Essential Linux commands

Important shell commands for linux administration

view on github

Linux administration cheatsheet

Table of contents

  1. Service manager
  2. System logging
  3. Users and groups
  4. Processes
  5. File system
  6. Kernel commands
  7. Root commands
  8. Miscellaneous

Service manager

Description

  • systemd is responsible for booting up the system and bringing it to a predictable working state in which :
    • A set of processes are running.
    • A set of kernel devices are exposed to the system.
    • A set of directories are mounted in the file system.
    • etc ...
  • The different tasks required to that effect are described in a set of configuration unit files which are :
    • Interdependant.
    • Hierarchically organized.
    • Configuration-aware.
  • Configuration units allow systemd to schedule and parallelize execution of tasks required to reach a desired state :
    • Most noticeably, *.service units describe processes and system daemons to schedule.
    • Special *.target units group other units together to form a desired state for the system.
  • systemd distinguishes between system services (the default) and user services that don't require privileged access.

Commands

  • Inspect configuration units :
UNIT="gpg-agent.service"
systemctl get-default                      # gets default system target
systemctl show-environment                 # shows common environment variables
systemctl list-unit-files                  # lists installed units
systemctl list-units --type=target         # lists target units
systemctl list-units --type=service        # lists service units
systemctl list-dependencies --all          # dependency tree for the default target
systemctl list-dependencies "$UNIT"        # dependency tree for $UNIT
systemctl status "$UNIT"                   # summary and logs for $UNIT
systemctl show -p Requires "$UNIT"         # reads a parameter from $UNIT
systemctl show -p ControlGroup --global    # reads a parameter from the global configuration
systemctl --user restart "$UNIT"           # restart user service $UNIT
  • Update configuration units :
UNIT="my-awesome-system-daemon.service"
sudo systemctl set-environment LANG=en_US  # set common environment variable
sudo systemctl edit --full "$UNIT" --force # creates unit $UNIT
sudo systemctl edit --full "$UNIT"         # edits unit $UNIT
sudo systemctl enable "$UNIT"              # enables unit $UNIT
sudo systemctl disable "$UNIT"             # disables unit $UNIT
sudo systemctl daemon-reload               # rebuilds entire dependency tree

# "systemctl enable" creates a set of symlinks in /etc/systemd/system according to the [Install] directives
# "systemctl disable" removes the symlinks from /etc/systemd/system and /etc/systemd/system/$UNIT.wants
# both do reload systemd configuration but do not start/stop relevant units except when using --now
  • Monitoring :
FILE="/usr/lib/systemd/user/gpg-agent.service"
systemd-analyze verify "$FILE"             # checks if "$FILE" is a valid unit
systemd-analyze time                       # boot sequence duration to reach default target
systemd-analyze blame                      # lists loaded units, ordered by start time
ps --pid 1 -f                              # view the systemd process
  • Man pages :
man bootup                                 # detailed startup sequence description
man systemd.unit                           # configuration units guide
man systemd.service                        # service units design guide
man systemd.special                        # details on default system targets

System logging

Description

  • journald is a systemd managed daemon that aggregates system logs from various resources.
  • It writes structured logs to binary files stored in /run/log/journal and /var/log/journal.
  • syslog facilities and levels are added as metadata to the journald log entries.

Commands

UNIT="ssh.service"
sudo journalctl -u "$UNIT" --priority info # information logs for systemd unit $UNIT
journalctl --user --boot                   # current user log entries since last boot
journalctl --facility=help                 # list known syslog facilities
sudo journalctl --facility=daemon          # log entries for daemons & services
sudo journalctl --facility=cron            # log entries for scheduled tasks
sudo journalctl --facility=auth            # log entries for login events
sudo journalctl --facility=authpriv        # log entries for root commands

Users and groups

Description

  • Linux manages system accounts (Uid and Gid below 1000) and user accounts (Uid and Gid above 1000).
  • New user accounts are created along with a home directory using /etc/skel as a blueprint.
  • The shadow password suite of tools contains most utilities for users and groups management.

Commands

  • Inspect connected (logged in) users :
USER_NAME="someone"
id "$USER_NAME"                            # prints id and group details for $USER_NAME
sudo who -uH                               # view all connected users
sudo w                                     # more details about connected users
sudo wall "hiya"                           # message all connected users
sudo write "$USER_NAME" pts/9              # write to $USER_NAME on a specific tty
  • Inspect accounts :
cat /etc/passwd | column -ts ":"           # view all users accounts
cat /etc/group | column -ts ":"            # view all groups accounts
sudo cat /etc/shadow | column -ts ":"      # view shadowed users accounts
sudo cat /etc/gshadow | column -ts ":"     # view shadowed groups accounts
  • Manage users :
USER_NAME="someone"
GROUP_NAME="access-to-network-drive"
passwd                                        # change current user password
sudo adduser "$USER_NAME" --shell /bin/bash   # create user, set default shell
sudo deluser "$USER_NAME"                     # delete user
sudo usermod -a -G "$GROUP_NAME" "$USER_NAME" # add user to group
  • Manage groups :
USER_NAME="someone"
GROUP_NAME="access-to-network-drive"
newgrp "$GROUP_NAME"                                # changes Gid for current user to $GROUP_NAME
sudo groupadd -f "$GROUP_NAME" -g 1010              # create user group $GROUP_NAME, set Gid
sudo gpasswd -a "$USER_NAME" "$GROUP_NAME"          # add $USER_NAME to $GROUP_NAME
sudo gpasswd -d "$USER_NAME" "$GROUP_NAME"          # removes $USER_NAME from $GROUP_NAME
sudo gpasswd -M "$USER_NAME" "person" "$GROUP_NAME" # overwrite members list for $GROUP_NAME
sudo groupmod -n "some-group" "$GROUP_NAME"         # changes group name to some-group
sudo groupdel "some-group"                          # deletes group some-group
  • Man pages :
man login.defs                             # shadow password suite tools configuration
man shadow                                 # shadowed users accounts file description
man gshadow                                # shadowed groups accounts file description

Processes

Description

  • Process scheduling is prioritized according to its niceness, which ranges from -19 to 20 (defaults to 0).
  • Modifying niceness for a process can alter niceness for all other processes on the system.
  • As a rule of thumb, original niceness should never be modified on foreground processes.

Commands

  • Monitoring :
USER_NAME="xrdp"
PID=582
CMD="sleep 60"
top -u "$USER_NAME"                        # watch processes with username $USER_NAME
sudo ps -fU "$USER_NAME"                   # processes whose real Uid is $USER_NAME's
sudo ps -fp "$PID"                         # details on process with PID $PID
sudo ps -aux                               # lists all processes on the system, by user
pstree -puTn                               # displays current processes tree
                                           # options : show PID, show RUID, hide threads, sort by PPID
time --verbose "$CMD"                      # time $CMD execution, displays resources usage
                                           # - User time: command instructions processing
                                           # - System time: execution of kernel system calls
  • Jobs :
sleep 60 &                                 # start command as a job
jobs                                       # show active jobs
fg 1                                       # bring job in the foreground
bg 1                                       # resume suspended job
  • Niceness :
CMD="sleep 60"
PID=582
ps -o pid,ni,cmd --ppid $$                 # niceness for current shell's processes
nice -n 5 "$CMD"                           # runs $CMD and adds 5 to the default niceness
renice -n 5 -p "$PID"                      # alters process $PID niceness by 5

File system

Description

  • Block devices are partitioned and formatted using a file system before partitions are mounted to a path on the host.
  • File metadata is stored in a specific inode structure that can be inspected using stat.
  • File permissions are represented as a 3 digit octal number (for instance 644 for regular files) :
    • Permissions for owner Uid (user id), owner Gid (group id), and everyone else are represented by 1 digit each.
    • Each digit holds read, write and execute permissions for the related user(s).

Commands

  • Inspect devices and partitions :
DEV="/dev/sda"
PART="/dev/sda2"
FILE="/home/admin/.bashrc"
sudo fdisk -lo +UUID "$DEV"                # show block device information for $DEV
lsblk -fmo +TYPE "$PART"                   # show partition summary for $PART
sudo blkid -p "$DEV" | sed -r "s/\s/\n/g"  # show partition details for $PART
sudo dumpe2fs "$DEV" | grep -F Filesystem  # show file system details for $PART
df -h "$FILE"                              # show free space on $FILE's partition
findmnt -A --fstab --evaluate              # show details about fstab mounts
  • Inspect files :
FILE="/home/someone/.bashrc"
file "$FILE"                               # show file type for $FILE
stat "$FILE"                               # show inode metadata for $FILE
  • Set file permissions :
MODE="644"
FILE="/home/someone/.bashrc"
USER_NAME="someone"
GROUP_NAME="someone"
DIR="/home/someone"
chmod "$MODE" "$FILE"                      # set $FILE permissions to $MODE
chown "$USER_NAME:" "$FILE"                # set $FILE Uid and Gid to $USER_NAME
chgrp "$GROUP_NAME" "$FILE"                # set $FILE Gid to $GROUP_NAME
chmod o+t "$DIR"                           # set sticky bit on $DIR
umask "$MODE"                              # set user file creation mode mask
  • File access monitoring :
USER_NAME="xrdp"
PID=582
CMD="sleep 60"
FILE="/home/someone/.somefile.swp"
sudo lsof -u "$USER_NAME"                     # files opened by processes owned by $USER_NAME
sudo lsof -u "^root"                          # files opened by processes NOT owned by root
sudo lsof -c "$CMD"                           # files opened by processes running $CMD
sudo lsof -c "/^s.*$/x" -c0                   # match command against regex + do not truncate
sudo lsof -a -u "$USER_NAME" -c "$CMD"        # combine multiple options with -a
sudo lsof -a -u "$USER_NAME" +D /dev/pts/. -R # list interactive processes for a user, display PPID
sudo lsof -i tcp@192.168.1.12:ssh -n          # list sockets matching protocol, host and port/service
sudo lsof -a -i TCP -s TCP:LISTEN -n          # list socket matching protocol and state
sudo lsof -a -p "$PID" -d ^mem                # files opened by process $PID, hide memory mapped files
sudo lsof -ap "$PID" -d ^mem                  # alternative form using grouped options
sudo lsof -t "$FILE"                          # processes currently accessing a specific file
vi /usr/share/doc/lsof/00QUICKSTART.gz        # lsof quickstart guide with many examples
tty                                           # print terminal / pseudo terminal for the current shell
  • Man pages :
man hier                                   # description of the entire file system
man inode                                  # description of the inode structure
  • Other :
DIR="/home/someone"
FILE="*.md"
CMD="file"

# search $DIR for $FILE and run $CMD on matches (recursive)
find "$DIR" -name "$FILE" -exec "$CMD" {} \;

# create a symlink to $FILE at $LINK
ln -s "$FILE" "$LINK"

Kernel commands

Description

  • sysctl is used to view or update kernel parameters (which are stored in /proc/sys).
  • dmesg is used to print the kernel message buffer after system startup.

Commands

PARAM="fs.inotify.max_user_watches"
VALUE="262144"
sudo sysctl "$PARAM"="$VALUE"              # sets kernel $PARAM to $VALUE
sudo sysctl -a                             # list all kernel parameters
sudo dmesg -kHxL=always                    # print kernel messages since last boot
sudo dmesg -k -l err --since "5 hour ago"  # print kernel error messages since 5 hrs ago

Root commands

Description

  • root is the system's superuser and has complete control over it.
  • See below for a list of commands that require root privileges.

Commands

USER_NAME="someone"
SOME_NAME="my-new-host"
sudo EDITOR=/bin/vim visudo                     # edit sudoers file with vim
sudo -k                                         # revoke sudo session
sudo hostnamectl hostname "$SOME_NAME"          # updates system informations
sudo runuser -c '<CMD>' -P --login "$USER_NAME" # runs <CMD> as $USER_NAME without asking for password

# runuser starts a new login shell and runs the command with $USER_NAME's environment, but without executing their .bashrc
# <CMD> has to be single quoted to prevent variable expansion by the current shell with the current user environment

Miscellaneous

Manual :

  • man files for installed packages are stored a *.gz archives under /usr/share/man.
FILE="/usr/share/man/ja/man1/passwd.1.gz"
CMD="passwd"
man "$FILE"                                # format and display man file $FILE
whatis "$CMD" chpasswd                     # search man-db for pages matching arguments
man -f "$CMD" chpasswd                     # same as the above
man -k "$CMD" chpasswd                     # searches man-db for arguments in pages descriptions (regex supported)
apropos "$CMD" chpasswd                    # same as the above
man -a "$CMD"                              # prints all man pages for $CMD one after the other

GNU tar

  • tar is an archiving utility.
ARCHIVE="/home/someone/tarball.tar"
tar --list -f "$ARCHIVE"                 # list $ARCHIVE contents
tar -cvf "$ARCHIVE" /home/someone/data   # archives directory contents into $ARCHIVE
tar -xvf "$ARCHIVE"                      # extracts $ARCHIVE contents to the current path

Policy kit

  • polkit is an authority framework managing access for unprivileged programs (clients) to privileged ones (mechanisms).
man polkit                                 # general concepts about the policy kit framework

Cron

  • System daemon that executes scheduled commands on behalf of users, started with multi-user.target.
man crontab                                # details on crontab files formatting
crontab -l                                 # print current user crontab file
crontab -e                                 # edits current users crontab using /usr/bin/editor
crontab -r                                 # removes current user crontab file

Commands history

history -a                               # append the history buffer's content to user's .bash_history
history -c                               # clears history buffer

Alternatives

  • The alternatives system binds named symlinks to executables to provide default choices for certain actions.
ALT="editor"
EXEC="/usr/bin/vim.tiny"
update-alternatives --get-selections        # view all alternatives names and values
update-alternatives --display "$ALT"        # symlink, alternatives, best and current value for $ALT
update-alternatives --config "$ALT"         # changes alternative configuration for $ALT (auto/manual, system wide)
update-alternatives --remove "$ALT" "$EXEC" # removes $EXEC as an alternative for $ALT symlink
update-alternatives --install $l $n $p $i   # installs alternative $p with priority $i for name $n and link $l