Bash Index : L - The 'L' Bash commands : description, flags and examples




Output certain LSB and distribution information


Flag Usage
-a --all explicit, see example below
-s --short show requested information in short format


lsb_release -a
No LSB modules are available.		result of -v
Distributor ID: Ubuntu			result of -i
Description:    Ubuntu 22.04.4 LTS	result of -d
Release:        22.04			result of -r
Codename:       jammy			result of -c



Flag Usage
-b set bitrate
-v enable variable bitrate


Encode *wav into *mp3 :

for i in *wav; do lame -v -b 256 "$i" "$i.mp3"; done



enter messages into the system log
I considered this after reading answers / comments to this question :
redirecting the standard output to a log file is just about the worst possible approach to logging : your log file is tied to the logging process, and you can't do anything about it.
The actual solution is to use a proper logging system that would allow you to separate the actual log file from the process and allow you to use tools like syslog and logrotate.


My first steps with logger :

Create a new log entry :
logger 'hello world'
Find it :
journalctl -r _COMM=logger
-- Logs begin at Thu 2017-11-02 08:27:51 CET, end at Tue 2019-04-02 16:15:41 CEST. --
Apr 02 16:15:41 myLaptop bob[28892]: hello world



print shared library dependencies
  • In the usual case, ldd invokes the standard dynamic linker with the LD_TRACE_LOADED_OBJECTS environment variable set to 1, which causes the linker to display the library dependencies.
  • Be aware, however, that in some circumstances, some versions of ldd may attempt to obtain the dependency information by directly executing the program. Thus, you should never employ ldd on an untrusted executable, since this may result in the execution of arbitrary code. A safer alternative when dealing with untrusted executables is :
    objdump -p /path/to/program | grep NEEDED



let is a shell built-in function to evaluate one or more arithmetic expressions.
The shell can perform arithmetic evaluations under the influence of Details : man bash + search ARITHMETIC EVALUATION.



lsblk lists information about all available or the specified block devices. It reads the sysfs filesystem and udev database to gather information.

lsblk -fap


Flag Usage
-a --all List all devices, including empty one (they are skipped by default)
-f --fs Output info filesystems : name (label), FS type, UUID, mount point
-l --list Format output as a list rather than a tree
-p --paths Print full device path, e.g. /dev/mapper/vg-root rather than just vg-root
-S --scsi Output info about SCSI devices only


By default, variables defined in scripts are global.
local myVariable
makes myVariable's value visible only within the block of code in which it appears.
#!/usr/bin/env bash


myFunction1() {
	echo "myFunction1 : $number"

myFunction2() {
	local number=2
	echo "myFunction2 : $number"

echo $number
echo $number
echo $number
0			global initial value
myFunction1 : 1		myFunction1 internal value
1			global value overwritten by myFunction1
myFunction2 : 2		myFunction2 internal value
1			unchanged global value



Make links between files : ln target linkName


Flag Usage
(none) Create a hard link
-f --force Overwrite link if it already exists
When man ln says :
-f, --force
	remove existing destination files
what is meant by destination file :
  • is the file being the link itself (link in the example below)
  • is not the target of the link (i.e. not target)
Check it :
cd /tmp; touch target; echo '1. create link'; ln -s target link; echo '2. try to overwrite link'; ln -s target link; echo '3. overwrite link'; ln -sf target link; rm link target
1. create link
2. try to overwrite link
ln: creating symbolic link `link': File exists
3. overwrite link
-s Create a symbolic link (a.k.a "symlink")



Shows listing of last logged in users. Extracts information from /var/log/wtmp.

The pseudo user reboot logs in each time the system is rebooted. Thus last reboot will show a log of all reboots since the log file was created.

last / lastb :

lastb is the same as last (lastb symlinks to /usr/bin/last), except that by default it shows a log of /var/log/btmp, which contains all the bad login attempts.

On Debian Wheezy, /var/log/btmp does not trace failed SSH login attempts. This is a known Debian bug, and has been fixed with OpenSSH package version 1:6.6p1-1 (source).


Flag Usage
-number -n number Show latest number entries
-F Full display : login time + logout time + remote host
-i Display IP addresses rather than hostnames
-x Display the system shutdown entries and runlevel changes



list available locales :

localectl list-locales



I'm afraid most of this article is obsolete / wrong. Have a look at localectl for more up-to-date information about interacting with locales.
Get/set locale-specific settings


Flag Usage
(none) Display a summary of the current locale environment
-a List all available locales

List of locale codes

Special locales

  • This is the standard C locale. The attributes and behavior it provides are specified in the ISO C standard. (source)
  • The C locale is a special locale that is meant to be the simplest locale. You could also say that while the other locales are for humans, the C locale is for computers. In the C locale :
    • characters are single bytes
    • the charset is ASCII (well, is not required to, but in practice will be in the systems most of us will ever get to use)
    • the sorting order is based on the byte values
    • the language is usually US English
    • and things like currency symbols are not defined
  • alias for the standard C locale (source)


In case keyboard is f*cked up after playing with locales (and doesn't accept éèà... anymore) (see also : How to reconfigure locales) :

export LANG="fr_FR.UTF-8"

During a PuTTY session, no effect as normal user, worked as root not in the current shell but in a new one.

When the system complains at any time : perl: warning: Setting locale failed." (sources : 1, 2) :

The full error message was :
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
	LANGUAGE = (unset),
	LC_ALL = (unset),
	LANG = "fr_FR.UTF-8"
	are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").

There may be unnecessary / overkill / wrong(?) steps in the solution below.

  1. Contrary to popular belief, locale-gen takes NO argument (man locale-gen, if you don't believe me). So our first step is to select the locales we want by uncommenting them from /etc/locale.gen
  2. Then rebuild locales : locale-gen
  3. dpkg-reconfigure locales, leave everything as-is on the first page, then set the system language to en_US.UTF-8
  4. export LANG="en_US.UTF-8"



list files (in Unix, everything is a file )
It is considered a BAD practice to parse the output of ls because file names may include special characters (space, newline, ...) that can interfere with detecting where a file name starts and ends (details). Commands like these should be banned :
  • ls [options] |
  • for i in $(ls ); do ; done

To list a HUGE number of files, consider the -f and -U options below, or this dedicated C program.

There may be situations where ls reports a file being a given size (possibly huge) whereas it's actually way smaller. This can happen with files containing file systems and being dynamically provisioned (and, generally speaking, any flavor of sparse files). In such case, to get the _actual_ file size :

ls -lh /var/log/lastlog
	-rw-r--r--. 1 root root 251G  3 mars  11:30 /var/log/lastlog

du -h /var/log/lastlog
	84K	/var/log/lastlog
A very interesting answer to the "cp file1 file2 vs cat file1 > file2" question


Flag Usage
-1 list 1 file per line
-a --all list all files, including hidden files (name starting with a .)
-A --almost-all do not list implied . and ..
-b --escape print octal escapes for nongraphic characters
--block-size=size With -l : scale sizes by size before printing them. size is an integer and optional unit (example: 10K is 10*1024). Units are :
  • powers of 1024 : K, M, G, T, P, E, Z, Y
  • powers of 1000 : KB, MB, ...
Files smaller than size will actually be reported 1 unit :
tmpFile=$(mktemp); fallocate -l 12m "$tmpFile"; for unit in K M G T; do echo "unit : $unit"; ls -l --block-size=1$unit "$tmpFile"; done; rm "$tmpFile"
unit : K
-rw------- 1 kevin users 12288 Mar 7 09:41 /tmp/tmp.NdDV69WZth	KiB : OK
unit : M
-rw------- 1 kevin users 12 Mar 7 09:41 /tmp/tmp.NdDV69WZth	MiB : OK
unit : G
-rw------- 1 kevin users 1 Mar 7 09:41 /tmp/tmp.NdDV69WZth		GiB : KO
unit : T
-rw------- 1 kevin users 1 Mar 7 09:41 /tmp/tmp.NdDV69WZth		TiB : KO
  • with -lt : sort by ctime, show ctime
  • with -l : sort by name, show ctime
  • otherwise : sort by ctime, newest first
--color=when colorize the output. when is one of :
  • always (default)
  • auto
  • never
ls colors are often automatically disabled in compound commands (pipes or find -exec ls ). They can be enabled by being explicitly specified in the command line with --color=always
-d --directory list directories themselves, not their contents
-F --classify append indicator (one of *, /, =, >, @, |) to entries (for details about these : info ls + search classify)
I see no real use case for this option (especially if you have enabled colored output), which may display misleading information : is someFile* a filename actually ending with a * or a file with the execution bit set ?
-f do not sort + enable -aU + disable -ls --color (=--color=never)
-h --human-readable print file size in human readable format (2K, 34M, 1G, ...)
follow symbolic links listed on the command line
symlinks MUST be specified on the command line to be de-referenced :
ls -H /etc/apache2/sites-enabled/
fail : -H has no effect here since no symlinks is provided
ls -H /etc/apache2/sites-enabled/*
lists the targets of the symlinks
Quick'n'dirty tip : this seems to work better if you put a * at the end of the symlink (either regular file or directory) you'd like de-referenced.
-I pattern
Do not list entries matching the shell pattern pattern
-i --inode show the inode number
-L --dereference when "ls-ing" a symbolic link, show information for the target of the link, not for the link itself
-l use a long display format. By default, this mode displays the modification time. Display the access time with -u.
-n --numeric-uid-gid show UID and GID in numerical form instead of showing names
-R --recursive list subdirectories recursively
-r --reverse reverse order while sorting
-s --size print the allocated size of each file, in blocks
-S sort by DESC file Size
-t sort by modification time, newest first
-u use time of last access instead of last modification while sorting (-t) or printing (-l) (source)
-U do not sort : list entries in directory order
-Z --content print security context of each file

Long display format (source) :

ls -l outputs things like :
-rw-------  1 bob    developers  4.0K Dec 16 18:20 myFile
-rw-------  1 bob    developers   280 Dec 16 17:30 myFileToo
drwx------  2 bob    developers  4.0K Dec 16 17:26 myDirectory
drwxrwxr-x+ 2 stuart otherGroup  4096 Dec 16 17:19 someOtherDirectory
drwxrwxr-x+ (source)
The single character following the file mode bits specifies which alternate access method (aka "system of permissions") applies to the file :
no alternate access method, the regular Unix permissions apply
any other combination of alternate access methods, very likely ACL
-rw------- 1, drwx------ 2
number of hard links


List files and sort them by DESC size :

  • ls -Shl
  • ll -Sh
ls is smart enough to sort files by size even though they are displayed in human-readable format.

List directories only :

ls -ld */

Show seconds of last modification :

  • ls -l --time-style='+%d-%m-%Y %H:%M:%S' file
  • ls -l --time-style='full-iso' file

Show seconds of last access :

  • ls -ul --time-style='+%d-%m-%Y %H:%M:%S' file
  • ls -ul --time-style='full-iso' file

ls with shell patterns : lists 2010* and 2011* files ( source 1, 2 )

ll 201[01]*

Sum up the size of files returned by ls :

ls -l 201[01]* | awk '{ TOTAL += $5} END { print TOTAL/1024/1024 " MiB"}'


How to hide the total line when using ls -l (source) ?

You could run :
  • ls -l | grep -v '^total'
  • ls -l | tail -n+2
but that would be inelegant
-l causes the display of the total line. To workaround this, add -d * to your command : ls -ld *



Command-line options :

Flag Usage
+F Follow file contents in real time, like tail -f does : less +F myFile
-i make further searches case-insensitive provided the search pattern is all lowercase !
show line Numbers
For some (unknown so far) reason, those extra line numbers can not be matched after a | :
  • echo -e "apple\nbanana" | less -N
          1 apple
          2 banana
  • echo -e "apple\nbanana" | less -N | grep a
  • echo -e "apple\nbanana" | less -N | grep 1
    (nothing but "FAILURE" return code)
  • echo -e "apple\nbanana" | less | sed -n '/a/ p'
  • echo -e "apple\nbanana" | less -N | sed -n '/a/ p'
  • echo -e "apple\nbanana" | less -N | sed -n '/1/ p'
    (nothing but "SUCCESS" return code)
start at the first occurrence of pattern in the file
-R interpret ANSI color escape sequences
Outsmarted by GNU/Linux utilities and the shell (details) :
  • by default, less does not interpret color codes
  • utilities —such as grep & al.— are smart enough not to send color codes when piping their output to less
As a result, if you want colors, you'll have to be explicit with both and instruct :
  1. utilities to output color codes —even though these are piped to less
  2. less to interpret these codes
grep --color=always searchPattern myFile | less -R
-S --chop-long-lines show the portion of a long line that doesn't fit the screen width on the next line
chop long lines in interactive mode

Interactive commands :

Flag Usage
F Follow file contents in real time, like tail -f does
jump to beginning of line
jump to line n
G jump to end of line
- i toggle case sensitivity in searches (by default, searches are case-sensitive, so this will turn them case-insensitive at first strike)
n jump to next match
N jump to previous match
v edit the current file with the editor defined in the EDITOR environment variable
:-n display the next file (when less is launched like : less *conf)
:-p display the previous file (when less is launched like : less *conf)
&RegExp show lines matching RegExp. Back to normal (display all lines ) : &
/pattern search forward pattern (see also)
?pattern search backward pattern
  • =
  • : f
  • Ctrl-g
display information about the file being viewed :
  • line range currently on screen / total line number
  • byte offset / file size (aka byte count)
  • point in file as percentage


Chop long lines :

- - c h

View myFile starting at the line matching pattern :

less +/pattern myFile



List open files.
Given that in Unix everything is a file, lsof can also be used to deal with processes and connections.


Flag Usage
-a Logical and for all the filtering parameters, wherever the -a is placed in the command line.
-c command List files opened by processes fired by a command starting with command. This can be :
  • a single string : lsof -c python
  • an excluded string (marked with ^). But this is especially useful with -a : lsof -c gnome -a -c ^gnome-pan
  • a regular expression : lsof -c /RegEx/ (defaults to extended regular expressions)
+D /path/to/dir Search for all open instances of directory /path/to/dir (i.e. users having cded into it) and all the open files and directories it contains to its complete depth (= list recursively open files under /path/to/dir)
-i address
List open files related to internet services and matching address.
  • If address is not specified, then * is assumed.
  • address can be specified as :
  • enable (+) or disable (-) ...
  • the listing of file links count.
  • +Ln : list files having <n links. +L1 will select open files that have been unlinked (i.e. deleted)
  • example
-n Inhibits the conversion of network numbers to host names for network files. Inhibiting conversion may make lsof run faster.
-P Inhibits the conversion of Port numbers to port names for network files. Inhibiting conversion may make lsof run faster.
-p PID List files open by the process(es) matching PID. This can be :
  • a single number : 123
  • a list of numbers : 123,456 (no space allowed)
  • a list with exclusions (marked with ^) : 123,456,^789
-u foo Select users with login or UID matching foo. This can be a single, a list or a list with exclusions.


Some examples

Objects to list Matching condition Command
processes related to
  • TCP daemons
  • UDP daemons

  • lsof -i tcp
  • lsof -i udp
processes related to a web server lsof -i tcp:80
processes using TCP port 80 on the interface lsof -i 4tcp@
network connections between localhost and lsof -i @
network connections related to the process having PID 1234 lsof -a -i -p 1234
files opened by kevin or by whoever has the 500 UID or by PID 123 or by PID 456 lsof -u kevin,500 -p 123,456

List deleted files that have not yet been erased (details) :

  • lsof -nP | grep deleted
  • or : lsof +L1
  • sort files by increasing size : lsof +L1 | sort -k7 -n
chrome    70803 stuart   50u   REG   0,28        4     0    12443 /dev/shm/.org.chromium.Chromium.wo6MuZ (deleted)
teams      3837 stuart   67u   REG  253,1       16     0 31326254 /tmp/skype-3837/skypert_sessionkeyY9CXIY (deleted)

firefox    3243 stuart   48r   REG    0,1     2356     0     6155 /memfd:mozilla-ipc (deleted)
Thunar     2830 stuart   26r   REG  253,1    27812     0 19136866 /home/stuart/.local/share/gvfs-metadata/root (deleted)
firefox    3243 stuart  235r   REG  253,1    32768     0 19136838 /home/stuart/.local/share/gvfs-metadata/home-bbf7c99f.log (deleted)
panel-5-n  2853 stuart   13r   REG  253,1    32768     0 19136749 /home/stuart/.local/share/gvfs-metadata/home-80f437a6.log (deleted)
Thunar     2830 stuart   27r   REG  253,1    32768     0 19136918 /home/stuart/.local/share/gvfs-metadata/root-7816e02b.log (deleted)
firefox    3243 stuart   50r   REG    0,1    64150     0     6156 /memfd:mozilla-ipc (deleted)
teams      3667 stuart   40u   REG   0,28    65536     0       14 /dev/shm/.org.chromium.Chromium.xi0O84 (deleted)

teams      3853 stuart   54u   REG   0,28  4198400     0      768 /dev/shm/.org.chromium.Chromium.mbVPNT (deleted)
chrome    71055 stuart   46u   REG   0,28 16777216     0    17328 /dev/shm/.org.chromium.Chromium.q7zzD0 (deleted)
pulseaudi  2428 stuart    6u   REG    0,1 67108864     0     1028 /memfd:pulseaudio (deleted)
These files have been marked as deleted but the storage space they use has not been freed yet because they are still used by one or more processes. To free the space used by any of these files, you just have to stop/restart the process holding it.
For details on any of these "almost deleted" files, have a look at /proc/PID/fd/FD (FD : digits only, no trailing letter). To recover one of them, just read below.

"Deleted" files can be the reason why a volume is reported as full whereas ls, df and du report there is some space left.

This can be used to recover "almost deleted" files :

  1. In a terminal, run : echo "Hello World" > /tmp/myFile; less /tmp/myFile
    Using less in this example is the key, since it will "hold" the file as long as you don't quit less
  2. In an other terminal, run : rm /tmp/myFile; ls /tmp/myFile; lsof | grep /tmp/myFile, which will output :
    ls: Cannot access /tmp/myFile: No such file or directory
    less	3803		stuart	4r	REG		254,0	12	133754 /tmp/myFile (deleted)
  3. But this is not over yet. Try this : cat /proc/3803/fd/4. It will output :
    Hello World

    Please note that even though the reported file descriptor was 4r (like removed), the actual file name is 4.

  4. cp /proc/3803/fd/4 /saved/from/limbo : you just recovered a deleted file
  5. And when you quit less, ls /proc/3803/fd/4 says : ls: Cannot access /proc/3803/fd/4: No such file or directory



list file attributes


Flag Usage
-d Display attributes of a directory itself, not those of its contents.

File attributes are a combination of :

Option Usage Effect
A no atime update the file "access time" is not updated when accessing the file
a append only the file can be only opened in "append for writing" mode
c compressed the file is automatically compressed on the hard drive by the kernel. data is uncompressed/compressed on the fly to read/write the file
D synchronous directory updates modifications on a directory having this attribute are synchronously written to the hard drive.
d no dump the file will NOT be backuped by the dump utility
E compression error experimental compression patches use this attribute to indicate the file has a compression error. This attribute can not be added/removed by chattr
e uses extents the file is using extents for mapping the blocks on disk. It may not be removed using chattr
I index into hash trees Applies to directories only. This attribute can not be added/removed by chattr
i immutable the file can not be changed, written, deleted, renamed. It can not be targeted by a link.
Applying this flag requires root privileges.
j data journalling data is written to the Ext3 journal before being written to the file
S synchronous updates when modifying the file, modifications are written synchronously to the disk
s secure deletion when deleting the file, its blocks are filled with zero's and written to the disk
T top of directory hierarchy States this directory is the filesystem root
t no tail-merging the file has no partial block at the end merged with others file's ends.
u undeletable upon deletion, the contents of the file is backuped so that it can be restored
X direct access to compressed file brute content used by experimental compression patches. This attribute can not be added/removed by chattr
Z "dirty" compressed file used by experimental compression patches. This attribute can not be added/removed by chattr


get attributes of a standard file :

lsattr myFile
------------- myFile

get attributes of a directory :

lsattr -d myDirectory
------------- myDirectory