s start with the Director block, which sets the main configuration parameters for the Director component: Director { Name = 4142939-bi08079-dir DIRport = 9101 QueryFile = "/etc/bacula/scripts/query.sql" WorkingDirectory = "/var/lib/bacula" PidDirectory = "/run/bacula" Maximum Concurrent Jobs = 20 Password = "ohzb29XNWSFISd6qN6fG2urERzxOl9w68" Messages = Daemon DirAddress = 127.0.0.1 } Explanation of parameters: Name: The name of the Director component. This is a unique identifier used to connect with other components like the File Daemon and Storage Daemon. By default, it includes the server's hostname and the -dir suffix. Example: 4142939-bi08079-dir. DIRport: The port that Bacula Director listens to for incoming connections from the management console (bconsole). Default is 9101. QueryFile: Path to the SQL script file used to run queries on the database. It contains predefined SQL queries for job management, verification, data restoration, etc. Default: /etc/bacula/scripts/query.sql. WorkingDirectory: The working directory where Bacula Director temporarily saves files during job execution. PidDirectory: The directory where the Director saves its PID file (process identifier). This is used to track if the process is running. Maximum Concurrent Jobs: The maximum number of jobs that can run simultaneously. The default is 20. Password: Password used for authenticating the management console (bconsole) with the Director. Must match the one specified in the console’s configuration. Messages: Specifies the name of the message resource that determines how messages (errors, warnings, events) are handled. Common values: Daemon, Standard, Custom. DirAddress: The IP address the Director listens on. This can be 127.0.0.1 for local connections or an external IP. Catalog Configuration By default, Bacula comes with its own PostgreSQL instance on the same host, and in that case, database connection settings don’t need changes. But if you're deploying the database separately (recommended for production), the address, username, and password must be specified in the Catalog block: Catalog { Name = MyCatalog dbname = "bacula"; DB Address = "localhost"; dbuser = "bacula"; dbpassword = "StrongPassword4747563" } Explanation of parameters: dbname: The name of the database used by Bacula (default is bacula). The database must already exist (when deployed separately). DB Address: Host address where the DBMS is deployed. Use IP or a domain name. For local setup: localhost or 127.0.0.1. dbuser: The user Bacula will use to connect to the database. dbpassword: Password for the specified database user. Must be preconfigured. Restore Job Configuration Locate the Job block named RestoreFiles, responsible for file restoration. Set the Where parameter to specify the directory where restored files will be saved. Earlier, we created /root/restored-files, which we’ll use here: Job { Name = "RestoreFiles" Type = Restore Client=4244027-bi08079-fd Storage = File1 # The FileSet and Pool directives are not used by Restore Jobs # but must not be removed FileSet="Full Set" Pool = File Messages = Standard Where = /root/restored-files } Backup Schedule Configuration Next, we set up the Schedule block that defines when backups are created. We create: A full backup every Monday at 00:01. A differential backup every Sunday (2nd to 5th week) at 23:05. An incremental backup daily at 23:00: Schedule { Name = "WeeklyCycle" Run = Full 1st mon at 00:01 Run = Differential 2nd-5th sun at 23:05 Run = Incremental mon-sun at 23:00 } FileSet Configuration Now, we specify which files and directories will be backed up. This is defined in the FileSet block. Earlier we created /root/test_backups with six files. We’ll specify that path: FileSet { Name = "Full Set" Include { Options { signature = MD5 } File = /root/test_backups } } Explanation of parameters: Name: The name of the FileSet block, used for identification in configuration. Options: Settings that apply to all files listed under Include. signature = MD5: Specifies the checksum algorithm used to verify file integrity. MD5 generates a 128-bit hash to track file changes. Exclude Configuration (Optional) The Exclude block is used to specify files or directories that should not be backed up. This block is placed inside the FileSet definition and acts on files included via Include. Exclude { File = /var/lib/bacula ... } Pool Configuration The Pool block defines a group of volumes (storage units) used for backup. Pools help manage how data is stored, rotated, and deleted. Pool { Name = Default Pool Type = Backup Recycle = yes AutoPrune = yes Volume Retention = 7 days Maximum Volume Bytes = 10G Maximum Volumes = 2 } Explanation of parameters: Name: The pool's name, here it's Default. Pool Type: Defines the pool's function: Backup: Regular backups. Archive: Long-term storage. Cloning: Data duplication. Recycle: Indicates whether volumes can be reused once they're no longer needed (yes or no). AutoPrune: Enables automatic cleanup of expired volumes. Volume Retention: How long (in days) to retain data on a volume. After 7 days, the volume becomes eligible for reuse. Maximum Volume Bytes: The max size for a volume. If it exceeds 10 GB, a new volume is created (if allowed). Maximum Volumes: Limits the number of volumes in the pool. Here, it's 2. Older volumes are recycled when the limit is hit (if Recycle = yes). Validating Configuration and Restarting Bacula After making all changes, check the bacula-dir.conf file for syntax errors: /usr/sbin/bacula-dir -t -c /etc/bacula/bacula-dir.conf If the command output is empty, there are no syntax errors. If there are errors, the output will specify the line number and error description. Restart the Bacula Director service: systemctl restart bacula-director Configuring Bacula Storage The next step is configuring Bacula Storage, where the backup files will be stored. Using any text editor, open the configuration file bacula-sd.conf for editing: nano /etc/bacula/bacula-sd.conf We'll start with the Storage block, which defines the storage daemon responsible for physically saving backup files: Storage { Name = 4149195-bi08079-sd SDPort = 9103 WorkingDirectory = "/var/lib/bacula" Pid Directory = "/run/bacula" Plugin Directory = "/usr/lib/bacula" Maximum Concurrent Jobs = 20 SDAddress = 127.0.0.1 } Here’s what each parameter means: Name: Name of the storage daemon instance, used to identify it uniquely. SDPort: Port number the Storage Daemon listens on. The default is 9103. WorkingDirectory: Working directory for temporary files. Default: /var/lib/bacula. Pid Directory: Directory to store the PID file (process ID) for the storage daemon. Default: /run/bacula. Plugin Directory: Path where Bacula’s plugins for the storage daemon are located. These plugins can provide extra features such as encryption or cloud integration. Maximum Concurrent Jobs: Maximum number of jobs the storage daemon can handle simultaneously. SDAddress: IP address the Storage Daemon is available at. This can be an IP or a domain name. Since in our case the Storage Daemon runs on the same server as the Director, we use localhost. The next block to configure is Device, which defines the storage device where backups will be written. The device can be physical (e.g., a tape drive) or logical (e.g., a directory on disk). For testing, one Device block will suffice. By default, bacula-sd.conf may contain more than one Device block, including a Virtual Autochanger — a mechanism that emulates a physical autochanger (used for managing tapes or other media). It lets you manage multiple virtual volumes (typically as disk files) just like real tapes in a tape library. Locate the Autochanger block and remove the FileChgr1-Dev2 value from the Device parameter: Autochanger { Name = FileChgr1 Device = FileChgr1-Dev1 Changer Command = "" Changer Device = /dev/null } Next, in the Device block below, specify the full path to the directory we previously created for storing backup files (/srv/backup) in the Archive Device parameter: Device { Name = FileChgr1-Dev1 Media Type = File1 Archive Device = /srv/backup LabelMedia = yes; Random Access = Yes; AutomaticMount = yes; RemovableMedia = no; AlwaysOpen = no; Maximum Concurrent Jobs = 5 } Any blocks referencing FileChgr2 and FileChgr1-dev2 should be deleted: Explanation of the parameters: Autochanger Block: Name: Identifier for the autochanger (you can have multiple). Device: Name of the device linked to this autochanger—must match the Device block name. Changer Command: Script or command used to manage the changer. An empty value ("") means none is used—suitable for virtual changers or simple setups. Changer Device: Refers to the device tied to the autochanger, typically for physical devices. Device Block: Name: Identifier for the device. Media Type: Media type associated with the device. Must match the Pool block media type. Archive Device: Full path to the device or directory for storing backups; /srv/backup in this case. LabelMedia: Whether Bacula should auto-label new media. Random Access: Whether random access is supported. AutomaticMount: Whether to auto-mount the device when used. RemovableMedia: Specifies if the media is removable. AlwaysOpen: Whether the device should always stay open. Maximum Concurrent Jobs: Maximum number of simultaneous jobs using this device. Since we previously specified the directory for backup storage, create it: mkdir -p /srv/backup Set the ownership to the bacula user: chown bacula:bacula /srv/backup Next, check the config file for syntax errors: /usr/sbin/bacula-sd -t -c /etc/bacula/bacula-sd.conf If there are no syntax errors, the output will be empty. Otherwise, it will indicate the line number and description of any error. Restart the storage daemon: systemctl restart bacula-sd Creating a Backup Backups in Bacula are created using the bconsole command-line tool. Launch the utility: bconsole If it connects to the Director component successfully, it will display 1000 OK. Before running a backup, you can check the status of all components by entering the command: status This will display a list of the five Bacula system components. To check them all, enter 6. To initiate a backup, enter the command: run From the list, choose the BackupClient1 option (your client name might differ based on previous config), by typing 1. After selecting the option, you’ll see detailed info about the backup operation. You’ll then be prompted with three choices: yes — start the backup process; mod — modify parameters before starting; no — cancel the backup. If you enter mod, you’ll be able to edit up to 9 parameters. To proceed with the backup, type yes. To view all backup and restore jobs and their statuses: list jobs In our case, a backup with Job ID 1 was created: list jobid=1 If the status is T, the backup was successful. Possible statuses in the "Terminated Jobs" column: T (Success) — Job completed successfully. E (Error) — Job ended with an error. A (Canceled) — Job was canceled by the user. F (Fatal) — Job ended due to a critical error. R (Running) → Terminated — Job completed (may be successful or not). You can also monitor backup activity and errors via the log file: cat /var/log/bacula/bacula.log Once the backup finishes, the file will be saved in the specified directory. file Vol-0001 Restoring Files from Backup Earlier, we backed up the /root/test_backups directory, which contained six .txt files. Suppose these files were lost or deleted. Let’s restore them: Launch the Bacula console: bconsole Start the restore process: restore You’ll see 12 available restore options. We’ll use option 3. Type 3. Earlier we used Job ID 1 for our backup. Enter 1.  You’ll enter a file selection mode. Since our files were in the root/test_backups directory, navigate there. All previously saved files should be visible. To restore the whole directory, go up one level: cd .. Then mark the whole test_backups folder: mark test_backups/ Finish selection: done The system will display a final summary showing which data will be restored and the target directory (in our case: /root/restored-files). To start the restore, enter yes. Finally, verify that the files have been successfully restored. Conclusion We’ve now reviewed the installation and configuration of Bacula, a client-server backup solution. Bacula isn’t limited to backing up regular files—thanks to its plugin support, it can also handle backups of virtual machines, OS images, and more.
18 July 2025 · 14 min to read
Linux

Installing Arch Linux in a Cloud Environment

Arch Linux is a lightweight and flexible Linux distribution that provides users with extensive opportunities for customizing and optimizing their systems. It includes a minimal amount of preinstalled software and offers a console-based interface. In most cases, it is used by experienced users: professional developers, system administrators, or hackers. This is due to the complexity of its installation and subsequent configuration, which involves adding the required packages and components to the system. However, these difficulties are justified, because in the end the user gets exactly the system and services they need. In this article, we will explain how to install Arch Linux on your cloud server and perform its basic configuration. Advantages of Arch Linux It is worth noting that Arch Linux is ideally suited as an OS for a cloud server due to its low resource requirements. This distribution also has several other advantages: System UpdatesArch Linux updates automatically when a new OS version is released. Software InstallationPackages can be downloaded both over the network and from a local disk. In addition, the installed software does not need to be specifically compatible with Arch Linux. Rich RepositoriesArch Linux offers a wide variety of packages. Today, there are over 12,000 packages in the official repositories alone. In the community repository, there are even more — over 83,000. Up-to-date DocumentationThe official Arch Linux documentation is actively updated to reflect the latest changes and innovations. This ensures accurate and relevant system information. Active CommunityThis distribution has an active user community ready to help and share their experience. There are many forums, wikis, and repositories where you can find detailed instructions and guides for installation, configuration, and troubleshooting. 1. Preparing for Installation To follow this guide and install Arch Linux, you will need: A cloud server with any operating system (in our case, Debian 11); A link to the Arch Linux image from an official source; An additional disk, which you can attach under the Plan tab in the control panel. Step 1. To install Arch Linux on the server, you must first upload its installation image from an official source in .iso format. For example: wget https://mirror.rackspace.com/archlinux/iso/2025.06.01/archlinux-2025.06.01-x86_64.iso Step 2. Next, add a new disk where the installation image will be stored. It will appear in the system as /dev/sdb. You can specify the minimum disk size. Step 3. Write the installation image to the new disk: dd if=archlinux-2025.06.01-x86_64.iso of=/dev/sdb The writing process will take some time. When finished, verify it with the following command: fdisk -l In the output, you will see that the installation image has been written to the new disk, creating two necessary partitions. Step 4. After writing the installation image, proceed to boot from it. To do this, go to the Access tab and boot the server from the recovery disk. Open the console in the control panel.  Step 5. In the console window, go to the Boot existing OS menu item and press Tab on your keyboard. This will allow you to edit the text at the bottom of the screen. Here, you need to manually replace hd0 with hd1, as shown in the figure below. After that, press Enter to launch the installation program. Step 6. In the system bootloader that appears, select the first option. 2. Partitioning the Disk Now we can partition the main disk (sda). In our case, there will be 3 partitions: a 300 MB UEFI partition (type EFI), a 700 MB swap partition (type Linux swap), and a main filesystem partition taking up all remaining space (type Linux). In your own installation, the number and size of partitions may differ depending on your requirements. Make sure there are no important files on the server’s disk, because it will be formatted later. You may also wish to back it up to preserve important data. Step 1. First, check whether there are any files on the disk you need to save: lsblk The screenshot below shows the list. For creating the described partitions, we will use a 25 GB disk — sda. It currently has Debian 11 installed, which does not contain important files. Step 2. To partition the disk, enter the following command: cfdisk /dev/sda Step 3. In the window that opens, you need to delete all existing partitions. To do this, select a partition and use the Delete button in the lower menu. Step 4. Next, select the New button in the lower menu to create a new partition. Step 5. Then specify the size of the partition to be created. In our case, this is 300 MB for UEFI. Step 6. In the next window, choose Primary. Step 7. The partition is now created, and you need to specify its type. Go to the Type menu and select EFI. Step 8. Now move to the Free space and create 2 more partitions, repeating steps 4 through 7. Partition details were listed at the beginning of this chapter. Step 9. Once all partitions have been created, go to the Write button and select it. To confirm, type yes in the field that appears. Step 10. Partitioning is now complete. To exit the tool, select the Quit button in the lower menu. Step 11. You can verify your work using the lsblk command again. Check in the output that all changes have been successfully applied. 3. Formatting and Mounting the Created Partitions At this stage, the created partitions will be formatted and mounted. Remember, all data will be erased in this process! Step 1. For the first partition, format it using the following command: mkfs.fat -F32 /dev/sda1 This command will create a FAT32 filesystem, which is the recommended format for the UEFI partition. Step 2. Next, assign it a mount point: mkdir /mnt/efi mount /dev/sda1 /mnt/efi Step 3. For the second partition, perform special formatting: mkswap /dev/sda2 Step 4. Then activate the swap partition: swapon /dev/sda2 Step 5. Finally, format the system’s root partition: mkfs.ext4 /dev/sda3 Step 6. After formatting, create its mount point: mount /dev/sda3 /mnt After completing the formatting and mounting, your partitions will be ready for installing and configuring Arch Linux and its main components. 4. Installing the Main Arch Linux Components Step 1. First, let’s install the OS and its core components: pacstrap /mnt base linux grub openssh nano dhcpcd Step 2. Once the installation finishes, you need to generate the fstab file: genfstab -U /mnt >> /mnt/etc/fstab Generating the fstab file makes partition mounting management easier and ensures automatic and consistent mounting at system startup. 5. System Configuration Step 1. To configure Arch Linux after installation, you need to chroot into the OS without rebooting: arch-chroot /mnt Step 2. First, install the nano text editor: pacman -S nano Step 3. Uncomment the encoding for English in the relevant file (you would edit locale.gen): nano /etc/locale.gen Uncomment the line for en_US.UTF-8. After this, save the changes and exit nano, then generate the locales: locale-gen To enable the English language, execute: echo "LANG=en_US.UTF-8" > /etc/locale.conf Step 4. At this step, set up the system clock. For example:  ln -sf /usr/share/zoneinfo/Europe/Nicosia /etc/localtime The region is set. Now synchronize the hardware clock: hwclock --systohc Step 5. Next, set the hostname for your system: echo "hostname" > /etc/hostname Step 6. As the second-to-last step, set the root password. Run: passwd You will be prompted to enter and confirm the password. Step 7. Lastly, set up the previously installed GRUB bootloader to boot the server: grub-install --target=i386-pc /dev/sda Then create the GRUB configuration file: grub-mkconfig -o /boot/grub/grub.cfg This command will automatically configure GRUB. Step 8. Arch Linux is now successfully installed. Exit the chroot: exit Then go to the Access tab in your control panel and switch the server to standard boot mode. After that, click Save and Reboot. You can remove the additional disk after this step. Step 9. The system will boot, but it is not ready for use yet. First, connect to the server and enable the DHCP client daemon: systemctl enable dhcpcd Then start it: systemctl start dhcpcd Make sure the service shows the status active (running). Step 10. Next, configure the SSH connection. First, create a backup of the sshd configuration: cp /etc/ssh/sshd_config /etc/ssh/backup.sshdconf Then set PermitRootLogin to Yes in the /etc/ssh/sshd_config file: nano /etc/ssh/sshd_config Finally, enable the SSH daemon: systemctl enable sshd And start it: systemctl start sshd When checking with systemctl status sshd, the service should show active (running) status. Don’t forget to add and configure SSH keys before connecting to the server. 6. Additional Configuration The installation is complete, but you can also perform additional system configuration by reviewing the official Arch Linux setup documentation. To install packages, use the command: pacman -S package_name To update the system, use: pacman -Suy Conclusion In this guide, we reviewed the process of installing Arch Linux on your cloud server and performed its basic configuration. We used a temporary Debian 11 OS and an additional disk for the installation image. By following these steps, you can create a powerful and flexible virtual environment for developing, testing, and running applications based on Arch Linux.
03 July 2025 · 8 min to read
Linux

How to Open a Port on Linux

Opening ports in Linux is an important task that allows certain services or applications to exchange data over the network. Ports act as communication gateways, allowing access to authorized services while blocking unauthorized connections. Managing ports is key to secure access, smooth app functionality, and reliable performance. Understanding Ports and Their Purpose Ports are the logical endpoints of network communication, where devices can send and receive information. HTTP uses port 80, HTTPS uses port 443, and SSH uses port 22. An open port means the service that listens for incoming network traffic is associated with it. A closed port, on the other hand, stops communication via that gateway. Maintaining availability and security requires proper management of Linux open ports. Check Existing Open Ports on Linux Before opening a port, check the open ports in Linux to see which ones are currently active. You may achieve this using several Linux commands. netstat To display open ports, run: netstat -tuln The netstat utility provides a real-time view of active network connections, displaying all listening endpoints. The -tuln flags refine the output to show only TCP and UDP ports without resolving hostnames. Note: In case netstat isn’t installed, install it via: sudo apt install net-tools ss The ss utility can also be utilized to check ports: ss -tuln Compared to netstat, the ss command is more recent and fast. It shows the ports that are in use as well as socket information. nmap For a detailed analysis of Linux open ports, use: nmap localhost The nmap utility scans the given host (localhost in this case) for open ports. This is useful for finding ports exposed to public networks. Note: You can install nmap on Linux via: sudo apt install nmap Opening Ports on Linux Firewall modification is required to grant access through a chosen endpoint. Linux provides several options for handling these tasks, including iptables, ufw, and firewalld. Here are the methods to open ports with these utilities. Method 1: Via iptables Iptables is a robust and lower level firewall utility that grants fine-grained control over network traffic. To open a port with iptables, take these steps: Add a Rule to Allow Traffic from a Specific Port  Enable HTTP access on port 8080 with this command: sudo iptables -A INPUT -p tcp --dport 8080 -j ACCEPT sudo: Execute the command as superuser. iptables: Refers to the firewall utility. -A INPUT: Inserts a rule in the input chain, controlling incoming traffic. -p tcp: Shows that the rule is for TCP traffic. --dport 8080: Points to port 8080 for the rule. ACCEPT: Specifies that incoming traffic matching the rule is accepted. This permits incoming TCP on port 8080. However, iptables changes are volatile and will be undone after reboot. Note: The iptables can be installed with persistent packages using: sudo apt install iptables iptables-persistent Save the Configuration For making the rule permanent and remain even after a system restart, store iptables rules via: sudo netfilter-persistent save This directive preserves current iptables or nftables rules such that they are preserved during reboots. Reload Changes Reload the firewall configuration as needed with: sudo netfilter-persistent reload Method 2: Via UFW Ufw (Uncomplicated Firewall) is a minimal front-end for managing iptables rules. It allows you to easily open ports with simple commands. This is how you can do it: Enable Ufw  First, ensure the ufw firewall is activated: sudo ufw enable Executing this command allows UFW to modify firewall settings. Note: UFW can be installed with: sudo apt install ufw Allow Traffic Via Specific Port  For instance, to open port 22 for SSH, use: sudo ufw allow 22/tcp sudo: Grants superuser privileges. ufw allow: Adds a rule to permit traffic. 22/tcp: Sets port 22 for communication while restricting the rule to TCP protocol. This permits access on port 22, enabling remote SSH connections. Verify the Firewall Status  To ensure the port is accessible and the rule is active, execute: sudo ufw status The status command displays all active rules, including the allowed ports. Method 3: Via Firewalld Firewalld is a dynamic firewall daemon present on Linux. It is simpler to customize the firewall rules compared to using iptables. Here’s how to enable port access via firewalld: Add a Permanent Rule for the Desired Port  To enable HTTPS access on port 443, run: sudo firewall-cmd --permanent --add-port=443/tcp firewall-cmd: Invokes the firewalld command. --permanent: Ensures the rule stays active after the firewall reloads or the system boots. --add-port=443/tcp: Opens port 443 to accept incoming TCP traffic. Note: Install firewalld on Linux via: sudo apt install firewalld Once installed, you should activate and run it: sudo systemctl enable firewalld sudo systemctl start firewalld Reload the Firewall  Finalize the settings to enable the newly defined policy: sudo firewall-cmd --reload Applying firewall modifications makes recent policy updates functional without rebooting. Verification Check whether the port is opened successfully: sudo firewall-cmd --list-all The --list-all command provides a complete list of rules, helping you determine if port 443 is open. Testing the Newly Opened Port Always check if the newly opened port is available for incoming connections. Here’s how: Using telnet Test the port opening via: telnet localhost port_number Successful access means the port is open and responsive. Using nmap Analyze the host to verify if the specified endpoint is accessible.: nmap -p port_number localhost The -p flag specifies the port to scan. Using curl Check HTTP service availability: curl localhost:port_number A successful response confirms the service is running on the opened port. Troubleshooting Common Issues Ports opening may occasionally fail due to configuration errors or conflicting software settings. Follow these tips: Verify Firewall Rules: Run iptables -L or ufw status to assess firewall restrictions and permissions. Check Service Status: Check if the assigned service is active with systemctl status <service-name>. Opening Specific Ports Based on Protocol Understanding the protocol used by the service can help configure ports more effectively. For instance, web traffic typically uses TCP (Transmission Control Protocol) for stable communication, while certain gaming services may require UDP (User Datagram Protocol) for faster packet transmission. Opening a TCP Port To access port 3306 for MySQL traffic: sudo ufw allow 3306/tcp This explicitly permits TCP traffic through port 3306, ensuring stable communication for database queries. Opening a UDP Port To access port 161 for SNMP (Simple Network Management Protocol), run: sudo ufw allow 161/udp UDP provides faster, connectionless communication, ideal for monitoring tools like SNMP. Managing Port Accessibility Once a port is opened, controlling its visibility ensures security and prevents unauthorized access. Restricting Access to Specific IPs To limit port access to a specific IP address (e.g., 192.168.1.100): sudo ufw allow from 192.168.1.100 to any port 22 This allows SSH access via port 22 only from the specified IP address, enhancing security. Closing Ports To revoke access to port 80: sudo ufw deny 80/tcp This denies incoming traffic on port 80, effectively closing it for HTTP services. Conclusion Confirming open ports in Linux is a key step for optimizing network functionality and deploying services effectively. With the use of utilities such as iptables, ufw, or firewalld, you can control traffic securely for your apps. You need to test and debug in order to confirm the port is open and working as expected. From web servers to SSH access, to other network services, port management skills ensure smooth operations and better security.
01 July 2025 · 7 min to read

Do you have questions,
comments, or concerns?

Our professionals are available to assist you at any moment,
whether you need help or are just unsure of where to start.
Email us
Hostman's Support