Linux admins have always relied on the command line to manage their systems. While not as immediately intuitive as a GUI, command line interfaces (CLIs) open up the real power of computing with a slew of versatile commands that can be chained together for nearly any purpose. GUIs, on the other hand, are limited to the nearly always reduced functionality developers built into the buttons and screens. This model makes sense, since only some people will need the “advanced” capabilities of the command line, while others perform only a few tasks over and over with a minimum of knowledge about the software. Regular command line users develop a sense of how to best use the commands over time, but with this UpGuard primer, even dabblers can take advantage of some quick tricks using these five basic Linux commands.

1. ls - List Information About Files

Example: ls -al [man page]

One of the most basic commands, and similar to DOS’ dir, ls typed without flags lists the files in the current directory alphabetically. If you use both DOS and Linux, you probably accidentally type in the command you favor-- that’s how often it gets used. But ls has some interesting flags that make it a powerful way to navigate the file system.

  • The -h flag, or --human-readable, simply displays file sizes in a more friendly manner, such as 282K instead of 282000 bytes. The fact that this flag exists at all brings out a very important facet of the command line, which is that ultimately, command output is intended to be read by a computer, and is generally formatted for optimal use in that context. Using the command line as a person means parsing the output in a much different way, and as such, often requires additional input regarding the formatting.
  • Perhaps the most important flag when regularly using the ls command is -R, for recursive searching. The output of an ls -R command in a directory with many subdirectories and files might not be very helpful for a person trying to read it, but piping the output of that command into further logic, such as a grep search, can make tracking things down a cinch.
  • Finally, although the default sort of an ls output is alphabetical, it can be changed. The -S flag sorts files by size, which can help track down disk space hogs or allow you to easily compare a set of files, such as backups, for changes in size over time.

2. top - Auto-Updating Display of Current Linux Processes

Example: top -u root [man page]

Acting as a performance dashboard within the command line, top allows you to monitor in real time the CPU, memory and disk performance of the Linux system, as well as the “top” processes taking up resources. Since top runs continuously until you stop it, it has a deep set of navigation commands in addition to command line switches.

But there are a few simple things you can do that come in handy. By using the -u switch, top will only show processes running as the specified user. Or, if you drop a ! in front of the user, you can filter them from the result set. Both come in handy when troubleshooting resource bottlenecks. You can do this from within top as well, by pressing u and then entering the username or ID.

If you need even more granularity in what processes are displayed by top, the -p flag allows you to specify up to 20 processes to monitor, meaning you can build a custom dashboard to monitor all of the processes of an application, for example. If you save it as a shell script, so as to not re-enter the PIDs, you now have a quick way to open a custom performance dashboard as needed.

While top is running, press O (uppercase O) for a variety of sorting options. Likewise, by pressing k in top, you can specify a process ID to kill without exiting. For the Linux command line, top acts as more than just a performance monitor. It’s a simple, interactive dashboard for managing running processes.

3. locate and find - Search For Files

Example: locate "*.html" | less [man page]
Example: find / -name test [man page]

From the Linux command line there are a couple of ways to search for files from the command line, including the locate and find commands. Despite their similarity, these commands operate quite differently in practice.

The find command is standard on almost all distributions of Linux, while locate is relatively new and often only available on GNU Linux releases. You can search the live filesystem with find, while locate searches a database, which must be updated regularly for accurate information with the updatedb command. One advantage locate has is that it’s fast. If you’ve ever waiting for a find command to complete, you can probably appreciate how locate could be valuable despite some of its other limitations. That said, you can’t always bet on having locate available, especially if you manage several different flavors of Linux, but if you only have one distro or even server to manage, setting up locate might save you time in the long run.

An in depth comparison of the two commands, including security concerns about locate running a global process as root, see this thread, specifically the excellent reply by Warren Young.

4. grep - Search Within Files or Other Output

Example: cat test.txt | grep "test string" [man page]

A powerful command that filters file contents or command output by matching strings, grep is at the heart of the Linux command line. By piping a command like cat into grep, for example: cat test.txt | grep “test string”, you can search a file’s contents, for instance if you want to see how a certain option is set in a .conf file. You can also search groups of files, mail logs for example, by running a command such as cat maillog* | grep “test string”, which would read all of the mail logs, but only return the matching lines.

The real power of the grep command is that it can handle any command output, not just files. This means that complex queries are possible into just about anything that returns searchable output, and the results can be easily formatted for human consumption.

5. diff - Compare Files Line by Line

Example: diff test1.txt test2.txt [man page]

Sometimes searching within a file isn’t enough, and what you really need to do is compare two files to see what’s different. The Linux diff command allows you to do just that, which can be a lifesaver in a few common scenarios, such as determining the difference between multiple versions of a conf file. By using the -q / --brief flags you can have diff simply tell you whether or not the files differ. On a small scale this can help keep track of file changes between systems that are supposed to be identical, but a more robust solution is usually required in enterprise environments.

The --suppress-common-lines flag hides everything except lines that differ, which can speed up a manual comparison process by eliminating extraneous data. Many of the other options for diff allow you to manipulate what is shown and how, making it, like the rest of the commands we’ve looked at, powerful for both scripts and actual people trying to read the data.


Linux sysadmins probably know most of these details, but even the most experienced person doesn’t get a chance to try everything, and  when you’re responsible for a production environment, there’s usually not time to explore new methods on spec, or read man pages on commands you haven’t had to use much. But occasionally a command or a little-known switch on a well-known command can end up saving hours of work down the road, speeding up processes and reducing the amount of manual input necessary. Shifting from putting out fires to proactively improving processes requires some culture change in an IT department, but the results are almost always worthwhile.

Ultimately, GUIs abstract a computer’s function from a user, which isn’t necessarily a bad thing: you shouldn’t have to know how to rebuild an engine to drive a car. Perhaps this is one reason why Linux was never really able to get a foothold in the consumer market, it either actually did require too much niche knowledge, or at least had the reputation for it. Contrarily, Apple devices succeed in the market largely because of their intuitive ease of use, or as it could also be stated: for hiding most of what happens from users. If you haven’t noticed, technology is steadily pervading, even dominating, most aspects of our lives. The greater your understanding of this technology, the more power you have over tailoring it to your life instead of the other way around.

Ready to see
UpGuard in action?

Ready to save time and streamline your trust management process?