The commands you reach for every day — and the ones you have to search every time. This reference covers file management, permissions, processes, networking, disk space, archives, text processing, and system info.
Quick reference
The 30 commands that cover 90% of daily Linux work.
| Command | What it does |
|---|---|
ls -lah |
List files (long, human sizes, hidden) |
cd ~ |
Go to home directory |
pwd |
Print working directory |
cp -r src/ dst/ |
Copy directory recursively |
mv old new |
Move or rename |
rm -rf dir/ |
Delete directory recursively (careful!) |
mkdir -p a/b/c |
Create nested directories |
touch file.txt |
Create empty file (or update timestamp) |
cat file |
Print file contents |
less file |
Page through file (q to quit) |
head -20 file |
First 20 lines |
tail -f log |
Stream file tail live |
grep -r "text" . |
Search recursively in current dir |
find . -name "*.log" |
Find files by name pattern |
chmod 755 file |
Set permissions |
chown user:group file |
Change owner |
ps aux |
All running processes |
kill -9 PID |
Force-kill process |
top / htop |
Live process monitor |
df -h |
Disk usage (human-readable) |
du -sh dir/ |
Directory size |
tar -xzf file.tar.gz |
Extract gzipped tarball |
wget URL |
Download file |
curl -I URL |
HTTP headers only |
ssh user@host |
Connect via SSH |
scp file user@host:path |
Copy file over SSH |
sudo command |
Run as root |
history |
Command history |
man command |
Manual page |
which cmd |
Where is this binary? |
File and directory management
Navigation
ls # list current directory
ls -l # long format (permissions, size, date)
ls -lah # long + human sizes + hidden files
ls -lt # sort by modification time (newest first)
ls -lS # sort by file size (largest first)
cd /path/to/dir # change directory
cd ~ # home directory
cd - # previous directory
cd .. # parent directory
pwd # print working directory
Creating and deleting
mkdir newdir # create directory
mkdir -p a/b/c # create nested (no error if exists)
touch file.txt # create empty file
touch -t 202601010000 file.txt # set specific timestamp
rm file.txt # delete file
rm -i file.txt # interactive (ask before delete)
rm -rf dir/ # delete directory recursively (no prompt!)
rmdir emptydir # delete empty directory only
Copying and moving
cp file.txt backup.txt # copy file
cp -r src/ dst/ # copy directory recursively
cp -p file dst/ # preserve permissions and timestamps
mv file.txt newname.txt # rename file
mv file.txt /other/path/ # move to another directory
mv -n file dst/ # never overwrite existing file
File viewing
cat file.txt # print entire file
cat -n file.txt # with line numbers
less file.txt # paginate (arrows, q to quit)
more file.txt # older pager
head file.txt # first 10 lines (default)
head -50 file.txt # first 50 lines
tail file.txt # last 10 lines
tail -n 100 file.txt # last 100 lines
tail -f /var/log/syslog # stream live (Ctrl+C to stop)
Links
ln -s /path/to/target link # soft (symbolic) link
ln /path/to/target hardlink # hard link
readlink -f link # resolve symlink to real path
Searching and filtering
grep — search text
grep "pattern" file.txt # basic search
grep -i "pattern" file.txt # case-insensitive
grep -r "pattern" . # recursive in current directory
grep -r "pattern" . --include="*.php" # only PHP files
grep -n "pattern" file # show line numbers
grep -v "pattern" file # invert match (lines NOT matching)
grep -c "pattern" file # count matching lines
grep -l "pattern" * # only print filenames
grep -A 3 -B 3 "pattern" file # 3 lines of context around match
grep -E "a|b" file # extended regex (alternation)
grep -o "pattern" file # only print matched part
find — search files
find . -name "*.log" # by name (case-sensitive)
find . -iname "*.LOG" # by name (case-insensitive)
find . -type f # files only
find . -type d # directories only
find . -type l # symlinks only
find . -mtime -7 # modified in last 7 days
find . -mtime +30 # modified more than 30 days ago
find . -size +100M # larger than 100MB
find . -name "*.tmp" -delete # find and delete
find . -name "*.sh" -exec chmod +x {} \; # find and chmod
find . -empty # empty files and directories
Text processing pipeline
# Sort and deduplicate
cat file | sort | uniq
cat file | sort -u # same, shorter
# Count occurrences
cat file | sort | uniq -c | sort -rn
# Column selection
cut -d, -f1,3 file.csv # CSV columns 1 and 3
awk '{print $1, $3}' file # columns 1 and 3 (whitespace)
awk -F: '{print $1}' /etc/passwd # colon-separated
# Stream editing
sed 's/old/new/g' file # replace all occurrences
sed -i 's/old/new/g' file # in-place edit
sed '/pattern/d' file # delete matching lines
sed -n '10,20p' file # print lines 10-20
# Word count
wc -l file # line count
wc -w file # word count
wc -c file # byte count
Permissions and ownership
chmod — change mode
chmod 755 file # rwxr-xr-x (owner:rwx group:rx other:rx)
chmod 644 file # rw-r--r-- (common for config files)
chmod 600 file # rw------- (private files like SSH keys)
chmod 777 file # rwxrwxrwx (everyone can do anything — avoid)
chmod +x script.sh # add execute bit for everyone
chmod -x script.sh # remove execute bit
chmod u+x file # add execute for owner only
chmod o-w file # remove write for others
chmod -R 755 dir/ # apply recursively
# Permission number cheatsheet
# 4 = read (r)
# 2 = write (w)
# 1 = execute (x)
# 7 = rwx, 6 = rw-, 5 = r-x, 4 = r--
chown — change owner
chown user file # change owner
chown user:group file # change owner and group
chown -R user:group dir/ # recursive
chgrp group file # change group only
Viewing permissions
ls -l file # shows permissions in ls format
stat file # detailed inode info including octal mode
id # current user and groups
whoami # current username
groups # groups current user belongs to
Processes
Viewing processes
ps aux # all processes, all users
ps aux | grep nginx # filter by name
ps -ef # full format
pgrep nginx # get PIDs by name
pidof nginx # same
top # live process monitor (q to quit)
htop # improved top (install separately)
Managing processes
kill PID # send SIGTERM (graceful)
kill -9 PID # send SIGKILL (force, no cleanup)
kill -HUP PID # reload config (for daemons)
killall nginx # kill all processes named nginx
pkill -f "python script" # kill by full command match
# Background / foreground
command & # run in background
jobs # list background jobs
fg %1 # bring job 1 to foreground
bg %1 # resume job 1 in background
Ctrl+Z # suspend current process
Ctrl+C # interrupt (SIGINT)
# nohup — keep running after logout
nohup command &
nohup command > output.log 2>&1 &
System load
uptime # load average (1, 5, 15 min)
vmstat 1 # virtual memory stats, 1-second intervals
iostat 1 # I/O stats (install sysstat)
free -h # RAM usage (human-readable)
Disk and storage
df -h # disk usage for all filesystems
df -h / # specific filesystem
df -ih # inode usage (run out of inodes = can't create files)
du -sh dir/ # total size of directory
du -sh * # size of each item in current dir
du -ah dir/ | sort -rh | head -20 # largest files/dirs
# Find what's eating space
ncdu / # interactive (install separately)
du -sh /* 2>/dev/null | sort -rh | head -10 # top-level breakdown
lsblk # list block devices (disks, partitions)
fdisk -l # partition table (requires root)
mount # show mounted filesystems
Networking
Connectivity and info
ip a # network interfaces and IPs (modern)
ifconfig # same, older (may need net-tools)
ip route # routing table
netstat -tuln # listening ports (requires net-tools)
ss -tuln # same, faster (modern replacement)
ss -tulnp # include process names (requires root)
ping -c 4 google.com # check connectivity (4 packets)
traceroute google.com # trace route to host
dig google.com # DNS lookup
nslookup google.com # DNS lookup (older)
host google.com # simple DNS lookup
Downloads and HTTP
curl URL # fetch URL
curl -I URL # headers only
curl -o file.zip URL # save to file
curl -L URL # follow redirects
curl -u user:pass URL # basic auth
curl -X POST -H "Content-Type: application/json" -d '{}' URL
wget URL # download file
wget -O output.html URL # save with specific name
wget -r -np URL # recursive download
wget -c URL # resume interrupted download
SSH
ssh user@host # connect
ssh user@host -p 2222 # non-standard port
ssh -i ~/.ssh/key user@host # specific key
ssh -N -L 8080:localhost:80 user@host # local port forward
scp file user@host:/path/ # copy to remote
scp -r dir/ user@host:/path/ # directory
scp -P 2222 file user@host: # non-standard port
rsync -avz src/ user@host:dst/ # sync directory (incremental)
rsync -avz --delete src/ dst/ # sync and delete extras from dst
Firewall (ufw)
ufw status # check firewall status
ufw enable # enable firewall
ufw allow 22 # allow SSH
ufw allow 80/tcp # allow HTTP
ufw deny 8080 # block port 8080
ufw delete allow 8080 # remove rule
Archives and compression
# tar
tar -czf archive.tar.gz dir/ # create gzipped tarball
tar -xzf archive.tar.gz # extract gzipped tarball
tar -xzf archive.tar.gz -C /dest/ # extract to specific dir
tar -tzf archive.tar.gz # list contents without extracting
tar -czf - dir/ | ssh user@host 'cat > /dest/archive.tar.gz' # pipe to remote
# zip / unzip
zip -r archive.zip dir/
zip -r archive.zip dir/ -x "*.git/*" # exclude .git
unzip archive.zip
unzip archive.zip -d /dest/
unzip -l archive.zip # list contents
# gzip / gunzip
gzip file # compress (replaces file with file.gz)
gunzip file.gz # decompress
gzip -d file.gz # same as gunzip
zcat file.gz # view without decompressing
Environment and variables
echo $HOME # print variable
echo $PATH # print PATH
printenv # all environment variables
env # same
export VAR=value # set variable for current session and children
VAR=value command # set only for one command
unset VAR # remove variable
# Make permanent (add to ~/.bashrc or ~/.bash_profile)
echo 'export VAR=value' >> ~/.bashrc
source ~/.bashrc # reload without restarting shell
# PATH manipulation
export PATH="$HOME/.local/bin:$PATH" # prepend to PATH
System information
uname -a # kernel version and architecture
lsb_release -a # Linux distribution info
cat /etc/os-release # distro info (more portable)
hostnamectl # hostname and system info
date # current date and time
date +%Y-%m-%d # formatted date
timedatectl # timezone and NTP status
uptime # system uptime and load
last reboot # last reboot times
journalctl -xe # system log (last entries)
journalctl -u nginx # logs for specific systemd service
systemd services
systemctl status nginx # service status
systemctl start nginx # start
systemctl stop nginx # stop
systemctl restart nginx # restart
systemctl reload nginx # reload config (no downtime)
systemctl enable nginx # start on boot
systemctl disable nginx # don't start on boot
systemctl list-units --type=service # list all services
User management
useradd -m -s /bin/bash username # create user with home dir
passwd username # set password
usermod -aG sudo username # add to sudo group
userdel -r username # delete user and home dir
su - username # switch user (full environment)
sudo -u username cmd # run command as another user
sudo -i # root shell
sudo -l # list your sudo permissions
who # who is logged in
w # who is logged in + what they're doing
last # recent logins
lastlog # last login for all users
Shortcuts and productivity
Terminal shortcuts (bash/zsh)
| Shortcut | Action |
|---|---|
Ctrl+C |
Kill current process |
Ctrl+Z |
Suspend current process |
Ctrl+D |
EOF / exit shell |
Ctrl+L |
Clear screen (like clear) |
Ctrl+A |
Go to beginning of line |
Ctrl+E |
Go to end of line |
Ctrl+W |
Delete word before cursor |
Ctrl+U |
Delete to beginning of line |
Ctrl+K |
Delete to end of line |
Ctrl+R |
Search command history |
Tab |
Autocomplete |
Tab Tab |
Show all completions |
!! |
Repeat last command |
!$ |
Last argument of previous command |
!* |
All arguments of previous command |
Alt+. |
Insert last argument of previous command |
Useful one-liners
# Count files in directory
ls -1 | wc -l
# Find and kill by port
lsof -ti:3000 | xargs kill -9
# Or:
fuser -k 3000/tcp
# Watch a command every 2 seconds
watch -n 2 df -h
# Repeat a command 10 times
for i in {1..10}; do echo $i; done
# Bulk rename (e.g. .txt → .md)
for f in *.txt; do mv "$f" "${f%.txt}.md"; done
# Check if command exists
command -v docker && echo "installed" || echo "not found"
# Create a timestamped backup
cp file.conf file.conf.$(date +%Y%m%d-%H%M%S)
# Run previous command as root
sudo !!
# Show most recently modified files
ls -lt | head -20
# Disk hogs: top 10 largest files
find / -type f -printf '%s %p\n' 2>/dev/null | sort -rn | head -10
Common mistakes
rm -rf / or rm -rf /* — deletes everything on the root filesystem. Modern rm adds a --no-preserve-root guard, but never type this.
chmod -R 777 — gives everyone full control over everything recursively. Use specific permissions instead.
cat large.log | grep — useless use of cat. Just grep pattern large.log directly (faster, one process).
kill -9 as a first resort — always try kill (SIGTERM) first. SIGKILL doesn't let the process clean up.
Editing /etc/sudoers directly — use visudo instead, which validates syntax before saving (a bad /etc/sudoers locks you out).
history | grep password — if you ever typed a password on the command line, it's in your history. Clear it: history -d <line_number> or history -c.
Related tools
- Use Find & Replace to do multi-file text substitution without
sedwhen you're not on a Linux machine. - Use Text Diff to compare config files or log snapshots side by side.
- Use Hash Generator to verify file integrity with MD5/SHA checksums, same as
md5sum/sha256sum.