System info · Files · Processes · Networking · Users · Packages · Permissions · Storage · Text tools · Scheduling
$ uname -a # full info: kernel, hostname, arch $ uname -r # kernel version only $ uname -m # machine architecture (x86_64)
$ hostnamectl $ sudo hostnamectl set-hostname myserver $ hostname -f # fully qualified domain name
$ uptime # uptime + load averages $ uptime -p # human-readable: "up 5 days, 2 hours" $ who # who is logged in $ w # who + what they're doing $ last # login history
$ lscpu # CPU cores, threads, cache $ cat /proc/cpuinfo | grep "model name" | head -1 $ lsmem # memory ranges $ free -h # RAM + swap usage $ sudo lshw -short # full hardware list
$ ls -la # long format + hidden files $ ls -lhS # sorted by size, human-readable $ ls -lt # sorted by modification time (newest first) $ ls -lR /etc/ # recursive listing
$ find / -name "*.conf" 2>/dev/null $ find /home -user saad -type f $ find /var/log -mtime +30 -delete # delete files older than 30 days $ find . -size +100M # files larger than 100 MB $ find /etc -perm 777 # world-writable files (security risk!)
$ cp -a /src /dest # archive: preserves permissions + timestamps $ cp -r /src /dest # recursive copy $ mv file.txt /tmp/ $ rm -rf /path/to/dir # force-remove directory (no undo!) $ mkdir -p /path/new/dir # create nested directories
$ tar -czf backup.tar.gz /path/to/dir # create gzip archive $ tar -xzf backup.tar.gz -C /restore/ # extract to directory $ tar -tzf backup.tar.gz # list contents (no extract) $ zip -r archive.zip /path/to/dir $ unzip archive.zip -d /dest
$ rsync -avz /src/ /dest/ # archive, verbose, compressed $ rsync -avz -e ssh /local/ user@server:/remote/ # over SSH $ rsync -avz --delete /src/ /dest/ # mirror (deletes extra files) $ rsync -n -avz /src/ /dest/ # dry run — preview changes
$ ps aux # all processes $ ps aux | grep nginx $ ps -eo pid,ppid,cmd,%cpu,%mem --sort=-%cpu | head # top by CPU
$ top -u saad # filter by user $ top -d 2 # refresh every 2 seconds # In top: M=sort by memory, P=sort by CPU, k=kill, q=quit $ htop # colors, mouse support, easier to use $ btop # modern, most feature-rich (install separately)
$ kill 1234 # SIGTERM — graceful shutdown $ kill -9 1234 # SIGKILL — force kill (last resort) $ pkill nginx # kill by name $ killall -9 python3 $ pgrep -l nginx # find PIDs by name
$ nice -n 10 ./script.sh # start with low priority (-20 high, 19 low) $ renice -n -5 -p 1234 # raise priority of running process $ nohup ./script.sh & # run in background, survive logout $ jobs -l # list background jobs $ bg %1 && fg %1 # send to background / bring to foreground
$ ip a # all interfaces and IPs $ ip route # routing table $ ip route show default # default gateway $ sudo ip link set eth0 up # bring interface up $ sudo ip addr add 192.168.1.50/24 dev eth0
$ ss -tulnp # TCP/UDP listening ports with process names $ ss -tp state established # active connections $ netstat -tulnp # legacy equivalent (same output)
$ curl -I https://example.com # headers only $ curl -o file.zip https://example.com/file.zip $ curl -X POST -H "Content-Type: application/json" \ -d '{"key":"val"}' https://api.example.com $ wget -q -O - https://example.com/script.sh | bash
$ ping -c 4 google.com $ traceroute google.com # hop-by-hop path $ mtr google.com # live traceroute + ping stats $ dig google.com # DNS lookup $ dig +short google.com # just the IP $ dig -x 8.8.8.8 # reverse DNS lookup
$ sudo useradd -m -s /bin/bash -c "Saad Admin" saad $ sudo passwd saad $ sudo usermod -aG sudo saad # add to sudo group (Debian/Ubuntu) $ sudo usermod -aG wheel saad # add to wheel group (RHEL/Fedora) $ sudo usermod -L saad # lock account $ sudo userdel -r saad # delete user + home directory $ id saad # show UID, GID, groups
$ sudo groupadd devteam $ sudo gpasswd -a saad devteam # add user to group $ sudo gpasswd -d saad devteam # remove user from group $ groups saad # list groups for user
$ sudo apt update # refresh package index $ sudo apt upgrade -y # upgrade all packages $ sudo apt install nginx git curl $ sudo apt remove nginx $ sudo apt purge nginx # remove + config files $ sudo apt autoremove # remove orphaned deps $ apt search "web server" $ dpkg -l | grep nginx # check if installed $ dpkg -L nginx # list files installed by package
$ sudo dnf update -y $ sudo dnf install httpd $ sudo dnf remove httpd $ sudo dnf search nginx $ rpm -qa | grep nginx # list installed rpm packages $ rpm -ql nginx # files installed by package $ rpm -ivh package.rpm # install local RPM file
# r=4 w=2 x=1 | Owner · Group · Others $ chmod 755 script.sh # rwxr-xr-x — owner full, others read+exec $ chmod 644 file.txt # rw-r--r-- — owner rw, others read only $ chmod +x script.sh # add execute for everyone $ chmod -R 750 /var/www # recursive $ chmod u+s /usr/bin/prog # set SUID bit $ chmod o+t /tmp # sticky bit
$ chown saad file.txt $ chown saad:devteam file.txt # user:group $ chown -R www-data:www-data /var/www $ stat file.txt # show detailed file metadata
$ df -h # human-readable disk space $ df -Th # include filesystem type $ du -sh /var/log # total size of directory $ du -sh /var/log/* | sort -rh | head -10 # top 10 largest items $ ncdu / # interactive browser (apt install ncdu)
$ lsblk -f # block devices with filesystem info $ sudo blkid # UUIDs of all partitions $ sudo fdisk -l # partition table for all disks $ sudo mount /dev/sdb1 /mnt/data $ sudo umount /mnt/data # Permanent mount — add to /etc/fstab: UUID=abc123 /mnt/data ext4 defaults 0 2 $ sudo mount -a # mount all fstab entries
$ grep "error" /var/log/syslog $ grep -i "failed" /var/log/auth.log # case-insensitive $ grep -r "TODO" /home/saad/projects/ # recursive $ grep -n "root" /etc/passwd # show line numbers $ grep -v "^#" /etc/ssh/sshd_config # exclude comments $ grep -E "error|warn|crit" /var/log/syslog # multiple patterns
$ sed 's/foo/bar/g' file.txt # replace all occurrences $ sed -i 's/old/new/g' file.txt # in-place edit $ sed '/^#/d' file.txt # delete comment lines $ awk -F: '{print $1}' /etc/passwd # print column 1 (usernames) $ awk '$3 > 1000 {print $1,$3}' /etc/passwd # users with UID > 1000
$ cat /etc/passwd $ head -20 /var/log/syslog $ tail -50 /var/log/nginx/error.log $ tail -f /var/log/syslog # live follow (stream new lines) $ less /var/log/auth.log # scroll: j/k, search: /term, quit: q $ wc -l file.txt # count lines
# Cron syntax: MIN HOUR DAY MONTH DOW command $ crontab -e # edit your crontab $ crontab -l # list current crontab $ crontab -r # remove crontab # Examples: * * * * * /script.sh # every minute 0 2 * * * /backup.sh # daily at 2am 0 2 * * 0 /weekly.sh # every Sunday at 2am */5 * * * * /check.sh # every 5 minutes @reboot /startup.sh # on boot $ grep CRON /var/log/syslog # view cron logs
$ alias ll='ls -lah --color=auto' $ alias update='sudo apt update && sudo apt upgrade -y' # Add to ~/.bashrc to persist $ history | tail -20 $ !42 # re-run history item 42 $ !! # re-run last command $ sudo !! # re-run last command with sudo (huge timesaver) # Ctrl+R → interactive history search
Spin up a Linux droplet in 60 seconds and run every command in this cheat sheet on a real server.
Get Started →