Commands for System Administration

Rob

Administrator
Staff member
Joined
Oct 27, 2011
Messages
1,249
Reaction score
2,391
Credits
3,828
The following commands are frequently used by systems administrators to keep an eye on what's going on with their systems

last

The command last will show you the people who have logged into the computer today and the terminals they are/were using.

If you type:

Code:
last

You may get something like this:


Code:
fredtty6Thu Oct 516:55 - 20:05(3:10)
bobtty1Thu Oct 5still logged in(3:10)
roottty1Thu Oct 516:23 - 16:43(0:20)
rebootsystem bootThu Oct 5 16:22


As you can see, you worked as 'fred' for 3 hours and 10 mins. You are still working as 'bob'. You worked as 'root' for 20 minutes (probably some administration tasks) and you booted your computer at 4:22 PM.

This is a good way to see who's been using the computer if it's networked. For example, if you saw a an entry for 'satan' and you hadn't given the Prince of Darkness permission to login, you could fire off a nasty e-mail to him about mis-use of your server. His address, by the way, is "[email protected]"

df

'df' is a command that you're going to use a lot if you're pressed for hard disk space. Once again, there are many programs that run graphically that will inform you of the space available on your Linux partition. But this is a very good, quick, non-graphic way to keep track of your hard disk space.

If you type
Code:
df

You may get something like this. (This is actually taken from a system I use for testing versions of Linux. My 'df' is going to be a bit confusing because I run a XenServer virtual machine attached to a SAN. Sorry!)


Code:
Filesystem          1K-blocks      Used Available Use% Mounted on
/dev/mapper/VolGroup-lv_root
                      48964432  2838132  43639004  7% /
tmpfs                  1987488        0  1987488  0% /dev/shm
/dev/xvda1              495844    52160    418084  12% /boot
/dev/mapper/VolGroup-lv_home
                      47626600    370604  44836696  1% /home

If you start seeing a 'df' output like this, it's time to get down to your local computer shop and buy a new hard disk. Anyway, 'df' is a good way to keep track of this.

free

'free' is a command that you can use if you want to know how much RAM memory you have free on your system. By typing:

Code:
free

and you will get something like this


Code:
totalusedfreesharedbufferscached
Mem:1445213904548282084927312
-/+ buffers/cache:61008352
Swap:33260155631704


This output isn't very friendly. Try converting things to Megabytes by typing

Code:
free -m

Sometimes, if a program is running particularly slowly, you may find out that your memory usage is high using this command. Linux's memory management is quite good but a certain program may be "hogging" memory. You could exit that program and then type free again to see if it was the culprit.

du

'du' is the way to see how big files are. You can use it on a directory or on a particular file. This is another command I use a lot. It's probably best to use the option du -b (-b for bytes) and it will give you the exact figure in bytes. By default, 'du' shows the closest kilobyte figure. Let's look at a couple of examples:

If I type:

Code:
du people_I_owe_money.note

I may get an output like this: 193 people_I_owe_money.net

But instead, if I type:

Code:
du -b people_I_owe_money.note

I'll get: 197120 people_I_owe_money.note

As you can see, it's a big file. I owe a lot of people money. On the other hand look at the output for 'people_who_owe_me_money.note':

1 people_who_owe_me_money.note

No, that's not the kilobyte figure. That's the byte figure!

You can also use this on a directory, and it will list the files and subdirectories and give you the byte or kilobyte count, whichever you prefer

If you turn out to be a human, then you may want to set the output to something even more friendly.

Try this:

Code:
du -h

top

To show you the use of the 'top' command. Here you will see what processes are running 'top' is a good command to use when you want to see what your system's doing. 'top' is designed to show you how your CPU is being used. It will give you a pretty complete list of everything that's going on in your computer. Here's a sample output of the 'top' command:

Code:
top


Code:
top - 14:11:38 up 12 days, 22:38,  1 user,  load average: 0.00, 0.00, 0.00
Tasks:  97 total,  1 running,  96 sleeping,  0 stopped,  0 zombie
Cpu(s):  0.0%us,  0.0%sy,  0.0%ni,100.0%id,  0.0%wa,  0.0%hi,  0.0%si,  0.0%st
Mem:  3974980k total,  3515800k used,  459180k free,  244404k buffers
Swap:  6209528k total,        0k used,  6209528k free,  2684644k cached
 
  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
    1 root      20  0 19204 1512 1220 S  0.0  0.0  0:01.84 init
    2 root      20  0    0    0    0 S  0.0  0.0  0:00.00 kthreadd
    3 root      RT  0    0    0    0 S  0.0  0.0  0:00.00 migration/0
    4 root      20  0    0    0    0 S  0.0  0.0  0:00.55 ksoftirqd/0
    5 root      RT  0    0    0    0 S  0.0  0.0  0:00.00 migration/0
    6 root      RT  0    0    0    0 S  0.0  0.0  0:02.41 watchdog/0
    7 root      20  0    0    0    0 S  0.0  0.0  1:11.89 events/0
    8 root      20  0    0    0    0 S  0.0  0.0  0:00.00 cgroup
    9 root      20  0    0    0    0 S  0.0  0.0  0:00.00 khelper
  10 root      20  0    0    0    0 S  0.0  0.0  0:00.00 netns
  11 root      20  0    0    0    0 S  0.0  0.0  0:00.00 async/mgr
  12 root      20  0    0    0    0 S  0.0  0.0  0:00.00 pm
  13 root      20  0    0    0    0 S  0.0  0.0  0:00.00 xenwatch
  14 root      20  0    0    0    0 S  0.0  0.0  0:01.47 xenbus
  15 root      20  0    0    0    0 S  0.0  0.0  0:05.50 sync_supers
  16 root      20  0    0    0    0 S  0.0  0.0  0:05.87 bdi-default
  17 root      20  0    0    0    0 S  0.0  0.0  0:00.00 kintegrityd/0
  18 root      20  0    0    0    0 S  0.0  0.0  0:03.82 kblockd/0
  19 root      20  0    0    0    0 S  0.0  0.0  0:00.00 ata/0
  20 root      20  0    0    0    0 S  0.0  0.0  0:00.00 ata_aux
  21 root      20  0    0    0    0 S  0.0  0.0  0:00.00 ksuspend_usbd
  22 root      20  0    0    0    0 S  0.0  0.0  0:00.00 khubd
  23 root      20  0    0    0    0 S  0.0  0.0  0:00.00 kseriod
  24 root      20  0    0    0    0 S  0.0  0.0  0:00.00 md/0
  25 root      20  0    0    0    0 S  0.0  0.0  0:00.00 md_misc/0
  26 root      20  0    0    0    0 S  0.0  0.0  0:00.33 khungtaskd
  27 root      20  0    0    0    0 S  0.0  0.0  0:00.00 kswapd0
  28 root      25  5    0    0    0 S  0.0  0.0  0:00.00 ksmd
  29 root      20  0    0    0    0 S  0.0  0.0  0:00.00 aio/0
  30 root      20  0    0    0    0 S  0.0  0.0  0:00.00 crypto/0
  35 root      20  0    0    0    0 S  0.0  0.0  0:00.00 kthrotld/0
  37 root      20  0    0    0    0 S  0.0  0.0  0:00.00 khvcd
  38 root      20  0    0    0    0 S  0.0  0.0  0:00.00 kpsmoused
  39 root      20  0    0    0    0 S  0.0  0.0  0:00.00 usbhid_resumer
  69 root      20  0    0    0    0 S  0.0  0.0  0:00.00 kstriped
  229 root      20  0    0    0    0 S  0.0  0.0  0:00.00 kdmflush
  231 root      20  0    0    0    0 S  0.0  0.0  0:00.00 kdmflush
  250 root      20  0    0    0    0 S  0.0  0.0  0:13.44 jbd2/dm-0-8
  251 root      20  0    0    0    0 S  0.0  0.0  0:00.00 ext4-dio-unwrit


ps

'ps' will give you a list of the processes running on your system.

Just typing ps will give you the processes you're running as a user. It may look like this:

Code:
ps


Code:
PID TTY          TIME CMD
22987 pts/0    00:00:00 ps
29552 pts/0    00:00:00 bash


If you happen to forget what your name is, you can type ps u. This is the user mode and your user name will appear in the first column. Actually, there's more than that.

There will be other columns about memory usage, the time you started running the processes and others.

You can see other users processes if you type ps -au. If you're not using a networked computer, you will see yours and root's processes. If you're into detective work, you can type just ps -a and try to guess who's using the process.

The information that you'll probably be most interested in is the column that shows the "process ID" or "PID". We'll get into why these are so important in the next part of the lesson.

kill

"kill" is a very explicit word. It implies 'death'. In the last part of this lesson we talked about process IDs or "PIDs". Well, with the command 'kill' plus a PID, you can terminate a program. In other words, you kill the program. You will probably only use this with troublesome processes; programs that may not let you exit regularly. A good example of this is when you try a new program that hasn't got all the bugs worked out of it yet. If the 'exit' button doesn't work, you can 'kill' it.

To do this, first, you would type ps and you would get this output that we talked about before.


Code:
PIDTTYSTATTIMECOMMAND
2932S0:00-bash
4222S0:00sh /usr/X11R6/bin/startx
4372S0:00tee /home/bob/.X.err
4382S0:00xinit /home/bob/.xinitrc --
4412S0:01/usr/X11R6/bin/evilaliens


Let's say you're trying a new game that was just ported to Linux. The game is called "Evil and Nasty Alien Visitors". The name of the "binary" or program itself is called evilaliens. (the last one on my 'ps' example) Now you can't exit the program either. The aliens just took over Oklahoma and you swore you got them all. You're playing in your x-windows enviroment and you have an x-terminal open (probably the one you typed 'ps' into). You would just type:

kill and the PID number, in my example, 441.

That is:
Code:
kill 441

and the program disappears, along with all those nasty aliens.

Here's a little trick. If you don't want to do two steps, 'ps' and 'kill' and you know the name of the "binary" or program itself, as I mentioned before, you can just type:

Code:
killall evilaliens

and that should also do the trick.

Using 'kill' as root

Remember that when you work as root, you are the all-powerful master of the universe. (or at least the computer). When you use 'kill' as root, you are the 007 on Her Majesty's Linux Service. You have license to 'kill' the process you desire. If you're working as 'root' and you need to use the 'kill' command, it's a good idea to run ps -au and look closely at your PIDs. You don't want to end up killing some process that you need.

Another way to kill a process.

Try typing this:
Code:
find *.
(Kind of an absurd thing to do, but good as an example) It will just start finding everything. If you have done something like this by mistake, you can use the keys
CTR+ C
to stop the 'find' process. In these cases, there's no need to use the 'kill' command.
 


Hi @JonyKotor and welcome to linux.org :)

Just a heads up that the above command does not work for me (in a current Ubuntu at the moment), but

Code:
ps -eo user,pid,pcpu,comm
... does.

Spoiler has my output for those whom enjoy watching paint dry, lol

chris@ArtfulGNOME-beta:~$ ps -eo user,pid,pcpu,comm
USER PID %CPU COMMAND
root 1 0.0 systemd
root 2 0.0 kthreadd
root 3 0.0 kworker/0:0
root 4 0.0 kworker/0:0H
root 6 0.0 mm_percpu_wq
root 7 0.0 ksoftirqd/0
root 8 0.0 rcu_sched
root 9 0.0 rcu_bh
root 10 0.0 migration/0
root 11 0.0 watchdog/0
root 12 0.0 cpuhp/0
root 13 0.0 cpuhp/1
root 14 0.0 watchdog/1
root 15 0.0 migration/1
root 16 0.0 ksoftirqd/1
root 18 0.0 kworker/1:0H
root 19 0.0 cpuhp/2
root 20 0.0 watchdog/2
root 21 0.0 migration/2
root 22 0.0 ksoftirqd/2
root 24 0.0 kworker/2:0H
root 25 0.0 cpuhp/3
root 26 0.0 watchdog/3
root 27 0.0 migration/3
root 28 0.0 ksoftirqd/3
root 30 0.0 kworker/3:0H
root 31 0.0 cpuhp/4
root 32 0.0 watchdog/4
root 33 0.0 migration/4
root 34 0.0 ksoftirqd/4
root 36 0.0 kworker/4:0H
root 37 0.0 cpuhp/5
root 38 0.0 watchdog/5
root 39 0.0 migration/5
root 40 0.0 ksoftirqd/5
root 42 0.0 kworker/5:0H
root 43 0.0 cpuhp/6
root 44 0.0 watchdog/6
root 45 0.0 migration/6
root 46 0.0 ksoftirqd/6
root 48 0.0 kworker/6:0H
root 49 0.0 cpuhp/7
root 50 0.0 watchdog/7
root 51 0.0 migration/7
root 52 0.0 ksoftirqd/7
root 54 0.0 kworker/7:0H
root 55 0.0 kdevtmpfs
root 56 0.0 netns
root 57 0.0 kworker/0:1
root 58 0.0 kworker/2:1
root 59 0.0 kworker/4:1
root 60 0.0 khungtaskd
root 61 0.0 oom_reaper
root 62 0.0 writeback
root 63 0.0 kcompactd0
root 64 0.0 ksmd
root 65 0.0 khugepaged
root 66 0.0 crypto
root 67 0.0 kintegrityd
root 68 0.0 kblockd
root 69 0.0 kworker/6:1
root 70 0.0 ata_sff
root 71 0.0 md
root 72 0.0 edac-poller
root 73 0.0 devfreq_wq
root 74 0.0 watchdogd
root 76 0.0 kworker/1:1
root 79 0.0 kauditd
root 80 0.0 kswapd0
root 81 0.0 ecryptfs-kthrea
root 104 0.0 kworker/5:1
root 123 0.0 kthrotld
root 124 0.0 kworker/3:1
root 125 0.0 kworker/7:1
root 126 0.0 acpi_thermal_pm
root 131 0.0 ipv6_addrconf
root 156 0.0 charger_manager
root 158 0.0 kworker/u16:4
root 161 0.0 kworker/2:2
root 217 0.0 scsi_eh_0
root 218 0.0 scsi_tmf_0
root 219 0.0 scsi_eh_1
root 220 0.0 scsi_tmf_1
root 221 0.0 scsi_eh_2
root 222 0.0 scsi_tmf_2
root 223 0.0 scsi_eh_3
root 224 0.0 scsi_tmf_3
root 225 0.0 scsi_eh_4
root 226 0.0 scsi_tmf_4
root 227 0.0 scsi_eh_5
root 228 0.0 scsi_tmf_5
root 232 0.0 nvkm-disp
root 233 0.0 i915/signal:0
root 234 0.0 i915/signal:1
root 235 0.0 i915/signal:2
root 236 0.0 i915/signal:4
root 237 0.0 kworker/7:2
root 241 0.0 kworker/0:1H
root 244 0.0 kworker/7:1H
root 245 0.0 kworker/3:1H
root 246 0.0 kworker/4:1H
root 247 0.0 kworker/6:1H
root 248 0.0 ttm_swap
root 319 0.0 jbd2/sda14-8
root 320 0.0 ext4-rsv-conver
root 335 0.0 kworker/1:1H
root 349 0.0 kworker/2:1H
root 352 0.0 systemd-journal
root 370 0.0 kworker/4:2
root 384 0.0 systemd-udevd
root 394 0.0 kworker/5:1H
root 423 0.0 kworker/3:2
root 533 0.0 cfg80211
root 538 0.0 irq/32-mei_me
systemd+ 897 0.0 systemd-timesyn
systemd+ 911 0.0 systemd-network
root 992 0.0 snapd
avahi 993 0.0 avahi-daemon
root 1006 0.0 irqbalance
root 1007 0.0 accounts-daemon
avahi 1009 0.0 avahi-daemon
root 1010 0.0 cron
message+ 1014 0.0 dbus-daemon
root 1049 0.0 NetworkManager
root 1052 0.0 ModemManager
root 1054 0.0 acpid
root 1055 0.0 udisksd
syslog 1056 0.0 rsyslogd
root 1057 0.0 cupsd
root 1058 0.0 cups-browsed
root 1059 0.0 thermald
root 1060 0.0 systemd-logind
root 1090 0.0 polkitd
root 1098 0.0 kworker/u17:0
root 1099 0.0 kworker/u17:1
root 1104 0.0 bluetoothd
systemd+ 1122 0.0 systemd-resolve
colord 1127 0.0 colord
root 1137 0.0 ath9k-hwrng
root 1139 0.0 wpa_supplicant
root 1140 0.0 gdm3
root 1141 0.0 sshd
root 1152 0.0 gdm-session-wor
gdm 1163 0.0 systemd
gdm 1164 0.0 (sd-pam)
gdm 1169 0.0 gdm-x-session
gdm 1171 0.0 Xorg
root 1188 0.0 dhclient
gdm 1224 0.0 dbus-daemon
whoopsie 1225 0.0 whoopsie
kernoops 1229 0.0 kerneloops
gdm 1235 0.0 gnome-session-b
gdm 1237 0.0 at-spi-bus-laun
gdm 1242 0.0 dbus-daemon
gdm 1244 0.0 at-spi2-registr
gdm 1260 0.0 gnome-shell
root 1267 0.0 upowerd
gdm 1298 0.0 pulseaudio
rtkit 1299 0.0 rtkit-daemon
gdm 1345 0.0 ibus-daemon
gdm 1350 0.0 ibus-dconf
gdm 1353 0.0 ibus-x11
gdm 1366 0.0 gsd-wacom
root 1367 0.0 packagekitd
gdm 1374 0.0 gsd-xsettings
gdm 1378 0.0 gsd-a11y-keyboa
gdm 1381 0.0 gsd-a11y-settin
gdm 1382 0.0 gsd-clipboard
gdm 1384 0.0 gsd-color
gdm 1390 0.0 gsd-datetime
gdm 1391 0.0 gsd-housekeepin
gdm 1392 0.0 gsd-keyboard
gdm 1393 0.0 gsd-media-keys
gdm 1405 0.0 gsd-mouse
gdm 1406 0.0 gsd-power
gdm 1411 0.0 gsd-print-notif
gdm 1412 0.0 gsd-rfkill
gdm 1413 0.0 gsd-screensaver
gdm 1415 0.0 gsd-sharing
gdm 1420 0.0 gsd-smartcard
gdm 1429 0.0 gsd-sound
gdm 1458 0.0 ibus-engine-sim
gdm 1460 0.0 dconf-service
root 1483 0.0 gdm-session-wor
chris 1489 0.0 systemd
chris 1490 0.0 (sd-pam)
chris 1497 0.0 gnome-keyring-d
chris 1501 0.0 gdm-x-session
chris 1503 2.0 Xorg
chris 1507 0.0 dbus-daemon
chris 1510 0.0 gnome-session-b
chris 1601 0.0 ssh-agent
chris 1603 0.0 at-spi-bus-laun
chris 1608 0.0 dbus-daemon
chris 1610 0.0 at-spi2-registr
chris 1623 0.0 gvfsd
chris 1628 0.0 gvfsd-fuse
chris 1646 4.5 gnome-shell
chris 1655 0.0 pulseaudio
root 1659 0.0 krfcommd
chris 1676 0.0 gnome-shell-cal
chris 1677 0.0 ibus-daemon
chris 1683 0.0 ibus-dconf
chris 1685 0.0 ibus-x11
chris 1701 0.0 evolution-sourc
chris 1702 0.0 gvfs-udisks2-vo
chris 1709 0.0 gvfs-mtp-volume
chris 1713 0.0 gvfs-gphoto2-vo
chris 1717 0.0 gvfs-goa-volume
chris 1720 0.0 goa-daemon
chris 1734 0.0 goa-identity-se
chris 1736 0.0 gvfs-afc-volume
chris 1744 0.0 gsd-mouse
chris 1746 0.0 gsd-power
chris 1747 0.0 gsd-print-notif
chris 1749 0.0 gsd-rfkill
chris 1751 0.0 gsd-screensaver
chris 1760 0.0 gsd-sharing
chris 1761 0.0 gsd-wacom
chris 1762 0.0 gsd-xsettings
chris 1763 0.0 gsd-smartcard
chris 1764 0.0 gsd-sound
chris 1788 0.0 gsd-a11y-keyboa
chris 1789 0.0 gsd-a11y-settin
chris 1790 0.0 gsd-clipboard
chris 1791 0.0 gsd-color
chris 1793 0.0 gsd-datetime
chris 1795 0.0 gsd-housekeepin
chris 1796 0.0 gsd-keyboard
chris 1797 0.0 gsd-media-keys
chris 1848 0.0 gnome-software
chris 1851 0.0 gsd-disk-utilit
chris 1852 0.0 kerneloops-appl
chris 1856 0.0 nautilus-deskto
chris 1857 0.0 evolution-calen
chris 1859 0.0 dconf-service
chris 1869 0.0 ibus-engine-sim
chris 1885 0.0 gsd-printer
root 1893 0.0 fwupd
chris 1898 0.0 gvfsd-trash
chris 1915 0.0 evolution-calen
chris 1927 0.0 evolution-calen
chris 1938 0.0 evolution-addre
chris 1948 0.0 evolution-addre
chris 1971 0.0 update-notifier
chris 1987 0.0 deja-dup-monito
root 2027 0.0 kworker/6:0
chris 2174 0.0 gconfd-2
root 2199 0.1 kworker/u16:3
chris 2218 47.0 firefox
chris 2348 0.0 gvfsd-network
chris 2363 0.0 gvfsd-dnssd
root 2371 0.0 kworker/5:0
root 2405 0.0 kworker/u16:2
root 2407 0.0 kworker/1:2
root 2424 0.1 kworker/u16:0
chris 2479 0.2 gnome-terminal-
chris 2488 0.0 bash
chris 2553 0.0 ps

If your syntax is correct for you, perhaps you can specify (for the benefit of The Viewers) what environment you are operating in? A simple edit to your Post above would suffice.

Cheers and

avagudweegend

Wizard

BTW I am guessing that that is a BSD syntax, is that so?

Edited - added BTW
 
Last edited:
its usually a good idea to use the -h flag with df also..
┌─[root@parrot]─[/home/night]
└──╼ #df -h
Filesystem Size Used Avail Use% Mounted on
udev 3.4G 0 3.4G 0% /dev
tmpfs 698M 9.9M 689M 2% /run
/dev/sde1 448G 56G 369G 14% /
tmpfs 3.5G 0 3.5G 0% /dev/shm
tmpfs 5.0M 4.0K 5.0M 1% /run/lock
tmpfs 3.5G 0 3.5G 0% /sys/fs/cgroup
tmpfs 698M 60K 698M 1% /run/user/1000
/dev/sda1 111G 132M 111G 1% /media/night/1E8A88715A26866E
/dev/sdb1 466G 432G 34G 93% /media/night/3527C9381B875C19
/dev/sdc1 466G 375G 92G 81% /media/night/D
/dev/sdd1 150G 102G 49G 68% /media/night/0E7AADBF7AADA3C5
/dev/sda2 115G 61M 109G 1% /media/night/_
┌─[root@parrot]─[/home/night]
└──╼ #
it puts the output in human readable format(the sizes)
 
Hallo,
This is my first massage. If I do any mistake please warn me.
I would like to ask a question, I am using a Raspberry Pi3, how can I change attribue of a file or folder?
Thank you
 
Hello @Ashwinkumar K and welcome to linux.org.

Please see my Post at #7 above and I would suggest General Linux, on the smartphone issue.

You will understand that this is a tutorial on Commands for System Administration.

Thanks

Chris Turner
wizardfromoz
 
what is the difference between top and ps command ? As per above definitions both the commands list the processes running currently.
 

Members online


Top