As the core of the open-source operating system, Linux command-line tools are the foundation of system administration.

1. File and Directory Operation System
1. Basic Navigation Commands
- • pwd (Display current path):
[user@localhost ~]$ pwd /home/user # Display current working directory - • cd (Change directory):
cd /var/log # Switch to absolute path cd ../etc # Relative path switch to the parent directory's etc subdirectory cd - # Return to the previous working directory
2. File and Directory Management
- • ls (List display):
ls -l /etc # Detailed display of file permissions, size, etc. ls -a ~ # Display all contents including hidden files ls -lh /usr/lib # Human-readable file size display (KB/MB)Key parameter combinations:
<span>-alh</span>can display hidden files and output sizes in a readable format. - • mkdir/rmdir (Create/Delete directories):
mkdir -p project/{src,docs,bin} # Recursively create multi-level directory structure rmdir empty_dir # Can only delete empty directories - • cp/mv/rm (Copy/Move/Delete):
# Recursively copy directory and preserve permissions cp -rp /etc/nginx /backup/ # Force delete non-empty directory (dangerous operation) rm -rf old_project/ # Move file and rename mv report.txt /docs/2025_report.txt
3. Advanced File Operations
- • find (File search):
# Find .log files modified in the last 7 days find /var/log -name "*.log" -mtime -7 # Find files larger than 100MB find / -size +100M -exec ls -lh {} \; - • tar (Archive compression):
# Create gzip compressed package tar -czvf backup_$(date +%Y%m%d).tar.gz /home/user/data # Extract to specified directory tar -xzvf archive.tar.gz -C /tmp/restore/
2. User and Permission Management
1. User Account Management
- • useradd/usermod:
# Create user and specify home directory and shell sudo useradd -m -s /bin/bash developer # Modify user home directory and migrate files sudo usermod -d /new_home/developer -m developer - • passwd:
sudo passwd developer # Set user password echo "developer:P@ssw0rd" | sudo chpasswd # Batch modify password
2. User Group Management
- • groupadd/usermod:
sudo groupadd devops sudo usermod -aG devops developer # Add user to additional group - • Permission View:
groups developer # View user groups id developer # Display user UID/GID information
3. File Permission Control
- • chmod (Permission modification):
chmod 750 script.sh # User: rwx, Group: r-x, Others: --- chmod a+r config.conf # Add read permission for all users - • chown (Ownership change):
sudo chown root:root /etc/nginx/nginx.conf sudo chown -R www-data: /var/www/html # Recursively modify directory ownership
Practical Case: Create Restricted User
# Create read-only user
sudo useradd -m -s /bin/bash analyst
sudo passwd analyst
# Create dedicated directory and set permissions
sudo mkdir /data/reports
sudo chown root:analyst /data/reports
sudo chmod 770 /data/reports # Only owner and group users can read, write, and execute
# Verify permissions
sudo -u analyst touch /data/reports/test.txt # Test file creation
3. Network Configuration and Management
1. Basic Network Tools
- • ip/ifconfig:
ip addr show eth0 # Display interface information sudo ifconfig eth0 192.168.1.100 netmask 255.255.255.0 - • ping/traceroute:
ping -c 4 example.com # Send 4 probe packets traceroute -n google.com # Display routing path (disable DNS resolution)
2. Advanced Network Diagnostics
- • netstat/ss:
netstat -tulnp # Display all listening ports and processes ss -s # Overview of network connection statistics - • tcpdump (Packet analysis):
# Capture HTTP requests on port 80 sudo tcpdump -i eth0 -nn port 80 -w http_capture.pcap # Real-time analysis of SSH traffic sudo tcpdump -i any port 22 -A
3. Firewall Configuration (iptables example)
# Allow SSH and HTTP services
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
# Save rules (choose method based on distribution)
sudo iptables-save > /etc/iptables.rules
Practical Case: Configure Static IP
# Edit network configuration file (Ubuntu example)
sudo nano /etc/netplan/01-netcfg.yaml
Configuration content:
network:
version: 2
renderer: networkd
ethernets:
eth0:
dhcp4: no
addresses: [192.168.1.200/24]
gateway4: 192.168.1.1
nameservers:
addresses: [8.8.8.8, 8.8.4.4]
Apply configuration:
sudo netplan apply
4. System Monitoring and Maintenance
1. Resource Monitoring
- • top/htop:
top -p $(pgrep -d',' nginx) # Monitor specific process htop --sort-key PERCENT_CPU # Sort by CPU usage - • df/du:
df -h /dev/sda1 # Display partition usage du -sh /var/log/* # Calculate directory size
2. Log Management
- • journalctl (Systemd logs):
journalctl -u nginx --since "2025-08-20" --no-pager journalctl -f -u sshd # Real-time tracking of SSH logs - • logrotate (Log rotation):
# Manually trigger log rotation sudo logrotate -vf /etc/logrotate.d/nginx
3. Scheduled Tasks (crontab)
# Edit current user's crontab
crontab -e
Example of adding tasks:
# Backup MySQL database every day at 3 AM
0 3 * * * /usr/bin/mysqldump -u root -pPASSWORD dbname > /backup/db_$(date +\%Y\%m\%d).sql
# Check website availability every 5 minutes
*/5 * * * * /usr/bin/curl -s --connect-timeout 5 http://example.com > /dev/null
5. Security Hardening Practices
1. SSH Security Configuration
# Change SSH port and disable root login
sudo nano /etc/ssh/sshd_config
Modified content:
Port 2222
PermitRootLogin no
AllowUsers analyst developer
Restart service:
sudo systemctl restart sshd
2. Failed Login Limit
# Install fail2ban
sudo apt install fail2ban
# Configure Jail rules
sudo nano /etc/fail2ban/jail.local
Add content:
[sshd]
enabled = true
maxretry = 3
bantime = 86400 # Ban for 24 hours
3. File Integrity Check
# Install AIDE (Advanced Intrusion Detection Environment)
sudo apt install aide
# Initialize database (first run may take a long time)
sudo aideinit
# Regular checks (recommended to set daily checks via crontab)
sudo aide --check
6. Advanced Techniques
1. Command Combination and Piping
# Find and count specific process instances
ps aux | grep nginx | grep -v grep | wc -l
# Real-time monitor high-load processes
watch -n 1 "ps -eo pid,ppid,cmd,%mem,%cpu --sort=-%cpu | head"
2. Screen Management (screen/tmux)
# Install tmux
sudo apt install tmux
# Basic operations
tmux new -s mysession # Create new session
Ctrl+b d # Detach session
tmux attach -t mysession # Reconnect
Ctrl+b % # Vertical split
Ctrl+b " # Horizontal split
3. Automation Script Example
#!/bin/bash
# System health check script
LOG_FILE="/var/log/system_check_$(date +%Y%m%d).log"
{
echo "===== System Check Report ====="
echo "Uptime: $(uptime -p)"
echo "Memory Usage:"
free -h | grep Mem
echo "Disk Usage:"
df -h | grep -v "tmpfs"
echo "Top 5 CPU Processes:"
ps -eo pid,ppid,cmd,%cpu --sort=-%cpu | head
} > $LOG_FILE
# Send email notification (mailutils configuration required)
if [ -s $LOG_FILE ]; then
cat $LOG_FILE | mail -s "Daily System Report" [email protected]
fi
This article builds a complete knowledge system of Linux system administration through detailed analysis of over 20 core commands and more than 30 practical cases. From basic file operations to advanced network configurations, from user permission management to system security hardening, each knowledge point is accompanied by command examples in real scenarios. Readers are encouraged to deepen their learning through the following methods:
- 1. Practice all case commands in a virtual machine environment
- 2. Refer to the complete documentation of each command using
<span>man</span>command - 3. Regularly review and try to combine different commands
- 4. Keep an eye on new tools and technology developments in the Linux community
By mastering these commands, you will have the ability to independently manage Linux servers, laying a solid foundation for further learning about containerization, automation, and other advanced topics.