Linux Commands Reference: Essential CLI Categories for Daily Work
The Linux command line is one of those skills that keeps compounding. Once you can inspect a system, trace a process, move data safely, and answer your own questions from a shell prompt, you stop waiting on GUIs and start working at the speed of the machine. This reference gathers 15 essential command categories into one practical page you can keep nearby, whether you are building confidence or sharpening the habits that make day-to-day operations smoother.
This is not meant to be a memorize-everything-in-one-sitting tutorial. It is a working reference positioned between beginner comfort and intermediate fluency, with a handful of deeper operational workflows where extra context matters most.
Note
This edition is intentionally modern. Unless a command is called out as package-dependent, it is chosen to align with current Debian/Ubuntu and RHEL/Fedora-family releases. Where the distro families differ meaningfully, both patterns are noted directly in the content.
System¶
| Command | Description |
|---|---|
uname -a | Display broad system information, including kernel, architecture, and hostname. |
uname -r | Show the running kernel release only. |
cat /etc/os-release | Show distribution identification information on most modern Linux systems. |
hostnamectl | Show the host name, chassis, kernel, and operating-system details on systemd-based systems. |
uptime | Show how long the system has been running, plus load averages. |
hostname | Print the system host name. |
last reboot | Show reboot history from login records. |
timedatectl | Show current time, time zone, and NTP synchronization state on systemd-based systems. |
date | Print the current system date and time. |
w | Display logged-in users and what they are doing. |
whoami | Print the current effective user name. |
Advanced Example: Confirm what kernel and userspace you are working with.
This is a simple but high-value sequence when you first land on a host. It confirms the running kernel, the distribution, the machine identity, and whether the system clock and NTP state look sane before you start diagnosing anything else.
Hardware¶
| Command | Description |
|---|---|
dmesg -T | Show kernel ring buffer messages with human-readable timestamps. |
lscpu | Display CPU model, cores, architecture, and virtualization details. |
free -h | Show used and available memory in a human-readable format. |
cat /proc/interrupts | List interrupts by CPU and device, useful for low-level performance troubleshooting. |
lsblk | Show block devices, partitions, and mount relationships. |
lsblk -f | Show block devices together with filesystem and UUID information. |
lspci | Show PCI devices, useful for identifying controllers and vendor IDs. |
lsusb | Show USB devices, if the usbutils package is installed. |
dmidecode | Read BIOS and DMI tables for hardware metadata such as vendor, model, and serial information, usually with elevated privileges. |
smartctl -a /dev/sda | Show SMART health and error data for a disk, if the smartmontools package is installed, usually with elevated privileges. |
Warning
Hardware inventory is generally safe, but disk-health tooling still deserves context. On virtual disks, RAID-backed volumes, and cloud instances, vendor or platform tooling may be a better first stop than probing block devices directly from the guest.
Advanced Example: Inventory a system before storage or performance work.
Before touching performance tuning, virtualization settings, or storage layout, verify what hardware is actually present. This avoids making assumptions based on stale documentation or VM templates that no longer match reality.
Statistics¶
| Command | Description |
|---|---|
top | Display a live view of CPU, memory, and running processes. |
vmstat 2 | Display virtual memory, process, and system activity every 2 seconds. |
iostat 2 | Show CPU and disk I/O statistics every 2 seconds, if the sysstat package is installed. |
mpstat 1 | Show CPU usage statistics at 1-second intervals, if the sysstat package is installed. |
journalctl -k -n 200 | Show the most recent kernel log entries on current systemd-based distributions. |
journalctl -u <service>.service -f | Follow logs for a specific systemd service in real time. |
ss -tulpn | Show listening TCP and UDP sockets with owning processes. |
lsof | List open files for active processes. |
lsof -u <user> | Show files opened by a specific user. |
free -h | Show the current RAM usage in a human-readable format. |
watch df -h | Re-run df -h continuously so disk-usage changes are easy to spot. |
Tip
When a server feels "slow," avoid guessing from one metric alone. Start with top for process pressure, vmstat 2 for CPU wait and memory behavior, and iostat 2 for storage contention. The combination usually tells a much clearer story than any single command by itself.
Advanced Example: Determine whether a slowdown is related to CPU, memory, or disk.
This workflow helps narrow the problem quickly. If top shows high CPU, vmstat 2 shows runnable pressure or swapping, and iostat 2 shows high wait time, you can stop treating the issue as a vague "server is slow" complaint and start isolating the real bottleneck.
Users¶
| Command | Description |
|---|---|
id | Show the current user's UID, GID, and group membership. |
last | Show recent login sessions from system login records. |
who | List users currently logged in. |
useradd -m sam | Create user sam with a home directory. |
usermod -aG sudo sam | Add user sam to the sudo group on Debian and Ubuntu systems. |
usermod -aG wheel sam | Add user sam to the wheel group on RHEL and Fedora systems. |
passwd sam | Set or change the password for user sam. |
userdel sam | Delete the user account sam, but leave the home directory unless -r is used. |
adduser sam | Add user sam through the Debian and Ubuntu interactive helper. |
getent passwd sam | Look up the resolved account entry for user sam through the system name service. |
Tip
On Debian and Ubuntu, interactive administration often centers on adduser and the sudo group. On RHEL and Fedora, useradd is more commonly shown in documentation and privileged access is often delegated through the wheel group.
Files and Directories¶
| Command | Description |
|---|---|
ls -al | List files with permissions, ownership, sizes, and hidden entries. |
pwd | Print the current working directory. |
mkdir -p path/to/directory | Create a directory path, creating parent directories as needed. |
rm file-name | Delete a file. |
rm -r directory-name | Remove a directory and its contents recursively. |
rm -f file-name | Force deletion of a file without prompting. |
rm -rf directory-name | Forcefully remove a directory tree recursively. |
cp file1 file2 | Copy file1 to file2. |
cp -a dir1 dir2 | Copy dir1 to dir2 while preserving permissions, ownership, timestamps, and links where possible. |
mv file1 file2 | Move or rename a file. |
ln -s /path/to/file-name link-name | Create a symbolic link named link-name. |
touch file | Create an empty file or update its timestamp. |
tee file | Write standard input to file while also echoing it to the terminal. |
less file | Read a file interactively with paging, search, and scroll support. |
head file | Show the first 10 lines of a file. |
tail file | Show the last 10 lines of a file. |
tail -f file | Follow a file as new lines are appended, useful for live logs. |
gpg -c file | Encrypt a file symmetrically with a passphrase. |
gpg --decrypt file.gpg | Decrypt a GPG-encrypted file. |
Tip
rm -rf is fast, silent, and unforgiving. Before deleting a large directory tree, run pwd and ls first, or test with a safer command like find directory-name -maxdepth 1. A two-second pause is cheaper than recovering a workstation or server.
Advanced Example: Safely inspect a log file before and during an incident.
Start by checking the beginning and end of a file so you understand its format and recency. Then switch to tail -f only when you are ready to watch live changes during a deploy, restart, or failure investigation.
Processes¶
| Command | Description |
|---|---|
ps | Show processes associated with the current shell session. |
ps aux | Show a full snapshot of running processes across the system. |
pgrep -a processname | Find matching processes and show their command lines. |
ps aux \| grep '[p]ython' | Search the process list for entries related to python without matching the grep command itself. |
pmap | Show the memory map of a process, typically used with a PID. |
top | Display active processes in real time. |
systemctl status <service> | Show the status of a systemd service. |
systemctl restart <service> | Restart a systemd-managed service cleanly. |
kill pid | Send the default termination signal (SIGTERM) to a process. |
pkill processname | Signal processes by matching their names. |
bg | Resume the most recently suspended job in the background. |
fg | Bring the most recent background or suspended job to the foreground. |
fg n | Bring job n to the foreground. |
Tip
Prefer a graceful stop before a hard stop. kill pid sends SIGTERM, which gives the process a chance to clean up. Reach for kill -9 only when a process is stuck and normal termination is not working, because SIGKILL gives the application no chance to exit cleanly.
Advanced Example: Find and stop the right process with minimal collateral damage.
First identify the process carefully, then terminate it gracefully, and inspect its memory map if you are debugging unusual memory behavior. This is much safer than reaching immediately for a broad name-based kill on a busy multi-user system.
File Permissions¶
| Command | Description |
|---|---|
chmod octal file-name | Change permissions using an octal mode such as 644, 755, or 600. |
chmod 777 /srv/shared | Grant read, write, and execute permissions to everyone, usually a bad long-term choice outside disposable troubleshooting. |
chmod 755 /usr/local/bin/deploy.sh | Grant full access to the owner and read/execute access to group and others, a common pattern for executable scripts. |
chown owner-user file | Change the owner of a file. |
chown owner-user:owner-group file-name | Change both owner and group for a file. |
chown owner-user:owner-group directory | Change both owner and group for a directory. |
Tip
Avoid chmod 777 unless you are deliberately troubleshooting in a disposable environment. World-writable files and directories create security and integrity problems quickly. In most cases, the right fix is ownership, group membership, or a narrower mode such as 644, 664, 755, or 775.
Advanced Example: Repair ownership before widening permissions.
Many permission problems are really ownership problems. Fix the owner and group first, then apply the narrowest mode that still supports the workflow. That approach scales much better than making everything writable, and it avoids teaching yourself that executability belongs on every file type by default.
Networking¶
| Command | Description |
|---|---|
ip -brief addr show | Display interfaces and IP addresses in a concise format. |
ip link show | Show interface state, MTU, and link-layer details. |
ip route | Show the current routing table. |
ip addr show | Display full interface and IP address information. |
ip address add 192.168.0.1/24 dev <interface> | Add an IP address to an interface until the network stack is reconfigured or restarted. |
ethtool <interface> | Show link speed, duplex, driver, and negotiated status for an interface. |
ping -c 4 host | Test reachability and round-trip latency with four echo requests. |
dig domain | Query DNS records for a domain, if dnsutils or bind-utils is installed. |
dig -x host | Perform a reverse DNS lookup against an IP address, if dnsutils or bind-utils is installed. |
host example.com | Resolve a hostname to its DNS records quickly, if dnsutils or bind-utils is installed. |
curl -I https://example.com | Fetch response headers from an HTTP or HTTPS endpoint. |
ss -tulpn | List listening TCP and UDP sockets with owning processes. |
Tip
Current Debian, Ubuntu, RHEL, and Fedora releases use predictable network interface names, so examples like eth0 are no longer safe assumptions. Start with ip -brief addr show and use the actual interface name the system reports, such as ens160, enp1s0, or wlp0s20f3.
Advanced Example: Trace a name-resolution or connectivity problem.
This sequence checks local addressing, routing, basic reachability, forward DNS, and listening services. It is a strong starting point when an application "cannot connect" and you need to determine whether the failure is local, remote, or name-resolution related.
Compression and Archives¶
| Command | Description |
|---|---|
tar cf home.tar home | Create an uncompressed tar archive named home.tar from the home directory. |
tar tf file.tar | List the contents of file.tar without extracting it. |
tar xf file.tar | Extract the contents of file.tar. |
tar czf file.tar.gz files | Create a gzip-compressed tar archive. |
gzip file | Compress file to file.gz. |
Advanced Example: Package and move a directory tree efficiently.
A compressed tarball is often the quickest way to preserve permissions and directory structure before migration, backup rotation, or file transfer to another system. Using -C avoids baking an absolute path into the archive and makes extraction behavior more predictable.
Installing Packages¶
| Command | Description |
|---|---|
apt update | Refresh package metadata on Debian and Ubuntu systems. |
apt install package-name | Install a package on Debian and Ubuntu systems. |
apt remove package-name | Remove an installed package on Debian and Ubuntu systems. |
apt search package-name | Search package metadata on Debian and Ubuntu systems. |
apt upgrade | Upgrade installed packages on Debian and Ubuntu systems. |
dnf install package-name | Install a package on RHEL, Fedora, and compatible systems. |
dnf remove package-name | Remove an installed package on RHEL, Fedora, and compatible systems. |
dnf search package-name | Search package metadata on RHEL, Fedora, and compatible systems. |
dnf upgrade | Upgrade installed packages on RHEL, Fedora, and compatible systems. |
dnf install ./pkgname.rpm | Install a local RPM through the package manager, including dependency resolution on modern RPM-based distributions. |
rpm -q package-name | Inspect whether an RPM package is installed. |
rpm -qi package-name | Inspect detailed metadata for an installed RPM package. |
Tip
For current Debian and Ubuntu systems, apt is the normal interface. For current RHEL and Fedora systems, dnf is the normal interface. Keep raw rpm for low-level package inspection or specialized cases, not as your everyday install workflow. Building software from source is a separate workflow from package management and is intentionally outside the scope of this reference.
Search¶
| Command | Description |
|---|---|
grep -n pattern file | Search for a text pattern in a file and show matching line numbers. |
grep -R --line-number pattern dir | Search recursively for a pattern and show matching line numbers. |
find /etc -type f -name '*.conf' | Find configuration files by name and type. |
locate file | Search a prebuilt file-name database for quick matches, if the plocate database is available. |
find /home/user -name 'index*' | Find files in /home/user whose names start with index. |
find /home -type f -size +10M | Find files larger than 10 MB under /home. |
Advanced Example: Combine content search and filesystem search.
Advanced troubleshooting often needs both kinds of search. Use grep when you know the text you need, find when you know file attributes, and locate when speed matters more than absolute freshness.
SSH and Remote Login¶
| Command | Description |
|---|---|
ssh user@host | Open a secure shell session to host as user. |
ssh -p port user@host | Connect over SSH on a non-default port. |
ssh-copy-id user@host | Install your public key on a remote host for passwordless SSH authentication. |
Tip
Use ssh for remote administration and ssh-copy-id when you are setting up a clean key-based workflow. Telnet is intentionally omitted here because it is not an appropriate default tool on current Linux distributions for secure remote access.
File Transfer¶
| Command | Description |
|---|---|
scp file.txt user@server:/tmp/ | Copy file.txt to /tmp on the remote host. |
scp user@server:/var/www/*.html /tmp/ | Copy matching HTML files from a remote host to a local directory. |
scp -r user@server:/var/www /tmp/ | Copy a remote directory tree recursively to a local path. |
sftp user@host | Start an interactive SFTP session over SSH. |
rsync -a /srv/apps/ /srv/backup/apps/ | Synchronize files locally while preserving metadata and directory contents. |
rsync -avz /srv/apps/ user@host:/srv/backup/apps/ | Synchronize to a remote host with verbose output and compression enabled. |
Advanced Example: Prefer rsync for repeatable sync jobs.
scp is fine for one-off copies, but rsync is the better operational habit for recurring transfers because it preserves metadata, skips unchanged files, and handles large trees more efficiently.
Disk Usage¶
| Command | Description |
|---|---|
df -h | Show free and used filesystem space in a human-readable format. |
df -i | Show inode usage, which is critical when space looks fine but file creation still fails. |
fdisk -l | List disk partitions, sizes, and partition types, usually with elevated privileges. |
du -ah | Show disk usage for files and directories recursively in human-readable form. |
du -sh | Show the total size of the current directory only. |
findmnt | Display mounted filesystems and their target mount points. |
mount /dev/sdb1 /mnt | Mount a device or filesystem at a target directory, usually with elevated privileges. |
umount /mnt | Unmount a filesystem from /mnt, usually with elevated privileges. |
Tip
"Disk full" does not always mean bytes are exhausted. Check both df -h and df -i. A filesystem can run out of inodes long before it runs out of space, especially on systems that generate huge numbers of small files.
Advanced Example: Investigate a full filesystem.
This gives you the basic picture fast: whether the problem is blocks or inodes, how much space the current directory is consuming, and what filesystem or mount point you are actually working on before you start deleting data.
Directory Navigation¶
| Command | Description |
|---|---|
cd .. | Move up one directory level. |
cd | Return to the current user's home directory. |
cd - | Jump back to the previous working directory. |
cd /path/to/directory | Change directly to the specified directory. |
Last Transmission
Updated April 24, 2026