Sign In
Sign In

Linux Permissions Explained

Linux Permissions Explained
Anees Asghar
Technical writer
Linux
27.01.2025
Reading time: 6 min

In Linux, permissions are extremely valuable in dealing with access to folders as well as files. It makes sure proper authority over which one can deal with them. Effectively handling these privileges is fundamental for enhancing system file management and security. These privileges give groups or users the ability for reading, executing, or modifying, directories and their content. These rules safeguard data and restrict access, particularly in environments with more than one user. Each folder or file comes with particular rights that represent what users can accomplish.

This article will demonstrate the basis of permissions, point out access, understanding, and changing privileges for them, and manage folders and their content.

Basis of Permissions

For beginners, the directories or file privileges can be challenging. It involves the concepts of types and groups as below: 

Types 

In Linux, each folder or file holds three kinds of permissions, each serving a particular purpose:

  • Read (r): It indicates the permission to view the file’s content or enlist the items inside the folder.

  • Write (w): It allows modifications to the particular file or addition and deletion of files inside the directory.

  • Execute (x): It permits the file execution as the program or getting the folder content.

Groups

They are classified into three groups, each serving a particular role:

  • User (Owner): It indicates the user who has the ownership rights of the folder or file.

  • Group: It indicates a bunch of users having shared access rights.

  • Others: It includes those who are not owners or participants of the desired group.

Permission Formats

Privileges are visualized in two formats: symbolic and octal. The symbolic employs symbols to mean rights, r indicates reading, w refers to writing, and x is utilized for the execution purpose. In contrast, the octal utilizes numbers, where 4 means reading, 2 stands for writing, and 1 signifies execution.

Linux Display Permissions 

Linux offers several methods to examine privileges. Individuals can employ a terminal for detailed information or go through the file manager's properties option for a graphical visualization.

Using GUI

This approach is the most straightforward for evaluating rights of permissions. It permits individuals to display them through the file manager's properties.

To employ this method, hit the right-click on the desired folder and click Properties:

Image1

Next, navigate to Permissions for viewing the permissions given to the particular directory and its content:

Image3

In the figure, readers can see and adjust privileges for directories and their content, defining what the group is permitted to do, such as modifying, accessing, or deleting them. Additionally, it provides security context info and offers the choice to implement these privileges to all enclosed files:

Image2

Through the ls Command

You can employ the ls command along with -l, followed by the specified folder or file, to analyze its stats, including privileges:

ls -l <file_or_directory_name>

It retrieves thorough entries, including file privileges and a variety of properties. For instance, the below one retrieves the privilege attributes of the Downloads:

ls -l Downloads

Image5

In the output, the starting part indicates the permissions for all files or folders. For instance, -rw-rw-r-- describes the file as having reading and writing rights for the group as well as the owner. Also, reading-only privileges for others. drwxrwxr-x demonstrates the particular folder possessing the privileges of reading, writing, and executing for the group and owner. Also, reading and executing privileges for others.

The next section describes the number of hard links to a particular file or folder. The next section shows (e.g., linuxuser) the owner. The next part shows the group which is corresponding with the directory or file. The fifth part describes the file's size in bytes.

Next you see the most recent modification date and time, and finally the seventh section shows the file or folder’s name.

Through the namei Utility

In Linux, namei is an effective utility that shows the individual sections of a file or folder path along with their rights:

namei -l /path/to/file

Now, employ the namei -l to visualize comprehensive details about the Downloads folder:

namei -l Downloads

Image4

In this outcome, f: Downloads relates to the last entry in the folder, e.g. Downloads. The d signifies that it is a directory. The rwxr-xr-x means that the linuxuser has the right to read, write, and execute. However, both the linuxuser owner and the group have the capacity to read and execute privileges. It confirms that the linuxuser group as well as a user have the owners' rights of the particular folder.

Through the stat Command

This utility retrieves comprehensive info about the particular folder and its content, e.g. files:

stat fileName 

Let’s employ it to retrieve the comprehensive statistics of the Downloads:

stat Downloads

It retrieves the size of the file, rights, and a lot more:

Image7

Modifying Permissions

Editing file and folder rights are effective for system privacy purposes. Linux provides two main methods to revise privileges: symbolic and absolute mode.

Symbolic Mode

In this mode, individuals adjust permissions by adding (+), deleting (-), or setting (=) specific rights for the owner, group, or others. For making these modifications, the chmod is utilized. 

Let's check out the permissions for the hostmanData file:

ls -l hostmanData

Image6

For adding execution access for the file’s owner, utilize the chmod utility as below:

chmod u+x hostmanData

Next, verify the updated privileges by running:

ls -l hostmanData

Image9

Absolute Mode

In this method, rights are given through octal synonyms. There, every digit is related to reading, writing, and executing access for the user, group, and others. For instance, the code line allows full privileges to the owner and gives reading and executing access to the group and others:

chmod 755 hostmanData

Image8

Modifying Owner Rights

The chown utility permits individuals to alter the folder's ownership and content. It allocates the new group or owner to maintain access control.

Modifying Ownership

We can alter the owner status of a particular directory or file via the chown. For instance, to alter the privileges of the hostmanData file to anees, employ the below code line:

sudo chown anees hostmanData

Next, confirm the changes via the following code line:

ls -l hostmanData

Image11

Modifying Group Ownership

For updating the owner of a group of files, you can employ the below syntax:

sudo chown :users hostmanData

The above line updates the group of the hostmanData from linuxuser to users:

Image10

Other Permissions 

Linux permits individuals the appropriate way to handle advanced or complex operations via the below utilities:

  • setuid: It allowed the file to execute with the authority of the owner compared to the user when implemented to the particular executable file.

  • setgid: It permits the specific file for execution with the particular authority of the group that corresponds with the given file.

  • Sticky Bit: It makes sure that the file’s owner has the capacity for renaming or deleting particular files inside a particular folder.

Final Words

In Linux, permissions are significantly important for handling access to particular folders or files. It plays an essential impact in system management or security. In this article, we covered the basis of permissions, their authority and modification, and editing ownership. We also demonstrated special rights to deal with complicated tasks. With a solid comprehension of these concepts, users can effectively secure Linux and manage access with ease.

Linux
27.01.2025
Reading time: 6 min

Similar

Linux

How to Use Telnet Command on Linux

The telnet command is a great and handy Linux network service communication utility. From remote server and system port scans, to debugging network connections, telnet offers easy text-based interaction with a remote host. In this step by step guide, you can see how to install, configure, and utilize telnet in Linux. We shall also discuss its various options and features so that you can have a complete idea. What is Telnet? telnet, or "Telecommunication Network," is a remote network protocol on another computer over the Transmission Control Protocol (TCP). telnet provides the ability to directly specify the remote host on a particular port so that commands may be sent and output directly read in real time. telnet is employed primarily for: Testing Open Ports: Determine if a server has an open port. Accessing Services: Get direct access to the web, e-mail, or other networked services. Troubleshooting Network Issues: Fix network connectivity issues or port not available issues. Installing Telnet on Linux telnet is not pre-installed on most modern Linux distributions. Installation depends on your system type. For Ubuntu/Debian-Based Systems An Ubuntu or any Debian-based Linux user can install telnet with the apt package manager: sudo apt install telnet For Red Hat/CentOS-Based Systems telnet can be installed on RedHat, CentOS, or Fedora by using the yum or dnf package managers: sudo yum install telnet For newer versions: sudo dnf install telnet Understanding the Telnet Command Syntax The telnet command syntax is simple: telnet [hostname/IP] [port] Where: [hostname/IP]: Specifies the hostname or IP address of the remote host. [port]: Specifies the port number you want to connect to. It can be omitted, and the default port (23) is used.  telnet establishes one direct connection to services on specific ports, like HTTP (port 80), SMTP (port 25), or FTP (port 21). Different Options Available for the Telnet Command The telnet command is highly customizable, offering several options that enhance its usability and functionality. Option Description -4 Forces telnet to use IPv4 only when establishing a connection. -6 Forces telnet to use IPv6 only when connecting. -8 Allows transfer of 8-bit data via telnet. -E Disables the telnet escape character operation, disallowing escape sequences during the session. -K Prevents telnet from automatically passing credentials (e.g., a Kerberos ticket) to the remote host. -L Enables the loopback mode so that telnet can connect to the same host. -X atype Specifies the authentication type (i.e., KERBEROS_V4) to be used during the telnet session. -a Automatically fills in the user's login name attempting to log onto the remote system. -d Enables debugging mode, providing detailed information about the connection process and communication. -e char Alters the escape character for telnet. -l user Specifies the username for the login attempt. -n tracefile Writes session activity to a specified trace file for debugging or logging. -b addr  Defines a local interface or address for telnet to use when connecting. -r Creates a reverse telnet connection. Using Telnet: Practical Applications telnet provides diagnostic and testing capabilities for networks. Some of these include: Test Open Ports telnet is often used to verify if a specified port of a server is open. To verify port 80, enter the following command: telnet example.com 80 If the port is open, telnet will connect, and you might have a blank screen expecting input. This is a good indication that the port is listening and expecting to chat. If the port is firewalled or closed, you would get an error message such as "Connection refused." Interact with SMTP Servers telnet can debug email servers by sending raw SMTP commands. To open an SMTP server on port 25: telnet mail.example.com 587 Once connected, you can directly type SMTP commands such as HELO, MAIL FROM, and RCPT TO to communicate with the server. For example: Send HTTP Requests telnet enables manual HTTP requests to debug web servers. For example: telnet example.com 80 After connecting, type: GET / HTTP/1.1 Host: example.com Press Enter twice to send the request, and the server's response will appear. Connect Using IPv4 If the server supports both IPv4 and IPv6, you can force the connection to use IPv4: telnet -4 example.com 80 This ensures compatibility with IPv4-only networks. Debugging a MySQL Server telnet can connect to a MySQL database server to check if the port is open (default port 3306). telnet database.example.com 3306 Replace database.example.com with the MySQL server address.  If the connection is successful, telnet will display a protocol-specific greeting message from the MySQL server. Security Considerations When Using Telnet Although telnet is a handy utility, it is fundamentally unsafe since it sends the data, including passwords, in cleartext. Consequently: Don't Use Telnet Over Unsecure Networks: Utilize a secure, private network whenever possible. Use Alternatives: Use SSH (Secure Shell) for encrypted communication. Restrict Access: Turn off telnet on your servers if you do not use it. By understanding these risks, you can take precautions to secure your systems. Exploring Advanced Telnet Use Cases telnet’s utility extends to a variety of specialized scenarios: Monitoring Services: Use telnet to interactively query protocols like IMAP or POP3 to diagnose emails. IoT Device Management: telnet can be utilized as an immediate interface to communicate with IoT devices that utilize text-based communication protocols. Educational Use: It is an excellent learning tool for studying network protocols and server responses. Troubleshooting Common Telnet Issues Despite its simplicity, telnet may run into issues such as: Connection Refused: This would usually be so if the target port is firewalled or closed. Time-Out Errors: These could reflect network delay or routing issues. Permission Denied: Check appropriate user privilege and port availability. Regularly checking server configurations and network settings can help resolve these issues. Exploring Telnet Alternatives If telnet's lack of encryption is a security risk to your system, there are several alternatives that offer comparable functionality with added security and features: SSH (Secure Shell): SSH is the most common telnet substitute, providing secured communication, tunneling, and strong authentication. Use the ssh command to securely connect to remote servers. Netcat (nc): Netcat is a full-featured networking debugging tool, port scanner, and connection tester. It can handle both TCP and UDP. OpenSSL S_client: OpenSSL can be utilized to test SSL/TLS protocols securely on particular ports. Conclusion telnet in Linux is a simple and convenient network diagnostics and debugging tool. As long as you understand its security limitation and have sufficient configurations, telnet remains a convenient debugging tool, test tool, and communications tool for network services. From this guide, you have a working configuration that strikes a balance between convenience and responsible caution. Get the best out of your Linux experience and control your systems securely and efficiently remotely.
24 July 2025 · 6 min to read
Linux

How to Set Up Backup with Bacula

Bacula is a cross-platform client-server open source backup software that enables you to back up files, directories, databases, mail server data (Postfix, Exim, Sendmail, Dovecot), system images, and entire operating systems. In this guide, we’ll walk you through the process of installing and configuring Bacula on Linux, as well as creating backups and restoring user data. To get started with Bacula, you’ll need a server or virtual machine running any Linux distribution. In this tutorial, we’ll be using a cloud server from Hostman with Debian 12. Bacula Architecture Bacula’s architecture consists of the following components: Director (Bacula Director) The core component responsible for managing all backup, restore, and verification operations. The Director schedules jobs, sends commands to other components, and writes information to the database. Storage Daemon (Bacula Storage) Handles communication with storage devices such as disks, cloud storage, etc. The Storage Daemon receives data from the File Daemon and writes it to the configured storage medium. File Daemon (Bacula File) The agent installed on client machines to perform the actual backup operations. Catalog A database (MySQL, PostgreSQL, or SQLite) used by Bacula to store information about completed jobs, such as backup metadata, file lists, and restore history. Console (Bacula Console, bconsole) A command-line utility for interacting with Bacula. The Console allows administrators to control the Director via a CLI. GUI tools such as Bacula Web and Baculum are also available. Monitor (Optional) A component for monitoring the Bacula system status. It tracks job statuses, daemon states, and storage device conditions. Creating Test Data for Backup Let’s create some test files to use in our backup. Create a test directory and navigate into it: mkdir /root/test_backups && cd /root/test_backups Now create six sequential files: touch file{1..6}.txt Also, create a directory in advance for storing restored files: mkdir /root/restored-files Installing Bacula In this tutorial, we will install all Bacula components on a single server. However, Bacula also supports a distributed setup where components such as the Director, Storage Daemon, Client, and database can be installed on separate servers. This decentralized setup is suitable for backing up multiple systems without overloading a single server. We'll be using Debian 12 and installing PostgreSQL (version 15) as the backend database. Update the package index and install Bacula (server and client components): apt update && apt -y install bacula-server bacula-client PostgreSQL 15 will also be installed during this process. During installation: When prompted with: “Configure database for bacula-director-pgsql with dbconfig-common?”, press ENTER. When asked to choose the database host, select localhost, since we are installing everything on one server. When prompted with: “PostgreSQL application password for bacula-director-pgsql”, set a password for the Bacula database.  Do not leave this field empty, or a random password will be generated. Re-enter the password when asked to confirm. The installation will then continue normally. After the installation is complete, verify the status of Bacula components and PostgreSQL. Check the status of the Bacula Director: systemctl status bacula-director Check the Storage Daemon: systemctl status bacula-sd Check the File Daemon: systemctl status bacula-fd Check PostgreSQL: systemctl status postgresql If all components display a status of active, then Bacula has been successfully installed and is running. Bacula Configuration Bacula is configured by editing the configuration files of the program components. By default, all Bacula configuration files are located in the /etc/bacula directory. Next, we will configure each Bacula component individually. Configuring Bacula Director Using any text editor, open the bacula-dir.conf configuration file for editing: nano /etc/bacula/bacula-dir.conf Let’s start with the Director block, which sets the main configuration parameters for the Director component: Director { Name = 4142939-bi08079-dir DIRport = 9101 QueryFile = "/etc/bacula/scripts/query.sql" WorkingDirectory = "/var/lib/bacula" PidDirectory = "/run/bacula" Maximum Concurrent Jobs = 20 Password = "ohzb29XNWSFISd6qN6fG2urERzxOl9w68" Messages = Daemon DirAddress = 127.0.0.1 } Explanation of parameters: Name: The name of the Director component. This is a unique identifier used to connect with other components like the File Daemon and Storage Daemon. By default, it includes the server's hostname and the -dir suffix. Example: 4142939-bi08079-dir. DIRport: The port that Bacula Director listens to for incoming connections from the management console (bconsole). Default is 9101. QueryFile: Path to the SQL script file used to run queries on the database. It contains predefined SQL queries for job management, verification, data restoration, etc. Default: /etc/bacula/scripts/query.sql. WorkingDirectory: The working directory where Bacula Director temporarily saves files during job execution. PidDirectory: The directory where the Director saves its PID file (process identifier). This is used to track if the process is running. Maximum Concurrent Jobs: The maximum number of jobs that can run simultaneously. The default is 20. Password: Password used for authenticating the management console (bconsole) with the Director. Must match the one specified in the console’s configuration. Messages: Specifies the name of the message resource that determines how messages (errors, warnings, events) are handled. Common values: Daemon, Standard, Custom. DirAddress: The IP address the Director listens on. This can be 127.0.0.1 for local connections or an external IP. Catalog Configuration By default, Bacula comes with its own PostgreSQL instance on the same host, and in that case, database connection settings don’t need changes. But if you're deploying the database separately (recommended for production), the address, username, and password must be specified in the Catalog block: Catalog { Name = MyCatalog dbname = "bacula"; DB Address = "localhost"; dbuser = "bacula"; dbpassword = "StrongPassword4747563" } Explanation of parameters: dbname: The name of the database used by Bacula (default is bacula). The database must already exist (when deployed separately). DB Address: Host address where the DBMS is deployed. Use IP or a domain name. For local setup: localhost or 127.0.0.1. dbuser: The user Bacula will use to connect to the database. dbpassword: Password for the specified database user. Must be preconfigured. Restore Job Configuration Locate the Job block named RestoreFiles, responsible for file restoration. Set the Where parameter to specify the directory where restored files will be saved. Earlier, we created /root/restored-files, which we’ll use here: Job { Name = "RestoreFiles" Type = Restore Client=4244027-bi08079-fd Storage = File1 # The FileSet and Pool directives are not used by Restore Jobs # but must not be removed FileSet="Full Set" Pool = File Messages = Standard Where = /root/restored-files } Backup Schedule Configuration Next, we set up the Schedule block that defines when backups are created. We create: A full backup every Monday at 00:01. A differential backup every Sunday (2nd to 5th week) at 23:05. An incremental backup daily at 23:00: Schedule { Name = "WeeklyCycle" Run = Full 1st mon at 00:01 Run = Differential 2nd-5th sun at 23:05 Run = Incremental mon-sun at 23:00 } FileSet Configuration Now, we specify which files and directories will be backed up. This is defined in the FileSet block. Earlier we created /root/test_backups with six files. We’ll specify that path: FileSet { Name = "Full Set" Include { Options { signature = MD5 } File = /root/test_backups } } Explanation of parameters: Name: The name of the FileSet block, used for identification in configuration. Options: Settings that apply to all files listed under Include. signature = MD5: Specifies the checksum algorithm used to verify file integrity. MD5 generates a 128-bit hash to track file changes. Exclude Configuration (Optional) The Exclude block is used to specify files or directories that should not be backed up. This block is placed inside the FileSet definition and acts on files included via Include. Exclude { File = /var/lib/bacula ... } Pool Configuration The Pool block defines a group of volumes (storage units) used for backup. Pools help manage how data is stored, rotated, and deleted. Pool { Name = Default Pool Type = Backup Recycle = yes AutoPrune = yes Volume Retention = 7 days Maximum Volume Bytes = 10G Maximum Volumes = 2 } Explanation of parameters: Name: The pool's name, here it's Default. Pool Type: Defines the pool's function: Backup: Regular backups. Archive: Long-term storage. Cloning: Data duplication. Recycle: Indicates whether volumes can be reused once they're no longer needed (yes or no). AutoPrune: Enables automatic cleanup of expired volumes. Volume Retention: How long (in days) to retain data on a volume. After 7 days, the volume becomes eligible for reuse. Maximum Volume Bytes: The max size for a volume. If it exceeds 10 GB, a new volume is created (if allowed). Maximum Volumes: Limits the number of volumes in the pool. Here, it's 2. Older volumes are recycled when the limit is hit (if Recycle = yes). Validating Configuration and Restarting Bacula After making all changes, check the bacula-dir.conf file for syntax errors: /usr/sbin/bacula-dir -t -c /etc/bacula/bacula-dir.conf If the command output is empty, there are no syntax errors. If there are errors, the output will specify the line number and error description. Restart the Bacula Director service: systemctl restart bacula-director Configuring Bacula Storage The next step is configuring Bacula Storage, where the backup files will be stored. Using any text editor, open the configuration file bacula-sd.conf for editing: nano /etc/bacula/bacula-sd.conf We'll start with the Storage block, which defines the storage daemon responsible for physically saving backup files: Storage { Name = 4149195-bi08079-sd SDPort = 9103 WorkingDirectory = "/var/lib/bacula" Pid Directory = "/run/bacula" Plugin Directory = "/usr/lib/bacula" Maximum Concurrent Jobs = 20 SDAddress = 127.0.0.1 } Here’s what each parameter means: Name: Name of the storage daemon instance, used to identify it uniquely. SDPort: Port number the Storage Daemon listens on. The default is 9103. WorkingDirectory: Working directory for temporary files. Default: /var/lib/bacula. Pid Directory: Directory to store the PID file (process ID) for the storage daemon. Default: /run/bacula. Plugin Directory: Path where Bacula’s plugins for the storage daemon are located. These plugins can provide extra features such as encryption or cloud integration. Maximum Concurrent Jobs: Maximum number of jobs the storage daemon can handle simultaneously. SDAddress: IP address the Storage Daemon is available at. This can be an IP or a domain name. Since in our case the Storage Daemon runs on the same server as the Director, we use localhost. The next block to configure is Device, which defines the storage device where backups will be written. The device can be physical (e.g., a tape drive) or logical (e.g., a directory on disk). For testing, one Device block will suffice. By default, bacula-sd.conf may contain more than one Device block, including a Virtual Autochanger — a mechanism that emulates a physical autochanger (used for managing tapes or other media). It lets you manage multiple virtual volumes (typically as disk files) just like real tapes in a tape library. Locate the Autochanger block and remove the FileChgr1-Dev2 value from the Device parameter: Autochanger { Name = FileChgr1 Device = FileChgr1-Dev1 Changer Command = "" Changer Device = /dev/null } Next, in the Device block below, specify the full path to the directory we previously created for storing backup files (/srv/backup) in the Archive Device parameter: Device { Name = FileChgr1-Dev1 Media Type = File1 Archive Device = /srv/backup LabelMedia = yes; Random Access = Yes; AutomaticMount = yes; RemovableMedia = no; AlwaysOpen = no; Maximum Concurrent Jobs = 5 } Any blocks referencing FileChgr2 and FileChgr1-dev2 should be deleted: Explanation of the parameters: Autochanger Block: Name: Identifier for the autochanger (you can have multiple). Device: Name of the device linked to this autochanger—must match the Device block name. Changer Command: Script or command used to manage the changer. An empty value ("") means none is used—suitable for virtual changers or simple setups. Changer Device: Refers to the device tied to the autochanger, typically for physical devices. Device Block: Name: Identifier for the device. Media Type: Media type associated with the device. Must match the Pool block media type. Archive Device: Full path to the device or directory for storing backups; /srv/backup in this case. LabelMedia: Whether Bacula should auto-label new media. Random Access: Whether random access is supported. AutomaticMount: Whether to auto-mount the device when used. RemovableMedia: Specifies if the media is removable. AlwaysOpen: Whether the device should always stay open. Maximum Concurrent Jobs: Maximum number of simultaneous jobs using this device. Since we previously specified the directory for backup storage, create it: mkdir -p /srv/backup Set the ownership to the bacula user: chown bacula:bacula /srv/backup Next, check the config file for syntax errors: /usr/sbin/bacula-sd -t -c /etc/bacula/bacula-sd.conf If there are no syntax errors, the output will be empty. Otherwise, it will indicate the line number and description of any error. Restart the storage daemon: systemctl restart bacula-sd Creating a Backup Backups in Bacula are created using the bconsole command-line tool. Launch the utility: bconsole If it connects to the Director component successfully, it will display 1000 OK. Before running a backup, you can check the status of all components by entering the command: status This will display a list of the five Bacula system components. To check them all, enter 6. To initiate a backup, enter the command: run From the list, choose the BackupClient1 option (your client name might differ based on previous config), by typing 1. After selecting the option, you’ll see detailed info about the backup operation. You’ll then be prompted with three choices: yes — start the backup process; mod — modify parameters before starting; no — cancel the backup. If you enter mod, you’ll be able to edit up to 9 parameters. To proceed with the backup, type yes. To view all backup and restore jobs and their statuses: list jobs In our case, a backup with Job ID 1 was created: list jobid=1 If the status is T, the backup was successful. Possible statuses in the "Terminated Jobs" column: T (Success) — Job completed successfully. E (Error) — Job ended with an error. A (Canceled) — Job was canceled by the user. F (Fatal) — Job ended due to a critical error. R (Running) → Terminated — Job completed (may be successful or not). You can also monitor backup activity and errors via the log file: cat /var/log/bacula/bacula.log Once the backup finishes, the file will be saved in the specified directory. file Vol-0001 Restoring Files from Backup Earlier, we backed up the /root/test_backups directory, which contained six .txt files. Suppose these files were lost or deleted. Let’s restore them: Launch the Bacula console: bconsole Start the restore process: restore You’ll see 12 available restore options. We’ll use option 3. Type 3. Earlier we used Job ID 1 for our backup. Enter 1.  You’ll enter a file selection mode. Since our files were in the root/test_backups directory, navigate there. All previously saved files should be visible. To restore the whole directory, go up one level: cd .. Then mark the whole test_backups folder: mark test_backups/ Finish selection: done The system will display a final summary showing which data will be restored and the target directory (in our case: /root/restored-files). To start the restore, enter yes. Finally, verify that the files have been successfully restored. Conclusion We’ve now reviewed the installation and configuration of Bacula, a client-server backup solution. Bacula isn’t limited to backing up regular files—thanks to its plugin support, it can also handle backups of virtual machines, OS images, and more.
18 July 2025 · 14 min to read
Linux

Installing Arch Linux in a Cloud Environment

Arch Linux is a lightweight and flexible Linux distribution that provides users with extensive opportunities for customizing and optimizing their systems. It includes a minimal amount of preinstalled software and offers a console-based interface. In most cases, it is used by experienced users: professional developers, system administrators, or hackers. This is due to the complexity of its installation and subsequent configuration, which involves adding the required packages and components to the system. However, these difficulties are justified, because in the end the user gets exactly the system and services they need. In this article, we will explain how to install Arch Linux on your cloud server and perform its basic configuration. Advantages of Arch Linux It is worth noting that Arch Linux is ideally suited as an OS for a cloud server due to its low resource requirements. This distribution also has several other advantages: System UpdatesArch Linux updates automatically when a new OS version is released. Software InstallationPackages can be downloaded both over the network and from a local disk. In addition, the installed software does not need to be specifically compatible with Arch Linux. Rich RepositoriesArch Linux offers a wide variety of packages. Today, there are over 12,000 packages in the official repositories alone. In the community repository, there are even more — over 83,000. Up-to-date DocumentationThe official Arch Linux documentation is actively updated to reflect the latest changes and innovations. This ensures accurate and relevant system information. Active CommunityThis distribution has an active user community ready to help and share their experience. There are many forums, wikis, and repositories where you can find detailed instructions and guides for installation, configuration, and troubleshooting. 1. Preparing for Installation To follow this guide and install Arch Linux, you will need: A cloud server with any operating system (in our case, Debian 11); A link to the Arch Linux image from an official source; An additional disk, which you can attach under the Plan tab in the control panel. Step 1. To install Arch Linux on the server, you must first upload its installation image from an official source in .iso format. For example: wget https://mirror.rackspace.com/archlinux/iso/2025.06.01/archlinux-2025.06.01-x86_64.iso Step 2. Next, add a new disk where the installation image will be stored. It will appear in the system as /dev/sdb. You can specify the minimum disk size. Step 3. Write the installation image to the new disk: dd if=archlinux-2025.06.01-x86_64.iso of=/dev/sdb The writing process will take some time. When finished, verify it with the following command: fdisk -l In the output, you will see that the installation image has been written to the new disk, creating two necessary partitions. Step 4. After writing the installation image, proceed to boot from it. To do this, go to the Access tab and boot the server from the recovery disk. Open the console in the control panel.  Step 5. In the console window, go to the Boot existing OS menu item and press Tab on your keyboard. This will allow you to edit the text at the bottom of the screen. Here, you need to manually replace hd0 with hd1, as shown in the figure below. After that, press Enter to launch the installation program. Step 6. In the system bootloader that appears, select the first option. 2. Partitioning the Disk Now we can partition the main disk (sda). In our case, there will be 3 partitions: a 300 MB UEFI partition (type EFI), a 700 MB swap partition (type Linux swap), and a main filesystem partition taking up all remaining space (type Linux). In your own installation, the number and size of partitions may differ depending on your requirements. Make sure there are no important files on the server’s disk, because it will be formatted later. You may also wish to back it up to preserve important data. Step 1. First, check whether there are any files on the disk you need to save: lsblk The screenshot below shows the list. For creating the described partitions, we will use a 25 GB disk — sda. It currently has Debian 11 installed, which does not contain important files. Step 2. To partition the disk, enter the following command: cfdisk /dev/sda Step 3. In the window that opens, you need to delete all existing partitions. To do this, select a partition and use the Delete button in the lower menu. Step 4. Next, select the New button in the lower menu to create a new partition. Step 5. Then specify the size of the partition to be created. In our case, this is 300 MB for UEFI. Step 6. In the next window, choose Primary. Step 7. The partition is now created, and you need to specify its type. Go to the Type menu and select EFI. Step 8. Now move to the Free space and create 2 more partitions, repeating steps 4 through 7. Partition details were listed at the beginning of this chapter. Step 9. Once all partitions have been created, go to the Write button and select it. To confirm, type yes in the field that appears. Step 10. Partitioning is now complete. To exit the tool, select the Quit button in the lower menu. Step 11. You can verify your work using the lsblk command again. Check in the output that all changes have been successfully applied. 3. Formatting and Mounting the Created Partitions At this stage, the created partitions will be formatted and mounted. Remember, all data will be erased in this process! Step 1. For the first partition, format it using the following command: mkfs.fat -F32 /dev/sda1 This command will create a FAT32 filesystem, which is the recommended format for the UEFI partition. Step 2. Next, assign it a mount point: mkdir /mnt/efi mount /dev/sda1 /mnt/efi Step 3. For the second partition, perform special formatting: mkswap /dev/sda2 Step 4. Then activate the swap partition: swapon /dev/sda2 Step 5. Finally, format the system’s root partition: mkfs.ext4 /dev/sda3 Step 6. After formatting, create its mount point: mount /dev/sda3 /mnt After completing the formatting and mounting, your partitions will be ready for installing and configuring Arch Linux and its main components. 4. Installing the Main Arch Linux Components Step 1. First, let’s install the OS and its core components: pacstrap /mnt base linux grub openssh nano dhcpcd Step 2. Once the installation finishes, you need to generate the fstab file: genfstab -U /mnt >> /mnt/etc/fstab Generating the fstab file makes partition mounting management easier and ensures automatic and consistent mounting at system startup. 5. System Configuration Step 1. To configure Arch Linux after installation, you need to chroot into the OS without rebooting: arch-chroot /mnt Step 2. First, install the nano text editor: pacman -S nano Step 3. Uncomment the encoding for English in the relevant file (you would edit locale.gen): nano /etc/locale.gen Uncomment the line for en_US.UTF-8. After this, save the changes and exit nano, then generate the locales: locale-gen To enable the English language, execute: echo "LANG=en_US.UTF-8" > /etc/locale.conf Step 4. At this step, set up the system clock. For example:  ln -sf /usr/share/zoneinfo/Europe/Nicosia /etc/localtime The region is set. Now synchronize the hardware clock: hwclock --systohc Step 5. Next, set the hostname for your system: echo "hostname" > /etc/hostname Step 6. As the second-to-last step, set the root password. Run: passwd You will be prompted to enter and confirm the password. Step 7. Lastly, set up the previously installed GRUB bootloader to boot the server: grub-install --target=i386-pc /dev/sda Then create the GRUB configuration file: grub-mkconfig -o /boot/grub/grub.cfg This command will automatically configure GRUB. Step 8. Arch Linux is now successfully installed. Exit the chroot: exit Then go to the Access tab in your control panel and switch the server to standard boot mode. After that, click Save and Reboot. You can remove the additional disk after this step. Step 9. The system will boot, but it is not ready for use yet. First, connect to the server and enable the DHCP client daemon: systemctl enable dhcpcd Then start it: systemctl start dhcpcd Make sure the service shows the status active (running). Step 10. Next, configure the SSH connection. First, create a backup of the sshd configuration: cp /etc/ssh/sshd_config /etc/ssh/backup.sshdconf Then set PermitRootLogin to Yes in the /etc/ssh/sshd_config file: nano /etc/ssh/sshd_config Finally, enable the SSH daemon: systemctl enable sshd And start it: systemctl start sshd When checking with systemctl status sshd, the service should show active (running) status. Don’t forget to add and configure SSH keys before connecting to the server. 6. Additional Configuration The installation is complete, but you can also perform additional system configuration by reviewing the official Arch Linux setup documentation. To install packages, use the command: pacman -S package_name To update the system, use: pacman -Suy Conclusion In this guide, we reviewed the process of installing Arch Linux on your cloud server and performed its basic configuration. We used a temporary Debian 11 OS and an additional disk for the installation image. By following these steps, you can create a powerful and flexible virtual environment for developing, testing, and running applications based on Arch Linux.
03 July 2025 · 8 min to read

Do you have questions,
comments, or concerns?

Our professionals are available to assist you at any moment,
whether you need help or are just unsure of where to start.
Email us
Hostman's Support