Linux commands and files

So many people constantly ask which Linux distro to get that I made that a sub-section of this page. Go here for that.

Linux is becoming really popular for techies and servers. It's well-suited to these groups, but not particularly useful for the average home user just yet. Nonetheless, a lot of people are beginning to try Linux, mostly out of curiosity. (I, for example, installed it on my computer for that very reason: Just to see what it could do, and how it worked.) If anyone actually cares, my own verdict is that Linux isn't quite ready for prime time yet, but it is indeed more stable than another operating system, which shall remain nameless (cough, cough), and it does have a few interesting toys to play with. If you want to play with it, here's a quick run-down of the most important commands, and what they do, followed by a list of some of the most interesting files and directories in a Linux computer (Linux makes a BIG tree of directories and files, even with a basic installation, so navigating it and knowing where everything is can be a bit daunting).

(I should also mention that much more complete Unix command references can be found at and


Quick links to the various command sections:

File management commands
Archiving and compression commands
User interaction commands
Administration commands
Help commands
Virtual memory commands
Internet client software
Shut down commands
date/time commands
PPP control commands
Account management commands
Module commands
The "r" (remote) commands
LAN (Local-Area Network) commands
Miscellaneous commands
Development commands
XWindows commands
Text editors
Debian-specific commands

File management commands

These are commands which you use to copy files, transfer them between directories, etc.


This is equivalent to the DOS dir command. It lists files in the current directory. If you add -l (that's a hyphen and a lowercase letter L) to the end, it'll show the list in "detailed" format, including info on access rights, etc. (On many Linux systems, the ls -l command is aliased as ll, meaning you'd just need to type ll in that case.) Also, using the -R switch causes ls to list the contents of all subdirectories beneath the current directory (this is equivalent to typing dir /s in MS-DOS).


Syntax: file filename

Shows you what kind of file this is. I imagine this could be pretty useful sometimes.


Syntax: cd dirname

Change Directory. Works the same as the DOS command of the same name. Enters the specified directory.


Syntax: cp source destination

Short for "copy". Works like DOS' copy command.


Short for "move". Works just like cp, except this will delete the source file so only the destination one exists. This is also what you have to use to rename files (unlike DOS, which has ren, Linux has no separate file rename command).


Copy a file, and convert it at the same time. dd has the ability to convert between file formats as it copies, making it convenient for when you need to do both at once. What kind of conversion can it do? Well, basically the kind that's better done in a word processor, or else the kind that you're not going to use. It can convert between ASCII and EBCDIC, and it can convert uppercase letters to lowercase. As you can probably imagine, dd is another of those ancient UNIX throwbacks that nobody really uses today.


Syntax: rm filename

rm (short for "remove") is the Linux delete command. It deletes the file.


Syntax: mkdir dirname

Make directory. Note that this is one area in which Linux is actually less efficient than DOS. DOS supports both mkdir and the more convenient md. Linux supports only mkdir.


Syntax: rmdir dirname

Remove directory. Pretty self-explanatory.


pwd shows you the directory you're currently in. "pwd" stands for "print working directory".


Clears the screen. Equivalent to DOS' cls.


Syntax: cat filename

Works just like DOS' type command. Dumps specified file out to the screen. No provisions for scrolling back and forth.


Syntax: tac filename

"cat" spelled backwards, this command works like cat in reverse: It dumps the last line of the file first, then lists the lines in reverse order, ending with the first line of the file.


Syntax: head filename

Prints only the first few lines of a file. By default, head prints the first 10 lines. This is to give you an idea of what's in a file, without having to view the whole thing.


Syntax: tail filename

tail is the companion command to head; It does the exact opposite, printing only the last few lines of a file (10 by default).

There's a switch for the tail command which is more frequently cited than you might think: The -f switch, which is short for "follow." This switch tells tail to keep watching the specified file and output any new lines which get added to the file. This is handy for watching a file which you expect to be added to soon, or which you simply want to monitor long-term for additions. This is typically used to monitor changes to log files.


Syntax: less filename

A file viewer. Lets you scroll forward and backward in files, so it's much handier than cat.


Syntax: strings filename

strings will search for "printable strings" in files. In other words, it searches for strings of ASCII text. This is useful when you want to find human-readable text inside binary files.


Syntax: od [-x] filename

For when strings just isn't cutting it, theres od, short for "octal dump," which dumps a list of the actual octal values for each byte in a file. Since octal values aren't used too much in computing today, the -x switch is a probably-useful addition which tells od to dump the hexadecimal values of the file instead.

Example: od -x binaryfile


Syntax: mount -t fstype sourcepoint destinationpoint

Mounts a filesystem and creates a mount point for it. (If you just type mount with no parameters, you can see the currently-existing mount points.) Unlike MS-DOS, in Unix/Linux, you must mount a disk (for removable media) or partition (for fixed-disk media) before you can use it. This means that before you can use a floppy, you must make a mount point for it with a command such as this:

mount /dev/fd0 /mnt/floppy

This would mount /dev/fd0 (the first floppy drive) as a directory in /mnt/floppy. You would then be able to access the floppy disk via that directory; The files on it would be there, and you'd copy files to the floppy by copying files to that directory. Similarly, a CD must be mounted with a command like this:

mount /dev/cdrom /mnt/cdrom

It gets slightly tricker with hard disk partitions, especially when you're using different file systems. You may need to specify the file system in use on the partition with the -t switch. So, to mount an MS-DOS (which is taken to mean FAT16) partition in Linux, you could type a command like this:

mount -t msdos /dev/hdb1 /mnt

This would load the partition on /dev/hdb1 (the first partition of the second hard disk) into /mnt. The mount command has quite a lot of possible file system parameters. The main ones are: ext2 (ext2fs, the former main Linux filesystem), ext3 (ext3fs, the current main Linux filesystem), minix (for Minix filesystems), msdos (FAT16), NFS (Network File System), iso9660 (which is actually for CD-ROMs), hpfs (High-Performance File System, mainly used by OS/2), and ntfs (Windows NT's native file system).


Syntax: umount /mnt
(Where /mnt is the mount point to unmount)

Unmount. Unmounts a mount point.


Syntax: lpr filename

Prints the specified file. Handy, huh?


Syntax: ln filename linkname

Makes a link to a file. The link looks and acts just like a normal file. This is handy if you want to access a particular file under a different name, for some reason. For example, often a line like ln /dev/ttys0 /dev/mouse is used to create a device called /dev/mouse , which is really just a pointer to /dev/ttyS0 (the first serial port), because /dev/mouse is easier to use and remember.


Short for "disk free", this shows you how much disk space you have left, and how big the total disk is. Note that by default, df shows disk space in numbers of blocks, which is kind of a silly notation to use, so type df -h (the -h switch stands for "human-readable") to make it show sizes in bytes instead, which is something you're probably a lot more familiar with.


Syntax: which commandname

Finds a command. This is helpful for when you're trying to find out exactly where something in the path is stored. For example, typing which ls will tell you where the ls command is stored.


Lists what files are currently open (that is, in use) on the system. A similar command called fuser exists as well. lsof is short for LiSt Open Files.


This command tries to find a specified string in a filename. For example, typing locate blah would display all files below the current directory whose filenames contain the string "blah". locate is fast because it uses a pre-compiled database of all the files in the current filesystem. The downside is that as files are added or removed, this database can get out-of-date. The database is automatically rebuilt once a day, and you can force it to rebuild by typing the updatedb or slocate -u commands, but if you really want to search the actual file structure instead of some database snapshot of the file structure, use the find command instead.


Works like locate, except that find actually searches through the file system, which makes it slower, but more accurate.


Sends a file using the Zmodem protocol, which used to be a popular file-transfer protocol on telephone modem links. This command is useful if you're connected to a Linux machine through a modem connection, and you want to download a file quickly; you can do this right from the command line with sz, which will make the remote Linux computer start sending the file via Zmodem, and you can then receive the file with your Zmodem-compatible modem terminal program.


Receives a file with Zmodem. The companion command to sz.

Archiving and compression commands


The tar (short for Tape ARchive) tool is a form of archiving system; tar creates archive files which end in .tar and are basically all the files lumped into one huge archive file. Note that tar does NOT compress files at all; It merely amalgamates them into one file. Unlike all the standard file archiving/compression formats under DOS/Windows (including ZIP, RAR, ARJ, etc.), Unix systems usually turn archiving and compression into two separate tasks. Archiving is handled by tar, then the compression is handled by another program.

gzip and gunzip

The GNU Zip tools work much like the famed PKZIP and PKUNZIP utilities: They compress files. gzip archives have a .gz extension. It is commonplace to see archives which end in .tar.gz , which means that the file is a TAR archive, compressed into a GZIP archive. On some systems, you may also see .tgz extensions. Apparently, this is the same thing, except .tgz files are meant to be handled all in one go (decompression and dearchiving both at once) by special tools, such as the pkgtool utility, which I have only seen on Slackware.

compress and uncompress

These programs work much like GNU Zip, except they create files with a .Z extension. Thus, you will often see files ending in .tar.Z


RPM (Redhat Package Manager) is a new standard of file archiving and compression, which does both in one step, eliminating the two-step archiving-compression process that was standard on Unix since the beginning. Although this makes it easier, RPM is limited in that you can only install software with it if you are the system administrator; Thus, it's mostly only useful for people running Linux on a home-based PC, rather than systems at work. That's why mostly only hobbyists running Linux at home ever use it.


Non-standard on many Linux installations, this is the logically-named command command to work with ZIP archive files, the archive format that's been standard in the Windows/DOS world for years; Linux still usually works with GZIP or other less well-known formats though.

uuencode and uudecode

uuencode doesn't actually archive or compress files, but I include it here because of its similarity in form to the other commands in this section. It is used to transfer binary files over all-text connections. Sometimes (on some e-mail systems, for example), sending binary files is not possible; In this case, uuencode will make a uuencoded file of the binary file, and since uuencoded files are all plain alphanumeric characters and punctuation marks which are on the keyboard (no weird binary characters), they can be sent as text, then later decoded back into the binary file they represent with uudecode.

User interaction commands


Shows who is currently online, as well as what terminal they are using. If the user is using a terminal, it is shown as "tty1", "tty2", etc. Many users, however, may be shown as using "pts/0", "pts/1", etc. pts indicates a "pseudo-terminal" or PTTY, i.e. one used by a remote user who is logged into the system using telnet or something similar. PTTYs are also created by using XWindows. Sometimes "pty" is used instead of "pts".


Like who, except better: It shows a bit more information, including what program each user is currently running. (Good for spying on your users.)


Prints your username.

who am i

Prints your username and what terminal you're on.


Lets you talk to other users on the system.


Lets you "wallop" (send a mass-message to every user on the system). "wall" is also sometimes said to stand for "write all".


Syntax (user list): finger

Syntax (user info): finger username

Syntax (remote user list): finger

Syntax (remote user info): finger

When typed as a single word, finger acts much like who. It lists users currently logged in. But finger takes on a life of its own when you use a particular username for a parameter (this user does not have to be logged in for you to do this). This brings up that person's information, which includes their real name, and often other goodies like a phone number where they can be contacted. (In recent times, finger has been deprecated as a security risk for this very reason; Many admins are actually removing finger from their systems because, really, if you don't know the real name of someone on the system, you probably don't need to know.) The person's "Project" and "Plan" are also displayed. These are supposed to indicate what project the person is currently working on, and what their plan for the near future is. However, nobody ever does. If people specify projects or plans at all, they usually just put something silly (some joke or wisecrack) in there. Each person's project and plan, if they have one, is stored in files called .project and .plan, respectively, in their home directory. finger can also be used to get user lists or user info on remote systems, assuming they are running a finger server (which, again, used to be common but is now quite rare, because of the security risks.)

Administration commands


Changes the access permissions on a file or directory. This command sets what kind of users can read a file, who can write to a file, and who can execute programs or enter directories.


Syntax: chown newownername filename

Changes the owner of a file. You can only chown files which you currently own.


Syntax: chgrp newgroup filename

Changes the group a file belongs to.


Process status. Shows processes (programs, including background ones) currently running. ps shows more info if you type ps auxe instead of just ps.


Shows a continuously-updating list of the currently-running processes, and allows you to sort them by various criteria. This works much like the task list in Windows in that it lets you see processes that are running and how much CPU time and memory they're using.


Syntax: kill pid

Kill process. The PID is the Process ID. Each process has a number assigned to it. (You can find out the number with the ps command.) kill immediately stops that process and return whoever was using it to where they were before they ran it. Note that the kill command, by default, works by actually asking the program to die. As you might guess, some programs will resist this. If this happens and you really need to kill off the process, use the -9 switch. So, instead of just typing kill pid, you'd type kill -9 pid. (The -9 switch, like many other things, is a source of Unix folklore. It's where all those tales of the over-zealous contral-freak sysadmins who *always* use the -9 switch come from.) A very different so-called "kill" signal is -1, also known as SIGHUP (short for "hang-up signal"), which stops a process and then restarts it with the same PID. This is commonly used to restart a daemon after making changes to its configuration file, since many daemons will not re-read their configuration files unless they are re-started.


Makes you a "super-user", which is someone who has full access to all files and directories. Normally only root can do this, but other users can too with this command. (su will prompt for a password; This password is the same as the root password.) To be specific, su stands for "substitute user", NOT "super user" as many people believe. This is because, in fact, you can change your user status to be any user on the system using su; You don't have to use it to become root. However, it is most often used for becoming root, especially in cases where the system does not allow remote login of the root account, but you need to do something which requires root privileges.


Syntax: groups (username)

Shows you what group a user is in. If you just type "groups", it'll show you what groups you're in. If you specify a username, it'll show what groups that user is in.


Shows your current uid (user ID) and gid (group ID), plus what group numbers you belong to.


Displays or sets your system's hostname. If you type just "hostname" with no parameters, it will display your hostname. If you type a parameter, it will set that to be your hostname. Note, however, that your hostname is set through a script every time you boot up, and using this command is temporary. To change your hostname for good, you'll need to edit it in /etc/HOSTNAME


Syntax: init (runlevel)

Changes your current runlevel.


Shows you the current runlevel of the computer. It also shows you the previous runlevel of the system, in case it was different before. (If the runlevel has not changed since the system was booted, a capital letter "N" is shown for the previous runlevel.) The runlevel definitions are stored in the /etc/inittab file.


Schedules tasks to run at a certain time. This is a standard feature on most operating systems by now (Windows has its own Task Scheduler which does the same thing) since administrators might want to schedule certain tasks, such as backup, for a particular time each day. at is actually predated by the classic cron command; However, at is easier to use. Its syntax is simple. Begin by typing a simple command like this:

at 1300

...Where 1300 is the time you want to schedule tasks to run. (In this case, we're using 1300, which is 13:00 or 1:00 PM every day.) You'll get a prompt that simply says at> . At this prompt, type whatever commands should be run at 13:00, ending each command with a press of the ENTER key. Once you've entered the last command, press CTRL-D to exit the at> prompt and return to the command line. You can use the atq (short for "at queue") command to review the queue of scheduled commands.


Identical in purpose (if not necessarily functionality) to the MS-DOS fdisk command, this is an interactive utility to create and manage partitions on a hard drive.


Formats a partition. The logical next step after creating a partition with fdisk.


Short for "file system check," this command scans a file system for errors, similar to MS-DOS' chkdsk, and the later scandisk. And yes, debates on how to pronounce this command are common and amusing. Some people say "fisk" or "fusk," others say "ef-sock" or "ef-suck."


Performs a backup.


Restores a backup.

Help commands


Syntax: man command

man (which is short for "manual") will give a help page on the specified command, if a manual page exists for that command. Use the arrow keys to scroll if the info is longer than one screenful (as it usually is; man tends to give *detailed* information), and press Q to quit.

Virtual memory commands


Displays virtual memory information.


Makes a swap partition.


Activates (turns on) a swap partition.

Internet client software

These are programs used to connect to various types of other systems over the Internet.


Syntax: telnet address

Telnet is a direct connection to the specified computer. (Use your target's IP address for "address".)


Syntax: ftp address

FTP (File Transfer Protocol) is a connection protocol which, as you might guess, is often used for transferring files.


Lynx is the Web browser used by most Linux systems. It's text-based and will not display graphics, run Java/JavaScript, or show frames properly.


Short for nameserver lookup, this is a utility to let you make DNS queires interactively. It allows you to pick different DNS servers and set different parameters for name lookups. Oddly, however, nslookup has had its status set to "deprecated" on some Linux distributions (that's news to me, since it's been the standard name lookup utility since forever; Maybe it's deprecated now because a similar utility with the same name now comes with Windows); The use of the host command is apparently preferred instead.


Syntax: host hostname (to resolve a name to an IP address)
host ipaddress (to shows what names are given to an IP address)

An ultra-simple and efficient DNS lookup command. You simply give it a system name or a numeric IP address, and it'll give you whatever that name resolves to, or what names are associated with that IP address.

Shut Down commands


Reboots the computer.


Stops the computer. Use this when you want to turn it off. (Do NOT just flip the power switch without first issuing this command.)

date/time commands


Shows a calendar. Cute, eh?


Shows not only the current date, but also the time.


Configures your time zone. Actually, timeconfig is just a script which makes a link called /etc/localtime, which links to your corresponding TZif (Time Zone info) file in /usr/share/zoneinfo.

PPP control commands


Dials up to your ISP and connects to them (and thus the Internet) using PPP.


Hangs up the current PPP connection to your ISP (if there is one).


This is Slackware's text-based script to walk you through your PPP setup.


Similar to pppsetup, except this is for Debian.

Account management commands


Use this to change your password. Of course, anyone can use this command, since anyone is allowed to change their own password.


Adds a user to the system. Generally only root or a superuser can use this command.


Logs you off the system. Use this when you're done using it.

Module commands


Syntax: modprobe modulename

Loads a module. This lets you do things which you haven't loaded support for in the kernel, but which are still available as add-on modules.


insmod is the actual command to load ("insert") a module. However, modprobe is a "wrapper" for insmod that gives it extra functionality, so basically, use modprobe instead.


Lists all the modules which are currently loaded.


Syntax: rmmod modulename

The opposite of modprobe. Unloads a module that has been previously loaded with modprobe.

The "r" (remote) commands


rlogin logs you into a remote computer. Isn't that what telnet is for, you ask? Well, yes, but telnet is simply a direct connection to anoter computer, meaning it can actually be used as a client for anything (such as FTP, HTTP, etc.), while rlogin really is only good for remote terminal login. So what's the advantage of rlogin over telnet? It doesn't ask you to log in! After running rlogin, you're simply zapped into a remote terminal. Also, rlogin probably represents less of a security exploit than telnet (after all, we just know that crackers love telnetting to websites, right?)


rsh is a one-command version of rlogin. rsh runs one command on the remote system, then returns you to your local computer.


rexec will execute a program on a remote system. It's password-based, unlike rsh (which seems to be the main difference between the two).


rcp (Remote CoPy) will copy files to or from the remote system. In other words, it's like FTP, much as rlogin is like telnet.

LAN (Local-Area Network) commands


Syntax: ifconfig devicename (ip address) netmask (netmask address) broadcast (broadcast address)

Interface configure. Configures a network device. This is usually the first command you use in relation to a LAN.

Suppose you wanted to configure eth0 (your first Ethernet device). You could do so with the following command:

ifconfig eth0 netmask broadcast

This would set the device's IP address to, its netmask to, and its broadcast address to

Typing just "ifconfig eth0" will show the device's current interface configuration, without changing any settings.


Controls routing by changing the routing table. The route command takes the basic sub-commands of add, change, and delete, which as you might guess will add an entry to the routing table, change an entry in the routing table, and delete an entry from the routing table, respectively. All of these commands take the following basic format:

route [add|change|delete] destination gateway

...Where destination is the destination network (or host), and gateway is the destination gateway to be used to reach that network or host. As an example, a basic route command might look like this:

route add

The above command would create a new routing table entry indicating that any traffic destined for the network should be directed to the gateway host at

You can also create a default gateway, which is a "path of last resort" address which traffic should be sent to if it does not match any other route in the table. A default gateway is not something unusual on a LAN; In fact it's routine to have one, because the default gateway is usually the LAN's bridge to the Internet, since any traffic which doesn't match the system's routing tables (which are usually only filled with the LAN's internal IP addresses) should be sent to the gateway so it can go out over the Internet. To add a default gateway, you can use the default parameter to indicate a route as the default. So you'd use a route command like this:

route add default gw

This would designate as the address of the default gateway where any traffic bound for unknown destinations should go. The system with the address of then bears the burden of directing that traffic.

Typing just route without any parameters will display the current routing table on-screen. Note that although route is a handy command, in general it shouldn't be needed much, because routed, the routing daemon, is supposed to handle these kinds of tasks automatically.


Routing daemon.

In addition, many distros of Linux have their own built-in network configuration programs. For Red Hat, it's /usr/bin/netcfg, and for Slackware it's /sbin/netconfig.


Sort of an ifconfig for wireless connections, iwconfig lets you configure settings for a wireless network link, including the network name you want to connect to (typically called the ESSID) and the WEP key to use, if any.


The common text-mode command for setting up an Atmel-based Wi-Fi device, lvnet is where you go to set up which SSID you want to connect to, what radio channel and WEP key (if any) to use, etc. The Atmel AT76C503A is an exceedingly common chip that's the foundation of many a Wi-Fi device, so this command is commonly seen when you want to set up a wireless card. lvnet comes as part of the standard open-source Atmel Wi-Fi driver for Linux, which can be found at The equivalent XWindows command is xvnet.

Miscellaneous commands


minicom is a communications program, similar to the famous Telix software for MS-DOS (one of the most popular communications packages of the DOS days). It has all the standard features, plus some extras.


This displays the messages shown by the kernel on bootup. They usually scroll up pretty quick, so it's hard to read them. You'd mostly want to use this for troubleshooting, if you're getting some kind of errors while loading the kernel. Of course, it can also be used just out of curiosity.


Produces some information on the system (mostly operating system and version). Typing uname -a instead of just uname produces more info.


Lets you change the colors of the output produced by the ls command.


This is the name daemon, basically software for running a DNS server. Useful if that's what you want to do. Otherwise, not. (named uses /etc/named.conf for a configuration file.)


The mail program. Used to read, compose, and send e-mail.


Lets you know when you have e-mail.


Syntax (output search): command|grep pattern
Syntax (file search): grep pattern filename

grep is possibly one of the most useful (and used) commands in Linux. Basically, it finds text strings. It can search for them in standard output from a command, or it can search a file for them. For example, if you want to search for a particular string (let's use "file" as an example) which may have shown up while your kernel was booting, you would type dmesg|grep file and grep would show any lines containing "file" in the dmesg output. Meanwhile, if you wanted to search for every occurrence of the word "cigar" in a file called monicalewinsky.txt, you would type grep cigar monicalewinsky.txt. As you can see, grep is a rather versatile tool.


This command resets your terminal. Sometimes if you get some binary data on the screen (either because you catted a binary file or some program dumped binary data to the screen for some reason), it can mess up your screen font. Use the reset command to set it back to normal.


This command flushes the write-back cache buffer to disk. In more plain terms, Linux doesn't always write data to the hard disk immediately; It usually stores the data in RAM until the disk is not busy. This is to improve performance. (Windows 9x does the same, but does not come with a command that does what sync does.) The "sync" command writes all the cached data in RAM to the disk immediately. You'd usually have no need to do this since this is done automatically when you shutdown or reboot Linux, but you might want to use this command if you're afraid of an imminent power failure or you're about to try something risky which may crash the system.


Syntax: alias newcommand=oldcommand

Creates an "alias", which basically attaches a command to a different command so you can run the other one without having to type its name. For example, people who use DOS a lot often alias "dir" with "ls" in UNIX, so they can more comfortably get a directory listing. Typing "alias" without any parameters will produce a list of current aliases.


Changes the root directory for a program. Once run, the program cannot access any directories above the directory specified by the chroot command. For example, typing chroot /programdirectory programname would run programname and allow it to only access files and directories under /programdirectory. This "changed" root folder is often called a "chroot jail." This is typically done for security purposes, to ensure that a running process cannot access areas of the disk it's not supposed to.


This lists all your PCI devices.

isapnp and pnpdump

These two commands supply the Linux ISA Plug and Play functionality. Configuring and using them can get fairly involved, so read the man pages for them. (isapnp uses the /etc/isapnp.conf file.)


Shows a history of commands you've typed.


Ejects removable media (like CD-ROM drives).


Configures loop devices. Linux supports a special block device called the loop device, which maps a normal file onto a virtual block device. This allows for the file to be used as a "virtual file system" inside another file. Losetup is used to associate loop devices with regular files or block devices, to detach loop devices and to query the status of a loop device.


Syntax: banner text

Prints out a big banner on the screen with the text you specify. This is meant to be sent to a printer so you can have a big banner for your next party or something.


Syntax: sum file

Shows the checksum of the file.

Development commands


This will run whatever C compiler is installed on the system. On most Linux installations, this will run the GNU C compiler (GCC), which can also be run by typing gcc.


Syntax: lint filename.c

lint is a C code checker, meaning it scans C code for coding problems. These do not necessarily have to be errors; It also scans for inefficient or non-portable coding techniques.

XWindows commands


This runs the configuration utility for XFree86. You want to do this before you run XFree86, so you can set it up (particularly the parts relating to your monitor). xf86config modifies a file called XF86Config, which is the actual X configuration file. (Note that the filename differs from the command only by the capital X, F, and C.)

xf86config is the standard Linux command for configuring XWindows. It's text-based and it asks a lot of questions, but it is the tool that's supposed to be available on every Linux installation. Depending on your distribution, there may be other tools available. In particular, Red Hat has a menu-based XWindows configuration utility called Xconfigurator, which can be run directly from the command line, and is also available as an option from Red Hat's own setup utility. Other distributions may have their own special X configuration programs.


Same as xf86config, except this command applies if you're using the X.Org version of X instead of XFree86. xorgconfig configures your /etc/X11/xorg.conf file.


SuperProbe is an uncharacteristically boastful Linux command which simply probes for your video hardware. This is important since XWindows tends to be so dependant on knowing the details of your particular model of video card and monitor. SuperProbe will tell you (or attempt to tell you) the manufacturer of your video card, what kind of video chipset it has, and how much RAM it has. This information is certainly helpful if you don't know it, and it tends to be useful when you are setting up XWindows.


Short for X window manager configuration, this command lets you select your window manager for XWindows. XWin comes with Tab Window Manager (TWM), a rather basic WM. Another popular WM is Sawfish.

xwmconfig creates a file in the /etc/X11/xinit directory called xinitrc. This file is actually just a link to another file, and that other file is the X Windows initialization script. For example, the rc file for TWM is xinitrc.twm, and if you choose TWM with xwmconfig, then you will find that the xinitrc file is a link to xinitrc.twm.


switchdesk lets you select your desktop for XWindows. This is, for example, how you switch from GNOME to KDE, or vice-versa. Do not confuse this with your window manager; twm and Sawfish are examples of window managers. GNOME and KDE are desktops; they are NOT window managers.


This starts X. (startx is actually just a shell script that calls xinit, the real X initializer. However, startx passes a couple of variables to xinit, so you should use startx instead of typing "xinit" directly.)


xhost is the security access control utility for XWindows. It simply sets what clients are allowed to connect to your X system, and which are not. If you don't care about security too much and just want to allow everybody access to your X system, simply type the following command to allow all access:

xhost +

Text editors


This is the "basic" text editor which comes with Linux by default. It's a line-based editor, like the old edlin which used to come with MS-DOS before Microsoft realized everybody wanted a full-screen editor. Hardly anybody who does much text editing with Linux uses ed.


Short for "visual", this is a full-screen editor which is fairly simple to use, and does exactly what you want it to do without any frills. Most people like vi the best. Note that in Linux, vi is usually implemented as elvis, a new-age text editor that works like the classical Unix vi but is intended to replace it. However, the "vi" command is usually linked to elvis, meaning that typing either "vi" or "elvis" in Linux should work.


A big program, EMACS (short for Editing MACroS) is famous for being a highly feature-laden text editor. It has more features than any program needs, and indeed, most people find EMACS too sophisticated for their tastes. EMACS doesn't usually come with a basic Linux installation and must be installed as a separate package. (For some quick info on EMACS keystrokes, check "EMACS Keystrokes", below.)


pico is a relatively new text editor. Obviously it is not as well-known as vi or emacs, but it has become quite popular in its own right. It's supposed to be easier to use. It uses several basic keystrokes which are displayed on-screen (instead of requiring you to remember them). Newbies may want to try pico first (and last).

Debian-specific commands

(Debian is a distro of Linux, in case you wondered.)


dpkg is Debian's package manager. It'll unpack Debian binary files (which have a .deb extension.)


dselect is Debian's user-friendly package manager. It has a full-screen interface, unlike dpkg, which is a command-line utility.

Directories and files of interest

/home/username Every user on a Linux system has a "home directory", their own directory where they're supposed to keep their stuff. This directory is normally in /home/username. For example, if your username is JimmyTheHand, your home directory would probably be /home/JimmyTheHand.

(Before somebody asks, the reference to "Jimmy The Hand" is from Betrayal At Krondor. It just came to me as I was trying to think of a random name.)

/etc/motd This is the MOTD, or "Message Of The Day". This is the message which users see immediately after they log into the system. (From the name, apparently this is supposed to change daily, but it usually doesn't.)

/etc/issue This file gets shown immediately before a login prompt. This is different from motd in that motd gets shown right after anyone logs in, while issue gets shown just before.

/etc/inetd.conf This file lists all servers running on the system (that is, all ports which it will receive connections on, and what it will do on them). By default, for example, FTP (port 21) and Telnet (port 23) servers are set up, so people can log in through those.

/etc/fstab is your file system table. It lists all the default installed file systems, and the partitions and directories they're on.

/etc/inittab stores information on the different runlevels available.

/etc/hosts is your system's host table. It stores the names of computers on the LAN. This works sort of like DNS, except that instead of running a dedicated name server, it's just a table of addresses and corresponding names stored in one file. Once you put a system and its address in here, you can use that system's name in place of its address. For example, if you named a computer joe, you could just type "ping joe" or "telnet joe".

/var/log is generally where log files go. Yes, all of them.

/var/spool/mail This is the directory where everyone's mail on the system gets stored. The person's mail is stored as a file with their username. For example, someone with a username of DogDoo would have his/her mail in a file called DogDoo in this directory.

.profile This file, if you have it, exists in your home directory, and is basically equivalent to DOS' autoexec.bat file. Anything in .profile will be executed when you log in. Each user has their own commands which they might want to run automatically when they log in, so everybody gets to set up their own .profile file. (See also rc.S under "rc.d files", below.)

/etc/lilo.conf This file, as you might guess, is your LILO (LInux LOader) configuration. LILO is the program which runs when you boot up your computer and lets you choose between booting into Linux or Windows. (Apparently, however, even if Linux is your *ONLY* operating system, you still need to install LILO to load it. Or so I've heard.) lilo.conf specifies what partitions exist and what operating systems are installed on them, as well as what message to display on bootup and how long to wait for an answer before defaulting to one OS.

/etc/isapnp.conf This is the isapnp configuration file.

/vmlinuz This file is your kernel. The kernel is the heart of the operating system, the main part of it which loads before anything else.

/lib/modules stores your system's modules.

/etc/ppp This directory holds your PPP configuration info, including the file pppscript, which is the script used when connecting to your ISP.

/etc/resolv.conf lists the IP addresses of the DNS servers to use when resolving hostnames while a PPP connection is active.

/etc/HOSTNAME contains your system's hostname. See the hostname command for more info.

/usr/src/linux/Documentation/ You'll only have this file if you've installed the Linux kernel source code. It lists all the options available during kernel configuration, along with explanations. I *highly* recommend reading this file and using it as a reference if you're re-compiling your kernel, because the re-compilation process asks you a *lot* of questions about what you do and don't want included in the kernel, and most people probably aren't sure about what half of the options mean.

/etc/XF86Config contains XWindows configuration information (including what frequencies/resolutions your video hardware can support), assuming you have X installed, of course.

/etc/passwd is where all the system's user accounts are stored, along with their (encrypted) passwords.

/etc/shadow is usually where the system's "shadowed" passwords are kept. (Shadowed passwords are those stored separately from the main /etc/passwd file for security.)

/etc/localtime is not actually a file, but a link to a TZif (Time Zone info) file in the /usr/share/zoneinfo directory, which configures what time zone you're in.

/etc/syslog.conf controls what kind of logging is done by the system, and where the log files are kept.

/etc/mail/ is your Sendmail configuration file.

/etc/group contains a list of all the user groups on this system, along with their identifying numbers.

/etc/httpd/conf/httpd.conf is the configuration file for the HTTP daemon (a.k.a. the web server).

rc.d files

The directory /etc/rc.d contains several scripts which do stuff. The functions of a few of them are listed here.

rc.S This is the System Initialization Script. It's run every time you boot up Linux. Like .profile, then, it's akin to DOS' AUTOEXEC.BAT. (NOTE: Don't fool around with this if you don't know what you're doing. Basically, stay away from it entirely, because it runs before any login prompt is displayed, and many programs won't like trying to run without someone logging in first. If you want to make a program run automatically after you log in, it's much safer to use .profile.)

rc.modules This lets you specify what modules are loaded on bootup. (Modules might be device drivers or other things which you want to load automatically.)

rc.font This lets you choose what font is used for your console.

rc.gpm This is the gpm initialization script. gpm (General Purpose Mouse) is the mouse driver for Linux.

~/. files

The ~ symbol represents your home directory in Linux. Thus, these are files which go in your home directory, and which have filenames that begin with a period. (In Linux/Unix, a filename which begins with a period is supposed to be a "hidden" file, which is not meant to show up in normal directory listings and which you are not supposed to mess around with.)

.bashrc This is the rc (resource configuration) file for the bash shell. Commands in this file will be automatically run when bash starts.

.cshrc This file works just like .bashrc, except it's for csh (the C shell).

.login Regardless of what shell you are using, the commands in this file execute when you log in.

.rhosts (Again, I wish to remind you that this file goes into your home directory). This lists accounts which you own on other computers. It lets you log into the account (on the machine which stores the .rhosts file) without using a password. It is to be used for your accounts only; Since it is in your home directory, each user has his or her own .rhosts file. This file works with the "r" commands, like rlogin and rsh.

Device files

Linux refers to all the system devices as file-like pointers in the /dev directory. Here are some of the more important ones:

/dev/ttyS0 = COM1 serial port
/dev/ttyS1 = COM2 serial port
/dev/ttyS2 = COM3 serial port
/dev/ttyS3 = COM4 serial port
/dev/console = currently selected console
/dev/ttyx = virtual console (where x = number of console)
/dev/null = data sink (anything sent to here disappears)
/dev/fd0 = first floppy drive
/dev/fd1 = second floppy drive
/dev/hda = first IDE drive
/dev/hdb = second IDE drive
/dev/hda1 = first IDE hard drive, first partition
/dev/hda2 = first IDE hard drive, second partition
/dev/hdb1 = second IDE hard drive, first partition
/dev/hdb2 = second IDE hard drive, second partition
/dev/sda = first SCSI drive
/dev/sdb = second SCSI drive
/dev/sda1 = first SCSI hard drive, first partition
/dev/sda2 = first SCSI hard drive, second partition
/dev/sdb1 = second SCSI hard drive, first partition
/dev/sdb2 = second SCSI hard drive, second partition
/dev/st0 = first rewinding SCSI tape drive
/dev/st1 = second rewinding SCSI tape drive
/dev/nst0 = first non-rewinding SCSI tape drive
/dev/nst1 = second non-rewinding SCSI tape drive
/dev/ht0 = first rewinding IDE tape drive
/dev/ht1 = second rewinding IDE tape drive
/dev/nht0 = first non-rewinding IDE tape drive
/dev/nht1 = second non-rewinding IDE tape drive
/dev/mouse = mouse
/dev/audio = sound card
/dev/eth0 = first Ethernet device (usually a NIC)
/dev/eth1 = second Ethernet device
/dev/tr0 = first Token Ring device
/dev/tr1 = second Token Ring device
/dev/fddi0 = first FDDI device
/dev/fddi1 = second FDDI device
/dev/loop1 (and so on) are "loop devices" (see the losetup command)

A note on hard drives and IDE devices: The /dev/hd devices are actually IDE devices, not specifically hard drives. If you have an IDE CD-ROM drive, it'll also have an "hd" device name. In this case, don't use a number on the end for a partition (since CDs don't have partitions). Instead, the drive will just use the letter. For example, usually your first CD-ROM drive is /dev/hdc and you second one (if you have one) is /dev/hdd.

Actually, here's a little note on how Linux numbers hard disk partitions... The *partitions* will be numbered from hda1 to hda4 (on hda), while logical drives within the *extended* partition will be numbered from hda5 onward. For example, on my hard disk, my first primary partition is FAT16, the second is my primary Linux partition, and the third is my Linux swap partition. These partitions are labels hda1, hda3, and hda4, respectively, in Linux. What's hda2, then? It's my extended DOS partition. The extended DOS partition has two logical FAT16 drives in it. These drives are hda5 and hda6 in Linux. Confusing? Yes.

Also, here's an explanation of the /dev/random and /dev/urandom devices. (The following text was ripped from the comments in the Linux kernel source.) This routine gathers environmental noise from device drivers, etc., and returns good random numbers, suitable for cryptographic use. Besides the obvious cryptographic uses, these numbers are also good for seeding TCP sequence numbers, and other places where it is desirable to have numbers which are not only random, but hard to predict by an attacker. /dev/random is suitable for use when very high quality randomness is desired (for example, for key generation or one-time pads), as it will only return a maximum of the number of bits of randomness (as estimated by the random number generator) contained in the entropy pool. The /dev/urandom device does not have this limit, and will return as many bytes as are requested. As more and more random bytes are requested without giving time for the entropy pool to recharge, this will result in random numbers that are merely cryptographically strong. For many applications, however, this is acceptable.

A brief tutorial on using ipchains

The first ipchains command you should know is ipchains -L. This will list all the current rules. (Yes, the L has to be capitalized.)

Next, experiment with ipchains -N. This is the command to make a new user-defined chain. For example, typing ipchains -N newchain will make a chain called newchain. After typing it, use ipchains -L to confirm it and see your new chain in the list.

ipchains -X is the opposite of -N. Type ipchains -X newchain to delete newchain.

Now it's time to do some rule editing. First of all, type ipfwadm. This appears to be some kind of command built into Linux which sets you up with a basic ruleset. After you type it, use ipchains -L once again and notice that your ruleset has gone from three lines to about a screenful. Take a look at the rules that you have; Most of them probably look like gibberish right now, but you'll learn what everything means later.

Now let's try learning how to change those rules. The command syntax for changing a rule with ipchains is:

ipchains -R chainname rulenum

Where chainname is the chain name, and rulenum is the number of the rule you want to change. Note that this command, on its own, does absolutely nothing; It specifies what rule you want to modify, but does not mention what modifications you want to make to it. For now, let's try turning logging on for some rules, so you can see logs of some IP traffic. (Logging is what ipchains is probably used most for anyway.) To turn on logging for a rule, you need to specify the -l switch to ipchains (that's a hyphen and a lowercase letter L, as in log).

Now, you should know that ipchains doesn't actually provide you with a way to modify a rule; Technically, you replace rules, you don't change them. (The R in -R stands for replace.) This means that when you change a rule, you have to specify the *entire* rule's information, or anything that's already there will be lost. You can't just add one part to a rule. Check out the first rule in your ipchains -L output. It should look like this:

ACCEPT all ---f-- anywhere anywhere n/a

The leftmost column is the rule's target; As you can see, the target in this case is ACCEPT. So, let's suppose you want to turn on logging for this rule. You would use the -R command to replace it with a new one, you'd use the -l flag to turn on logging for it, and you'd also need to specify the target name again, or else it would just be set to nothing. To specify a target name, use the -j flag. So, the complete command that you'd use to turn on logging for this rule is:

ipchains -R input 1 -l -j ACCEPT

Did you get all that? The -R tells ipchains to replace the rule, "input" is the name of the chain, 1 is the rule number (the first rule in the input chain), -l switches logging on, and the -j ACCEPT part makes sure the target remains as ACCEPT.

ipchains logs to /var/log/messages. If you want to check the data it logs, look there.

There's more to ipchains than this, but that's the basics; If you want more you can always check the manpage for ipchains (by typing man ipchains of course). Have fun.

ipchains' successor, iptables, seems to be remarkably switch-compatible with ipchains. The -L, -N, -X, and -R commands work almost in an identical fashion. Use the -A switch to add new rules to existing chains. (For example, type iptables -A newchain to add a new rule to the chain called "newchain".) The only significant difference, as far as this brief introduction goes, is that iptables does not support the -l switch to turn on kernel logging; Instead, you must specify a targetname of LOG. So to turn on logging in the first rule of the INPUT chain, you'd type:

iptables -R INPUT 1 -j LOG

Of course, you can type man iptables to get more info on iptables. Again, have fun.

Installing programs in Linux

When you get a Linux program, it's usually in a .tar.gz (or .tgz) file, which is a TAR archive that has been further made into a GZIP archive. Before anything else, you must uncompress these archives, just like you need to uncompress a ZIP in DOS before you can use the files in it. The usual way of handling .tar.gz files in Linux is with this command:

gzip -cd filename | tar xfv -

(Where filename is the filename of the .tar.gz file.) The x option tells tar to extract the archive (it must be the first option). The v option tells tar to be verbose (so it provides more info).

Note that newer versions of tar have a "z" option which lets you filter the file through GZIP first, which allows you to just use a plain tar command instead of having to pipe gzip output through tar. So, the new method for extracting .tar.gz files in Linux is with this command:

tar xfvz filename

Much simpler, isn't it? Again, filename is the filename of the .tar.gz file.

Because of all the varieties of different Linux kernels and configurations, rarely do you just download a program and run it, as you would do with DOS. Rather, Linux programs, once you unzip them into some directory, are usually installed using three commands. In the order you should run them, they are:

make install

The "configure" command configures the program to your system in preparation for building it. It creates makefiles in preparation for the make command, and custom-creates those makefiles for your system. Although the configure command can potentially take several parameters (depending on what program you're configuring), you can usually run it with no parameters. The most common parameter used with configure is --prefix, which allows you to specify a directory into which the program should be installed. For example, if you wanted to install the program into /usr/bin, you would type:

./configure --prefix=/usr/bin

Often, you might want to install a program into your home directory, and you can simply use the tilde for a --prefix parameter to indicate this:

./configure --prefix=~

The "make" command builds the program, compiling the source code into binary executables. Finally, "make install" actually installs those executables. This is the standard procedure for installing any Linux program which comes in source code form.

A final, fourth command is optional: "make clean". This command usually removes any temporary files created during the previous three commands. This is not necessary for the program to function, but it gets rid of the files you don't need anymore and saves some disk space, so it's good practice to run it when you're done.

EMACS keystrokes

EMACS is a Unix/Linux text editor which lots of people like because it can do a lot of stuff. It's also pretty complicated. EMACS has a whole host of weird keystroke controls, but the only two which you really need to know in order to use it are as follows:

Save document: C-x, C-s
Exit EMACS: C-x, C-c

(C-x is EMACS shorthand for CTRL-x. It uses so many CTRL-key combinations that it's more practical to shorten it that way. Incidentally, for ALT-key combinations, EMACS uses M instead of A as you might expect; For example, M-x means press ALT-x. This stands for "meta".)

Another neat keystroke to remember as a party trick for when you want to show people why you like EMACS is M-x. (Yes, that's ALT-X.) This lets you run commands in EMACS by name; Every command in EMACS has a name, but the most commonly-used ones are bound to specific keystrokes so they can be run quickly. If a command is not bound to a keystroke, you can run it just by pressing M-x and then typing the command name. Press M-x and type doctor at the prompt to run EMACS' "doctor" module, which is the famous ELIZA-like psychiatrist built into it. If this doesn't convert someone from using pico, nothing will.

Also note that EMACS notation uses "RET" to refer to the ENTER key. This derives from the days when the alphanumeric ENTER key was often labeled "RETURN", because it was analogous to a typewriter carriage return.

vi commands

vi (short for "visual") is the most popular text editor in Unix/Linux. It's not as feature-and-keystroke laden as EMACS, but that's why most people like it. (Incidentally, this is one of the computing world's biggest holy wars: vi vs. EMACS. Which editor you choose says a lot about you. If you like vi better, you prefer simple, easy things which get the job done with a minimum of fuss. If you prefer EMACS, you probably prefer to be in control, and to have a lot of options.)

Uh... Anyway, after that philosophical tirade, it follows that if all you really need to know to use EMACS is how to save a file and exit, that should be all you need to know about vi too. So:

While editing your file in vi, press ESC and then type a colon to get to the vi command prompt. Once there, the following commands apply:

w Save file
q Exit vi
wq Save file AND exit vi, all in one handy command! (Aren't computers great?)

Environment variables

(NOTE: This information applies only to bash, the most popular shell in Linux. Other shells may have different methods of assigning environment variables.)

If you're a DOS guru, you know what an environment variable is: It's a variable (a piece of data with a name attached to it) for the environment (which basically means operating system). It's like a programming variable, except those are used in programming. Both DOS and Linux let you set and store them.

To see a list of current environment variables and their values, just type SET. That's the same for both DOS and bash, but the methods used to change or remove those variables are different.

In DOS, to set an environment variable, you'd use the SET command. To set an environment variable in bash, you don't use the SET command. Instead, you just type the variable name, followed by an equals sign and the value you want to assign to the variable. For example, to make the variable VAR equal 20, you'd type VAR=20. By the way, all environment variables in bash are case-sensitive.

In DOS, you would remove an environment variable by simply setting it to be blank (for example, by typing set varname=). In bash, however, trying to do this to a variable only makes it blank, but it'll still be on the list. In bash, once an environment variable has been created, it can only be removed from the list of variables with bash's built-in command unset. For example, to remove a variable called var, you would type unset var.

So now that you know how to set them, what environment variables does bash actually use? Well, lots, but the most important are PATH and PS1. PATH is the set of directories the shell will look in for the program to run when you type a command (it works exactly like DOS' PATH variable). PS1 is what your Linux command prompt looks like (it works exactly like DOS' PROMPT variable).

Linux hotkeys

CTRL-Z forces an exit to most programs and returns you to your shell (where you can then use kill (or kill -9 ;) ) to get rid of the process.

CTRL-ALT-F1 through CTRL-ALT-F6 switch between virtual consoles.

Special characters at the command prompt

*nix systems have a number of "special" characters which let you do some fancier tricks at the command line. Here are a few:

` This is a grave accent, NOT an apostrophe. The grave accent is the "backwards apostrophe", located under the tilde key (right next to the key for the number 1 near the top of the keyboard). It lets you execute a command within a command. Use two grave accents to enclose a command, and the result of that command will be used. If that didn't come through too clearly, here's an example:

echo `cat /home/foo`

Typing this will output the contents of /home/foo. This is because cat listed the file, and then the results of that (the contents of the file) were used on the command line for echo. This is a simple example, but obviously more complicated (and useful) things can be done with this.

& This symbol is used at the end of a command. It executes the command and then returns to the command prompt without waiting for the command to finish. It's useful for Xwindows programs, when the program runs in a window and then prevents you from accessing the console window you used to run it until you close the program. For example, typing this:


...would run xeyes and still let you use the console window you were on without having to close xeyes first.

~ This symbol (the tilde) lets you specify a user's home directory. For example, ~foobar specifies the home directory for the user named foobar. And typing cd ~foobar would change to that user's home directory. Note that you can also use just a tilde without a username to specify your own home directory.

! The exclamation mark is interpreted as a history reference. Don't ask me what that means, but basically, you can't use an exclamation mark by itself at the command line. If you want to use one, precede it with a backslash so the computer will realize you actually want to type an exclamation mark and not a history reference. So, type \! instead of just ! .

Windows is a trademark of Microsoft Corp., so don't pretend you thought of it yourself.

Back to the main page