Directory Related Commands
Command cd Summary Use Use cd to change directories. Type cd followed by the name of a directory to access that directory. Keep in mind that you are always in a directory and can navigate to directories hierarchically above or below. Ex: cd games If the directory games is not located hierarchically below the current directory, then the complete path must be written out. Ex: cd /usr/games To move up one directory, use the shortcut command. Ex: cd .. Use cp -r to copy a directory and all of its contents Type cp -r followed by the name of an existing directory and the name of the new directory. Ex: cp -r testing newdir You must include the -r or youll see the following message: cp: testing is a directory and -r not specified. This command saves you time if you need to make a mirror image of a directory packed with files.
mkdir
Use mkdir to make/create a brand new directory Type mkdir followed by the name of a directory. Ex: mkdir testdir Use mv to change the name of a directory Type mv followed by the current name of a directory and the new name of the directory. Ex: mv testdir newnamedir
mv
pwd
Trying to find out where on your Linux server you currently are located? The pwd (print working directory) command will show you the full path to the directory you are currently in. This is very handy to use, especially when performing some of the other commands on this page! Use rmdir to remove an existing directory (assuming you have permissions set to allow this). Type rmdir followed by a directory's name to remove it. Ex: rmdir testdir You CAN'T remove a directory that contains files with this command. Instead to delete non-empty directories in Linux, use the more useful command:rm -r This command removes directories and files within the directories. Read more details about this in Commands for Beginning Admins The rmdir command is used mostly to remove empty directories. If you have a desire to use this command then you'll need to delete or move the files before attempting to remove a full directory. For more help please read the mv command and also File Related Commands.
rmdir
Manipulating Files - Linux Commands
Command
chmod
Summary Use
The chmod command allows you to alter access rights to files and directories. All files and directories have security permissions
that grant the user particular groups or all other users access. To view your files' settings, at the shell prompt type: ls -alt You should see some files with the following in front of them (an example follows):
total 4 drwxrwsr-x drwxr-s--x d-wx-wx-wx content drwxr-xr-x 7 reallyli reallyli 1024 Apr 6 14:30 . 22 reallyli reallyli 1024 Mar 30 18:20 .. 3 reallyli reallyli 1024 Apr 6 14:30 2 reallyli reallyli 1024 Mar 25 20:43 files
What do the letters mean in front of the files/directories mean? r indicates that it is readable (someone can view the files contents) w indicates that it is writable (someone can edit the files contents) x indicates that it is executable (someone can run the file, if executable) - indicates that no permission to manipulate has been assigned When listing your files, the first character lets you know whether youre looking at a file or a directory. Its not part of the security settings. The next three characters indicate Your access restrictions. The next three indicate your group's permissions, and finally other users' permissions. Use chmod followed by the permission you are changing. In very simple form this would be: chmod 755 filename The example above will grant you full rights, group rights to execute and read, and all others access to execute the file. # Permission 7 full 6 read and write 5 read and execute
4 read only 3 write and execute 2 write only 1 execute only 0 none Still confused? Use the table above to define the settings for the three "users." In the command, the first number refers to your permissions, the second refers to group, and the third refers to general users. Typing the command: chmod 751 filename gives you full access, the group read and execute, and all others execute only permission.
cp
Type cp followed by the name of an existing file and the name of the new file. Ex: cp newfile newerfile To copy a file to a different directory (without changing th e files name), specify the directory instead of the new filename. Ex: cp newfile testdir To copy a file to a different directory and create a new file name, you need to specify a directory/a new file name. Ex: cp newfile testdir/newerfile cp newfile ../newerfile The .. represents one directory up in the hierarchy.
file
Type file followed by the name of an existing file in the directory. Ex: file emergency3_demo.exe OUTPUT: MS-DOS executable (EXE)
This command allows you to figure out what the file type is and how to use it. For instance the command will tell you whether it is an executable, a compressed file and which type, or something unusual. This command is simplistic, but often can allow you to determine why a file does not respond the way you expect. mv Type mv followed by the current name of a file and the new name of the file. Ex: mv oldfile newfile Type mv followed by the name of a file and the new directory where you'd like to place the file. Ex: mv newfile testdir This moves the file named newfile to an existing directory named testdir. Be certain youre specifying a directory name or the mv command alters the name of the file instead of moving it. rm Type rm followed by the name of a file to remove the file. Ex: rm newfile Use the wildcard character to remove several files at once. Ex: rm n* This command removes all files beginning with n. Type rm -i followed by a filename if youd like to be prompted before the file is actually removed. Ex: rm -i newfile rm -i n* By using this option, you have a chance to verify the removal of each file. The -i option is very handy when removing a number of files using the wildcard character *.
Beginner Server Administrator Commands
Compiled and Updated by Mark Rais exclusively for ReallyLinux.com
Command Command
arp
Summary Use Summary Use
Command mostly used for checking existing Ethernet connectivity and IP address Most common use: arp This command should be used in conjunction with the ifconfig and route commands. It is mostly useful for me to check a network card and get the IP address quick. Obviously there are many more parameters, but I am trying to share the basics of server administration, not the whole book of commands. Display filesystem information Most common use: df -h Great way to keep tabs on how much hard disk space you have on each mounted file system. You should also review our other commands like file permissions here. Display usage Most common use, under a specific directory: du -a Easily and quickly identify the size of files/programs in certain directories. A word of caution is that you should not run this command from the / directory. It will actually display size for every file on the entire Linux harddisk. This command is also particularly handy if you are checking system resources. Although I provide a number of Linux networking related commands if you're interested.
df
du
find
Find locations of files/directories quickly across entire filesystem Most common use: find / -name appname -type d -xdev
(replace the word appname with the name of a file or application like gimp) This is a very powerful command and is best used when running as root or superuser. The danger is that you will potentially look across every single file on every filesystem, so the syntax is very important. The example shown allows you to search against all directories below / for the appname found in directories but only on the existing filesystem. It may sound complex but
the example shown allows you to find a program you may need within seconds! Other uses and more complex but beneficial functions include using the -exec or execute a command. You may also try the commands: locate or try slocate Command line tool to configure or check all network cards/interfaces Most common uses: ifconfig and also ifconfig eth0 10.1.1.1 Using the plain ifconfig command will show you the details of all the already configured network cards or interfaces. This is a great way to get a check that your network hardware is working properly. You may also benefit from this review of server configuration. Using the many other options of ifconfig such as the one listed allows you to assign a particular interface a static IP address. I only show an example and not a real world command above. Also review some commands for file permissions here.. Your best bet, if you want to configure your network card using this command is to first read the manual pages. You access them by typing: man ifconfig Allows you to change the server bootup on a specific runlevel Most common use: init 5 This is a useful command, when for instance a servers fails to identify video type, and ends up dropping to the non-graphical boot-up mode (also called runlevel 3). The server runlevels rely on scripts to basically start up a server with specific processes and tools upon bootup. Runlevel 5 is the default graphical runlevel for Linux servers. But sometimes you get stuck in a different mode and need to force a level. For those rare cases, the init command is a simple way to force the mode without having to edit the inittab file. Of course, this command does not fix the underlying problem, it just provides a fast way to change levels as needed. For a more permanent correction to the runlevel, edit your /etc/inittab file to state: id:5:initdefault: Easy to use command line editor are always included with most Linux versions and flavors. One I tend to use for fast easy editing is nano. Most common uses: nano filename A real world example for you to get a better sense on how this works: nano /etc/dhcp3/dhcpd.conf This allows you to edit using nano the dhcpd.conf configuration file from the
ifconfig
init
nano
command line. Maybe you are not up to speed on vi, or never learned how to use emacs? On most Linux flavors the text editor named joe or one named nano are available. These basic but easy to use editors are useful for those who need a text editor on the command line but don't know vi or emacs. Although, I do highly recommend that you learn and use Vi and Emacs editors as well. Regardless, you will need to use a command line editor from time to time. You can also use cat and more commands to list contents of files, but this is basic stuff found under the basic linux commands listing. Try: more filename to list contents of the filename. Summary of network connections and status of sockets Most common uses: netstat and also netstat |head and also netstat -r Netstat command simply displays all sockets and server connections. The top few lines are usually most helpful regarding webserver administration. Therefore if you are doing basic webserver work, you can quickly read the top lines of the netstat output by including the |head (pipe and head commands). Using the -r option gives you a very good look at the network routing addresses. This is directly linked to the route command. Checks the domain name and IP information of a server Most common use: nslookup www.hostname.com You are bound to need this command for one reason or another. When performing server installation and configuration this command gives you the existing root server IP and DNS information and can also provide details from other remote servers. Therefore, it is also a very useful security command where you can lookup DNS information regarding a particular host IP that you may see showing up on your server access logs. Note there are some other commands like file permissions that may also help. There is a lot more to this command and using the man pages will get you the details by typing: man nslookup Sends test packets to a specified server to check if it is responding properly Most common use: ping 10.0.0.0 (replace the 10.0.0.0 with a true IP address)
netstat
nslookup
ping
This is an extremely useful command that is necessary to test network connectivity and response of servers. It creates a series of test packets of data that are then bounced to the server and back giving an indication whether the server is operating properly. It is the first line of testing if a network failure occurs. If ping works but for instance FTP does not, then chances are that the server is configured correctly, but the FTP daemon or service is not. However, if even ping does not work there is a more significant server connectivity issue& like maybe the wires are not connected or the server is turned off! The outcome of this command is pretty much one of two things. Either it works, or you get the message destination host unreachable. It is a very fast way to check even remote servers. Lists all existing processes on the server Most common uses: ps and also ps -A |more The simple command will list every process associated with the specific user running on the server. This is helpful in case you run into problems and need to for instance kill a particular process that is stuck in memory. On the other hand, as a system administrator, I tend to use the -A with the |more option. This will list every process running on the server one screen at a time. Read more of our commands on our reallylinux.com help page. I use ps to quickly check what others are goofing with on my servers and often find that I'm the one doing the dangerous goofing! Removes/deletes directories and files Most common use: rm -r name (replace name with your file or directory name) The -r option forces the command to also apply to each subdirectory within the directory. This will work for even non-empty directories. For instance if you are trying to delete the entire contents of the directory x which includes directories y and z this command will do it in one quick process. That is much more useful than trying to use the rmdir command after deleting files! Instead use the rm -r command and you will save time and effort. You may already have known this but since server administrators end up spending a lot of time making and deleting I included this tip! Lists the routing tables for your server Most common use: route -v
ps
rm
route
shred
This is pretty much the exact same output as the command netstat -r. You can suit yourself which you prefer to run. I tend to type netstat commands a lot more than just route and so it applies less to my situation, but who knows, maybe you are going to love and use route the most! Deletes a file securely by overwriting its contents Most common use: shred -v filename (replace filename with your specific file) The -v option is useful since it provides extra view of what exactly the shred tool is doing while you wait. On especially BIG files this could take a bit of time. The result is that your file is so thoroughly deleted it is very unlikely to ever be retrieved again. This is especially useful when trying to zap important server related files that may include confidential information like user names or hidden processes. It is also useful for deleting those hundreds of love notes you get from some of the users on your server, another bonus of being a server administrator. :) The super-user do command that allows you to run specific commands that require root access. Most common use: sudo command (replace command with your specific one) This command is useful when you are logged into a server and attempt a command that requires super-user or root privileges. In most cases, you can simply run the command through sudo, without having to log in as root. In fact, this is a very beneficial way to administer your server without daily use of the root login, which is potentially dangerous. Note there are other commands for file permissions here. Below is a simple example of the sudo capabilities: sudo cd /root This command allows you to change directories to the /root without having to login as root. Note that you must enter the root password once, when running a sudo command. Displays many system statistics and details regarding active processes Most common use: top This is a very useful system administrator tool that basically gives you a summary view of the system including number of users, memory usage, CPU usage, and active processes.
sudo
top
touch
Often during the course of a day when running multiple servers, one of my Xwindows workstations just displays the top command from each of the servers as a very quick check of their status and stability. Allows you to change the timestamp on a file. Most common use: touch filename Using the basic touch command, as above, will simply force the current date and time upon the specified file. This is helpful, but not often used. However, another option that I've used in the past when administering servers, is to force a specific timestamp on a set of files in a directory. Read more of our commands on our reallylinux.com help page. For instance, to force a specific date and time upon all files in a directory, type: touch * You can also force a specific date/time stamp using the -t option like this: touch -t200103041200.00 * The command above will change all files in the current directory to take on the new date of March 4th, 2001 at noon. The syntax follows this pattern: YYYYMMDDhhmm.ss YYYY represents the four digit year, then the two digit month, day, hour and minutes. You can even specify seconds as noted above. In any case, this is a useful way to control timestamps on any files on your server. Traces the existing network routing for a remote or local server Most common use: traceroute hostname (replace hostname with the name of your server such as reallylinux.com) This is a very powerful network command that basically gives the exact route between your machine and a server. In some cases you can actually watch the network hops from country to country across an ocean, through data centers, etc. Read more of our commands on our reallylinux.com help page. This comes in handy when trying to fix a network problem, such as when someone on the network can not get access to your server while others can. This can help identify the break or error along the network line. One strong note to you is not to misuse this command! When you run the traceroute everyone of those systems you see listed also sees YOU doing the traceroute and therefore as a matter of etiquette and
traceroute
respect this command should be used when necessary not for entertainment purposes. A key characteristic of gainfully employed server administrators: knowing when to use commands and when not to use them! An extension of the who command that displays details of all users currently on the server Most common uses: w This is a very important system admin tool I use commonly to track who is on the server and what processes they are running. It is obviously most useful when run as a super-user. The default setting for the w command is to show the long list of process details. You can also run the command w -s to review a shorter process listing, which is helpful when you have a lot of users on the server doing a lot of things! Remember that this is different than the who command that can only display users not their processes.
Command # cd /home # cd .. # cd ../.. # cd # cd ~user1 # cd # cp file1 file2 # cp dir/* . # cp -a /tmp/dir1 . # cp -a dir1 dir2 # cp file file1 # iconv -l # iconv -f fromEncoding -t toEncoding inputFile > outputFile
Description enter to directory '/ home' [man] go back one level [man] go back two levels [man] go to home directory [man] go to home directory [man] go to previous directory [man] copying a file [man] copy all files of a directory within the current work directory [man] copy a directory within the current work directory [man] copy a directory [man] outputs the mime type of the file as text [man] lists known encodings [man] converting the coding of characters from one format to another [man]
# find . -maxdepth 1 -name *.jpg -print -exec batch resize files in the current directory and convert send them to a thumbnails directory (requires convert from Imagemagick) [man] # ln -s file1 lnk1 # ln file1 lnk1 # ls # ls -F # ls -l # ls -a # ls *[0-9]* # lstree # mkdir dir1 # mkdir dir1 dir2 # mkdir -p /tmp/dir1/dir2 # mv dir1 new_dir # pwd # rm -f file1 # rm -rf dir1 # rm -rf dir1 dir2 # rmdir dir1 # touch -t 0712250000 file1 # tree create a symbolic link to file or directory [man] create a physical link to file or directory [man] view files of directory [man] view files of directory [man] show details of files and directory [man] show hidden files [man] show files and directory containing numbers [man] show files and directories in a tree starting from root(2) [man] create a directory called 'dir1' [man] create two directories simultaneously [man] create a directory tree [man] rename / move a file or directory [man] show the path of work directory [man] delete file called 'file1' [man] remove a directory called 'dir1' and contents recursively [man] remove two directories and their contents recursively [man] delete directory called 'dir1' [man] modify timestamp of a file or directory (YYMMDDhhmm) [man] show files and dire
1.Arp
manipulates the kernels ARP cache in various ways. The primary options are clearing an address mapping entry and manually setting up one. For debugging purposes, the arp program also allows a complete dump of the ARP cache.ARP displays the IP address assigned to particular ETH card and mac address
[fasil@smashtech ]# arp Address HWtype HWaddress 59.36.13.1 ether C
Flags Mask eth0
Iface
2.Ifconfig is used to configure the network interfaces.
Normally we use this command to check the IP address assigned to the system.It is used at boot time to set up interfaces as necessary. After that, it is usually only needed when debugging or when system tuning is needed. [fasil@smashtech ~]# /sbin/ifconfig eth0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:126341 errors:0 dropped:0 overruns:0 frame:0 TX packets:44441 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000
3. Netstat
prints information about the networking subsystem. The type of information
which is usually printed by netstat are Print network connections, routing tables, interface statistics, masquerade connections, and multicast. [fasil@smashtech ~]# netstat Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 .230.87:https ESTABLISHED Active UNIX domain sockets (w/o servers) Proto RefCnt Flags Type State I-Node Path unix 10 [ ] DGRAM 4970 /dev/log unix 2 [] DGRAM 6625 @/var/run/hal/hotplug_socket unix 2 [] DGRAM 2952 @udevd unix 2 [] DGRAM 100564 unix 3 [] STREAM CONNECTED 62438 /tmp/.X11-unix/X0 unix 3 [] STREAM CONNECTED 62437 unix 3 [] STREAM CONNECTED 10271 @/tmp/fam-rootunix 3 [] STREAM CONNECTED 10270 unix 3 [] STREAM CONNECTED 9276 unix 3 [] STREAM CONNECTED 9275
4.ping command is used to check the connectivity of a system to a network.Whenever there
is problem in network connectivity we use ping to ensure the system is connected to network.
[root@smashtech ~]# ping google.com PING google.com (74.125.45.100) 56(84) bytes of data. 64 bytes from yx-in-f100.google.com (74.125.45.100): icmp_seq=0 ttl=241 time=295 ms 64 bytes from yx-in-f100.google.com (74.125.45.100): icmp_seq=1 ttl=241 time=277 ms 64 bytes from yx-in-f100.google.com (74.125.45.100): icmp_seq=2 ttl=241 time=277 ms --- google.com ping statistics --3 packets transmitted, 3 received, 0% packet loss, time 6332ms rtt min/avg/max/mdev = 277.041/283.387/295.903/8.860 ms, pipe 2
5.Nslookup
is a program to query Internet domain name servers. Nslookup has two modes: interactive and non-interactive. Interactive mode allows the user to query name servers for information about various hosts and domains or to print a list of hosts in a domain. Noninteractive mode is used to print just the name and requested information for a host or domain. [fasil@smashtech ~]# nslookup google.com Server: server ip Address: gateway ip 3 Non-authoritative answer: Name: google.com Address: 209.85.171.100 Name: google.com Address: 74.125.45.100 Name: google.com Address: 74.125.67.100
6. dig (domain information groper) is a flexible tool for interrogating DNS name servers. It
performs DNS lookups and displays the answers that are returned from the name server(s) that were queried. Most DNS administrators use dig to troubleshoot DNS problems because of its flexibility, ease of use and clarity of output. Other lookup tools tend to have less functionality than dig. [fasil@smashtech ~]# dig google.com ; <<>> DiG 9.2.4 <<>> google.com ;; global options: printcmd
;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4716 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 4 ;; QUESTION SECTION: ;google.com. IN ;; ANSWER SECTION: google.com. 122 google.com. 122 google.com. 122
IN IN IN
A A A
74.125.45.100 74.125.67.100 209.85.171.100
;; AUTHORITY SECTION: google.com. 326567 google.com. 326567 google.com. 326567 google.com. 326567
IN IN IN IN
NS NS NS NS
ns3.google.com. ns4.google.com. ns1.google.com. ns2.google.com.
;; ADDITIONAL SECTION: ns1.google.com. 152216 ns2.google.com. 152216 ns3.google.com. 152216 ns4.google.com. 152216
IN IN IN IN
A A A A
216.239.32.10 216.239.34.10 216.239.36.10 216.239.38.10
;; Query time: 92 msec ;; SERVER: 172.29.36.1#53(172.29.36.1) ;; WHEN: Thu Mar 5 14:38:45 2009 ;; MSG SIZE rcvd: 212
7.Route manipulates the
IP routing tables. Its primary use is to set up static routes to specific hosts or networks via an interface after it has been configured with the ifconfig program.When the add or del options are used, route modifies the routing tables. Without these options, route displays the current contents of the routing tables. [fasil@smashtech ~]# route Kernel IP routing table Destination Gateway Genmask 54.192.56.321 * 255.255.255.0 * 255.255.0.0 U 0 0 default 0.0.0.0 UG 0 0
Flags Metric Ref Use Iface U 0 0 0 eth0 0 eth0 0 eth0
8.Traceroute : Internet is a large and complex aggregation of network hardware,
connected together by gateways. Tracking the route ones packets follow (or finding the miscreant gateway thats discarding your packets) can be difficult. Traceroute utilizes the IP protocol time to live field and attempts to elicit an ICMP TIME_EXCEEDED response from each gateway along the path to some host. The only mandatory parameter is the destination host name or IP number. The default probe datagram length is 40 bytes, but this may be increased by specifying a packet length (in bytes) after the destination host name. [fasil@smashtech ~]# traceroute google.com traceroute: Warning: google.com has multiple addresses; using 209.85.171.100 traceroute to google.com (209.85.171.100), 30 hops max, 38 byte packets 1 ***
9.W-displays
information about the users currently on the machine, and their processes. The
header shows, in this order, the current time, how long the system has been running, how many users are currently logged on, and the system load averages for the past 1, 5, and 15 minutes. [fasil@smashtechl ~]# w 15:18:22 up 4:38, 3 users, load average: 0.89, 0.34, 0.19 USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT root :0 10:41 ?xdm? 24:53 1.35s /usr/bin/gnome-session root pts/1 :0.0 10:58 1.00s 0.34s 0.00s w root pts/2 :0.0 12:10 23:32 0.03s 0.03s bash
10. Nmap
is designed to allow system administrators and curious individuals to scan large networks to determine which hosts are up and what services they are offering. nmap supports a large number of scanning techniques such as:UDP, TCP connect(), TCP SYN (half open), ftp proxy (bounce attack), ICMP (ping sweep), FIN, ACK sweep, Xmas Tree,SYN sweep, IP Protocol, and Null scan. See the Scan Types section for more details. nmap also offers a number of advanced features such as remote OS detection via TCP/IP fingerprinting, stealth scanning, dynamic delay and retransmission calculations, parallel scanning, detection of down hosts via parallel pings, decoy scanning, port filtering detection, direct (non-portmapper) RPC scanning, fragmentation scanning, and flexible target and port specification. Significant effort has been put into decent nmap performance for non-root users. Unfortunately, many critical kernel interfaces (such as raw sockets) require root privileges.
nmap should be run as root whenever possible (not setuid root, of course). The result of running nmap is usually a list of interesting ports on the machine(s) being scanned (if any). Nmap always gives the ports "well known" service name (if any), number, state, and protocol. The state is either"open", "filtered", or "unfiltered". Open means that the target machine will accept() connections on that port.Filtered means that a firewall, filter, or other network obstacle is covering the port and preventing nmap from determining whether the port is open. Unfiltered means that the port is known by nmap to be closed and no fire-wall/filter seems to be interfering with nmaps attempts to determine this. Unfiltered ports are the common case and are only shown when most of the scanned ports are in the filtered state. Depending on options used, nmap may also report the following characteristics of the remote host: OS in use, TCP sequentiality, usernames running the programs which have bound to each port, the DNS name, whether the host is a smurf address, and a few other-Network exploration tool and security scanners. [fasil@smashtech ~]# nmap 52.194.69.152 Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2009-03-05 15:21 IST Interesting ports on 52.194.69.152 (The 1658 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 22/tcp open ssh 111/tcp open rpcbind