My Top 50 Linux commands
Contents
Here is my top 50 linux commands which I use everyday and I hope this list will make you more comfortable when you use linux cli.
alias
# show shell aliases
$ alias
alias egrep='egrep --color=auto'
alias fgrep='fgrep --color=auto'
alias grep='grep --color=auto'
alias l.='ls -d .* --color=auto'
alias ll='ls -l --color=auto'
alias ls='ls --color=auto'
apropos
# search the manual page names and descriptions
$ apropos rename
git-mv (1) - Move or rename a file, a directory, or a symlink
lvrename (8) - Rename a logical volume
mmove (1) - move or rename an MSDOS file or subdirectory
mren (1) - rename an existing MSDOS file
mv (1) - move (rename) files
mvxattr (1) - Recursively rename extended attributes
cat
# concatenate files to each other to pipe
# overwrite file_b with file_a content
$ cat file_a > file_b
# append file_a content at the end of file_b
$ cat file_a >> file_b
# send file_a content to pipe
$ cat file_a | more
$ cat file_a | grep error
cd
# go back to your home dir
$ cd
# go one directory up
$ cd ..
chmod
# give user (owner) execute permission
$ chmod u+x
# give group members write permission
$ chmod g+w
# remove write permission from others
$ chmod o-w
chown
# mytempfile under /tmp dir will be owned by user "fehmi" and "group" sysadm
$ chown fehmi:sysadm /tmp/mytempfile.txt
# all files and directories under /var/log/httpd will be owned by user "root" and group "root" (recursive)
$ chown -R root: /var/log/httpd
cp
# copy file_a to file_b
$ cp file_a file_b
# copy all files under /dir_a to /dir_b with preserving file attributes
$ cp -a /dir_a /dir_b
curl
# get google.com main page content and display
$ curl https://www.google.com
# skip HTTPS certificate verification
$ curl -k https://www.google.com
# show verbose output
$ curl -vv -k https://google.com
cut
# this is our source data file
$ cat data
1 a,aa
2 b,bb
3 c,cc
# show field (column) 1 (default deliminator is space)
$ cat data | cut -f1
1
2
3
# show field (column) 2 (default deliminator is space)
$ cat data | cut -f2
a
b
c
# show field (column) 2 use , (comma) as deliminator
$ cat data | cut -f2 -d,
aa
bb
cc
# show field (column) 1 use , (comma) as deliminator
$ cat data | cut -f1 -d,
1 a
2 b
3 c
dd
# create 10M empty file
# if : input file
# bs : block size
# count : how many times to repeat block size
# of : output file
$ dd if=/dev/zero bs=1M count=10 of=data.img
10+0 records in
10+0 records out
10485760 bytes (10 MB, 10 MiB) copied, 0.00531697 s, 2.0 GB/s
$ ls -alh data.img
-rw-r--r--. 1 sysadm sysadm 10M Aug 3 09:40 data.img
df
# show disk usage in human readable form also with percentage
$ df -h
dmesg
# show latest system kernel messages in human readble form
$ dmesg -H
du
# print working directory
$ pwd
/home
# show directory size under /home in human readble form
$ du -sh *
4.6G sysadm
fdisk
# show/modify disk partitions
$ sudo fdisk -l
Disk /dev/sda: 16 GiB, 17179869184 bytes, 33554432 sectors
Disk model: VBOX HARDDISK
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0xcbbd5e0f
Device Boot Start End Sectors Size Id Type
/dev/sda1 * 2048 2099199 2097152 1G 83 Linux
/dev/sda2 2099200 33554431 31455232 15G 83 Linux
file
# show file type
$ file /etc/passwd
/etc/passwd: ASCII text
# show file type
$ file /usr/bin/sudo
/usr/bin/sudo: setuid ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2
# show file type
$ file /dev/tty0
/dev/tty0: character special (4/0)
find
# Please check
http://letslearntogether.info/post/linux-find/
free
# show memory and swap usage [mebibytes]
$ free -m
# show memory and swap usage [gibibytes]
$ free -g
# show memory and swap usage in human readble form
$ free -h
grep
# search for "sysadm" inside /etc/passwd file
$ grep sysadm /etc/passwd
sysadm:x:1000:1000:System Admin:/home/sysadm:/bin/bash
# search for "sysadm" and "nobody" and "root" inside /etc/passwd file
$ grep -E 'sysadm|nobody|root' /etc/passwd
root:x:0:0:root:/root:/bin/bash
operator:x:11:0:operator:/root:/sbin/nologin
nobody:x:65534:65534:Kernel Overflow User:/:/sbin/nologin
sysadm:x:1000:1000:System Admin:/home/sysadm:/bin/bash
# search for "sysadm" and "nobody" and "root" inside /etc/passwd exclude line contains "operator"
$ grep -E 'sysadm|nobody|root' /etc/passwd | grep -v operator
root:x:0:0:root:/root:/bin/bash
nobody:x:65534:65534:Kernel Overflow User:/:/sbin/nologin
sysadm:x:1000:1000:System Admin:/home/sysadm:/bin/bash
# find files names ends with .log and find word "error" in those files
$ find / -name *.log -exec grep -iH error {} \;
gzip / gunzip
# zip data file, output will be data.gz
$ gzip data
# unzip data.gz file , output will be data
$ gunzip data.gz
# zip all files ( data1 data2 data3 ) under "mydir" directory
# output will be data1.gz data2.gz data3.gz under "mydir" directory
$ gzip mydir
# unzip all files ( data1.gz data2.gz data3.gz ) under "mydir" directory
# output will be data1 data2 data3 under "mydir" directory
$ gunzip mydir
history
# show last 5 command from history
$ history | tail -n5
924 gunzip -r tmp/
925 cd tmp/
926 ls
927 history
928 history | tail -n5
# rerun command #926
$ !926
id
# what is my id ?
$ id
uid=1000(sysadm) gid=1000(sysadm) groups=1000(sysadm),10(wheel) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
# switch to root user
$ sudo su -
[sudo] password for sysadm:
# id
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
ip
# show ip address config
# -4 : only ipv4
$ ip -4 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic noprefixroute enp0s3
valid_lft 78167sec preferred_lft 78167sec
# show route table
$ ip ro
default via 10.0.2.2 dev enp0s3 proto dhcp src 10.0.2.15 metric 100
10.0.2.0/24 dev enp0s3 proto kernel scope link src 10.0.2.15 metric 100
lastlog
# show users last login time
$ lastlog | grep sysadm
sysadm tty2 Mon Aug 1 07:57:21 -0400 2022
man
# show manual page for man command
$ man man
# show manual page for ping command
$ man ping
# search manual page names and descriptions for word "password"
$ man -k password
mkdir
# make directory
$ mkdir backup
# make directory with multiple sub directories
$ mkdir -p backup/2022/Aug/01
mount
# see which hard drives , partitions mounted
$ mount | grep -E 'ext4|btrfs'
/dev/sda2 on / type btrfs (rw,relatime,seclabel,compress=zstd:1,space_cache=v2,subvolid=257,subvol=/root)
/dev/sda2 on /home type btrfs (rw,relatime,seclabel,compress=zstd:1,space_cache=v2,subvolid=256,subvol=/home)
/dev/sda1 on /boot type ext4 (rw,relatime,seclabel)
mv
# move file (or rename)
$ mv file_a file_b
netstat
# see which ports are open (listening) and connection status
# -a : show all
# -n : show numerical addresses instead of trying to determine symbolic host, port or user names
$ nestat -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:1313 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.54:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:5355 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:49994 127.0.0.1:1313 ESTABLISHED
parted
# show/modify disk partitions
$ sudo parted -l
Model: ATA VBOX HARDDISK (scsi)
Disk /dev/sda: 17.2GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags:
Number Start End Size Type File system Flags
1 1049kB 1075MB 1074MB primary ext4 boot
2 1075MB 17.2GB 16.1GB primary btrfs
ping
# check if you can reach an IP address on network
# -c : number of ping packets
$ ping -c 2 www.google.com
PING www.google.com (172.253.115.103) 56(84) bytes of data.
64 bytes from bg-in-f103.1e100.net (172.253.115.103): icmp_seq=1 ttl=59 time=9.32 ms
64 bytes from bg-in-f103.1e100.net (172.253.115.103): icmp_seq=2 ttl=59 time=8.13 ms
--- www.google.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1005ms
rtt min/avg/max/mdev = 8.127/8.723/9.320/0.596 ms
ps
# show running all processes with main and child relation
# UID : process owner
# PID : process id
# PPID : started by which process id
$ ps -ef f
UID PID PPID C STIME TTY STAT TIME CMD
root 2 0 0 07:56 ? S 0:00 [kthreadd]
root 3 2 0 07:56 ? I< 0:00 \_ [rcu_gp]
root 4 2 0 07:56 ? I< 0:00 \_ [rcu_par_gp]
root 5 2 0 07:56 ? I< 0:00 \_ [netns]
root 7 2 0 07:56 ? I< 0:00 \_ [kworker/0:0H-events_highpri]
root 9 2 0 07:56 ? I< 0:00 \_ [kworker/0:1H-kblockd]
root 10 2 0 07:56 ? I< 0:00 \_ [mm_percpu_wq]
.
.
sysadm 6110 1426 0 11:48 ? Ssl 0:31 \_ /usr/libexec/gnome-terminal-server
sysadm 6128 6110 0 11:48 pts/0 Ss 0:00 | \_ bash
sysadm 25750 6128 0 22:17 pts/0 R+ 0:00 | | \_ ps -ef f
pwd
[sysadm@fhm-lcl ~]$ pwd
/home/sysadm
rm
# remove files and/or directories
$ rm file_a
$ rm -r directory_a
# force remove
$ rm -rf directory_a
$ rm -rf file_*
shutdown
# shutdown linux OS and hardware
# -h : halt , power off
$ shutdown -h now
sort
# unsorted output
$ cat /etc/passwd | cut -f1 -d: | head -n3
root
bin
daemon
# sorted output
$ cat /etc/passwd | cut -f1 -d: | sort | head -n3
abrt
adm
apache
# sort by first field (default)
$ df -h | sort
/dev/sda1 974M 281M 626M 31% /boot
/dev/sda2 15G 7.2G 7.4G 50% /
/dev/sda2 15G 7.2G 7.4G 50% /home
devtmpfs 4.0M 0 4.0M 0% /dev
Filesystem Size Used Avail Use% Mounted on
tmpfs 2.0G 30M 1.9G 2% /dev/shm
tmpfs 2.0G 3.1M 2.0G 1% /tmp
tmpfs 392M 140K 392M 1% /run/user/1000
tmpfs 784M 1.4M 783M 1% /run
# sort by disk size
# -h : compare human readable numbers (e.g., 2K 1G)
# -k : field number
$ df -h | sort -h -k2
Filesystem Size Used Avail Use% Mounted on
devtmpfs 4.0M 0 4.0M 0% /dev
tmpfs 392M 140K 392M 1% /run/user/1000
tmpfs 784M 1.4M 783M 1% /run
/dev/sda1 974M 281M 626M 31% /boot
tmpfs 2.0G 29M 1.9G 2% /dev/shm
tmpfs 2.0G 3.1M 2.0G 1% /tmp
/dev/sda2 15G 7.2G 7.4G 50% /
/dev/sda2 15G 7.2G 7.4G 50% /home
# sort by disk usage
# -r : reverse order
$ df -h | sort -k5 -r
Filesystem Size Used Avail Use% Mounted on
/dev/sda2 15G 7.2G 7.4G 50% /home
/dev/sda2 15G 7.2G 7.4G 50% /
/dev/sda1 974M 281M 626M 31% /boot
tmpfs 2.0G 29M 1.9G 2% /dev/shm
tmpfs 2.0G 3.1M 2.0G 1% /tmp
tmpfs 392M 140K 392M 1% /run/user/1000
tmpfs 784M 1.4M 783M 1% /run
devtmpfs 4.0M 0 4.0M 0% /dev
ss
# ss is preferred over netstat
# show listening tcp ports
# -l : listening
# -t : tcp
# -n : do not resolve DNS and port names
$ ss -tln
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 4096 0.0.0.0:5355 0.0.0.0:*
LISTEN 0 4096 127.0.0.54:53 0.0.0.0:*
LISTEN 0 4096 127.0.0.53%lo:53 0.0.0.0:*
LISTEN 0 128 127.0.0.1:631 0.0.0.0:*
LISTEN 0 4096 [::]:5355 [::]:*
LISTEN 0 128 [::1]:631 [::]:*
# show connection stats
$ ss -s
Total: 938
TCP: 8 (estab 0, closed 1, orphaned 0, timewait 1)
Transport Total IP IPv6
RAW 1 0 1
UDP 11 7 4
TCP 7 5 2
INET 19 12 7
FRAG 0 0 0
ssh
# ssh in to server 10.0.0.10 with username "oracle"
$ ssh oracle@10.0.0.10
# ssh in to server 10.0.0.10 with username "oracle" using private key under .ssh directory
$ ssh -i ~/.ssh/id_rsa oracle@10.0.0.10
# secure copy data.sql file from 10.0.0.10 /data/backup directory to your home directory
$ scp oracle@10.0.0.10:/data/backup/data.sql .
# secure copy mybackup.sql file from your home directory to 10.0.0.10 oracle home directory
$ scp mybackup.sql oracle@10.0.0.10:~/
su
# switch in to oracle user account
# target user needs to have a valid shell
$ su - oracle
Password:
$ id
uid=1001(oracle) gid=1001(oracle) groups=1001(oracle) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
# switch to root account
$ sudo su -
# id
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
sudo
# run commands with escalated priviledges
$ id
uid=1000(sysadm) gid=1000(sysadm) groups=1000(sysadm)
$ cat /etc/shadow
cat: /etc/shadow: Permission denied
$ sudo cat /etc/shadow | head -n1
root:!::0:99999:7:::
# become root
$ sudo -i
tail
# show last 2 lines of a file
$ cat /etc/passwd | tail -n2
# output appended data as the file grows
$ tail -f /var/log/messages
tar
# archive all files under mybackup directory
# -c : create
# -v : verbose output
# -f : archive file name
$ tar cvf mybackup.tar mybackup/
# zip and archive all files under mybackup directory
# -z : compress (zip)
$ tar zcvf mybackup.tgz mybackup/
# just show archive content do not extract
# -t : test (dry run)
$ tar tvf mybackup.tgz
# extract archive
# -x : extract
$ tar zxvf mybackup.tgz
tcpdump
# show network traffic on interface/s
# -nn : do not resolve DNS and port numbers
$ sudo tcpdump -i enp0s3 -nn icmp
[sudo] password for sysadm:
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on enp0s3, link-type EN10MB (Ethernet), snapshot length 262144 bytes
10:45:08.302983 IP 10.0.2.15 > 172.253.122.147: ICMP echo request, id 2, seq 1, length 64
10:45:08.314362 IP 172.253.122.147 > 10.0.2.15: ICMP echo reply, id 2, seq 1, length 64
10:45:09.307570 IP 10.0.2.15 > 172.253.122.147: ICMP echo request, id 2, seq 2, length 64
10:45:09.318367 IP 172.253.122.147 > 10.0.2.15: ICMP echo reply, id 2, seq 2, length 64
# show port 80 traffic on selected interface
$ sudo tcpdump -i enp0s3 -nn port 80
# show port 80 traffic on selected interface if source host is 10.0.2.15
$ sudo tcpdump -i enp0s3 -nn src 10.0.2.15 and port 80
# show port 80 traffic on selected interface if destination host is 172.253.122.147
$ sudo tcpdump -i enp0s3 -nn dst 172.253.122.147 and port 80
tr
# translate lower case letters to upper case
$ echo "a b c d" | tr [:lower:] [:upper:]
A B C D
# delete all digits
$ echo "a b c d 1 2 3" | tr -d [:digit:]
a b c d
# delete all space
$ echo "a b c d 1 2 3" | tr -d [:space:]
abcd123
# check out the different outputs
$ cat data
a b c d
1 2 3 4
$ cat data | tr -d [:space:]
abcd1234
$ cat data | tr -d " "
abcd
1234
uname
# show system kernel information
$ uname -a
Linux f36.local 5.18.13-200.fc36.x86_64 #1 SMP PREEMPT_DYNAMIC Fri Jul 22 14:03:36 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
uniq
# data set
$ cat data
a b c d
a b c d
1 2 3 4
1 2 3 4
# filter duplicate data per line
$ cat data | uniq
a b c d
1 2 3 4
# count number of duplicate lines
$ cat data | uniq -c
2 a b c d
2 1 2 3 4
uptime
# show uptime (regular)
$ uptime
08:32:01 up 1:13, 1 user, load average: 0.10, 0.06, 0.07
# show uptime (pretty)
$ uptime -p
up 1 hour, 13 minutes
# show uptime (since)
$ uptime -s
2022-08-03 07:18:47
w
# show who logged in
$ w
08:48:49 up 1:30, 1 user, load average: 0.23, 0.12, 0.09
USER TTY LOGIN@ IDLE JCPU PCPU WHAT
sysadm tty2 07:32 1:29m 0.02s 0.02s /usr/libexec/gnome-session-binary
wget
# download files from internet
$ wget https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.19.tar.xz
--2022-08-03 08:50:54-- https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.19.tar.xz
Resolving cdn.kernel.org (cdn.kernel.org)... 151.101.65.176, 151.101.129.176, 151.101.1.176, ...
Connecting to cdn.kernel.org (cdn.kernel.org)|151.101.65.176|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 131581464 (125M) [application/x-xz]
Saving to: ‘linux-5.19.tar.xz’
whoami
# show active user
$ whoami
sysadm
$ sudo su -
# whoami
root
zcat
# see zipped files content without extracting
$ cat data
a b c d
1 2 3 4
$ gzip data
$ zcat data.gz
a b c d
1 2 3 4