Complete CentOS Tutorial with Usage Examples

1. Introduction to CentOS

CentOS (Community Enterprise Operating System) is a Linux distribution that historically provided a free, community-supported, and functionally compatible alternative to Red Hat Enterprise Linux (RHEL). It was widely used for servers due to its stability, long-term support, and robustness.

While CentOS Linux (the traditional rebuild of RHEL) has ceased, it has been succeeded by **CentOS Stream**, which is an upstream development branch for RHEL. Despite this shift, understanding CentOS principles is crucial for anyone working with RHEL-based systems in enterprise environments.

Key Characteristics:

• Stability: Known for its long release cycles and stability, ideal for production servers.
• Enterprise-grade: Built on the same codebase as RHEL, inheriting its enterprise features.
• Community Support: Extensive community support through forums and documentation.
• Security-focused: Integrates strong security features like SELinux and Firewalld.
• RPM-based: Uses the RPM Package Manager, with `dnf` (or `yum` in older versions) as the front-end.

2. CentOS vs. RHEL vs. CentOS Stream

It's important to clarify the relationship between these distributions:

• Red Hat Enterprise Linux (RHEL): The flagship commercial Linux distribution from Red Hat. It's stable, well-tested, and comes with paid support and certifications.
• CentOS Linux (Historical): This was a downstream rebuild of RHEL. It took RHEL's source code, removed Red Hat branding, and released it as a free, community-supported OS. It was a binary-compatible clone of RHEL.
• CentOS Stream (Current): This is now the official upstream development branch for RHEL. It is a rolling release that sits *between* Fedora (bleeding edge) and RHEL (stable). Features and fixes land in CentOS Stream before they are incorporated into a future RHEL point release. It's more of a continuous delivery distribution than a point-release OS.

3. Installation Methods

CentOS (or CentOS Stream) is primarily used as a server OS, but can also be installed with a GUI for desktop use or learning.

• Virtual Machine (VM):
  • Recommended for learning: Safest way to experiment.
  • Download CentOS Stream ISO from centos.org/centos-stream/.
  • Use a hypervisor (e.g., VirtualBox, VMware Workstation Player) to create a new VM.
  • During installation, choose "Server with GUI" (for desktop experience) or "Server" (minimal CLI) as the "Software Selection."
• Bare Metal: Direct installation on physical server hardware.
• Dual Boot: Install alongside Windows/another OS.
• Cloud Instance: Deploy on cloud providers (AWS, Azure, GCP).

Basic Installation Steps (VM Graphical Install):

1. Boot your VM/computer from the CentOS Stream ISO.
2. Choose "Install CentOS Stream".
3. Select Language and Keyboard layout.
4. Installation Summary:
   • Installation Destination: Select your virtual disk and configure partitioning (automatic is usually fine for beginners).
   • Network & Host Name: Configure network interface (e.g., enable Ethernet, set hostname).
   • Software Selection: Crucial step! Choose your base environment:
     • `Server with GUI`: Installs GNOME desktop and graphical tools.
     • `Server`: Minimal installation, command-line only.
     • `Minimal Install`: Even smaller, basic command-line utilities.
   • Time & Date: Set your timezone.
   • KDUMP: Leave enabled (default).
   • Security Policy: Can apply a security profile (optional).
5. User Settings:
   • Root Password: Set a strong password for the `root` user.
   • User Creation: Create a standard user account (recommended). Check "Make this user administrator" if you want `sudo` privileges for this user.
6. Click **Begin Installation**.
7. After installation, **Reboot System**.
8. Log in with your created user account (or `root`). If you installed with GUI, you'll see the desktop.

4. Basic Linux Commands (CLI)

The command-line interface (CLI) is fundamental for managing CentOS. Open a "Terminal" application (if using GUI) or log in via SSH (if headless server).

• `pwd` (Print Working Directory): Shows your current directory.

  pwd

• `ls` (List): Lists files and directories.

  ls -l # Long format (details)
  ls -a # Show hidden files
  ls -lh # Human-readable sizes

• `cd` (Change Directory): Navigates between directories.

  cd /etc
  cd ~ # Home directory

• `mkdir` (Make Directory): Creates new directories.

  mkdir my_new_folder
  mkdir -p /opt/my_app/configs

• `rmdir` (Remove Directory): Deletes empty directories.

  rmdir empty_dir

• `touch`: Creates empty files or updates a file's timestamp.

  touch document.txt

• `cp` (Copy): Copies files or directories.

  cp source.txt destination.txt
  cp -r my_dir /tmp/

• `mv` (Move): Moves or renames files/directories.

  mv old_name.txt new_name.txt
  mv file.txt /archive/

• `rm` (Remove): Deletes files or directories.

  rm unwanted.txt
  rm -rf my_dangerous_folder # Force remove recursively (EXTREME CAUTION!)

• `cat` (Concatenate): Displays the content of files.

  cat /etc/os-release # Show OS information

• `less` / `more`: View file content page by page.

  less /var/log/messages

• `head` / `tail`: Display beginning/end of a file.

  tail -f /var/log/audit/audit.log # Follow a log file in real-time

• `echo`: Prints text to the terminal.

  echo "Hello, CentOS!"

• `man` (Manual): Displays documentation for a command.

  man dnf

• `sudo` (SuperUser Do): Executes a command with root privileges.

  sudo dnf update # Update package lists

5. Linux File System Hierarchy (FHS)

CentOS adheres to the Filesystem Hierarchy Standard (FHS), which defines a standardized directory structure for Linux systems.

• `/` (Root): The top-level directory. All other directories and files are located under it.
• `/bin`: Essential command binaries for all users.
• `/sbin`: Essential system binaries, typically for root or system administration.
• `/etc`: Host-specific system-wide configuration files (e.g., `/etc/fstab`, `/etc/ssh/sshd_config`).
• `/home`: Home directories for regular users (e.g., `/home/yourusername`).
• `/root`: The home directory for the `root` user.
• `/opt`: Optional application software packages, often for third-party software.
• `/usr`: User utilities and applications, including most commands, libraries, and documentation.
  • `/usr/bin`: Most user commands.
  • `/usr/local`: Locally installed software.
• `/var`: Variable data files, such as log files (`/var/log`), mail queues, and temporary files that persist across reboots.
• `/tmp`: Temporary files, usually deleted on system reboot.
• `/dev`: Special device files representing hardware.
• `/proc`: Virtual filesystem providing information about running processes and kernel state.
• `/sys`: Virtual filesystem providing access to kernel information and device drivers.
• `/boot`: Files needed to boot the operating system.
• `/media`: Mount points for removable media.
• `/mnt`: Temporarily mounted filesystems.
• `/run`: Runtime variable data (replaced `/var/run` in newer systems).

6. File Permissions and Ownership

Linux security relies heavily on file permissions and ownership to control access.

Permissions (Read, Write, Execute):

• `r` (Read): Can view content (file) or list contents (directory).
• `w` (Write): Can modify/delete content (file) or create/delete/rename files within (directory).
• `x` (Execute): Can run (file) or enter/traverse (directory).

Permission Categories:

• `u` (User/Owner): The file's owner.
• `g` (Group): The group that owns the file.
• `o` (Others): All other users.
• `a` (All): All categories.

Viewing Permissions (`ls -l`):

ls -l my_script.sh
# Example Output: -rwxr-xr-- 1 user group 1234 Jul 19 10:00 my_script.sh

Changing Permissions (`chmod`):

Can use symbolic mode or octal (numeric) mode.

• Octal (Numeric) Mode: `r=4`, `w=2`, `x=1`. Sum for each category.

  chmod 755 my_script.sh # Owner: rwx, Group: r-x, Others: r-x (-rwxr-xr-x)
  chmod 644 my_document.txt # Owner: rw-, Group: r--, Others: r-- (-rw-r--r--)
  chmod 700 my_private_key.pem # Only owner has full access

• Symbolic Mode:

  chmod u+x my_script.sh     # Add execute permission for owner
  chmod go-w my_document.txt # Remove write for group and others

Changing Ownership (`chown`, `chgrp`):

Requires `sudo`.

• `chown user:group file`: Change owner and group.

  sudo chown newuser:newgroup /opt/app/config.conf

• `chgrp group file`: Change only group ownership.

  sudo chgrp webadmin /var/www/html/index.html

7. User and Group Management

CentOS, like other Linux systems, supports multi-user environments.

User Accounts:

• `root`: The superuser (UID 0), with full administrative control.
• System users: Created for services/applications (UIDs typically 1-999).
• Normal users: Regular user accounts (UIDs typically 1000+).

Common Commands (requires `sudo` for management):

• `adduser`: Create a new user account. This command typically creates the home directory and sets up the default shell.

  sudo adduser newuser
  sudo passwd newuser # Set password for newuser

• `useradd`: A lower-level command than `adduser`. Doesn't create home directory or set password by default unless specified.

  sudo useradd -m -s /bin/bash newuser2 # Create home dir, set Bash shell

• `usermod`: Modify user account properties.

  sudo usermod -aG wheel newuser # Add newuser to 'wheel' group (grants sudo privileges on CentOS)
  sudo usermod -l new_name old_name # Change username

• `deluser` / `userdel`: Delete a user account.

  sudo userdel newuser         # Delete user, leave home directory
  sudo userdel -r newuser2     # Delete user and remove home directory

• `whoami`: Display current username.
• `id`: Display user and group IDs.

Groups:

• `groupadd`: Create a new group.

  sudo groupadd webdevs

• `groupdel`: Delete a group.

  sudo groupdel oldgroup

• `gpasswd`: Manage group members.

  sudo gpasswd -a newuser webdevs # Add newuser to webdevs group
  sudo gpasswd -d olduser webdevs # Remove olduser from webdevs group

• `groups`: List groups a user belongs to.

Configuration Files:

• `/etc/passwd`: User account information (no passwords).
• `/etc/shadow`: Encrypted user passwords and aging information (root-readable only).
• `/etc/group`: Group information.
• `/etc/gshadow`: Encrypted group passwords.
• `/etc/sudoers`: Defines which users/groups can use `sudo` (edit with `visudo` command for safety).

8. Package Management (DNF/YUM)

CentOS (and RHEL-based systems) uses the RPM Package Manager, with `dnf` (Dandified YUM) being the modern front-end for installing, updating, and removing software packages. Older CentOS 7 and earlier used `yum`.

Common `dnf` Commands:

• Update package lists (synchronize repositories):

  sudo dnf check-update # Check for available updates
  sudo dnf update       # Updates all installed packages

• Install packages:

  sudo dnf install httpd       # Install Apache HTTP Server
  sudo dnf install git nano vim # Install multiple packages

• Remove packages:

  sudo dnf remove httpd
  sudo dnf erase httpd # Same as remove

• Search for packages:

  dnf search php

• Show package details:

  dnf info httpd

• List installed packages:

  dnf list installed

• List available packages:

  dnf list available

• Install software groups:

  sudo dnf group list                # List available groups
  sudo dnf groupinstall "Development Tools" # Install a group of related packages

• Remove orphaned packages (autoremove):

  sudo dnf autoremove

• Clean package cache:

  sudo dnf clean all

9. Process Management

Managing running programs and tasks on your system.

• `ps` (Process Status): Displays information about running processes.

  ps aux            # Show all running processes (user, CPU, memory)
  ps -ef            # Show all processes in full format
  ps -p <PID>       # Show info for a specific Process ID

• `top`: Provides a real-time, dynamic view of running processes. Press q to quit.

  top

• `htop`: An interactive process viewer, more user-friendly than `top`. (Installable: `sudo dnf install htop`).

  htop

• `kill`: Sends a signal to a process to terminate it. Needs the Process ID (PID).

  kill <PID>       # Sends SIGTERM (graceful termination request)
  kill -9 <PID>    # Sends SIGKILL (forceful termination, cannot be ignored)

• `pkill` / `killall`: Kill processes by name.

  pkill firefox     # Kills all processes named firefox
  killall nginx     # Kills all processes named nginx

• `jobs`: Lists background jobs in the current shell session.
• `fg` (Foreground): Brings a background job to the foreground.
• `bg` (Background): Sends a suspended job to the background (use Ctrl + z to suspend first).
• `nohup command &`: Runs a command in the background, making it immune to terminal closure.

10. Service Management (systemd)

CentOS (and other RHEL-based systems) uses `systemd` to manage system services (daemons) and boot processes.

• `systemctl status <service_name>`: Check the status of a service.

  systemctl status httpd.service # Check Apache status
  # Output shows Active: (running), Loaded: (enabled/disabled), etc.

• `systemctl start <service_name>`: Start a service.

  sudo systemctl start httpd.service

• `systemctl stop <service_name>`: Stop a service.

  sudo systemctl stop httpd.service

• `systemctl restart <service_name>`: Restart a service.

  sudo systemctl restart httpd.service

• `systemctl enable <service_name>`: Enable a service to start automatically on boot.

  sudo systemctl enable httpd.service

• `systemctl disable <service_name>`: Disable a service from starting automatically on boot.

  sudo systemctl disable httpd.service

• `systemctl reload <service_name>`: Reload a service's configuration without full restart (if supported by the service).

  sudo systemctl reload httpd.service

• `systemctl list-units --type=service`: List all active services.
• `systemctl get-default`: Show the default target (boot mode: graphical or multi-user).
• `systemctl set-default graphical.target`: Set default boot to GUI.
• `systemctl set-default multi-user.target`: Set default boot to CLI.

11. Networking

CentOS uses `NetworkManager` or `systemd-networkd` for network configuration. Configuration files are typically in `/etc/sysconfig/network-scripts/`.

• `ip a` (IP Address): Displays network interface information. (Recommended over `ifconfig`).

  ip a # Shows interfaces like lo, eth0, ens33, etc.

• `ip route`: Displays the routing table.

  ip route show

• `ping`: Tests network connectivity.

  ping google.com

• `ss` (Socket Statistics): Displays network socket information (connections, listening ports). (Modern replacement for `netstat`).

  ss -tulnp # Show TCP/UDP listening ports with process info

• `nmcli` (NetworkManager CLI): Command-line tool for NetworkManager.

  nmcli device status # Show network device status
  nmcli connection show # Show active network connections
  nmcli device wifi list # Scan for Wi-Fi networks
  nmcli device wifi connect "SSID" password "PASSWD" # Connect to Wi-Fi

• Firewalld: CentOS uses `firewalld` as its default firewall management tool.

  sudo systemctl status firewalld # Check firewall status
  sudo systemctl start firewalld   # Start firewall
  sudo systemctl enable firewalld  # Enable firewall on boot
  sudo firewall-cmd --permanent --add-service=http # Allow HTTP traffic permanently
  sudo firewall-cmd --reload # Apply changes

• Network Configuration Files:
  • `/etc/sysconfig/network-scripts/ifcfg-<interface_name>`: Per-interface configuration (e.g., `ifcfg-eth0`).
  • `/etc/resolv.conf`: DNS resolver configuration.

# Example ifcfg-eth0 for static IP:
# Use 'sudo nano /etc/sysconfig/network-scripts/ifcfg-eth0' or 'sudo vi /etc/sysconfig/network-scripts/ifcfg-eth0'

# DEVICE=eth0
# BOOTPROTO=static
# ONBOOT=yes
# IPADDR=192.168.1.100
# NETMASK=255.255.255.0
# GATEWAY=1992.168.1.1
# DNS1=8.8.8.8
# DNS2=8.8.4.4

# After editing:
# sudo systemctl restart NetworkManager # Or network.service on older versions

12. Storage Management

Managing disk space, partitions, and file systems on CentOS.

• `df` (Disk Free): Reports file system disk space usage.

  df -h # Human-readable output

• `du` (Disk Usage): Estimates file space usage of files and directories.

  du -sh /var/log # Summarize size of /var/log

• `lsblk` (List Block Devices): Lists information about all block devices (disks, partitions).

  lsblk

• `fdisk` (Partition Disk): Command-line utility for disk partitioning. (Use with caution).

  sudo fdisk /dev/sda # Interactive partitioning tool

• `mkfs` (Make Filesystem): Builds a Linux file system on a device.

  sudo mkfs.xfs /dev/sdb1 # Format partition sdb1 with XFS (common on CentOS)

• `mount` / `umount`: Mounts/unmounts a file system.

  sudo mount /dev/sdb1 /mnt/data # Mount sdb1 to /mnt/data
  sudo umount /mnt/data # Unmount

• `/etc/fstab`: Configures filesystems to be mounted automatically at boot.
• LVM (Logical Volume Manager): Provides a flexible way to manage disk space, allowing dynamic resizing and snapshots. (More advanced topic).

  # Basic LVM commands (conceptual):
  sudo pvcreate /dev/sdb1       # Create Physical Volume
  sudo vgcreate myvg /dev/sdb1  # Create Volume Group
  sudo lvcreate -L 10G -n mylv myvg # Create Logical Volume
  sudo mkfs.xfs /dev/myvg/mylv  # Format LV
  sudo mount /dev/myvg/mylv /data # Mount LV

13. Shell Scripting Basics

Automate tasks by writing a series of commands in a file.

A. Creating a Script:

# Create a file named 'hello_centos.sh'
nano hello_centos.sh

# Add the following content:
#!/bin/bash
# This is a basic CentOS shell script

echo "Hello from CentOS!"
echo "Current date and time: $(date)"
echo "Disk usage of /home: $(df -h /home | awk 'NR==2{print $5}')"

B. Making Executable and Running:

chmod +x hello_centos.sh
./hello_centos.sh

C. Scripting Concepts:

• Variables: `NAME="World"`, `echo "Hello, $NAME"`.
• Input/Output: `echo`, `read`.
• Conditionals (`if`, `elif`, `else`): `if [[ $NUM -gt 10 ]]; then ... fi`.
  • String: `==`, `!=`, `<`. Numeric: `-eq`, `-ne`, `-gt`, `-lt`. File: `-f`, `-d`, `-e`.
• Loops (`for`, `while`): `for i in {1..3}; do ... done`. `while [[ $COUNT -lt 5 ]]; do ... done`.
• Functions: `my_func() { echo "Inside function"; }`.
• Command-line Arguments: `$0`, `$1`, `$#`, `$@`.
• Error Handling: `set -e` (exit on error), `set -x` (debug mode).
• Input/Output Redirection: `>`, `>>`, `2>`.
• Pipes (`|`): Chain commands together.

14. Text Editors (Nano, Vim)

You'll frequently use command-line text editors in CentOS, especially for configuration files.

• Nano: User-friendly, intuitive, with on-screen shortcuts. Great for beginners.

  nano /etc/nginx/nginx.conf

• Vim: Powerful, efficient modal editor with a steeper learning curve. Highly customizable.

  vim /etc/ssh/sshd_config

15. Security Best Practices (Firewall, SELinux)

CentOS integrates robust security features. Proper configuration is key.

• Keep System Updated: Regularly apply updates.

  sudo dnf update -y

• Strong Passwords & SSH Keys: Use strong, unique passwords. Enable SSH key-based authentication and disable password authentication for SSH.
• Firewalld: CentOS's default dynamic firewall.
  • `sudo systemctl status firewalld`
  • `sudo firewall-cmd --state`
  • `sudo firewall-cmd --permanent --add-service=http` (Allow HTTP)
  • `sudo firewall-cmd --permanent --add-port=8080/tcp` (Allow specific port)
  • `sudo firewall-cmd --reload` (Apply changes)
  • `sudo firewall-cmd --list-all` (List all rules)
• SELinux (Security-Enhanced Linux): A Mandatory Access Control (MAC) security module that adds an extra layer of security by enforcing access control policies for applications, files, and processes.
  • Modes:
    • `enforcing`: Enforces policies, denies violations. (Recommended for production).
    • `permissive`: Logs policy violations but does not deny them. (Good for troubleshooting).
    • `disabled`: SELinux is off. (Least secure, avoid).
  • Check status:

    sestatus

  • Change mode (temporarily):

    sudo setenforce 0 # Switch to Permissive
    sudo setenforce 1 # Switch to Enforcing

  • Change mode (permanently, edit config file):

    sudo nano /etc/selinux/config
    # Change SELINUX=enforcing to SELINUX=permissive or SELINUX=disabled
    # Reboot after changing this file for permanent effect.

  • Contexts: Files and processes have SELinux contexts. When troubleshooting "permission denied" errors, look for AVC (Access Vector Cache) denials in logs:

    sudo ausearch -c 'httpd' --raw | audit2allow -M mywebserver
    sudo semodule -i mywebserver.pp # Create and apply custom SELinux policy

• Disable Unnecessary Services: Reduce attack surface.
• Monitor Logs: Regularly review `/var/log/messages`, `/var/log/secure`, or use `journalctl`.

  journalctl -f # Follow all logs
  journalctl -u sshd.service # View SSH service logs

16. Desktop Environments (GUI - Optional)

If you installed CentOS Stream as "Server with GUI", it comes with the GNOME desktop environment. If you installed a minimal version and want to add a GUI:

1. Update your system:

   sudo dnf update -y

2. Install the "Server with GUI" group:

   sudo dnf groupinstall "Server with GUI" -y

3. Set the default target to graphical:

   sudo systemctl set-default graphical.target

4. Reboot your system:

   sudo reboot

5. Upon reboot, you should be greeted by the GNOME graphical login screen.
6. To install other lightweight GUIs like XFCE (from EPEL repository):

   sudo dnf install epel-release -y
   sudo dnf --enablerepo=epel group install "Xfce" -y
   echo "exec /usr/bin/xfce4-session" >> ~/.xinitrc
   sudo systemctl set-default graphical.target
   startx # Or reboot