File handling

Moving through directories (absolute path)

$ cd /path/to/directory

Moving through directories (relative path)

$ cd ./path/to/directory

Show current directory (absolute path)

$ pwd

Show directory contents

$ ls

Show directory contents, l=long, a=all files (on some systems also ll)

$ ls -la

Create new directory

$ mkdir <directory>

Remove empty directory

$ rmdir <directory>

Remove non-empty directory

$ rm -r <directory>

Force remove non-empty directory (without any question)

$ rm -rf <directory>

Move file

$ mv <file> <directory>

Rename file

$ mv <file1> <file2>

Copy file

$ cp <file1> <file2>

Remove file (i=interactive mode)

$ rm <file>

Copy file

$ cp <file1> <file2>

Make symbolic link (alias, shortcut)

$ ln -s <directory> <link_name>

Show help about given command

$ <command> -h

$ man <command>

Search for file inside given directory (use * unless you know exact file name)

$ find <directory> -name <file.*>

Show tail (last few lines) of the file. Use -n 100 to show last 100 lines.

$ tail -f <file>

Shutdown system

$ shutdown -h now

Environment variables

Show OS type

$ echo $OSTYPE

Show currently logged-in user

$ echo $USER

Show current shell type

$ echo $SHELL

Show home directory

$ echo $HOME

Show all environment variables

$ env

Setting custom environment variable

Set environment variable BROWSER_HOME that points to the directory.

$ BROWSER_HOME=/path/to/browser/directory

As a result you should see output: /path/to/browser/directory.
This variable will only last until the user closes terminal window or logs-out of the system. To set environment variable permanently, you need to write above commands to a special file that is automatically loaded at system startup. On some Linux systems this file is /etc/bashrc (system wide setting) or ~/.bashrc (for each user); on other systems, you need to create new bash script and put it in the /etc/profile.d directory. The script is automatically executed during system startup. For other systems Google around to find where you need to put custom environment variables.

Adding environment variable to $PATH

$PATH is probably the most important environment variable among all. It defines directories where system searches for executable files. In the same way as we defined custom environment variable in previous paragraph, you add directory to the path with the following commands:

$ PATH=$PATH:$BROWSER_HOME:/path/to/any/directory
$ export PATH
$ echo $PATH

Echo command should display quite long text containing all directories that are added to the path, separated by colon (:). You should see something like this:

Furthermore you can set environment variable for browser application.

$ export BROWSER

Your favorite browser can now be invoked with:


To remember PATH permanently, you need to specify PATH every time when system starts. Place custom shell script into /etc/profile.d directory. PATH will be visible to all users.

$ vi /etc/profile.d/


export JAVA_HOME

export PATH

$ chmod +x /etc/profile.d/

User management

Show who is currently logged-in

$ who

Show id and group id of currently logged-in user

$ id

Create new group (do it as root)

$ groupadd <groupName>

Create new user, set group and bash shell (do it as root)

$ useradd -d /home/<userName> -m -G <groupName> /bin/bash <userName>

Set password for user

$ passwd <userName>

Change ownership of directory

$ chown -R <userName>:<groupName> <directory>

Nine bits assigned to each file define the access permissions:
where r=read, w=write, x=execute, instead of dash (-), there can be also d (directory), l (link). First three bits are assigned to the owner's access permissions, next three bits are assigned to the group's permissions and last three bits to all others.

Each permission has an assigned number: r=4, w=2, x=1
To set full permission calculate all numbers: 4+2+1=7
To set read/write permission calculate numbers: 4+2=6
To set read permission use number: 4

Use above numbers in following commands to change permissions as desired

$ chmod 777 <file>     # result: rwxrwxrwx
$ chmod 755 <file>     # result: rwxr-xr-x
$ chmod 644 <file>     # result: rw-r--r--
$ chmod 000 <file>     # result: --------- (hm, i wonder what this does)
$ chmod 764 <file>     # result: rwxrw-r--

Recursively change permissions for all files in a directory

$ chmod -R 777 <directory>

If you find this complicated, there is an alternative. You can add file permissions with plus (+) and remove with minus (-) sign and with letters: u=user, g=owner group, o=others, a=all users

$ chmod a-w <file>        # result: r-xr-xr-x
$ chmod o-x <file>        # result: rwxrwxrw-
$ chmod go-rwx <file>     # result: rwx------
$ chmod u+rw <file>       # result: rw-------
$ chmod a+x <file>        # result: --x--x--x
$ chmod ug+rx <file>      # result: r-xr-x---

Changing ownership
Some directories (or files) only root user is allowed to access and modify.
To change user ownership and group ownership

$ chown <userName> <file>
$ chown <userName>:<userGroup> <file>
$ chown -R <userName> <directory>

To change group ownership of a file

$ chgrp <userGroup> <file>


Show processes, a=all, u=show users

$ ps au

Show processes

$ ps -ef | grep java

Show services and check on which run level they are started

$ chkconfig --list


Connecting to remote host with SSH

$ ssh <username>@<hostname>

Transfering files with FTP. See manual here: FTP Command Line

$ ftp <hostname>

Check network status

$ netstat -apn | grep :8080

$ netstat -tupane | grep :8080

Check for open ports

$ nmap -sT -O localhost

$ lsof -i :5223

show which application is running on port

$ lsof -iTCP:1883

Get IP address of a server

$ nslookup

When '>' prompt is displayed, type hostname of a server (eg.


Upload file to remote server

$ scp <file> user@<directory>

Download file from remote server

$ scp user@<directory> <file>


Retrieve the contents of the url

$ curl <>

$ curl

$ curl --url <url>

Save the contents of the url to a file

$ curl -o <filename.html> <>

$ curl > file.html

Save the contents of the url to a file; if -O option is used, file will have the same name as it is on the server.

$ curl -O <>

$ curl -O

If the host redirects to anoter url, use -L option to folow the redirect

$ curl -L <>

See the header of the requested url

$ curl -v <>

See the header of the requested url

$ curl -I <>

Get definition of a word using dict protocol

$ curl dict://<word>

Get data with authentication

$ curl -k -u admin:password > /root/file.txt


SNMP-GET request using Net-SNMP

$ snmpget -v 1 -c public
$ snmpget -v 1 -c public
$ snmpget -v 2c -c public
$ snmpget -v 3 -n "" -u NortBound -l noAuthNoPriv


$ snmpset -v 1 -c public s "ALL"
$ snmpset -v 1 -c public i 3
$ snmpset -v 1 -c public i 1


$ snmpwalk -v 1 -c public

Show OIDs instead of OID names in SNMP-WALK request

$ snmpwalk -v 1 -On -c public


$ snmpbulkwalk -v 2c -c public


$ snmpbulkget -v 2c -c public

By default the snmpbulkget command returns only 10 entries from the table. To read first <num> entries execute

$ snmpbulkget -v 2c -C r<num> -c public


Start tracing network traffic from host x.x.x.x on port N

$ tcpdump -nAs 2048 host and port 162

Start tracing network traffic from host x.x.x.x on interface eth0

$ tcpdump -nAs 2048 host -i eth0

Write captured packets in pcap file (open file with Wireshark):

$ tcpdump -nAs 2048 host -w file.pcap

iptables - firewall on CentOS

Firewall on CentOS is called iptables.

Show rules in iptables

$ iptables -L

Show rules in iptables

$ iptables --line -vnL

Add new rule: allow incoming connections to port 8080 (the problem with this command is that the rule is added after the REJECT all rule)

$ iptables -A INPUT -p tcp --dport 8080 -j ACCEPT

Add new rule: allow incoming connections to port 8080 (insert rule in position 5 in INPUT chain)

$ iptables -I INPUT 5 -p tcp --dport 8080 -j ACCEPT

The rule was applied on the 5-th position (just before REJECT)

[root@localhost ~]# iptables --line -vnL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 97 8969 ACCEPT all -- * * state RELATED,ESTABLISHED
2 0 0 ACCEPT icmp -- * *
3 0 0 ACCEPT all -- lo *
4 1 64 ACCEPT tcp -- * * state NEW tcp dpt:22
5 0 0 ACCEPT tcp -- * * tcp dpt:8080
6 2 342 REJECT all -- * * reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 REJECT all -- * * reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 6 packets, 744 bytes)
num pkts bytes target prot opt in out source destination

Add new rule (allow only incoming tcp connections on port 8080 on eth0 interface from selected network)

$ iptables -A INPUT -i eth0 -p tcp --dport 8080 -s -j ACCEPT

Remember to save the iptables, so the rules will be applied at next reboot

$ service iptables save

Delete a rule

$ iptables -D INPUT -p tcp --dport 8080 -j ACCEPT

Deleta a rule (based on number in chain)

$ iptables -D INPUT 5


Simply modify file

$ vi /etc/sysconfig/iptables

Restart iptables service

$ /sbin/service iptables restart

Creating and compressing archives

Create tar archive

$ tar -cvf <file.tar> <directory>

Add additional directory to existing tar archive

$ tar -rv -f <file.tar> <directory>

Extract tar archive

$ tar -xvf <file.tar>

Compress file (output is .gz file)

$ gzip <file>

Extract tar.gz archive

$ tar -zxvf <file.tar>

Extract .gz file. Gunzip it.

$ gunzip <file.gz>

Extract tar.bz2 archive

$ tar -jxvf <file.tar.bz2>


Log in as root (enter password when prompted)

$ su - root

Show disk usage

$ df -h

$ du -ch /path/to/directory

Reboot the server

$ reboot

Shutdown server after 1 minute (use 'now' to shutdown immediately)

$ shutdown -h +1

Or simply use

$ halt

Show current date and time

$ date

Show list of commands and brief description

$ info

Display list last n commands

$ history <n>

Execute n-th command (from history)

$ !n

Execute previous command

$ !!

Screen command is used to switch between multiple consoles inside one. <name> is custom name of the screen. Create new screen

$ screen -S <name>

To exit the screen press

ctrl + a, then d

See the list of opened screens

$ screen -ls

Switch between opened screens

$ screen -r <name>

Close the screen (PID can be seen from result of screen -ls command)

$ kill <PID>

Using echo command

This will just display (echo) the text - no big deal

$ echo blablabla

First calculate, then display text

$ echo "The sum of 2 and 3 is $[2+3]"

First execute command, then display text

$ echo "There are $(ls | wc -w) files in this directory"

Piping commands

The pipe character (|) connects the output of one command to the input of another.

This command lists the contents of /usr/bin directory, sorts the files alphabetically and pipes the output to less.

$ ls /usr/bin | sort -f | less

Show processes containing string blabla

$ ps -ef | grep blabla

Reading and writing to file

Simple readings and writings from/to a file can be made with characters:
< - content of a file to command line
> - command output to a file (overwrite)
>> - command output to a file (append)


$ mail root < ~/.bashrc

$ chmod | col -b > /tmp/chmod

$ echo "I finished the project on $(date)" >> ~/projects

Export display from Linux

1. Start X client:

  • On Windows system start XMing (or any other X client). In XMing check 'No Access Control' option.
  • On OS X system start X11 application. Check 'Allow connections from network clients' option in Preferences >> Security tab and restart X11 application. In X11 terminal window execute command: $ xhost + to disable access control.

2. Execute the following command on Linux (<IP> is IP address of your local system (Windows or OS X)):

$ export DISPLAY=<IP>:0.0

3. Run an application on Linux:

$ wireshark &


Get PID of Java prosesses

$ jps -l

Dump java stack to file:

$ /opt/jdk1.6/bin/jstack PID > jstack-01.txt