Linux Basics

— ny_wk

The Linux boot process is the chain of events that runs from the moment you press the power button until a login prompt appears: firmware self-test, boot loader, kernel, initramfs, and the first user-space process. Understanding each stage is the single most useful skill for a Linux system administrator, because almost every serious failure (no boot, kernel panic, dropped to a rescue shell) happens somewhere along this chain.

This guide walks the Linux boot process stage by stage, then covers the day-to-day administration tasks built on top of it: GRUB recovery, single-user mode, LVM, RAID, networking, and security. The source-era commands (RHEL 5/6, SysV init) are explained accurately and corrected where the legacy notes were wrong, with the modern systemd, UEFI, firewalld, and NetworkManager equivalents called out so the knowledge transfers to current RHEL 8/9, CentOS Stream, Rocky, AlmaLinux, and Ubuntu.

The Linux boot process, stage by stage

On a classic BIOS/MBR machine, six well-defined stages hand control to one another. Each stage does one job and then jumps to the next.

1. Firmware power-on and POST

When you press power, the power supply stabilises voltage and asserts a Power Good signal so the CPU comes out of reset. The CPU then begins executing from a fixed location in the firmware ROM. On legacy systems this is the BIOS; on modern hardware it is UEFI. The firmware runs POST (Power-On Self-Test) to verify RAM, CPU, and attached devices, then reads its configured boot order to decide which device to boot from.

Correction to a common myth: the source material claimed the reset vector lives at FFFF:0000h and POST is exclusively a BIOS feature. The classic x86 reset vector is actually FFFFFFF0h (the top of the address space). UEFI firmware also performs equivalent self-tests; "POST" is simply the traditional BIOS name for that phase.

2. Boot loader: MBR/GPT and GRUB

BIOS firmware reads the first sector of the chosen disk, the Master Boot Record (MBR). The MBR is exactly 512 bytes: 446 bytes of boot code, 64 bytes for the partition table (four primary entries), and a 2-byte 0x55AA signature. That code chain-loads GRUB (GRand Unified Bootloader). UEFI systems skip the MBR entirely and instead read a .efi boot loader file from the EFI System Partition, and they use a GPT partition table that is not limited to four primary partitions or 2 TB disks.

GRUB presents the menu where you choose a kernel. It understands filesystems, so it can read /boot/grub/grub.conf (GRUB Legacy) or /boot/grub2/grub.cfg (GRUB 2 on modern systems) and load the kernel plus the initial RAM disk.

3. Kernel and initramfs

GRUB loads the compressed kernel image (vmlinuz) and a temporary root filesystem image into memory. Older systems call this initrd (Initial RAM Disk); modern systems use initramfs. This image contains just enough drivers (storage controllers, RAID, LVM, encryption) for the kernel to find and mount the real root filesystem. Once the real root is mounted, the kernel launches the first user-space process.

4. PID 1: init or systemd

The first process always gets PID 1. On the RHEL 5/6 era this was /sbin/init (SysV init), driven by /etc/inittab and numbered runlevels. On RHEL 7+ and virtually all current distributions, PID 1 is systemd, which uses targets instead of runlevels.

5. Runlevels vs systemd targets

SysV ran startup scripts from /etc/rc.d/rcN.d/, where scripts beginning with S start at boot and K scripts kill on shutdown, ordered by the number that follows. systemd replaces this with parallelised unit files. The mapping is what you actually need to remember:

Set the default with the old /etc/inittab on SysV, or on systemd with systemctl set-default multi-user.target. Switch immediately with systemctl isolate graphical.target.

6. Login prompt

After all units for the active target start, you reach a login prompt (text getty or a graphical display manager). The boot is complete and the system is ready for work.

Fixing Linux boot process failures

Most boot incidents are recoverable from a rescue/recovery environment (boot the install media and choose rescue mode, which mounts the installed system under /mnt/sysimage). The chroot step makes that installed system your working root.

Boot into single-user (rescue) mode

To reset a forgotten root password or repair a broken service, drop to a minimal shell:

1. At the GRUB menu, press e to edit the selected entry.
2. GRUB Legacy / SysV: append single, 1, or init=/bin/bash to the kernel line.
3. GRUB 2 / systemd: append rd.break or systemd.unit=rescue.target to the line beginning with linux, then press Ctrl+X to boot.
4. Remount the root filesystem writable so you can make changes:

mount -o remount,rw /

On a modern rd.break shell the root is under /sysroot, so use mount -o remount,rw /sysroot, then chroot /sysroot. After changing a password on SELinux systems you must relabel: touch /.autorelabel before rebooting, or the new /etc/shadow context blocks login.

Reinstall a broken GRUB boot loader

If the MBR is wiped or GRUB will not load, boot rescue media and reinstall it:

1. chroot /mnt/sysimage
2. GRUB Legacy: grub-install /dev/sda
3. GRUB 2: grub2-install /dev/sda then regenerate the config with grub2-mkconfig -o /boot/grub2/grub.cfg

On UEFI you reinstall to the EFI partition rather than the MBR; the package and target differ by distro (for example grub2-install with an EFI target, or reinstalling the grub2-efi / shim packages).

Rebuild a missing initramfs

If the kernel boots but cannot mount root ("unable to mount root fs"), the initramfs may be missing required drivers. From the chroot:

Legacy: mkinitrd /boot/initrd-$(uname -r).img $(uname -r)
Modern: dracut --force /boot/initramfs-$(uname -r).img $(uname -r)

Storage administration: partitions, LVM, and RAID

Storage tasks are the bread and butter of sysadmin work, and they sit directly on top of the boot/kernel layer because the kernel must assemble them early.

Logical Volume Manager (LVM)

LVM stacks in three layers: physical volumes (PV) → volume group (VG) → logical volumes (LV). Its real value is online resizing without repartitioning.

1. Initialise disks as PVs: pvcreate /dev/sdb /dev/sdc
2. Pool them into a VG: vgcreate vgdata /dev/sdb /dev/sdc
3. Carve out an LV: lvcreate -L 200M -n lvweb vgdata
4. Make a filesystem: mkfs.ext4 /dev/vgdata/lvweb (or mkfs.xfs on RHEL 7+)
5. Mount and persist in /etc/fstab.

To grow an ext4 LV and its filesystem in one step: lvextend -r -L +200M /dev/vgdata/lvweb. The -r flag runs resize2fs for you. Important XFS caveat: XFS can only grow, never shrink — use xfs_growfs /mountpoint to expand it, and there is no shrink path. To shrink ext4 you must unmount, run e2fsck -f, resize2fs down first, then lvreduce — always shrink the filesystem before the volume to avoid data loss.

Software RAID with mdadm

A RAID 5 array needs at least three devices and survives one disk failure:

1. Create: mdadm --create /dev/md0 --level=5 --raid-devices=3 /dev/sdb1 /dev/sdc1 /dev/sdd1
2. Inspect: mdadm --detail /dev/md0 and cat /proc/mdstat
3. Simulate a failure: mdadm /dev/md0 --fail /dev/sdb1
4. Remove the bad disk: mdadm /dev/md0 --remove /dev/sdb1
5. Add a replacement to rebuild: mdadm /dev/md0 --add /dev/sde1

The source flag --raid-disk is wrong; the correct option is --raid-devices. Always save the assembly map with mdadm --detail --scan >> /etc/mdadm.conf so the array reassembles at boot.

Networking and remote access

Configure a static IP

On RHEL 6 you edited /etc/sysconfig/network-scripts/ifcfg-eth0 with BOOTPROTO=static, IPADDR, NETMASK, and ONBOOT=yes, then ran service network restart. On modern systems use NetworkManager: nmcli con mod eth0 ipv4.addresses 192.168.1.10/24 ipv4.method manual followed by nmcli con up eth0. Interface names are now predictable (for example enp0s3), not eth0.

Passwordless SSH login

Key-based authentication is more secure than passwords and is required for automation:

1. Generate a key pair: ssh-keygen -t ed25519 (ed25519 is preferred today; -t rsa -b 4096 if you need RSA).
2. Copy the public key to the target: ssh-copy-id user@server. This safely appends it to the remote ~/.ssh/authorized_keys with correct permissions.
3. Log in without a password: ssh user@server.

Restrict who may connect by editing /etc/ssh/sshd_config (for example AllowUsers) rather than relying only on the legacy hosts.allow/hosts.deny TCP wrappers, which are deprecated and removed in recent OpenSSH builds.

Security: firewall and SELinux

Firewall

RHEL 6 used iptables directly. For example, allow SSH only from a trusted subnet:

iptables -A INPUT -p tcp --dport 22 -s 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j DROP

RHEL 7+ uses firewalld, which is zone-based and persistent: firewall-cmd --permanent --add-service=ssh --zone=internal then firewall-cmd --reload. Both are front-ends to the kernel netfilter framework (nftables under the hood on current releases).

SELinux

SELinux enforces mandatory access control beyond standard file permissions. Check status with sestatus. Toggle modes with setenforce 0 (permissive) or setenforce 1 (enforcing), and set it permanently in /etc/selinux/config. View a file's context with ls -Z and fix one with chcon -t httpd_sys_content_t /var/www/html/index.html. Booleans toggle policy features, e.g. setsebool -P httpd_can_network_connect on. Never disable SELinux to "fix" a service — set the correct context instead.

Monitoring and routine sysadmin commands

These tools answer "why is this box slow?" in seconds:

• top / htop — live process and CPU/memory view.
• vmstat 1 — CPU, memory, paging, and block I/O over time.
• free -h — physical and swap memory usage in human units.
• iostat -xz 1 — per-device disk I/O and utilisation.
• uptime — load averages for the last 1, 5, and 15 minutes.
• ss -tunlp — listening ports and owning processes (the modern replacement for netstat).
• journalctl -xe — systemd's unified log; on SysV you read /var/log/messages instead.

For package and service management, the legacy service foo restart and chkconfig foo on become systemctl restart foo and systemctl enable foo. The legacy yum is now dnf on RHEL 8/9, with identical sub-commands.

Key Takeaways

• The Linux boot process is firmware (BIOS/UEFI + POST) → boot loader (MBR or EFI + GRUB) → kernel + initramfs → PID 1 (init or systemd) → target/runlevel services → login.
• The MBR is exactly 512 bytes (446 + 64 + 2); GPT and the EFI System Partition replace it on modern UEFI hardware.
• Most boot failures are fixed from rescue mode: chroot the installed system, then reinstall GRUB or rebuild the initramfs with dracut.
• Runlevels map cleanly to systemd targets (3 → multi-user, 5 → graphical, 1 → rescue); know both because real fleets mix old and new systems.
• Grow filesystems before volumes when extending, shrink the filesystem first when reducing, and never disable SELinux to mask a context problem.

Frequently Asked Questions

What are the stages of the Linux boot process in order?

Firmware (BIOS or UEFI) runs POST, the boot loader (GRUB from the MBR or EFI partition) loads the kernel and initramfs, the kernel mounts the real root filesystem, PID 1 (systemd or legacy init) starts, the active target or runlevel brings up services, and finally a login prompt appears.

What is the difference between BIOS/MBR and UEFI/GPT booting?

BIOS reads 512-byte boot code from the MBR and is limited to four primary partitions and 2 TB disks. UEFI reads a .efi boot loader from the EFI System Partition, uses the GPT partition table with far more partitions and larger disks, and supports Secure Boot. UEFI is standard on all modern hardware.

How do I reset a forgotten root password in Linux?

Boot to single-user/rescue mode by editing the GRUB entry (append rd.break on systemd or init=/bin/bash on legacy), remount root read-write, run passwd, and on SELinux systems run touch /.autorelabel before rebooting so the new shadow file gets relabelled.

What replaced runlevels and the service command in modern Linux?

systemd replaced SysV init. Runlevels became targets (runlevel 3 = multi-user.target, 5 = graphical.target), and service/chkconfig became systemctl (for example systemctl enable --now nginx).

If this deep-dive helped, subscribe to @explorenystream on YouTube for more Linux and system administration tutorials.