Why the Command Line Is Still the Most Powerful Tool on Any Server
Panels come and go. GUIs change. But the Linux command line has been the backbone of server administration for five decades — and it is not going anywhere. Whether you are debugging a crashed service at 3 AM, recovering from a botched deployment, or just trying to understand what is eating your disk space, knowing these commands is the difference between a 5-minute fix and a 5-hour disaster.
This guide covers 50 essential Linux commands organized into 7 practical categories. For each command you will find what it does, how to use it, and a real-world example you can copy and run today. We also cover a bonus section on the most dangerous commands — because knowing what not to run is just as important.
New to server administration? Start with our 20 essential Linux commands guide first. This one assumes you already know ls and cd, and goes wider — 50 commands across 7 categories, plus the dangerous ones you need to recognize before you run them.
If you manage servers professionally, bookmark this page. It is the reference you will return to.
Category 1: File and Directory Operations (Commands 1–10)
File navigation is the foundation of everything else. These ten commands cover 90% of what you do when exploring a server for the first time.
1. ls -la — List Files with Full Detail
ls lists directory contents. The -l flag gives you the long format (permissions, owner, size, date), and -a shows hidden files (those starting with a dot). Combined, ls -la gives you the full picture.
# List current directory
ls -la
# List a specific directory
ls -la /etc/nginx/
# Sort by modification time, newest first
ls -lat
# Sort by file size, largest first
ls -laSh
Sample output:
drwxr-xr-x 4 root www-data 4096 Mar 15 10:22 .
drwxr-xr-x 12 root root 4096 Mar 10 08:14 ..
-rw-r--r-- 1 root root 1452 Mar 15 10:22 nginx.conf
-rw-r----- 1 root www-data 894 Mar 14 22:01 .htpasswd
drwxr-xr-x 2 root root 4096 Mar 12 11:30 sites-enabled
The first column shows permissions (read/write/execute for owner, group, others). The third and fourth columns are owner and group. The fifth is file size — add -h for human-readable sizes.
2. cd — Navigate Directories
The most-used command on any server. Master the shortcuts and you will move twice as fast.
# Go to your home directory
cd ~
# Go to the previous directory (extremely useful)
cd -
# Go up one level
cd ..
# Absolute path
cd /var/log/nginx/
# Relative path
cd ../sites-available
The cd - trick is underused. It switches you between the current and previous directory, perfect when copying files between two locations.
3. pwd — Print Working Directory
Always know where you are. Especially important in chroot environments or deeply nested paths.
pwd
# Output: /home/myuser/public_html/wp-content/plugins
# Useful in scripts to get the script directory
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
4. cp -r — Copy Files and Directories
# Copy a single file
cp config.php config.php.backup
# Copy a directory recursively
cp -r /var/www/html/site1 /var/www/html/site1-backup
# Preserve timestamps, permissions, and ownership
cp -rp /var/www/html/site1 /backup/site1-$(date +%Y%m%d)
# Copy multiple files to a destination
cp file1.conf file2.conf file3.conf /etc/nginx/conf.d/
# Show progress (verbose)
cp -rv /large/directory /destination/
5. mv — Move and Rename Files
# Rename a file
mv old-name.php new-name.php
# Move to another directory
mv config.php /etc/myapp/
# Move and rename simultaneously
mv /tmp/upload.tar.gz /backups/production-$(date +%Y%m%d).tar.gz
# Move multiple files
mv *.log /var/log/archived/
# Interactive (prompt before overwrite)
mv -i important.conf /etc/
6. rm -rf — Remove Files and Directories
The -r flag removes directories recursively. The -f flag forces removal without prompting. Together they are powerful and dangerous. There is no recycle bin on Linux.
# Remove a single file
rm file.txt
# Remove a directory and all its contents (no confirmation)
TARGET_DIR="/var/www/html/old-site"
rm -rf "${TARGET_DIR}"
# Remove all files matching a pattern
rm -f /tmp/upload_*.tmp
# Safer alternative: interactive mode
rm -ri /some/directory/
# Safest first step: preview what would be deleted
ls -la /var/log/old-logs/
Safety rule: Always quote path variables when deleting:rm -rf "${TARGET_DIR}". IfTARGET_DIRis empty, an unquoted$TARGET_DIRdisappears and the command targets the current directory or root. Never run bulk deletes without previewing first.
7. mkdir -p — Create Nested Directories
# Create a single directory
mkdir /var/www/newsite
# Create a nested path in one command
mkdir -p /var/www/newsite/public_html/wp-content/uploads
# Create multiple directories at once
mkdir -p /backups/{daily,weekly,monthly}
# Create with specific permissions
mkdir -m 750 /var/www/secure-dir
8. find — Search Files by Name, Size, Date, Permissions
find searches the filesystem in real time and supports executing actions on results. One of the most powerful commands on Linux.
# Find files by name (case-sensitive)
find /var/www -name "wp-config.php"
# Case-insensitive
find /var/www -iname "*.PHP"
# Files modified in the last 24 hours
find /var/log -mtime -1
# Files larger than 100MB
find / -size +100M -type f
# World-writable directories (security audit)
find /var/www -type d -perm -o+w
# Delete files older than 30 days
find /tmp -mtime +30 -type f -delete
# Files owned by a specific user
find /home -user john -type f
# Execute a command on results
find /var/www -name "*.log" -exec gzip {} \;
9. locate — Fast File Search Using Database
# Install on Ubuntu/Debian
apt install mlocate
# Update the database
updatedb
# Find files
locate nginx.conf
# Case-insensitive
locate -i NGINX.CONF
# Limit results
locate -n 10 php.ini
# Count matches
locate -c "*.conf"
Note: locate does not show files created after the last updatedb. For newly created files, use find.
10. tree — Visual Directory Structure
# Install
apt install tree
# Basic usage
tree /etc/nginx/
# Show hidden files
tree -a /var/www/site/
# Limit depth
tree -L 2 /opt/
# Show file sizes
tree -sh /var/www/
# Directories only
tree -d /etc/
# Output to file
tree /var/www > /tmp/structure.txt
Category 2: File Content and Editing (Commands 11–18)
11. cat / tac — View File Contents
# Display a file
cat /etc/nginx/nginx.conf
# Show line numbers
cat -n /var/log/syslog
# Concatenate multiple files
cat file1.txt file2.txt > combined.txt
# View in reverse order (last line first)
tac /var/log/auth.log
12. head -n / tail -n — First or Last N Lines
# First 20 lines
head -n 20 /etc/nginx/nginx.conf
# Last 50 lines of a log
tail -n 50 /var/log/nginx/error.log
# Last 100 lines of multiple files
tail -n 100 /var/log/nginx/error.log /var/log/php8.3-fpm.log
# Default is 10 lines
head /etc/passwd
tail /var/log/syslog
13. tail -f — Real-Time Log Monitoring
The -f flag follows a file as it grows — essential for watching live logs during deployments, debugging, and monitoring.
# Follow a log file
tail -f /var/log/nginx/error.log
# Follow multiple files simultaneously
tail -f /var/log/nginx/error.log /var/log/php8.3-fpm.log
# Show last 100 lines first, then follow
tail -fn 100 /var/log/nginx/access.log
# Filter with grep while following
tail -f /var/log/auth.log | grep "Failed password"
# Stop following when a string appears
tail -f /var/log/myapp.log | grep -m 1 "Server started"
14. grep -rni — Search Inside Files
# Search in a file
grep "error" /var/log/nginx/error.log
# Recursive directory search
grep -r "database_password" /var/www/
# Case-insensitive with line numbers
grep -ni "fatal" /var/log/syslog
# 3 lines of context around matches
grep -C 3 "segfault" /var/log/kern.log
# Count matches
grep -c "404" /var/log/nginx/access.log
# Invert — lines that do NOT match
grep -v "^#" /etc/nginx/nginx.conf
# Extended regex
grep -E "error|warning|critical" /var/log/syslog
15. sed — Stream Editor for Find and Replace
# Replace text in a file (with backup)
sed -i.bak 's/old_text/new_text/g' config.php
# Replace on line 5 only
sed -i '5s/old/new/' file.txt
# Delete comment lines
sed -i '/^#/d' config.conf
# Delete blank lines
sed -i '/^$/d' file.txt
# Print only matching lines
sed -n '/error/p' /var/log/syslog
# Insert a line after a match
sed -i '/listen 80/a \ server_name example.com;' nginx.conf
16. awk — Pattern Scanning and Processing
# Print column 2
awk '{print $2}' /var/log/nginx/access.log
# Extract fields from /etc/passwd
awk -F: '{print $1, $7}' /etc/passwd
# Lines where HTTP status (col 9) is 500
awk '$9 == 500' /var/log/nginx/access.log
# Sum bytes column
awk '{sum += $10} END {print sum}' /var/log/nginx/access.log
# Top IPs by frequency
awk '{count[$1]++} END {for (ip in count) print count[ip], ip}' /var/log/nginx/access.log | sort -rn | head -20
# Lines between two patterns
awk '/START/,/END/' logfile.txt
17. nano / vim — Terminal Text Editors
# nano — beginner-friendly
nano /etc/nginx/sites-available/mysite.conf
# Ctrl+O save, Ctrl+X exit, Ctrl+W search
# vim — more powerful once mastered
vim /etc/nginx/nginx.conf
# i to insert, Esc to normal mode
# :w save, :q quit, :wq save+quit, :q! force quit
# /searchterm to search, n for next
# dd delete line, yy copy, p paste
# :%s/old/new/g find and replace
# Open at a specific line
vim +150 /var/log/error.log
# Read-only mode
vim -R /etc/sensitive-config
18. wc -l — Count Lines, Words, Characters
# Count lines
wc -l /var/log/nginx/access.log
# Count words
wc -w document.txt
# Count bytes
wc -c config.php
# All three
wc /etc/nginx/nginx.conf
# Output: 120 450 3821 nginx.conf
# Unique IPs in log
awk '{print $1}' /var/log/nginx/access.log | sort | uniq | wc -l
# Today's 500 errors
grep "$(date +%d/%b/%Y)" /var/log/nginx/access.log | grep " 500 " | wc -l
Category 3: System Information (Commands 19–25)
19. uname -a — Full System Information
uname -a
# Output: Linux server1 6.8.0-51-generic #52-Ubuntu SMP x86_64 GNU/Linux
uname -r # kernel version
uname -s # OS name
uname -m # architecture
20. hostname — Server Hostname
hostname # show hostname
hostname -f # fully qualified (FQDN)
hostname -I # all IP addresses
hostnamectl set-hostname new-hostname # change permanently
21. uptime — System Uptime and Load Average
Shows uptime and 1, 5, 15-minute load averages. Load above your CPU count means overload.
uptime
# Output: 21:42:03 up 47 days, 3:15, 2 users, load average: 0.42, 0.38, 0.31
uptime -p
# Output: up 47 days, 3 hours, 15 minutes
22. df -h — Disk Space Usage
df -h # all filesystems, human-readable
df -h /var/www # specific path
df -i # inode usage (critical for "disk full" debugging)
df -T # show filesystem type
Sample output:
Filesystem Size Used Avail Use% Mounted on
/dev/sda1 422G 270G 135G 67% /
/dev/sdb1 500G 120G 380G 24% /backup
When a server reports "no space left on device" butdf -hshows free space, checkdf -i— you may have exhausted inodes, not disk blocks.
23. du -sh — Directory Size
du -sh /var/www/html/
# All items sorted by size
du -sh /var/www/* | sort -h
# Top 10 largest under /var
du -sh /var/* 2>/dev/null | sort -rh | head -10
# With depth limit
du --max-depth=2 -h /var/
24. free -h — Memory Usage
free -h
# total used free shared buff/cache available
# Mem: 31Gi 10Gi 2.1Gi 1.3Gi 19Gi 20Gi
# Swap: 7.8Gi 0B 7.8Gi
The available column matters most — it includes reclaimable cache memory.
watch -n 2 free -h # refresh every 2 seconds
free -m # in megabytes
25. lscpu / nproc — CPU Information
lscpu # detailed CPU info
nproc # logical CPU count (e.g. 8)
lscpu | grep "Core(s) per socket"
lscpu | grep "Model name"
Category 4: Process Management (Commands 26–32)
26. ps aux — List All Running Processes
ps aux # all processes
ps aux | grep nginx # find specific process
ps aux --sort=-%mem | head -20 # top memory consumers
ps aux --sort=-%cpu | head -20 # top CPU consumers
ps auxf # process tree
27. top / htop — Real-Time Process Monitor
top
# q=quit, k=kill, M=sort by memory, P=sort by CPU, 1=per-CPU
apt install htop && htop
# Arrow keys navigate, F9 kill, F6 sort, F2 setup
28. kill / killall — Terminate Processes
kill 12345 # graceful SIGTERM
kill -9 12345 # force kill SIGKILL
killall nginx # kill all by name
pkill -u baduser # kill all for a user
kill -HUP $(cat /var/run/nginx.pid) # reload config (SIGHUP)
29. nice / renice — Process Priority
Nice values: -20 (highest priority) to 19 (lowest). Root required for negative values.
# Start with low priority
nice -n 15 mysqldump -u root mydb > /backup/mydb.sql
# Adjust running process
renice -n 10 -p 12345
# Run backup without impacting live traffic
nice -n 19 tar -czf /backup/www.tar.gz /var/www/
30. nohup — Keep Process Running After Logout
nohup ./long-running-script.sh &
nohup ./build.sh > /tmp/build.log 2>&1 &
jobs
tail -f nohup.out
31. screen / tmux — Terminal Multiplexer
# screen
screen -S mysession # create
screen -ls # list
screen -r mysession # reattach
# Ctrl+A then D to detach
# tmux
tmux new -s mysession
tmux ls
tmux attach -t mysession
# Ctrl+B D to detach
# Ctrl+B % vertical split, Ctrl+B " horizontal
# Ctrl+B arrow keys to switch panes
32. systemctl — Manage Systemd Services
systemctl start nginx
systemctl stop nginx
systemctl restart nginx
systemctl reload nginx # reload config without restart
systemctl status nginx
systemctl enable nginx # autostart on boot
systemctl disable nginx
systemctl list-units --type=service --state=running
systemctl --failed
journalctl -u nginx -n 100 --no-pager
Category 5: Networking (Commands 33–40)
33. ip a / ifconfig — Network Interfaces
ip a # all interfaces
ip a show eth0 # specific interface
ip r # routing table
ip n # ARP neighbors
ifconfig # legacy
ip link set eth0 up / down
34. ss -tulnp / netstat — Open Ports
ss -tulnp # t=TCP, u=UDP, l=listen, n=numeric, p=process
ss -tulnp | grep :80
ss -tnp state established
netstat -tulnp # legacy
35. ping — Test Connectivity
ping google.com
ping -c 4 8.8.8.8
ping -i 0.2 -c 20 192.168.1.1
ping6 ipv6.google.com
36. curl / wget — HTTP Requests and Downloads
curl -I https://panelica.com # headers only
curl -O https://example.com/file.tar.gz
wget https://example.com/file.tar.gz
curl -o myfile.tar.gz https://example.com/file.tar.gz
curl -X POST https://api.example.com/v1/users \
-H "Content-Type: application/json" \
-d '{"name":"John","email":"[email protected]"}'
curl -sLo /dev/null -w "%{http_code}" https://example.com
wget -c https://example.com/large-file.iso # resume
37. dig / nslookup — DNS Lookup
dig panelica.com
dig panelica.com A
dig panelica.com MX
dig panelica.com TXT
dig +short panelica.com
dig @8.8.8.8 panelica.com
dig -x 138.201.59.57 # reverse DNS
nslookup panelica.com
38. traceroute — Network Path
traceroute google.com
traceroute -I google.com # ICMP mode
mtr google.com # combined ping + traceroute
mtr --report --report-cycles 20 google.com
39. scp / rsync — Secure File Transfer
scp /local/file.txt user@remote:/remote/path/
scp user@remote:/remote/file.txt /local/path/
scp -r /local/dir/ user@remote:/remote/dir/
rsync -avz --delete /var/www/site/ user@backup:/backups/site/
rsync -avz --progress /large/dir/ user@server:/destination/
rsync -avzn /source/ /destination/ # dry run
rsync -avz --exclude='*.log' --exclude='node_modules/' /source/ /dest/
40. iptables / nft — Firewall Rules
iptables -L -n -v
iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
iptables -A INPUT -s 192.168.1.100 -j DROP
nft list ruleset
nft add rule inet filter input tcp dport 8080 accept
ufw status
ufw allow 80/tcp
ufw allow from 192.168.1.0/24 to any port 22
ufw deny 3306
Category 6: User and Permission Management (Commands 41–45)
41. useradd / userdel — Manage Users
useradd -m -s /bin/bash john
passwd john
usermod -aG sudo john
usermod -aG www-data john
useradd -r -s /usr/sbin/nologin myservice # system user
groups john
id john
userdel john # account only
userdel -r john # account + home
usermod -L john # lock
usermod -U john # unlock
42. chmod — Change File Permissions
# Numeric: owner-group-others, values: r=4 w=2 x=1
chmod 644 file.txt # rw-r--r--
chmod 755 script.sh # rwxr-xr-x
chmod 700 ~/.ssh/ # rwx------
chmod 600 ~/.ssh/id_rsa # rw-------
# Symbolic
chmod u+x script.sh
chmod o-w file.txt
chmod a+r public.html
chmod -R 755 /var/www/html/ # recursive
chmod 1777 /shared/uploads/ # sticky bit
find /var/www/html -type f -exec chmod 644 {} \;
find /var/www/html -type d -exec chmod 755 {} \;
43. chown — Change File Ownership
chown john file.txt
chown john:www-data file.txt
chown :www-data file.txt
chown -R www-data:www-data /var/www/html/site/
chown root:root /etc/ssh/sshd_config
chmod 600 /etc/ssh/sshd_config
44. sudo — Execute Commands as Root
sudo apt update
sudo -i # interactive root shell
sudo -u www-data php artisan migrate
sudo nano /etc/nginx/nginx.conf
sudo visudo # safely edit sudoers
sudo -l # check your permissions
45. passwd — Change Passwords
passwd # change own password
passwd john # change another user (as root)
passwd -e john # force change on next login
passwd -l john # lock account
passwd -u john # unlock account
chage -M 90 john # expire every 90 days
chage -l john # view expiry info
Category 7: Package and System Management (Commands 46–50)
46. apt update && apt upgrade — Update the System
apt update
apt upgrade -y
apt full-upgrade -y # includes dependency changes
apt install nginx php8.3-fpm
apt remove nginx
apt purge nginx # also removes config files
apt autoremove -y
apt search wordpress
apt show nginx
47. journalctl — View Systemd Logs
journalctl # all logs
journalctl -f # follow in real time
journalctl -u nginx # specific service
journalctl -u nginx -f # follow service
journalctl -b # since last boot
journalctl --since "1 hour ago"
journalctl --since "2026-03-15 10:00:00" --until "2026-03-15 11:00:00"
journalctl -p err # errors only
journalctl -u php8.3-fpm -n 100 --no-pager
journalctl --disk-usage
journalctl --vacuum-time=30d
48. crontab -e — Schedule Tasks
crontab -e # edit current user cron
crontab -u john -e # edit another user's cron
crontab -l # list cron jobs
# Format: minute hour day-of-month month day-of-week command
30 2 * * * /opt/scripts/backup.sh >> /var/log/backup.log 2>&1
*/15 * * * * /opt/scripts/check-disk.sh
0 0 * * 1 /opt/scripts/weekly-report.sh
0 3 1 * * /opt/scripts/monthly-cleanup.sh
49. tar / gzip — Archive and Compress
tar -czf backup.tar.gz /var/www/html/
tar -cjf backup.tar.bz2 /var/www/html/ # bzip2
tar -cJf backup.tar.xz /var/www/html/ # xz (smallest)
tar -xzf backup.tar.gz
tar -xzf backup.tar.gz -C /restore/path/
tar -tzf backup.tar.gz # list without extracting
tar -czf backup-$(date +%Y%m%d-%H%M).tar.gz /var/www/
gzip large-file.log
gunzip large-file.log.gz
50. history — Command History and Shortcuts
history
history | grep nginx
!! # re-run last command
!142 # re-run command #142
!ssh # re-run last command starting with "ssh"
# Ctrl+R for interactive reverse search
history -c # clear history
echo 'HISTSIZE=10000' >> ~/.bashrc
echo 'HISTFILESIZE=20000' >> ~/.bashrc
echo 'HISTTIMEFORMAT="%Y-%m-%d %H:%M:%S "' >> ~/.bashrc
# Prefix a command with a space to prevent saving it to history
Bonus: Dangerous Commands You Must Never Run Blindly
These commands have legitimate uses in specific, controlled contexts. But run carelessly, they cause catastrophic and irreversible damage. Know them so you recognize them — in your own scripts, in tutorials, and in commands shared online.
1. Recursive Delete from Root — Destroys the Entire Filesystem
Adding recursive (-r) and force (-f) flags to rm and targeting the filesystem root / removes the entire operating system without confirmation. There is no recovery without a full restore from backup. Modern Linux requires an explicit --no-preserve-root flag to proceed, but many scripts bypass this guard.
The most dangerous variant involves an unquoted empty variable in a delete path. If SITE_DIR is empty and your script runs rm -rf $SITE_DIR/files, the command expands to targeting /files — and depending on what follows, can cascade toward root. Always quote variables in delete commands: rm -rf "${SITE_DIR}/files". With double quotes, an empty variable keeps the path correctly anchored.
2. World-Writable Permissions — Opens Every File to Everyone
Applying chmod -R 777 on a web directory grants read, write, and execute permission to every user on the system — including compromised accounts, other tenants on a shared server, and any web shell that gets uploaded. Once planted, a malicious script can rewrite your application code, steal credentials from config files, or pivot to other sites on the same server.
The correct web server permissions are 644 for files (owner can write, everyone else read-only) and 755 for directories (owner can write, everyone else can traverse). If an application needs write access to a specific directory, grant it only on that exact path.
# Correct — minimal necessary permissions
find /var/www/html -type f -exec chmod 644 {} \;
find /var/www/html -type d -exec chmod 755 {} \;
# Grant write access to upload directory only
chmod 755 /var/www/html/uploads/
chown www-data:www-data /var/www/html/uploads/
3. Disk Wipe with dd — Overwrites Your Entire Disk with Zeros
The dd command with if=/dev/zero as input and a block device as output overwrites every block on that disk. No filesystem, no partition table, no data — completely unrecoverable without specialized forensics tools, and even those typically fail on SSDs with wear-leveling.
Before running any dd command that writes to a block device, always run lsblk to confirm which device is which, and double-check the output device argument before pressing Enter. Never run dd one-liners from untrusted tutorials without understanding each argument.
4. The Fork Bomb — Crashes the System via Process Exhaustion
A shell function that recursively calls itself and forks can rapidly exhaust every available process slot, making the system completely unresponsive and requiring a hard reboot. Obfuscated versions of this pattern look like random punctuation in shell syntax, which is intentional — it makes the pattern harder to recognize at a glance.
On systems with Cgroups v2 process limits in place, this attack is contained per user. The pids.max cgroup limit prevents any single user's processes from exceeding a configured ceiling. On an unprotected system, the effect is immediate denial of service.
5. Moving the Root Filesystem to Null — Corrupts the Filesystem Immediately
Attempting to move all items in the root directory to /dev/null (e.g. via mv /* /dev/null) corrupts the filesystem structure immediately because /dev/null is a character device, not a directory. The system becomes non-functional, and rebooting typically makes things worse because the OS cannot find its own binaries.
Frequently Asked Questions
What is the safest way to test a destructive command before running it?
For file operations, run the non-destructive equivalent first — ls before rm, rsync -avzn (dry run) before a real sync. For anything involving a variable path, echo the variable first: echo "${TARGET_DIR}" to confirm it is not empty before it reaches an rm -rf.
Why use ss instead of the older netstat?
ss reads directly from kernel data structures rather than parsing /proc line by line, which makes it noticeably faster on servers with thousands of open connections. It is also the actively maintained tool — netstat is deprecated on most modern distributions.
What is the difference between locate and find?
locate queries a pre-built database (updated via updatedb, usually once a day by cron) and is nearly instant, but will not show files created since the last update. find searches the live filesystem in real time — slower, but always accurate for files created moments ago.
Is it safe to run chmod -R 755 on a whole web directory?
Generally no for files — 755 grants execute permission to every file, including ones that should never be executable, like configuration files and uploads. Use find ... -type f -exec chmod 644 for files and find ... -type d -exec chmod 755 for directories separately, as shown in this guide.
Quick Reference: All 50 Commands
| # | Command | Category | What It Does |
|---|---|---|---|
| 1 | ls -la | Files | List files with permissions and hidden files |
| 2 | cd | Files | Navigate directories (~, -, .. shortcuts) |
| 3 | pwd | Files | Print current working directory path |
| 4 | cp -r | Files | Copy files and directories recursively |
| 5 | mv | Files | Move or rename files and directories |
| 6 | rm -rf | Files | Remove files/directories recursively — always quote paths |
| 7 | mkdir -p | Files | Create nested directory paths in one command |
| 8 | find | Files | Search filesystem by name, size, date, permissions |
| 9 | locate | Files | Fast name-based search using a cached database |
| 10 | tree | Files | Display directory structure as a visual tree |
| 11 | cat / tac | Content | View file contents forward or in reverse |
| 12 | head / tail -n | Content | View first or last N lines of a file |
| 13 | tail -f | Content | Monitor a log file in real time |
| 14 | grep -rni | Content | Search for text patterns inside files |
| 15 | sed | Content | Stream editor: find, replace, delete text |
| 16 | awk | Content | Pattern scanning and structured column extraction |
| 17 | nano / vim | Content | Terminal text editors |
| 18 | wc -l | Content | Count lines, words, and characters |
| 19 | uname -a | System | Kernel version and OS architecture |
| 20 | hostname | System | Show or change the server hostname |
| 21 | uptime | System | Server uptime and load averages |
| 22 | df -h | System | Disk space for all mounted filesystems |
| 23 | du -sh | System | Directory and file disk consumption |
| 24 | free -h | System | Total, used, and available RAM and swap |
| 25 | lscpu / nproc | System | CPU architecture and logical core count |
| 26 | ps aux | Processes | List all running processes with details |
| 27 | top / htop | Processes | Interactive real-time process monitor |
| 28 | kill / killall | Processes | Send signals to terminate or reload processes |
| 29 | nice / renice | Processes | Set or adjust process scheduling priority |
| 30 | nohup | Processes | Keep a process running after SSH logout |
| 31 | screen / tmux | Processes | Persistent detachable terminal sessions |
| 32 | systemctl | Processes | Manage and inspect systemd services |
| 33 | ip a / ifconfig | Network | Network interfaces and IP addresses |
| 34 | ss -tulnp | Network | Listening ports with owning process details |
| 35 | ping | Network | Test connectivity and latency |
| 36 | curl / wget | Network | HTTP requests and file downloads |
| 37 | dig / nslookup | Network | DNS record queries |
| 38 | traceroute / mtr | Network | Trace network hops to a destination |
| 39 | scp / rsync | Network | Secure file transfer between servers |
| 40 | iptables / nft / ufw | Network | View and manage firewall rules |
| 41 | useradd / userdel | Users | Create and remove user accounts |
| 42 | chmod | Users | Change read, write, execute permissions |
| 43 | chown | Users | Change owner and group of files |
| 44 | sudo | Users | Execute commands with elevated privileges |
| 45 | passwd | Users | Set or change user passwords |
| 46 | apt update / upgrade | Packages | Refresh package list and upgrade software |
| 47 | journalctl | Packages | Query and follow systemd journal logs |
| 48 | crontab -e | Packages | Schedule recurring tasks |
| 49 | tar / gzip | Packages | Create and extract compressed archives |
| 50 | history | Packages | Browse and re-run previous commands |
The Real Skill: Combining Commands
Knowing these commands individually is the starting point. The real value comes from combining them. Here is what experienced admins actually type:
# Top 10 IPs generating traffic right now
tail -n 10000 /var/log/nginx/access.log | awk '{print $1}' | sort | uniq -c | sort -rn | head -10
# PHP files modified in last 24 hours (quick malware scan)
find /var/www -name "*.php" -mtime -1 -type f | xargs ls -la
# Watch disk I/O in real time
watch -n 1 'iostat -x 1 1'
# Stream service log and highlight errors
journalctl -u nginx -f | grep -E "error|warn|crit"
# Count unique 404 URLs in last 1000 log lines
tail -n 1000 /var/log/nginx/access.log | awk '$9 == 404 {print $7}' | sort | uniq -c | sort -rn | head -20
These one-liners are what separate a reactive admin from a proactive one. Practice them, adapt them, and save the ones you use repeatedly.
Managing Servers Without Memorizing Everything
Even experienced sysadmins look up syntax regularly. The goal is not memorization — it is knowing which tool to reach for and what it is capable of. Build your own reference, keep it updated, and practice the commands you use least often.
If you would rather spend less time on the command line and more time on what actually matters — running sites, managing clients, handling deployments — that is exactly what Panelica is built for. Every operation covered in this guide has a corresponding interface in the panel: file manager, process monitor, firewall rules, user management, cron editor, log viewer, DNS management, backups, SSL automation — all in one place, with no additional cost and no plugin required.
But when you do need the terminal — and you will — you now have the full toolkit.
Learn more about Panelica or browse more tutorials on setting up and securing your server infrastructure.