Linux System Administration Basics
Traducciones al EspañolEstamos traduciendo nuestros guías y tutoriales al Español. Es posible que usted esté viendo una traducción generada automáticamente. Estamos trabajando con traductores profesionales para verificar las traducciones de nuestro sitio web. Este proyecto es un trabajo en curso.
This guide presents a collection of common issues and useful tips for Linux system administration. Whether you’re new to system administration or have been maintaining systems for some time, we hope this collection of basic Linux commands will help you manage your system from the command line.
Linux administration is about setting up disaster recovery, managing new system builds, creating a backup to restore data, Linux hardware management, managing storage, handling file systems, and managing the security of Linux systems. A big part of Linux administration is ensuring that Linux powered systems are stable and secure.
Typically Linux system administrators are expected to handle Linux file systems, manage the root user, have a working knowledge of bash commands, and an ability to manage users.
Commonly, the Linux administration role typically involves:
- Maintenance of a Linux environment.
- Troubleshooting and providing support when there’s an issue with Linux servers.
- Analysis of log files(mainly error logs).
- Support of LAN and web applications.
- Creation of operational and project-specific solutions for the organization
- Ability to proactively figure out ways to enforce strong security practices, and increase scalability of your Linux environment
These tips cover some of the basic steps and issues encountered during the beginning of system configuration. We provide a general Setting Up and Securing a Compute Instance for your convenience if you’re new to Linode and basic Linux system administration. Additionally, you may find our Introduction to Linux Concepts guide useful.
Please follow our instructions for setting your hostname. You can use the following commands to make sure it is set properly:
hostname hostname -f
The first command should show your short hostname, and the second should show your fully qualified domain name (FQDN).
When setting the time zone of your server, it may be best to use the time zone of the majority of your users. If you’re not sure which time zone would be best, consider using Universal Coordinated Time or UTC (i.e., Greenwich Mean Time).
By default, Linodes are set to UTC. Many operating systems provide built-in, interactive methods for changing time zones:
Issue the following command and answer the questions as prompted on the screen:
View the list of available time zones:
Page Downkeys to navigate to the correct zone. Remember it, write it down or copy it as a mouse selection. Then press q to exit the list.
Set the time zone (change
America/New_Yorkto the correct zone):
timedatectl set-timezone 'America/New_York'
Find the appropriate zone file in
/usr/share/zoneinfo/ and link that file to
/etc/localtime. See the examples below for possibilities:
Universal Coordinated Time:
ln -sf /usr/share/zoneinfo/UTC /etc/localtime
Eastern Standard Time:
ln -sf /usr/share/zoneinfo/EST /etc/localtime
American Central Time (including Daylight Savings Time):
ln -sf /usr/share/zoneinfo/US/Central /etc/localtime
American Eastern Time (including Daylight Savings Time):
ln -sf /usr/share/zoneinfo/US/Eastern /etc/localtime
/etc/hosts file provides a list of IP addresses with corresponding hostnames. This allows you to specify hostnames for an IP address in one place on the local machine, and then have multiple applications connect to external resources via their hostnames. The system of host files precedes DNS, and hosts files are always checked before DNS is queried. As a result,
/etc/hosts can be useful for maintaining small “internal” networks, for development purposes, and for managing clusters.
Some applications require that the machine properly identify itself in the
/etc/hosts file. As a result, we recommend configuring the
/etc/hosts file shortly after deployment. Here is an example file:
- File: /etc/hosts
127.0.0.1 localhost.localdomain localhost 184.108.40.206 username.example.com username
You can specify a number of hostnames on each line separated by spaces. Every line must begin with one and only one IP address. In the above example, replace
220.127.116.11 with your machine’s IP address. Consider a few additional
- File: /etc/hosts
198.51.100.30 example.com 192.168.1.1 stick.example.com
In this example, all requests for the
example.com hostname or domain will resolve to the IP address
198.51.100.30, which bypasses the DNS records for
example.com and returns an alternate website.
The second entry tells the system to look to
192.168.1.1 for the domain
stick.example.com. These kinds of host entries are useful for using “private” or “back channel” networks to access other servers in a cluster without needing to send traffic on the public network.
In this section, we’ll review some basic Linux commands that will help you assess and diagnose network problems. If you suspect connectivity issues, adding the output from the relevant commands to your support ticket can help our staff diagnose your issue. This is particularly helpful in cases where networking issues are intermittent.
ping command tests the connection between the local machine and a remote address or machine. The following commands “ping”
ping google.com ping 18.104.22.168
These commands send a small amount of data (an ICMP packet) to the remote host and wait for a response. If the system is able to make a connection, it will report on the “round trip time” for every packet. Here is the sample output of four pings to google.com:
PING google.com (22.214.171.124): 56 data bytes 64 bytes from 126.96.36.199: icmp_seq=0 ttl=54 time=14.852 ms 64 bytes from 188.8.131.52: icmp_seq=1 ttl=54 time=16.574 ms 64 bytes from 184.108.40.206: icmp_seq=2 ttl=54 time=16.558 ms 64 bytes from 220.127.116.11: icmp_seq=3 ttl=54 time=18.695 ms 64 bytes from 18.104.22.168: icmp_seq=4 ttl=54 time=25.885 ms
time field specifies in milliseconds the duration of the round trip for an individual packet. When you’ve gathered the amount of information you need, use Control+C to interrupt the process. You’ll be presented with some statistics once the process is stopped. This will resemble:
--- google.com ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3007ms rtt min/avg/max/mdev = 33.890/40.175/53.280/7.679 ms
There are several important data points to notice:
- Packet Loss, or the discrepancy between the number of packets sent and the number of packets that return successfully. This number shows the percentage of packets that are dropped.
- Round Trip Time (rtt) statistics on the final line report information about all the ping responses. For this ping we see that the fastest packet round trip (min) took 33.89 milliseconds. The average round trip (avg) took 40.175 milliseconds. The longest packet (max) took 53.28 milliseconds. A single standard deviation unit (mdev) for these four packets is 7.67 milliseconds.
The ping command is useful as an informal diagnostic tool to measure point-to-point network latency, and as a tool to simply ensure you are able to make a connection to a remote server.
traceroute command expands on the functionality of the ping command. It provides a report on the path that the packets take to get from the local machine to the remote machine. Each step (intermediate server) in the path is called a hop. Route information is useful when troubleshooting a networking issue: if there is packet loss in one of the first few hops the problem is often related to the user’s local area network (LAN) or Internet service provider (ISP). By contrast, if there is packet loss near the end of the route, the problem may be caused by an issue with the server’s connection.
Here is an example of output from a
traceroute to google.com (22.214.171.124), 30 hops max, 40 byte packets 1 126.96.36.199 (188.8.131.52) 0.414 ms 0.428 ms 0.509 ms 2 vlan804.tbr2.mmu.nac.net (184.108.40.206) 0.287 ms 0.324 ms 0.397 ms 3 0.e1-1.tbr2.tl9.nac.net (220.127.116.11) 1.331 ms 1.402 ms 1.477 ms 4 core1-0-2-0.lga.net.google.com (18.104.22.168) 1.514 ms 1.497 ms 1.519 ms 5 22.214.171.124 (126.96.36.199) 1.702 ms 188.8.131.52 (184.108.40.206) 1.731 ms 21.031 ms 6 220.127.116.11 (18.104.22.168) 26.111 ms 22.214.171.124 (126.96.36.199) 23.582 ms 23.468 ms 7 188.8.131.52 (184.108.40.206) 123.668 ms 220.127.116.11 (18.104.22.168) 47.228 ms 47.250 ms 8 22.214.171.124 (126.96.36.199) 76.733 ms 188.8.131.52 (184.108.40.206) 73.582 ms 73.570 ms 9 220.127.116.11 (18.104.22.168) 86.025 ms 86.151 ms 86.136 ms 10 22.214.171.124 (126.96.36.199) 80.877 ms 188.8.131.52 (184.108.40.206) 76.212 ms 220.127.116.11 (18.104.22.168) 80.884 ms 11 22.214.171.124 (126.96.36.199) 81.267 ms 81.198 ms 81.186 ms 12 188.8.131.52 (184.108.40.206) 77.478 ms pw-in-f100.1e100.net (220.127.116.11) 79.009 ms 18.104.22.168 (22.214.171.124) 77.437 ms
Often the hostnames and IP addresses on either side of a failed jump are useful in determining who operates the machine where the routing error occurs. Failed jumps are designated by lines with three asterisks (
* * *).
traceroute output to Linode support tickets is sometimes useful when trying to diagnose network issues. You may also want to forward
traceroute information to your Internet Service Provider (ISP) if you suspect that the connectivity issue is with your ISP’s network. Recording
traceroute information is particularly useful if you are experiencing an intermittent issue.
mtr command, like the traceroute tool, provides information about the route that internet traffic takes between the local system and a remote host. However,
mtr provides additional information about the round trip time for the packet. In a way, you can think of
mtr as a combination of traceroute and ping.
Here is an example of output from an
HOST: username.example.com Loss% Snt Last Avg Best Wrst StDev 1. 2126.96.36.199 0.0% 10 0.4 0.4 0.3 0.6 0.1 2. vlan804.tbr2.mmu.nac.net 0.0% 10 0.3 0.4 0.3 0.7 0.1 3. 0.e1-1.tbr2.tl9.nac.net 0.0% 10 4.3 4.4 1.3 11.4 4.1 4. core1-0-2-0.lga.net.google.com 0.0% 10 64.9 11.7 1.5 64.9 21.2 5. 188.8.131.52 0.0% 10 1.7 4.5 1.7 29.3 8.7 6. 184.108.40.206 0.0% 10 23.1 35.9 22.6 95.2 27.6 7. 220.127.116.11 0.0% 10 24.2 24.8 23.7 26.1 1.0 8. 18.104.22.168 0.0% 10 27.0 27.3 23.9 37.9 4.2 9. gw-in-f100.1e100.net 0.0% 10 24.1 24.4 24.0 26.5 0.7
mtr tracks the speed of the connection in real time until you exit the program with CONTROL+C. To have
mtr stop automatically and generate a report after ten packets, use the
Be aware that
mtr will pause for a few moments while generating output. For more information regarding
mtr consider our diagnosing network issues with mtr guide.
If you’re having an issue with your Linode that is neither related to networking nor another application issue, it may help to rule out “hardware” and operating system level issues. Use the following tools to better diagnose and resolve these.
If you determine that you have a problem with memory usage, refer to our guide on resolving memory usage issues. Use the following tools and approaches to determine the specific cause of your troubles.
To see how much memory your system is currently using:
On a Linode 2GB under moderate use, the output should resemble the following:
total used free shared buffers cached Mem: 1999 954 1044 105 34 703 -/+ buffers/cache: 216 1782 Swap: 255 0 255
This output takes a bit of careful reading to interpret. Out of a total 1999 megabytes of memory (RAM), the system is using 954 megabytes and has 1044 megabytes free. However, the system also has 703 megabytes of “stale” data buffered and stored in cache. The operating system will “drop” the caches if it needs the space, but retains the cache if there is no other need for the space. It is normal for a Linux system to leave old data in RAM until the space is needed, so don’t be alarmed if only a small amount of memory is “free.”
In the above example, there are 1782 megabytes of memory that are actually free. This means 1782 megabytes are available to your system when you start an additional process or a running application needs more memory.
vmstat tool provides information about memory, swap utilization, I/O wait, and system activity. It is particularly useful for diagnosing I/O-related issues.
If you think you’re having an I/O issue then run the following command:
vmstat 1 20
This runs a vmstat every second, twenty times, giving a sample of the current state of the system. The output generated resembles the following:
procs -----------memory---------- ---swap-- -----io---- -system-- ----cpu---- r b swpd free buff cache si so bi bo in cs us sy id wa 0 0 4 32652 47888 110824 0 0 0 2 15 15 0 0 100 0 0 0 4 32644 47888 110896 0 0 0 4 106 123 0 0 100 0 0 0 4 32644 47888 110912 0 0 0 0 70 112 0 0 100 0 0 0 4 32644 47888 110912 0 0 0 0 92 121 0 0 100 0 0 0 4 32644 47888 110912 0 0 0 36 97 136 0 0 100 0 0 0 4 32644 47888 110912 0 0 0 0 96 119 0 0 100 0 0 0 4 32892 47888 110912 0 0 0 4 96 125 0 0 100 0 0 0 4 32892 47888 110912 0 0 0 0 70 105 0 0 100 0 0 0 4 32892 47888 110912 0 0 0 0 97 119 0 0 100 0 0 0 4 32892 47888 110912 0 0 0 32 95 135 0 0 100 0 0 0 4 33016 47888 110912 0 0 0 0 75 107 0 0 100 0 0 0 4 33512 47888 110912 0 0 0 24 113 134 0 0 100 0 0 0 4 33512 47888 110912 0 0 0 0 175 244 0 0 100 0 0 0 4 33512 47888 110912 0 0 0 0 92 148 0 0 100 0 0 0 4 33512 47888 110912 0 0 0 0 114 162 0 0 100 0 0 0 4 33512 47888 110912 0 0 0 36 100 157 0 0 100 0 0 0 4 33388 47888 110912 0 0 0 0 116 166 0 0 100 0 0 0 4 33388 47888 110912 0 0 0 0 97 157 0 0 100 0 0 0 4 33388 47888 110912 0 0 0 0 89 144 0 0 100 0 0 0 4 33380 47888 110912 0 0 0 0 181 185 0 0 99 0
The memory and swap columns provide the same kind of information provided by the “free -m” command, albeit in a slightly harder to understand format. The most relevant information produced by this command is the
wa column, which is the final column in most implementations. This field displays the amount of time the CPU spends waiting for I/O operations to complete.
If this number is consistently and considerably higher than 0, you might consider taking measures to address your IO usage. However, if the
vmstat output resembles the above, you can be sure in the knowledge that you’re not experiencing an IO-related issues.
If you are experiencing an intermittent issue, you will need to run
vmstat when you experience the issue in order to properly diagnose or rule out an I/O issue.
vmstat output can sometimes help support diagnose problems.
If you want a more organized, real-time view of the current state of your system, we recommend a tool called
htop. This is not installed by default on most systems. To install
htop, issue one of the following commands, depending on which distribution you use:
apt-get install htop yum install htop pacman -S htop emerge sys-process/htop
To start the program:
You can quit at any time by pressing the
Q keys. There are a couple of
htop behaviors that may not be initially intuitive. Take note of the following:
- The memory utilization graph displays used memory, buffered memory, and cached memory. The numbers displayed at the end of this graph reflect the total amount of memory available and the total amount memory on the system as reported by the kernel.
- The default configuration of
htoppresents all application threads as independent processes, which may not be clear if you’re not aware of it. You can disable this by selecting the “setup” option with
F2, then “Display Options,” and then toggling the “Hide userland threads” option.
- You can toggle a “Tree” view with the
F5key that displays the processes in a hierarchy and shows which processes were spawned by other processes in an organized format. This is helpful in diagnosing a problem when you’re having trouble distinguishing among processes.
Web developers and editors often use the FTP protocol to transfer and manage files on a remote system. FTP, however, is very insecure and inefficient for managing the files on a system when you have SSH access.
If you’re new to Linux systems administration, consider our “Tools & Reference” section and articles including: installing and using WinSCP, using rsync to synchronize files and using SSH and the terminal.
If you’re used to using an FTP client, OpenSSH (which is included and active with all of the Linode distribution images) allows you to use an FTP-like interface over the SSH protocol. Known as “SFTP,” many clients support this protocol, including WinSCP for Windows, Cyberduck for Mac OS X, and Filezilla for Linux, OS X, and Windows desktops.
If you are accustomed to FTP, SFTP will be very familiar to you. By default, whatever access a user has to a file system at the command line, that user will also have over SFTP. Consider the implications of file permissions when configuring user access.
You can also use Unix utilities including
scp and rsync to securely transfer files to your Linode. On a local machine, a command to copy
team-info.tar.gz would look like:
scp team-info.tar.gz email@example.com:/home/username/backups/
scp, is followed by the path of the file on the local file system to be transferred. Next, the username and hostname of the remote machine follow, separated by an “at” sign (
@). Follow the hostname with a colon (
:) and the path on the remote server to where the file should be uploaded. Using a more generalized example:
scp [/path/to/local/file] [remote-username]@[remote-hostname]:[/path/to/remote/file]
This command is available by default on OS X and Linux machines. You can use it to copy files to a Linode, as well as between remote servers. If you use SSH keys, you can use the
scp command without entering a password for every transfer.
The syntax of
scp follows the form
scp [source] [destination]. You can copy files from a remote host to the local machine by reversing the order of the paths in the above example.
Because Linode servers are network accessible and often have a number of distinct users, maintaining the security of files is often an important concern. We recommend you familiarize yourself with our basic security guide. Our guide on access control with user accounts and permissions may provide additional insight.
We suggest the following best practices for maintaining security:
- Only give users the permission to do what they need to. This includes application-specific users.
- Only run services on public interfaces that you are actively using. One common source of security vulnerabilities is in unused daemons that are left running. This includes database servers, HTTP development servers, and FTP servers.
- Use SSH connections whenever possible to secure and encrypt the transfer of sensitive information.
Symbolic linking, colloquially “symlinking”, allows you to create an object in your filesystem that points to another object on your filesystem. This is useful when you need to provide users and applications access to specific files and directories without reorganizing your folders. This way you can provide restricted users access to your web-accessible directories without moving your
DocumentRoot into their home directories.
To create a symbolic link, issue a command in the following format:
ln -s /home/username/config-git/etc-hosts /etc/hosts
This creates a link of the file
etc-hosts at the location of the system’s
/etc/hosts file. More generically:
ln -s [/path/to/target/file] [/path/to/location/of/sym/link]
Note the following features of the link command:
- The final term, the location of the link, is optional. If you omit the link destination, a link will be created in the current directory with the same name as the file you’re linking to.
- When specifying the location of the link, ensure that path does not have a final trailing slash. You can create a sym link that targets a directory, but sym links cannot terminate with slashes.
- You may remove a symbolic link without affecting the target file.
- You can use relative or absolute paths when creating a link.
If you’re new to using Linux and manipulating files on the terminal interface we encourage you to consider our guide on using the terminal. This section provides a list of basic commands to manage the contents of your filesystem.
To copy files:
cp /home/username/todo.txt /home/username/archive/todo.01.txt
todo.txt to an archive folder, and adds a number to the file name. If you want to recursively copy all of the files and subdirectories in a directory to another directory, use the
-R option. This command looks like:
cp -R /home/username/archive/ /srv/backup/username.01/
To move a file or directory:
mv /home/username/archive/ /srv/backup/username.02/
You can also use the
mv command to rename a file.
To delete a file:
This will delete the
scratch.txt file from the current directory.
For more information about file system navigation and manipulation, please consider our documentation of file system navigation.
Most Linux systems use package management tools to facilitate the installation and maintenance of all software on your system. For more in-depth coverage of this topic, please reference our package management guide.
While these tools provide a number of powerful features, it is easy to look past the benefits of package management. If you install software manually without package management tools, it becomes difficult to keep your system up to date and to manage dependencies. For these reasons, we recommend installing all software through package management tools unless other means are absolutely necessary. The following tips outline a couple of basic package management tasks.
Because packages are so easy to install, and often pull in a number of dependencies, it can be easy to lose track of what software is installed on your system. The following commands provide a list of installed packages on your system.
For Debian and Ubuntu systems:
The following example presents the first few lines of the output of this command on a production Debian Lenny system.
||/ Name Version Description +++-============================-============================-=============================== ii adduser 3.110 add and remove users and groups ii apache2-mpm-itk 2.2.6-02-1+lenny2 multiuser MPM for Apache 2.2 ii apache2-utils 2.2.9-10+lenny4 utility programs for webservers ii apache2.2-common 2.2.9-10+lenny4 Apache HTTP Server common files ii apt 0.7.20.2+lenny1 Advanced front-end for dpkg ii apt-utils 0.7.20.2+lenny1 APT utility programs ii bash 3.2-4 The GNU Bourne Again SHell
For CentOS and Fedora systems:
yum list installed
The following example shows a few lines of this command’s output:
MAKEDEV.i386 3.23-1.2 installed SysVinit.i386 2.86-15.el5 installed
CentOS and Fedora systems provide the name of the package (
SysVinit), the architecture it was compiled for (
i386), and the version of the build installed on the system (
For Arch Linux systems:
This command provides a total list of all packages installed on the system. Arch also allows you to filter these results to display only packages that were explicitly installed (with the
-Qe option) or that were automatically installed as dependencies (with the
-Qd option). The above command is actually a combination of the output of two commands:
pacman -Qe pacman -Qd
The following is an example of the output:
perl-www-mechanize 1.60- perl-yaml 0.70-1 pkgconfig 0.23-1 procmail 3.22-2 python 2.6.4-1 rsync 3.0.6-1
For Gentoo Linux systems:
emerge -evp --deep world
The following is a sample of this output:
These are the packages that would be merged, in order: Calculating dependencies... done! [ebuild R ] sys-libs/ncurses-5.6-r2 USE="unicode -debug -doc -gpm -minimal -nocxx -profile -trace" 0 kB [ebuild R ] virtual/libintl-0 0 kB [ebuild R ] sys-libs/zlib-1.2.3-r1 0 kB
Because there are often a large number of packages installed on any given system, the output of these commands can be quite large. As a result, it is often useful to use tools like grep and
less to make these results more useful. For example:
dpkg -l | grep "python"
This will return a list of all packages with the word “python” in their name or description. Similarly, you can use
dpkg -l | less
This will return the same list as the plain “
dpkg -l; however, the results will appear in the
less pager, which allows you to search and scroll more easily.
You can append
| grep "[string]" to these commands to filter package list results, or
| less to display the results in a pager, regardless of distribution.
Sometimes the name of a package isn’t intuitive, based on the name of the software. As a result, most package management tools make provide an option to search the package database. These search tools may be helpful if you’re looking for a specific piece of software but don’t know what it’s called.
For Debian and Ubuntu systems:
apt-cache search [package-name]
This will search the local package database for a given term and generate a list with descriptions. An excerpt of the output for
apt-cache search python follows:
txt2regex - A Regular Expression "wizard", all written with bash2 builtins vim-nox - Vi IMproved - enhanced vi editor vim-python - Vi IMproved - enhanced vi editor (transitional package) vtk-examples - C++, Tcl and Python example programs/scripts for VTK zope-plone3 - content management system based on zope and cmf zorp - An advanced protocol analyzing firewall groovy - Agile dynamic language for the Java Virtual Machine python-django - A high-level Python Web framework python-pygresql-dbg - PostgreSQL module for Python (debug extension) python-samba - Python bindings that allow access to various aspects of Samba
apt-cache search queries the full records for all of the packages and not simply the titles and the descriptions displayed here, hence the inclusion of
groovy which both mention python in their descriptions. To see the full record on a specific package:
apt-cache show [package-name]
This provides information regarding the maintainer, the dependencies, the size, the homepage of the upstream project, and a description of the software.
For CentOS and Fedora systems:
yum search [package-name]
This generates a list of all packages available in the package database that match the given term. The following is an example of the output of
yum search wget:
Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * addons: centos.secsup.org * base: centos.secsup.org * extras: centos.secsup.org * updates: styx.biochem.wfubmc.edu ================================ Matched: wget ================================= wget.i386 : A utility for retrieving files using the HTTP or FTP protocols.
You can use the package management tools to discover more information about a specific package. Use the following command to get a full record from the package database:
yum info [package-name]
This output presents more in-depth information concerning the package, its dependencies, origins, and purpose.
For Arch Linux systems:
pacman -Ss [package-name]
This will perform a search of the local package database. Here is an excerpt of results for a search for “python”:
extra/twisted 8.2.0-1 Asynchronous networking framework written in Python. community/emacs-python-mode 5.1.0-1 Python mode for Emacs
The terms “extra” and “community” refer to which repository the software is located in. To request more information about a specific package issue a command in the following form:
pacman -Si [package-name]
pacman with the
-Si option generates the package’s record from the database. This record includes dependencies, package size, and a brief description.
For Gentoo Linux systems:
emerge --search [package-name] emerge --searchdoc [package-name]
The first command only searches the database for package names. The second command searches through the database for package names and descriptions. These commands will allow you to search your local package tree (i.e., portage) for the specific package name or term. The output of either command is similar to the excerpt below.
Searching... [ Results for search key : wget ] [ Applications found : 4 ] * app-emacs/emacs-wget Latest version available: 0.5.0 Latest version installed: [ Not Installed ] Size of files: 36 kB Homepage: http://pop-club.hp.infoseek.co.jp/emacs/emacs-wget/ Description: Wget interface for Emacs License: GPL-2
Because the output provided by the
emerge --search command is verbose, there is no “show more information” tool, unlike other distributions’ tools. The
emerge --search command accepts input in the form of a regular expression if you need to narrow results even further.
Since there are often a large number of results for package searches, these commands output a great quantity of text. As a result it is often useful to use tools like grep and
less to make these results easier to scroll through. For example:
apt-cache search python | grep "xml"
This will return the subset of the list of packages which matched for the search term “python” and that mention xml in their name or short description. Similarly:
apt-cache search python | less
This will return the same list as the plain
apt-cache search python but the results will appear in the
less pager. This allows you to search and scroll more conveniently.
You can append
| grep "[string]" to any of these commands to filter package search results, or
| less to display the results in the
less pager, regardless of distribution.
Among Linux and UNIX-like systems, nearly all system configuration information is stored and manipulated in plain text form. These following sections show a list of basic Linux commands and tools to manipulate text files.
grep tool allows you to search a stream of text, such as a file or the output of a command, for a term or regex pattern.
To use the
grep tool, let’s review an example:
grep "^Subject:.*HELP.*" /home/username/mbox
This will search your mail spool for subject lines (i.e. begins with the word “Subject:”), beginning with any number of characters, containing the word “help” in upper case, and followed by any number of additional characters. It would then print these results in the terminal.
grep tool provides additional options that, if specified, force the program to output the context for each match (e.g., with
-C 2 for two lines of context). With
grep outputs the line number of the match. With
grep prints the file name for each match, which is useful when you “grep” a group of files or “grep” recursively through a file system (using
grep --help for more options.
To grep a group of files, you can specify the file with a wildcard:
grep -i "morris" ~/org/*.txt
This will find and match against every occurrence of the word “morris,” while ignoring case (because of the option for
grep tool will search all files in the
~/org/ directory with a .txt extension.
You can use
grep to filter the results of another command that sends output to standard out (
stdout). This is done by “piping” the output of one command into
grep. For instance:
ls /home/username/data | grep "1257"
In this example, we assume that the
/home/username/data directory contains a large number of files that have a UNIX time stamp in their file names. The above command will filter the output to only display those tiles that have the four digits “1257” in their file names. In these cases,
grep only filters the output of
ls and does not look into file contents. For more information regarding
grep, refer to our full documentation of the grep command.
While the grep tool is quite powerful for filtering text on the basis of regular expressions, if you need to edit a file or otherwise manipulate the text, you can use
sed tool, or the Stream EDitor, allows you search for a regex pattern and replace it with another string.
sed is extremely powerful, and we recommend that you back up your files and test your
sed commands thoroughly before running them. Here is a very simple
sed one-liner, intended to illustrate its syntax:
sed -i `s/^good/BAD/` morning-star.txt
This replaces occurrences of the word “good” at the beginning of a line (noted by the
^) with the string “BAD” in the file
morning-star.txt. The option
sed to perform the replacements “in place.” The
sed command can make backups of the files it edits if you specify a suffix after the
-i option, as in
-iBAK. In the above command this option would save the original file as
morning-star.txt.BAK before making changes.
The general format of a
sed statement is:
To match literal slashes (
/), you must escape them with a backslash (
\). As a result, to match a
/ character you would use
\/ in the
sed expression. If you are searching for a string that has multiple slashes, you can replace the slashes which another character. For instance:
This would strip the slashes from the string
r/e/g/e/x so that this string would be
regex after running the
sed command on the file that contains the string.
The following example, from our migrating a server to your Linode document, searches and replaces one IP address with another. In this case
22.214.171.124 is replaced with
sed -i 's/98\.76\.54\.32/12\.34\.56\.78/'
In the above example, period characters are escaped as
\.. In regular expressions the full-stop (period) character matches to any character if it is not escaped.
For more information about
sed refer to our full documentation of text manipulation with sed.
In many Linode documents, you may be instructed to edit the contents of a file. To do this, you need to use a text editor. Most of the distribution templates that Linode provides come with an implementation of the vi/vim text editor and the nano text editor. These are small, lightweight and powerful text editors that allow you manipulate the text of a file from the terminal environment.
There are other options for text editors, notably Emacs and “zile.” Feel free to install these programs using your operating system’s package manager. Make sure you search your package database so you can install a version compiled without GUI components (i.e. X11).
To open a file, issue a command beginning with the name of the editor you wish to run followed by the name of the file you wish to edit. Here are a number of example commands that open the
nano /etc/hosts vi /etc/hosts emacs /etc/hosts zile /etc/hosts
When you’ve edited a file, you can save and exit the editor to return to the prompt. This procedure varies between different editors. In Emacs and zile, the key sequence is the same: press control and type x and s to save. This operation is typically notated “C-x C-s” and then “C-x C-c” to close the editor. In nano, press Control-O (notated ^O) and confirm the file name to write the file, and use Control-X to exit from the program.
Since vi and vim are modal editors, their operation is a bit more complex. After opening a file in vi, you can enter “insert” mode by pressing the “i” key; this will let you edit text in the conventional way. To save the file, you must exit into “normal” mode by pressing the escape key (
Control-[ also sends escape), and then type
:wq to write the file and quit the program.
This provides only the most basic outline of how to use these text editors, and there are numerous external resources which will provide instructions for more advanced use of this software.
Linodes do not come with a web server installed by default. You must install and configure your web server. This allows you to configure your web server in a way that makes sense for your application or website. Linode Guides & Tutorials contains a number of documents regarding the installation and maintenance of various web servers.
This section covers a number of basic web serving tasks and functions, as well as some guidance for users new to the world of web servers.
Web servers work by listening on a TCP port, typically port 80 for HTTP and port 443 for HTTPS. When a visitor makes a request for content, the servers respond by delivering the resource requested. Typically, resources are specified with a URL that contains the protocol,
https; a colon and two slashes,
://; hostname or domain,
username.example.com; and the path to a file,
index.html. A full URL would resemble
In order to provide these resources to users, your Linode needs to be running a web server. There are many different HTTP servers and countless configurations to provide support for various web development frameworks. The three most popular general use web servers are the Apache HTTP server, Lighttpd (“Lighty”), and nginx (“Engine X”). Each server has its strengths and weaknesses, and your choice depends largely on your experience and your needs.
Once you’ve chosen a web server, you need to decide what (if any) scripting support you need to install. Scripting support allows you to run dynamic content with your web server and program server side scripts in languages such as Python, PHP, Ruby, and Perl.
If you need a full web application stack, we encourage you to consider one of our more full-featured LAMP stack guides. If you need support for a specific web development framework, consult our tutorials for installing and using specific web application frameworks.
In most situations, end users are unaware of which web server you use. As a result, choosing a web server is often a personal decision based on the comfort of the administrator and the requirements of the deployment in question. This can be a challenge for the new systems administrator. This section offers some guidance by providing some background and information on the most popular web servers.
The Apache HTTP Server is considered by some to be the de facto standard web server. It is the most widely deployed open-source web server, its configuration interface has been stable for many years, and its modular architecture allows it to function in many different types of deployments. Apache forms the foundation of the LAMP stack, and supports the integration of dynamic server-side applications into the web server.
By contrast, web servers like Lighttpd and nginx are optimized for efficiently serving static content. If you have a deployment where server resources are limited and are facing a great deal of demand, consider one of these servers. They are functional and stable with minimal system resources. Lighttpd and nginx can be more difficult to configure when integrating dynamic content interpreters.
Your choice of web servers is based on your needs. Specific choices depend on factors like the type of content you want to serve, the demand for that content, and your comfort with that software as an administrator.
When there is something wrong with Apache, it can be difficult to determine what the cause of the error is from the behavior of the web server. There are a number of common issues with which you might begin your troubleshooting efforts. When more complex issues arise, you may need to review the Apache error logs.
By default, error logs are located in the
/var/log/apache2/error.log file (on Debian-based distributions). You can track or “tail” this log with the following command:
tail -F /var/log/apache2/error.log
- File: Apache Virtual Host Configuration
ErrorLog /var/www//html/example.com/logs/error.log CustomLog /var/www/html/example.com/logs/access.log combined
example.com represents the name of your virtual host and the location of its resources. These directives make Apache create two log files that contain logging information specific to that virtual host. This allows you to easily troubleshoot errors on specific virtual hosts. To track or tail the error log:
tail -F /var/www/html/example.com/logs/error.log
This will allow you to see new error messages as they appear. Problems can be diagnosed by using specific parts of an error message from an Apache log as a term in web search. Common errors to look for include:
- Missing files, or errors in file names
- Permissions errors
- Configuration errors
- Dynamic code execution or interpretation errors
The Domain Name System, or DNS, is the service that the internet uses to associate the hard to remember and manage IP addresses with more human-usable domain names. This section will address several specific DNS-related tasks. To learn more about DNS, check out our overview of the domain name system. If you are familiar with DNS and just need to figure out how to configure your DNS server, see our guide for the Linode DNS manager.
CNAME DNS records make it possible to redirect requests for one hostname or domain to another hostname or domain. This is useful in situations where you want to direct requests for one domain to another, but don’t want to set up the web server to handle requests.
CNAMEs are only valid when pointing from one domain to another. If you need to redirect a full URL, you will need to set up a web server and configure redirection and/or virtual hosting on the server level. CNAMEs will allow you to redirect subdomains, such as
team.example.com, to other subdomains or domains, such as
jack.example.org. CNAMEs must point to a valid domain that has a valid A Record, or to another CNAME.
Although limited in their capabilities, CNAMEs can be quite useful in some situations. In particular, if you need to change the hostname of a machine, CNAMEs are quite useful. To learn how to set up CNAME records with the Linode Manager, refer to our DNS Manager Guide.
When reading domain names, we refer to parts before the main or first-level domain as “subdomains.” For example, in the domain
team is a subdomain for the root domain
Follow these steps to create and host a sub-domain:
Set up a server to respond to requests sent to this domain. For web servers like Apache, this requires configuring a new virtual host. For XMPP servers you must configure an additional host to receive the requests for this host. For more information, consult the documentation for the specific server you wish to deploy.
Once configured, subdomains function almost identically to root domains on your server. If you need to, you can set up HTTP redirection for the new subdomain.
We provide a number of guides that cover email-related topics. In this section, we’ll explain how to choose an email setup that fits your needs and how to configure your Linode to send email.
There are two major components that are required for email functionality. The most important part is the SMTP server or “Mail Transfer Agent.” The MTA, as it is often called, sends mail from one server to another. The second part of an email system is a server that permits users to access and download that mail from the server to their own machine. Typically these servers use a protocol such as POP3 or IMAP to provide remote access to the mailbox.
There may also be other components in the email server tool chain. These components may be optional depending on the requirements of your deployment. They include filtering and delivery tools like procmail, anti-virus filters like ClamAV, mailing list managers like MailMan, and spam filters like SpamAssassin. These components function independently of the MTA and remote mailbox server.
The most prevalent SMTP servers or MTAs in the UNIX-like world are Postfix, Exim, and Sendmail. Sendmail has the longest history and many system administrators have extensive experience with it. Postfix is robust and modern, and is compatible with many different configurations. Exim is the default MTA in Debian systems, and many consider it to be easier to use for basic tasks. For remote mailbox access, servers like Courier and Dovecot are popular options.
If you need an easy-to-install email solution, consider the Citadel groupware server. Citadel provides an integrated “turnkey” solution that includes an SMTP server, remote mailbox access, real time collaboration tools including XMPP, and a shared calendar interface. Along similar lines, we also provide documentation for the installation of the Zimbra groupware server.
If, by contrast, you want a more simple and modular email stack, we urge you to consider one of our guides built around the Postfix SMTP server.
Finally, it’s possible to outsource email service to a third-party provider, such as Google Workspace or FastMail.fm. These services allows you to send and receive mail from your domain, without hosting email services on your Linode.
For simple configurations, you may have no need for a complete email stack like some of those documented in our email guides. However, applications running on that server still need to be able to send mail for notifications and other routine purposes.
The configuration of applications to send notifications and alerts is beyond the scope of this guide. Most applications rely on a simple “sendmail” interface, which is accessible via several common SMTP servers including Postfix and msmtp.
To install Postfix on Debian and Ubuntu systems:
apt-get install postfix
On CentOS and Fedora systems:
yum install postfix
Once Postfix is installed, your applications should be able to access the sendmail interface, located at
/usr/sbin/sendmail. Most applications running on your Linode should be able to send mail normally with this configuration.
If you want to use your server to send email through an external SMTP server, consider a more simple tool like
msmtp is packaged in most distributions, and you can install it using the appropriate command:
apt-get install msmtp yum install msmtp pacman -S msmtp
Use the command
type msmtp or
which msmtp, to find the location of
msmtp on your system. Typically the program is located at
/usr/bin/msmtp. You can specify authentication credentials with command line arguments or by declaring SMTP credentials in a configuration file. Here is an example
- File: .msmtprc example
1 2 3 4 5 6
account default host smtp.example.com from <firstname.lastname@example.org> auth on user username password s3cr37 tls on tls_certcheck off port 587
.msmptrc file needs to be set to mode 600 and owned by the user account that will be sending mail. For example, if the configuration file is located at
/srv/smtp/msmtprc, you can call msmtp with the following command:
To manage files and directories in Linux you can use wildcard patterns for file manipulation, use commands like
bzip2 to compress or decompress a file. Commands like
remove can be used to remove files. There are many more commands that can be used, however these are the most common.
You can view your current directory by running
echo $PWD. To view all items within your current working directory, type
ls and press enter.
Typing ls will simply output all file names, but if you wish to see more details run the following command:
total 6 drwxr-xr-x 6 linode linode 4096 Nov 30 00:35 . drwxr-xr-x 45 linode linode 4096 Dec 30 00:35 .. drwxr-xr-x 5 linode linode 4096 Nov 30 00:35 20122 drwxr-xr-x 7 linode linode 4096 Nov 30 00:35 20122_db drwxr-xr-x 3 linode linode 4096 Nov 30 00:35 linode_1 -rw-rw-r-- 1 linode linode 93810 Nov 30 00:35 linode.png
In the output, the
drwxr-xr represents a directory and
-rw-rw-r-- represents a file since it is not prefaced with
You can use
cp to copy files,
mv to move them and
rm to delete files. Similarly, you can use
mkdir to create directories, and
rmdir to remove directories.
For efficient Linux administration, you have to be able to handle multiple files recursively. You can use
-R option for recursive listing, copying or even deletion.
Using Wildcards And Globbing For Better Linux Administration
Most other operations we saw in the section above were on a single filesystem, on the entire tree. As complexities in administration grow with your file system, it becomes difficult to use these options. This is where Wildcards and Globbing are extremely helpful.
Globbing helps us point to target files using wildcard patterns. Here is how the matching works:
*matches any string pattern
?matches any single character
[matches any single character within
The following example will test a Wildcard to see how you can only filter files that have 3, 5, or between 3-5 characters. In the current directory, we have the following files:
ls linode_1 linode_2 linode_3 linode_4 linode_5
Now, if we run the following command:
We will get the following output:
linode_3 linode_4 linode_5
This page was originally published on