Essential Linux commands
Important shell commands for linux administration

- Service manager
- System logging
- Users and groups
- Processes
- File system
- Kernel commands
- Root commands
- Miscellaneous
-
systemd
is responsible for booting up the system and bringing it to a predictable working state in which :- A set of processes are running.
- A set of kernel devices are exposed to the system.
- A set of directories are mounted in the file system.
- etc ...
- The different tasks required to that effect are described in a set of configuration unit files which are :
- Interdependant.
- Hierarchically organized.
- Configuration-aware.
- Configuration units allow
systemd
to schedule and parallelize execution of tasks required to reach a desired state :- Most noticeably,
*.service
units describe processes and system daemons to schedule. - Special
*.target
units group other units together to form a desired state for the system.
- Most noticeably,
-
systemd
distinguishes between system services (the default) and user services that don't require privileged access.
- Inspect configuration units :
UNIT="gpg-agent.service"
systemctl get-default # gets default system target
systemctl show-environment # shows common environment variables
systemctl list-unit-files # lists installed units
systemctl list-units --type=target # lists target units
systemctl list-units --type=service # lists service units
systemctl list-dependencies --all # dependency tree for the default target
systemctl list-dependencies "$UNIT" # dependency tree for $UNIT
systemctl status "$UNIT" # summary and logs for $UNIT
systemctl show -p Requires "$UNIT" # reads a parameter from $UNIT
systemctl show -p ControlGroup --global # reads a parameter from the global configuration
systemctl --user restart "$UNIT" # restart user service $UNIT
- Update configuration units :
UNIT="my-awesome-system-daemon.service"
sudo systemctl set-environment LANG=en_US # set common environment variable
sudo systemctl edit --full "$UNIT" --force # creates unit $UNIT
sudo systemctl edit --full "$UNIT" # edits unit $UNIT
sudo systemctl enable "$UNIT" # enables unit $UNIT
sudo systemctl disable "$UNIT" # disables unit $UNIT
sudo systemctl daemon-reload # rebuilds entire dependency tree
# "systemctl enable" creates a set of symlinks in /etc/systemd/system according to the [Install] directives
# "systemctl disable" removes the symlinks from /etc/systemd/system and /etc/systemd/system/$UNIT.wants
# both do reload systemd configuration but do not start/stop relevant units except when using --now
- Monitoring :
FILE="/usr/lib/systemd/user/gpg-agent.service"
systemd-analyze verify "$FILE" # checks if "$FILE" is a valid unit
systemd-analyze time # boot sequence duration to reach default target
systemd-analyze blame # lists loaded units, ordered by start time
ps --pid 1 -f # view the systemd process
- Man pages :
man bootup # detailed startup sequence description
man systemd.unit # configuration units guide
man systemd.service # service units design guide
man systemd.special # details on default system targets
-
journald
is asystemd
managed daemon that aggregates system logs from various resources. - It writes structured logs to binary files stored in
/run/log/journal
and/var/log/journal
. -
syslog
facilities and levels are added as metadata to thejournald
log entries.
UNIT="ssh.service"
sudo journalctl -u "$UNIT" --priority info # information logs for systemd unit $UNIT
journalctl --user --boot # current user log entries since last boot
journalctl --facility=help # list known syslog facilities
sudo journalctl --facility=daemon # log entries for daemons & services
sudo journalctl --facility=cron # log entries for scheduled tasks
sudo journalctl --facility=auth # log entries for login events
sudo journalctl --facility=authpriv # log entries for root commands
- Linux manages system accounts (Uid and Gid below 1000) and user accounts (Uid and Gid above 1000).
- New user accounts are created along with a home directory using
/etc/skel
as a blueprint. - The shadow password suite of tools contains most utilities for users and groups management.
- Inspect connected (logged in) users :
USER_NAME="someone"
id "$USER_NAME" # prints id and group details for $USER_NAME
sudo who -uH # view all connected users
sudo w # more details about connected users
sudo wall "hiya" # message all connected users
sudo write "$USER_NAME" pts/9 # write to $USER_NAME on a specific tty
- Inspect accounts :
cat /etc/passwd | column -ts ":" # view all users accounts
cat /etc/group | column -ts ":" # view all groups accounts
sudo cat /etc/shadow | column -ts ":" # view shadowed users accounts
sudo cat /etc/gshadow | column -ts ":" # view shadowed groups accounts
- Manage users :
USER_NAME="someone"
GROUP_NAME="access-to-network-drive"
passwd # change current user password
sudo adduser "$USER_NAME" --shell /bin/bash # create user, set default shell
sudo deluser "$USER_NAME" # delete user
sudo usermod -a -G "$GROUP_NAME" "$USER_NAME" # add user to group
- Manage groups :
USER_NAME="someone"
GROUP_NAME="access-to-network-drive"
newgrp "$GROUP_NAME" # changes Gid for current user to $GROUP_NAME
sudo groupadd -f "$GROUP_NAME" -g 1010 # create user group $GROUP_NAME, set Gid
sudo gpasswd -a "$USER_NAME" "$GROUP_NAME" # add $USER_NAME to $GROUP_NAME
sudo gpasswd -d "$USER_NAME" "$GROUP_NAME" # removes $USER_NAME from $GROUP_NAME
sudo gpasswd -M "$USER_NAME" "person" "$GROUP_NAME" # overwrite members list for $GROUP_NAME
sudo groupmod -n "some-group" "$GROUP_NAME" # changes group name to some-group
sudo groupdel "some-group" # deletes group some-group
- Man pages :
man login.defs # shadow password suite tools configuration
man shadow # shadowed users accounts file description
man gshadow # shadowed groups accounts file description
- Process scheduling is prioritized according to its niceness, which ranges from -19 to 20 (defaults to 0).
- Modifying niceness for a process can alter niceness for all other processes on the system.
- As a rule of thumb, original niceness should never be modified on foreground processes.
- Monitoring :
USER_NAME="xrdp"
PID=582
CMD="sleep 60"
top -u "$USER_NAME" # watch processes with username $USER_NAME
sudo ps -fU "$USER_NAME" # processes whose real Uid is $USER_NAME's
sudo ps -fp "$PID" # details on process with PID $PID
sudo ps -aux # lists all processes on the system, by user
pstree -puTn # displays current processes tree
# options : show PID, show RUID, hide threads, sort by PPID
time --verbose "$CMD" # time $CMD execution, displays resources usage
# - User time: command instructions processing
# - System time: execution of kernel system calls
- Jobs :
sleep 60 & # start command as a job
jobs # show active jobs
fg 1 # bring job in the foreground
bg 1 # resume suspended job
- Niceness :
CMD="sleep 60"
PID=582
ps -o pid,ni,cmd --ppid $$ # niceness for current shell's processes
nice -n 5 "$CMD" # runs $CMD and adds 5 to the default niceness
renice -n 5 -p "$PID" # alters process $PID niceness by 5
- Block devices are partitioned and formatted using a file system before partitions are mounted to a path on the host.
- File metadata is stored in a specific
inode
structure that can be inspected usingstat
. - File permissions are represented as a 3 digit octal number (for instance
644
for regular files) :- Permissions for owner Uid (user id), owner Gid (group id), and everyone else are represented by 1 digit each.
- Each digit holds read, write and execute permissions for the related user(s).
- Inspect devices and partitions :
DEV="/dev/sda"
PART="/dev/sda2"
FILE="/home/admin/.bashrc"
sudo fdisk -lo +UUID "$DEV" # show block device information for $DEV
lsblk -fmo +TYPE "$PART" # show partition summary for $PART
sudo blkid -p "$DEV" | sed -r "s/\s/\n/g" # show partition details for $PART
sudo dumpe2fs "$DEV" | grep -F Filesystem # show file system details for $PART
df -h "$FILE" # show free space on $FILE's partition
findmnt -A --fstab --evaluate # show details about fstab mounts
- Inspect files :
FILE="/home/someone/.bashrc"
file "$FILE" # show file type for $FILE
stat "$FILE" # show inode metadata for $FILE
- Set file permissions :
MODE="644"
FILE="/home/someone/.bashrc"
USER_NAME="someone"
GROUP_NAME="someone"
DIR="/home/someone"
chmod "$MODE" "$FILE" # set $FILE permissions to $MODE
chown "$USER_NAME:" "$FILE" # set $FILE Uid and Gid to $USER_NAME
chgrp "$GROUP_NAME" "$FILE" # set $FILE Gid to $GROUP_NAME
chmod o+t "$DIR" # set sticky bit on $DIR
umask "$MODE" # set user file creation mode mask
- File access monitoring :
USER_NAME="xrdp"
PID=582
CMD="sleep 60"
FILE="/home/someone/.somefile.swp"
sudo lsof -u "$USER_NAME" # files opened by processes owned by $USER_NAME
sudo lsof -u "^root" # files opened by processes NOT owned by root
sudo lsof -c "$CMD" # files opened by processes running $CMD
sudo lsof -c "/^s.*$/x" -c0 # match command against regex + do not truncate
sudo lsof -a -u "$USER_NAME" -c "$CMD" # combine multiple options with -a
sudo lsof -a -u "$USER_NAME" +D /dev/pts/. -R # list interactive processes for a user, display PPID
sudo lsof -i tcp@192.168.1.12:ssh -n # list sockets matching protocol, host and port/service
sudo lsof -a -i TCP -s TCP:LISTEN -n # list socket matching protocol and state
sudo lsof -a -p "$PID" -d ^mem # files opened by process $PID, hide memory mapped files
sudo lsof -ap "$PID" -d ^mem # alternative form using grouped options
sudo lsof -t "$FILE" # processes currently accessing a specific file
vi /usr/share/doc/lsof/00QUICKSTART.gz # lsof quickstart guide with many examples
tty # print terminal / pseudo terminal for the current shell
- Man pages :
man hier # description of the entire file system
man inode # description of the inode structure
- Other :
DIR="/home/someone"
FILE="*.md"
CMD="file"
# search $DIR for $FILE and run $CMD on matches (recursive)
find "$DIR" -name "$FILE" -exec "$CMD" {} \;
# create a symlink to $FILE at $LINK
ln -s "$FILE" "$LINK"
-
sysctl
is used to view or update kernel parameters (which are stored in/proc/sys
). -
dmesg
is used to print the kernel message buffer after system startup.
PARAM="fs.inotify.max_user_watches"
VALUE="262144"
sudo sysctl "$PARAM"="$VALUE" # sets kernel $PARAM to $VALUE
sudo sysctl -a # list all kernel parameters
sudo dmesg -kHxL=always # print kernel messages since last boot
sudo dmesg -k -l err --since "5 hour ago" # print kernel error messages since 5 hrs ago
-
root
is the system's superuser and has complete control over it. - See below for a list of commands that require root privileges.
USER_NAME="someone"
SOME_NAME="my-new-host"
sudo EDITOR=/bin/vim visudo # edit sudoers file with vim
sudo -k # revoke sudo session
sudo hostnamectl hostname "$SOME_NAME" # updates system informations
sudo runuser -c '<CMD>' -P --login "$USER_NAME" # runs <CMD> as $USER_NAME without asking for password
# runuser starts a new login shell and runs the command with $USER_NAME's environment, but without executing their .bashrc
# <CMD> has to be single quoted to prevent variable expansion by the current shell with the current user environment
-
man
files for installed packages are stored a*.gz
archives under/usr/share/man
.
FILE="/usr/share/man/ja/man1/passwd.1.gz"
CMD="passwd"
man "$FILE" # format and display man file $FILE
whatis "$CMD" chpasswd # search man-db for pages matching arguments
man -f "$CMD" chpasswd # same as the above
man -k "$CMD" chpasswd # searches man-db for arguments in pages descriptions (regex supported)
apropos "$CMD" chpasswd # same as the above
man -a "$CMD" # prints all man pages for $CMD one after the other
-
tar
is an archiving utility.
ARCHIVE="/home/someone/tarball.tar"
tar --list -f "$ARCHIVE" # list $ARCHIVE contents
tar -cvf "$ARCHIVE" /home/someone/data # archives directory contents into $ARCHIVE
tar -xvf "$ARCHIVE" # extracts $ARCHIVE contents to the current path
-
polkit
is an authority framework managing access for unprivileged programs (clients) to privileged ones (mechanisms).
man polkit # general concepts about the policy kit framework
- System daemon that executes scheduled commands on behalf of users, started with
multi-user.target
.
man crontab # details on crontab files formatting
crontab -l # print current user crontab file
crontab -e # edits current users crontab using /usr/bin/editor
crontab -r # removes current user crontab file
history -a # append the history buffer's content to user's .bash_history
history -c # clears history buffer
- The
alternatives
system binds named symlinks to executables to provide default choices for certain actions.
ALT="editor"
EXEC="/usr/bin/vim.tiny"
update-alternatives --get-selections # view all alternatives names and values
update-alternatives --display "$ALT" # symlink, alternatives, best and current value for $ALT
update-alternatives --config "$ALT" # changes alternative configuration for $ALT (auto/manual, system wide)
update-alternatives --remove "$ALT" "$EXEC" # removes $EXEC as an alternative for $ALT symlink
update-alternatives --install $l $n $p $i # installs alternative $p with priority $i for name $n and link $l