Skip to main content

17 Linux commands every sysadmin should know

Get out your notepad, here is a huge list of commands that every Linux sysadmin needs to know.
My worst sysadmin mistake

A few months ago, I asked the Enable Sysadmin contributor community to help me make a list of their most essential commands. After processing the results, 17 of the commands emerged as being essential or at least hugely beneficial to the Linux sysadmin job. So without any further delay, let's jump into these. 

Want to learn more about networking commands? Read part one of our crowd-sourced commands list ]

find—This command is a part of findutils and allows for custom search commands. For example, if you wanted to find directories that matched a specific name, you could use something like this:

find path/ -type d -iname '*dir_name*'

You can find more information about the command here.

ls+xargs—This pairing was new to me; however, it was really interesting to learn and has some potentially game-changing applications. xargs allows you to run additional commands against the output of a given command. A super basic example of this can be seen when pairing with the ls command. For instance, if you wanted to cat all of the files listed by ls, you could use something like this:

$ ls
1.file  2.file  3.file

$ ls | xargs cat
you are reading file 1
you are reading file 2 
you are reading file 3

Check out an in-depth look at xargs from HowtoGeek
awk/sed/(e)grep—This trio was named more times than any other command(s) by our community. It was eye-opening to see just how important these commands really are to the community and to sysadmins as a whole. Let’s focus on grep first.
grep—Grep is awesome, no lie. If you don’t already know about grep (and lets be honest, thats at least possible, if you’re new to the Linux command line), get familiar with it. grep is a tool that will let you filter the standard output of just about anything on the command line. You can grep for words you want to find, or invert that to show you everything that DOES NOT match your keyword. We’ll even talk a little bit about a very similar tool that extends grep a bit. Here are some examples.
To show you all of the lines in a given file that include the word “error” for example, you would do something like this:

$ cat file.txt
This line contains an error.
This line contains a case sensitive ERROR
And this one is just an Error.
Then we have a warning.
and then of course Warning.

$ grep error file.txt
This line contains an error.

That’s what you’d call an Inclusive grep. You can also reverse that by using an exclude flag. Say you wanted to see all of the config options in your sshd config that are not commented out, you could do this:

# grep -v \# /etc/ssh/sshd_config
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key

… snip ...

Subsystem sftp /usr/libexec/openssh/sftp-server

It’s worth noting that grep is case sensitive, like many things in Bash. So grepping for “error” wont find “Error” or “ERROR”. You can tell grep to filter in a case-insensitive way using the -i flag.

$ grep -i eRRor file.txt
This line contains an error.
This line contains a case sensitive ERROR
And this one is just an Error.

This will match on error, ERROR, erRoR, or whatever, as long as the letters are the same.

Now, I said you could use grep to filter the output of any command right? You do that with output redirection using a pipe. This is really useful for things like filtering logs, even live with tail -f.

   # tail -f /var/log/messages | grep -i error

There are a lot more options for grep, including filtering based on a file of keywords, regular expressions, you can even colorize the output. I suggest you get familiar with the man page if you’d like to know more.

egrep—Now, what if you want to filter on more than one word? I’ve always used egrep for this.

Say you’d like to grep on error, or warning, you could do something like this:

$ egrep 'error|warning' file.txt
This line contains an error.
Then we have a warning.

egrep will support other patterns, I'm sure, but that one right there is the one I’ve always used it for, and I’ve found it very useful. 

awk—The awk command implements the AWK programming language to process text, and it’s particularly good at processing data organized in columns. This command is available in most if not all Linux distributions as well as any other UNIX operating systems.

Sysadmins commonly use awk to extract data from files or piped from the output of other commands in the command line or Shell scripts. Invoke awk by running the command providing an action between '{}'. You can reference columns as variables, like $1 for the first column, $2, for the second, and so on. By default awk uses spaces as columns separator but you can use any character by specifying it with the flag -F.

For example, to print the owner and group, columns 3 and 4 in the output of ls -l, pipe its output to awk like this:

$ ls -l | awk '{ print $3,$4 }'
ricardo users
ricardo users
root root

You can also filter lines from the input by providing an optional regular expression before the action. For example, to print all the hostnames (column 2) of lines starting with a number in your /etc/hosts files, use awk like this:

$ awk '/^[0-9]/ { print $2 }' /etc/hosts

awk is a versatile command that supports an entire programming language allowing you to do many things, like performing calculations, conditionals, data transformation, and more. It’s a great option to help you automate your systems and it’s often part of shell scripts.

For more information, consult the article A beginner’s guide to gawk and the command's man pages.

sed—The command sed—short for stream editor—allows you to filter and edit streams of text in a scripted way. Sysadmins often use sed in Bash scripts to transform text piped from other commands or directly from files. In its most basic form, sed searches for and replaces text. For example, use it to replace the string “stream” with “text” coming from a pipe, like this:

$ echo "This is a test stream" | sed 's/stream/text/'
This is a test text

You can also replace text in a file by providing the file name as the last parameter, like this:

$ sed 's/pattern/replacement/' filename

For safety, sed outputs the results to STDOUT without modifying the file. You can redirect the output to a new file to save the results. You can also change the original file in place by providing the -i flag.

By default, sed changes only the first occurrence of pattern in each line. To change this behavior, allowing to replace all instances of the pattern, provide the g option at the end of sed command expression, like this:

$ sed 's/pattern/replacement/g' filename

In addition to basic text searching, sed supports regular expression matching. For example, use a regular expression “[Ww]ord” to replace both “Word” and “word” in each line:

$ echo "Word word WORD" | sed 's/[Ww]ord/text/g'
text text WORD

This command offers many other possibilities but even with this basic usage, you can save a lot of time. For more information about other options, consult the man pages for sed.

watch—This command allows you to run a command/program repeatedly using a given interval. By default, the interval is every two seconds. Many sysadmins use this command to monitor various system conditions or tasks until completion.
For example, if you wanted to monitor your memory usage, you could use the following: watch -d free -m (the -d option highlights values that are different from the last run).

curl—This command allows you to transfer data to/from servers, with many more options than only HTTP/HTTPS. It works without user interaction and it is very frequently seen in situations where you need to make REST API calls (GET, POST, PUT).

curl supports many options to connect to servers, like SSL, using cookies, resume file transfer, etc. It is almost as if you had a web browser that you can run from the command line.

The example below shows curl for a simple file download, but limiting the bandwidth:

curl -o myfile.tar.gz --limit-rate 20K

As its manual states, the number of options available to use with curl are many. Some of the ones I use frequently are:

  •  -s: run in silent mode (without a progress bar)
  •  -k: allow an insecure connection (only when connecting to an internal, known server for which a self-signed certificate is being used)
curl -X POST --header "Content-Type: application/json" \
             --data '{"my_id": 5, "my_application": "moneymaker", "body": "showmethemoney"}' \

In the above example, I'm doing a POST and passing the header and the body.

mail—The mail command is a super neat tool that allows a user to send emails directly from the command line, without having to open a browser or dedicated client. You'll need to have an SMTP server running locally on your machine, so that is something to be aware of.

Install the package:

 $ apt-get install mailutils

To send a basic email, you can use the following:

$ mail -s "Subject Line"

When you press Enter, you'll be prompted with the Cc field. You can add additional recipients or just press Enter to skip. Then you'll type your message. When finished, use Ctrl+D to send the message out for delivery. It should look like this when finished:

$ mail -s "Subject Line"
"Hello world" 
<Ctrl + D>

For more information on this command, check out this great article.

tmux—The tmux command, that is the terminal multiplexer, allows for multiple windows inside of a single terminal window. You can jump between windows and even divide them into individual panes, each with its own CLI. We have had some great content published around tmux and how to use it, so I will leave you a link to that content. Check out tips for using tmux for more information.

sudo—The sudo command is your path to elevated privilege. All sysadmins need to know how to use this command, how it is different from su (which many use in place of sudo…bad idea), and how to ensure access by necessary accounts. I wrote an intro article to sudo way back when that you may find useful.

ssh—The ssh (secure shell) command allows you to use remote work protocols to access and manipulate servers over a network connection. If you have ever worked in support, or been helped by support for that matter, many times the support tech uses ssh to access your machine or server.
Command usage is pretty straight-forward:

$ ssh username@hostname

You'll be prompted for a password, and if you can provide proper credentials, you’ll be on your way into the desired system.

scp—The secure copy command (scp) allows a user to copy files to/from a remote system. You’ll need ssh enabled on both ends of the transaction and a proper command syntax. All of that and you should be good to go. Command syntax should look something like this:

To copy a file FROM a remote system to current working directory:

scp user@ip_of_remote :/file/path/of/file.txt . 

pkill—This command utility allows us to signal the processes of running programs. You can search for a process by name (full or partial), user, etc. There are tons of options for using this utility, however, by default, the command sends the 15 signal (TERM) to all PIDS matching your criteria. For example:

$ pkill chrome

This should shut down all instances of Chrome running on the machine.

lsns—This command, list name spaces (lsns), does exaclty what it says—lists namespaces. Crazy right? Anyway, there are lots of options that you can add here: -J (json format), -l (list format), -n (no headers), etc. This command is a part of the util-linux package and is widely available. For more information around lsns or namespaces in general check out this article from contributor Steve Ovens The 7 most used Linux namespaces.

unshare—This one is centered around namespaces as well. The unshare command runs a program in a newly created namespace(s). By default, the new namespace will only last as long as it has programs running in it. For more information on this command, check out the man page in your favorite Linux machine.

[ Want to test your sysadmin skills? Take a skills assessment today. ]

If you can manage to incorporate these tools into your workflow where they make sense, you'll be a better sysadmin for doing so. If some of your favorite commands didn’t make the list, we'd love to hear about them. Feel free to submit an article on your favorite command we didn't list to

Topics:   Linux   Command line utilities   Sudoer sit-down  
Author’s photo

Tyler Carrigan

Tyler is the Sr. Community Manager at Enable Sysadmin, a submarine veteran, and an all-round tech enthusiast! He was first introduced to Red Hat in 2012 by way of a Red Hat Enterprise Linux-based combat system inside the USS Georgia Missile Control Center. More about me

Author’s photo

Nathan Lager

Nate is a Technical Account Manager with Red Hat and an experienced sysadmin with 20 years in the industry.  He first encountered Linux (Red Hat 5.0) as a teenager, after deciding that software licensing was too expensive for a kid with no income, in the late 90’s.  Since then he’s run More about me

Author’s photo

Ricardo Gerardi

Ricardo Gerardi is Technical Community Advocate for Enable Sysadmin and Enable Architect. He was previously a senior consultant at Red Hat Canada, where he specialized in IT automation with Ansible and OpenShift.  More about me

Author’s photo

Roberto Nozaki

Roberto Nozaki (RHCSA/RHCE/RHCA) is an Automation Principal Consultant at Red Hat Canada where he specializes in IT automation with Ansible. More about me

Try Red Hat Enterprise Linux

Download it at no charge from the Red Hat Developer program.