Objectives
What the exam tests
- Access a shell prompt and issue commands with correct syntax
- Use input/output redirection (
>,>>,|,2>, etc.) - Use grep and regular expressions to analyze text
- Access remote systems using SSH
- Log in and switch users in multiuser targets
- Archive, compress, unpack, and uncompress files using tar, gzip, bzip2
- Create and edit text files using vi/vim
- Create, delete, copy, and move files and directories
- Create hard and soft (symbolic) links
- List, set, and change standard file permissions (ugo/rwx)
- Locate, read, and use system documentation (man, info, /usr/share/doc)
Coverage weight by topic
Shell & I/O
High
File operations
Very high
Permissions
Very high
Text tools
High
SSH / login
Medium
Archives
Medium
All exam tasks are hands-on in a live RHEL environment — there are no multiple-choice questions. Syntax precision is critical.
Shell and I/O redirection
I/O redirection operators
| Operator | Effect | Example |
|---|---|---|
> | Redirect stdout — overwrite | echo "hello" > file.txt |
>> | Redirect stdout — append | echo "more" >> file.txt |
2> | Redirect stderr only | ls /bad 2> err.txt |
&> | Redirect both stdout and stderr | cmd &> all.log |
2>&1 | Merge stderr into stdout stream | cmd > out.txt 2>&1 |
< | Redirect stdin from file | mail root < msg.txt |
| | Pipe stdout to next command | ps aux | grep httpd |
Read each exam task carefully — >> (append) vs > (overwrite) is a common trap that will fail the task silently.
SSH access and key management
# Connect to a remote host
ssh user@hostname
ssh -p 2222 user@hostname # non-default port
# Generate an RSA key pair
ssh-keygen -t rsa -b 4096
# Copy public key to remote host (enables key-based auth)
ssh-copy-id user@hostname
# Run a single command on a remote host without interactive login
ssh user@host "df -h"
Switching users
su - # switch to root with full login environment
su - username # switch to another user with their login env
sudo command # run a single command as root
sudo -i # open an interactive root shell via sudo
The - (dash) in su - loads the target user's full login environment including PATH. Without it, you inherit the current user's environment — always use the dash.
System documentation
man ls # manual page for ls
man -k keyword # search man page names (same as apropos)
man 5 passwd # open section 5 of man page (file formats)
info coreutils # GNU info pages (more detailed than man)
ls --help # built-in brief help for most commands
ls /usr/share/doc/ # extended documentation installed by packages
On the exam, man -k is essential when you know what you want to do but not the exact command name.
Files and directories
File and directory operations
# Create files and directories
touch file.txt
mkdir dir1
mkdir -p a/b/c # create nested directory tree
# Copy
cp file1 file2
cp -r dir1/ dir2/ # recursive — copies entire directory
cp -p file1 file2 # preserve timestamps and permissions
# Move / rename
mv oldname.txt newname.txt
mv file.txt /tmp/
# Delete
rm file.txt
rm -rf dir/ # force-remove directory tree (be careful!)
# List
ls -lah # long format, all files, human-readable sizes
ls -lt # sorted by modification time (newest first)
ls -ltr # oldest first (reversed)
Hard links vs symbolic links
Hard link
ln source.txt link.txt
- Shares the same inode as original
- Must be on the same filesystem
- Survives deletion of original file
- Cannot link directories
- No indication it is a link in
ls
Symbolic (soft) link
ln -s source.txt link.txt
- Separate inode — a pointer only
- Can span different filesystems
- Breaks if original is deleted
- Can link directories
- Shows
ltype inls -loutput
Archives and compression
# Create compressed archives
tar -czf archive.tar.gz dir/ # gzip (most common)
tar -cjf archive.tar.bz2 dir/ # bzip2 (better ratio, slower)
tar -cJf archive.tar.xz dir/ # xz (best ratio, slowest)
# Extract archives
tar -xzf archive.tar.gz # extract gzip
tar -xjf archive.tar.bz2 # extract bzip2
tar -xf archive.tar.xz # auto-detect compression
tar -xzf archive.tar.gz -C /tmp/ # extract to specific directory
# List contents without extracting
tar -tzf archive.tar.gz
Memory mnemonic — create · extract · table · file · zgzip · jbzip2 · Jxz · verbose · Cdirectory
Vim essential commands
| Key / command | Action |
|---|---|
i | Enter insert mode (before cursor position) |
a | Enter insert mode (after cursor position) |
o | Open new line below and enter insert mode |
Esc | Return to normal mode from any mode |
:w | Write (save) current file |
:q | Quit vim |
:wq or ZZ | Save and quit |
:q! | Quit without saving (force) |
dd | Delete (cut) current line |
yy | Yank (copy) current line |
p | Paste after cursor / below line |
/pattern | Search forward for pattern |
n / N | Jump to next / previous search match |
:%s/old/new/g | Global find and replace (all lines, all occurrences) |
u | Undo last action |
Ctrl+r | Redo |
gg | Go to first line |
G | Go to last line |
:set number | Show line numbers |
Text processing tools
grep and regular expressions
# Basic grep usage
grep "pattern" file.txt
grep -i "pattern" file.txt # case-insensitive
grep -r "pattern" /etc/ # recursive through directory
grep -v "pattern" file.txt # invert — lines NOT matching
grep -n "pattern" file.txt # show line numbers
grep -c "pattern" file.txt # count matching lines (not text)
grep -l "pattern" /etc/* # list filenames only
grep -E "pat1|pat2" file # extended regex — OR
grep -ri "PermitRoot" /etc/ # recursive + case-insensitive (common exam task)
| Regex | Meaning | Example |
|---|---|---|
. | Any single character | h.t matches hat, hit, hot |
* | Zero or more of preceding | ab*c matches ac, abc, abbc |
^ | Start of line | ^root lines starting with root |
$ | End of line | bash$ lines ending with bash |
[abc] | Character class | [aeiou] any vowel |
[^abc] | Negated class | [^0-9] non-digit |
\b | Word boundary (ERE) | \broot\b the word root only |
+ | One or more (ERE with -E) | ab+c abc, abbc (not ac) |
Essential text-processing commands
# View and paginate
cat file.txt
less file.txt # q=quit /=search G=end g=top
head -n 20 file.txt # first 20 lines
tail -n 20 file.txt # last 20 lines
tail -f /var/log/messages # follow live log output (Ctrl+C to stop)
# Sort and deduplicate
sort file.txt
sort -r file.txt # reverse sort
sort -n numbers.txt # numeric sort
sort -k2 file.txt # sort by second field
sort file.txt | uniq # remove duplicate adjacent lines
sort file.txt | uniq -c # count occurrences
# Count, cut, and transform
wc -l file.txt # count lines
wc -w file.txt # count words
cut -d: -f1 /etc/passwd # field 1, colon delimiter
cut -d: -f1,7 /etc/passwd # fields 1 and 7
# Stream editor — sed
sed 's/old/new/g' file.txt # replace all on stdout
sed -i 's/old/new/g' file.txt # edit file in place
sed -i '/^#/d' file.txt # delete comment lines
sed -n '5,10p' file.txt # print lines 5-10
File permissions
Understanding rwx permissions
# ls -l output anatomy:
-rwxr-xr-- 2 alice devs 4096 Apr 9 10:00 script.sh
│└─┬─┘└─┬─┘└─┬─┘
│ owner group others
└── file type: - file d dir l symlink c char b block
| Permission | Octal value | On a file | On a directory |
|---|---|---|---|
r — read | 4 | Read file contents | List contents with ls |
w — write | 2 | Modify or overwrite file | Create or delete files inside |
x — execute | 1 | Run as executable | Enter with cd, traverse |
chmod — changing permissions
# Symbolic mode (u=user g=group o=others a=all)
chmod u+x script.sh # add execute to owner
chmod g-w file.txt # remove write from group
chmod o=r file.txt # set others to read only
chmod a+r file.txt # add read for all (a = ugo)
chmod ug+rw,o-rwx shared.txt # multiple changes at once
# Octal mode — most common on exam
chmod 755 script.sh # rwxr-xr-x (public script)
chmod 644 config.txt # rw-r--r-- (config file)
chmod 700 private/ # rwx------ (private directory)
chmod 600 ~/.ssh/id_rsa # rw------- (SSH key requirement)
# Recursive — apply to all files in a tree
chmod -R 755 /var/www/html/
chown and chgrp — ownership
chown alice file.txt # change owner to alice
chown alice:devs file.txt # change owner AND group
chown :devs file.txt # change group only
chgrp devs file.txt # change group (alternative)
chown -R alice:devs /project/ # recursive ownership change
Only root can change file ownership. Regular users can only change the group to one they belong to.
Special permission bits
| Bit | Octal prefix | Effect | Example |
|---|---|---|---|
| SUID | 4xxx (e.g., 4755) | File runs with owner's UID regardless of who executes it | /usr/bin/passwd |
| SGID | 2xxx (e.g., 2755) | Files created in dir inherit dir's group; script runs as group | Shared project dir |
| Sticky | 1xxx (e.g., 1777) | Only file owner or root can delete the file in a shared dir | /tmp |
chmod u+s /usr/bin/myapp # set SUID
chmod g+s /shared/dir # set SGID
chmod +t /tmp/shared/ # set sticky bit
chmod 4755 /usr/bin/myapp # SUID + rwxr-xr-x in one step
SUID and SGID appear as s in place of x in ls -l. Sticky appears as t in the others execute position.
Common octal permission combinations
| Octal | Symbolic | Typical use |
|---|---|---|
777 | rwxrwxrwx | Avoid — world writable and executable |
755 | rwxr-xr-x | Standard scripts, web directories |
750 | rwxr-x--- | Scripts accessible only to group |
700 | rwx------ | Private executables, home dirs |
664 | rw-rw-r-- | Shared group-editable files |
644 | rw-r--r-- | Standard config files, web assets |
640 | rw-r----- | Sensitive config files |
600 | rw------- | Required SSH private keys, secrets |
400 | r-------- | Read-only archived files |
Cheat sheet
Most-tested commands — quick reference
List with details
ls -lahCopy recursively
cp -r src/ dst/Create nested dirs
mkdir -p a/b/cForce-remove tree
rm -rf dir/Tar create + gzip
tar -czf out.tar.gz dir/Tar extract
tar -xzf file.tar.gzTar list contents
tar -tzf file.tar.gzGrep recursive
grep -r "text" /etc/Grep case-insensitive
grep -i "text" fileGrep invert match
grep -v "skip" fileOctal 755
chmod 755 script.shOctal 644
chmod 644 file.txtChange owner+group
chown user:grp fileSymbolic link
ln -s /src /destHard link
ln source linkRedirect + merge stderr
cmd > f.log 2>&1Append to file
echo "txt" >> fileFollow log live
tail -f /var/log/messagesSed in-place replace
sed -i 's/a/b/g' fileCut field from file
cut -d: -f1 /etc/passwdCopy SSH public key
ssh-copy-id user@hostMan keyword search
man -k keywordSwitch to root
su -Vim global replace
:%s/old/new/gPermission quick-calc cheat
| r | w | x | Sum | Result |
|---|---|---|---|---|
| 4 | 2 | 1 | 7 | rwx — full access |
| 4 | 0 | 1 | 5 | r-x — read and execute |
| 4 | 2 | 0 | 6 | rw- — read and write |
| 4 | 0 | 0 | 4 | r-- — read only |
| 0 | 0 | 0 | 0 | --- — no access |
Combine three octal digits: owner | group | others. Example: 755 = owner(7=rwx) + group(5=r-x) + others(5=r-x)
Practice quiz
–
Question 1 of 6
Which command creates a gzip-compressed tar archive of a directory named data/ saved as backup.tar.gz?
The
-c flag creates, -z applies gzip compression, and -f names the output file. Option A uses -x (extract). Option D uses -j which is bzip2, not gzip.Question 2 of 6
You need to redirect both stdout and stderr from a command to a single file output.log. Which is correct?
cmd > output.log 2>&1 first redirects stdout to the file, then merges stderr into stdout. The order matters — reversing them sends stderr to the terminal, not the file. Equivalent shorthand: cmd &> output.log.Question 3 of 6
What octal chmod value sets rwxr-xr-x?
rwx = 4+2+1 = 7, r-x = 4+0+1 = 5, r-x = 5. Result: 755. This is the standard permission for public scripts and web server directories.
Question 4 of 6
Which command creates a symbolic link named current pointing to /opt/app-v2/?
ln -s target linkname creates a symbolic link. Without -s, Option A creates a hard link — which cannot link directories and cannot span filesystems. The cp and link commands do not support -s for this purpose.Question 5 of 6
You want to search all files under /etc for the string "PermitRootLogin" (case-insensitive). Which command is correct?
-r recurses into all subdirectories and -i makes the search case-insensitive. Option B misses subdirectories. Option C searches for a file named "PermitRootLogin", not for content containing that string.Question 6 of 6
Which vim command substitutes every occurrence of "foo" with "bar" on all lines of the current file?
:%s/foo/bar/g — the % address means "all lines", s is substitute, and the trailing g flag means all occurrences on each line. Without %, it only affects the current line. Without g, only the first match per line is replaced.