+-------------------------------------------+ System Status Details +-------------------------------------------+ Overall Status: Unknown
Enregistrement sur : subscription.rhn.redhat.com:443/subscription Le système a été enregistré avec l'ID : a1b2c3d4-8b21-0ddf-4a9a-2f99092b9c16 État actuel du produit installé : Nom du produit : Red Hat Enterprise Linux Server Statut : Abonné
+-------------------------------------------+ System Status Details +-------------------------------------------+ Overall Status: Current
Flag | Usage |
---|---|
-s --summary | display swap usage summary by device. Equivalent to cat /proc/swaps
This output format is DEPRECATED in favor of --show that provides better control on output data. |
--show[=column...] | display table of swap areas. To view all available columns :
swapon --show=NAME,TYPE,SIZE,USED,PRIO,UUID,LABEL
|
Linux 4.19.0-0.bpo.4-amd64 (myWorkstation) 05/14/2019 _x86_64_ (2 CPU) 05:36:16 PM CPU %user %nice %system %iowait %steal %idle 05:36:18 PM all 3.89 0.00 1.81 0.00 0.00 94.30 2 seconds increment, 3 reports 05:36:20 PM all 4.62 0.00 1.03 0.00 0.00 94.36 05:36:22 PM all 6.19 0.00 2.84 0.00 0.00 90.98 Average: all 4.90 0.00 1.89 0.00 0.00 93.21
Flag | Usage |
---|---|
blame | print a list of all running units, ordered by the time they took to initialize. This information may be used to optimize boot-up times. The output might be misleading as the initialization of one service might be slow simply because it waits for the initialization of another service to complete. |
critical-chain unit | print a tree of the time-critical chain of units (for each of the specified units or for the default target (?) otherwise). In the output :
- Looks like this is read from bottom to top - The '+' times are the duration of each step - The '@' times are the cumulated duration since "instant 0". They don't perfectly sum up because of - the initialization of one service might depend on socket activation - parallel execution of units |
plot | print an SVG graphic detailing which system services have been started at what time, highlighting the time they spent on initialization : systemd-analyze plot > /path/to/result.svg |
verify | load unit files and print warnings if any errors are detected. Files specified on the command line will be loaded, but also any other units referenced by them (example) |
● smbd.service - Samba SMB Daemon Loaded: loaded (/lib/systemd/system/smbd.service; enabled; vendor preset: enabled) Active: active (running) since Thu 2018-11-29 08:36:29 CET; 1 weeks 0 days ago
dev-mapper-hostname\x2d\x2dvg\x2dswap_1.swap: Unit is bound to inactive unit dev-mapper-hostname\x2d\x2dvg\x2dswap_1.device. Stopping, too. var.mount: Unit is bound to inactive unit dev-mapper-hostname\x2d\x2dvg\x2dvar.device. Stopping, too. tmp.mount: Unit is bound to inactive unit dev-mapper-hostname\x2d\x2dvg\x2dtmp.device. Stopping, too.
shutdown [options] [time] [wallMessage]
Flag | Usage |
---|---|
[time] | one of :
|
-c | cancel a pending shutdown. Shutdowns specified with a now or +0 time value can not be cancelled. |
-H --halt | Halt the machine |
-P --poweroff | Power-off the machine (the default) |
-r --reboot | reboot the machine |
tail -f access.log | stdbuf -oL cut -d aq aq -f1 | uniq
WTF does this aq aq
mean ? Is it an advanced cut option ? Let's find out on cut manpage.aq aq
in the documentation, but we can still see in the "See also" section :
info coreutils aqcut invocationaq
Looks like someone had a hard time importing man pages having single quotes '
.
This is confirmed by reading the documentation in a terminal :
This typo has been copy-pasted as-is many times .
Flag | Usage |
---|---|
-omode --output=mode | adjust standard output stream buffering to mode |
tail -f access.log | stdbuf -oL cut -d ' ' -f1 | uniq
journalctl -u ssh | cut -d ' ' -f6- | uniq journalctl -u ssh | stdbuf -oL cut -d ' ' -f6- | uniq ==> both _seem_ to behave the same. Maybe "journalctl" is not a good candidate to experiment on this ;-)
script options /path/to/typescript/file
Flag | Usage |
---|---|
-a | append to /path/to/typescript/file rather than overwriting it / creating a new file |
-c command | run command instead of an interactive shell |
-f | flush output after each write |
4 5 6 7 8
5 8 11 14 17
17 14 11 8 5
Flag | Usage |
---|---|
-n iterations --iterations=iterations | overwrite iterations times instead of the default (3) |
-u --remove | truncate and remove file after overwriting
|
-v --verbose | see shred working : successively overwriting the target file, then renaming it, then deleting it :
myTempFile=$(mktemp); echo "$myTempFile contains secret data" > "$myTempFile"; cat "$myTempFile"; shred -uv "$myTempFile"
|
-z --zero | add a final overwrite with zeros to hide shredding |
shred -n 35 -z -u filename
Parameters :Flag | Usage |
---|---|
-l --full | Do not ellipsize unit names, process tree entries, journal output, or truncate unit descriptions in the output of status, list-units, list-jobs, and list-timers |
--now | |
daemon-reload | Reload systemd's configuration. This will rerun all generators (see systemd.generator(7)), reload all unit files, and recreate the entire dependency tree. While the daemon is being reloaded, all sockets systemd listens on behalf of user configuration will stay accessible.
not be confused with reload
|
disable unit | do NOT start unit at boot time.
|
enable unit | start unit at boot time. This actually :
Possible causes of :
systemctl enable unit
Failed to execute operation: Invalid argument
|
list-dependencies [options] | Recursively show dependencies of the specified unit. Example : systemctl list-dependencies graphical.target
|
list-unit-files [options] | List unit files installed on the system and their enablement state : enabled / disabled / masked / static / generated / .... Example : systemctl list-unit-files --type=service
|
reload pattern | Asks all units listed on the command line to reload their configuration (i.e. ask daemons managed by systemd to reload their own configuration)
This will reload the service-specific configuration, not the unit configuration file of systemd. If you want systemd to reload the configuration file of a unit, use daemon-reload. In other words: for the example case of Apache, this will reload Apache's httpd.conf in the web server, not the apache.service systemd unit file.
not be confused with daemon-reload
|
show |
|
status unit | Show terse runtime status information about unit, followed by most recent log data from the journal.
For a different output format :
systemctl status --output=json-pretty nginx
|
While debugging, it may be useful to prefix systemctl invocation with date :
systemctl status mysql ● mysql.service - MySQL Community Server Loaded: loaded (/lib/systemd/system/mysql.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2019-11-29 15:10:38 UTC; 2 days ago Process: 1111 ExecStartPost=/usr/share/mysql/mysql-systemd-start post (code=exited, status=0/SUCCESS) Process: 1050 ExecStartPre=/usr/share/mysql/mysql-systemd-start pre (code=exited, status=0/SUCCESS) Main PID: 1110 (mysqld) ps -o etime= 1110 2-17:50:46 ========================================== systemctl show mysql --property=MainPID | cut -d '=' -f 2 ps -o etime= $(systemctl show mysql --property=MainPID | cut -d '=' -f 2) 2-18:44:12 ========================================== systemctl show mysql --property=ActiveEnterTimestamp ActiveEnterTimestamp=Fri 2019-11-29 15:10:38 UTC ========================================== ps -o lstart= $(systemctl show mysql --property=MainPID | cut -d '=' -f 2) Fri Nov 29 15:10:36 2019 echo $(($(date -d"now" +%s) - $(date -d"Fri Nov 29 15:10:36 2019" +%s))) ==> uptime in seconds
Flag | Usage |
---|---|
- -l --login | Make the shell a login shell. The environment will be changed to what would be expected if the user actually logged in as the specified user. Otherwise, the environment is passed along, with the exception of $PATH . |
-c command --command=command | Pass the command command to the shell. |
-s shell --shell=shell | Invoke the shell shell |
This behavior is caused by this uncommented line of /etc/pam.d/su which forces users to be a member of group root before they can use su :
auth required pam_wheel.so group=root
http://ss64.com/bash/su.html -, -l, --login Make the shell a login shell. This means the following: unset all environment variables except `TERM', `HOME', and `SHELL' (which are set as described above), and `USER' and `LOGNAME' (which are set, even for the super-user, as described above) set `PATH' to a compiled-in default value. Change to USER's home directory. Prepend `-' to the shell's name, intended to make it read its login startup file(s). some tests as root : su bob -c "whoami" bob su bob -c "whoami; echo $HOME" bob ==> Expected, as we didn't change the environment. /root su - bob -c "whoami; echo $HOME" bob /root ==> I expected /home/bob here. What happened ? /!\ this _could_ be caused by the fact that logging as root was ALREADY made via "su" (?) su bob -c 'whoami; echo $HOME' ==> changed to single quotes bob /home/bob
optionName | shortOption | Usage |
---|---|---|
noexec | n | Read commands in script, but do not execute them (syntax check) |
errexit | e | Abort script at first error, when a command exits with non-zero status (except in until or while loops, if -tests, list constructs) |
nounset | u | Attempt to use undefined variable outputs error message, and forces an exit |
verbose | v | Print each command to stdout before executing it |
xtrace | x | Similar to verbose, but expands commands |
file1 file2 file3 3 files of the current directory
... ... ... ... all of them
ss -punta is a good equivalent to netstat -laputen (which will be deprecated soon)
Flag | Usage |
---|---|
-a --all | Display all sockets |
-e --extended | Show detailed socket information. The output format is:
uid:uidNumber ino:inodeNumber sk:cookie
|
-l --listening | Display listening sockets only |
-n --numeric | Show service names in numeric format |
-r --resolve | resolve numeric address/ports |
-p --processes | Show process using socket |
-t --tcp | Display only TCP sockets |
-u --udp | Display only UDP sockets |
-x --unix | Display only Unix domain sockets |
(filters) |
|
*
, this means wildcard match.<=
, >=
, ==
, ... To make this more convenient for use in unix shell, alphabetic FORTRAN-like notations le
, gt
, etc. are accepted as well.and
, or
and not
, which can be abbreviated in C-style as &
, &&
, ...Flag | Usage |
---|---|
-H --set-home | change the value of the $HOME environment variable into the home directory of the target user (i.e. mostly root, so /root). Normally, using sudo does not alter $HOME (details)
bash -c 'echo $USER $HOME'; sudo bash -c 'echo $USER $HOME'; sudo -H bash -c 'echo $USER $HOME'
This can be the default behavior, so the command above may not highlight anything.
|
-i --login | simulate initial login. This runs the shell specified in /etc/passwd for the target user as a login shell. This means that login-specific resource files such as .profile or .login will be read by the shell. If a command is specified, it is passed to the shell for execution. Otherwise, an interactive shell is executed. full details : man -P 'less -p --login' sudo
|
-k --reset-timestamp | invalidate the user's cached credentials instead of waiting the cache to expire (details) |
-l --list | list the allowed and forbidden commands for the invoking user (or user specified with -U) on the current host. |
-p prompt --prompt=prompt | Use a custom password prompt with optional escape sequences (details) |
-S --stdin | Write the prompt to the standard error and read the password from the standard input instead of using the terminal device.
|
|
Run the shell specified by :
|
-U bob ---other-user bob | To be used with -l : list bob's privileges instead of those of the invoking user. Advanced privileges required : |
-u kevin --user kevin | Run the specified command as the user kevin. |
strerror %s: I/O error error setting limit (%s) Syntax error: %s
Flag | Usage |
---|---|
-c | count time, calls, and errors for each system call and report a summary on program exit, suppressing the regular output
This can be a good starting point when debugging stuff : once you've listed where errors are, use strace -e type1,type2,type3
|
-e expression | use expression to select which events to trace / how to trace them :
The syntax without a
% leading keyword (like -e trace=keyword) is deprecated |
-o file | Write the trace output to the file file rather than stderr |
-p PID | Attach to the process with the process ID PID. You may attach quickly to a process with :
strace -p $(ps aux | awk '/[s]omething/ { print $2 }') [other strace options]
with something : any pattern in the output of ps uniquely matching the process to trace. This can be a binary name, a data file, ... |
Flag | Usage |
---|---|
accept() | When a request on a listening socket is refused / incomplete, accept() returns -1. Otherwise, it creates a new connected socket, and returns a new file descriptor referring to that socket. |
fstat() | Return metadata about a file (in the form of a "stat struct"). This file can be specified either by path for stat(), or by file descriptor for fstat(). |
recvfrom() | Receive a message from a socket |
select() | Programs use select() to monitor file descriptors (specified as 2nd parameter) on a system for activity. select() will block for a configurable period of time waiting for activity on the supplied file descriptors, after which it returns with the number of descriptors on which activity took place.
This can be remembered as "wait for activity or timeout, and report where activity occurred"
|
Flag | Usage |
---|---|
-c format --format=format |
with format being :
|
Flag | Usage |
---|---|
-a suffixLength | Use suffixLength letters to form the suffix portion of the filenames of the split file.Make this suffix long enough so that there can be at least as many suffices as splits. |
-d | use numeric suffixes starting at 0, not alphabetic |
-l nbLines | Specify the number of lines in each resulting file piece. |
-n chunks --number=chunks | generate chunks output files, with chunks :
|
value=42 cat "$sourcedFile" source sourcedFile.akr6paIl; echo 'sourced'; echo "during the script : \$value='$value'" cat "$scriptFile" sourced started running the script during the script : $value='42' the variable exists in the script context after the script : $value='' no value anymore
Trying to source a file having DOS line endings led the shell to complain for syntax errors on EVERY line. Consider converting line endings into DOS format.
configFile='./script.conf'; scriptFile='./script.sh'; echo -e '#!/usr/bin/env bash\nvar1=value1\nexport var2=value2' > "$configFile"; echo -e '#!/usr/bin/env bash\necho "\tvar1 = $var1"\necho "\tvar2 = $var2"' > "$scriptFile"; echo -e "\n'source'd config file :"; cat "$configFile"; source "$configFile"; echo -e "\nCommand line (current shell context) :\n\tvar1 = $var1\n\tvar2 = $var2\n\nScript (subshell context) :"; bash "./$scriptFile"; rm "$configFile" "$scriptFile"
'source'd config file : #!/usr/bin/env bash var1=value1 not exported export var2=value2 Command line (current shell context) : var1 = value1 exists var2 = value2 Script (subshell context) : var1 = unset var2 = value2
variable='value'
#!/usr/bin/env bash source script.conf ... do something with "$variable" ...
Then no shebang is required in the configuration file script.conf. It may also be a safe practice to remove its execution permissions.
Flag | Usage | Example |
---|---|---|
-h | sort human numeric values |
echo -e "1M\n1G\n10K\n2K" | sort -h
2K 10K 1M 1G |
-kn | sort data based on the nth column
This assumes columns are whitespace or TAB-separated. Otherwise, consider -t |
df -h | sort -r -k5 grep -c 'article id="' *ml | sort -t ':' -k 2 -nr | head -20 |
-n | sort numerically. Default is alphabetically. | |
-o outputFile --output=outputFile |
Write result to outputFile instead of standard output | |
-r --reverse | sort in reverse order (i.e. : descending). Default sorting order is ascending. |
echo -e "a\nb\nc" | sort -r
c b a |
-R --random-sort | shuffle, but group identical keys. See shuf |
echo -e "a\na\nb\nc" | sort -R
b c a a |
-t 'x' --field-separator 'x' |
specify the field separator when using -k. Default is whitespace or TAB |
sort -nr -t ':' -k3 /etc/passwd | head -10
|
-T directory --temporary-directory=directory |
use directory for temporaries, not $TMPDIR or /tmp. Multiple options specify multiple directories | |
-u | sort unique : don't display duplicated lines. sort -u is equivalent to sort | uniq |
grep ' 500 ' 2012-07-03-apache-access.log | cut -d ' ' -f 11 | sort | uniq -c | sort -nr | less
All the magic is in the uniq -c prior to sorting.
snmpwalk -On -c snmpCommunity -v snmpVersion host OID
Flag | Usage |
---|---|
-O | Output formatting options : -On : displays the OID numerically |
snmpwalk -On -c foo -v 2c 10.44.36.253 1.3.6.1.4.1.15497.1.1.1.11
Flag | Usage |
---|---|
-e | Consider every command line parameter as an input row |
-i min-max --input-range=min-max |
Take numbers between min and max as input options to chose from |
-n numLines | Display at most numLines lines |
Flag | Usage |
---|---|
-s -s optionName |
List options that are set set the option optionName |
-u -u optionName |
List options that are unset unset the option optionName |
Option | Usage |
---|---|
autocd | a command name that is the name of a directory is executed as if it were the argument to cd |
cdspell | autocorrect minor typos while using cd (What does shopt -s dirspell do?) |
dirspell | autocorrect minor typos during word completion on a directory name (provided the directory name has a trailing /) |
extglob | enable extended pattern matching features (Is it safe to leave extglob enabled ?) |
drwx------ 64 bob developers 4,0K jan. 15 20:38 bob/and we would like Alice to have read access to /home/bob/, we can :
CONFIG_EXT2_FS_POSIX_ACL=y CONFIG_EXT3_FS_POSIX_ACL=y CONFIG_EXT4_FS_POSIX_ACL=y CONFIG_REISERFS_FS_POSIX_ACL=y CONFIG_JFS_POSIX_ACL=y CONFIG_XFS_POSIX_ACL=y CONFIG_BTRFS_FS_POSIX_ACL=y CONFIG_FS_POSIX_ACL=y CONFIG_TMPFS_POSIX_ACL=y CONFIG_JFFS2_FS_POSIX_ACL=y CONFIG_9P_FS_POSIX_ACL=y
Flag | Usage |
---|---|
-m | modify an existing ACL entry |
-R | Recursive : apply rights to all files and directories. -R must be supplied before -m : -Rm |
-x | remove an ACL entry |