Linux Mastery for Students
The definitive roadmap for professional systems administration on your free vps.
Phase 01
Filesystem Basics
Phase 02
User & Security
Phase 03
Server Config
Navigate your server like a pro. Learn to list details and traverse the filesystem hierarchy.
pwd # Where am I?
ls -lah # List all files with sizes & permissions
cd /var/log/nginx # Move to specific folder
cd ~ # Go to your home directory
Understand the rwx (Read, Write, Execute) model to secure your website files.
chmod 644 config.php # Secure readable file
chmod 755 script.sh # Executable script
sudo chown -R www-data:www-data /var/www/html # Set web ownership
Access your VPS securely and disable password logins for maximum protection.
ssh root@vps_ip_address # Standard login
nano /etc/ssh/sshd_config # Edit SSH settings
# Set: PermitRootLogin no
# Set: PasswordAuthentication no
Install software and keep your Ubuntu/Debian server updated.
sudo apt update && sudo apt upgrade -y
sudo apt install build-essential git curl -y
sudo apt autoremove # Clean up unneeded dependencies
Lock down your server. Only allow ports you actually use.
sudo ufw allow ssh # Don't lock yourself out!
sudo ufw allow http
sudo ufw allow https
sudo ufw enable # Activate firewall
htop # Interactive process viewer
free -m # Check RAM usage in MB
df -h # Check Disk usage in human-readable form
nano index.html # Quick edit
# Save: CTRL + O -> ENTER
# Exit: CTRL + X
sudo adduser newuser # Create user
sudo usermod -aG sudo newuser # Grant sudo powers
sudo deluser --remove-home olduser
ip addr show # See server IP
ping -c 4 google.com # Test connectivity
ss -lntp # View listening ports & services
tail -n 50 /var/log/syslog # View last 50 system events
tail -f /var/log/nginx/access.log # Watch web logs live
journalctl -xe # View recent error reports
Automation starts with the shebang. Learn how to declare variables and output text.
#!/bin/bash
# This is a comment
NAME="Student"
echo "Hello $NAME, welcome to your VPS automation hub."
echo "Enter your domain name:"
read DOMAIN
echo "Setting up configuration for $DOMAIN..."
if [ -f "/etc/nginx/nginx.conf" ]; then
echo "Nginx is installed."
else
echo "Nginx not found. Installing..."
sudo apt install nginx -y
fi
Iterate through files or lists to perform batch actions.
for FILE in *.txt; do
mv "$FILE" "backup_$FILE"
echo "Renamed $FILE"
done
check_status() {
echo "Checking system load..."
uptime
}
check_status # Call the function
Run your scripts automatically every night.
crontab -e
# Add this line to backup every day at midnight:
0 0 * * * /home/user/backup.sh
# Compress web folder into a timestamped archive
tar -czvf backup_$(date +%F).tar.gz /var/www/html
grep "error" /var/log/syslog # Find errors in logs
sed -i 's/old-ip/new-ip/g' config.txt # Replace text in-place
# Print only the first column (username) of /etc/passwd
awk -F':' '{ print $1 }' /etc/passwd
Create short commands for long terminal strings.
nano ~/.bashrc
# Add this line:
alias update='sudo apt update && sudo apt upgrade -y'
# Then run: source ~/.bashrc
command_here
if [ $? -eq 0 ]; then
echo "Success"
else
echo "Failed"
fi
curl -I https://google.com # Get headers
curl -O https://site.com/file.zip # Download file
wget --mirror --convert-links --page-requisites https://example.com
rsync -avz /local/folder/ root@vps_ip:/remote/folder/
Run your background scripts as official Linux services.
# /etc/systemd/system/myapp.service
[Service]
ExecStart=/usr/bin/python3 /app/main.py
Restart=always
# Prevents /var/log from filling your VPS disk
sudo nano /etc/logrotate.conf
Keep processes running even after you disconnect from SSH.
tmux new -s mysession # Start session
# To detach: CTRL+B then D
tmux attach -t mysession # Reconnect
# Override DNS locally
sudo nano /etc/hosts
# Add: 127.0.0.1 test.local
nc -zv your_vps_ip 80 # Check if port 80 is open
nc -l 1234 # Listen on a port
Ensure your VPS is always patched against new vulnerabilities automatically.
sudo apt install unattended-upgrades
sudo dpkg-reconfigure --priority=low unattended-upgrades
Avoid dependency conflicts by creating isolated labs for each Python project.
sudo apt install python3-venv -y
python3 -m venv myenv # Create environment
source myenv/bin/activate # Enter environment
pip install flask # Install packages safely
pip install gunicorn
# Run your app with 3 worker processes
gunicorn --workers 3 app:app
Forward public web traffic to your backend Python or Node.js application.
# Inside /etc/nginx/sites-available/default
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
}
sudo apt install certbot python3-certbot-nginx -y
sudo certbot --nginx -d yourdomain.com
Securely store API keys and database passwords in your shell session.
export DB_PASSWORD="my_secret_pass"
echo $DB_PASSWORD
# To make permanent, add to ~/.bashrc
Securely access a database running on your VPS from your local machine.
# Forward local port 3306 to VPS port 3306
ssh -L 3306:localhost:3306 user@your_vps_ip
sudo ipset create blacklist hash:ip
sudo ipset add blacklist 1.2.3.4
sudo iptables -I INPUT -m set --match-set blacklist src -j DROP
FILE="image.jpg"
echo ${FILE%.*} # Output: image (remove extension)
echo ${FILE#*.} # Output: jpg (get extension)
# Backup /etc (configs) and /var/www (sites)
sudo tar -cvpzf backup.tar.gz /etc /var/www
The final step for any production VPS: minimize your attack surface.
1. Use SSH Keys ONLY (Disable passwords)
2. Change Default SSH Port
3. Install Fail2Ban
4. Use a VPN/Tunnel for Admin access