🐧 Linux Commands Cheat Sheet
134+ commands covering navigation, files, permissions, processes, networking, text processing and more.
| Command | Description | Example |
|---|---|---|
|
pwd
|
Print current working directory | pwd # /home/amit/projects |
|
ls
|
List directory contents | ls |
|
ls -la
|
List all files including hidden, in long format with sizes | ls -la /var/www |
|
ls -lh
|
Long listing with human-readable file sizes | ls -lh /var/log |
|
cd <dir>
|
Change to specified directory | cd /etc/nginx |
|
cd ..
|
Go up one directory level | cd .. |
|
cd ~
|
Go to home directory | cd ~ |
|
cd -
|
Switch to the previous directory | cd - |
|
tree
|
Display directory structure as a tree | tree -L 2 /var/www |
| Command | Description | Example |
|---|---|---|
|
mkdir <dir>
|
Create a new directory | mkdir logs |
|
mkdir -p a/b/c
|
Create nested directories in one command | mkdir -p /var/app/uploads/images |
|
touch <file>
|
Create an empty file or update its timestamp | touch index.php |
|
cp <src> <dest>
|
Copy a file | cp config.env config.env.bak |
|
cp -r <src> <dest>
|
Copy a directory recursively | cp -r /var/www/html /var/www/html_backup |
|
mv <src> <dest>
|
Move or rename a file or directory | mv old-name.php new-name.php |
|
rm <file>
|
Remove a file | rm tmp.log |
|
rm -rf <dir>
|
Recursively remove a directory and all contents (use with care) | rm -rf /tmp/build-cache |
|
rmdir <dir>
|
Remove an empty directory | rmdir empty-folder |
|
ln -s <target> <link>
|
Create a symbolic (soft) link | ln -s /var/www/html/public public |
|
realpath <file>
|
Resolve symlinks and print the absolute path | realpath ./app |
| Command | Description | Example |
|---|---|---|
|
cat <file>
|
Print entire file contents to stdout | cat /etc/hosts |
|
less <file>
|
View a file with scrolling (q to quit) | less /var/log/nginx/error.log |
|
head -n 20 <file>
|
Show the first N lines of a file | head -n 50 access.log |
|
tail -n 20 <file>
|
Show the last N lines of a file | tail -n 100 app.log |
|
tail -f <file>
|
Follow a file in real time (live log monitoring) | tail -f /var/log/nginx/access.log |
|
nano <file>
|
Open a file in the nano terminal editor | nano /etc/hosts |
|
vim <file>
|
Open a file in Vim editor | vim /etc/nginx/nginx.conf |
|
diff <file1> <file2>
|
Show differences between two files | diff config.prod.env config.staging.env |
|
wc -l <file>
|
Count lines in a file | wc -l access.log |
|
wc -w <file>
|
Count words in a file | wc -w article.txt |
| Command | Description | Example |
|---|---|---|
|
chmod 755 <file>
|
Set permissions: owner rwx, group r-x, others r-x | chmod 755 deploy.sh |
|
chmod +x <file>
|
Add execute permission for all users | chmod +x start.sh |
|
chmod -R 644 <dir>
|
Set permissions recursively on a directory | chmod -R 644 /var/www/html |
|
chown user:group <file>
|
Change owner and group of a file | chown www-data:www-data index.php |
|
chown -R user:group <dir>
|
Recursively change owner and group | chown -R www-data:www-data /var/www/html |
|
umask 022
|
Set default permission mask for new files | umask 022 |
|
ls -l <file>
|
Show permissions, owner, size and date | ls -l /etc/passwd |
|
stat <file>
|
Show detailed file metadata including permissions in octal | stat /etc/nginx/nginx.conf |
| Command | Description | Example |
|---|---|---|
|
find <dir> -name "<pattern>"
|
Find files by name pattern | find /var/www -name "*.log" |
|
find <dir> -type f -mtime -7
|
Find files modified in the last 7 days | find /home -type f -mtime -7 |
|
find <dir> -size +100M
|
Find files larger than 100 MB | find / -size +100M -type f |
|
find <dir> -name "<pat>" -delete
|
Find and delete matching files | find /tmp -name "*.tmp" -delete |
|
grep "pattern" <file>
|
Search for a pattern in a file | grep "ERROR" app.log |
|
grep -r "pattern" <dir>
|
Search recursively in a directory | grep -r "db_password" /var/www |
|
grep -i "pattern" <file>
|
Case-insensitive search | grep -i "warning" error.log |
|
grep -n "pattern" <file>
|
Show line numbers with matches | grep -n "fatal" syslog |
|
grep -v "pattern" <file>
|
Show lines that do NOT match | grep -v "DEBUG" app.log |
|
grep -c "pattern" <file>
|
Count matching lines | grep -c "404" access.log |
|
locate <name>
|
Fast filename search using a pre-built database | locate nginx.conf |
|
which <command>
|
Find the full path of an executable | which python3 |
|
whereis <command>
|
Find binary, source, and man page locations | whereis nginx |
| Command | Description | Example |
|---|---|---|
|
sed "s/old/new/g" <file>
|
Replace all occurrences of "old" with "new" in a file (print only) | sed "s/localhost/production.db/g" config.php |
|
sed -i "s/old/new/g" <file>
|
Replace in-place (modifies the file) | sed -i "s/8080/80/g" nginx.conf |
|
awk "{print $1}" <file>
|
Print the first column of each line | awk '{print $1, $9}' access.log |
|
awk -F':' '{print $1}' <file>
|
Use a custom delimiter | awk -F':' '{print $1}' /etc/passwd |
|
cut -d":" -f1 <file>
|
Cut the first field using colon as delimiter | cut -d":" -f1 /etc/passwd |
|
sort <file>
|
Sort lines alphabetically | sort names.txt |
|
sort -n <file>
|
Sort lines numerically | sort -n scores.txt |
|
sort -rn <file>
|
Sort numerically in reverse (descending) | du -s * | sort -rn | head -10 |
|
uniq <file>
|
Remove consecutive duplicate lines (pipe after sort) | sort ips.txt | uniq |
|
uniq -c <file>
|
Count occurrences of each unique line | sort access.log | uniq -c | sort -rn |
|
tr "a-z" "A-Z"
|
Translate characters — here lowercase to uppercase | echo "hello" | tr "a-z" "A-Z" |
|
xargs
|
Build and execute commands from stdin | find . -name "*.log" | xargs rm |
| Command | Description | Example |
|---|---|---|
|
ps aux
|
List all running processes with CPU and memory usage | ps aux | grep nginx |
|
top
|
Live process monitor (q to quit) | top |
|
htop
|
Interactive process viewer (requires htop installed) | htop |
|
kill <PID>
|
Send SIGTERM (graceful stop) to a process | kill 12345 |
|
kill -9 <PID>
|
Force-kill a process immediately (SIGKILL) | kill -9 12345 |
|
pkill <name>
|
Kill processes by name | pkill php-fpm |
|
killall <name>
|
Kill all processes with the given name | killall nginx |
|
nohup <cmd> &
|
Run a command that survives logout | nohup python3 server.py & |
|
jobs
|
List background jobs in the current shell | jobs |
|
bg %1
|
Resume job 1 in the background | bg %1 |
|
fg %1
|
Bring job 1 to the foreground | fg %1 |
|
systemctl status <service>
|
Check the status of a systemd service | systemctl status nginx |
|
systemctl start <service>
|
Start a systemd service | systemctl start mysql |
|
systemctl restart <service>
|
Restart a systemd service | systemctl restart php8.2-fpm |
|
systemctl enable <service>
|
Enable a service to start on boot | systemctl enable nginx |
| Command | Description | Example |
|---|---|---|
|
ip addr
|
Show all network interfaces and IP addresses | ip addr |
|
ip route
|
Show the routing table | ip route |
|
ping <host>
|
Test network connectivity to a host | ping -c 4 google.com |
|
curl -I <url>
|
Fetch HTTP response headers only | curl -I https://freebytes.in |
|
curl -o <file> <url>
|
Download a URL to a file | curl -o latest.zip https://example.com/latest.zip |
|
wget <url>
|
Download a file from a URL | wget https://example.com/file.tar.gz |
|
netstat -tulnp
|
Show listening ports and the processes using them | netstat -tulnp | grep 80 |
|
ss -tulnp
|
Modern replacement for netstat — show open sockets | ss -tulnp |
|
nslookup <domain>
|
Query DNS for a domain | nslookup freebytes.in |
|
dig <domain>
|
Detailed DNS lookup | dig freebytes.in A |
|
traceroute <host>
|
Trace the network path to a host | traceroute google.com |
|
iptables -L
|
List firewall rules (requires root) | iptables -L -n -v |
|
ufw status
|
Show UFW firewall status and rules | ufw status verbose |
|
ufw allow 443/tcp
|
Allow a port through UFW firewall | ufw allow 443/tcp |
| Command | Description | Example |
|---|---|---|
|
df -h
|
Show disk space on all mounted filesystems (human-readable) | df -h |
|
du -sh <dir>
|
Show total disk usage of a directory | du -sh /var/www |
|
du -sh *
|
Show size of each item in current directory | du -sh * | sort -rh | head -10 |
|
free -h
|
Show RAM and swap usage | free -h |
|
lsblk
|
List block devices (disks and partitions) | lsblk |
|
mount
|
Show all mounted filesystems | mount | grep ext4 |
| Command | Description | Example |
|---|---|---|
|
whoami
|
Print the current logged-in username | whoami |
|
id
|
Print user ID, group ID and group memberships | id |
|
who
|
Show who is logged into the system | who |
|
sudo <cmd>
|
Run a command with superuser privileges | sudo systemctl restart nginx |
|
su - <user>
|
Switch to another user account | su - www-data |
|
useradd -m <user>
|
Create a new user with a home directory | useradd -m deploy |
|
passwd <user>
|
Set or change a user password | passwd deploy |
|
usermod -aG sudo <user>
|
Add a user to the sudo group | usermod -aG sudo deploy |
|
groupadd <group>
|
Create a new group | groupadd webadmin |
| Command | Description | Example |
|---|---|---|
|
tar -czf archive.tar.gz <dir>
|
Create a gzip-compressed tarball | tar -czf backup-2026.tar.gz /var/www/html |
|
tar -xzf archive.tar.gz
|
Extract a gzip tarball | tar -xzf backup-2026.tar.gz |
|
tar -xzf archive.tar.gz -C <dir>
|
Extract to a specific directory | tar -xzf release.tar.gz -C /opt/app |
|
tar -tzf archive.tar.gz
|
List contents of a tarball without extracting | tar -tzf backup.tar.gz | head -20 |
|
zip -r archive.zip <dir>
|
Create a zip archive of a directory | zip -r site.zip /var/www/html |
|
unzip archive.zip
|
Extract a zip archive | unzip release.zip -d /opt/app |
|
gzip <file>
|
Compress a file with gzip | gzip large-dump.sql |
|
gunzip <file>.gz
|
Decompress a gzip file | gunzip large-dump.sql.gz |
| Command | Description | Example |
|---|---|---|
|
uname -a
|
Show all system information (kernel, arch, hostname) | uname -a |
|
hostname
|
Show the system hostname | hostname |
|
uptime
|
Show how long the system has been running and load average | uptime |
|
date
|
Show the current date and time | date "+%Y-%m-%d %H:%M:%S" |
|
history
|
Show command history | history | grep ssh |
|
echo $PATH
|
Print the current PATH variable | echo $PATH |
|
env
|
List all environment variables | env | grep PHP |
|
export VAR=value
|
Set an environment variable for the current session | export APP_ENV=production |
|
crontab -e
|
Edit the cron schedule for the current user | crontab -e |
|
crontab -l
|
List the cron jobs for the current user | crontab -l |
| Command | Description | Example |
|---|---|---|
|
ssh user@host
|
Connect to a remote server via SSH | ssh amit@192.168.1.10 |
|
ssh -p 2222 user@host
|
Connect on a non-default port | ssh -p 2222 amit@myserver.com |
|
ssh -i key.pem user@host
|
Connect using an identity file (private key) | ssh -i ~/.ssh/aws-key.pem ubuntu@ec2-ip |
|
ssh-keygen -t ed25519
|
Generate an ED25519 SSH key pair | ssh-keygen -t ed25519 -C "amit@freebytes.in" |
|
ssh-copy-id user@host
|
Copy your public key to a remote server for passwordless login | ssh-copy-id amit@192.168.1.10 |
|
scp <file> user@host:<path>
|
Securely copy a file to a remote server | scp deploy.sh amit@192.168.1.10:/home/amit/ |
|
scp user@host:<file> <local>
|
Copy a file from remote to local | scp amit@server:/var/log/app.log ~/logs/ |
|
rsync -avz <src> user@host:<dest>
|
Sync files to a remote server efficiently | rsync -avz ./dist/ amit@server:/var/www/html/ |
|
rsync -avz --delete <src> <dest>
|
Sync and delete files at destination that no longer exist at source | rsync -avz --delete ./build/ /var/www/html/ |
No commands match your search. Try a different keyword.
Understanding the Linux File System
Linux uses a single unified directory tree starting at / (root). Key directories: /etc holds configuration files, /var holds variable data like logs and caches, /home contains user home directories, /usr contains user-installed programs, /tmp is temporary storage cleared on reboot, and /proc is a virtual filesystem exposing kernel and process information. Understanding this layout is essential for navigating any Linux server.
File Permissions Explained
Every Linux file has three permission sets: owner, group, and others. Each set has three bits: r (read=4), w (write=2), x (execute=1). The octal notation adds them: 7 = rwx, 6 = rw-, 5 = r-x, 4 = r--. Common permission sets: 755 for web files (owner can write, others can read and execute), 644 for config files (owner can write, others read-only), 600 for private keys (owner read/write only).
Piping and Redirection
Linux's power comes from combining simple commands with pipes (|) and redirection. command1 | command2 sends stdout of command1 into stdin of command2. > redirects stdout to a file (overwrite), >> appends. 2> redirects stderr. 2>&1 merges stderr into stdout — useful for capturing all output in logs. Example: ps aux | grep nginx | awk '{print $1}' | sort | uniq -c — count unique nginx process owners.
Process Management Best Practices
Always try kill (SIGTERM) before kill -9 (SIGKILL) — SIGTERM allows the process to clean up gracefully. Use systemctl for managing services rather than direct kill commands, as it handles dependencies and restart policies. For long-running tasks that must survive SSH disconnection, use nohup, screen, or tmux rather than background jobs (&), which are killed when the shell exits.
Frequently Asked Questions — Linux Commands Cheat Sheet
Start with navigation (ls, cd, pwd), file operations (cp, mv, rm, mkdir), viewing files (cat, less, head, tail), and searching (find, grep). Once comfortable, learn permissions (chmod, chown), processes (ps, kill, top), and text processing (awk, sed, cut). These cover the vast majority of everyday Linux administration.
grep searches files for lines matching a pattern and prints them. sed is a stream editor — it reads lines, applies substitutions or transformations, and outputs the result. awk is a text-processing language — it splits each line into fields and lets you run programs against them, making it ideal for structured text like CSV or log files. They are frequently piped together.
Each file has three permission sets — owner, group, and others — each with read (r=4), write (w=2), and execute (x=1) bits. chmod 755 means owner=7(rwx), group=5(r-x), others=5(r-x). chmod +x adds execute for all. chown changes the owner, chgrp changes the group. ls -l shows the current permissions in rwxrwxrwx format.
Use find for searching by name, type, size, or date: find /home -name "*.log" -mtime -7 (logs modified in last 7 days). Use locate for a fast database search: locate config.php. Use which to find the path of an executable: which python3. Use grep -r to find files containing specific text: grep -r "api_key" /var/www/
df -h shows disk space available on all mounted filesystems in human-readable form. du -sh * shows the size of each file and directory in the current location. du -sh /var shows total size of a specific path. ncdu is an interactive version if installed.
ps aux lists all running processes. top (or htop) shows a live process table. kill <PID> sends SIGTERM to gracefully stop a process; kill -9 <PID> forces it. pkill <name> kills by process name. bg and fg manage background/foreground jobs. nohup command & runs a process that survives after you log out.
> redirects output to a file, overwriting it if it exists (echo "hello" > file.txt). >> appends to the file without overwriting (echo "world" >> file.txt). 2> redirects stderr. 2>&1 redirects stderr to stdout (useful for capturing all output). | pipes stdout of one command into stdin of another.
Use ssh user@hostname or ssh -i key.pem user@ip-address. To copy files: scp file.txt user@host:/path/ (single file) or rsync -avz local/ user@host:/remote/ (sync directories). Generate an SSH key pair with ssh-keygen -t ed25519 and copy the public key with ssh-copy-id user@host.