Linux Mastery for Students

The definitive roadmap for professional systems administration on your free vps.

Phase 01

Filesystem Basics

Phase 02

User & Security

Phase 03

Server Config

Navigate your server like a pro. Learn to list details and traverse the filesystem hierarchy.

pwd                      # Where am I?
ls -lah                  # List all files with sizes & permissions
cd /var/log/nginx        # Move to specific folder
cd ~                     # Go to your home directory

Understand the rwx (Read, Write, Execute) model to secure your website files.

chmod 644 config.php     # Secure readable file
chmod 755 script.sh      # Executable script
sudo chown -R www-data:www-data /var/www/html # Set web ownership

Access your VPS securely and disable password logins for maximum protection.

ssh root@vps_ip_address     # Standard login
nano /etc/ssh/sshd_config   # Edit SSH settings
# Set: PermitRootLogin no
# Set: PasswordAuthentication no

Install software and keep your Ubuntu/Debian server updated.

sudo apt update && sudo apt upgrade -y
sudo apt install build-essential git curl -y
sudo apt autoremove      # Clean up unneeded dependencies

Lock down your server. Only allow ports you actually use.

sudo ufw allow ssh       # Don't lock yourself out!
sudo ufw allow http
sudo ufw allow https
sudo ufw enable          # Activate firewall
htop                     # Interactive process viewer
free -m                  # Check RAM usage in MB
df -h                    # Check Disk usage in human-readable form
nano index.html          # Quick edit
# Save: CTRL + O -> ENTER
# Exit: CTRL + X
sudo adduser newuser     # Create user
sudo usermod -aG sudo newuser # Grant sudo powers
sudo deluser --remove-home olduser
ip addr show             # See server IP
ping -c 4 google.com     # Test connectivity
ss -lntp                 # View listening ports & services
tail -n 50 /var/log/syslog   # View last 50 system events
tail -f /var/log/nginx/access.log # Watch web logs live
journalctl -xe               # View recent error reports

Automation starts with the shebang. Learn how to declare variables and output text.

#!/bin/bash
# This is a comment
NAME="Student"
echo "Hello $NAME, welcome to your VPS automation hub."
echo "Enter your domain name:"
read DOMAIN
echo "Setting up configuration for $DOMAIN..."
if [ -f "/etc/nginx/nginx.conf" ]; then
    echo "Nginx is installed."
else
    echo "Nginx not found. Installing..."
    sudo apt install nginx -y
fi

Iterate through files or lists to perform batch actions.

for FILE in *.txt; do
    mv "$FILE" "backup_$FILE"
    echo "Renamed $FILE"
done
check_status() {
    echo "Checking system load..."
    uptime
}

check_status  # Call the function

Run your scripts automatically every night.

crontab -e
# Add this line to backup every day at midnight:
0 0 * * * /home/user/backup.sh
# Compress web folder into a timestamped archive
tar -czvf backup_$(date +%F).tar.gz /var/www/html
grep "error" /var/log/syslog     # Find errors in logs
sed -i 's/old-ip/new-ip/g' config.txt # Replace text in-place
# Print only the first column (username) of /etc/passwd
awk -F':' '{ print $1 }' /etc/passwd

Create short commands for long terminal strings.

nano ~/.bashrc
# Add this line:
alias update='sudo apt update && sudo apt upgrade -y'
# Then run: source ~/.bashrc
command_here
if [ $? -eq 0 ]; then
    echo "Success"
else
    echo "Failed"
fi
curl -I https://google.com        # Get headers
curl -O https://site.com/file.zip # Download file
wget --mirror --convert-links --page-requisites https://example.com
rsync -avz /local/folder/ root@vps_ip:/remote/folder/

Run your background scripts as official Linux services.

# /etc/systemd/system/myapp.service
[Service]
ExecStart=/usr/bin/python3 /app/main.py
Restart=always
# Prevents /var/log from filling your VPS disk
sudo nano /etc/logrotate.conf

Keep processes running even after you disconnect from SSH.

tmux new -s mysession     # Start session
# To detach: CTRL+B then D
tmux attach -t mysession  # Reconnect
# Override DNS locally
sudo nano /etc/hosts
# Add: 127.0.0.1 test.local
nc -zv your_vps_ip 80      # Check if port 80 is open
nc -l 1234                 # Listen on a port

Ensure your VPS is always patched against new vulnerabilities automatically.

sudo apt install unattended-upgrades
sudo dpkg-reconfigure --priority=low unattended-upgrades

Avoid dependency conflicts by creating isolated labs for each Python project.

sudo apt install python3-venv -y
python3 -m venv myenv           # Create environment
source myenv/bin/activate       # Enter environment
pip install flask               # Install packages safely
pip install gunicorn
# Run your app with 3 worker processes
gunicorn --workers 3 app:app

Forward public web traffic to your backend Python or Node.js application.

# Inside /etc/nginx/sites-available/default
location / {
    proxy_pass http://127.0.0.1:8000;
    proxy_set_header Host $host;
}
sudo apt install certbot python3-certbot-nginx -y
sudo certbot --nginx -d yourdomain.com

Securely store API keys and database passwords in your shell session.

export DB_PASSWORD="my_secret_pass"
echo $DB_PASSWORD
# To make permanent, add to ~/.bashrc

Securely access a database running on your VPS from your local machine.

# Forward local port 3306 to VPS port 3306
ssh -L 3306:localhost:3306 user@your_vps_ip
sudo ipset create blacklist hash:ip
sudo ipset add blacklist 1.2.3.4
sudo iptables -I INPUT -m set --match-set blacklist src -j DROP
FILE="image.jpg"
echo ${FILE%.*}   # Output: image (remove extension)
echo ${FILE#*.}   # Output: jpg (get extension)
# Backup /etc (configs) and /var/www (sites)
sudo tar -cvpzf backup.tar.gz /etc /var/www

The final step for any production VPS: minimize your attack surface.

1. Use SSH Keys ONLY (Disable passwords)
2. Change Default SSH Port
3. Install Fail2Ban
4. Use a VPN/Tunnel for Admin access