journalctl is a command-line utility for querying and displaying logs collected by systemd-journald, the systemd logging daemon. It gives you structured access to all system logs — kernel messages, service output, authentication events, and more — from a single interface.

This guide explains how to use journalctl to view, filter, and manage system logs.

journalctl Command Syntax #

The general syntax for the journalctl command is:

journalctl [OPTIONS] [MATCHES]

When invoked without any options, journalctl displays all collected logs starting from the oldest entry, piped through a pager (usually less). Press q to exit.

Only the root user or members of the adm or systemd-journal groups can read system logs. Regular users can view their own user journal with the --user flag.

Quick Reference #

For a printable quick reference, see the journalctl cheatsheet .

Viewing System Logs #

To view all system logs, run journalctl without any options:

journalctl

To show the most recent entries first, use the -r flag:

journalctl -r

To jump directly to the end of the log, use -e:

journalctl -e

To show the last N lines (similar to tail ), use the -n flag:

journalctl -n 50

To disable the pager and print directly to the terminal, use --no-pager:

journalctl --no-pager

Following Logs in Real Time #

To stream new log entries as they arrive (similar to tail -f), use the -f flag:

journalctl -f

This is one of the most useful options for monitoring a running service or troubleshooting an active issue. Press Ctrl+C to stop.

Filtering by Systemd Unit #

To view logs for a specific systemd service, use the -u flag followed by the unit name:

journalctl -u nginx

You can combine -u with other filters. For example, to follow nginx logs in real time:

journalctl -u nginx -f

To view logs for multiple units at once, specify -u more than once:

journalctl -u nginx -u php-fpm

To print the last 100 lines for a service without the pager:

journalctl -u nginx -n 100 --no-pager

For more on starting and stopping services, see how to start, stop, and restart Nginx and Apache .

Filtering by Time #

Use --since and --until to limit log output to a specific time range.

To show logs since a specific date and time:

journalctl --since "2026-02-01 10:00"

To show logs within a window:

journalctl --since "2026-02-01 10:00" --until "2026-02-01 12:00"

journalctl accepts many natural time expressions:

journalctl --since "1 hour ago"
journalctl --since "yesterday"
journalctl --since today

You can combine time filters with unit filters. For example, to view nginx logs from the past hour:

journalctl -u nginx --since "1 hour ago"

Filtering by Priority #

systemd uses the standard syslog priority levels. Use the -p flag to filter by severity:

journalctl -p err

The output will include the specified priority and all higher-severity levels. The available priority levels from highest to lowest are:

To view only warnings and above from the last hour:

journalctl -p warning --since "1 hour ago"

Filtering by Boot #

The journal stores logs from multiple boots. Use -b to filter by boot session.

To view logs from the current boot:

journalctl -b

To view logs from the previous boot:

journalctl -b -1

To list all available boot sessions with their IDs and timestamps:

journalctl --list-boots

The output will look something like this:

-2 abc123def456 Mon 2026-02-24 08:12:01 CET—Mon 2026-02-24 18:43:22 CET
-1 def456abc789 Tue 2026-02-25 09:05:14 CET—Tue 2026-02-25 21:11:03 CET
0 789abcdef012 Wed 2026-02-26 08:30:41 CET—Wed 2026-02-26 14:00:00 CET

To view logs for a specific boot ID:

journalctl -b abc123def456

To view errors from the previous boot:

journalctl -b -1 -p err

Kernel Messages #

To view kernel messages only (equivalent to dmesg ), use the -k flag:

journalctl -k

To view kernel messages from the current boot:

journalctl -k -b

To view kernel errors from the previous boot:

journalctl -k -p err -b -1

Filtering by Process #

In addition to filtering by unit, you can filter logs by process name, executable path, PID, or user ID using journal fields.

To filter by process name:

journalctl _COMM=sshd

To filter by executable path:

journalctl _EXE=/usr/sbin/sshd

To filter by PID:

journalctl _PID=1234

To filter by user ID:

journalctl _UID=1000

Multiple fields can be combined to narrow the results further.

Searching Log Messages #

To search log messages by a pattern, use the -g flag followed by a regular expression:

journalctl -g "failed"

To search within a specific unit:

journalctl -u ssh -g "invalid user"

You can also pipe journalctl output to grep for more complex matching:

journalctl -u nginx -n 500 --no-pager | grep -i "upstream"

Output Formats #

By default, journalctl displays logs in a human-readable format. Use the -o flag to change the output format.

To display logs with ISO 8601 timestamps:

journalctl -o short-iso

To display logs as JSON (useful for scripting and log shipping):

journalctl -o json-pretty

To display message text only, without metadata:

journalctl -o cat

The most commonly used output formats are:

Managing Journal Size #

The journal stores logs on disk under /var/log/journal/. To check how much disk space the journal is using:

journalctl --disk-usage

Archived and active journals take up 512.0M in the file system.

To reduce the journal size, use the --vacuum-size, --vacuum-time, or --vacuum-files options:

journalctl --vacuum-size=500M

journalctl --vacuum-time=30d

journalctl --vacuum-files=5

These commands remove old archived journal files until the specified limit is met. To configure a permanent size limit, edit /etc/systemd/journald.conf and set SystemMaxUse=.

Practical Troubleshooting Workflow #

When a service fails, we can use a short sequence to isolate the issue quickly. First, check service state with systemctl :

sudo systemctl status nginx

Then inspect recent error-level logs for that unit:

sudo journalctl -u nginx -p err -n 100 --no-pager

If the problem started after reboot, inspect previous boot logs:

sudo journalctl -u nginx -b -1 -p err --no-pager

To narrow the time window around the incident:

sudo journalctl -u nginx --since "30 minutes ago" --no-pager

If you need pattern matching across many lines, pipe to grep :

sudo journalctl -u nginx -n 500 --no-pager | grep -Ei "error|failed|timeout"

Troubleshooting #

“No journal files were found”
The systemd journal may not be persistent on your system. Check if /var/log/journal/ exists. If it does not, create it with mkdir -p /var/log/journal and restart systemd-journald. Alternatively, set Storage=persistent in /etc/systemd/journald.conf.

“Permission denied” reading logs
Regular users can only access their own user journal. To read system logs, run journalctl with sudo, or add your user to the adm or systemd-journal group: usermod -aG systemd-journal USERNAME.

-g pattern search returns no results
The -g flag uses PCRE2 regular expressions. Make sure the pattern is correct and that your journalctl version supports -g (available on modern systemd releases). As an alternative, pipe the output to grep.

Logs missing after reboot
The journal is stored in memory by default on some distributions. To enable persistent storage across reboots, set Storage=persistent in /etc/systemd/journald.conf and restart systemd-journald.

Journal consuming too much disk space
Use journalctl --disk-usage to check the current size, then journalctl --vacuum-size=500M to trim old entries. For a permanent limit, configure SystemMaxUse= in /etc/systemd/journald.conf.

FAQ #

What is the difference between journalctl and /var/log/syslog?
/var/log/syslog is a plain text file written by rsyslog or syslog-ng. journalctl reads the binary systemd journal, which stores structured metadata alongside each message. The journal offers better filtering, field-based queries, and persistent boot tracking.

How do I view logs for a service that keeps restarting?
Use journalctl -u servicename -f to follow logs in real time, or journalctl -u servicename -n 200 to view the most recent entries. Adding -p err will surface only error-level messages.

How do I check logs from before the current boot?
Use journalctl -b -1 for the previous boot, or journalctl --list-boots to see all available boot sessions and then journalctl -b BOOTID to query a specific one.

Can I export logs to a file?
Yes. Use journalctl --no-pager > output.log for plain text, or journalctl -o json-pretty > output.json for structured JSON. You can combine this with any filter flags.

How do I reduce the amount of disk space used by the journal?
Run journalctl --vacuum-size=500M to immediately trim archived logs to 500 MB. For a persistent limit, set SystemMaxUse=500M in /etc/systemd/journald.conf and restart the journal daemon with systemctl restart systemd-journald.

Conclusion #

journalctl is a powerful and flexible tool for querying the systemd journal. Whether you are troubleshooting a failing service, reviewing kernel messages, or auditing authentication events, mastering its filter options saves significant time. If you have any questions, feel free to leave a comment below.

PHP error reporting controls which errors are shown, logged, or silently ignored. Configuring it correctly is essential during development — where you want full visibility — and on production servers — where errors should be logged but never displayed to users.

This guide explains how to configure PHP error reporting using php.ini, the error_reporting() function, and .htaccess. If you are not sure which PHP version is active, first check it with the PHP version guide .

Quick Reference #

PHP Error Levels #

PHP categorizes errors into levels. Each level has a name (constant) and a numeric value. You can combine levels using bitwise operators to control exactly which errors are reported.

The most commonly used levels are:

• E_ERROR — fatal errors that stop script execution (undefined function, missing module)
• E_WARNING — non-fatal errors that allow execution to continue (wrong function argument, missing include)
• E_PARSE — syntax errors detected at parse time; always stop execution
• E_NOTICE — minor issues such as using an undefined variable; useful during development
• E_DEPRECATED — warnings about features that will be removed in future PHP versions
• E_ALL — all errors and warnings; recommended during development

For a full list of error constants, see the PHP error constants documentation .

Configure Error Reporting in php.ini #

The php.ini file is the main configuration file for PHP. Changes here apply globally to all PHP scripts on the server. After editing php.ini, restart the web server for the changes to take effect.

To find the location of your active php.ini file, run:

php --ini

Enable Error Reporting #

Open php.ini and set the following directives:

; Report all errors
error_reporting = E_ALL

; Display errors on the page (development only)
display_errors = On

; Display startup sequence errors
display_startup_errors = On

Log Errors to a File #

To write errors to a log file instead of displaying them, set:

; Disable displaying errors
display_errors = Off

; Enable error logging
log_errors = On

; Set the path to the log file
error_log = /var/log/php/error.log

Make sure the directory exists and is writable by the web server user. To create the directory:

sudo mkdir -p /var/log/php
sudo chown www-data:www-data /var/log/php

Recommended Development Configuration #

error_reporting = E_ALL
display_errors = On
display_startup_errors = On
log_errors = On
error_log = /var/log/php/error.log

Recommended Production Configuration #

error_reporting = E_ALL & ~E_DEPRECATED
display_errors = Off
display_startup_errors = Off
log_errors = On
error_log = /var/log/php/error.log

This reports all serious errors while suppressing deprecation notices, and logs everything without displaying anything to users.

Configure Error Reporting at Runtime #

You can override php.ini settings within a PHP script using the error_reporting() function and ini_set(). Runtime changes apply only to the current script.

To enable all errors at the top of a script:

<?php
ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
error_reporting(E_ALL);

To report all errors except notices:

<?php
error_reporting(E_ALL & ~E_NOTICE);

To suppress all error output (not recommended for debugging):

<?php
error_reporting(0);

Runtime configuration is useful during development when you do not have access to php.ini, but it should not replace proper server-level configuration on production systems.

Configure Error Reporting in .htaccess #

If you are on a shared hosting environment without access to php.ini, you can configure PHP error reporting via .htaccess (when PHP runs as an Apache module):

php_flag display_errors On
php_value error_reporting -1
php_flag log_errors On
php_value error_log /var/log/php/error.log

Using -1 for error_reporting enables all possible errors, including those added in future PHP versions.

View PHP Error Logs #

Once log_errors is enabled, errors are written to the file specified by error_log. To monitor the log in real time, use the tail -f command:

tail -f /var/log/php/error.log

If no error_log path is set, PHP writes errors to the web server error log:

• Apache: /var/log/apache2/error.log
• Nginx + PHP-FPM: /var/log/nginx/error.log and /var/log/php/php-fpm.log

For related service commands, see how to start, stop, or restart Apache and how to start, stop, or restart Nginx .

Troubleshooting #

Errors are not displayed even with display_errors = On
Confirm you are editing the correct php.ini file. Run php --ini or call phpinfo() in a script to see which configuration file is loaded and the current value of display_errors.

Changes to php.ini have no effect
The web server must be restarted after editing php.ini. For Apache, run sudo systemctl restart apache2. For Nginx + PHP-FPM, restart Nginx and your versioned PHP-FPM service (for example, sudo systemctl restart nginx php8.3-fpm).

No errors appear in the log file
Check that the log file path is writable by the web server user (www-data or nginx), and that log_errors = On is set in the active php.ini.

ini_set('display_errors', '1') has no effect
Fatal parse errors (E_PARSE) occur before any PHP code runs, so ini_set() cannot catch them. Enable display_errors in php.ini or .htaccess to see parse errors.

Error suppression operator @ hides errors
PHP’s @ prefix suppresses errors for a single expression. If errors from a specific function are missing from logs, check whether the call is prefixed with @.

FAQ #

What is the difference between display_errors and log_errors?
display_errors controls whether errors are output directly to the browser or CLI. log_errors controls whether errors are written to the error log file. On production, always set display_errors = Off and log_errors = On.

Which error_reporting level should I use?
Use E_ALL during development to catch every possible issue. On production, use E_ALL & ~E_DEPRECATED to log serious errors while suppressing deprecation notices that do not require immediate action.

How do I check the current error reporting level?
Call error_reporting() with no arguments: it returns the current bitmask as an integer. You can also check it in the output of phpinfo().

Can I log errors to a database instead of a file?
Not directly via php.ini. Use a custom error handler registered with set_error_handler() and set_exception_handler() to send errors to a database, email, or external logging service.

Where is php.ini located?
Run php --ini from the command line or add <?php phpinfo(); ?> to a script and load it in a browser. The “Loaded Configuration File” row shows the active path. Common locations are /etc/php/8.x/cli/php.ini (CLI) and /etc/php/8.x/apache2/php.ini (Apache).

Conclusion #

During development, set error_reporting = E_ALL and display_errors = On in php.ini to see all errors immediately. On production, set display_errors = Off and log_errors = On to log errors silently without exposing details to users.

Make changes in php.ini for permanent server-wide configuration, use error_reporting() and ini_set() for per-script overrides, or use .htaccess on shared hosting without php.ini access.

If you have any questions, feel free to leave a comment below.

The patch command applies a set of changes described in a diff file to one or more original files. It is the standard way to distribute and apply source code changes, security fixes, and configuration updates in Linux, and pairs directly with the diff command.

This guide explains how to use the patch command in Linux with practical examples.

Syntax #

The general syntax of the patch command is:

patch [OPTIONS] [ORIGINALFILE] [PATCHFILE]

You can pass the patch file using the -i option or pipe it through standard input:

patch [OPTIONS] -i patchfile [ORIGINALFILE]
patch [OPTIONS] [ORIGINALFILE] < patchfile

patch Options #

Create and Apply a Basic Patch #

The most common workflow is to use diff to generate a patch file and patch to apply it.

Start with two versions of a file. Here is the original:

print("Hello, World!")
print("Version 1")

And the updated version:

print("Hello, Linux!")
print("Version 2")

Use diff with the -u flag to generate a unified diff and save it to a patch file:

diff -u hello.py hello_new.py > hello.patch

The hello.patch file will contain the following differences:

--- hello.py 2026-02-21 10:00:00.000000000 +0100
+++ hello_new.py 2026-02-21 10:05:00.000000000 +0100
@@ -1,2 +1,2 @@
-print("Hello, World!")
-print("Version 1")
+print("Hello, Linux!")
+print("Version 2")

To apply the patch to the original file:

patch hello.py hello.patch

patching file hello.py

hello.py now contains the updated content from hello_new.py.

Dry Run Before Applying #

Use --dry-run to test whether a patch will apply cleanly without actually modifying any files:

patch --dry-run hello.py hello.patch

patching file hello.py

If the patch cannot be applied cleanly, patch reports the conflict without touching any files. This is useful before applying patches from external sources or when you are unsure whether a patch has already been applied.

Back Up the Original File #

Use the -b option to create a backup of the original file before applying the patch. The backup is saved with a .orig extension:

patch -b hello.py hello.patch

patching file hello.py

After running this command, hello.py.orig contains the original unpatched file. You can restore it manually if needed.

Strip Path Components with -p #

When a patch file is generated from a different directory structure than the one where you apply it, the file paths inside the patch may not match your local paths. Use -p N to strip N leading path components from the paths recorded in the patch.

For example, a patch generated with git diff will reference files like:

--- a/src/utils/hello.py
+++ b/src/utils/hello.py

To apply this patch from the project root, use -p1 to strip the a/ and b/ prefixes:

patch -p1 < hello.patch

-p1 is the standard option for patches generated by git diff and by diff -u from the root of a project directory. Without it, patch would look for a file named a/src/utils/hello.py on disk, which does not exist.

Reverse a Patch #

Use the -R option to undo a previously applied patch and restore the original file:

patch -R hello.py hello.patch

patching file hello.py

The file is restored to its state before the patch was applied.

Apply a Multi-File Patch #

A single patch file can contain changes to multiple files. In this case, you do not specify a target file on the command line — patch reads the file names from the diff headers inside the patch:

patch -p1 < project.patch

patch processes each file name from the diff headers and applies the corresponding changes. Use -p1 when the patch was produced by git diff or diff -u from the project root.

Quick Reference #

Troubleshooting #

Hunk #1 FAILED at line N.
The patch does not match the current content of the file. This usually means the file has already been modified since the patch was created, or you are applying the patch against the wrong version. patch creates a .rej file containing the failed hunk so you can review and apply the change manually.

Reversed (or previously applied) patch detected! Assume -R?
patch has detected that the changes in the patch are already present in the file — the patch may have been applied before. Answer y to reverse the patch or n to skip it. Use -N (--forward) to automatically skip already-applied patches without prompting.

patch: **** malformed patch at line N
The patch file is corrupted or not in a recognized format. Make sure the patch was generated with diff -u (unified format). Non-unified formats require the -c (context) or specific format flag to be passed to patch.

File paths in the patch do not match files on disk.
Adjust the -p N value. Run patch --dry-run -p0 < changes.patch first, then increment N (-p1, -p2) until patch finds the correct files.

FAQ #

How do I create a patch file?
Use the diff command with the -u flag: diff -u original.txt updated.txt > changes.patch. The -u flag produces a unified diff, which is the format patch works with by default. See the diff command guide for details.

What does -p1 mean?
-p1 tells patch to strip one leading path component from file names in the patch. Patches generated by git diff prefix file paths with a/ and b/, so -p1 removes that prefix before patch looks for the file on disk.

How do I undo a patch I already applied?
Run patch -R originalfile patchfile. patch reads the diff in reverse and restores the original content.

What is a .rej file?
When patch cannot apply one or more sections of a patch (called hunks), it writes the failed hunks to a file with a .rej extension alongside the original file. You can open the .rej file and apply those changes manually.

What is the difference between patch and git apply?
Both apply diff files, but git apply is designed for use inside a Git repository and integrates with the Git index. patch is a standalone POSIX tool that works on any file regardless of version control.

Conclusion #

The patch command is the standard tool for applying diff files in Linux. Use --dry-run to verify a patch before applying it, -b to keep a backup of the original, and -R to reverse changes when needed.

If you have any questions, feel free to leave a comment below.

dnf (Dandified YUM) is the default package manager on Fedora, RHEL, AlmaLinux, Rocky Linux, and other RPM-based distributions. It replaces the older yum package manager and provides faster dependency resolution, better performance, and a cleaner command interface.

Most dnf commands require root privileges, so you need to run them with sudo .

This guide explains the most common dnf commands for day-to-day package management.

Checking for Updates (dnf check-update) #

Before installing or upgrading packages, check which packages have updates available:

dnf check-update

The command lists all packages with available updates and returns exit code 100 if updates are available, or 0 if the system is up to date. This makes it useful in scripts.

Upgrading Packages (dnf upgrade) #

To upgrade all installed packages to their latest available versions, run:

sudo dnf upgrade

To refresh the repository metadata and upgrade in one step:

sudo dnf upgrade --refresh

To upgrade a single package:

sudo dnf upgrade package_name

To apply only security updates:

sudo dnf upgrade --security

Installing Packages (dnf install) #

To install a package, run:

sudo dnf install package_name

To install multiple packages at once, specify them as a space-separated list:

sudo dnf install package1 package2

To install a local RPM file, provide the full path:

sudo dnf install /full/path/package.rpm

dnf automatically resolves and installs all required dependencies.

To reinstall a package (for example, to restore corrupted files):

sudo dnf reinstall package_name

Removing Packages (dnf remove) #

To remove an installed package:

sudo dnf remove package_name

You can specify multiple packages separated by spaces:

sudo dnf remove package1 package2

The remove command also removes packages that depend on the one being removed.

Removing Unused Dependencies (dnf autoremove) #

When a package is removed, its dependencies may no longer be needed by any other package. To remove these orphaned dependencies:

sudo dnf autoremove

Searching for Packages (dnf search) #

To search for a package by name or description:

dnf search package_name

The command searches both package names and summaries. To search only in package names:

dnf search --names-only package_name

Package Information (dnf info) #

To display detailed information about a package, including its version, repository, size, and description:

dnf info package_name

This works for both installed and available packages.

Finding Which Package Provides a File (dnf provides) #

To find which package provides a specific file or command:

dnf provides /usr/bin/curl

This is useful when a command is missing and you need to know which package to install.

Listing Packages (dnf list) #

To list all installed packages:

dnf list installed

To list all available packages from enabled repositories:

dnf list available

To check whether a specific package is installed:

dnf list installed | grep package_name

To list packages that have updates available:

dnf list updates

Package Groups (dnf group) #

DNF organizes related packages into groups. To list all available groups:

dnf group list

To install a group (for example, “Development Tools”):

sudo dnf group install "Development Tools"

To remove a group:

sudo dnf group remove "Development Tools"

Module Streams (dnf module) #

DNF modules allow you to install specific versions (streams) of software. For example, you can choose between Node.js 18 or 20.

To list available modules:

dnf module list

To enable a specific module stream:

sudo dnf module enable nodejs:20

To install a module with its default profile:

sudo dnf module install nodejs:20

To reset a module to its default state:

sudo dnf module reset nodejs

Managing Repositories (dnf config-manager) #

The config-manager command is provided by the dnf-plugins-core package. Install it first if the subcommand is missing:

sudo dnf install dnf-plugins-core

To list all enabled repositories:

dnf repolist

To list all repositories, including disabled ones:

dnf repolist all

To enable a repository:

sudo dnf config-manager --set-enabled repo_id

To disable a repository:

sudo dnf config-manager --set-disabled repo_id

To show detailed information about a repository:

dnf repoinfo repo_id

Cleaning the Cache (dnf clean) #

DNF caches repository metadata and downloaded packages locally. To clear all cached data:

sudo dnf clean all

To rebuild the metadata cache:

sudo dnf makecache

Cleaning the cache is useful when you encounter stale metadata errors or want to free disk space.

Transaction History (dnf history) #

DNF records every transaction (install, upgrade, remove) in a history log. To view the transaction history:

dnf history

To see the details of a specific transaction:

dnf history info 25

To undo a transaction (revert the changes it made):

sudo dnf history undo 25

This is useful when an upgrade causes problems and you need to roll back.

Quick Reference #

For a printable quick reference, see the DNF cheatsheet .

Troubleshooting #

“Error: Failed to download metadata for repo”
The repository metadata is stale or the mirror is unreachable. Run sudo dnf clean all followed by sudo dnf makecache to refresh the cache. If the problem persists, check your network connection and the repository URL in /etc/yum.repos.d/.

“No match for argument: package_name”
The package does not exist in any enabled repository. Verify the package name with dnf search and check that the correct repository is enabled with dnf repolist.

Dependency conflict during upgrade
If a dependency conflict prevents an upgrade, review the error message carefully. You can retry with sudo dnf upgrade --allowerasing, but only after confirming which packages will be removed.

GPG key verification failed
The repository GPG key is not imported. DNF prompts you to accept the key during the first install from a new repository. If you need to import it manually, use sudo rpm --import KEY_URL.

Transaction undo fails
Not all transactions can be undone. If packages have been updated by later transactions, the undo may conflict. Check dnf history info ID for details and consider a manual rollback.

FAQ #

What is the difference between dnf and yum?
dnf is the successor to yum. It uses the same repository format and configuration files, but provides faster dependency resolution, better memory usage, and a more consistent command interface. On modern Fedora and RHEL systems, yum is a symlink to dnf.

Is dnf update the same as dnf upgrade?
Yes. dnf update is an alias for dnf upgrade. Both commands upgrade all installed packages to the latest available versions.

How do I install a specific version of a package?
Specify the version with a dash: sudo dnf install package_name-1.2.3. To list all available versions, use dnf --showduplicates list package_name.

How do I prevent a package from being upgraded?
Use the versionlock plugin: sudo dnf install dnf-plugin-versionlock, then sudo dnf versionlock add package_name. To remove the lock later, use sudo dnf versionlock delete package_name.

What is the equivalent of apt autoremove in dnf?
The equivalent is sudo dnf autoremove. It removes packages that were installed as dependencies but are no longer required by any installed package.

Conclusion #

dnf is the standard package manager for Fedora, RHEL, and RPM-based distributions. It handles installing, upgrading, removing, and searching packages, as well as managing repositories and module streams. To learn more, run man dnf in your terminal.

If you have any questions, feel free to leave a comment below.

The /etc/fstab file (filesystem table) is a system configuration file that defines how filesystems, partitions, and storage devices are mounted at boot time. The system reads this file during startup and mounts each entry automatically.

Understanding /etc/fstab is essential when you need to add a new disk, create a swap file , mount a network share , or change mount options for an existing filesystem.

This guide explains the /etc/fstab file format, what each field means, common mount options, and how to add new entries safely.

/etc/fstab Format #

The /etc/fstab file is a plain text file with one entry per line. Each line defines a filesystem to mount. Lines beginning with # are comments and are ignored by the system.

To view the contents of the file safely, use less :

less /etc/fstab

A typical /etc/fstab file looks like this:

# <file system> <mount point> <type> <options> <dump> <pass>
UUID=a1b2c3d4-e5f6-7890-abcd-ef1234567890 / ext4 errors=remount-ro 0 1
UUID=b2c3d4e5-f6a7-8901-bcde-f12345678901 /home ext4 defaults 0 2
UUID=c3d4e5f6-a7b8-9012-cdef-123456789012 none swap sw 0 0
tmpfs /tmp tmpfs defaults,noatime 0 0

Each entry contains six space-separated fields:

UUID=a1b2c3d4... /home ext4 defaults 0 2
[---------------] [---] [--] [------] - -
| | | | | |
| | | | | +-> 6. Pass (fsck order)
| | | | +----> 5. Dump (backup flag)
| | | +-----------> 4. Options
| | +------------------> 3. Type
| +-------------------------> 2. Mount point
+---------------------------------------------> 1. File system

Field Descriptions #

1. File system — The device or partition to mount. This can be specified as:

   • A UUID: UUID=a1b2c3d4-e5f6-7890-abcd-ef1234567890
   • A disk label: LABEL=home
   • A device path: /dev/sda1
   • A network path: 192.168.1.10:/export/share (for NFS)

   Using UUIDs is recommended because device paths like /dev/sda1 can change if disks are added or removed. To find the UUID of a partition, run blkid:

   Terminal

   sudo blkid

2. Mount point — The directory where the filesystem is attached. The directory must already exist. Common mount points include /, /home, /boot, and /mnt/data. For swap entries, this field is set to none.

3. Type — The filesystem type. Common values include:

   • ext4 — The default Linux filesystem
   • xfs — High-performance filesystem used on RHEL-based distributions
   • btrfs — Copy-on-write filesystem with snapshot support
   • swap — Swap partition or file
   • tmpfs — Temporary filesystem stored in memory
   • nfs — Network File System
   • vfat — FAT32 filesystem (USB drives, EFI partitions)
   • auto — Let the kernel detect the filesystem type automatically

4. Options — A comma-separated list of mount options. See the Common Mount Options section below for details.

5. Dump — Used by the dump backup utility. A value of 0 means the filesystem is not included in backups. A value of 1 means it is. Most modern systems do not use dump, so this is typically set to 0.

6. Pass — The order in which fsck checks filesystems at boot. The root filesystem should be 1. Other filesystems should be 2 so they are checked after root. A value of 0 means the filesystem is not checked.

Common Mount Options #

The fourth field in each fstab entry is a comma-separated list of mount options. The following options are the most commonly used:

• defaults — Uses the standard default options (rw, suid, dev, exec, auto, nouser, async). Some effective behaviors can still vary by filesystem and kernel settings.
• ro — Mount the filesystem as read-only.
• rw — Mount the filesystem as read-write.
• noatime — Do not update file access times. This can improve performance, especially on SSDs.
• nodiratime — Do not update directory access times.
• noexec — Do not allow execution of binaries on the filesystem.
• nosuid — Do not allow set-user-ID or set-group-ID bits to take effect.
• nodev — Do not interpret character or block special devices on the filesystem.
• nofail — Do not report errors if the device does not exist at boot. Useful for removable drives and network shares.
• auto — Mount the filesystem automatically at boot (default behavior).
• noauto — Do not mount automatically at boot. The filesystem can still be mounted manually with mount.
• user — Allow a regular user to mount the filesystem.
• errors=remount-ro — Remount the filesystem as read-only if an error occurs. Common on root filesystem entries.
• _netdev — The filesystem requires network access. The system waits for the network to be available before mounting. Use this for NFS, CIFS, and iSCSI mounts.
• x-systemd.automount — Mount the filesystem on first access instead of at boot. Managed by systemd.

You can combine multiple options separated by commas:

UUID=a1b2c3d4... /data ext4 defaults,noatime,nofail 0 2

Adding an Entry to /etc/fstab #

Before editing /etc/fstab, always create a backup:

sudo cp /etc/fstab /etc/fstab.bak

Step 1: Find the UUID #

Identify the UUID of the partition you want to mount:

sudo blkid /dev/sdb1

/dev/sdb1: UUID="d4e5f6a7-b8c9-0123-def0-123456789abc" TYPE="ext4"

Step 2: Create the Mount Point #

Create the directory where the filesystem will be mounted:

sudo mkdir -p /mnt/data

Step 3: Add the Entry #

Open /etc/fstab in a text editor :

sudo nano /etc/fstab

Add a new line at the end of the file:

UUID=d4e5f6a7-b8c9-0123-def0-123456789abc /mnt/data ext4 defaults,nofail 0 2

Step 4: Test the Entry #

Instead of rebooting, use mount -a to mount all entries in /etc/fstab that are not already mounted:

sudo mount -a

If the command produces no output, the entry is correct. If there is an error, fix the fstab entry before rebooting — an incorrect fstab can prevent the system from booting normally.

Verify the filesystem is mounted :

df -h /mnt/data

Common fstab Examples #

Swap File #

To add a swap file to fstab:

/swapfile none swap sw 0 0

NFS Network Share #

To mount an NFS share that requires network access:

192.168.1.10:/export/share /mnt/nfs nfs defaults,_netdev,nofail 0 0

CIFS/SMB Windows Share #

To mount a Windows/Samba share with a credentials file:

//192.168.1.20/share /mnt/smb cifs credentials=/etc/samba/creds,_netdev,nofail 0 0

Set strict permissions on the credentials file so other users cannot read it:

sudo chmod 600 /etc/samba/creds

USB or External Drive #

To mount a removable drive that may not always be attached:

UUID=e5f6a7b8-c9d0-1234-ef01-23456789abcd /mnt/usb ext4 defaults,nofail,noauto 0 0

The nofail option prevents boot errors when the drive is not connected. The noauto option prevents automatic mounting — mount it manually with sudo mount /mnt/usb when needed.

tmpfs for /tmp #

To mount /tmp as a temporary filesystem in memory:

tmpfs /tmp tmpfs defaults,noatime,size=2G 0 0

Quick Reference #

Troubleshooting #

System does not boot after editing fstab
An incorrect fstab entry can cause a boot failure. Boot into recovery mode or a live USB, mount the root filesystem, and fix or restore /etc/fstab from the backup. Always test with sudo mount -a before rebooting.

mount -a reports “wrong fs type” or “bad superblock”
The filesystem type in the fstab entry does not match the actual filesystem on the device. Use sudo blkid or lsblk -f to check the correct type.

Network share fails to mount at boot
Add the _netdev option to tell the system to wait for network availability before mounting. For systemd-based systems, x-systemd.automount can also help with timing issues.

“mount point does not exist”
The directory specified in the second field does not exist. Create it with mkdir -p /path/to/mountpoint before running mount -a.

UUID changed after reformatting a partition
Reformatting a partition assigns a new UUID. Run sudo blkid to find the new UUID and update the fstab entry accordingly.

FAQ #

What happens if I make an error in /etc/fstab?
If the entry references a non-existent device without the nofail option, the system may drop to an emergency shell during boot. Always use nofail for non-essential filesystems and test with sudo mount -a before rebooting.

Should I use UUID or device path (/dev/sda1)?
Use UUID. Device paths can change if you add or remove disks, or if the boot order changes. UUIDs are unique to each filesystem and do not change unless you reformat the partition.

What does the nofail option do?
It tells the system to continue booting even if the device is not present or cannot be mounted. Without nofail, a missing device causes the system to drop to an emergency shell.

How do I remove an fstab entry?
Open /etc/fstab with sudo nano /etc/fstab, delete or comment out the line (add # at the beginning), save the file, and then unmount the filesystem with sudo umount /mount/point.

What is the difference between noauto and nofail?
noauto prevents the filesystem from being mounted automatically at boot — you must mount it manually. nofail still mounts automatically but does not cause a boot error if the device is missing.

Conclusion #

The /etc/fstab file controls how filesystems are mounted at boot. Each entry specifies the device, mount point, filesystem type, options, and check order. Always back up fstab before editing, use UUIDs instead of device paths, and test changes with sudo mount -a before rebooting.

If you have any questions, feel free to leave a comment below.

A Linux distribution (or “distro”) is an operating system built on the Linux kernel, combined with GNU tools, libraries, and software packages. Each distro includes a desktop environment, package manager, and preinstalled applications tailored to specific use cases.

With hundreds of Linux distributions available, choosing the right one can be overwhelming. This guide covers the best Linux distributions for different types of users, from complete beginners to security professionals.

How to Choose a Linux Distro #

When selecting a Linux distribution, consider these factors:

• Experience level — Some distros are beginner-friendly, while others require technical knowledge
• Hardware — Older computers benefit from lightweight distros like Xubuntu and other Xfce-based systems
• Purpose — Desktop use, gaming, server deployment, or security testing all have ideal distros
• Software availability — Check if your required applications are available in the distro’s repositories
• Community support — Larger communities mean more documentation and help

Linux Distros for Beginners #

These distributions are designed with user-friendliness in mind, featuring intuitive interfaces and easy installation.

Ubuntu #

Ubuntu is the most popular Linux distribution and an excellent starting point for newcomers. Developed by Canonical, it offers a polished desktop experience with the GNOME environment and extensive hardware support.

Ubuntu comes in several editions:

• Ubuntu Desktop — Standard desktop with GNOME
• Ubuntu Server — For server deployments
• Kubuntu, Lubuntu, Xubuntu — Alternative desktop environments

Ubuntu releases new versions every six months, with Long Term Support (LTS) versions every two years receiving five years of security updates.

Website: https://ubuntu.com/

Linux Mint #

Linux Mint is an excellent choice for users coming from Windows. Its Cinnamon desktop environment provides a familiar layout with a taskbar, start menu, and system tray.

Key features:

• Comes with multimedia codecs preinstalled
• LibreOffice productivity suite included
• Update Manager for easy system maintenance
• Available with Cinnamon, MATE, or Xfce desktops

Website: https://linuxmint.com/

Pop!_OS #

Developed by System76, Pop!_OS is based on Ubuntu but optimized for productivity and gaming. It ships with the COSMIC desktop environment (built in Rust by System76), featuring built-in window tiling, a launcher for quick app access, and excellent NVIDIA driver support out of the box.

Pop!_OS is particularly popular among:

• Gamers (thanks to Steam and Proton integration)
• Developers (includes many development tools)
• Users with NVIDIA graphics cards

Website: https://pop.system76.com/

Zorin OS #

Zorin OS is a beginner-focused distribution designed to make the move from Windows or macOS easier. It includes polished desktop layouts, strong hardware compatibility, and a simple settings experience for new users.

Zorin OS is a strong option when you want:

• A familiar desktop layout with minimal setup
• Stable Ubuntu-based package compatibility
• Good out-of-the-box support for everyday desktop tasks

Website: https://zorin.com/os/

elementary OS #

elementary OS is a design-focused distribution with a macOS-like interface called Pantheon. It emphasizes simplicity, consistency, and a curated app experience through its AppCenter.

elementary OS is a good fit when you want:

• A clean, visually polished desktop out of the box
• A curated app store with native applications
• A macOS-like workflow on Linux

Website: https://elementary.io/

Lightweight Linux Distros #

These distributions are designed for older hardware or users who prefer a minimal, fast system.

Xubuntu #

Xubuntu combines Ubuntu’s reliability with the Xfce desktop environment, offering a good balance between performance and features. It is lighter than standard Ubuntu while remaining full-featured for daily desktop use.

Xubuntu is a practical choice when you need:

• Better performance on older hardware
• A traditional desktop workflow
• Ubuntu repositories and long-term support options

Website: https://xubuntu.org/

Lubuntu #

Lubuntu uses the LXQt desktop environment, making it one of the lightest Ubuntu-based distributions available. It is designed for very old or resource-constrained hardware where even Xfce feels heavy.

Lubuntu works well when you need:

• Minimal memory and CPU usage
• A functional desktop on very old hardware
• Access to Ubuntu repositories and LTS support

Website: https://lubuntu.me/

Linux Distros for Advanced Users #

These distributions offer more control and customization but require technical knowledge to set up and maintain.

Arch Linux #

Arch Linux follows a “do-it-yourself” philosophy, providing a minimal base system that users build according to their needs. It uses a rolling release model, meaning you always have the latest software without major version upgrades.

Key features:

• Pacman package manager with access to vast repositories
• Arch User Repository (AUR) for community packages
• Excellent documentation in the Arch Wiki
• Complete control over every aspect of the system

Website: https://archlinux.org/

EndeavourOS #

EndeavourOS is an Arch-based distribution that keeps the Arch philosophy while simplifying installation and initial setup. It is popular among users who want a near-Arch experience without doing a fully manual install.

EndeavourOS gives you:

• Rolling release updates
• Access to Arch repositories and AUR packages
• A cleaner onboarding path than a base Arch install

Website: https://endeavouros.com/

Fedora #

Fedora is a cutting-edge distribution sponsored by Red Hat. It showcases the latest open-source technologies while maintaining stability, making it popular among developers and system administrators.

Fedora editions include:

• Fedora Workstation — Desktop with GNOME
• Fedora Server — For server deployments
• Fedora Silverblue — Immutable desktop OS
• Fedora Spins — Alternative desktops (KDE, Xfce, etc.)

Many Red Hat technologies debut in Fedora before reaching RHEL, making it ideal for learning enterprise Linux.

Website: https://fedoraproject.org/

openSUSE #

openSUSE is a community-driven distribution known for its stability and powerful administration tools. It offers two main variants:

• openSUSE Leap — Regular releases based on SUSE Linux Enterprise
• openSUSE Tumbleweed — Rolling release with the latest packages

The YaST (Yet another Setup Tool) configuration utility makes system administration straightforward, handling everything from software installation to network configuration.

Website: https://www.opensuse.org/

Linux Distros for Gaming #

Gaming-focused distributions prioritize current graphics stacks, controller support, and compatibility with modern Steam and Proton workflows.

Bazzite #

Bazzite is an immutable Fedora-based desktop optimized for gaming and handheld devices. It ships with gaming-focused defaults and integrates well with Steam, Proton, and modern GPU drivers.

Bazzite is ideal when you want:

• A Steam-first gaming setup
• Reliable rollback and update behavior from an immutable base
• A distro tuned for gaming PCs and handheld hardware

Website: https://bazzite.gg/

Linux Distros for Servers #

These distributions are optimized for stability, security, and long-term support in server environments.

Debian #

Debian is one of the oldest and most influential Linux distributions. Known for its rock-solid stability and rigorous testing process, it serves as the foundation for Ubuntu, Linux Mint, Kali Linux, and many other distributions.

Debian offers three release channels:

• Stable — Thoroughly tested, ideal for production servers
• Testing — Upcoming stable release with newer packages
• Unstable (Sid) — Rolling release with the latest software

With over 59,000 packages in its repositories, Debian supports more hardware architectures than any other Linux distribution.

Website: https://www.debian.org/

Red Hat Enterprise Linux (RHEL) #

RHEL is the industry standard for enterprise Linux deployments. It offers:

• 10-year support lifecycle
• Certified hardware and software compatibility
• Red Hat Insights for predictive analytics
• Professional support from Red Hat

RHEL runs on multiple architectures including x86_64, ARM64, IBM Power, and IBM Z.

Website: https://www.redhat.com/

Rocky Linux #

After CentOS shifted to CentOS Stream, Rocky Linux emerged as a community-driven RHEL-compatible distribution. Founded by one of the original CentOS creators, it provides 1:1 binary compatibility with RHEL.

Rocky Linux is ideal for:

• Organizations previously using CentOS
• Production servers requiring stability
• Anyone needing RHEL compatibility without the cost

Website: https://rockylinux.org/

Ubuntu Server #

Ubuntu Server is widely used for cloud deployments and containerized workloads. It powers a significant portion of public cloud instances on AWS, Google Cloud, and Azure.

Features include:

• Regular and LTS releases
• Excellent container and Kubernetes support
• Ubuntu Pro for extended security maintenance
• Snap packages for easy application deployment

Website: https://ubuntu.com/server

SUSE Linux Enterprise Server (SLES) #

SUSE Linux Enterprise Server is designed for mission-critical workloads. It excels in:

• SAP HANA deployments
• High-performance computing
• Mainframe environments
• Edge computing

SLES offers a common codebase across different environments, simplifying workload migration.

Website: https://www.suse.com/products/server/

Linux Distros for Security and Privacy #

These distributions focus on security testing, anonymity, and privacy protection.

Kali Linux #

Kali Linux is the industry-standard platform for penetration testing and security research. Maintained by Offensive Security, it includes hundreds of security tools preinstalled.

Common use cases:

• Penetration testing
• Security auditing
• Digital forensics
• Reverse engineering

Website: https://www.kali.org/

Tails #

Tails (The Amnesic Incognito Live System) is a portable operating system designed for privacy and anonymity. It runs from a USB drive and routes all traffic through the Tor network.

Key features:

• Leaves no trace on the host computer
• All connections go through Tor
• Built-in encryption tools
• Amnesic by design (forgets everything on shutdown)

Website: https://tails.net/

Qubes OS #

Qubes OS takes a unique approach to security by isolating different activities in separate virtual machines called “qubes.” If one qube is compromised, others remain protected.

The Xen hypervisor runs directly on hardware, providing strong isolation between:

• Work applications
• Personal browsing
• Untrusted software
• Sensitive data

Website: https://www.qubes-os.org/

Parrot Security OS #

Parrot Security is a Debian-based distribution for security testing, development, and privacy. It is lighter than Kali Linux and can serve as a daily driver.

Parrot offers several editions:

• Security Edition — Full security toolkit
• Home Edition — Privacy-focused daily use
• Cloud Edition — For cloud deployments

Website: https://parrotsec.org/

Getting Started #

Once you have chosen a distro, the next steps are:

1. Download the ISO from the official website
2. Create a bootable USB drive — See our guide on creating a bootable Linux USB
3. Try it live before installing (most distros support this)
4. Install following the distro’s installation wizard

Quick Comparison #

FAQ #

Which Linux distro is best for beginners?
Ubuntu, Linux Mint, and Zorin OS are the best choices for beginners. Ubuntu has the largest community and most documentation, while Linux Mint and Zorin OS provide a familiar desktop experience.

Can I try a Linux distro without installing it?
Yes. Most distributions support “live booting” from a USB drive, allowing you to test the system without making any changes to your computer.

Is Linux free?
Most Linux distributions are completely free to download and use. Some enterprise distros like RHEL offer paid support subscriptions.

Can I run Windows software on Linux?
Many Windows applications run on Linux through Wine or Proton (for games via Steam). Native alternatives like LibreOffice, GIMP, and Firefox are also available.

What is a rolling release distro?
A rolling release distro (like Arch Linux or openSUSE Tumbleweed) delivers continuous updates instead of major version upgrades. You always have the latest software, but updates require more attention.

Conclusion #

The best Linux distribution depends entirely on your needs and experience level. If you are new to Linux, start with Ubuntu, Linux Mint, or Zorin OS. If you want full control over your system, try Arch Linux, EndeavourOS, or Fedora. For gaming, Pop!_OS and Bazzite are strong options. For servers, Debian, Rocky Linux, Ubuntu Server, and RHEL are all solid choices. For security testing, Kali Linux and Parrot Security are the industry standards.

Most distributions are free to download and try. Create a bootable USB, test a few options, and find the one that fits your workflow.

If you have any questions, feel free to leave a comment below.