Home Getting Started Linux Fundamentals for DevSecOps: Shebang, Filesystem, PATH, Links, and Prompt

Linux Fundamentals for DevSecOps: Shebang, Filesystem, PATH, Links, and Prompt

Last updated on Jan 04, 2026

Linux Fundamentals for DevSecOps: Shebang, Filesystem, PATH, Links, and Prompt

Welcome to the first step of your Practical DevSecOps journey!
Before you can automate security checks, build pipelines, or write secure scripts, you need a solid grasp of the Linux environment that underpins every DevSecOps tool. This article demystifies the most frequently encountered concepts—shebang, filesystem hierarchy, PATH variable, hard & symbolic links, and the command prompt—and provides clear examples you can try right away.

1. The Shebang (#!) – Telling Linux Which Interpreter to Use

What is a shebang?

A line that starts with #! (pronounced “hash‑bang”) at the very top of a script is both a comment and an instruction. It tells the kernel which interpreter should execute the file.

#!/bin/bash
# This is a comment for humans
echo "Hello, DevSecOps!"
  • #!/bin/bash points to the Bash binary located in /bin.
  • Everything after # on that line is ignored by the interpreter, so it also works as a regular comment.

Why it matters in DevSecOps

  • Guarantees consistent execution across different environments (e.g., CI runners, containers).
  • Prevents “script not found” errors when the default shell isn’t Bash.

Quick test:
Create a file named hello.sh, paste the snippet above, make it executable (chmod +x hello.sh), and run ./hello.sh. You should see Hello, DevSecOps!.

2. Navigating the Linux Filesystem

Linux organizes files in a single rooted tree (/). Understanding where executables, libraries, and configuration files live is essential for troubleshooting and for placing your own tools.

Directory Typical Contents When to use it
/bin Essential user binaries (e.g., ls, cat) System‑wide commands required for boot
/usr/bin Most user commands (e.g., git, vim) General purpose utilities
/usr/local/bin User‑installed executables (custom scripts, third‑party tools) Ideal location for tools you compile or download yourself
/sbin & /usr/sbin System administration binaries (e.g., ifconfig) Usually accessed by root
/opt Optional add‑on software packages Large third‑party applications

Practical scenario

You’ve just compiled a security scanner from source. Place the binary in /usr/local/bin so it’s available to every user without cluttering system directories.

sudo cp myscanner /usr/local/bin/

Now you can run myscanner from any directory.

3. The PATH Environment Variable

What is PATH?

PATH is a colon‑separated list of directories that the shell searches when you type a command without a full path.

echo $PATH
# Example output:
# /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

How it works

When you type git, the shell checks each directory in $PATH in order. The first matching executable is run.

Adding a custom directory to PATH

If you store scripts in ~/bin, make sure the shell can find them:

# Add to current session
export PATH=$HOME/bin:$PATH

# Persist across logins (add to ~/.bashrc or ~/.profile)
echo 'export PATH=$HOME/bin:$PATH' >> ~/.bashrc
source ~/.bashrc

Why PATH matters for DevSecOps

  • Enables you to invoke tools (e.g., trivy, kube-score) from any location in CI pipelines.
  • Avoids hard‑coding absolute paths in scripts, making them portable.

4. Links: Hard vs. Symbolic

Linux provides two ways to reference the same data: hard links and symbolic (soft) links.

Hard Links

  • Create another directory entry that points directly to the same inode (the actual data on disk).
  • No separate file; deleting one link does not delete the data as long as another link exists.
  • Cannot span different filesystems or reference directories.
# Create a hard link
ln original.txt hardcopy.txt

# Verify they share the same inode
ls -i original.txt hardcopy.txt

Symbolic Links

  • A special file that contains a pathname to another file or directory.
  • Can cross filesystem boundaries and point to directories.
  • If the target is removed, the symlink becomes “dangling”.
# Create a symbolic link
ln -s /usr/local/bin/myscanner /usr/bin/myscanner

# Show where it points
ls -l /usr/bin/myscanner

When to use which?

  • Hard links – Rarely needed in DevSecOps; useful for backup scripts where you want multiple names for the same file without extra storage.
  • Symbolic links – Ideal for versioned tools (/opt/tool-1.2/bin/tool -> /opt/tool-1.2.3/bin/tool) or for creating shortcuts in $PATH.

5. Customizing the Command Prompt

A clear prompt helps you recognize the current user, host, and directory—especially when juggling multiple terminals.

Basic PS1 example

export PS1='\u@\h:\w\$ '
# Result: devuser@myhost:/home/devuser$
  • \u – username
  • \h – hostname (short)
  • \w – current working directory
  • \$ – shows # for root, $ for normal users

Add the line to ~/.bashrc to make it permanent.

Prompt tip for DevSecOps

Include the active virtual environment or Git branch to avoid committing from the wrong context:

export PS1='[\u@\h \W$(git branch 2>/dev/null | grep "^*" | cut -d " " -f2)]\$ '

6. Common Questions & Tips

Issue Likely Cause Fix
Prompt shows ># instead of /# after typing a command You typed cd .. but didn’t press Enter or the shell is waiting for a closing quote Press Enter or complete the command.
#!/bin/bash appears as # only in the editor The editor is displaying the line as a comment; the shebang is still functional Verify with head -1 script.sh to see the raw line.
Command not found even though binary exists in /usr/local/bin /usr/local/bin not in $PATH Add it to PATH as shown in Section 3.
Hard link fails with “Invalid cross‑device link” Source and target are on different mounted filesystems Use a symbolic link (ln -s) instead.

Quick Checklist Before Running a Lab

  1. Shebang – First line starts with #!/bin/bash (or appropriate interpreter).
  2. Executable Permission – Run chmod +x script.sh.
  3. PATH – Verify the tool’s directory is in $PATH.
  4. Prompt – Ensure you’re at the expected location (/# for root, $ for normal user).
  5. Links – Use ls -l to confirm symlinks point where you expect.

7. Wrap‑Up

Mastering these Linux fundamentals—shebang, filesystem layout, PATH, linking mechanisms, and prompt customization—lays a reliable foundation for every DevSecOps task, from writing secure automation scripts to configuring CI/CD runners. Keep this guide handy, experiment with the examples, and you’ll move through the Practical DevSecOps courses with confidence. Happy hacking!