Guide to Unix/Commands/File System Utilities

ls
ls is a utility for listing the files in a directory.

Most used options are:
 * -a : all files (include files with . prefix)
 * -l : long detail (provide file statistics)
 * -t : order by creation time
 * -u : sort by access time (or show when last accessed together with -l)
 * -S : order by size
 * -r : reverse order
 * -F : mark directories with /, executables with *, symbolic links with @, local sockets with =, named pipes (FIFOs) with |

Other options include:
 * -Fx --color : color-coded listing
 * -s : show filesizes
 * -Z : show the file/directory with there SELinux context  ( only on SELinux enable tree)
 * -h : "human readble"; show filesizes in kilobytes and megabytes (-h can be used together with -l or -s)

ls *st* : list files that contain st in name ls > list : output list to file named "list" ls | more : fit listing to screen

Examples $ ls fish hello.txt

$ ls -l -rw-r--r--   1 username    groupname        0 Apr 11 00:09 fish -rw-r--r--   1 username    groupname       11 Apr 11 00:10 hello.txt

Several systems have an alias ll which does the same as ls -l: $ ll -rw-r--r--   1 username    groupname        0 Apr 11 00:09 fish -rw-r--r--   1 username    groupname       11 Apr 11 00:10 hello.txt

Be careful with the -F option. Here is one example: $ ls -F /usr/X11R6/bin/X* /usr/X11R6/bin/X@         /usr/X11R6/bin/Xnest*      /usr/X11R6/bin/Xprt* /usr/X11R6/bin/Xmark*     /usr/X11R6/bin/Xorg*       /usr/X11R6/bin/Xvfb*

We do not know yet if there is a symbolic link "X" and an executable "Xmark" or if "X@" and "Xmark*" are just the names of normal files. (Though "@" and "*" are not much found in filenames, they are possible.) So we check by dropping the -F: $ ls /usr/X11R6/bin/X* /usr/X11R6/bin/X          /usr/X11R6/bin/Xnest       /usr/X11R6/bin/Xprt /usr/X11R6/bin/Xmark      /usr/X11R6/bin/Xorg        /usr/X11R6/bin/Xvfb

Links:
 * ls, opengroup.org

mkdir
mkdir is a utility for creating a directory.

Examples $ mkdir newdirectoryname

The -p option also makes parent-directories as needed. Instead of: $ mkdir foo $ cd foo $ mkdir bar

you can just do: $ mkdir -p foo/bar

Links:
 * mkdir, opengroup.org
 * mkdir man page, man.cat-v.org
 * 12.3 mkdir in GNU Coreutils manual, gnu.org

cd
cd changes the current directory of the shell. This current directory will be used by other programs launched from the shell.

Because "cd" changes the state of the shell, it is a shell built-in command. In contrast, most commands are separate programs which the shell starts.

Examples

Change to 'foobar' directory: $ cd foobar

Change to your home directory, cd command used without an option will drop you back into your home directory.

$ cd

~ (tilde) stores the path to your home directory, this command has same effect as the previous one. $ cd ~

When suffixed with a username, the command will change into that particular user's home directory.

$ pwd / $ cd ~user $ pwd /home/user

Change to parent directory: $ cd ..

Change to the previous directory: $ cd -

Tips:

By setting "CDPATH" environment variable in your shell you can take advantage of shell command completion facility.

$ echo $CDPATH .:/usr/local:/usr/share/doc

If you have the $CDPATH set, then you press 'TAB' key and get possible path completions

$ cd bas [TAB] base-config/ base-files/   base-passwd/  bash/         bastille/

pwd
pwd (for Print Working Directory) shows the current directory that you are in.

Though "pwd" is often available as an external program (like /bin/pwd), many shells offer an equivalent version as a shell builtin command. Like any external command, "pwd" would inherit the current directory from the shell or other program that starts it.

Examples $ pwd /home/username

You can change the directory, you can also $ cd /usr $ pwd /usr

You can also use "pwd" in scripts. If you have enough experience with scripting, then you would know that the next line complains if the current directory is /home/username. $ test "x$(pwd)" = x/home/username || echo wrong directory

chroot
chroot changes the root filesystem. The "chroot" page at the Linux questions wiki explains why you might want to do this.

Examples

To change the root filesystem so /mnt/usbdrive/ becomes / and files outside of it cannot be seen:
 * 1) chroot /mnt/usbdrive/

You must be root user to "chroot". Other users would be able to use "chroot" to gain root (superuser) privileges, so their use of "chroot" is disallowed. $ chroot /mnt/usbdrive/ chroot: /mnt/usbdrive/: Operation not permitted

cp
cp copies a file

Most used options are:
 * -r : copies directories (recursively)
 * -p : preserves permissions, ownership, and timestamps
 * -i : prompt before overwrite
 * -v : verbose, show filenames as they are being copied

Examples Makes a copy of file 'debian' and call it 'Debian' (assuming 'Debian' is not already a directory) $ cp -i debian Debian

Makes a copy of file 'debian' and put it at /tmp/debian $ cp -i debian /tmp/debian

Same as the previous command (the filename defaults to be the same). $ cp -i debian /tmp

Makes a copy of directory 'mydir' (and all its contents) and put it at /tmp/mydir $ cp -ir mydir/ /tmp

Copy multiple files to directory /tmp $ cp -i foo bar baz /tmp

Links:
 * cp, opengroup.org
 * cp man page, man.cat-v.org
 * 11.1 cp in GNU Coreutils manual, gnu.org

mv
mv move and/or rename files

Examples Rename file 'unix' to 'Unix' (assuming "Unix" is not a directory) $ mv -i unix Unix

Move file Unix from your home directory to /tmp. $ mv -i ~/Unix /tmp/Unix

Same as the previous command (the filename defaults to be the same). $ mv -i ~/Unix /tmp

Move file Unix from your home directory to /tmp, and rename it to 'unix'. $ mv -i ~/Unix /tmp/unix

Move multiple files to directory /tmp $ mv -i foo bar baz /tmp

Links:
 * mv, opengroup.org
 * mv man page, man.cat-v.org
 * mv in GNU Coreutils manual, gnu.org

rm
rm deletes a file from the filesystem, like the "del" command in DOS.

The GNU long options (like --directory) are available on Linux, but not most other systems.

Some useful options are:
 * -d, --directory : unlink FILE, even if it is an empty directory (some systems let superuser unlink non-empty directories too)
 * -f, --force : ignore nonexistent files, never prompt
 * -i, --interactive : prompt before any removal
 * <tt>-P</tt> : (*BSD only) overwrite file before deletion
 * <tt>-r, -R, --recursive</tt> : remove the contents of directories recursively (the force option must often be used to successfully run rm recursively)
 * <tt>-v, --verbose</tt> : (GNU only) explain what is being done
 * <tt>--help</tt> : (GNU only) display help and exit
 * <tt>--version</tt> : (GNU only) output version information and exit

Examples:

The usage of "rm" is considered potentially more dangerous than equivalents in other operating systems because of the way the shell parses wildcards and names of special directories and in its non-verbose actions.

Here is a classic example. Instead of deleting files that end with <tt>.o</tt> ("*.o") it deletes all files in the directory ("*") and also a file called <tt>.o</tt>. There is an unwanted space between the asterisk and the period.

$ rm * .o rm: cannot remove `.o': No such file or directory

To remove a file whose name starts with a `-', for example `-foo', use one of these commands:

$ rm -- -foo

$ rm ./-foo

It might be useful to create an alias such as "remove" which moves the files to a local "trash" file so you can go there and recover files you accidentally "remove"d.

Secure deletion of files:

Note that  if  you  use rm to remove a file, it is usually possible to recover the contents of that file since <tt>rm</tt> does not remove it from the hard disk. It simply removes the file systems link to it.

On *BSD systems, the -P option overwrites the data with the file before removing it.

$ rm -P secretfile

However, as the NetBSD manual page explains it:


 * Recent research indicates that as many as 35 overwrite passes with carefully chosen data patterns may be necessary to actually prevent recovery of data from a magnetic disk. Thus the -P option is likely both insufficient for its design purpose and far too costly for default operation.

So while examining the data (using fsdb or making a disk image) will not reveal the secret data, other methods (such as laboratory examination of the disk) will reveal the data. In short, rm -P does not delete data securely. A program that attempts to delete data securely is GNU shred, available on Linux. But "shred" is not always successful in secure deletion; read its entry below.

rmdir
rmdir is a utility for deleting empty directories.

Examples $ rmdir directoryname

If the directory is not empty, the correct way to remove the directory and all its contents recursively is to use $ rm -r directoryname

Links:
 * rmdir, opengroup.org
 * rmdir man page, freebsd.org
 * 12.7 rmdir in GNU Coreutils manual, gnu.org

shred
shred overwrites a file multiple times with special data patterns to make the old contents of the file unrecoverable from a disk, especially a hard disk. This command is part of GNU coreutils, so it is often only available on Linux systems.

Note that this actually is ineffective on most filesystems because they can keep old copies of data. Most popular Linux filesystems (including ext3) keep such copies through journaling. However, "shred" is very useful for destroying the data on entire partitions or disks.

Some useful options are:
 * -u, --remove : unlink the file after removing it
 * -NUMBER, -n NUMBER, --iterations=NUMBER : the number of iterations of overwriting the file; default is 25 iterations

Examples: Remove and completely destroy <tt>secretfile</tt> from a filesystem that overwrites data in place and does not use journaling (for example, the UFS filesystem of *BSD). For the last step, after the data is destroyed, the "-u" option unlinks the file from the filesystem. $ shred -u secretfile

Note that if <tt>secretfile</tt> has multiple hard links (with ln for example), it will continue to exist with those other names, but will contain only random data.

touch
touch lets you change the date on a file. Can also be used to create a blank file.

Examples

This will change the access date and time of filename to the current time. If filename doesn't exist it will create a blank file. $ touch filename

Links:
 * touch, opengroup.org
 * touch man page, man.cat-v.org
 * 13.4 touch in GNU Coreutils manual, gnu.org

df
df reports the amount of free disk space available on each partition.

$ df Filesystem          1K-blocks      Used Available Use% Mounted on /dev/md0               5763508    207380   5263352   4% / /dev/md1             78819376  13722288  61093296  19% /home /dev/md4             23070564   4309572  17589056  20% /usr /dev/md2              5763508   1757404   3713328  33% /var /dev/md3              2877756    334740   2396832  13% /tmp

Reports disk usage in human readable format with block-sizes in Kilo,Mega,Gigabytes. $ df -h Filesystem           Size  Used Avail Use% Mounted on /dev/hda1             2.3G  2.1G  133M  95% / tmpfs                 61M  8.0K   61M   1% /dev/shm /dev/hda2            2.0G  1.8G  113M  94% /usr

Links:
 * df, opengroup.org
 * df man page, man.cat-v.org
 * 14.1 df in GNU Coreutils manual, gnu.org

du
Shows disk usage.

Links:
 * du, opengroup.org
 * du man page, man.cat-v.org
 * 14.2 du in GNU Coreutils manual, gnu.org

ln
ln creates links between files.

Symbolic links are special files that contain the absolute or relative path to a separate file. References to the symbolic link are "forwarded" to the file it (the symbolic link) points to. The file to which the reference is forwarded is not "aware" of the link; if the file pointed to is moved or deleted, the link will just point to nothing (no warnings are given, nor are any attempts made to "refresh" the link to the file's new location).

In Unix all information about files - owner, group, permissions, size, number of links, location on disk - are stored in the inode (with the notable exception of the filename). The filename is stored in directories, where inode-numbers (the way the OS refers to files) are paired with filenames (text-strings; the way the user refers to files). The "number of links" entry in the inode, keeps track of how many times the inode-number has thus been paired with a name in some directory.

When creating a (hard) link with <tt>ln</tt>, the "source" file is only used to determine the inode-number. A new inode-number-to-filename entry is then made in some directory using that inode-number, and the "number of links" counter is incremented. It's important that this (unlike a symbolic link) is the same file in every way... it's just that the file can be accessed by different names and/or from different locations. Moving or deleting the "original" source-file has no effect on the other links. Deleting one of the file's links only removes its entry from that directory... it's first when the last link in any directory is removed, that the file is actually deleted from the disk.

Hard links can not (unlike symbolic links) be used to refer to a file on another filesystem, nor can hard links usually be used to link to a directory.

Examples:

To make a soft (symbolic) link "hello" to the file "/home/alice/code/bin/world": $ ln -s /home/alice/code/bin/world hello

To make a (hard) link from the file "foo" to the file "bar":

$ ls -l total 1 -rw-r--r-- 1  rtm  users  50  Aug 15   foo $ ln foo bar $ ls -l total 2 -rw-r--r-- 2  rtm  users  50  Aug 15   foo -rw-r--r-- 2  rtm  users  50  Aug 15   bar

The 1st number of <tt>ls -l</tt>'s listing, shows the number of (hard) links a file has - in other words, the number of times it's been entered into some directory.

Links:
 * ln, opengroup.org
 * ln man page, man.cat-v.org
 * 12.2 ln in GNU Coreutils manual, gnu.org

chown
chown changes the owner and group of files. Normally, only root is allowed to do this, but if a user owns a file, then that user can change the group, but only to groups containing that user. On old systems, the ability of users to give files to other users caused abuses, so most systems prohibit non-root users from changing the owner of files.

Some useful options are:
 * -R : recursively change owner/group on an entire directory tree
 * -h : do not follow symbolic links i.e. changes owner of the link, not the target file
 * -f : indicate no errors if change failed

Examples:

Root changes the ownership of "/etc/passwd" and "/etc/shadow" to user root, group wheel:
 * 1) chown root:wheel /etc/passwd /etc/shadow

The same, but only changing the owner:
 * 1) chown root: /etc/{passwd,shadow}

The same, but only changing the group:
 * 1) chown :wheel /etc/{passwd,shadow}

Root gives every file in "/etc/ssh", including files in subdirectories, to user root, group wheel:
 * 1) chown -R root:wheel /etc/ssh

The same, but excluding files in directories (and the invisible files "/etc/ssh/.*" will also be missed):
 * 1) chown root:wheel /etc/ssh/*

User "tux" changes the directory "/usr/local/src/xc" from group "tux" to group "wheel". Tux is a member of both groups. $ ls -ld /usr/local/src/xc drwxr-xr-x 11 tux  tux  512 Sep 30 16:19 /usr/local/src/xc $ chown tux:wheel /usr/local/src/xc $ ls -ld /usr/local/src/xc drwxr-xr-x 11 tux  wheel  512 Sep 30 16:19 /usr/local/src/xc

chmod
chmod changes permissions of files. One must be familiar with Unix file permissions to understand this command. There are three permissions: read ("r"), write ("w"), and execute ("x"). There are three sets of permissions: for the owning user of the file ("u"), for the group of the file ("g"), and for other users ("o").

For a file, "execute" means to run it as a program. For a directory, "execute" permission is required to use anything in that directory tree, so doing anything with "/usr/share/doc/README" requires execute permissions on all of "/", "/usr", "/usr/share", and "/usr/share/doc".

If you are interested in more advanced topics like the set-uid, set-gid, sticky bits and octal numbers, try reading the FreeBSD manual page at http://www.FreeBSD.org/cgi/man.cgi (type "chmod" in the form and submit).

A useful option is:
 * -R : recursively change or set permissions on an entire directory tree

Examples:

We wrote a shell script called "configure". We make it executable ("+x") and then execute it as a command. Usually, "+x" is the same as "u+x" or "ug+x", depending on the status of the file mode creation mask. $ chmod +x configure $ ./configure

Allow the owning user to run "configure": $ chmod u+x configure

Deny the group and other users from running "configure": $ chmod go-x configure

For all users except the owner ("go"), disable all access to "~/mail" and "~/private" ("-rwx"). This way, the contents are private and only their owner (or root) can access them. $ chmod go-rwx ~/mail ~/private

Note that in the previous example, "-R" was not specified. By disabling the execute bit ("-x"), all files inside <tt>~/{mail,private}</tt> are protected even if their group and other read bits are enabled. Thus, simply moving some file from inside <tt>~/{mail,private}</tt> to some public place like <tt>/tmp</tt> can make the files available to other users again.

The "root" user wants to set up <tt>/usr/local/src</tt> so that all users in group "wsrc" (including "tux") can create files there. Root will continue to own the directory. This is done by changing the group of <tt>/usr/local/src</tt> to "wsrc" and then by granting to the group ("g") the read, write, and execute permissions ("+rwx").
 * 1) chown :wsrc /usr/local/src
 * 2) chmod g+rwx /usr/local/src

All Unix-like systems should allow all users to create temporary files in "/tmp" and "/var/tmp". Thus root gives everyone ("a", short for "ugo") all permissions ("+rwx") on the files.
 * 1) chmod a+rwx /tmp /var/tmp

The problem with the above is that because all users have write access to /tmp and /var/tmp, every user can delete and rename files, even ones not created by them. For example, "tux" could create "/tmp/socket.3908" and another user could delete it or rename it to "/tmp/garbage", thus annoying Tux. To keep temporary files safe, we use the sticky bit called "t". This limits the deletion and renaming of files in /tmp to root, the owner of /tmp (also root), and the owner of the file (Tux for "/tmp/socket.3908"). It does the same for /var/tmp. So what we should do is:
 * 1) chmod a+rwxt /tmp /var/tmp

chgrp
Changes the group ownership of files.

Links:
 * chgrp in The Open Group Base Specifications Issue 7, pubs.opengroup.org
 * 13.2 chgrp: Change group ownership in GNU Coreutils at gnu.org
 * Chgrp

link
Makes a hardlink. See also ln.

Links:
 * link, opengroup.org
 * link man page, man.cat-v.org
 * link, freebsd.org
 * link in GNU Coreutils, gnu.org

unlink
Deletes a file.

Links:
 * unlink, opengroup.org
 * unlink, freebsd.org
 * unlink in GNU Coreutils, gnu.org