This reference covers Ubuntu and Debian-based distributions and is aimed at server administrators and home lab builders running systems such as Ubuntu Server, Proxmox, Docker hosts, and NAS platforms. Commands are intended for use in a standard bash terminal. Where a command requires elevated privileges, sudo is noted or implied.
Navigation and File Operations
| Command | What it does | Example / Notes |
|---|
pwd | Print working directory | Shows your current full path |
ls | List directory contents | ls /etc |
ls -la | List all files including hidden, with permissions and ownership | Use this to inspect dotfiles and symlinks |
ls -lh | List with human-readable file sizes | Shows KB, MB, GB instead of byte counts |
cd | Change directory | cd /var/log |
cd ~ | Change to home directory | Equivalent to cd /home/username |
cd - | Return to previous directory | Toggles between two locations |
mkdir dirname | Create a directory | mkdir backups |
mkdir -p | Create nested directories, no error if they exist | mkdir -p /opt/myapp/config |
rm file | Remove a file | No recycle bin — deletion is permanent |
rm -rf /path | Recursively force-delete a directory and all contents | Use with extreme caution. No confirmation prompt. |
cp source dest | Copy a file | cp config.yml config.yml.bak |
cp -r src/ dest/ | Recursively copy a directory | cp -r /etc/nginx /etc/nginx.bak |
mv source dest | Move or rename a file or directory | mv old.conf new.conf |
touch filename | Create an empty file or update timestamps | touch deploy.log |
find /path -name "*.conf" | Find files by name pattern | find /etc -name "*.conf" -type f |
locate filename | Fast filename search using a pre-built index | Run sudo updatedb first to refresh the index |
which command | Show the path of an executable | which python3 |
whereis command | Show binary, source, and man page locations | whereis nginx |
tree | Display directory structure as a tree | Install with apt install tree; use tree -L 2 to limit depth |
Viewing and Editing Files
| Command | What it does | Example / Notes |
|---|
cat file | Print entire file contents to terminal | cat /etc/hosts |
less file | Page through a file interactively | Arrow keys to scroll, q to quit, /term to search |
more file | Page through a file (forward only) | Older alternative to less |
head -n 20 file | Show the first 20 lines of a file | head -n 50 /var/log/syslog |
tail -n 20 file | Show the last 20 lines of a file | tail -n 100 /var/log/nginx/error.log |
tail -f file | Follow a log file in real time | tail -f /var/log/syslog — Ctrl+C to stop |
grep "pattern" file | Search for a pattern in a file | grep "error" /var/log/nginx/error.log |
grep -r "pattern" /path | Recursive search across all files in a directory | grep -r "listen 80" /etc/nginx/ |
grep -i "pattern" file | Case-insensitive search | grep -i "failed" /var/log/auth.log |
grep -v "pattern" file | Show lines that do not match | grep -v "^#" /etc/ssh/sshd_config — strip comments |
wc -l file | Count the number of lines in a file | wc -l /etc/passwd |
diff file1 file2 | Show differences between two files | diff nginx.conf nginx.conf.bak |
nano file | Open a file in the nano text editor | Ctrl+O to save, Ctrl+X to exit |
vim file | Open a file in the vim text editor | i to insert; Esc then :wq to save and quit; :q! to quit without saving |
Permissions and Ownership
Understanding ls -la output
-rwxr-xr-x 1 ubuntu www-data 4096 May 10 09:00 script.sh
||||||||| | |
||||||||+-- other: r-x (read, execute)
|||||+++--- group: r-x (read, execute)
||+++------ owner: rwx (read, write, execute)
|+--------- file type: - file, d directory, l symlink
Numeric permission reference
| Mode | Meaning | Common use |
|---|
755 | Owner: rwx | Group: r-x | Other: r-x | Directories, public scripts |
644 | Owner: rw- | Group: r– | Other: r– | Config files, web assets |
600 | Owner: rw- | Group: — | Other: — | SSH private keys, secrets |
700 | Owner: rwx | Group: — | Other: — | Private scripts, ~/.ssh directory |
777 | Everyone: rwx | Avoid on servers — full access for all users |
Permission and ownership commands
| Command | What it does | Example / Notes |
|---|
chmod 755 file | Set permissions numerically | chmod 644 /etc/nginx/nginx.conf |
chmod +x file | Make a file executable | chmod +x deploy.sh |
chmod -R 755 /path | Recursively set permissions on a directory | chmod -R 755 /var/www/html |
chown user:group file | Change owner and group of a file | chown ubuntu:ubuntu app.conf |
chown -R www-data:www-data /var/www | Recursively assign web server ownership | Standard for Nginx/Apache web roots |
chgrp groupname file | Change only the group of a file | chgrp docker /var/run/docker.sock |
sudo command | Run a command as root | sudo systemctl restart nginx |
su - | Switch to the root user (full login shell) | Requires root password; not available on Ubuntu by default |
whoami | Print the current user | Useful inside scripts to confirm execution context |
id | Show UID, GID, and group memberships | id ubuntu |
groups | List groups the current user belongs to | groups username |
User and Group Management
| Command | What it does | Example / Notes |
|---|
useradd username | Create a new user (low-level, minimal) | Does not create home directory by default; use -m flag to create one |
adduser username | Create a new user interactively (Debian/Ubuntu) | Preferred on Ubuntu — prompts for password and details, creates home directory |
usermod -aG group username | Add a user to a supplementary group | usermod -aG sudo username — grant sudo access; usermod -aG docker username |
usermod -l newname oldname | Rename a user account | Does not rename home directory — do that separately |
userdel username | Delete a user account | Add -r to also remove the home directory |
passwd username | Set or change a user’s password | sudo passwd ubuntu |
groupadd groupname | Create a new group | groupadd developers |
groupdel groupname | Delete a group | Users are not deleted when a group is removed |
cat /etc/passwd | List all user accounts | Format: username:x:UID:GID:info:home:shell |
cat /etc/group | List all groups and their members | Format: groupname:x:GID:members |
Process Management
| Command | What it does | Example / Notes |
|---|
ps aux | List all running processes with resource usage | Columns: USER, PID, %CPU, %MEM, COMMAND |
ps aux | grep nginx | Filter process list by name | Pipe with grep -v grep to exclude the grep process itself |
top | Real-time process monitor | q to quit; k to kill a process by PID |
htop | Interactive process viewer with colour output | Install with apt install htop; F9 to kill, F6 to sort |
kill PID | Send SIGTERM (graceful stop) to a process | kill 3421 |
kill -9 PID | Send SIGKILL (force-terminate) to a process | Use when a graceful kill does not work |
killall processname | Kill all processes matching a name | killall nginx |
pkill processname | Send a signal to processes matching a name pattern | pkill -HUP nginx — send reload signal |
pgrep processname | Return PIDs of matching processes | pgrep nginx |
nohup command & | Run a command that persists after logout | nohup ./backup.sh & — output goes to nohup.out |
jobs | List background and suspended jobs in the current shell | Shows job numbers used with fg and bg |
fg %1 | Bring a background job to the foreground | Use job number from jobs |
bg %1 | Resume a suspended job in the background | Use after Ctrl+Z to suspend |
command & | Run a command immediately in the background | ./long-script.sh & |
| Ctrl+C | Interrupt (terminate) the current foreground process | Sends SIGINT |
| Ctrl+Z | Suspend the current foreground process | Resume with fg or bg |
Disk and Storage
| Command | What it does | Example / Notes |
|---|
df -h | Show disk space usage for all mounted filesystems | Human-readable sizes; check Use% column |
du -sh /path | Show total size of a directory | du -sh /var/log |
du -sh * | Show size of each item in the current directory | Run from / or /var to identify large directories |
lsblk | List block devices and their mount points | Shows disks, partitions, and LVM volumes in a tree layout |
fdisk -l | List partition tables for all disks | Requires root; use sudo fdisk -l |
mount /dev/sdb1 /mnt/data | Mount a partition to a directory | Directory must exist first; use mkdir -p /mnt/data |
umount /mnt/data | Unmount a filesystem | Ensure no processes are using the mount point first |
blkid | Show UUIDs and filesystem types of block devices | Use UUIDs in /etc/fstab for reliable mounting |
free -h | Show RAM and swap usage | Monitor available column for actual free memory |
vmstat | Show virtual memory, CPU, and I/O statistics | vmstat 2 5 — sample every 2 seconds, 5 times |
iostat | Show CPU and disk I/O statistics | Install with apt install sysstat; use iostat -x 1 for extended stats |
ncdu | Interactive disk usage browser | Install with apt install ncdu; navigate with arrow keys, d to delete |
Network Commands
| Command | What it does | Example / Notes |
|---|
ip a | Show all network interfaces and IP addresses | Modern replacement for ifconfig |
ip addr show eth0 | Show details for a specific interface | Replace eth0 with your interface name (e.g., ens3, enp3s0) |
ip route | Show the routing table | Check default gateway with ip route | grep default |
ifconfig | Legacy network interface configuration tool | Install with apt install net-tools; use ip a instead where possible |
ping host | Test connectivity to a host | ping -c 4 8.8.8.8 — send 4 packets then stop |
curl URL | Transfer data from a URL | curl -I https://example.com — fetch headers only; curl -o file URL to download |
wget URL | Download a file from a URL | wget -O filename.tar.gz URL |
netstat -tulpn | Show listening ports and associated processes | Requires net-tools; use ss -tulpn instead on modern systems |
ss -tulpn | Show listening TCP/UDP ports and the processes using them | Faster and more accurate than netstat |
nmap host | Scan open ports on a host | nmap -sV 192.168.1.1 — detect service versions; install with apt install nmap |
traceroute host | Trace the network path to a host | traceroute 8.8.8.8; install with apt install traceroute |
dig domain | Perform a DNS lookup with detailed output | dig serverman.co.uk A; dig @8.8.8.8 domain to query a specific resolver |
nslookup domain | Simple DNS query tool | nslookup serverman.co.uk |
host domain | Brief DNS lookup output | host serverman.co.uk |
arp -a | Show ARP cache (IP to MAC address mappings) | Useful for finding devices on the local network |
ip neigh | Show neighbour (ARP) table | Modern equivalent of arp -a |
hostname | Print the system hostname | Change permanently with hostnamectl set-hostname newname |
hostname -I | Print all local IP addresses | Quick way to find your server’s IP |
ufw status | Show UFW firewall status and rules | sudo ufw status verbose for full output |
ufw allow 22 | Allow inbound traffic on a port | sudo ufw allow 22/tcp; also ufw allow 'Nginx Full' |
ufw enable | Enable the UFW firewall | Ensure SSH is allowed before enabling: sudo ufw allow ssh |
| Command | What it does | Example / Notes |
|---|
uname -a | Show all system information (kernel, hostname, architecture) | Full system summary in one line |
uname -r | Show the running kernel version | Useful before and after kernel upgrades |
hostnamectl | Show detailed system identity and OS information | Includes hostname, machine ID, OS, kernel, and architecture |
lscpu | Show CPU architecture details | Cores, threads, cache, virtualisation support |
lsmem | Show memory range and size information | Use free -h for a simpler usage summary |
lspci | List PCI devices | lspci | grep -i vga — identify GPU |
lsusb | List USB devices | Useful for identifying connected hardware in a home lab |
dmidecode | Read hardware information from DMI/SMBIOS tables | sudo dmidecode -t memory — show RAM module details |
cat /etc/os-release | Show OS name and version | Reliable way to identify the distribution and version |
uptime | Show how long the system has been running and load averages | Load average values: 1min, 5min, 15min |
who | Show currently logged-in users | Includes terminal and login time |
last | Show history of user logins and system reboots | last reboot — list reboot history only |
history | Show command history for the current user | history | grep apt — search history; !123 to re-run command 123 |
dmesg | Print the kernel ring buffer (boot and hardware messages) | Use sudo dmesg for full output |
dmesg | tail -20 | Show the last 20 kernel messages | Useful for diagnosing hardware errors and USB events |
Package Management (apt — Ubuntu/Debian)
| Command | What it does | Example / Notes |
|---|
apt update | Refresh the package index from repositories | Always run before installing or upgrading packages |
apt upgrade | Upgrade installed packages without removing any | Safe for routine updates; will not install new dependencies that require package removal |
apt full-upgrade | Upgrade packages, adding or removing dependencies as needed | Use for distribution upgrades or when apt upgrade holds packages back |
apt install package | Install a package | apt install nginx curl git — multiple packages in one command |
apt remove package | Remove a package, keeping configuration files | apt remove nginx |
apt purge package | Remove a package and its configuration files | Use this for a clean removal |
apt autoremove | Remove orphaned packages no longer needed as dependencies | Run periodically after upgrades to free disk space |
apt search term | Search for packages by keyword | apt search "web server" |
apt show package | Display detailed information about a package | Shows version, dependencies, description |
apt list --installed | List all installed packages | Pipe to grep package to check if something is installed |
dpkg -l | List all installed packages (low-level) | Status codes: ii = installed, rc = removed but config remains |
dpkg -l | grep package | Check if a specific package is installed | dpkg -l | grep nginx |
add-apt-repository ppa:name | Add a PPA (Personal Package Archive) | add-apt-repository ppa:ondrej/php; run apt update afterwards |
apt-cache policy package | Show installed version, candidate version, and repository priority | Useful for pinning or debugging version conflicts |
systemd Service Management
| Command | What it does | Example / Notes |
|---|
systemctl status service | Show the current status and recent logs for a service | systemctl status nginx |
systemctl start service | Start a service immediately | sudo systemctl start docker |
systemctl stop service | Stop a service immediately | sudo systemctl stop apache2 |
systemctl restart service | Stop and start a service | Causes a brief interruption; use reload where supported |
systemctl reload service | Reload configuration without stopping the service | sudo systemctl reload nginx — no downtime |
systemctl enable service | Enable a service to start automatically at boot | Creates symlinks in the appropriate systemd target directory |
systemctl disable service | Prevent a service from starting at boot | Does not stop the currently running service |
systemctl is-active service | Return whether a service is currently active | Returns active or inactive — useful in scripts |
systemctl list-units --type=service | List all loaded service units and their state | Add --all to include inactive services |
journalctl -u service | Show all logs for a specific service | journalctl -u nginx |
journalctl -u service -f | Follow live logs for a service | journalctl -fu nginx |
journalctl -u service --since "1 hour ago" | Show logs from the last hour for a service | Also accepts: "2024-01-01 12:00:00", yesterday |
journalctl -xe | Show recent journal entries with context, jumping to the end | First place to look after a failed service start |
systemctl daemon-reload | Reload systemd manager configuration | Run after creating or editing a .service unit file in /etc/systemd/system/ |
SSH and Remote Access
| Command | What it does | Example / Notes |
|---|
ssh user@host | Connect to a remote host over SSH | ssh [email protected] |
ssh -p 2222 user@host | Connect using a non-standard SSH port | Common when port 22 is remapped for security |
ssh -i ~/.ssh/key user@host | Connect using a specific private key | Key must have permissions 600 |
ssh-keygen -t ed25519 | Generate a new ED25519 key pair | Preferred over RSA for new keys; saves to ~/.ssh/ by default |
ssh-copy-id user@host | Copy your public key to a remote host’s authorised keys | Enables passwordless SSH login |
scp file user@host:/path | Securely copy a file to a remote host | scp backup.tar.gz ubuntu@nas:/backups/ |
scp -r dir user@host:/path | Recursively copy a directory to a remote host | Use rsync for large or resumable transfers |
rsync -avz source/ user@host:/dest/ | Sync files to a remote host, showing progress | -a archive, -v verbose, -z compress in transit |
rsync -avz --delete source/ dest/ | Sync and delete files in destination not present in source | Useful for backups; test without --delete first |
SSH config shortcut
Create or edit ~/.ssh/config to define aliases for frequently accessed hosts:
Host myserver
HostName 192.168.1.100
User ubuntu
IdentityFile ~/.ssh/id_ed25519
Port 22
After saving, connect with simply ssh myserver.
Cron Jobs
Crontab commands
| Command | What it does | Example / Notes |
|---|
crontab -e | Edit the current user’s crontab | Opens in the default editor; set with EDITOR=nano crontab -e |
crontab -l | List the current user’s scheduled cron jobs | sudo crontab -l -u username to view another user’s crontab |
crontab -r | Remove the current user’s crontab entirely | Irreversible — back up with crontab -l > crontab.bak first |
Cron syntax
# ┌───────────── minute (0–59)
# │ ┌─────────── hour (0–23)
# │ │ ┌───────── day of month (1–31)
# │ │ │ ┌─────── month (1–12)
# │ │ │ │ ┌───── day of week (0–7, Sunday = 0 or 7)
# │ │ │ │ │
# * * * * * command to execute
| Expression | Meaning |
|---|
0 2 * * * | Every day at 02:00 |
*/15 * * * * | Every 15 minutes |
0 0 * * 0 | Every Sunday at midnight |
0 9-17 * * 1-5 | Every hour from 09:00 to 17:00, Monday to Friday |
30 4 1 * * | At 04:30 on the first day of every month |
@reboot | Once when the system boots |
@daily | Once per day (equivalent to 0 0 * * *) |
@weekly | Once per week (equivalent to 0 0 * * 0) |
@monthly | Once per month (equivalent to 0 0 1 * *) |
Text Processing
| Command | What it does | Example / Notes |
|---|
grep | Search for lines matching a pattern | grep -r "error" /var/log/ — search all logs for errors |
sed | Stream editor for filtering and transforming text | sed -i 's/old/new/g' file.txt — find and replace in place across entire file |
awk | Pattern scanning and text processing language | awk '{print $1}' file — print the first field of each line |
sort | Sort lines of text | sort -n file — numeric sort; sort -r — reverse order |
uniq | Remove consecutive duplicate lines | sort file | uniq — sort first to ensure duplicates are adjacent |
cut | Extract sections from each line of a file | cut -d',' -f2 file.csv — extract the second column from a CSV |
tr | Translate or delete characters | cat file | tr '[:lower:]' '[:upper:]' — convert file contents to uppercase |
wc | Count lines, words, and characters | wc -l file — line count; wc -w file — word count |
Practical text processing one-liners
# Find and replace a string across a file
sed -i 's/oldstring/newstring/g' config.txt
# Print the third column from a space-delimited file
awk '{print $3}' access.log
# Show unique IP addresses from an Nginx access log
awk '{print $1}' /var/log/nginx/access.log | sort | uniq -c | sort -rn
# Remove blank lines from a file
sed -i '/^$/d' file.txt
# Extract the second field from a colon-delimited file
cut -d':' -f2 /etc/passwd
# Count how many times each HTTP status code appears in a log
awk '{print $9}' /var/log/nginx/access.log | sort | uniq -c | sort -rn
Archives and Compression
| Command | What it does | Example / Notes |
|---|
tar -czf archive.tar.gz /path | Create a gzip-compressed tar archive | tar -czf backup-$(date +%F).tar.gz /etc/nginx |
tar -xzf archive.tar.gz | Extract a gzip-compressed tar archive | Add -C /dest/ to extract to a specific directory |
tar -tzf archive.tar.gz | List the contents of a tar.gz archive without extracting | Verify contents before extracting |
tar -cjf archive.tar.bz2 /path | Create a bzip2-compressed tar archive | Better compression than gzip but slower |
zip -r archive.zip /path | Create a zip archive recursively | zip -r configs.zip /etc/nginx /etc/mysql |
unzip archive.zip | Extract a zip archive | unzip archive.zip -d /dest/ — extract to a specific directory |
gzip file | Compress a single file with gzip | Replaces the original file with file.gz |
gunzip file.gz | Decompress a gzip file | Equivalent to gzip -d file.gz |
7z a archive.7z /path | Create a 7-Zip archive | Install with apt install p7zip-full; highest compression ratio |
7z x archive.7z | Extract a 7-Zip archive | 7z x archive.7z -o/dest/ — extract to a specific path |
Useful One-Liners
# Check what's listening on a specific port
ss -tulpn | grep :80
# Find files larger than 1 GB
find / -type f -size +1G 2>/dev/null
# Watch a command refresh every 2 seconds
watch -n 2 df -h
# Tail multiple log files at once
tail -f /var/log/syslog /var/log/auth.log
# Count lines in a log file matching a pattern
grep -c "ERROR" /var/log/app.log
# Recursively find and delete files by extension
find /path -name "*.tmp" -delete
# Show the 10 largest directories
du -h --max-depth=1 / 2>/dev/null | sort -rh | head -10
# Check which process is using a specific port
lsof -i :8080
# Follow systemd logs for the Docker service
journalctl -fu docker
# Generate a random 32-character password
openssl rand -base64 32
# Show failed login attempts
grep "Failed password" /var/log/auth.log | awk '{print $11}' | sort | uniq -c | sort -rn
# Display real-time network interface statistics
watch -n 1 cat /proc/net/dev
# Find all SUID files (potential privilege escalation vectors)
find / -perm /4000 -type f 2>/dev/null
# Quickly test if a remote port is open (no nmap required)
timeout 3 bash -c 'cat < /dev/null > /dev/tcp/192.168.1.1/22' && echo "Open" || echo "Closed"
# Show disk I/O per process
iotop -o
# List the 10 most recently modified files in a directory
find /var/log -type f -printf '%T@ %p\n' | sort -rn | head -10 | awk '{print $2}'
# Reload shell configuration without logging out
source ~/.bashrc
# Show environment variables sorted alphabetically
env | sort
Related articles: n8n Expressions Cheat Sheet: Variables, Functions and Syntax, Proxmox Cheat Sheet: CLI Commands for VMs, LXC and Storage, Git Cheat Sheet: Every Command You Need, How to Revive an Old PC with Linux
