GNU/Linux Quick Reference

Documentation | Keystrokes | Shell commands | Software | Software Development | Web Development
Filesystems | Configuration files | System commands | Networking | Kernel

man command - get the manual pages for a given 'command'; for example, run 'man' on any of the shell commands given below to get information on usage and extra options.
info command - get info for the given 'command' (run 'info' in a shell).

Likely places to find (text/html/pdf/etc) documentation on a linux system:


The linux documentation project - HOWTOs, guides, FAQs, etc.

Run these commands from a shell.

ls - get a file listin; use '-al' to get a long file listing that includes hidden files and attributes.
cd directory - change directory to 'directory'.
cp path1 path2 - copies from 'path1' to 'path2'.
mv path1 path2 - moves or renames 'path1' to 'path2'.
rm filename - removes 'filename' (asks for confimation).
rm -rf path - removes 'path' and everything that it contains (recursively) without asking for confirmation (CAREFUL!).
rmdir directory - removes the directory 'directory' (asks for confimation).

pushd directory - pushes current directory onto the directory stack and moves to 'directory'.
popd - pops a directory off of the directory stack and moves to it.

touch filename - creates the empty file 'filename'.
mkdir dirname - creates the directory 'dirname'.
ln -s path name - crease a symbolic link from name to some path.

chmod [ugo+-rwxs] path - change that access rules for the given 'path', which can be seen by using 'ls -al'. The options 'u' = user, 'g' = group, 'o' = other, '+' enables, '-' disables, 'r' = read, 'w' = write, 'x' = execute, 's' = set user or group ID on execution. So, to allow read access to your group on the file 'foo.txt', type 'chmod g+r foo.txt'. To make it so that any files written to a directory 'foo' use the same group as the directory, type 'chmod g+s foo'. This is helpful when using cvs, because it forces cvs to commit a file using the project's group.
chown user:group filename - Change the 'user' and 'group' ownership of a file or direcetory; use -R for recursive.
chgrp group filename - Change 'group' ownership of a file or directory.
groups - lists the groups you are a member of.

mount /floppy - mounts the floppy drive one /floppy. Similarly, mount /cdrom mounts the cdrom.
mount -t udf /dev/cdrom /mnt/cdrom - Adaptec DirectCD uses a different filesystem (UDF) and so cdroms cut with it need to be mounted differently. If this is not done, the dreaded "DriveReady SeekComplete Error" happens.
umount /floppy - unmounts the floppy drive. Similarly, umount /cdrom mounts the cdrom. Always do this before ejecting the disk media.

ssh - secure shell, a secure form of telnet; NEVER use telnet, because it sends passwords out in the free and clear. Read more about ssh and how to use it with keys and tunneling, below.
sftp - secure ftp, a secure form of ftp; NEVER use regular ftp.

tar -xvf archive.tar - extracts files from the tar archive 'archive.tar'; use -zxvf if the archive ends in .tar.gz or .tgz to invoke the gzip filter. To create a tar archive use -cvf, and to list its contents use tvf; again, insert the z option if the gzip filter is to be used.
unzip archive.zip - extracts files from the zip archive 'archive.zip'; use the corresponding 'zip' program to create archives.

cvs (Cederqvist, howto) - Concurrent Versions System; great for version control of software and other documents. (Also see chmod)

cvs import -m "Comment" cvs_dir vendor_tag revision_tag -- imports from current directory into cvs_dir
cvs checkout cvs_dir - checks out cvs_dir into current directory
cvs commit filename - commits filename from current directory into the cvs module being edited
cvs add filename - adds filename from current directory into the cvs module being edited
cvs remove filename - removes filename from current directory into the cvs module being edited
cvs release cvs_dir - checks for uncommitted changes and releases a cvs directory

viewcvs ( INSTALL file in cvs) - view cvs archive using a web browser. From root, type 'viewcvsd 2>/dev/null' to dun a standalone cvs server on port 7467.

rsync -- very useful utility for backing up or synchronizing hard drives.

slocate pattern - secure location of files; anything with 'pattern' in it will be found. Note that before first use, the slocate database will need to be setup by running 'slocate -u' as root. Presumably the setup will need to be redone when newly added files should be indexed.
find . -name filename -finds a file starting from current directory; use '-iname' for case insensitivity
find . -path pathname -finds a path starting from current directory; use '-iname' for case insensitivity
find ... | more - pipe find to more so that the error message (printed to stderr) come first and what you want (printed to stdout) comes last; alternatively, use 'find ... 2> /dev/null' to redirect stderr to /dev/null and get rid of the error messages altogether.

grep pattern file - look for a 'pattern' in a given 'file' or files. Use '-i' for case insensitivity, '-r' for directory recursion, '-n' to print out the line numbers, and '-s' to suppress the error messages. For example, use 'grep -irns pattern *' to look for the pattern in any files in the current directory and subdirectories.

more filename - views 'filename' in a terminal that allows you to page down by pressing space.
less filename - views 'filename' in a terminal that allows you to scroll up and down with the arrows; type "/" to search. Less is more!

emacs -nw filename - edits 'filename' in the terminal (type ^x^s to save, and ^x^c to exit).

sed (tutorial) - stream editor

diff file1 file2 - prints differences between 'file1' and 'file2'

ps2pdf file - converts a postscript 'file' into pdf format.
pstoedit - a program that translates postscript (and pdf) to editable formats such as tgif; e.g., to make the tgif file 'tgif.obj' from the postscript file 'file.ps', type: 'pstoedit -f tgif file.ps tgif.obj'.

ps - lists user processes in the current shell and gives the process ids; 'ps -fu username' lists all processes owned by 'username'; 'ps -fe' lists everyone's processes.
kill processid - kills process with id 'processid'.
jobs - lists the jobs running in the shell.
bg - moves a suspended program into the background; type this immediately after the keystroke ^z.
fg # - moves job '#' into the foreground.

Microsoft floppy commands - use 'a:' to refer to the floppy.


top - lists processes in terms of cpu usage. Note: Top will report that almost all available memory is 'used'. The memory is actually being employed as a cache by the linux kernel and is released to user programs as needed.
uptime - gives the system uptime and load averages.

host - used to translate host names to IP addresses and vice versa; e.g. 'host validator.w3.org' and 'host 18.29.1.50'.

gnu textutils - useful text processing utilities.
fmt filename.txt > filename.text - formats the text file filename.txt for 80 characters per line and puts the result into filename.text
cat file1 file2 ... - concatenates files to stdout; use 'cat > out.txt' to write what is typed to stdin into the file 'out.txt' (finish with a ^D at the beginning of a line).
tail - output the last part of a text file. (e.g., tail -f /var/log/syslog)
wc - print the number of bytes, words, and lines in a text file.

enscript filename.txt filename.ps - converts the text file filename.txt to the postscript filename.ps
pdftotext filename.pdf - converts the pdf file filename.pdf to a text file.

crontab (Crontab Demystified, How to use cron) - used to set up jobs that should be executed on a schedule, whether the user is logged in or not. Type 'crontab crontab.txt' to set up a cron job given 'crontab.txt' as the configuration file. 'crontab -l' displays the current user's cron jobs. The format for crontab.txt entries is 'mm hh dd MM day command' where day=0...6. Use 'crontab -r' to remove the current user's cron jobs.

Fetchmail with ssh tunneling (Secure POP via SSH mini-HOWTO) - fetchmail will fetch mail from a remote machine and put it into your local mail queue. To set it up for ssh tunneling, first read the tunneling section, below. Now, put the following lines into your .fetchmailrc: Put in your real username etc and your POP3 password into the space provided. The following script will retrieve the mail every five minutes: Note: I need to find a way to get this script to fork to the background once the loop has started. An alternative is to set up a crontab to fetch the mail.
procmail (Mail filtering with procmail, Procmail tutorial, Tips and recipes, man procmailrc, man procmailex) - sort all of your incoming mail into folders; works well with fetchmail.
SpamAssassin - an excellent spam detector/filter that works with procmail.

GNU Privacy Guard (GnuPG, GPG) ( faq, Mandrake tutorial, Using GnuPG with Pine ) - a command line tool used for PGP encryption and digital signing of documents (such as email); easy to install and use.

X from scratch - to run XWindows from a getty, first type 'X' to boot up the X server. Type 'ctrl-alt-f1' to get back to the terminal. Next, type 'twm -display :0' to start a bare bones window manager and then ctrl-alt-f7 to get to it.

cal - prints a calendar

Almost all of this software has a nice graphical user interface:

emacs filename - edits 'filename' (type ^x^s to save, and ^x^c to exit).
nedit - text editor with a nice giu. Uses mac keystrokes.

pine - a nice email reading and sending program
pinepgp - sets up gnupg for use with pine; type 'pinepgp username@domain' to 'encrypt to self' for outgoing encrypted messages.

konqueror - a nice web / file browsing program.
galeon - another web browsing program; has tabbed browsing support (nice!).
mozilla - web browsing etc bloatware; needs to be installed for galeon to work (galeon used the mozilla rendering engine).

acroread - the Adobe acrobat reader for reading pdf (portable document format) files.
ghostview - reads postscript (ps and eps) and pdf files.

gkrellm - system resource monitor / display

tkdiff file1 file2 - gui version of the 'diff' shell command.
gless filename - gui version of the 'less' shell command.
gtop - a gtk version of the 'top' shell command

tgif - a good vector graphics program for linux; can be used for scientific diagrams and simple drafting.

xcdroast - used to cut CDs

Glade - a visual interface builder for gtk and gnome apps; outputs C code or alternatively an XML file that can be loaded into a program using libglade.

gcc - the GNU C Compiler. Has been renamed the GNU Compiler Collection because it now has front-ends for compiling C, C++, Objective C, Fortran, Java, and Ada.


make - makes a C program into an executable given the existence of a 'Makefile'; e.g., the Makefile for a program called foo.c that uses a library barlib.c with prototypes in barlib.h should look like (replace <tab> with an actual tab):


make -j # - invokes make so that it uses # processors during the build.


Python - an interpreted, interactive, object-oriented programming language.


Spyce - server-side web scripting with python.

XML - the extensible markup language.

W3Schools - tutorials for Web development (HTML, XHTML, CSS, and much, much more).

XHTML validation

HTML ASCII reference and entities - all those pesky codes that you can never remember.

/sbin/init - Init is the parent of all processes, and always has PID 1. Its primary role is to create processes from a script stored in the file /etc/inittab (see inittab(5)). This file usually has entries which cause init to spawn gettys on each line that users can log in. It also controls autonomous processes required by any particular system. If init is killed (e.g., kill -HUP 1) it will automatically restart.
/sbin/telinit - Runs init with a single argument. Use telinit 1 to 6 to invoke the different run-levels. Use telinit q or Q tells init to re-examine the /etc/inittab file. So, different respawning processes can be defined at different times (e.g., use a crontab to run a ppp server at night that answers incoming phone calls).

halt - Halts system
reboot - Reboots system

apt-get update - updates the apt-get software lists.
apt-get upgrade - upgrades existing software.
apt-get dist-upgrade - upgrades software with extra dependency checks.
apt-get install package - installs 'package'; a search engine for available packages can be found here.
apt-get remove package - remove 'package'.
dpkg -i package.deb - installs package.deb.

dmesg - Print out the boot messages.

iptables -n -L - lists the firewall rules; this is good for checking to ensure the firewall is up.

adduser - adds a new user
addgroup groupname - add the group 'groupname' to the system
usermod -G groupname username - adds the user 'username' to the group 'groupname'. Note that the user will have to logout/login for the changes to take effect.

bonnie - Unix filesystem performance benchmark; great for showing off a dual processor machine because one cpu maxes out while the other waits for your commands.

depmod - resolves kernel module dependencies
ismod - lists kernel modules

/usr/sbin/apachectl graceful - restarts apache httpd after a configuration change, for example

john - "John the Ripper", for trying to crack passwords on local machine; ensures security
satan - a program used to hack a network and thereby test its security

ldconfig - Configures the linker to look for libraries listed in /etc/ld.so.conf; put entries into this file when libraries are installed in non-standard locations.

See the NetworkingOverview-HOWTO and net-HOWTO.

/sbin/ifconfig - prints out the network configuration; gives useful information like what interfaces are active and also the ethernet hardware address.
/sbin/ifconfig eth0 down - takes down the ethernet
/etc/init.d/network stop - takes down the ethernet
/etc/init.d/network start - starts the ethernet

netstat -r or route -n - shows the routing tables being used; for each network address, the interface handling it is given (note default=0.0.0.0).

SSH (SSH Secure Shell, OpenSSH, Public-key cryptography) - a secure and versatile replacement for telnet.

SSH with keys (SSH with Keys HOWTO, Using ssh-agent) - To use Secure Shell (ssh) without having to type in passwords, use public/private key authentication. Here's what to do if you are using OpenSSH: Type 'ssh-keygen -t dsa' to generate your public and private keys; you will want to assign a passphrase to access your private key. The private key will be created in $HOME/.ssh/id_dsa and the public key in $HOME/.ssh/id_dsa.pub. Do not share your private key with anyone! To change the passphrase type 'ssh-keygen -p -f id_dsa'. If the remote machine is running an OpenSSH server, then put the public key in the $HOME/.ssh/authorized_keys file on that machine. If the remote machine is running the SSH2 (non-OpenSSH) server, then run 'ssh-keygen -x -f id_dsa.pub > id_dsa.ssh2.pub' to create an SSH2 compatible key; put the result in $HOME/.ssh2/id_dsa.ssh2.pub on the remote machine and create a $HOME/.ssh2/authorization file there that contains the line 'key id_dsa.ssh2.pub'. Automatic logins with ssh should now be possible. Use 'ssh -v' to get verbosity on what ssh is doing; this will help debug problems like directory permissions, etc. Run 'ssh-agent' to manage your keys so that you don't have to type in the passphrase every time you want to do something with ssh (ssh-agent may already be running). Type 'ssh-add' to add the standard key 'identity' to the key manager (i.e., ssh-agent), or 'ssh-add /location/of/key' for a key located somewhere else.

SSH tunneling (SSH Tunneling) - Secure Shell (ssh) is a way to connect normally unsecure client programs to remote services securely (e.g., fetchmail, POP3, etc). Ssh tunneling uses the concept of port forwarding. Ssh intercepts a call from a client program going out some port, tunnels it through to the remote sshd (encrypted), which decrypts the signal and connects to the desired port internally. Ssh keys are needed. The tunneling command is 'ssh -f [user@remote] -L [localPort]:[remoteHost]:[remotePort] [some command]'; e.g., 'ssh -f username@somehost.com -L 1234:somehost.com:110 sleep 5' to tunnel through to port 110 (POP3) on somehost.com, intercepting the outgoing call from the POP3 client on port 1234 (or whatever other port was defined). The command 'sleep 5' is run after ssh is forked to the background and gives the client 5 seconds to connect to port 1234 before an attempt is made to connect with the remote machine; if the client doesn't connect in time it will not be able to negotiate the connection with the remote computer and the tunnel will disappear. The '-C' option can be used to compress the signal via gzip. This will result in time savings over a modem, but may slow down a fast network (experiment!). A test can be performed with telnet; type 'telnet localhost 1234' to connect to the tunnel and talk with the remote sever. Note: Programs like telnet, ftp, POP3 mail programs, fetchmail, etc should never be used without ssh tunneling because they send your passwords out in the "free and clear".

NFS (NFS-HOWTO) - to mount an nfs (network filesystem), the /etc/init.d/nfs daemon must be running on the network machine; the /etc/exports file on the network machine configures nfs to allow access to specific directories. Put an entry into the local /etc/fstab to mount the networked drive. See the info for the /etc/ files under Configuration, above). The network directory to be mounted must have at least rx permission for the local user. This will require editing the /etc/passwd and /etc/group files on both machines so that the user and group numbers match. You may also need to change the ownership of the mount point.

xhost +networkComputerName - allows 'networkComputer' to send X output to my display.
export DISPLAY=networkComputerName:displayNumber - sends X output from my computer to the display 'displayNumber' at 'networkComputerName'. Note the network computer will have had to have executed the xhost command above. Programs like vnc can set up multiple displays on the same computer.

VPN (VPN-HOWTO) - "Virtual private networking"; this is a concept whereby you securly connect a remote computer into a local network. The concept is implemented in the HOWTO by ssh tunnelling a ppp connection.

VNC - "Virtual network computer": a set of programs (server/client) that allows one to set up a complete session on a remote computer in a window on the local computer. VNC is much faster than running X-sessions over the network. As a user on the remote machine, type 'vncpasswd' to set up the password and then 'vncserver' to run the server (the configuration file for vncserver is /etc/vnc.conf; make sure that the line '$vncStartup = "$ENV{HOME}/.vnc/xstartup";' is set so that you can write a startup script; put the line 'gnome-session &' in it so that you get a gnome desktop). The server will tell you the address information (e.g., 'somehost.com:1'). On the local machine, run the vnc client; e.g., 'xvncviewer somehost.com:1'; note that vnc is insecure, and so ssh tunneling should be used (read on). To kill the server, type 'vncserver -kill :1'. To tunnel vnc through ssh, type 'ssh -f -L 5901:somehost.com:5901 somehost.com sleep 10' to set up the tunnel, and 'xvncviewer localhost:1' to run vnc; vnc uses the 590x series ports, and knows that display 1 can be found by connecting to port 5901. Use '-C' with the ssh command for compression, which may either speed things up or slow them down depending on the connection. Typing 'F8' in the vnc client provides a drop down display that allows you to go to full screen mode, or alteratively use the '-fullscreen' option with vncviewer.

SAMBA - the protocol used by Microsoft Windows to share filesystems with networked computers, similar to NFS. The next few sections explain how to connect a windows machine into the network.

Windows networking - To network Windows machines, install the following packages: 1) TCP/IP, 2) NetBEUI (protocol for SAMBA), and 3) Client fo Microsoft Networks. All of these can be installed from the Control Panel. The IP addresses must be set up under the Network Neighbourhood properties (TCP/IP protocol). To share a folder with other computers on the network, right click the folder (under Explorer or whatever) and set to "share".

SAMBA with linux - Type smbclient -L machineName to list the shared folders on the windows machine. Type smbclient \\\\machineName\\shareName to access a shared windows folder using an ftp-like program. To mount a shared folder, type mount -t smbfs -o username=_____,password=_____ //machineName/shareName mountPoint (note the spacing is important, and fill in the username and password). Alternatively, set up a line in /etc/fstab as per the example in the Configuration section. Troubleshooting: be sure that the firewall is not getting in the way; you need to allow access through ports 135 (udp/tcp), 137 (udp), 138 (udp), 139 (tcp) and 445 (tcp).

Firewalling - to protect your computer from being hacked, and to keep internal programs from communicating to the outside world without your knowledge; a good firewall program is GuardDog. It is helpful to set up some extra firewall rules using iptables to complement the basic guarddog setup.

Updating (the BEST way) - get the vanilla sources from http://www.kernel.org/ and follow the installation instructions. Patches to the kernel (e.g., OpenMosix, etc) expect this. You have been warned.

Updating (the Debian way) - Let's assume that Debian's 2.4.18-bf2.4 kernel is being used and that a custom 2.4.18 kernel is desired. If it's not already there, 'apt-get install kernel-package'. Get the source for the current kernel into some temporary directory by executing 'apt-get source kernel-image-2.4.18-bf2.4', so that the current kernel's config file can be used as a starting point. Now 'apt-get install kernel-source-2.4.18'; the source will be installed in /usr/src. Cd into there and unpack the source using 'tar -jxvf kernel-source-2.4.18.tar.bz2'. Cd into kernel-source-2.4.18. Create a config directory and copy into it the bf2.4 configuration file from the config directory of the current kernel's source that was downloaded earlier. Execute 'make xconfig' to run the kernel configurator, load in the bf2.4 config file, and set up the new kernel as desired. Save the config file to a new filename before exiting. If this is a rebuild, then put an entry into debian/changelog (this is necessary and the format is very important); also type 'make-kpkg clean' so that you're starting fresh. Give the build a name (e.g., 'custom.1.0). Now, 'make-kpkg --revision=custom.1.0 kernel_image'. The kernel will be compiled and placed as a deb file in /usr/src/kernel-image-2.4.18_custom.1.0_i386.deb. Cd into /usr/src and 'dpkg -i /usr/src/kernel-image-2.4.18_custom.1.0_i386.deb'; follow the instructions. Reboot.

Update problems - sometimes when the kernel is updated, lilo doesn't execute properly. This is the first place to look for problems. A symptom of lilo problems is that the old operating system still boots up; although the file names no longer exist, lilo will still point to the old boot record until it has been properly run.

noapic - sometimes for a multiprocessor computer the kernel requires the noapic option to be passed in /etc/lilo.conf, e.g., 'append="noapic" '; otherwise it freezes up.