Course 3 - Operating Systems

▶

1 · OS Navigation & The File System

Complete

Directory Structure

Windows uses drive letters (C:, D:, X:) to represent file systems. Each has its own root directory. Subdirectories are separated by backslashes (\).
Linux has a single root /. Everything — including mounted drives — lives under it. Paths use forward slashes (/).
Hidden files exist on both OSes. In Linux, any file starting with a dot (.bashrc) is hidden. In Windows, files have a hidden attribute.
Size vs Size on Disk — "size" is the actual data within the file; "size on disk" is the physical space occupied (always a multiple of the cluster size, so it can be larger).
Absolute paths start from the root (C:\Users\ or /home/user/). Relative paths are relative to the current directory (../Desktop).

PowerShell Commands (Windows)

Command	What it does
`ls <directory>`	List contents of a directory
`ls -Force <directory>`	Show all files including hidden
`pwd`	Print working directory (current location)
`cd ..`	Go up one directory level
`cd ~`	Go to home directory
`cd ..\Desktop`	Navigate to Desktop relative to parent
`mkdir`	Create a new directory
`mv`	Move or rename a file/folder
`rm`	Remove a file; `-Force` removes protected files
`history`	Show command history
`Get-Help <command>`	How to use a command
`Get-Help <command> -Full`	Full help with all parameters
`Get-Alias`	Show command aliases (e.g., ls → Get-ChildItem)

Bash Commands (Linux)

Command	What it does
`ls /`	List root directory
`ls -a`	Show all files including hidden (dot files)
`ls -l`	Long listing format (permissions, owner, size, date)
`ls -la`	Long listing including hidden files
`pwd`	Print working directory
`cd ..`	Go up one directory
`cd ~`	Go to home directory
`mkdir <name>`	Create a directory
`mv <src> <dst>`	Move or rename file/folder
`rm <file>`	Remove a file; `rm -r` removes a directory recursively
`cp <src> <dst>`	Copy a file
`man <command>`	Open the manual for a command
`<command> --help`	Quick flag reference for a command

File & Text Manipulation

Tool	OS	Purpose
`cat <file>`	Linux	Print file contents to the terminal
`head <file>`	Linux	Show the first 10 lines
`tail <file>`	Linux	Show the last 10 lines; `tail -f` follows live
`grep <pattern> <file>`	Linux	Search text with a pattern
`echo`	Both	Output text to terminal (Linux) / Write-Output (PS)
`sls` (Select-String)	Windows	PowerShell equivalent of grep

What character separates directories in a Windows path? What about Linux?
Which Linux command shows hidden files in a directory listing?
What is the difference between "size" and "size on disk" for a file?
Which PowerShell flag forces ls to show hidden files?
What is the Linux command to read a file's manual page?
How do absolute and relative paths differ?

Windows uses backslash (\); Linux uses forward slash (/).
ls -a — hidden files start with a dot (.) in Linux.
Size = actual data in the file. Size on disk = physical space used (always a multiple of the cluster/block size, so it's often larger).
ls -Force <directory>
man <command>
Absolute paths start from the root (e.g., /home/user/docs or C:\Users\). Relative paths are relative to the current directory (e.g., ../Desktop).

▶

2 · Users, Groups & Permissions

Complete

Key Concepts

Standard users can do day-to-day tasks. Admin users can install software, change system settings, and manage other accounts.
In Windows, an admin can manage multiple accounts from a domain — a centralized directory (Active Directory) for organizations.
In Linux, root is the superuser account with full system control. You use sudo to run a single command with root privileges without logging in as root directly.
UAC (User Account Control) on Windows prompts for confirmation when elevated privileges are needed — the Windows equivalent of sudo.

Windows User Management (PowerShell)

Command	Purpose
`Get-LocalUser`	List all local user accounts
`Get-LocalGroup`	List all local groups
`Get-LocalGroupMember`	Show members of a group
`net user <username> 'password'`	Change a user's password
`net user <username> *`	Change password interactively (hidden input)
`net user`	Show all users; `net` can do a lot of user management

Linux User Management

Command / File	Purpose
`sudo <command>`	Run a command as root (superuser do)
`adduser <username>`	Create a new user
`passwd <username>`	Set or change a password
`visudo`	Safely edit the sudoers file
`/etc/passwd`	File listing all users and their default shells/home dirs

File Permissions

Linux uses rwx permission bits for Owner, Group, and Others. Each set can be expressed as an octet: r=4, w=2, x=1. So chmod 755 = rwxr-xr-x.
chmod changes permission bits; chown changes ownership; chgrp changes group ownership.
Windows uses ACLs (Access Control Lists) — specifically DACLs (Discretionary ACLs) — to assign granular permissions (read, write, modify, full control) to users and groups.
icacls is the Windows CLI tool to view and modify file/folder permissions (equivalent to chmod/chown on Linux).

Octet	Binary	Permissions
7	111	rwx (read, write, execute)
6	110	rw- (read, write)
5	101	r-x (read, execute)
4	100	r-- (read only)
0	000	--- (no permissions)

What Linux command lets a standard user run a single command with root privileges?
What does chmod 644 mean? Who can do what?
What file in Linux lists all user accounts on the system?
What is the difference between an ACL and a DACL?
Which PowerShell command lists all local groups on a Windows machine?
In Linux, what numeric value represents "read + write + execute" for a permission octet?

sudo
Owner: rw- (6 = read+write); Group: r-- (4 = read only); Others: r-- (4 = read only). Owner can read/write; everyone else can only read.
/etc/passwd
An ACL (Access Control List) is the general concept of a list of permissions on an object. A DACL (Discretionary ACL) is the specific Windows implementation that lets the owner control who has access — "discretionary" because the owner decides.
Get-LocalGroup
7 (r=4 + w=2 + x=1 = 7)

▶

3 · Package Management & Software

Complete

Windows Software Installation

MSI files are Windows Installer packages — a standardized format that handles installation, repair, and removal. You can inspect them to see what they do and troubleshoot failures.
.exe installers are standalone executables — they may bundle their own installer logic and don't follow the MSI standard.
Appx packages are used by the Microsoft Store to distribute Universal Windows Platform (UWP) apps.
DLLs (Dynamic Link Libraries) are shared code libraries that multiple programs can use simultaneously. The .NET framework provides a common runtime for many Windows apps.
Enterprise tools: SCCM (System Center Configuration Manager) and Chocolatey let admins deploy and manage software across many machines at once.
When a new device is connected, Windows first queries the hardware ID to find the right driver.

Linux Package Management

Command	Purpose
`sudo apt update`	Refresh the list of available packages from repos
`sudo apt install <pkg>`	Install a package and its dependencies
`sudo apt remove <pkg>`	Remove a package
`sudo apt full-upgrade`	Upgrade all packages including the kernel
`dpkg -i <file.deb>`	Install a .deb package directly (no dependency resolution)
`dpkg -l`	List all installed packages

apt vs dpkg: apt is the high-level tool — it resolves dependencies and fetches packages from repos. dpkg is the low-level tool that actually installs/removes .deb files but doesn't handle dependencies automatically.

Drivers & Kernel Modules (Linux)

Hard drives appear as block device files: /dev/sda, /dev/sdb, /dev/sdc, etc. (a, b, c… for each drive).
Kernel modules are pieces of code that can be loaded/unloaded into the kernel at runtime without rebooting — used for drivers and other kernel extensions.
uname -r tells you the current kernel version.

Things to Know (Common Gotchas)

Appx packagesWhat Windows Store uses for UWP apps — not MSI or .exe

New device connectedWindows first queries the hardware ID before searching for drivers

apt full-upgradeUpgrades the whole system including the kernel (not just apt upgrade)

What is the difference between apt and dpkg?
What file format does the Microsoft Store use to distribute UWP apps?
What does Windows do first when a new device is connected?
What command shows you the current Linux kernel version?
Which Linux command would you use to upgrade the entire kernel, not just installed packages?
What is a DLL and why is it useful?

apt is high-level: it fetches packages from repos and resolves dependencies. dpkg is low-level: it installs/removes .deb files directly but won't automatically pull in missing dependencies.
Appx packages
Windows queries the hardware ID of the device to look up the appropriate driver.
uname -r
sudo apt full-upgrade
A DLL (Dynamic Link Library) is a shared code library that multiple programs can use at the same time. It avoids code duplication — instead of each app bundling the same code, they all share one copy loaded in memory.

▶

4 · Filesystems & Disk Management

Complete

Filesystem Types

Filesystem	OS	Notes
NTFS	Windows	Default for Windows. Supports large files, journaling, permissions, encryption. Can be read (not easily written) on Linux.
EXT4	Linux	Default for Linux. Readable only on Linux natively.
FAT32	Cross-platform	Readable and writable on all OSes. 4 GB max file size limit.
exFAT	Cross-platform	Like FAT32 but without the 4 GB file size limit. Common for USB drives.

Partitions & Partition Tables

A partition is a logically separated piece of a disk. A formatted filesystem on a partition is called a volume.
The partition table tells the OS how the disk is divided.
MBR (Master Boot Record) — older standard. Max disk size: 2 TB. Max 4 primary partitions.
GPT (GUID Partition Table) — modern standard. Supports disks larger than 2 TB and virtually unlimited partitions. Required by UEFI (the modern BIOS replacement).
UEFI is the default firmware today and uses GPT.

Windows Disk Tools

Tool / Command	Purpose
Disk Management (GUI)	Visual tool to create, format, and resize partitions
`diskpart`	CLI disk manager — interactive
`list disk`	(in diskpart) Show all disks
`select disk X`	(in diskpart) Select a disk to work on
`clean`	(in diskpart) Wipe all partitions from selected disk
`create partition primary`	(in diskpart) Create a new partition
`format FS=NTFS label=name quick`	(in diskpart) Format the partition as NTFS

Linux Disk Tools

Command	Purpose
`lsblk`	View all block devices and their filesystems
`parted -l`	List all disks and partition info
`sudo parted /dev/sdb`	Open interactive parted tool on a disk
`mkfs -t ext4 /dev/sdb1`	Format a partition (make filesystem)
`fdisk /dev/sda`	Interactive partition editor (older tool)
`mount /dev/sdb1 /mnt/data`	Mount a partition to a directory
`umount /mnt/data`	Unmount a partition
`/etc/fstab`	Config file for auto-mounting filesystems at boot (uses UUIDs)
`df -h`	Show disk free space across the whole machine (human readable)
`du -h`	Show disk usage for a directory (human readable)

Always use UUIDs (not device names like /dev/sdb) in /etc/fstab — device names can change between boots, UUIDs never do.

Virtual Memory & Swap

Virtual memory uses disk space to extend RAM when physical memory is full. The OS moves less-used pages to disk and back as needed.
Windows calls this the paging file (pagefile.sys). You can configure its size in System Properties.
Linux uses swap space — a dedicated partition (or file) on the hard drive.

Command	Purpose
`mkswap /dev/sdb2`	Format a partition as swap space
`swapon /dev/sdb2`	Enable the swap partition
`free -h`	Show RAM and swap usage

Filesystem Features

MFT (Windows)Master File Table — stores records for every file: name, timestamps, permissions, location, etc. Each record has a file record number.

Inode (Linux)The Linux equivalent of an MFT record — metadata about a file stored in an inode table. The filename points to an inode, not the data directly.

Symbolic (soft) linkPoints to another file's path/name. If the target is moved/deleted, the link breaks. Like Windows shortcuts.

Hard linkPoints directly to the inode (Linux) or MFT record (Windows). Survives if the original filename is deleted.

JournalingNTFS and ext4 log pending changes to a journal before committing them — enables recovery after a crash without full disk scan.

Data bufferA region of RAM used to temporarily hold data during writes. This is why you must properly unmount — to flush the buffer and avoid data corruption.

DefragmentationReorganizes fragmented files into contiguous blocks on spinning disks. Less benefit for SSDs — SSDs use TRIM to reclaim unused blocks instead.

Disk Health & Repair

Tool	OS	Purpose
`chkdsk /F <drive>`	Windows	Check disk for errors and fix them (`/F` flag)
`fsutil repair query <drive>`	Windows	Query self-healing status of NTFS volume
`fsck`	Linux	Manual filesystem check — must be run on unmounted filesystem or risk damage

Which filesystem is readable and writable on all operating systems (Windows, Mac, Linux)?
What are the key differences between MBR and GPT partition tables?
What is the difference between a symbolic link and a hard link?
Why should you always properly unmount a drive before removing it?
What is the Linux equivalent of Windows' MFT?
Which Linux command shows free disk space across the whole machine in a human-readable format?
What is the purpose of /etc/fstab and why should it use UUIDs instead of device names?

FAT32 (and exFAT for files larger than 4 GB).
MBR: max 2 TB disk size, max 4 primary partitions, older BIOS. GPT: supports 2 TB+, virtually unlimited partitions, required by UEFI (modern firmware).
A symbolic (soft) link points to a file's path/name — it breaks if the target is moved or deleted. A hard link points directly to the inode/data — it remains valid even if the original filename is deleted.
Because the OS uses a data buffer (RAM) to stage writes. Proper unmounting flushes the buffer to disk. Yanking the drive before flushing can corrupt the filesystem.
Inodes (stored in an inode table).
df -h
/etc/fstab defines which filesystems to mount automatically at boot and where. UUIDs are used instead of device names (like /dev/sdb) because device names can change between reboots (e.g., if you add another drive), while UUIDs always uniquely identify the same partition.

▶

5 · Processes, Services & Logs

Complete

Programs vs Processes

A program is a set of instructions stored on disk. A process is a program that is currently loaded and running in memory.
Every process gets a unique PID (Process ID) so the OS can track and manage it.
Daemon / background processes run without a user interface and stay running in the background (e.g., a web server, a print spooler).
On Windows boot, smss.exe (Session Manager) starts first, then csrss.exe (Client Server Runtime) which handles the GUI and command line.
On Linux, the kernel creates the init process (PID 1) at startup, which then starts all other processes. Linux processes follow a parent-child relationship; most terminate automatically when done.
Windows processes can operate independently of their parent process.

Viewing & Managing Processes

Command / Tool	OS	Purpose
Task Manager (`taskmgr.exe`)	Windows	GUI process viewer; find PIDs to use with taskkill
`tasklist`	Windows	CLI: list all running processes
`Get-Process`	Windows (PS)	PowerShell: list all processes
`taskkill /pid <PID>`	Windows	Terminate a process by PID
Process Explorer (`procexp.exe`)	Windows	Advanced Sysinternals tool; shows process tree; becomes parent when restarting processes
`ps`	Linux	Snapshot of current processes (PID, TTY, STAT, TIME)
`ps -ef`	Linux	Full details of all processes including hidden/background
`ps -ef \| grep <name>`	Linux	Find a process by name
`ls -l /proc`	Linux	See the process directory (each PID has a folder)
`kill <PID>`	Linux	Send SIGTERM to a process (asks it to clean up and exit)

ps STAT codes: R = running, S = interruptible sleep (waiting), T = stopped.

Process Signals (Linux)

Signal	Command	Effect
SIGINT	`Ctrl + C`	Interrupt — politely ask the process to stop (most popular)
SIGTERM	`kill <PID>`	Terminate — lets the process clean up before exiting
SIGKILL	`kill -KILL <PID>`	Force-kill immediately with no cleanup — last resort, can cause damage
SIGTSTP	`kill -TSTP <PID>` / `Ctrl+Z`	Suspend / pause the process
SIGCONT	`kill -CONT <PID>`	Continue a suspended process

Resource Monitoring

Command / Tool	OS	Purpose
Resource Monitor	Windows	Best way to track process CPU, memory, disk, and network usage
`Get-Process \| Sort-Object CPU -Descending \| Select-Object -First 3 -Property ID,ProcessName,CPU`	Windows (PS)	Show top 3 CPU-consuming processes
`top`	Linux	Live view of top processes; `%CPU` and `%MEM` are most useful columns
`htop`	Linux	Improved interactive version of top
`uptime`	Linux	Shows current time, system uptime, users logged in, and average CPU load
`lsof`	Linux	Lists open files and which processes are using them — useful for finding what's keeping a file locked

Load average (from uptime or top) shows how many processes are in the run queue averaged over 1, 5, and 15 minutes. A load of 1.0 on a single-core CPU means it's fully utilized.

Logging

Logs record events with timestamps: who did what, and when. They're essential for troubleshooting and security auditing.
Unix Epoch time — how logs often represent time: the number of seconds elapsed since midnight January 1, 1970 UTC.
Log rotation automatically archives old log files (compressed) and deletes very old ones to prevent logs from filling the disk.
Centralized logging aggregates logs from many systems into one location — important in enterprise environments.

Location / Tool	OS	What it contains
Event Viewer (`eventvwr.msc`)	Windows	GUI log viewer. "Windows Logs" = OS-level; "Application & Services Logs" = specific services (e.g., PowerShell)
`/var/log/`	Linux	Root directory for all system logs
`/var/log/syslog`	Linux	General catch-all log for everything
`/var/log/auth.log`	Linux	Security and authorization events (logins, sudo usage)
`/var/log/dmesg`	Linux	Kernel ring buffer / hardware messages (also via `dmesg` command)
`/var/log/kern.log`	Linux	Kernel messages
`tail -f /var/log/syslog`	Linux	Follow a log file live as it updates
`journalctl`	Linux (systemd)	Query the systemd journal; `journalctl -u <service>` for a specific service

Troubleshooting with logs: Start by searching for ERROR or CRIT keywords. Use timestamps to narrow the window. Look for root causes, not symptoms. Review from the bottom up for the most recent events. tail -f is great for watching a problem happen in real time.

What is PID 1 in Linux and what does it do?
What is the difference between SIGTERM and SIGKILL?
Which Linux command shows a live view of the top resource-consuming processes?
What does the STAT code S mean in ps output?
What does Ctrl+C send to a process?
Where does Linux store security and authorization logs?
What is Unix Epoch time?
Which command follows a log file live as it writes new entries?

The init process (PID 1) is the first process created by the kernel at boot. It's the parent of all other processes and is responsible for starting system services.
SIGTERM asks the process to terminate gracefully (it can clean up first). SIGKILL instantly forces the process to stop with no cleanup — it cannot be caught or ignored. Use SIGKILL only as a last resort.
top (or htop for an improved version)
S = interruptible sleep (the process is waiting for something, like user input or a file read to complete).
SIGINT (signal interrupt) — a polite request to stop the current process.
/var/log/auth.log
The number of seconds elapsed since midnight January 1, 1970 UTC. It's a universal timestamp format used in logs across Unix/Linux systems.
tail -f <logfile>

▶

6 · OS in Practice: Remote Access, Virtualization & Deployment

Complete

Remote Connections

Protocol / Tool	Purpose
SSH (Secure Shell)	Securely connect to a remote machine's command line over the network. Encrypted.
PuTTY	Free open-source SSH/Telnet client for Windows. GUI or CLI: `putty.exe -ssh user@ipaddress`
RDP (Remote Desktop Protocol)	Full graphical remote desktop — see and control the remote machine's desktop
`mstsc.exe`	Microsoft Terminal Services Client — the built-in Windows app for making RDP connections
SCP (Secure Copy)	Copies files between machines over SSH on Linux: `scp file user@host:/path`
`pscp.exe`	PuTTY's SCP implementation for Windows — same concept as Linux `scp`
Shared Folders (Windows)	Easier approach for sharing files with specific users on the local network

Enable remote connections on Windows via: right-click This PC → Properties → Remote Settings → allow Remote Desktop. Must be done as an admin.

Virtualization

A Virtual Machine (VM) is a software emulation of a computer that runs inside your real computer — complete with its own virtual CPU, RAM, hard drive, and network adapter.
You allocate a slice of your real hardware (e.g., 2 cores, 4 GB RAM, 50 GB disk) to the VM. Multiple VMs can run simultaneously.
VirtualBox is a popular free VM platform. Others include VMware and Hyper-V (built into Windows).
VMs are commonly used for testing, running a different OS, sandboxing, and server consolidation.

OS Deployment

Disk cloning makes an exact copy of an entire drive — useful for deploying a pre-configured OS image to many machines at once.
Disk-to-disk cloning: connect the source and target hard drives and copy directly.
Hard disk duplicator: hardware device that makes identical copies of drives without a computer.
Disk cloning software: copies drives using software running on the OS (e.g., Clonezilla, Acronis).
Network-initiated deployment: machines boot from the network (PXE boot) and receive their OS image from a deployment server — scales well in enterprise environments.
Linux dd command: low-level byte-for-byte copy. Use: dd if=/dev/sda of=/dev/sdb — copies one disk to another.
Flash drive distribution: distribute OS installers on USB drives.

Troubleshooting Windows

Before diving in, ask: Is the problem unique to this machine? Does it affect one user or all users? Is it related to a specific app?
Analyze Event Viewer logs — filter by error/warning. Search for error keywords related to the symptom.

Windows UpdateUpdate from Windows (patches, security fixes)

Hardware UpdateUpdate from the hardware manufacturer (drivers, firmware)

Disk CleanupRemove temp files and free up disk space

Defragment DisksReorganize HDD files for better performance (not needed for SSDs)

CHKDSKCheck disk for filesystem errors and fix them

Disk ManagementCreate/resize/format partitions

Event ViewerBrowse system and application logs (eventvwr.msc)

Registry EditorEdit Windows registry (regedit) — advanced, use with caution

msconfigSystem Configuration tool — manage startup items, boot options, services

Safe ModeBoot with minimal drivers/services — useful for diagnosing driver or software conflicts

What is the difference between SSH and RDP?
What Windows command-line tool creates RDP connections?
What is PuTTY and why is it useful on Windows?
What does the Linux dd command do and how would you use it to clone a disk?
What is the benefit of network-initiated OS deployment over disk cloning?
Which Windows tool would you open to browse system logs from the GUI?
What is Safe Mode and when would you use it?

SSH gives you a remote command line (text-only, very lightweight). RDP gives you a full graphical desktop — you can see and interact with the remote machine's GUI.
mstsc.exe (Microsoft Terminal Services Client)
PuTTY is a free, open-source SSH/Telnet client for Windows. Since Windows doesn't have a built-in SSH client in older versions, PuTTY lets you connect to Linux/Unix machines securely from Windows. It also supports SCP via pscp.exe.
dd is a low-level byte-for-byte copy tool. To clone disk sda to sdb: dd if=/dev/sda of=/dev/sdb. (if = input file, of = output file)
Network-initiated deployment (PXE boot) scales much better — you can deploy OS images to hundreds of machines simultaneously from a central server without needing physical media or staff at each machine.
Event Viewer (eventvwr.msc)
Safe Mode boots Windows with only the minimum required drivers and services. Use it when Windows won't boot normally, or to isolate whether a problem is caused by a driver or third-party software (which won't load in Safe Mode).

▶

7 · What Actually Matters — Key Takeaways

Complete

The CLI — two languages, one concept

Everything in this course is navigating a tree, acting on files/processes/users, and reading output. The commands differ between Linux and Windows but the mental model is identical.

Action	Linux (bash)	Windows (PowerShell/cmd)
Where am I?	`pwd`	`cd` / `Get-Location`
List contents	`ls -la`	`dir` / `Get-ChildItem`
Move around	`cd path`	`cd path`
View file	`cat` / `less`	`type` / `Get-Content`
Find text	`grep -r "pattern"`	`Select-String`
Copy/Move	`cp` / `mv`	`copy` / `move`
Delete	`rm -rf`	`del` / `rm -Recurse`

Tab completion works in both environments. Use it constantly — it prevents typos in destructive commands and speeds everything up.

Permissions — the octet and the principle

The most important thing isn't memorizing modes — it's the underlying principle: grant the minimum permissions necessary to accomplish the task. Everything flows from that.

Linux octet recap: rwx = 4+2+1. Three octets: owner, group, others. chmod 755 = rwxr-xr-x (owner full, everyone else read+execute). chmod 644 = rw-r--r-- (owner read/write, everyone else read only). These two cover 90% of real use cases.
SUID/SGID are the exceptions to memorize: a SUID binary runs as its owner (often root) regardless of who executes it. This is how sudo and passwd work. A SUID root binary with a vulnerability = privilege escalation. Audit them periodically.
Windows ACLs are more granular than Linux DAC but the principle is the same: Deny beats Allow, permissions cascade down folders unless inheritance is broken. Use icacls or the Security tab to inspect.
sudo vs su: prefer sudo command over su -. It limits blast radius (only that command runs elevated), logs who ran what, and avoids leaving a root shell open.

Packages — trust the package manager

Package managers (apt, dnf, brew, winget, Chocolatey) handle dependency resolution, cryptographic verification, and clean upgrades. Manual installs from the internet bypass all of this.
Repositories are the trust boundary. Adding a third-party PPA or Chocolatey source means trusting that maintainer with code that runs as root on your machines. Vet sources carefully in enterprise environments.
The three commands you'll use 90% of the time on Debian/Ubuntu: apt update (refresh repo index), apt install (add package), apt upgrade (update installed packages). Run update before install.
Compiling from source (./configure && make && sudo make install) is sometimes necessary but leaves no clean uninstall path unless the software provides one. Use it as a last resort.

Filesystems — what matters in practice

Filesystem	Use when	Avoid when
ext4	Linux OS, data drives, VMs	Cross-platform USB shares
NTFS	Windows OS and data drives	Native Linux root partition
FAT32	USB drives that must work everywhere	Files > 4 GB
exFAT	Large files on cross-platform drives	Root partition (any OS)

Inodes: every file/directory is an inode. Running out of inodes (even with free disk space) causes "no space left on device" errors. Check with df -i.
Hard vs soft links: a hard link is another directory entry pointing to the same inode — deleting the original doesn't remove the data. A symlink is a pointer to a path — it breaks if the target moves.
Virtual filesystems (/proc, /sys, /dev) don't store anything on disk — they expose live kernel state. Reading /proc/cpuinfo doesn't read a file; it queries the kernel.

Processes & signals — discipline before force

Always try SIGTERM (15) before SIGKILL (9). SIGTERM lets the process clean up — flush buffers, release locks, close network connections. SIGKILL is instant but can leave corrupted state, dangling lock files, or incomplete writes.
Zombie ≠ orphan. A zombie has finished but its parent hasn't read its exit code (harmless, small PID table entry). An orphan's parent exited before it did — init/systemd adopts it (also harmless). Neither is a problem until you have hundreds of zombies, which signals a buggy parent process.
top / htop are for interactive diagnosis. For scripting or alerting, use ps aux | grep or pgrep.
On Windows, Task Manager → Details shows PID and parent. Services with "automatic" start type are the equivalent of Linux systemd units.

Logs — where truth lives

Linux auth /var/log/auth.log \cdot who logged in, sudo use, SSH attempts Linux kernel /var/log/kern.log \cdot hardware errors, OOM killer, driver issues Linux apps /var/log/syslog \cdot catch-all; systemd units log here unless overridden journalctl journalctl -u sshd -f \cdot follow a specific unit in real time Windows Event Viewer \to Windows Logs \to System / Application / Security

When troubleshooting, check logs before changing anything. The error is almost always in the log. Changing settings first and checking logs second is how you end up with two problems instead of one.

The bigger picture

The OS course is the practical foundation for everything that follows. System Administration (Course 4) is just this at scale — the same permissions model, the same package concepts, the same log files, applied across hundreds of machines using automation. Every command-line skill you build here compounds. The difference between a technician who can administer ten machines and one who can administer ten thousand is mostly automation fluency — and that starts with being comfortable at a CLI.