This is the final part of the five-part series entitled: Linux Commands frequently used by Linux Sysadmins. So far, we’ve covered over 50 commands regularly used by Linux sysadmins and power users. Refer to part 1, part 2, part 3, and part 4.
This article will look into another set of commands and command-line tools frequently used to edit text files, view file contents, system diagnostics, kill processes, and other administrative tasks performed on Linux systems. Later, I will also create another page to interlink all five parts and summarize all the commands covered.
Table of Contents
Whether you’re a Linux desktop power user or an experienced Linux sysadmin,
you’ll find yourself using these commands frequently. (Part 5 of 5)
Over the years, I’ve found there’s often more than one way of accomplishing things on Linux. For example, I would learn one way of performing a task to find out later that there’s a more efficient way to accomplish the same task. Let’s start with one such case.
vi – text editor.
When you first start with Linux, it’s common that you will gravitate to using
nano. This is because, for new users, the first time you attempt to edit text files, it will often be during system setup. So, you open
vi for the first time, without any experience, and usually desiring to complete edits as fast as possible to keep exploring your new system. As such, you may give up on using vi and, instead, opt to perform your edits in a simpler text editor, nano. However, over time, many of us will eventually switch from nano (or other GUI text editors) to vi, vim, or neovim.
cat – display file contents.
cat command, derived from the word concatenate, allows you to view a file’s contents without opening the said file. The cat command can also be used to redirect the contents of text files into other files or to create new text files. Here are some examples of using
To print the contents of a file to the standard output, use:
To concatenate several files into the target file, use:
cat file_name1 file_name2 > file_name
Append several files into the target file:
cat file_name1 file_name2 >> file_name
To show the line number in output, use ‘-n‘.
tac – output file contents, in reverse.
To print and concatenate files in reverse, use:
To print the output of a command reversed, use:
command | tac
more – display file contents one screen/page at a time.
cat command, which can display a text file’s contents, the
more command also displays a text file’s contents. The main difference is that in larger files, the
cat command displays the entire file’s contents, no matter how long, whereas the
more command displays its output one screenful or page at a time.
This allows you to page through the output in easier to digest format, which is useful for error logs and other such files that can grow to be thousands of lines long.
To open a file, with
You can set the # of lines each page should contain using:
more -10 file_name
You can start more output from a specific line number using:
more +20 file_name
You can use the more command with
cat, for example:
cat file_name | more
— To page down, use the <Space> bar.
— To search for a string type ‘/yourquery’.
less – similar to the more command with additional features.
less output of pacman‘s log file.
This brings us to
less. Remember that saying, “less is more”? This is a classic example of that. Similar to more, the less command allows you to view and navigate file contents. However, the A command is faster than the B command because it does not need to load the complete file before starting. It also provides bidirectional navigation using the page up/down and arrow up/down keys.
In short, more is less user-friendly, while less is more user-friendly. Due to this, and because of its speed and additional features, the less command should be your preferred choice in most cases.
To open a file with
— To forward search for a string type
/yourquery then, press n to go to the next match or N to go to the previous match.
— To backward search for a string type
— To go to the end of the file, use G, and use g to go to the start.
— To follow the output of the currently opened file, use F. (similar to the
tail command discussed next).
— To open the current file in an editor, use v.
Check out this less command cheat sheet.
tail – used to display the tail end of a text file or piped data.
tail command is a command-line utility used to view the tail end of text files. By default, the tail command returns the last ten (10) lines of a file. You can also follow a file in real-time using the tail command, making it perfect for observing log files as new lines are saved.
To show the last x number of lines in a file, use:
tail -n x file_name
To show all lines since line number x:
tail -n +x file_name
To show the last x bytes of a file, use:
tail -c x file_name
To watch a file in real-time (Ctrl + C to stop), use:
(or ‘-F‘ to keep reading even if the file is rotated)
tail -f file_name
To show the last x lines in a file and refresh every x seconds, use:
tail -n x -s x -f file
tail -n 25 -s 5 -f /var/log/nginx/access.log
dmesg – prints the message buffer of the kernel ring.
$ sudo dmesg –color=always | less -R
The kernel ring buffer is a data structure that records system messages linked to the kernel’s operation. As the name suggests, this buffer always remains at a constant size, with the oldest messages being removed when new messages come in.
On various Unix-like systems, including Linux, the boot process produces a very dense output of kernel messages. Oftentimes, system diagnostics such as failed hardware will start with inspecting the kernel logs. Dmesg allows you to review and monitor hardware device and driver messages from the kernel’s own ring buffer. This makes dmesg quite useful for troubleshooting.
For example, to troubleshoot in real-time, you can use the following:
This works similarly to the
tail command. After running the above command, you can plug and unplug USB devices, connect to WiFi or ethernet, and other hardware devices you would like to troubleshoot.
To show error and warning messages only, use:
To see a full listing of USB-related messages, issue the
dmesg command with
grep for ‘USB’:
dmesg | grep -i usb
Useful reading: dmesg explained.
journalctl – query the systemd journal.
Systemd has its own logging system called the journal. To read those logs, journalctl is used. For example, to display only kernel messages with
journalctl you can add the -k or –dmesg flags to your command:
The journal (journald) stores log data in binary format, unlike past services that stored logs in plain text. As such,
journalctl is used to transmute binary logs into readable plain text. Check out The ultimate guide to using journalctl.
Another good read is kmsg. Kmsg (/dev/kmsg) is a file stored in the Linux filesystem, used to store messages from the Kernel, and is used by dmesg and klogd.
kill – terminate a process.
At times, you’ll need to stop an application or command-line process from running. For this, Unix-like systems such as Linux offer the command-line tool called
kill. The kill command was partially covered in the article How to Kill Inactive SSH Sessions. The first step is to find the PID (process ID) of the process you would like to kill. For this, you can use top, htop, ps, pstree, and other tools to find the PID you’d like to stop.
To list all available kill signals, use:
[hydn@alien ~]$ kill -l 1) SIGHUP 2) SIGINT 3) SIGQUIT 4) SIGILL 5) SIGTRAP 6) SIGABRT 7) SIGBUS 8) SIGFPE 9) SIGKILL 10) SIGUSR1 ...
As an example, if you would like to kill a stuck process (9 SIGKILL) with PID of 3649, you can use the following command:
kill sigkill 3649
kill -9 3649
killall – Sends a kill signal to all instances of a process by name.
List available signal names (to be used without the ‘SIG’ prefix):
To terminate a process using the default SIGTERM (terminate) signal, use:
To interactively ask for confirmation before termination, use:
killall -i process_name
To force kill a process, use:
killall -KILL process_name
sleep – suspends program execution for a specified time.
sleep pauses for an amount of time specified by values in the command line arguments.
There are 100’s of useful ways to use sleep. You can use it where ever you need a timed delay. For example, during boot, you can use sleep to delay the launch of certain processes, you can use sleep to run a command after a specific delay in time, you can use sleep for a delay and add a delay between resource-intensive scripts or tasks, etc., etc. The default time value is in seconds, but you can also use ‘m‘ for minutes, ‘h‘ for hours, and ‘d‘ for days. Remember; also we covered
cron in Part 3.
Also, see the
nohup – Run Commands in the Background.
nohup, is short for no hangups. Ordinarily, when you exit from the terminal or a remote ssh session, the command-line processes we initiated will also be terminated. The nohup command is a convenient solution to keep processes running in the background even if you exit the terminal or log out of a remote SSH session.
nohup [command] [options]
Here’s an example:
[root@host ~]# nohup ./backup.sh nohup: ignoring input and appending output to ‘nohup.out’ [root@host ~]#
By default, nohup will save the output to nohup.out. If you would like to stop that output, use:
nohup ./backup.sh >/dev/null 2>&1 &
screen – hold a session open on a remote server. (also a full-screen window manager)
As an alternative to
nohup, you can use
screen. Screen is a terminal multiplexer (used to multiplex several virtual consoles), allowing users to access separate login sessions inside a single terminal window or to detach and reattach to sessions from a terminal.
9. passwd – change a user’s password.
This is a command that we should use to change passwords frequently. The
passwd command is used to change a user’s password. The password entered is used by a key derivation function to create a hashed version of the new password. Only the hashed password is saved; the plain text password is not saved.
To change the password of the current user interactively, use:
To immediately change the password of the current user, use:
To change the password of the specified user, use:
passwd username new_password
To get the current password status/date of the user, use:
10. mount – provides access to an entire filesystem in one directory.
mount command instructs the Linux operating system that a file system is ready for use, associates it with a particular ‘mount point’ in the file system, and sets options relating to its access. Mounting makes file systems, files, directories, and devices available for use.
To show all mounted filesystems, use:
To mount all the filesystem defined in /etc/fstab, use:
Learning the mount and mount commands:
- Mounting a file system – Redhat
Additional frequently used Linux commands not covered in parts 1 – 5:
systemctl– Managing Services (Daemons) | Understanding and administering systems.
clear– clears the screen of the terminal.
env-Run a command in a modified environment.
- Your suggestions here (add via comments).
80+ commands have been included in this series! About half of the commands listed above in part 5 of this series, includes alternative commands. This is really what makes Linux thrilling, there are often many options available to perform the same tasks. This allows us you get really, really, comfortable with our Linux distro of choice, albeit our favorite Linux desktop distro or favorite Linux server distro.