Linux operating systems, widely used on servers, typically lack a graphical user interface. Consequently, Linux server administrators must interact with the servers using a command-line interface. This topic describes the commands commonly employed in Linux operating systems.
Manage processes
ps
Command description
The ps command, short for Process Status, provides a snapshot of the current processes on your system.
Common parameter descriptions
Parameter | Description |
-A | Displays all processes. |
-a | Displays all processes in the current controlling terminal. |
-e | Displays all processes. This option functions similarly to the -A option. |
-f | Displays a full-format list of processes, including the UID, PPID, C, and STIME columns. |
-u | Displays processes in a user-oriented format. |
-U | Displays processes for a real user. |
-x | Displays all processes without controlling terminals. |
For more information about parameters, run man ps
.
Usage examples
Query all processes.
ps -ef
Query a full-format list of all processes that match a specific keyword.
ps -ef | grep <key_word>
Replace
<keyword>
with the keyword you specify.Query all processes for an effective user that match a specific keyword without controlling terminals.
ps -aux | grep <key_word>
Replace
<keyword>
with the keyword you specify.Query a process tree.
ps -ejH
Query detailed information about all processes, including thread information.
ps -eLf
Query thread information based on user-defined fields.
ps -eo pid,tid,class,rtprio,ni,pri,psr,pcpu,stat,wchan:14,comm
Query the metrics of a specific PID. In this example, the PID is 1 and the metric information is comm=.
ps -q 1 -o comm=
top
Command description
The top command displays a real-time dynamic view of running processes in Linux, providing an overview of system information and a list of processes currently managed by the Linux kernel.
Common parameter descriptions
Parameter options | Description |
-d | Specifies the refresh frequency. |
-p | Monitors the status of the process that has a specific PID. |
-s | Tells top to run in secure mode to disable potentially dangerous interactive commands. |
-i | Ignores idle and zombie processes. |
-c | Displays the command line instead of only the command name. |
Resource monitoring field descriptions
The figure below shows specific monitoring fields and their values, which vary based on the sampling period. The figure is for reference only.
The table below describes the main parameters.
Usage examples
Query system metrics with a specified sampling frequency
Run the following command to query system metrics with a sampling frequency of 3 seconds.
top 3
NoteThe default sampling frequency when running the top command to query system metrics is 5 seconds.
Customize the top command interface
By default, the metrics displayed by the top command are as shown in system summary information and process metrics monitoring field descriptions. To modify the displayed metrics, press the
f
key in the interactive top command interface to filter the metrics view.The table below describes the keys you can use to manage the top command interface.
Key
Description
↑, ↓
Scrolls up and down to select fields.
→
Selects an entire column. You can press the UP or DOWN key to move the selected column.
Space
Displays or hides the field. An asterisk (*) indicates that the field is displayed.
s
Sets the column in which the cursor is located as the sorting column.
q
Closes the top command interface and returns to the command line.
Use the interactive mode of the top command
After running the top command, the system enters interactive mode. In this mode, press keys to use the command interactively. The table below describes the keys.
Key
Description
1
Displays the status of each logical CPU.
u
Displays the processes of a specific user.
E
Selects the unit that you want to use for memory values in the top command. Valid units: KiB, MiB, GiB, TiB, PiB, and EiB.
x
Displays the sorting column.
y
Displays the running processes.
?
Displays help information.
Find the process name and directory by PID
Run the
top
command to dynamically display process information. For example, the PID of the aliyun-service program is 1325.Run the following command to query the program's directory.
cd /proc/1352 ls -ail
kill
Command description
The kill command terminates processes in Linux.
Common parameter descriptions
Parameter | Description |
-l | Displays all available signal names. |
-L | Display all signal names in a nice table. |
Usage examples
Terminate all processes.
sudo kill -9 -1
Display the name of the signal whose number is 11.
sudo kill -l 11
Display all available signal names in a table.
sudo kill -L
Terminate a process.
sudo kill -9 <PID>
Replace
<PID>
with the PID of the process you want to terminate.
killall
Command description
The killall
command terminates processes by name in Linux.
Common parameter descriptions
Parameter | Description |
-g | Terminates processes in the process group. |
-i | Interactively asks for confirmation before terminating a process. |
-v | Reports whether the signal is sent. |
Usage example
Terminate the top process.
sudo killall top
Query system info
Use the uname command to query system information on Linux instances.
uname
Command description
The uname
command displays system information.
Common parameter descriptions
Option | Description |
-a | Displays all information. |
-s | Displays the kernel name. |
-n | Displays the network node hostname. |
-r | Displays the kernel release. |
-v | Displays the kernel version. |
-m | Displays the machine hardware name. |
-P | Displays the processor type. |
-i | Displays the hardware platform. |
-o | Displays the operating system. |
Usage example
Query all system information.
uname -a
dmidecode
The dmidecode
command extracts and displays hardware-related information from the BIOS of Linux systems. It reads the DMI table to provide detailed hardware configuration information, including the following:
System information: manufacturer, product name, version, serial number, system model, and more.
Processor information: model, speed, number of cores, and more.
Memory information: number of memory slots, capacity, type, speed, and more.
Motherboard information: manufacturer, version, serial number, and more.
BIOS information: version, release date, and more.
Power information: specifications and models related to the power supply.
Device information: details about various hardware components such as network adapters.
Display the complete DMI information of the system.
sudo dmidecode
To view specific DMI information, use the
-t
parameter. For example, to display only memory-related information:sudo dmidecode -t memory
Query physical CPU and memory information
Total number of cores = Number of physical CPUs × Number of cores per physical CPU
Total number of logical CPUs = Number of physical CPUs × Number of cores per physical CPU × Number of hyperthreads
Run the following commands to query physical CPU and memory information:
Query the number of physical CPUs.
cat /proc/cpuinfo| grep "physical id"| sort| uniq| wc -l
Query the number of cores in each physical CPU.
cat /proc/cpuinfo| grep "cpu cores"| uniq
Query the number of logical CPUs.
cat /proc/cpuinfo| grep "processor"| wc -l
Query the CPU model.
cat /proc/cpuinfo | grep name | cut -f2 -d: | uniq -c
Query memory information.
cat /proc/meminfo
Query and manage disks
df
Command description
The df
command reports file system disk space usage.
Common parameter descriptions
Option | Description |
-a | Includes pseudo, duplicate, and inaccessible file systems. |
-B | Scales block sizes by the specified size for output. |
-h | Displays sizes in a human-readable format by using a scale factor of 1,024. Example: 1023M. |
-H | Displays sizes in a human-readable format by using a scale factor of 1,000. Example: 1.1G. |
-k | Equivalent to --block-size=1K. |
-l | Displays a list of on-premises file systems. |
-t | Displays information about file systems of the specified type. |
Usage example
Query disk space usage and display block sizes in MB.
df -BM
The following command output is returned.
Filesystem 1M-blocks Used Available Use% Mounted on
tmpfs 742M 22M 721M 3% /run
/dev/vda3 39943M 2542M 35556M 7% /
tmpfs 3708M 0M 3708M 0% /dev/shm
tmpfs 5M 0M 5M 0% /run/lock
tmpfs 742M 1M 742M 1% /run/user/0
lsblk
Command description
The lsblk
command displays information about block devices.
Common parameter descriptions
Parameter | Description |
-a | Displays all devices, including empty and memory disk devices. |
-b | Displays sizes in bytes. |
-f | Displays information, including information about file systems. |
Usage examples
Query information about block devices, including file system details.
lsblk -f
The following command output is returned.
NAME FSTYPE FSVER LABEL UUID FSAVAIL FSUSE% MOUNTPOINTS vda |-vda1 |-vda2 vfat FAT32 6175-F96E `-vda3 ext4 1.0 df02e0a1-d28d-41b1-99c2-58f2b684cc79 34.7G 6% /
Retrieve the disk serial number (SN).
The method to obtain the SN may vary based on the Linux distribution. The following method applies to Alibaba Cloud Linux 3, CentOS 7, and Ubuntu 18:
Query the block storage devices mounted on the system.
lsblk
Run the following command to retrieve the SN of the block storage device. In this example, the device is vda.
udevadm info --query=all --name=/dev/vda | grep ID_SERIAL
blkid
Command description
The blkid
command queries information about block device properties.
Usage example
Query block device properties
blkid /dev/vda
The following command output is returned.
/dev/vda: PTUUID="bdee1c7f-46fc-4838-9a74-9exxxxxxxxaf" PTTYPE="gpt"
fdisk
Command description
The fdisk
command is a tool for operating Linux partition tables.
Common parameter descriptions
Parameter | Description |
-l | Displays the partition tables of the specified devices. |
-u | Displays the partition information of partition tables in numbers of sectors instead of number of cylinders. |
Usage example
Query partition tables on all disks and partition information in sector numbers.
sudo fdisk -lu
The following command output is returned.
Disk /dev/vda: 40 GiB, 42949672960 bytes, 83886080 sectors
Units: sectors of 1 × 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: BDEE1C7F-46FC-4838-9A74-9E57F8FD63AF
Device Start End Sectors Size Type
/dev/vda1 2048 4095 2048 1M BIOS boot
/dev/vda2 4096 413695 409600 200M EFI System
/dev/vda3 413696 83886046 83472351 39.8G Linux filesystem
mount
Command description
The ```html
mount
command mounts file systems.
Common parameter descriptions
Parameter | Description |
-a | Mounts all file systems that are configured in the |
-L | Mounts the partition that has the specified label. |
-r | Mounts the file system in read-only mode. |
-w | Mounts the file system in read/write mode. |
-U | Mounts the partition that has the specified |
Usage examples
Mount all file systems configured in the /etc/fstab file.
sudo mount -a
Mount a specific file system with read/write access.
sudo mount -w /dev/vdb1 /mnt
umount
Command description
The umount
command unmounts file systems.
Common parameter descriptions
Parameter | Description |
-r | If the unmount operation fails, remounts the file system in read-only mode. |
-a | Unmounts all file systems that are configured in the |
-t | Specifies the type of file system to unmount. If you specify multiple file system types, separate the types with commas (,). |
-f | Force unmounts the file system. |
Usage example
Force unmount a file system from a specific partition.
sudo umount -f /dev/vdb1
Manage services
systemctl
Command description
The systemctl
command manages services.
Common parameter descriptions
Parameter | Description |
-a | Displays all loaded units or attributes. |
Common unit commands
Command | Description |
start | Starts specified loaded units. |
stop | Stops specified loaded units. |
restart | Restarts specified loaded units. |
reload | Reloads the configurations of specified units. |
status | Displays the runtime status information of specified units. Common runtime status of a service:
|
Common unit file commands
Command | Description |
enable | Enables specified units or unit instances. |
disable | Disables specified units or unit instances. |
Usage examples
Restart the
nginx
service.sudo systemctl restart nginx
Check the status of the
nginx
service.sudo systemctl status nginx
Enable the
nginx
service to start on boot.sudo systemctl enable nginx
Manage resource usage
lsof
Command description
The lsof
command lists open files.
If the lsof tool is not pre-installed on your Linux distribution, install it using a package management tool.
For Alibaba Cloud Linux, CentOS, RHEL:
sudo yum install lsof
.For Ubuntu, Debian:
sudo apt install lsof
.
Common parameter descriptions
Parameter | Description |
-p | Displays files opened by a specific process. |
-l | Replaces a user ID with a username in the output. |
-u | Displays files opened by a specific user. |
-c | Displays items in the |
-d | Displays open files that include specific file descriptors. |
-i | Displays open files that match the specified condition. Optional parameters:
|
Command output descriptions
The figure below shows an example of lsof command output.
The table below describes the parameters.
Parameter | Description |
COMMAND | The name of the command. |
PID | The process ID (PID). |
TID | The thread ID (TID). A blank TID indicates a process. |
TASKCMD | The task name, which is the same as the COMMAND value in most cases. |
USER | The user ID or logon username. |
FD | The file descriptor. |
TYPE | The type of node associated with the file. |
DEVICE | The device number. |
SIZE/OFF | The size of the file or the file offset in bytes. |
NODE | The node of the file. |
NAME | The name of the mount point and file system on which the file resides. |
Usage examples
Query files opened by a specific process.
sudo lsof -p 1
Replace the process ID
1
with the process ID you specify.Query files opened by a specific user.
sudo lsof -u <user-name>
Replace
<username>
with the Linux system username you specify.Query information about the process that opens a specific file.
sudo lsof <file-name>
Replace
<filename>
with the name of the file you specify.Query open files associated with IPv4 network connections.
sudo lsof -i 4
netstat
Command description
The netstat
command displays network connections, routing tables, interface statistics, masquerade connections, and multicast memberships.
Common parameter descriptions
Parameter | Description |
-t | Displays only TCP-related options. |
-u | Displays only UDP-related options. |
-i | Displays a list of network interfaces. |
-n | Displays numerical addresses instead of resolving them to hostnames. |
-l | Displays only listening sockets. |
-p | Displays the processes associated with network connections. |
-s | Displays network statistics. |
Usage examples
Query network statistics for port 8000.
netstat -tunlp | grep 8000
Replace the port number
8000
with the port number you specify.Query all TCP ports in the listening state and the processes using them.
netstat -ntlp
Obtain user logon information
User logon information is typically recorded in the following files:
User logon information is typically stored in the
/var/run/utmp
,/var/log/wtmp
,/var/log/btmp
, and/var/log/lastlog
files.The commands
who
,w
, andusers
retrieve information on active users from the/var/run/utmp
file.The
last
command retrieves the login history of all users up to the present moment from the/var/log/wtmp
file.The
lastb
command retrieves information on all unsuccessful logon attempts from the/var/log/btmp
file.The
lastlog
command retrieves information on users' most recent logins from the/var/log/lastlog
file.
who
The who
command retrieves information about currently active users. It produces an output similar to the example shown below.
w
The w
command shows the usernames of currently active users along with the tasks they are engaged in. You can expect to see an output resembling the example below.
users
The users
command displays the usernames of currently active users. The output of the command will resemble the following:
last
The 'last' command retrieves the login history of all users up to the present moment. It produces an output similar to the example shown below.
lastb
The lastb
command provides a list of all users who have failed to log on. The output of the command will resemble the following example.
lastlog
The lastlog
command retrieves information regarding users' most recent logins. It produces an output akin to the example shown below.
cat /var/log/secure
Use the cat /var/log/secure
command to retrieve all logon records. You will receive output similar to the example below.
Manage users
Linux operating systems offer commands like useradd
, wheel
, passwd
, and userdel
for effective management of system users and permissions.
useradd
Command description
The useradd
command adds new users, similar to the adduser
command. After creating a user, verify the user's details with the cat /etc/passwd | grep username
command.
Root permissions or the appropriate sudo permissions are required to create a user.
It is advisable to set a password for the user immediately after creation with the
useradd
command.Ensure that the primary group and any additional groups exist before creating a user; otherwise, the user cannot be created.
Common parameter descriptions
Parameter | Description |
-d | Specifies the home directory of the user. If you do not specify a home directory, the default home directory |
-m | Creates the home directory of the user. If you specify the |
-s | Specifies the login shell of the user. The default login shell is |
-g | Specifies the primary group of the user. If the group does not exist, you must create the group first. |
-G | Specifies the additional groups to which the user belongs. Separate multiple additional groups with commas (,). |
-p | Sets a password for the user. The password must be encrypted. Do not use a plaintext password in the command line. The following sample code provides an example:
|
-u | Specifies the user ID of the user. |
-e | Sets the expiration date of the account. The date format is YYYY-MM-DD. |
Usage examples
Create a new user named
jack
, specifying the home directory and login shell:useradd -m -d /home/jack -s /bin/bash jack
After creating the user, verify the details with the
cat /etc/passwd | grep jack
command:jack:x:1000:1000::/home/jack:/bin/bash
Set a password for the user with the
passwd
command:passwd jack
Create a new user named
alice
and add her to thedevelopers
group:useradd -m -G developers alice
Create a new user named
bob
with the user ID set to 1001:useradd -m -u 1001 bob
Add a user with root permissions by following these steps:
ImportantGrant root permission to users only when necessary, following security best practices.
Create a new user
john
using theuseradd
command.useradd john
Set a password for the new user.
passwd john
Add the new user to the
wheel
group to grant root permissions. Thewheel
group is typically used for granting sudo permissions. Check the members of the wheel group withgrep '^wheel:' /etc/group
.sudo usermod -aG wheel john
Test the new user's sudo permissions. Switch to the new user and attempt to use the
sudo
command:su - john sudo ls /root
Enter the correct password when prompted. If successful, the system will list the contents of the
/root
directory, confirming that the new user has sudo permissions and can use john for remote logon.(Optional) Modify the sudoers file to add specific permissions for the user.
sudo visudo
userdel
Command description
The userdel
command deletes user accounts.
Common parameter descriptions
Parameter | Description |
-r | Deletes the user's home directory and the files in the directory. |
-f | Force deletes the user even if the user is currently logged in. |
Usage examples
Delete a user named
john
:Switch to the root user and run
cat /etc/passwd | grep john
to find the user's directory. The following information is returned:john:x:1001:1001::/home/john:/bin/bash
Delete the user named
john
, but retain the user's directory and files.userdel john
Delete a user named
john
and all related files, including the user's directory.userdel -r username
Force delete a user even if the user is currently logged in.
userdel -f username
wheel
Command description
The wheel
group controls who can use the su
command to switch to the superuser account, typically the root user.
The
wheel
group is usually present by default. If not, create it withsudo groupadd wheel
.By default, regular users can switch to the root user to manage and configure the system by using the su command and entering the correct root password.
To enhance security, restrict regular users from switching to the root administrator user with the special wheel group in Linux. Only members of the wheel group can use the su command to switch to the root administrator user.
Usage examples
Verify if a user is in the wheel group.
```htmlgroups username
Add a user to the wheel group.
sudo usermod -aG wheel username
You can safely edit the
/etc/sudoers
file using thevisudo
command. The entry%wheel ALL=(ALL) ALL
signifies that all members of thewheel
group have the ability to execute any command usingsudo
.To permit members of the
wheel
group to execute thesudo
command without entering a password, you can alter the line as follows:%wheel ALL=(ALL) NOPASSWD: ALL