# root.whispers — Linux Commands Cheatsheet > AlmaLinux 9 / RHEL 9 family and Ubuntu 22.04 tested. Some commands vary by distro. Read before you run. --- ## Table of Contents - [System Basics](#system-basics) - [Users & Groups](#users--groups) - [Permissions & Modes](#permissions--modes) - [ACLs](#acls) - [Files, Search & Text](#files-search--text) - [Processes & Services](#processes--services) - [Time & NTP](#time--ntp) - [Networking](#networking) - [SSH (Client & Server)](#ssh-client--server) - [Firewall](#firewall) - [Packages (RPM & Debian)](#packages-rpm--debian) - [Disks, Filesystems & Mounting](#disks-filesystems--mounting) - [LVM / VDO / Stratis](#lvm--vdo--stratis) - [Logging](#logging) - [Scheduling (cron / at)](#scheduling-cron--at) - [Containers (Podman & Docker)](#containers-podman--docker) - [Git Essentials](#git-essentials) - [Security Quick Checks](#security-quick-checks) - [Misc Snippets](#misc-snippets) --- ## System Basics ```sh hostnamectl # Hostname / chassis / OS info lsb_release -a # Distro info (Debian/Ubuntu) cat /etc/os-release # Generic OS info uname -a # Kernel uptime -p # Pretty uptime whoami && who && last -n 5 # User/session audit free -h # Memory vmstat 1 # Quick CPU/mem view df -hT # Disks with FS types lsblk -f # Block devices with labels/UUIDs ``` --- ## Users & Groups ```sh # Key files /etc/passwd # User accounts /etc/group # Groups /etc/shadow # Password hashes /etc/login.defs # Defaults for new users /etc/skel # Skeleton for new home dirs /etc/security/pwquality.conf # Password complexity rules # Users useradd useradd -r # System account passwd # Set/change password echo "user:pass" | chpasswd # Batch update passwords id # Show uid/gids userdel userdel -r # Remove and delete $HOME # Groups groupadd groupdel usermod -a -G # Add user to group gpasswd -a # Alternative add gpasswd -d # Remove from group # Lock / unlock user (account) passwd -l # Lock passwd -u # Unlock # Shell chsh -s /bin/bash # Change login shell usermod -s /sbin/nologin # Disable interactive logins usermod -s /bin/false # Drop immediately on login # Sudo usermod -a -G sudo # Debian/Ubuntu usermod -a -G wheel # RHEL/CentOS/Fedora # Password aging chage -m MIN -M MAX -W WARN -I INACT -E EXPIRE ``` --- ## Permissions & Modes ```sh ls -l tmp # List perms chmod g-w tmp # Remove write (group) chmod a-r tmp # Remove read (others) chmod u+rw file # Add rw (user) chmod u+x file # Add execute (user) chmod a+rwx path # rwx for all # SetUID / SetGID / Sticky chmod u+s file # SetUID on executable chmod g+s file_or_dir # SetGID on file/dir chmod +t dir # Sticky bit on dir (only owner can delete) chmod -t dir # Remove sticky # chown / chgrp chown -R user path chgrp -R group path ``` --- ## ACLs ```sh setfacl -m u:USER:rwx PATH setfacl -m g:GROUP:r PATH setfacl -Rm g:GROUP:r PATH # Recursive setfacl -x g:GROUP PATH # Remove entry setfacl -b PATH # Remove all ACLs getfacl PATH # Show ACLs ``` --- ## Files, Search & Text ```sh # Existence tests test -f FILE && echo "file exists" test -d DIR && echo "dir exists" # Find / grep find . -type f -mtime -1 grep -Rni --color "pattern" . grep -E "foo|bar" file grep -c "pattern" file # Count matches # sed / awk sed -n '1,120p' file # Show lines 1..120 awk '{print $1,$2}' file # Sorting / uniq sort -nr file uniq file # Copy/move including dotfiles # Zsh setopt glob_dots; mv Foo/* Bar/; unsetopt glob_dots # Bash shopt -s dotglob; mv Foo/* Bar/; shopt -u dotglob # rsync rsync -avh --progress SRC/ DST/ # Checksums sha256sum file echo " file" | sha256sum -c ``` --- ## Processes & Services ```sh # Processes ps -ef | grep ps -ef --sort=-%cpu | head -10 ps -ef --sort=-%mem | head -10 pgrep # PIDs by name pkill # Kill by name kill ; kill -9 # SIGTERM, SIGKILL killall -s 9 # Force kill all by name top -H -p # Threads view pstree # Tree view strace -f -p # Syscalls (careful) perf top # Hot functions # systemd systemctl status/start/stop/restart NAME.service systemctl reload NAME.service systemctl enable/disable NAME.service systemctl mask/unmask NAME.service systemctl list-units --type=service --no-pager | grep -i term systemctl --all ``` --- ## Time & NTP ```sh timedatectl # Show time settings timedatectl list-timezones timedatectl set-timezone Europe/Stockholm timedatectl set-time '2025-08-08 20:15:50' timedatectl set-ntp true # Chrony (RHEL family) dnf install -y chrony ntpstat systemctl enable --now chronyd ntpstat chronyc sources -v vi /etc/chrony.conf && systemctl restart chronyd chronyc makestep ``` --- ## Networking ```sh ip a # Addresses ip r # Routes ss -tulpn # Listening sockets lsof -i :443 # Who bound 443 nc -zv host 1-1024 # Quick port sweep curl -I https://example.com # HEAD request dig +short A example.com # Just the answers traceroute example.com # tcpdump tcpdump -i eth0 -nn port 53 -vv # View & sort sizes du -h ~ | sort -nr ``` --- ## SSH (Client & Server) ```sh # Client quality-of-life ssh -J jumpbox user@target ssh -o StrictHostKeyChecking=accept-new host scp -3 user1@host1:/p user2@host2:/p # ~/.ssh/config # --- # Host prod # HostName 203.0.113.10 # User ubuntu # IdentityFile ~/.ssh/id_ed25519 # ForwardAgent no # Keys ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519 -C "comment" ssh-copy-id USER@HOST -i ~/.ssh/id_ed25519.pub # Server (/etc/ssh/sshd_config) # Client keepalive ClientAliveInterval 600 ClientAliveCountMax 1 # Disable root login PermitRootLogin no # Disable empty passwords PermitEmptyPasswords no # Allow only certain users AllowUsers user1 user2 # Change port Port 2222 # Reload # systemctl restart sshd ``` --- ## Firewall ```sh # firewalld (RHEL family) firewall-cmd --list-all firewall-cmd --get-active-zones firewall-cmd --zone=public --list-all firewall-cmd --get-services firewall-cmd --add-service=http --permanent firewall-cmd --add-port=8080/tcp --permanent firewall-cmd --reload firewall-cmd --runtime-to-permanent # iptables (legacy) iptables -L iptables -F # nftables nft list ruleset ``` --- ## Packages (RPM & Debian) ```sh # RHEL / Fedora dnf install PACKAGE dnf remove PACKAGE rpm -qa # List installed rpm -qi PACKAGE # Info rpm -qc PACKAGE # Config files rpm -qf /path/to/file # What pkg owns this file? rpm -ihv PACKAGE.rpm # Install local rpm cat /etc/redhat-release yum update # Minor updates yum upgrade # Full upgrade # Debian / Ubuntu apt update && apt list --upgradable apt install PACKAGE apt remove PACKAGE dpkg -S /usr/bin/foo # What pkg owns file apt-cache policy PACKAGE # Candidate version/source cat /var/log/apt/history.log ``` --- ## Disks, Filesystems & Mounting ```sh lsblk blkid fdisk -l /dev/sda df -hT # Quick single-partition + format (ext4) fdisk /dev/sdx # g|o, n (defaults), w mkfs.ext4 /dev/sdx1 mkdir -p /data && mount /dev/sdx1 /data # Labels & mounts e2label /dev/sdx1 DATA_VOL mount -L DATA_VOL /data echo "UUID=$(blkid -s UUID -o value /dev/sdx1) /data ext4 defaults 0 0" >> /etc/fstab mount -a # Integrity e2fsck -f /dev/sdx1 # Loop ISO mount -o loop file.iso /mnt/iso ``` --- ## LVM / VDO / Stratis ```sh # LVM pvcreate /dev/sdb1 vgcreate vg0 /dev/sdb1 lvcreate -n lvdata -L 50G vg0 mkfs.ext4 /dev/vg0/lvdata mount /dev/vg0/lvdata /data lvextend -l +100%FREE /dev/vg0/lvdata resize2fs /dev/vg0/lvdata lvremove vg0/lvdata && vgremove vg0 && pvremove /dev/sdb1 # VDO (RHEL 9+ note: requires correct packages) lvcreate --type vdo -n vdotank -L 100G -V 300G vg0 lvs -o lv_name,vdo_compression,vdo_deduplication vdostats --human-readable lvchange --compression y /dev/vg0/vdotank # Stratis dnf install -y stratis-cli stratisd systemctl enable --now stratisd stratis pool create pool0 /dev/sdb stratis filesystem create pool0 fs0 mount /dev/stratis/pool0/fs0 /stratis ``` --- ## Logging ```sh # Classic logs (RHEL) /var/log/boot /var/log/messages /var/log/secure /var/log/cron /var/log/maillog /var/log/chronyd # Debian/Ubuntu auth /var/log/auth.log # journald journalctl -b -1 # Previous boot journalctl -u ssh --since "2h" journalctl -xe # Errors with context journalctl -k -f # Kernel (follow) # Persistent journal vi /etc/systemd/journald.conf # Storage=persistent mkdir -p /var/log/journal systemctl restart systemd-journald journalctl --flush ``` --- ## Scheduling (cron / at) ```sh # Access control echo USER >> /etc/cron.allow echo ALL >> /etc/cron.deny crontab -e # Edit current user crontab -e -u # Edit other user crontab -l # List # at echo "echo hi" | at now + 1 hour systemctl enable --now atd echo USER >> /etc/at.allow echo ALL >> /etc/at.deny ``` --- ## Containers (Podman & Docker) ```sh # Podman dnf install -y podman podman info podman images && podman ps -a podman run -dt --name web -p 8080:80 docker.io/library/nginx:alpine podman exec -it web /bin/sh podman logs -f web podman rm -a -f # Generate systemd unit for rootless container podman generate systemd --new --files --name web loginctl enable-linger systemctl --user enable --now container-web.service # Docker parity docker images && docker ps -a docker run -dt --name web -p 8080:80 nginx:alpine docker exec -it web /bin/sh docker logs -f web docker compose up -d docker compose logs -f ``` --- ## Git Essentials ```sh git config --local user.name "Your Name" git config --local user.email "you@example.com" git switch -c fix/thing git add -A && git commit -m "message" git pull --rebase origin main git push git stash push -m "wip: foo" && git stash list git reflog # Recover lost refs git reset --soft HEAD~1 # Undo last commit keep changes git reset --hard HEAD~1 # Dangerous: drop changes git push --force # Use sparingly git commit --amend --reset-author ``` --- ## Security Quick Checks ```sh sudo -l # What can current user sudo? getcap -r / 2>/dev/null | grep cap_ # Files with caps stat -c "%a %n" * # Numeric perms sha256sum FILE # Hash ``` --- ## Misc Snippets ```sh # Nice / renice nice -n 10 command renice -n 19 -p # Generate password tr -dc 'A-Za-z0-9'