# Mastering System Internals: Processes, Resources, and Permissions

Understanding and managing a Linux system requires familiarity with its core components: how processes operate, how resources are consumed, and how user privileges are structured. This document provides a technical overview of essential commands and concepts for effective system administration.

### Process and System Monitoring

System administrators frequently need to inspect and control running processes and monitor resource utilization. Several command-line utilities facilitate these tasks.

**Viewing Running Processes:** `top`, `htop`, `ps`

The `ps` (process status) command provides a snapshot of the currently running processes. Its output is highly customizable. For instance, `ps aux` displays all processes (`a`) including those without a controlling terminal (`x`) in a user-oriented format (`u`). The output typically includes the User ID (UID), Process ID (PID), parent PID (PPID), CPU utilization, memory usage, start time, and the command that initiated the process.

Bash

```bash
ps aux
USER         PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root           1  0.0  0.1 169324 13188 ?        Ss   May16   0:02 /sbin/init
root           2  0.0  0.0      0     0 ?        S    May16   0:00 [kthreadd]
user1       1234  0.5  2.3 123456 45678 ?        Sl   10:30   0:05 /usr/bin/example-app
```

For a dynamic, real-time view of system processes, `top` is the traditional utility. It displays a continuously updated list of processes, ordered by CPU usage by default. `top` also provides a summary of system state, including uptime, load average, task counts (total, running, sleeping, stopped, zombie), CPU states (user, system, nice, idle, wait, hardware interrupt, software interrupt, steal time), and memory/swap usage. Users can interact with `top` using single-key commands to sort processes, kill processes, or change display options.

`htop` is an interactive process viewer and system monitor that offers a more user-friendly interface compared to `top`. It presents a colorized display, allows scrolling through the process list vertically and horizontally, and enables actions like killing or renicing processes directly from the interface using function keys or mouse clicks (if supported by the terminal). `htop` also provides a clearer visual representation of CPU and memory usage, often including per-CPU core utilization graphs.

**Killing or Pausing Tasks**

To terminate a process, the `kill` command is used. It sends a signal to a specified process ID (PID). The most common signals are `SIGTERM` (15), which requests a graceful shutdown, and `SIGKILL` (9), which forces immediate termination.

Bash

```bash
kill 1234       # Sends SIGTERM to PID 1234
kill -9 1234    # Sends SIGKILL to PID 1234
kill -s SIGKILL 1234 # Alternative syntax for SIGKILL
```

The `pkill` command can terminate processes based on name or other attributes. For example, `pkill example-app` would send `SIGTERM` to all processes whose names match "example-app".

To pause a process (suspend its execution), the `SIGSTOP` signal is used. The `SIGCONT` signal resumes a stopped process.

Bash

```bash
kill -STOP 1234   # Pauses PID 1234
kill -CONT 1234  # Resumes PID 1234
```

Alternatively, while a process is running in the foreground of a terminal, `Ctrl+Z` will send `SIGTSTP` (a terminal stop signal, similar to `SIGSTOP` but can be ignored by the process) to pause it. The `fg` command resumes it in the foreground, and `bg` resumes it in the background.

**Checking System Resources:** `free`, `df`, `du`

The `free` command displays the amount of free and used physical memory (RAM) and swap space on the system. Options like `-h` (human-readable), `-m` (megabytes), or `-g` (gigabytes) format the output for easier interpretation.

Bash

```bash
free -h
              total        used        free      shared  buff/cache   available
Mem:           7.7Gi       3.1Gi       1.2Gi       215Mi       3.4Gi       4.2Gi
Swap:          2.0Gi       512Mi       1.5Gi
```

The "buff/cache" column represents memory used by the kernel for buffers and page cache. The "available" column provides an estimate of memory available for starting new applications without swapping.

To check disk space usage, the `df` (disk free) command is employed. `df -h` shows disk space usage for all mounted filesystems in a human-readable format. It lists the filesystem, its total size, used space, available space, percentage used, and mount point.

Bash

```bash
df -h
Filesystem      Size  Used Avail Use% Mounted on
/dev/sda1        50G   20G   28G  42% /
tmpfs           3.9G     0  3.9G   0% /dev/shm
/dev/sdb1       100G   50G   50G  50% /mnt/data
```

The `du` (disk usage) command estimates file and directory space usage. `du -sh /path/to/directory` will display the total size of the specified directory in a human-readable format (`-s` for summary, `-h` for human-readable). Without `-s`, `du` lists the sizes of subdirectories.

Bash

```bash
du -sh /var/log
1.2G    /var/log
```

### Users and Permissions

Linux is a multi-user operating system, and managing users and their permissions is fundamental to system security and organization.

**Root vs. Regular User**

The **root user** (also known as the superuser) has unrestricted access to the entire system. It can perform any operation, including modifying system files, managing users, and controlling hardware. The root user has a User ID (UID) of 0. Operating as root continuously is generally discouraged due to the risk of accidental damage or security vulnerabilities if compromised.

A **regular user** has limited privileges. Regular users can typically only modify files within their own home directory and execute commands for which they have explicit permission. This constrained environment enhances system security by preventing unintentional system-wide changes.

**Groups and User Roles**

Users in Linux can be members of one or more **groups**. Groups provide a mechanism for organizing users and managing permissions collectively. For example, files or directories can have permissions set for a specific group, allowing all members of that group to access them according to those permissions, without granting access to all users on the system.

Primary group: Each user has a primary group, usually assigned when the user account is created. Files created by the user will, by default, belong to this group.

Supplementary groups: Users can also be members of additional (supplementary) groups, granting them privileges associated with those groups.

Commands like `groups <username>` list the groups a user belongs to. The `/etc/group` file contains information about all defined groups on the system.

User roles are often implemented through group memberships. For instance, a `developers` group might have write access to specific source code repositories, while a `webadmins` group might have permissions to manage web server configuration files.

**Sudo and Administrative Privileges**

`sudo` (superuser do) is a command that allows permitted users to execute a command as the superuser or another user, as specified by the security<sup>1</sup> policy (typically configured in the `/etc/sudoers` file). When a user prepends `sudo` to a command, they are prompted for *their own* password. If authenticated and authorized by the `sudoers` policy, the command is executed with elevated privileges.

The `sudoers` file defines which users or groups can run which commands, on which hosts, and as which users. It supports fine-grained control over administrative privileges. Editing this file should always be done using the `visudo` command, which locks the `sudoers` file and checks for syntax errors before saving, preventing lockout situations.

Example `/etc/sudoers` entry:

```bash
# User privilege specification
root    ALL=(ALL:ALL) ALL

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow user 'jdoe' to run the 'apt update' command
jdoe    ALL=(ALL) /usr/bin/apt update
```

**Alternatives to Sudo (**`doas`, `sudo-rs`)

While `sudo` is widely adopted, alternatives exist, often with a focus on simplicity or security.

`doas` (do as) is a utility originating from OpenBSD. It aims to be a simpler and more lightweight alternative to `sudo`. Its configuration file, `doas.conf` (typically in `/etc/doas.conf`), is known for its straightforward syntax.

Example `doas.conf` entry:

```bash
permit nopass userx as root cmd /sbin/reboot
permit :wheel
```

The first line allows `userx` to run `/sbin/reboot` as root without a password. The second line permits all users in the `wheel` group to execute commands as root (they will be prompted for their password).

`sudo-rs` is a more recent project, written in Rust, with a focus on memory safety and security. It aims to be a drop-in replacement for `sudo` in many common use cases while providing a more secure implementation due to Rust's language features that prevent common vulnerabilities like buffer overflows. It also reads the standard `/etc/sudoers` file. The primary motivation behind `sudo-rs` is to reduce the attack surface associated with a setuid root binary like `sudo`.

The choice between `sudo` and its alternatives often depends on specific security requirements, desired configuration complexity, and system philosophy.