Glossary
A comprehensive glossary of Linux, system administration, networking, security, and DevOps terms you will encounter in this book and in the real world. Terms are listed alphabetically. Where a term is covered in depth in a specific chapter, the chapter number is noted.
ACL (Access Control List) -- An extension of traditional Unix file permissions that allows you to grant fine-grained access to specific users or groups beyond the standard owner/group/other model. Managed with getfacl and setfacl. (Chapter 6)
ACME (Automatic Certificate Management Environment) -- A protocol used by Let's Encrypt and other CAs to automate the issuance and renewal of TLS certificates. Tools like certbot and acme.sh implement this protocol. (Chapter 41)
Ansible -- An open source, agentless configuration management and automation tool. It connects to remote machines via SSH and executes tasks defined in YAML playbooks. (Chapter 68)
Apache (httpd) -- The Apache HTTP Server, one of the oldest and most widely used web servers. It uses a module-based architecture and is configured through .conf files and .htaccess overrides. (Chapter 46)
AppArmor -- A Linux Security Module that confines programs to a limited set of resources using per-program profiles. It is the default MAC system on Ubuntu and SUSE-based distributions. (Chapter 42)
ARP (Address Resolution Protocol) -- A protocol that maps IP addresses to MAC (hardware) addresses on a local network. When a machine knows an IP but not the MAC address, it broadcasts an ARP request. (Chapter 32)
Bash (Bourne Again Shell) -- The default interactive shell on most Linux distributions. It is a superset of the original Bourne shell (sh) with added features like command-line editing, job control, and scripting improvements. (Chapters 18-19)
Bastion Host (Jump Box) -- A hardened server that serves as the single entry point for SSH access to an internal network. All administrators connect to the bastion first, then jump to internal servers. Configured via ProxyJump in SSH config. (Chapter 36)
BGP (Border Gateway Protocol) -- The routing protocol that glues the internet together. Autonomous systems use BGP to exchange routing information and determine the best paths for traffic.
Btrfs (B-tree Filesystem) -- A modern copy-on-write filesystem for Linux that supports snapshots, subvolumes, compression, and built-in RAID. It is the default on openSUSE and Fedora workstation editions.
Bind Mount -- A way to mount a directory to another location in the filesystem, making the same content accessible from two paths. Created with mount --bind /source /target. Frequently used in container setups.
Block Device -- A device that reads and writes data in fixed-size blocks (sectors). Hard drives, SSDs, and USB drives are block devices. Represented in /dev/ as files like /dev/sda. (Chapter 7)
Boot Loader -- Software that loads the operating system kernel into memory at startup. GRUB2 is the most common boot loader on Linux systems. (Chapter 14)
Bridge -- A virtual or physical network device that connects two or more network segments at Layer 2 (data link layer). Linux bridges are commonly used in virtualization to give VMs access to the host network.
BSS (Block Started by Symbol) -- In the context of ELF binaries, the BSS segment contains uninitialized global variables. In wireless networking, a BSS is a set of stations communicating with an access point.
CA (Certificate Authority) -- An entity that issues digital certificates, vouching for the identity of the certificate holder. Let's Encrypt is the most widely used free CA. (Chapter 39)
Cgroup (Control Group) -- A Linux kernel feature that limits, accounts for, and isolates the resource usage (CPU, memory, I/O, network) of a collection of processes. Cgroups are a foundational building block of containers. (Chapter 62)
Character Device -- A device that reads and writes data one character (byte) at a time, without buffering. Terminals (/dev/tty), serial ports, and /dev/null are character devices.
Chroot -- A system call that changes the apparent root directory for a process and its children. It provides basic filesystem isolation but is not a full security boundary. Containers provide much stronger isolation.
CI/CD (Continuous Integration / Continuous Delivery) -- A set of practices where code changes are automatically built, tested, and deployed. Tools like Jenkins, GitLab CI, and GitHub Actions are common CI/CD platforms. (Chapter 69)
Container -- A lightweight, isolated environment that runs applications using the host kernel's namespaces and cgroups. Unlike virtual machines, containers share the host kernel and are much more efficient. Docker and Podman are common container runtimes. (Chapters 63-66)
Copy-on-Write (CoW) -- A resource management technique where copies of data share the same storage until one of them is modified. Used by fork(), container image layers, and filesystems like Btrfs and ZFS.
Cron -- A time-based job scheduler. Users define scheduled tasks in crontab files, and the cron daemon executes them at the specified times. (Chapter 24)
DAC (Discretionary Access Control) -- The traditional Unix permission model where the file owner decides who can access the file. The standard read/write/execute permissions for owner/group/others are DAC. Contrast with MAC (Mandatory Access Control). (Chapter 6)
Daemon -- A background process that runs without direct user interaction, typically started at boot. Examples: sshd, nginx, crond. The name comes from Greek mythology -- a daemon is a helpful spirit that works behind the scenes.
D-Bus -- A message bus system that provides a mechanism for inter-process communication on Linux. systemd, NetworkManager, and many desktop applications communicate via D-Bus.
DHCP (Dynamic Host Configuration Protocol) -- A network protocol that automatically assigns IP addresses, subnet masks, gateways, and DNS servers to devices on a network. (Chapter 32)
DNS (Domain Name System) -- The distributed hierarchical system that translates human-readable domain names (like example.com) into IP addresses. Often called "the phone book of the internet." (Chapter 31)
Docker -- An open source platform for building, shipping, and running applications in containers. It popularized containerization and introduced the Dockerfile and image layer concepts. (Chapter 63)
DPKG -- The low-level package manager for Debian-based systems. It installs, removes, and inspects individual .deb package files. APT builds on top of dpkg to handle dependencies. (Chapter 57)
ELF (Executable and Linkable Format) -- The standard binary format for executables, object code, shared libraries, and core dumps on Linux. When you compile a C program, the result is an ELF binary.
Environment Variable -- A named value in the shell's environment that is inherited by child processes. Common examples: PATH, HOME, USER, EDITOR. Set with export VAR=value. (Chapter 18)
Ephemeral Port -- A short-lived port number automatically assigned by the operating system for outbound connections. Typically in the range 32768-60999 on Linux.
etcd -- A distributed key-value store used as the backing store for Kubernetes cluster state. It uses the Raft consensus algorithm to maintain consistency across nodes.
ext4 (Fourth Extended Filesystem) -- The most widely used Linux filesystem. It supports journaling, files up to 16 TB, and volumes up to 1 EB. It is the default on most Debian/Ubuntu and RHEL-based distributions. (Chapter 7)
File Descriptor -- An integer that the kernel uses to identify an open file or I/O resource within a process. File descriptor 0 is stdin, 1 is stdout, and 2 is stderr. All I/O in Linux happens through file descriptors. (Chapter 56)
Firewall -- Software or hardware that filters network traffic based on rules. On Linux, the kernel's netfilter framework provides firewalling, configured via iptables, nftables, or frontends like ufw and firewalld. (Chapter 34)
Fork -- The system call that creates a new process by duplicating the calling process. The new process (child) is a copy of the parent. Nearly all process creation on Linux involves fork() followed by exec(). (Chapter 10)
FQDN (Fully Qualified Domain Name) -- The complete domain name for a specific host, including all parent domains up to the root. For example, web01.internal.example.com. is an FQDN.
FUSE (Filesystem in Userspace) -- A framework that lets non-privileged users create their own filesystems without modifying kernel code. SSHFS and rclone use FUSE.
Gateway -- A network device that routes traffic between different networks. The default gateway is the router that handles traffic destined for networks outside the local subnet. Configured with ip route add default via <gateway_ip>.
GID (Group ID) -- A numeric identifier for a group. The root group has GID 0. Defined in /etc/group. (Chapter 9)
GPT (GUID Partition Table) -- A modern disk partitioning scheme that replaces MBR. It supports up to 128 partitions, disks larger than 2 TB, and provides redundancy through a backup partition table at the end of the disk. (Chapter 7)
GNU -- A recursive acronym for "GNU's Not Unix." The GNU Project, started by Richard Stallman in 1983, created the userland tools (gcc, bash, coreutils, glibc) that, combined with the Linux kernel, form a complete operating system. (Chapter 1)
GRUB (Grand Unified Bootloader) -- The most common boot loader on Linux systems. GRUB2 loads the kernel and initial ramdisk (initrd/initramfs) and passes control to the kernel at boot time. (Chapter 14)
HAProxy -- A high-performance, open source TCP/HTTP load balancer and proxy server, widely used for distributing traffic across multiple backend servers. (Chapter 47)
Hardlink -- A directory entry that points to the same inode as another file. Both names are equally valid references to the same data on disk. Hardlinks cannot cross filesystem boundaries. (Chapter 8)
Hypervisor -- Software that creates and manages virtual machines. Type 1 (bare-metal) hypervisors like KVM run directly on hardware. Type 2 (hosted) hypervisors like VirtualBox run on top of an operating system. (Chapter 61)
ICMP (Internet Control Message Protocol) -- A network protocol used for diagnostic and error-reporting purposes. ping and traceroute use ICMP. (Chapter 32)
Initramfs (Initial RAM Filesystem) -- A temporary root filesystem loaded into memory during the boot process. It contains drivers and scripts needed to mount the real root filesystem. (Chapter 14)
Inode -- A data structure on a filesystem that stores metadata about a file (permissions, ownership, timestamps, block locations) but not the filename or the file's content. Every file has exactly one inode. (Chapter 8)
I/O Scheduler -- A kernel component that reorders and merges I/O requests to optimize disk performance. Modern Linux uses schedulers like mq-deadline, bfq, and none (for NVMe SSDs). (Chapter 54)
IPC (Inter-Process Communication) -- Mechanisms that allow processes to exchange data. Linux provides pipes, named pipes (FIFOs), message queues, shared memory, semaphores, signals, and Unix domain sockets. (Chapter 12)
iptables -- The traditional user-space tool for configuring the Linux kernel's netfilter packet filtering framework. Being gradually replaced by nftables on modern distributions. (Chapter 34)
Journald -- The systemd journal service that collects and stores log data from the kernel, services, and applications. Queried with journalctl. (Chapter 17)
Journaling (Filesystem) -- A technique where the filesystem writes changes to a log (journal) before applying them to the main data structures. If the system crashes, the journal can be replayed to restore consistency without a full filesystem check. ext4, XFS, and Btrfs all use journaling.
Kernel -- The core of the operating system. It manages hardware resources, provides system calls to applications, handles process scheduling, memory management, and device drivers. Linux refers specifically to the kernel created by Linus Torvalds. (Chapter 13)
Kernel Module -- A piece of code that can be loaded into or unloaded from the kernel at runtime, extending its functionality without requiring a reboot. Device drivers are commonly implemented as kernel modules. Managed with modprobe, lsmod, insmod, rmmod. (Chapter 60)
KVM (Kernel-based Virtual Machine) -- A Linux kernel module that turns Linux into a Type 1 hypervisor. Combined with QEMU for device emulation, it provides high-performance virtualization. (Chapter 61)
LDAP (Lightweight Directory Access Protocol) -- A protocol for accessing and maintaining distributed directory information services. Often used for centralized user authentication in enterprise environments.
Load Average -- A measure of the number of processes actively running or waiting to run on the CPU. Displayed by uptime, top, and w. The three numbers represent 1-minute, 5-minute, and 15-minute averages.
Logical Volume Manager (LVM) -- A device mapper framework that provides logical volume management for the Linux kernel. It allows you to resize, snapshot, and manage disk partitions flexibly. (Chapter 48)
Logrotate -- A utility that manages the automatic rotation, compression, and deletion of log files. Configured via /etc/logrotate.conf and drop-in files in /etc/logrotate.d/. Prevents log files from consuming all disk space.
Loopback Interface -- The virtual network interface lo with address 127.0.0.1 (IPv4) and ::1 (IPv6). Traffic sent to the loopback address stays on the local machine and never reaches the physical network.
LXC/LXD -- Linux Containers (LXC) is an OS-level virtualization method that runs multiple isolated Linux systems on a single host. LXD is a system container manager built on top of LXC, offering a better user experience. (Chapter 65)
MAC (Mandatory Access Control) -- A security model where the operating system enforces access policies that cannot be overridden by users. SELinux and AppArmor implement MAC on Linux. (Chapter 42)
MBR (Master Boot Record) -- A legacy disk partitioning scheme that stores the partition table and boot loader in the first 512 bytes of a disk. Supports up to 4 primary partitions and disks up to 2 TB. Being replaced by GPT.
Mount Point -- A directory in the filesystem where a storage device or partition is attached. When you mount /dev/sdb1 at /data, the contents of the partition become accessible at /data. (Chapter 7)
MTU (Maximum Transmission Unit) -- The largest packet size (in bytes) that can be sent over a network link without fragmentation. The default MTU for Ethernet is 1500 bytes. Jumbo frames use 9000 bytes.
NAT (Network Address Translation) -- A method of mapping private IP addresses to a public IP address for outbound internet traffic. Your home router almost certainly uses NAT.
Namespace -- A Linux kernel feature that isolates and virtualizes system resources for a group of processes.
Netfilter -- The kernel framework that provides packet filtering, network address translation, and packet mangling. It is the engine behind iptables, nftables, and firewalld. (Chapter 34) Types include PID, network, mount, UTS, IPC, user, and cgroup namespaces. Namespaces are a foundational building block of containers. (Chapter 62)
NFS (Network File System) -- A distributed filesystem protocol that allows a client machine to access files over a network as if they were local. (Chapter 49)
nftables -- The modern replacement for iptables, providing a simpler and more consistent syntax for configuring the Linux kernel's packet filtering framework. (Chapter 34)
Nginx -- A high-performance web server and reverse proxy. Known for its event-driven architecture, low memory footprint, and ability to handle many concurrent connections. (Chapters 44-45)
Nice Value -- A scheduling priority hint that ranges from -20 (highest priority) to 19 (lowest priority). A "nice" process (high nice value) yields CPU time to other processes. Set with nice and renice. (Chapter 10)
NTP (Network Time Protocol) -- A protocol for synchronizing clocks of computer systems over a network. chrony and systemd-timesyncd are common NTP clients on Linux. (Chapter 75)
OCI (Open Container Initiative) -- A set of standards for container image formats and runtimes. OCI ensures that container images built with Docker can run on Podman, containerd, or any other OCI-compliant runtime. (Chapter 63)
OOM Killer (Out-of-Memory Killer) -- A kernel mechanism that selects and kills processes when the system runs critically low on memory. Each process has an OOM score; the highest score gets killed first. (Chapter 53)
OpenSSL -- An open source toolkit that implements the SSL and TLS protocols and provides a general-purpose cryptography library. Used for generating certificates, testing TLS connections, and encrypting data. (Chapter 40)
OSI Model -- The Open Systems Interconnection model, a seven-layer conceptual framework for understanding network communication: Physical, Data Link, Network, Transport, Session, Presentation, Application. (Chapter 28)
Package Manager -- A tool that automates the installation, upgrade, configuration, and removal of software. APT (Debian/Ubuntu), DNF (Fedora/RHEL), and pacman (Arch) are common package managers. (Chapter 57)
Page Cache -- A kernel memory cache that stores recently read file data in RAM. When a program reads a file, the kernel keeps the data in the page cache so subsequent reads are served from memory instead of disk. This is why "available" memory in free is much more relevant than "free" memory. (Chapter 53)
PAM (Pluggable Authentication Modules) -- A framework that provides a flexible mechanism for authenticating users. It allows system administrators to configure authentication policies without changing individual applications.
Partition -- A logically distinct section of a physical disk. Each partition can contain a different filesystem. Managed with fdisk, parted, or gdisk. (Chapter 7)
PATH -- An environment variable containing a colon-separated list of directories that the shell searches when you type a command. If a command's executable is not in a directory listed in PATH, you must use its full path. (Chapter 18)
PID (Process ID) -- A unique numeric identifier assigned to every process by the kernel. PID 1 is the init system (typically systemd). The PID namespace allows containers to have their own PID numbering. (Chapter 10)
Pipe -- A mechanism for passing the output of one command as input to another. The | character creates an anonymous pipe. Named pipes (FIFOs) persist in the filesystem and are created with mkfifo. (Chapters 4, 12)
PKI (Public Key Infrastructure) -- The framework of policies, procedures, and technology used to manage digital certificates and public-key encryption. It enables trust relationships for TLS/SSL communication. (Chapter 39)
Podman -- A daemonless, rootless container engine compatible with Docker. It can run containers without requiring root privileges, improving security. (Chapter 64)
Port -- A 16-bit number (0-65535) that identifies a specific process or network service on a host. Well-known ports (0-1023) are reserved for standard services (22=SSH, 80=HTTP, 443=HTTPS). (Chapter 30)
POSIX (Portable Operating System Interface) -- A family of IEEE standards that define the API and shell/utility interface for Unix-like operating systems. POSIX compliance ensures portability across different Unix variants.
Process -- A running instance of a program. Each process has its own address space, file descriptors, and execution context. The kernel tracks processes using task structures. (Chapter 10)
Proxy -- An intermediary that sits between clients and servers. A forward proxy acts on behalf of clients (e.g., web proxy). A reverse proxy sits in front of servers (e.g., Nginx as a reverse proxy for application servers). (Chapter 45)
QEMU -- An open source machine emulator and virtualizer. When combined with KVM, it provides near-native performance virtualization. Standalone, it can emulate different CPU architectures. (Chapter 61)
RAID (Redundant Array of Independent Disks) -- A technology that combines multiple physical disks into a single logical unit for redundancy and/or performance. Common levels: RAID 0 (striping), RAID 1 (mirroring), RAID 5 (striping with parity), RAID 10 (mirroring + striping). (Chapter 48)
RAM (Random Access Memory) -- Volatile system memory used for running programs and caching data. The kernel manages RAM allocation and can use swap space on disk when RAM is exhausted. (Chapter 53)
Regex (Regular Expression) -- A pattern-matching language used to search, match, and manipulate text. Used extensively in grep, sed, awk, and virtually every programming language. (Chapter 20)
Reverse Proxy -- A server that sits in front of one or more backend servers and forwards client requests to them. It provides load balancing, SSL termination, caching, and security benefits. Nginx and HAProxy are common reverse proxies. (Chapter 45)
RPM (Red Hat Package Manager) -- The low-level package format and manager for Red Hat-based distributions. Individual .rpm files are managed by rpm; dependency resolution is handled by dnf (or the older yum). (Chapter 57)
Rsync -- A utility for efficiently synchronizing files between locations. It transfers only the changed parts of files (delta transfer), making it ideal for backups and remote file synchronization. (Chapter 50)
Runlevel -- A legacy System V init concept defining the state of the machine (e.g., 3 = multi-user with networking, 5 = graphical). In systemd, runlevels are replaced by targets (e.g., multi-user.target, graphical.target).
SATA (Serial ATA) -- A computer bus interface for connecting storage devices. SATA drives are the most common type of hard drive and SSD in consumer and server hardware.
Scheduler (Process) -- The kernel component that decides which process gets to run on the CPU next, and for how long. Linux uses the Completely Fair Scheduler (CFS), and newer kernels offer EEVDF (Earliest Eligible Virtual Deadline First). (Chapter 10)
Seccomp -- A Linux kernel security feature that restricts the system calls a process can make. Used by container runtimes and application sandboxes to reduce the attack surface. Docker applies a default seccomp profile to all containers.
Semaphore -- An IPC synchronization primitive that controls access to a shared resource. Counting semaphores allow N concurrent accessors; binary semaphores act like mutexes. (Chapter 12)
Shared Library -- A library file (.so on Linux) that is loaded into memory once and shared among multiple programs at runtime. This saves memory and disk space compared to static linking. Managed with ldconfig and ldd. (Chapter 59)
Shared Memory -- An IPC mechanism that allows multiple processes to access the same region of memory. It is the fastest form of IPC because data does not need to be copied between processes. (Chapter 12)
SELinux (Security-Enhanced Linux) -- A Linux Security Module that implements Mandatory Access Control. Developed by the NSA, it is the default MAC system on Red Hat-based distributions. Every file, process, and port has a security context (label). (Chapter 42)
Shell -- A command-line interpreter that provides the user interface to the operating system. Bash, Zsh, Fish, and Dash are common shells. The shell reads commands, interprets them, and executes them. (Chapter 4)
Signal -- A software interrupt delivered to a process to notify it of an event. Common signals: SIGTERM (graceful termination), SIGKILL (forced termination), SIGHUP (hangup/reload), SIGINT (Ctrl+C). (Chapter 11)
SMTP (Simple Mail Transfer Protocol) -- The standard protocol for sending email between mail servers. Common open source SMTP servers on Linux include Postfix and Exim.
Socket -- An endpoint for network communication. A socket is identified by an IP address and port number. Unix domain sockets provide IPC on the same machine using filesystem paths instead of network addresses.
SSH (Secure Shell) -- A cryptographic network protocol for secure remote login, command execution, and file transfer. OpenSSH is the standard implementation on Linux. (Chapter 36)
SSL/TLS (Secure Sockets Layer / Transport Layer Security) -- Cryptographic protocols that provide secure communication over a network. SSL is deprecated; TLS (1.2 and 1.3) is the current standard. Used for HTTPS, secure email, VPNs, and more. (Chapter 39)
Sticky Bit -- A special permission bit that, when set on a directory, prevents users from deleting files they do not own. /tmp has the sticky bit set (permission drwxrwxrwt). (Chapter 6)
Strace -- A diagnostic tool that traces the system calls made by a process. Invaluable for debugging "why is this program not working" problems. Usage: strace -p <pid> or strace <command>. (Chapter 10)
SUID (Set User ID) -- A special permission bit that, when set on an executable, causes it to run with the permissions of the file owner rather than the user who executes it. The passwd command uses SUID to write to /etc/shadow as root. (Chapter 6)
System Call (syscall) -- The interface between user-space applications and the kernel. When a program needs to access hardware, create a process, or open a file, it makes a system call. Common syscalls: open, read, write, fork, exec, mmap. (Chapter 13)
Subnet -- A logical subdivision of an IP network. Subnetting allows you to divide a large network into smaller, manageable segments. Defined by a subnet mask (e.g., 255.255.255.0 or /24). (Chapter 29)
Sudo -- A program that allows a permitted user to execute a command as the superuser or another user, as specified in /etc/sudoers. (Chapter 9)
Superblock -- A data structure on a filesystem that contains metadata about the filesystem itself: its size, block size, number of inodes, and other global properties. (Chapter 7)
Swap -- Disk space used as an extension of RAM. When physical memory is full, the kernel moves less-used pages to swap. Swap can be a dedicated partition or a swap file. (Chapter 53)
Symlink (Symbolic Link) -- A file that contains a reference (path) to another file or directory. Unlike hardlinks, symlinks can cross filesystem boundaries and link to directories. Created with ln -s. (Chapter 8)
Syslog -- A standard logging protocol and the traditional Linux logging system. Messages are categorized by facility (kern, auth, mail, etc.) and severity (emerg, alert, crit, err, warning, etc.). rsyslog and syslog-ng are common implementations. (Chapter 17)
Systemd -- The init system and service manager used by most modern Linux distributions. It manages the boot process, services, timers, mounts, and more. Controlled with systemctl and journalctl. (Chapters 15-16)
TCP (Transmission Control Protocol) -- A connection-oriented, reliable transport protocol. It guarantees ordered delivery of data and handles retransmissions. Used for HTTP, SSH, SMTP, and most internet traffic. (Chapter 30)
TLS (Transport Layer Security) -- See SSL/TLS above.
Target (systemd) -- A systemd unit type that groups other units and represents a system state. Targets replace the concept of runlevels. Common targets: multi-user.target (text mode), graphical.target (desktop), rescue.target (single-user recovery). (Chapter 15)
Terraform -- An open source infrastructure-as-code tool by HashiCorp. It uses declarative configuration files to provision and manage cloud and on-premises resources. (Chapter 67)
Tmpfs -- A temporary filesystem that resides in RAM (and swap). Data in tmpfs is lost on reboot. Often used for /tmp and /run.
TTL (Time to Live) -- In networking, a value in an IP packet header that limits the number of hops the packet can traverse. Each router decrements the TTL by 1; when it reaches 0, the packet is discarded. In DNS, TTL specifies how long a record should be cached.
TTY -- Historically a teletypewriter terminal. In modern Linux, TTY refers to terminal devices. Physical consoles are /dev/tty1 through /dev/tty6. Pseudo-terminals (used by SSH and terminal emulators) are /dev/pts/*.
Tunable -- A kernel parameter that can be adjusted at runtime via /proc/sys/ or sysctl. Tunables control network behavior, memory management, filesystem limits, and other kernel settings. (Chapter 13)
UDP (User Datagram Protocol) -- A connectionless transport protocol. It does not guarantee delivery, ordering, or duplicate protection, but has lower overhead than TCP. Used for DNS queries, NTP, video streaming, and VPNs. (Chapter 30)
UID (User ID) -- A numeric identifier for a user account. UID 0 is root. UIDs 1-999 are typically reserved for system accounts. Regular users start at UID 1000 on most distributions. (Chapter 9)
Umask -- A value that determines the default permissions for newly created files and directories. A umask of 022 means new files get 644 (rw-r--r--) and new directories get 755 (rwxr-xr-x). (Chapter 6)
Unix Domain Socket -- An IPC mechanism that uses filesystem paths instead of network addresses. Faster than TCP sockets for communication between processes on the same machine. Nginx, Docker, and systemd use Unix domain sockets extensively.
Ulimit -- A shell builtin that controls the resource limits for processes launched from the shell. Limits include maximum open files, stack size, and CPU time. Persistent limits are configured in /etc/security/limits.conf. (Chapter 56)
UUID (Universally Unique Identifier) -- A 128-bit identifier used to uniquely identify resources. In Linux, UUIDs are commonly used to identify filesystems and partitions (e.g., in /etc/fstab). View with blkid.
Vagrant -- An open source tool by HashiCorp for building and managing virtual machine environments. It uses Vagrantfiles (Ruby-based config files) to define reproducible VMs. (Appendix C)
Virtual Memory -- An abstraction that gives each process the illusion of having its own contiguous address space. The kernel maps virtual addresses to physical RAM (or swap) using page tables. This isolation is fundamental to process security and stability. (Chapter 53)
VFS (Virtual File System) -- An abstraction layer in the kernel that provides a uniform interface to different filesystem types. It allows programs to use open(), read(), write() regardless of whether the underlying filesystem is ext4, XFS, NFS, or procfs. (Chapter 8)
Vim -- A powerful, modal text editor that is available on virtually every Unix and Linux system. It descends from the original vi editor. Learning at least basic Vim navigation is essential for any Linux administrator. (Chapter 25)
VLAN (Virtual LAN) -- A technology that creates logically separate networks on the same physical infrastructure. VLANs use 802.1Q tagging to isolate traffic at Layer 2.
VPN (Virtual Private Network) -- A technology that creates an encrypted tunnel between two points over a public network. WireGuard and OpenVPN are popular open source VPN solutions on Linux. (Chapter 37)
WireGuard -- A modern, high-performance VPN protocol implemented as a Linux kernel module. It is simpler to configure than IPsec or OpenVPN and uses state-of-the-art cryptography. (Chapter 37)
Watchdog -- A timer-based mechanism (hardware or software) that reboots a system if the operating system becomes unresponsive. The Linux kernel supports hardware watchdogs via /dev/watchdog and software watchdogs through systemd.
XFS -- A high-performance journaling filesystem originally developed by SGI. It is the default filesystem on Red Hat-based distributions and excels at handling large files and parallel I/O. (Chapter 7)
YAML (YAML Ain't Markup Language) -- A human-readable data serialization format widely used in DevOps tooling. Ansible playbooks, Docker Compose files, Kubernetes manifests, and cloud-init configs all use YAML. Indentation-sensitive -- spaces only, never tabs.
yum (Yellowdog Updater, Modified) -- The legacy package manager for Red Hat-based distributions. It has been replaced by DNF on modern Fedora and RHEL systems, though the yum command often still works as an alias. (Chapter 57)
ZFS (Zettabyte File System) -- A combined filesystem and logical volume manager originally developed by Sun Microsystems. It provides built-in RAID, snapshots, compression, and data integrity verification. Available on Linux through the OpenZFS project, though licensing debates mean it is not included in the mainline kernel.
Zombie Process -- A process that has terminated but whose parent has not yet read its exit status (via wait()). It takes up a PID slot but no other resources. Shown as state Z in ps output. A large number of zombies indicates a bug in the parent process. (Chapter 10)
Zone (DNS) -- A portion of the DNS namespace managed by a specific organization or administrator. A zone file contains the DNS records (A, AAAA, MX, CNAME, NS, etc.) for a domain. (Chapter 31)
Zone (Firewall) -- In firewalld (used on RHEL-based systems), a zone is a named set of rules that define the trust level for network connections. Common zones include public, trusted, internal, and drop. (Chapter 34)
Zsh (Z Shell) -- An extended Bourne shell with many improvements over Bash, including better tab completion, spelling correction, and plugin support through frameworks like Oh My Zsh. It is the default shell on macOS and popular among power users on Linux.
This glossary covers the core terminology you will encounter throughout this book and in your career as a Linux professional. When you hit an unfamiliar term, check here first, then dive into the relevant chapter for the full story.