Linux System Administration Commands Guide
Category: System Administration & DevOps
Tags: linux, system-admin, process-management, file-operations, user-management, monitoring
Essential System Administration Commands
What this guide covers: Comprehensive reference for Linux system administration commands covering process management, file operations, user management, system monitoring, and maintenance tasks.
Why master these commands: System administrators need these commands for daily operations, troubleshooting, automation, and maintaining healthy Linux systems. These are the foundation tools for managing servers and workstations.
Process Management Commands
ps - Display running processes
What it does: Shows information about currently running processes including process IDs (PIDs), CPU usage, memory usage, and command details.
Why essential: Process management is fundamental to system administration. You need to identify running processes, find resource-heavy applications, and manage system performance.
When to use: Troubleshoot high CPU/memory usage, find specific processes, monitor system activity, identify processes before killing them.
# Basic process listing
ps # Shows processes for current user in current terminal
ps aux # Shows ALL processes with detailed information (most common)
ps -ef # Alternative format showing all processes with full command lines
ps -u username # Shows processes for specific user only
# Why: Get overview of system activity, identify resource usage,
# find processes by user, see complete command arguments
# Advanced process filtering
ps aux | grep nginx # Find specific processes by name
ps aux --sort=-%cpu # Sort by CPU usage (highest first)
ps aux --sort=-%mem # Sort by memory usage (highest first)
ps -eo pid,ppid,cmd,%mem,%cpu --sort=-%cpu # Custom columns sorted by CPU
# Why: Quickly find problematic processes, identify resource hogs,
# get specific information about processes of interest
# Process tree view
ps auxf # Shows process hierarchy (parent-child relationships)
ps -ejH # Alternative tree view format
pstree # Dedicated command for process tree visualization
pstree -p # Process tree with PIDs
# Why: Understand process relationships, identify parent processes,
# see which processes spawn others, troubleshoot process dependencies
top/htop - Real-time process monitoring
What it does: Displays and continuously updates information about running processes, system load, CPU usage, and memory usage in real-time.
Why crucial: Essential for real-time system monitoring, identifying performance bottlenecks, and watching system behavior as it changes.
When to use: System performance issues, monitor resource usage over time, identify processes causing problems, system capacity planning.
# Basic top usage
top # Real-time process monitor with system summary
htop # Enhanced version with better interface and features
top -u username # Show processes for specific user only
top -p 1234,5678 # Monitor specific processes by PID
# Why: Watch system performance in real-time, see immediate impact of changes,
# identify intermittent performance issues
# Top interactive commands (while top is running)
# Press 'q' to quit
# Press 'k' then PID to kill process
# Press 'r' then PID to renice (change priority)
# Press 'M' to sort by memory usage
# Press 'P' to sort by CPU usage
# Press '1' to show individual CPU cores
# Why: Interactive control allows immediate response to problems,
# sort by different criteria to find issues, kill problematic processes immediately
# Advanced monitoring
top -b -n 1 # Batch mode - single snapshot (useful in scripts)
top -d 2 # Update every 2 seconds instead of default
watch -n 1 'ps aux --sort=-%cpu | head -10' # Alternative: watch top CPU processes
# Why: Automate monitoring in scripts, adjust update frequency for different needs,
# create custom monitoring views
kill/killall - Terminate processes
What it does: Sends signals to processes to terminate them, restart them, or modify their behavior. Different signals provide different ways to stop processes.
Why essential: Sometimes processes hang, consume too many resources, or need to be restarted. Proper process termination is crucial for system stability.
When to use: Unresponsive applications, runaway processes consuming resources, scheduled process restarts, emergency system recovery.
# Basic process termination
kill 1234 # Sends TERM signal to process ID 1234 (polite shutdown)
kill -9 1234 # Sends KILL signal (force termination - last resort)
kill -15 1234 # Sends TERM signal explicitly (same as kill 1234)
killall nginx # Kills all processes named "nginx"
# Why: TERM signal allows graceful shutdown (process can clean up),
# KILL signal forces immediate termination, killall affects multiple processes at once
# Different signal types
kill -HUP 1234 # Hangup signal (often causes process to reload config)
kill -USR1 1234 # User-defined signal 1 (application-specific behavior)
kill -STOP 1234 # Stops process (can be resumed)
kill -CONT 1234 # Continues stopped process
# Why: Different signals provide different process control options,
# HUP often reloads configuration without full restart,
# STOP/CONT allows pausing processes temporarily
# Find and kill processes
pkill nginx # Kills processes by name (more flexible than killall)
pkill -u username # Kills all processes owned by user
pkill -f "python script.py" # Kills processes matching command line pattern
pgrep nginx # Finds process IDs by name (doesn't kill)
# Why: More flexible process identification, kill by user or command pattern,
# pgrep helps verify what will be killed before actually killing
jobs/bg/fg - Job control
What it does: Manages processes started from the current shell, allowing you to run processes in background, bring them to foreground, and control job execution.
Why useful: Allows multitasking in terminal, run long processes in background while continuing to work, manage multiple tasks efficiently.
When to use: Running long-running tasks, managing multiple terminal processes, continuing work while processes run in background.
# Job control basics
command & # Runs command in background immediately
jobs # Lists all jobs running from current shell
fg # Brings most recent background job to foreground
fg %1 # Brings specific job number to foreground
bg # Resumes most recent stopped job in background
# Why: Continue working while long processes run, manage multiple tasks,
# switch between different running processes
# Practical job control
./long-script.sh & # Start script in background
# Press Ctrl+Z to stop current foreground process
bg # Resume stopped process in background
nohup ./script.sh & # Run process that survives shell logout
disown %1 # Detach job from shell (survives shell exit)
# Why: Keep processes running after logout, handle accidental stops,
# manage processes independently of shell session
File Operations Commands
ls - List directory contents
What it does: Displays files and directories in specified locations with various formatting and filtering options.
Why fundamental: Basic file system navigation and information gathering. Essential for understanding directory structure and file properties.
When to use: Navigate file system, check file permissions, find files, verify file modifications, audit directory contents.
# Basic directory listing
ls # Lists files in current directory
ls /path/to/directory # Lists files in specific directory
ls -l # Long format with permissions, ownership, size, dates
ls -la # Long format including hidden files (starting with .)
ls -lh # Long format with human-readable file sizes (KB, MB, GB)
# Why: See what files exist, check file details, verify permissions,
# understand directory structure
# Advanced listing options
ls -lt # Sort by modification time (newest first)
ls -lS # Sort by file size (largest first)
ls -lR # Recursive listing (shows subdirectories)
ls -d */ # List only directories
ls *.txt # List files matching pattern
# Why: Find recently modified files, identify large files taking space,
# explore directory structure, filter by file type
# Detailed file information
ls -li # Shows inode numbers (useful for hardlink identification)
ls --color=always # Force colored output even when piped
ls -F # Add indicators (/ for directories, * for executables)
ls -1 # One file per line (useful for scripting)
# Why: Understand file system structure at low level, create readable output,
# identify different file types visually, format for script processing
find - Search for files and directories
What it does: Recursively searches directory trees for files and directories matching specified criteria. Can execute commands on found files.
Why powerful: Most flexible file searching tool. Can find files by name, size, date, permissions, content, and many other criteria. Essential for system administration and maintenance.
When to use: Locate specific files, find large files consuming disk space, search for security issues, automate file management tasks, clean up old files.
# Basic file searching
find /path -name "filename" # Find files with exact name
find /path -name "*.txt" # Find files matching pattern
find /path -iname "*.TXT" # Case-insensitive name search
find . -name "config*" # Find files starting with "config" in current directory
# Why: Locate specific files quickly, find files by pattern across directory tree,
# handle case-insensitive searches
# Search by file properties
find /path -type f # Find regular files only
find /path -type d # Find directories only
find /path -size +100M # Find files larger than 100MB
find /path -size -1k # Find files smaller than 1KB
find /path -mtime -7 # Find files modified in last 7 days
find /path -mtime +30 # Find files modified more than 30 days ago
# Why: Clean up large files, find recently changed files for troubleshooting,
# identify old files for archival, locate specific file types
# Search by permissions and ownership
find /path -perm 777 # Find files with exact permissions
find /path -perm -u+w # Find files writable by owner
find /path -user username # Find files owned by specific user
find /path -group groupname # Find files owned by specific group
find /path -perm /u+s # Find files with setuid bit
# Why: Security auditing, find files with dangerous permissions,
# locate files owned by specific users, identify security risks
# Execute commands on found files
find /path -name "*.log" -delete # Delete all .log files
find /path -name "*.tmp" -exec rm {} \; # Alternative deletion method
find /path -name "*.txt" -exec wc -l {} \; # Count lines in all .txt files
find /path -type f -exec chmod 644 {} \; # Set permissions on all files
# Why: Automate file management, perform bulk operations,
# maintain file permissions, clean up unwanted files
chmod/chown - Change file permissions and ownership
What it does: chmod changes file permissions (read, write, execute for owner, group, others). chown changes file ownership (user and group).
Why critical: File permissions are fundamental to Linux security. Proper permissions prevent unauthorized access and ensure system security.
When to use: Set up new files/directories, fix permission problems, secure sensitive files, configure web server files, troubleshoot access issues.
# chmod - Change permissions using numeric mode
chmod 755 file.txt # rwxr-xr-x (owner: rwx, group: rx, others: rx)
chmod 644 file.txt # rw-r--r-- (owner: rw, group: r, others: r)
chmod 600 file.txt # rw------- (owner: rw, group: none, others: none)
chmod 777 file.txt # rwxrwxrwx (everyone: rwx - dangerous!)
# Why: Numeric mode is precise and commonly used in documentation,
# 755 is common for directories, 644 for files, 600 for private files
# chmod - Change permissions using symbolic mode
chmod u+x file.txt # Add execute permission for owner
chmod g-w file.txt # Remove write permission for group
chmod o+r file.txt # Add read permission for others
chmod a+x file.txt # Add execute permission for all (owner, group, others)
chmod u=rw,g=r,o= file.txt # Set exact permissions (owner: rw, group: r, others: none)
# Why: Symbolic mode is more intuitive, easier to modify specific permissions,
# clearer when making incremental changes
# Recursive permission changes
chmod -R 755 /path/to/directory # Apply permissions to directory and all contents
chmod -R u+w /path/to/directory # Add write permission recursively
find /path -type f -exec chmod 644 {} \; # Set file permissions only (not directories)
find /path -type d -exec chmod 755 {} \; # Set directory permissions only
# Why: Configure entire directory trees, separate file and directory permissions,
# fix permission problems in bulk
# chown - Change ownership
chown user file.txt # Change owner to 'user'
chown user:group file.txt # Change owner to 'user' and group to 'group'
chown :group file.txt # Change group only
chown -R user:group /path/to/directory # Change ownership recursively
# Why: Transfer file ownership, set up proper ownership for services,
# fix ownership problems after file transfers
cp/mv/rm - Copy, move, and remove files
What it does: Basic file operations - copying files/directories, moving/renaming them, and deleting them.
Why essential: Fundamental file management operations needed daily for organizing files, making backups, cleaning up systems.
When to use: File organization, creating backups, system maintenance, installing/configuring software, cleaning up disk space.
# cp - Copy files and directories
cp file1.txt file2.txt # Copy file1 to file2 (creates new file)
cp file1.txt /path/to/destination/ # Copy file to different directory
cp -r directory1 directory2 # Copy directory recursively
cp -p file1.txt file2.txt # Preserve permissions, timestamps, ownership
cp -u source/* destination/ # Copy only if source is newer than destination
# Why: Create backups, duplicate files for modification,
# preserve file attributes when needed, efficient incremental copying
# Advanced copy options
cp -a source destination # Archive mode (preserves everything, recursive)
cp -i file1.txt file2.txt # Interactive mode (prompts before overwriting)
cp -v file1.txt file2.txt # Verbose mode (shows what's being copied)
cp --backup=numbered file1.txt file2.txt # Create numbered backups of existing files
# Why: Complete file preservation, prevent accidental overwrites,
# see progress of copy operations, maintain backup versions
# mv - Move and rename files
mv oldname.txt newname.txt # Rename file
mv file.txt /path/to/destination/ # Move file to different directory
mv directory1 directory2 # Rename directory
mv *.txt /path/to/destination/ # Move all .txt files
# Why: Organize files, rename for clarity, move files between locations,
# batch operations with wildcards
# rm - Remove files and directories
rm file.txt # Delete file
rm -i file.txt # Interactive deletion (prompts for confirmation)
rm -f file.txt # Force deletion (no prompts, ignore non-existent files)
rm -r directory # Delete directory and contents recursively
rm -rf directory # Force recursive deletion (dangerous!)
# Why: Clean up unwanted files, remove old backups, free disk space,
# interactive mode prevents accidents
# Safe deletion practices
rm -i *.txt # Confirm each deletion
ls -la before_deleting/ # Always check contents before rm -rf
mv unwanted_directory /tmp/ # Move to /tmp instead of immediate deletion
find /path -name "*.tmp" -mtime +7 -delete # Safer automated cleanup
# Why: Prevent accidental data loss, provide opportunity to recover,
# automate cleanup safely with specific criteria
User Management Commands
useradd/usermod/userdel - User account management
What it does: Creates, modifies, and deletes user accounts on the system. Manages user properties like home directories, groups, shells, and account expiration.
Why essential: User management is fundamental to system security and administration. Proper user accounts ensure access control and system organization.
When to use: Setting up new users, modifying user properties, removing departed users, managing user access, configuring service accounts.
# useradd - Create new users
sudo useradd username # Create user with default settings
sudo useradd -m username # Create user with home directory
sudo useradd -m -s /bin/bash username # Create user with specific shell
sudo useradd -m -G sudo,www-data username # Create user and add to groups
sudo useradd -m -c "Full Name" username # Create user with comment/description
# Why: Default settings may not be appropriate, home directories needed for user files,
# specific shells required for functionality, group membership for permissions
# Advanced user creation
sudo useradd -m -d /custom/home/path username # Custom home directory location
sudo useradd -m -e 2024-12-31 username # Account expires on specific date
sudo useradd -m -u 1500 username # Specify user ID
sudo useradd -r -s /bin/false serviceaccount # Create system account (no login)
# Why: Custom home locations for specific setups, temporary accounts with expiration,
# specific UIDs for consistency, service accounts for applications
# usermod - Modify existing users
sudo usermod -aG sudo username # Add user to additional group (append)
sudo usermod -G sudo,www-data username # Set user's groups (replaces existing)
sudo usermod -s /bin/zsh username # Change user's shell
sudo usermod -d /new/home username # Change home directory
sudo usermod -l newname oldname # Change username
# Why: Grant additional permissions through groups, change user preferences,
# relocate user data, rename accounts for clarity
# userdel - Delete users
sudo userdel username # Delete user account (keeps home directory)
sudo userdel -r username # Delete user and home directory
sudo userdel -f username # Force deletion even if user is logged in
# Why: Remove access for departed users, clean up unused accounts,
# force removal in emergency situations
# Verify user operations
id username # Show user ID, group memberships
getent passwd username # Show user account details
groups username # Show user's group memberships
finger username # Show detailed user information
# Why: Verify changes were applied correctly, troubleshoot permission issues,
# audit user configuration
passwd/chage - Password and account aging management
What it does: passwd changes user passwords. chage manages password aging policies including expiration dates, minimum age, and warning periods.
Why important: Password security is crucial for system protection. Password aging policies enforce regular password changes and account security.
When to use: New user setup, password resets, implementing security policies, managing account lockouts, configuring service accounts.
# passwd - Password management
passwd # Change current user's password
sudo passwd username # Change another user's password (as root)
sudo passwd -l username # Lock user account (disable password login)
sudo passwd -u username # Unlock user account
sudo passwd -d username # Delete password (passwordless login - dangerous!)
# Why: Regular password changes for security, administrative password resets,
# temporarily disable accounts, emergency access configuration
# Advanced password options
sudo passwd -n 7 username # Set minimum password age (7 days)
sudo passwd -x 90 username # Set maximum password age (90 days)
sudo passwd -w 7 username # Set warning period (7 days before expiration)
sudo passwd -e username # Force password change on next login
# Why: Implement security policies, force password updates,
# provide advance warning of expiration, ensure regular password changes
# chage - Account aging management
chage -l username # Display password aging information
sudo chage -d 0 username # Force password change on next login
sudo chage -M 90 username # Set password to expire in 90 days
sudo chage -m 7 username # Set minimum password age to 7 days
sudo chage -W 14 username # Set warning period to 14 days
# Why: View current password policies, implement consistent aging policies,
# force password updates for security, provide user warnings
# Account expiration
sudo chage -E 2024-12-31 username # Set account to expire on specific date
sudo chage -E -1 username # Remove account expiration
sudo chage -I 30 username # Set account inactive period after password expires
# Why: Temporary accounts with automatic expiration, remove expiration for permanent accounts,
# grace period for password updates
su/sudo - Switch user and execute commands as other users
What it does: su switches to another user account. sudo executes commands as another user (typically root) with proper authentication and logging.
Why crucial: Administrative tasks require elevated privileges. These commands provide secure ways to gain necessary permissions while maintaining accountability.
When to use: Administrative tasks, troubleshooting user issues, running services as specific users, emergency system recovery.
# su - Switch user
su # Switch to root user (requires root password)
su - # Switch to root with full environment
su username # Switch to specific user
su - username # Switch to user with their environment
exit # Return to original user
# Why: Full user environment provides proper settings, specific user context for testing,
# root access for administrative tasks
# sudo - Execute commands as other users
sudo command # Execute command as root
sudo -u username command # Execute command as specific user
sudo -i # Start interactive root shell
sudo -s # Start shell as root (keeps environment)
sudo -l # List allowed sudo commands for current user
# Why: Temporary privilege elevation, maintain audit trail,
# granular permission control, safer than full root access
# Advanced sudo usage
sudo -k # Clear sudo timestamp (require password again)
sudo -v # Validate sudo credentials (extend timeout)
sudo !! # Execute previous command with sudo
EDITOR=nano sudo visudo # Edit sudo configuration safely
# Why: Force re-authentication for security, extend session for multiple commands,
# quickly retry commands with elevated privileges, safely modify sudo settings
# Check user privileges
sudo -l -U username # Check what sudo privileges user has
groups # Show current user's groups
id # Show current user ID and group memberships
whoami # Show current effective username
# Why: Audit user permissions, troubleshoot access issues,
# verify current user context, understand permission inheritance
System Monitoring Commands
df/du - Disk space monitoring
What it does: df shows filesystem disk space usage. du shows directory space usage. Essential for monitoring disk space and identifying what's consuming storage.
Why critical: Running out of disk space can crash systems, prevent logging, and stop services. Regular monitoring prevents storage-related outages.
When to use: System maintenance, troubleshooting disk space issues, capacity planning, identifying large files/directories for cleanup.
# df - Filesystem space usage
df -h # Human-readable format (GB, MB, KB)
df -i # Show inode usage instead of disk space
df -T # Show filesystem type
df /path/to/directory # Show usage for specific filesystem
df --total # Show total usage summary
# Why: Quick overview of all filesystem usage, identify full filesystems,
# monitor inode exhaustion, understand filesystem types
# Advanced df usage
df -h --exclude-type=tmpfs # Exclude temporary filesystems
df -h | grep -v snap # Exclude snap packages from output
watch -n 5 'df -h' # Monitor filesystem usage in real-time
df -h | awk '$5 > 80 {print $0}' # Show filesystems over 80% full
# Why: Focus on persistent storage only, continuous monitoring for changes,
# automated alerting for high usage, filter relevant information
# du - Directory space usage
du -h /path/to/directory # Human-readable sizes for directory tree
du -sh /path/to/directory # Summary total for directory only
du -ah /path/to/directory # All files (not just directories)
du -h --max-depth=1 /path # Show only one level deep
# Why: Identify which directories consume most space, find large files,
# limit output depth for large directory trees
# Finding large files and directories
du -h /home | sort -hr | head -10 # Top 10 largest directories in /home
find /path -size +100M -exec ls -lh {} \; # Find files larger than 100MB
find /path -type f -exec du -h {} \; | sort -hr | head -20 # Top 20 largest files
ncdu /path # Interactive disk usage analyzer
# Why: Quickly identify space consumers, locate files for cleanup,
# interactive exploration of disk usage, prioritize cleanup efforts
free/vmstat - Memory and system performance monitoring
What it does: free shows memory usage (RAM and swap). vmstat shows system performance statistics including memory, CPU, and I/O.
Why essential: Memory problems cause performance issues and system crashes. These tools help identify memory bottlenecks and system performance problems.
When to use: Performance troubleshooting, capacity planning, monitoring system health, identifying memory leaks.
# free - Memory usage
free -h # Human-readable memory usage
free -m # Memory usage in megabytes
free -s 5 # Update every 5 seconds
free -t # Show total memory + swap
# Why: Quick memory overview, monitor memory usage over time,
# see total available memory, identify memory pressure
# Understanding free output
# total: Total physical RAM
# used: Used memory (buffers/cache + applications)
# free: Completely unused memory
# available: Memory available for new applications (includes reclaimable cache)
# buff/cache: Memory used for buffers and caching (can be reclaimed)
# vmstat - System performance statistics
vmstat # Single snapshot of system stats
vmstat 5 # Update every 5 seconds
vmstat 5 10 # Update every 5 seconds, 10 times then exit
vmstat -S M # Display values in megabytes
# Why: Monitor system performance trends, identify I/O bottlenecks,
# watch CPU and memory usage patterns, troubleshoot performance issues
# Key vmstat fields:
# procs: r=running processes, b=blocked processes
# memory: swpd=swap used, free=free memory, buff=buffers, cache=cache
# swap: si=swap in, so=swap out (should be near 0)
# io: bi=blocks in, bo=blocks out
# system: in=interrupts, cs=context switches
# cpu: us=user time, sy=system time, id=idle time, wa=wait time
# Advanced memory monitoring
cat /proc/meminfo # Detailed memory information
slabtop # Kernel slab allocator information
sar -r 5 10 # Memory utilization over time
watch -n 1 'free -h && echo && ps aux --sort=-%mem | head -10' # Memory usage with top processes
# Why: Deep memory analysis, kernel memory usage, historical memory data,
# combine memory overview with process details
iostat/iotop - I/O performance monitoring
What it does: iostat shows input/output statistics for devices. iotop shows I/O usage by processes. Essential for diagnosing disk performance issues.
Why important: I/O bottlenecks are common performance problems. These tools help identify which processes or devices are causing I/O issues.
When to use: System slowness investigation, database performance issues, backup performance problems, storage troubleshooting.
# iostat - I/O statistics
iostat # Basic I/O statistics snapshot
iostat -x # Extended statistics with more details
iostat 5 # Update every 5 seconds
iostat -x 5 10 # Extended stats, 5-second intervals, 10 reports
# Why: Identify I/O bottlenecks, monitor disk performance,
# track I/O patterns over time, troubleshoot storage issues
# Key iostat metrics:
# %util: Percentage of time device was busy (high = bottleneck)
# r/s, w/s: Read/write requests per second
# rkB/s, wkB/s: Read/write kilobytes per second
# await: Average wait time for I/O requests
# svctm: Average service time per I/O request
# iotop - I/O usage by process (requires root)
sudo iotop # Real-time I/O usage by process
sudo iotop -o # Show only processes doing I/O
sudo iotop -a # Show accumulated I/O instead of current
sudo iotop -p PID # Monitor specific process
# Why: Identify which processes cause I/O load, troubleshoot specific applications,
# monitor I/O patterns by process, find I/O-heavy operations
# Alternative I/O monitoring
sudo iftop # Network I/O by connection
dstat # Combined system statistics
pidstat -d 5 # Per-process I/O statistics
lsof +D /path # Show processes using specific directory
# Why: Network I/O analysis, comprehensive system view,
# detailed per-process I/O data, identify file usage conflicts
Package Management Commands
apt/yum/dnf - Package management
What it does: Package managers install, update, and remove software packages. Different distributions use different package managers.
Why essential: Software installation and updates are fundamental system administration tasks. Package managers handle dependencies and maintain system integrity.
When to use: Installing new software, applying security updates, removing unnecessary packages, maintaining system updates.
# APT (Debian/Ubuntu systems)
sudo apt update # Update package list from repositories
sudo apt upgrade # Upgrade all installed packages
sudo apt install package-name # Install specific package
sudo apt remove package-name # Remove package (keep configuration)
sudo apt purge package-name # Remove package and configuration files
# Why: Keep system secure with updates, install needed software,
# remove unused packages to save space, clean configuration when needed
# Advanced APT usage
apt search keyword # Search for packages
apt show package-name # Show package information
sudo apt autoremove # Remove orphaned dependencies
sudo apt autoclean # Clean package cache
apt list --installed # List installed packages
apt list --upgradable # Show packages with available updates
# Why: Find available software, understand package details,
# maintain clean system, monitor installed software
# YUM/DNF (RHEL/CentOS/Fedora systems)
sudo yum update # Update all packages (CentOS/RHEL 7)
sudo dnf update # Update all packages (CentOS/RHEL 8+, Fedora)
sudo yum install package-name # Install package
sudo yum remove package-name # Remove package
yum search keyword # Search for packages
# Why: Different distributions require different package managers,
# same concepts with different syntax, maintain system across distributions
# Package information and maintenance
yum list installed # List installed packages
yum history # Show package transaction history
sudo yum clean all # Clean package caches
yum provides /path/to/file # Find which package provides file
# Why: Audit installed software, track changes for troubleshooting,
# manage disk space usage, identify package sources
systemctl - Service management
What it does: Controls systemd services - starting, stopping, enabling, disabling, and monitoring system services and processes.
Why crucial: Modern Linux systems use systemd for service management. Services like web servers, databases, and system processes need proper management.
When to use: Starting/stopping services, configuring automatic startup, troubleshooting service issues, monitoring service status.
# Basic service control
sudo systemctl start service-name # Start service immediately
sudo systemctl stop service-name # Stop service
sudo systemctl restart service-name # Stop and start service
sudo systemctl reload service-name # Reload configuration without stopping
sudo systemctl status service-name # Show service status and recent logs
# Why: Control service availability, apply configuration changes,
# restart problematic services, check service health
# Service startup configuration
sudo systemctl enable service-name # Enable service to start at boot
sudo systemctl disable service-name # Disable service from starting at boot
sudo systemctl is-enabled service-name # Check if service is enabled
sudo systemctl is-active service-name # Check if service is currently running
# Why: Configure which services start automatically, manage startup time,
# verify service configuration, troubleshoot boot issues
# System-wide service management
systemctl list-units --type=service # List all services
systemctl list-units --type=service --state=running # List only running services
systemctl list-units --type=service --state=failed # List failed services
systemctl --failed # Show failed services (shortcut)
# Why: Get overview of system services, identify problematic services,
# monitor system health, troubleshoot service dependencies
# Advanced service management
sudo systemctl mask service-name # Prevent service from being started (stronger than disable)
sudo systemctl unmask service-name # Remove mask from service
systemctl show service-name # Show detailed service properties
journalctl -u service-name # Show logs for specific service
journalctl -u service-name -f # Follow logs for service in real-time
# Why: Completely prevent unwanted services, detailed service configuration,
# troubleshoot service issues with logs, monitor service behavior
# System control
sudo systemctl reboot # Reboot system
sudo systemctl poweroff # Shutdown system
sudo systemctl suspend # Suspend system
sudo systemctl hibernate # Hibernate system
systemctl get-default # Show default system target (runlevel)
sudo systemctl set-default multi-user.target # Set system to boot to command line
# Why: Controlled system shutdown/restart, power management,
# configure system boot behavior, server vs desktop configuration
Log Management Commands
journalctl - Systemd journal viewer
What it does: Views and analyzes systemd journal logs, which contain system and service messages. Modern replacement for traditional syslog viewing.
Why essential: Logs are crucial for troubleshooting system issues, security analysis, and understanding system behavior. journalctl provides powerful log analysis capabilities.
When to use: Troubleshooting service failures, security investigations, system performance analysis, monitoring system events.
# Basic log viewing
journalctl # Show all journal entries (oldest first)
journalctl -r # Show entries in reverse order (newest first)
journalctl -f # Follow journal in real-time (like tail -f)
journalctl -n 50 # Show last 50 entries
journalctl --no-pager # Don't use pager (show all output at once)
# Why: Get overview of system activity, monitor real-time events,
# focus on recent events, handle large log volumes
# Filter by service and unit
journalctl -u ssh # Show logs for SSH service
journalctl -u nginx.service # Show logs for nginx service
journalctl -u ssh -f # Follow SSH service logs in real-time
journalctl _PID=1234 # Show logs for specific process ID
# Why: Focus on specific service issues, monitor critical services,
# troubleshoot service-specific problems, track process behavior
# Time-based filtering
journalctl --since "2023-01-01" # Logs since specific date
journalctl --since "1 hour ago" # Logs from last hour
journalctl --since yesterday # Logs since yesterday
journalctl --until "30 min ago" # Logs until 30 minutes ago
journalctl --since "09:00" --until "17:00" # Logs between specific times
# Why: Focus on relevant time periods, investigate specific incidents,
# analyze system behavior during known events
# Priority and severity filtering
journalctl -p err # Show only error messages and above
journalctl -p warning # Show warning messages and above
journalctl -p debug # Show all messages including debug
journalctl -p crit # Show only critical messages
# Why: Focus on serious issues, filter noise from logs,
# identify critical system problems, adjust detail level
# Advanced filtering and analysis
journalctl -k # Show kernel messages only
journalctl -b # Show logs from current boot
journalctl -b -1 # Show logs from previous boot
journalctl --list-boots # List all boots with timestamps
journalctl -o json # Output in JSON format
journalctl --disk-usage # Show journal disk usage
# Why: Focus on kernel issues, compare current vs previous boot,
# analyze boot problems, structured data processing, manage log storage
# System maintenance
sudo journalctl --vacuum-size=100M # Keep only 100MB of logs
sudo journalctl --vacuum-time=30d # Keep only last 30 days of logs
sudo journalctl --verify # Verify journal integrity
sudo journalctl --rotate # Rotate journal files
# Why: Manage disk space usage, comply with retention policies,
# ensure log integrity, organize log files
tail/head/grep - Log file analysis
What it does: tail shows end of files, head shows beginning, grep searches for patterns. Essential for analyzing traditional log files.
Why important: Many applications still use traditional log files. These tools provide powerful log analysis capabilities for troubleshooting and monitoring.
When to use: Analyzing application logs, monitoring log files in real-time, searching for specific events, extracting relevant information.
# tail - View end of files
tail /var/log/syslog # Show last 10 lines of syslog
tail -n 50 /var/log/apache2/error.log # Show last 50 lines
tail -f /var/log/nginx/access.log # Follow log file in real-time
tail -F /var/log/app.log # Follow file even if it's rotated
# Why: See recent events quickly, monitor ongoing activity,
# handle log rotation gracefully, focus on current issues
# head - View beginning of files
head /var/log/syslog # Show first 10 lines
head -n 100 /var/log/boot.log # Show first 100 lines
head -c 1024 /var/log/large.log # Show first 1024 characters
# Why: See how logs start, check log format, sample large log files,
# understand log structure before analysis
# grep - Search for patterns
grep "ERROR" /var/log/application.log # Find lines containing "ERROR"
grep -i "error" /var/log/application.log # Case-insensitive search
grep -n "404" /var/log/nginx/access.log # Show line numbers with matches
grep -A 5 -B 5 "CRITICAL" /var/log/app.log # Show 5 lines before and after matches
# Why: Find specific events quickly, case-insensitive searches,
# locate problems in logs, see context around issues
# Advanced log analysis
grep -E "(ERROR|WARN|CRITICAL)" /var/log/app.log # Multiple patterns with regex
grep -v "INFO" /var/log/app.log | head -20 # Exclude INFO messages, show first 20
tail -f /var/log/nginx/access.log | grep "404" # Real-time monitoring for 404 errors
zgrep "ERROR" /var/log/app.log.gz # Search compressed log files
# Why: Complex pattern matching, filter unwanted messages,
# real-time filtered monitoring, search archived logs
# Combining commands for powerful analysis
tail -1000 /var/log/auth.log | grep "Failed password" | wc -l # Count recent failed logins
grep "$(date +%Y-%m-%d)" /var/log/syslog | grep ERROR # Today's errors only
find /var/log -name "*.log" -exec grep -l "OutOfMemory" {} \; # Find logs containing memory errors
# Why: Quantify security events, time-based analysis,
# search across multiple log files, identify system-wide issues
Performance Monitoring Commands
uptime/w/who - System load and user activity
What it does: uptime shows system load averages and uptime. w shows logged-in users and their activity. who shows who is logged in.
Why useful: System load indicates performance health. User activity monitoring is important for security and resource management.
When to use: Quick system health check, identify high load periods, monitor user access, security auditing.
# uptime - System load and uptime
uptime # Show uptime and load averages
# Output: up 15 days, 2:30, 3 users, load average: 0.15, 0.10, 0.05
# Understanding load averages:
# First number: 1-minute average
# Second number: 5-minute average
# Third number: 15-minute average
# Values represent number of processes waiting for CPU
# On single-core system: 1.0 = fully loaded, >1.0 = overloaded
# On multi-core system: multiply by number of cores
# Why: Quick performance overview, identify system stress,
# understand load trends over time, capacity planning
# w - Show logged-in users and their activity
w # Show all logged-in users with activity
w username # Show specific user's activity
# Output columns:
# USER: Username
# TTY: Terminal type
# FROM: Source IP/hostname
# LOGIN@: Login time
# IDLE: Idle time
# JCPU: Total CPU time for all processes
# PCPU: CPU time for current process
# WHAT: Current command
# Why: Monitor user access, identify suspicious activity,
# see what users are doing, troubleshoot user issues
# who - Show who is logged in
who # Show logged-in users
who -a # Show all information
who -b # Show last system boot time
who -r # Show current runlevel
# Why: Simple user presence check, verify system boot time,
# check system state, security monitoring
# User session monitoring
last # Show login history
last username # Show specific user's login history
last -n 10 # Show last 10 login sessions
lastb # Show failed login attempts
lastlog # Show last login for all users
# Why: Security auditing, track user access patterns,
# identify unauthorized access attempts, compliance reporting
sar - System Activity Reporter
What it does: Collects and reports system activity information including CPU, memory, I/O, and network statistics over time.
Why powerful: Provides historical system performance data, essential for identifying trends and performance patterns that momentary snapshots miss.
When to use: Performance trend analysis, capacity planning, identifying recurring performance issues, system optimization.
# CPU monitoring
sar # Show CPU usage for current day
sar -u 5 10 # CPU usage every 5 seconds, 10 reports
sar -u -f /var/log/sysstat/saXX # CPU usage from specific date file
# Why: Historical CPU usage patterns, identify peak usage times,
# track CPU performance trends, compare different time periods
# Memory monitoring
sar -r 5 10 # Memory utilization every 5 seconds
sar -S 5 10 # Swap utilization monitoring
sar -W 5 10 # Swapping statistics
# Why: Memory usage trends, identify memory leaks,
# monitor swap usage patterns, capacity planning
# I/O monitoring
sar -d 5 10 # Disk I/O statistics
sar -b 5 10 # I/O transfer rate statistics
sar -p 5 10 # Block device statistics
# Why: Identify I/O bottlenecks, track storage performance,
# monitor disk utilization trends, optimize storage configuration
# Network monitoring
sar -n DEV 5 10 # Network device statistics
sar -n EDEV 5 10 # Network error statistics
sar -n TCP 5 10 # TCP connection statistics
# Why: Network performance analysis, identify network bottlenecks,
# monitor network errors, track connection patterns
# Generate reports
sar -A # All available statistics for today
sar -A -f /var/log/sysstat/sa01 # All statistics for specific date
sadf -d /var/log/sysstat/sa01 # Database format output
sadf -j /var/log/sysstat/sa01 # JSON format output
# Why: Comprehensive system analysis, historical data analysis,
# data export for external analysis, automated reporting
System Maintenance Commands
crontab - Task scheduling
What it does: Schedules tasks to run automatically at specified times and intervals. Essential for system maintenance, backups, and automated operations.
Why essential: Automation is crucial for system administration. Regular maintenance tasks, monitoring, and backups need to run without manual intervention.
When to use: Schedule backups, automate system maintenance, regular monitoring tasks, log rotation, system updates.
# Crontab management
crontab -l # List current user's cron jobs
crontab -e # Edit current user's cron jobs
sudo crontab -l -u username # List another user's cron jobs
sudo crontab -e -u username # Edit another user's cron jobs
crontab -r # Remove all cron jobs (dangerous!)
# Why: View existing scheduled tasks, create new automation,
# manage tasks for different users, clean up unwanted jobs
# Cron time format: minute hour day month weekday command
# Examples:
# 0 2 * * * /path/to/backup.sh # Daily at 2:00 AM
# 30 14 * * 1 /path/to/weekly.sh # Weekly on Monday at 2:30 PM
# 0 */6 * * * /path/to/check.sh # Every 6 hours
# */15 * * * * /path/to/monitor.sh # Every 15 minutes
# 0 0 1 * * /path/to/monthly.sh # Monthly on 1st day at midnight
# Common maintenance tasks
# 0 2 * * * /usr/bin/apt update && /usr/bin/apt upgrade -y # Daily updates
# 0 3 * * 0 /home/user/backup.sh # Weekly backup on Sunday
# */10 * * * * /usr/bin/df -h | mail -s "Disk Usage" admin@example.com # Disk monitoring
# 0 1 * * * /usr/sbin/logrotate /etc/logrotate.conf # Daily log rotation
# Why: Automate routine maintenance, ensure regular backups,
# proactive monitoring, consistent system updates
# System-wide cron
sudo ls -la /etc/cron.d/ # System cron jobs directory
sudo ls -la /etc/cron.daily/ # Daily cron scripts
sudo ls -la /etc/cron.weekly/ # Weekly cron scripts
sudo ls -la /etc/cron.monthly/ # Monthly cron scripts
# Why: System-wide automation, organize scripts by frequency,
# standard maintenance tasks, package-installed automation
tar/gzip - File compression and archiving
What it does: tar creates archives of files and directories. gzip compresses files. Combined, they provide powerful backup and file management capabilities.
Why important: Backups, file transfers, and space management require archiving and compression. These tools are standards for file packaging.
When to use: Creating backups, preparing files for transfer, archiving old data, reducing storage usage, distributing software.
# tar - Create and extract archives
tar -cvf archive.tar /path/to/directory # Create archive (c=create, v=verbose, f=file)
tar -czvf archive.tar.gz /path/to/directory # Create compressed archive with gzip
tar -cjvf archive.tar.bz2 /path/to/directory # Create compressed archive with bzip2
tar -xvf archive.tar # Extract archive (x=extract)
tar -xzvf archive.tar.gz # Extract gzip compressed archive
# Why: Bundle multiple files, compress for space savings,
# different compression algorithms for different needs, preserve directory structure
# Advanced tar usage
tar -tvf archive.tar # List contents without extracting (t=list)
tar -xvf archive.tar -C /destination/path # Extract to specific directory
tar --exclude='*.log' -czvf backup.tar.gz /home # Exclude files matching pattern
tar -czvf backup-$(date +%Y%m%d).tar.gz /important/data # Date-stamped backups
# Why: Verify archive contents, organize extractions,
# selective backups, automated backup naming
# gzip/gunzip - File compression
gzip file.txt # Compress file (creates file.txt.gz, removes original)
gzip -k file.txt # Keep original file after compression
gunzip file.txt.gz # Decompress file
zcat file.txt.gz # View compressed file without decompressing
# Why: Reduce file sizes, preserve originals when needed,
# quick access to compressed content, space management
# Practical backup examples
tar -czvf backup-$(date +%Y%m%d).tar.gz /home /etc /var/log # System backup
tar -czvf website-backup.tar.gz /var/www/html # Website backup
find /home -name "*.log" -mtime +30 -exec gzip {} \; # Compress old log files
tar -czvf - /important/data | ssh user@backup-server 'cat > backup.tar.gz' # Remote backup
# Why: Regular system backups, application-specific backups,
# automated log management, secure remote backups
Security Commands
chmod/chown (Advanced Security Applications)
# Advanced permission scenarios
find /var/www -type f -exec chmod 644 {} \; # Set all files to read-write for owner, read for others
find /var/www -type d -exec chmod 755 {} \; # Set all directories to allow traversal
chmod u+s /usr/bin/program # Set setuid bit (program runs as file owner)
chmod g+s /shared/directory # Set setgid bit (files inherit group ownership)
chmod +t /tmp # Set sticky bit (only owner can delete files)
# Why: Web server security, special permission bits for functionality,
# shared directory management, temporary directory protection
# Security auditing
find / -perm -4000 -type f 2>/dev/null # Find all setuid files (potential security risk)
find / -perm -2000 -type f 2>/dev/null # Find all setgid files
find / -perm -1000 -type d 2>/dev/null # Find directories with sticky bit
find /home -perm 777 -type f 2>/dev/null # Find world-writable files (security risk)
# Why: Security auditing, identify potential vulnerabilities,
# compliance checking, maintain security standards
fail2ban/iptables (Security Monitoring)
# fail2ban - Intrusion prevention
sudo fail2ban-client status # Show fail2ban status
sudo fail2ban-client status sshd # Show SSH jail status
sudo fail2ban-client set sshd unbanip IP # Unban specific IP address
sudo fail2ban-client get sshd banned # List banned IP addresses
# Why: Automated protection against brute force attacks,
# monitor attack attempts, manage blocked addresses
# Security log monitoring
grep "Failed password" /var/log/auth.log | tail -20 # Recent failed login attempts
grep "Invalid user" /var/log/auth.log # Login attempts with invalid usernames
awk '/Failed password/ {print $11}' /var/log/auth.log | sort | uniq -c | sort -nr # Count failed attempts by IP
# Why: Identify attack patterns, monitor unauthorized access attempts,
# analyze security threats, improve security measures
Practical System Administration Scenarios
Scenario 1: "System is running slow"
Step-by-step investigation:
# 1. Check system load
uptime # Quick load overview
top # Real-time process monitoring
# Look for high load averages, high CPU processes
# 2. Check memory usage
free -h # Memory overview
ps aux --sort=-%mem | head -10 # Top memory-consuming processes
# Look for high memory usage, excessive swap usage
# 3. Check disk I/O
iostat -x 5 3 # I/O statistics
sudo iotop -o # Processes doing I/O
# Look for high %util, high await times
# 4. Check disk space
df -h # Filesystem usage
du -sh /var/log /tmp /home # Check common space consumers
# Look for full filesystems that might cause slowdowns
# 5. Check system resources over time
sar -u 5 12 # CPU usage pattern
sar -r 5 12 # Memory usage pattern
# Identify patterns and peak usage times
Scenario 2: "Service won't start"
# 1. Check service status
systemctl status service-name # Detailed service status
journalctl -u service-name --since "1 hour ago" # Recent service logs
# 2. Check for port conflicts
sudo lsof -i :80 # Check if port is in use
sudo ss -tulpn | grep :80 # Alternative port check
# 3. Check file permissions
ls -la /etc/service-name/ # Configuration file permissions
ls -la /var/log/service-name/ # Log directory permissions
# 4. Check dependencies
systemctl list-dependencies service-name # Service dependencies
systemctl status dependency-service # Check dependent services
# 5. Manual testing
sudo -u service-user /usr/bin/service-binary --test-config # Test configuration
# Run service manually to see detailed error messages
Scenario 3: "Disk space full"
# 1. Identify full filesystems
df -h # Find full filesystems
# 2. Find large directories
du -h /var | sort -hr | head -20 # Largest directories in /var
du -h /home | sort -hr | head -20 # Largest directories in /home
# 3. Find large files
find /var/log -type f -size +100M -exec ls -lh {} \; # Large log files
find /tmp -type f -size +50M -mtime +7 -exec rm {} \; # Clean old large temp files
# 4. Clean up common space consumers
sudo journalctl --vacuum-size=100M # Limit journal size
sudo apt autoremove # Remove unused packages
sudo apt autoclean # Clean package cache
# 5. Set up monitoring
# Add to crontab:
# 0 6 * * * df -h | awk '$5 > 80 {print}' | mail -s "Disk Usage Alert" admin@example.com
This comprehensive system administration guide provides the essential commands and real-world scenarios that system administrators encounter daily, with detailed explanations of what each command does, why it's important, and when to use it.