Linux Command-Line Tutorial

The following tutorial teaches you essential skills that make navigating your way at the shell simple.

A shell is a user interface used as a command-line interpreter. In Linux, the shell is the interpreter that allows you to interact with the operating system using various commands.

The focus of commands in this tutorial is based on how they are used in Bash, also known as the Bourne Again shell.

The login terminals in Linux are virtual terminals. Most Linux systems are configured with six standard command-line virtual terminals. These terminals are numbered from 1 to 6.

You can switch between virtual terminals with an ALT-function key combination. For example, ALT-F2 brings you to the second virtual terminal. You can switch between adjacent virtual terminals by pressing ALT-RIGHT ARROW or ALT-LEFT ARROW. For example, to move from virtual terminal 2 to virtual terminal 3, press ALT-RIGHT ARROW. If you are in a GUI virtual terminal, add the CTRL key. If the GUI is installed and you are in the first virtual terminal, you would press CTRL-ALT-F2 to get to the second virtual terminal.

Virtual terminals bring the multi-user capabilities of Linux to life. You might review a man page on one terminal, edit a configuration file in another, and monitor a log file in a third virtual terminal.

Linux uses three basic data streams. These streams are known as standard input (stdin), standard output (stdout), and standard error (stderr).

You can redirect each of these streams to or from a file. For example, if you have a relational database management system (RDBMS) named mysql and a file named schema.sql, the contents of that file can be sent to the RDBMS with a left redirection arrow (<). As shown here, schema.sql is taken as standard input:

mysql < schema.sql

Standard input can come from the left side of a command as well. For example, you can input a file into a RDBMS with a pipe:

cat schema.sql | mysql

Standard output is just as easy to redirect. For example, the following command uses the right redirection arrow (>) to send the standard output of the mysqldump program to the file named backup.sql:

mysqldump > backup.sql

You can append standard output to a file with a double redirection arrow. For example:

echo “line 1” > file

echo “appended line 2” >> file

echo “appended line 3” >> file

If you want to save the error messages of a program into a file, redirect the error stream from it with a command such as the following:

program 2> errors.log

Command substitution allows you to assign the output of a command to a variable. To redirect the output of a command to a variable, use the command within the $( ) function. For example, the following commands demonstrate how command substitution, using the date command, is used to create a backup directory with MMDDYY format and backup a home directory:

mkdir -p /backup/username/$(date +%m%d%y)

cp -a /home/username/. /backup/username/$(date +%m%d%y)

In any Bash session you can go through the history of previous commands, using the UP- and DOWN-ARROW keys, and CTRL-R to make a search. You can also take advantage of text completion, which allows you to use the TAB key almost as a wildcard to complete a command, a filename, or a variable (if the text begins with the $ character).

The Filesystem Hierarchy Standard (FHS) is the official way to organize files in Linux directories. Every FHS starts with the top-level root directory, also known by its symbol, the single forward slash (/). All other directories are subdirectories of the root directory and are described as follows.

/bin contains command binaries for non-root users. /boot contains static boot loader files. /dev contains device files. /etc contains configuration files. /home contains user home directories. /lib contains essential shared libraries and kernel modules. /media provides a mount point for removable media. /mnt provides a mount point for a temporarily mounted filesystem. /opt contains application software packages. /proc contains an in-memory virtual filesystem listing information for currently running kernel-related processes, including device assignments such as IRQ ports, I/O addresses, and DMA channels, as well as kernel-configuration settings such as IP forwarding. /root contains the home directory of the root user. /run contains data relevant to running processes. /sbin contains command binaries for the root user. /srv contains site-specific data for services. /sys contains an in-memory virtual filesystem which provides information about devices, drivers, and some kernel features. /tmp contains temporary files. /usr contains shareable, read-only data which includes libraries, command binaries, local hierarchy, and architecture-independent data. /var contains variable data.

Many software packages include extensive documentation in the /usr/share/doc directory. Every subdirectory there includes information about the capabilities of each associated package.

Linux commands and configuration files are documented in a format known as the man page. Use the man man command to obtain information on using the man pages. Press q to quit. These manuals are located in the /usr/share/man/man1 directory. All files in this directory are compressed in .gz format. Nevertheless, the less command can read those files.

That points to the operation of the man command. In other words, these two commands are functionally equivalent:

man tar

less /usr/share/man/man1/tar.1.gz

The whatis command followed by what you are searching for searches the titles of man pages.

The apropos command followed by what you are searching for searches the description of man pages.

The list of available info manuals is somewhat limited. However, the coverage of some topics (for example, the Bash shell) is usually more extensive than a corresponding man page. For a full list of info documents, run the ls /usr/share/info command. When an info manual is not available, a request defaults to the associated man page. 

To learn more about the Bash shell, run the pinfo Bash command. pinfo has a user interface similar to the Lynx Web browser, and it is a more user-friendly alternative to the traditional info command.

Info manuals are organized into sections. To access a section, move the cursor to the asterisked entry and press ENTER. Press q to quit.

Familiarize yourself with the following commands. Study the command switches. These switches allow you to change the behavior of a command and are usually preceded by one or two dashes (such as cp -a or cp --archive). To quickly get help when using a command, simply add the --help switch.

The history command displays your command history, Each command is preceded by a number. To rerun a command, type an exclamation mark (!) followed by the number, and press ENTER.

The clear command clears the screen.

The uname command displays system information.

The timedatectl command displays or sets the system’s time and date.

The hostnamectl command displays or sets the system’s host name.

The sysctl command tunes kernel run-time parameters in the /proc/sys directory. To modify these parameters, edit the configuration files within the /usr/lib/sysctl.d directory, then use the sysctl -p command to reload the configuration.

The tar command, originally developed as a tape archiver, compresses and decompresses files and directories. The following command creates (-c) an archive, compresses it with xz (-J) compression, in verbose (-v) mode, with the filename (-f) that follows:

tar -cJvf /backup/username/$(date +%m%d%y).tar.xz /home/username

Use tar to extract (-x) that file with the following command:

tar -xJvf /backup/username/mmddyy.tar.xz /home/username

The crontab command is used to edit (-e), list (-l), and remove (-r) cron files. The word cron is derived from chronos, the Greek word for time. The cron system acts as a task scheduler and runs commands at set times. For example, to schedule a daily backup of your home directory, open the crontab for your user account with the crontab -e command, and enter the following (percent signs (%) in the command, unless escaped with a back slash (\), will be changed into newline characters, and all data after the first % will be sent to the command as standard input):

@daily tar -cJvf /backup/username/$(date +\%m\%d\%y).tar.xz /home/username

The pwd command identifies (prints) the working directory.

The cd command changes directories. The cd command by itself navigates to your home directory. The tilde (~), which represents the active user’s home directory, is not required for that command. Another common shortcut is two consecutive dots (..) to represent the directory that is one level up in the hierarchy, therefore cd .. moves to the parent directory of the working directory. The cd - command quickly returns to your previous working directory.

The mkdir and rmdir commands make and remove directories respectively. Use the -p switch to include subdirectories. For example, mkdir -p dir1/dir2/dir3 and rmdir -p dir1/dir2/dir3.

The ls command lists files and directories. Use the ls command to reveal all (-a) hidden files, give you file or directory details with long (-l) listings, give you information on the working directory (-d), or on a directory that you pass as an argument (e.g., ls -ld dir1), sort by modification time (-t), and recursively (-R) list the contents of subdirectories. The ll command is a quick shortcut for long listings, as it is the equivalent of the ls -l command. When listing a large number of files and directories, use the ls | less command to scroll the listing.

The mv command renames files and directories. For example, the mv file1 file2 command changes the name of file1 to file2.

The cp command copies files and directories. The archive (-a) switch adds recursion and preserves attributes. For example, the cp -a /home/username/. /backup/username command copies all subdirectories of the username’s home directory along with associated files into /backup/username.

The dd command converts and copies files using the if (input file) and of (output file) options. For example, if a USB device is located on /dev/sdc, you can write the linux.iso file to the device with the dd if=linux.iso of=/dev/sdc status=progress command.

The ln command creates hard and soft links, which allow you to refer to files and directories using different names.

The rm command removes files and directories. The rm command is dangerous. At the command line, there is no trash bin. Get into the habit of using the GUI to delete files.

The vim command edits text files. Use the vim filename command to open a file, and if filename does not yet exist, it will be created as soon as you write (:w) the file. Search forward (/) or backward (?) followed by the search term. Automatically search for the next (n) occurrence after that. To navigate, you can use hjkl in place of the ARROW keys and CTRL-D/CTRL-U in place of PAGE DOWN/PAGE UP. Insert (i) text, or open (o) a new line, then press ESC to return to command mode. Undo (u) changes, discard (:q!) changes, write and quit (:wq), quit (:q), or get help (:help). You can start a tutorial with the vimtutor command.

The less command scrolls in both directions through a text file or data stream with the PAGE UP, PAGE DOWN, and ARROW keys. Search forward (/) or backward (?) followed by the search pattern. Press q to quit.

The echo command displays data to the screen.

The cat command concatenates files into one continuous output. For example, the cat file1 file2 > file3 command combines file1 and file2 into file3.

The diff command identifies the differences between two files or directories.

The grep command globally searches through a file or data stream using a regular expression and displays (prints) the result(s). For more information on regular expressions, type man 7 regex. For example, the grep pattern file1 command searches the file1 file for pattern.

The sed command provides a stream editor to search for and replace text in a file. For example, the sed -i “s|pattern1|pattern2|” file1 command replaces all instances of pattern1 with pattern2 in the file1 file.

The find command finds files based on certain options and expressions. For example, use the find /home/username -name "*.docx" command to find all files ending with a .docx extension in the /home/username directory.

The locate command quickly locates files and directories. Searches do not require a full name. Use the updatedb command to update the database of installed files and directories.

The useradd and groupadd commands add users and groups respectively.

The usermod and groupmod commands modify users and groups respectively.

The passwd command changes a user’s password.

The chgrp command changes the group owner of files and directories.

The chown command changes ownership of files and directories. Only the root user or those with super user privileges can change the owner assigned to a file or directory by using the chown command. The recursive (-R) switch applies changes to all files in a directory, including all subdirectories. For example, chown can be used to change only the user owner or both the user and group owner:

sudo chown -R username /home/username

sudo chown -R username:group /home/username

The chmod command changes mode for file and directory access permissions. Permissions are assigned the following numeric values: read (r) = 4, write (w) = 2, and execute (x) = 1 and can be added (+), removed (-), or set (=) to the exact mode for the user (u), group (g), and all other (o) users. Therefore, the following three commands are identical:

chmod u+rwx, go-rwx /home/username

chmod u=rwx, go= /home/username

chmod 700 /home/username

The getfacl command gets access control lists (ACLs) on files and directories.

The setfacl command sets access control lists (ACLs) on files and directories.

The su command opens a shell for the user. Use the su - username command to log in to the username account. 

The sudo command grants a user administrative privileges. For example, use the sudo reboot command to give a user permission to reboot the system.

The ps command displays a snapshot of currently running processes. For example, if a program were to suddenly hang, you might want to kill any associated processes. The ps aux | grep program command could then help you identify the process(es) you need to kill.

The pgrep command is also useful because it combines the features of ps and grep. In this case, the pgrep -a program command is functionally equivalent to ps aux | grep program.

The top command displays CPU/memory-intensive processes that are overloading your system. You can kill a process from the top task browser by pressing k and entering the process ID (PID) to kill (you must either be the owner of the process or have super user privileges). Press q to quit.

The kill and killall commands terminate currently running processes. For example, if top fails to kill a hung process, you can try the kill -s SIG PID command to send special signals to running processes, where SIG is one of the process signals listed with either the kill -l command or the man 7 signal command. When attempting to terminate a stubborn process, use INT (interrupts) or HUP (hangs up) signals if the default TERM (terminates if possible) signal does not work. Use the KILL (unconditionally terminates) signal as a last resort, as it can lead to corrupted files. Run the sudo lsof command to list open files and their processes prior to attempting to using the KILL signal. Use the killall command to terminate multiple processes running under the same name, or if you want to terminate a process by referring to its command name rather than its PID.

The renice command allows you to lower the priority of a process that is overloading your system. Use this command for critical processes you cannot afford to kill. Priority numbers range from -20 to 19. A negative number increases the priority, and a positive number decreases the priority. For example, the renice -n 10 PID command lowers the priority for the PID that is overloading your system.

The nmtui command uses Network Manager’s text-based user interface for managing network settings.

The nmcli command uses Network Manager’s command-line interface for managing network settings. Use the nmcli dev status command to display the status of network devices.

The ip command displays network settings. Use the ip address show command to show IP address information. Use the ip route command to display the routing table. The ip command is flexible. For example, the ip a s command is functionally equivalent to ip addr show or ip address show.

The iptables and ip6tables commands manage firewall rules and network address translation.

The nslookup command performs a name server lookup. For example, if example.corp is your LAN domain, the nslookup example.corp command verifies the operation of your local DNS server. If you experience an Internet connectivity problem, the nslookup command verifies World Wide Web DNS resolution.

The ping and ping6 commands test network connectivity. You need to press CTRL-C to stop these commands.

The tracepath  and tracepath6 commands trace the path to a destination.

The ss command shows sockets on the local system. For example, the ss -patun command displays the PIDs (-p) running on all (-a) TCP (-t) and UDP (-u) sockets in numeric (-n) format.

The nmap command displays a network map of open ports. The nmap command provides a network mapper utility used for network port scanning. For example, to conduct a network security audit, scan the ports offering network services inside and outside your system's firewall:

sudo nmap

sudo nmap 

The systemctl command manages system services. Use systemctl to start, stop, restart, reload, enable, and disable services, as well as display their status. Use the systemctl list-units
--type=service --all | less
command to scroll all services.

The journalctl command displays the content of the system journal. By default, the journal log files are temporarily stored in a RAM ring buffer in the /run/log/journal directory. To enable persistent logging, edit the /etc/systemd/journald.conf configuration file, and set the Storage directive to persistent. Use the systemctl restart systemd-journald command to load the new configuration. Use the journalctl -f command to follow journal entries as they are added in real time.

The tail command is useful for monitoring a log file. For example, the tail -f /var/log/file.log command monitors the file.log log and displays new lines on the screen as new log entries are recorded.

The telnet command can verify the operation of a service. For example, use the telnet localhost 25 command to test the Postfix SMTP service.

The ssh command provides secure shell remote access. For example, ssh username@

The ssh command can be used to forward the output of a GUI application over a network. It works if the local system runs a X server while you call remote GUI client applications from remote systems. All you need to do is connect to the remote system with the -X switch. For example, the following command sequence starts the Network Manager Connection Editor, which provides a graphical network management tool for configuring network settings on the remote system:

ssh -X username@


The scp command securely copies files and directories remotely. For example:

scp file1 username@

The sftp command provides a secure FTP client.

The wget command uses the World Wide Web to get files.

The apt-cache command performs a search of package cache for available Debian-based packages. Use the apt-cache search pattern | less command to scroll the search results. Add the --full switch to show an in-depth package description.

The apt-get command manages Debian-based packages obtained from repositories. Use apt-get to update the package index files after you add a new repository, as well as install, upgrade, and remove packages. An update must be performed before an upgrade or dist-upgrade.

The dpkg command manages individual Debian-based packages. Use dpkg to install (-i) and remove (-r) packages, as well as list (-L) files installed to your system from packagename.

The yum command manages Red Hat-based packages obtained from repositories. Use Yellowdog Updater Modified (yum) to update the package cache with makecache after you add a new repository, as well as search for, list info for, install, erase, update, and upgrade packages. Use the yum search pattern | less command to scroll the search results. In many cases, problems with yum can be solved with the yum clean all command.

The rpm command manages individual Red Hat-based packages. Use the Red Hat Package Manager (rpm) to install (-i), erase (-e), and query (-q) packages. rpm queries can be used to provide detailed information (-qi) and list only configuration (-qc) files installed to your system from packagename.

The zypper command manages SUSE-based packages obtained from repositories. Use zypper to search for, list info for, install, remove, and update packages. Use the zypper search pattern | less command to scroll the search results.

The fdisk, gdisk, and parted commands manage partitions.

The pv*, vg*, and lv* commands manage physical volumes, volume groups, and logical volumes respectively.

The mkfs command makes a filesystem.

The fsck command performs a filesystem check.

The mount and umount commands mount and unmount a filesystem respectively. As for ISO files, the mount -o loop linux.iso /mnt command mounts the noted ISO file to the /mnt directory.

The df command displays filesystem disk space usage. Use the -h switch to display the sizes in a human-readable format.

The grub2-* commands manage GRUB, the GRand Unified Bootloader.

The logout command ends a login session on the system.

The reboot command reboots the system.

The shutdown command shuts down the system.