Linux commands every admin should know (Part II)

posted by MariyaV @ 14:45 PM
September 9, 2013


Command w displays list of the currently logged in users and some additional information. If you want to check who else is connected to your server and what they are doing, w is the command you need.

The first row shows the system time, the uptime, number of the active users and the load average.

USER column displays the list of the usernames.

TTY stands for terminal type (teletype). The terminals can be physical (:0), that is, hardware keyboard and monitor attached to the server; and virtual (pts/0) (pts means pseudo terminal slave). There is usually only one set of actual keyboard and monitor and therefore those who connect to the server remotely (via SSH or Telnet) use the pseudo terminals. Thus the information in the TTY box allows to find out who of the users sits in front of the server and may have physical access to it and who uses remote connection.

FROM – an IP address the user is logged in from.

LOGIN@ shows the time at which the user logged in.

IDLE displays the time since the user last typed anything.

JCPU (jobs CPU) is the CPU time used by all the processes (except the past background jobs) which are attached to the terminal (TTY).

PCPU (process CPU) is the CPU time used by the currently active process listed in the WHAT column.

WHAT displays the list of names and parameters of the current processes.

It is worth mentioning, in addition, that there are other utilities which output the user information, such as who, users and finger.

If you are not sure what your username is, run whoami.


This command displays information about files, directories and other objects of the file system. Here is the output of stat testfile:

The first row (File:) shows the filename.

The second row shows the file size (in bytes) (Size:); number of physical disk blocks allocated on the disk (1 block counts for 512 bytes) (Blocks:); size of IO block (a unit of physical disk allocation) (IO Block:); and the file system object type (e.g. regular file, directory, socket, etc.).

The following row displays name of the hard disk the file system object is located at (Device:); inode (file system object) number (Inode:); and number of hard links to the inode (Links:). A file, a directory, etc. can have many different names located in different directories, and each of those names is either a hard link or a soft (symbolic) link. When we run ls command or look at the list of files in some graphical desktop environment, it is links (not files themselves) that make the list. Every link is associated with (or pointed to) the inode and the file itself can be read, changed or executed through the links.

The next row shows the information about access permissions set for the file system object.

Access: displays the permissions in octal and symbolic formats. R stands for “read”, W stands for “write” and X stands for “execute”. The permissions are enumerated (in order from the left to the right) for the owner, the group of owner and all others. RWX (or 7 in octal notation) grant all permissions. Later we will discuss how to change the access permissions values and other file attributes. The leftmost number defines whether the file can be executed by everyone with the permissions of the owner (value 4), the owner group (value 2) or both (value 6). Also a “sticky bit” can be set (value 1) but nowadays its usage is narrowly confined to making sure that no one but the superuser, the owner of the file and the directory it is located at, has the right to remove the file.

UID: and GID: show the user ID and the group ID of the file system object owner and the group of owners respectively.

The next 3 rows show information about the last access time (Access:), the last content modification time (Modify:) and the last metadata modification time (e.g. access permissions) (Change:).


df (disk free) displays information about the disk space usage. We recommend using –h flag so that the output is in human-readable format and the size values are shown in KB, MB or GB instead of just KB. df –h shows the file system name (Filesystem), the total size of the disk space (Size), the used (Used) and available (Avail) disk space, the percentage of the disk space usage (Use%) and, finally, the mount point (Mounted on). Mount point can be defined as a directory in a root file system where additional file system is attached to (or mounted on). In the example on the screenshot, the file system /dev/xvda1 is mounted on /. There can be other file systems which can be mounted on other points, for example on /usr. In this case, if the file is moved to /usr, it will be relocated to the other file system the name of which can be found in the Filesystem column of df command.

df –i returns information about the inodes, namely: the total number of inodes (Inodes), the number of used and free inodes (IUsed and IFree respectively) and inode usage percentage (IUse%).



du displays information about the size of files and folders. Again, it is recommended to use flag -h.

du -h /root returns the list of all the directories in /root folder (recursively).

du -h /root/* returns the list of al the files in /root folder.

du -hs /root outputs the total size (flag -s) of all the content in /root folder.

To be continued…

Tags: ,

  • svblog

    Thank you, we’ll consider your question in the following topics