LiveChat 
Support 
Linux Commands Cheat Sheet: 50+ Essential Commands for Server Admins and Developers
Whether you are managing a production web server over SSH, debugging a deployment, or just learning your way around a fresh Linux box, the command line is where the real work happens. This Linux commands cheat sheet brings together the commands you will reach for daily, grouped by category so you can scan, copy, and apply them without breaking your flow.
Every command below includes a brief explanation of what it does and when to use it. Bookmark this page as a quick reference, or keep it open in a second tab while you work on your server.
Key Takeaways
• The most-used Linux commands fall into a handful of categories: navigation, file operations, viewing, permissions, processes, networking, disk/system, package management, and archives.
• Master a dozen core commands (`cd`, `ls`, `cp`, `mv`, `rm`, `grep`, `chmod`, `ps`, `kill`, `ssh`) and you can handle most day-to-day server tasks.
• Networking and process tools (`ss`, `curl`, `top`, `kill`) are essential for diagnosing live production issues.
• Always understand a destructive command (`rm -rf`, `chmod 777`) before running it on a server — there is no recycle bin on the command line.
Why does a Linux command reference still matter?
Modern infrastructure is built on Linux. The overwhelming majority of public-facing web servers, container hosts, and cloud instances run a Linux distribution, and the primary way you interact with them is through a terminal over SSH. Graphical panels are convenient, but they hide what is actually happening and they are rarely available on a lean server build.
Knowing the command line gives you speed, precision, and the ability to script repetitive work. A single well-formed command can do what would take dozens of clicks in a control panel. The categories below cover the commands that turn a blinking cursor into a productive workspace.
A quick note on conventions used throughout this cheat sheet: text in angle brackets like `
What are the essential navigation commands?
Before you can do anything useful, you need to move around the filesystem and know where you are. These three commands are the foundation of every terminal session.
| Command | What it does | Common example |
|---|---|---|
| `pwd` | Print working directory — shows your current location in the filesystem | `pwd` |
| `cd` | Change directory — moves you to another folder | `cd /var/www/html` |
| `cd ..` | Move up one directory level | `cd ..` |
| `cd ~` | Jump to your home directory | `cd ~` |
| `cd -` | Return to the previous directory you were in | `cd -` |
| `ls` | List files and directories | `ls` |
| `ls -l` | Long listing with permissions, owner, size, and date | `ls -l` |
| `ls -la` | Long listing including hidden files (dotfiles) | `ls -la` |
| `ls -lh` | Long listing with human-readable file sizes | `ls -lh` |
Tip: Combine flags freely. `ls -lah` gives you a detailed, human-readable listing that includes hidden files — one of the most-typed commands in any admin’s muscle memory.
What are the core file operation commands?
This is where you create, copy, move, and delete the files and directories that make up your applications. Treat the deletion commands with respect — Linux assumes you mean what you type.
| Command | What it does | Common example |
|---|---|---|
| `mkdir` | Make directory | `mkdir logs` |
| `mkdir -p` | Make nested directories, creating parents as needed | `mkdir -p app/config/env` |
| `touch` | Create an empty file or update a file’s timestamp | `touch index.html` |
| `cp` | Copy a file | `cp config.yml config.bak` |
| `cp -r` | Copy a directory recursively (including its contents) | `cp -r ./src ./backup` |
| `mv` | Move or rename a file or directory | `mv old.txt new.txt` |
| `rm` | Remove a file | `rm temp.log` |
| `rm -r` | Remove a directory and its contents recursively | `rm -r ./cache` |
| `rm -rf` | Force-remove recursively with no prompts — dangerous | `rm -rf ./build` |
| `rmdir` | Remove an empty directory | `rmdir emptydir` |
| `ln -s` | Create a symbolic link (shortcut) to a file or directory | `ln -s /var/www/site current` |
Warning: `rm -rf` permanently deletes everything in its path without confirmation. Always double-check your working directory with `pwd` before running it, and never run `rm -rf /` or `rm -rf *` casually on a server.
How do you view and search file contents?
Reading logs, inspecting config files, and searching for a specific line are constant tasks in server work. These commands let you read files without opening a heavy editor.
| Command | What it does | Common example | |
|---|---|---|---|
| `cat` | Print the entire contents of a file | `cat /etc/hostname` | |
| `less` | Page through a file interactively (scroll, search with `/`) | `less /var/log/syslog` | |
| `head` | Show the first lines of a file (default 10) | `head -n 20 access.log` | |
| `tail` | Show the last lines of a file (default 10) | `tail -n 50 error.log` | |
| `tail -f` | Follow a file live as new lines are written | `tail -f /var/log/nginx/access.log` | |
| `grep` | Search for a pattern within text | `grep “404” access.log` | |
| `grep -r` | Search recursively through a directory | `grep -r “TODO” ./src` | |
| `grep -i` | Case-insensitive search | `grep -i “error” app.log` | |
| `wc -l` | Count lines (useful piped after `grep`) | `grep “error” log \ | wc -l` |
Tip: `tail -f` is indispensable for watching a live application or web server log while you reproduce a bug. Combine it with `grep` using a pipe — `tail -f access.log | grep “500”` — to watch only for the events you care about.
How do file permissions and ownership work?
Linux is a multi-user system, and permissions control who can read, write, or execute each file. Misconfigured permissions are one of the most common causes of “permission denied” errors and security problems on a server.
| Command | What it does | Common example |
|---|---|---|
| `chmod` | Change mode — set read/write/execute permissions | `chmod 644 index.html` |
| `chmod +x` | Make a file executable | `chmod +x deploy.sh` |
| `chmod -R` | Apply permissions recursively to a directory | `chmod -R 755 ./public` |
| `chown` | Change owner of a file or directory | `chown www-data file.php` |
| `chown -R` | Change ownership recursively, often user:group | `chown -R www-data:www-data /var/www` |
| `sudo` | Run a single command with superuser privileges | `sudo systemctl restart nginx` |
| `whoami` | Show the current user | `whoami` |
| `umask` | View or set default permissions for new files | `umask 022` |
Understanding permission numbers: The three digits in `chmod 755` represent owner, group, and others. Each digit is the sum of read (4), write (2), and execute (1). So `755` means the owner has full access (7 = 4+2+1) while group and others can read and execute (5 = 4+1). Use `644` for regular files and `755` for directories and scripts as sane defaults. Avoid `chmod 777`, which grants everyone full access and is a frequent security mistake.
How do you manage running processes?
When a server slows down, hangs, or a service crashes, process management commands tell you what is running and let you intervene. These are your first responders during a live incident.
| Command | What it does | Common example | ||
|---|---|---|---|---|
| `ps aux` | List all running processes with details | `ps aux` | ||
| `ps aux \ | grep` | Find a specific process by name | `ps aux \ | grep nginx` |
| `top` | Live, updating view of processes and resource usage | `top` | ||
| `htop` | Interactive, color-coded process viewer (often must be installed) | `htop` | ||
| `kill` | Send a signal to a process by PID (terminate by default) | `kill 4821` | ||
| `kill -9` | Force-kill a process that will not stop gracefully | `kill -9 4821` | ||
| `killall` | Kill all processes by name | `killall php-fpm` | ||
| `jobs` | List background jobs in the current shell | `jobs` | ||
| `bg` / `fg` | Resume a job in the background / foreground | `fg %1` | ||
| `nohup` | Run a command immune to hangups (survives logout) | `nohup ./worker.sh &` |
Tip: Reach for `kill` (signal 15, graceful) before `kill -9` (signal 9, forceful). The graceful signal lets a process clean up open files and connections; the forceful one does not, which can leave data in an inconsistent state.
A practical workflow most cheat sheets skip: when a process is misbehaving, do not jump straight to killing it. First run `top` (or `htop`) to see which process is consuming CPU or memory, note its PID, then use `ls -l /proc/
Which networking commands should every admin know?
Connectivity issues, slow responses, and “is the port even open?” questions all live here. These commands diagnose whether your server can reach the outside world and whether the outside world can reach your services.
| Command | What it does | Common example |
|---|---|---|
| `ping` | Test reachability and latency to a host | `ping google.com` |
| `curl` | Transfer data to/from a URL; test HTTP endpoints | `curl -I https://example.com` |
| `wget` | Download files from the web | `wget https://example.com/file.zip` |
| `ss` | Show open sockets, listening ports, and connections | `ss -tulpn` |
| `netstat` | Older equivalent of `ss` (may need installing) | `netstat -tulpn` |
| `ip a` | Show network interfaces and IP addresses | `ip a` |
| `dig` | Query DNS records for a domain | `dig example.com` |
| `nslookup` | Look up DNS information for a host | `nslookup example.com` |
| `traceroute` | Trace the network path to a host | `traceroute example.com` |
| `ssh` | Open a secure shell session to a remote server | `ssh user@your-server-ip` |
| `scp` | Securely copy files between hosts over SSH | `scp file.txt user@host:/path` |
Tip: `ss -tulpn` is the modern go-to for “what is listening on which port.” The flags mean TCP, UDP, listening, show process, and numeric — so you instantly see which service owns each open port. `curl -I` returns just the HTTP response headers, perfect for checking status codes and redirects without downloading the full page.
How do you check disk and system resources?
Before you deploy, after a traffic spike, or when something feels sluggish, these commands report on disk space, memory, and the system itself.
| Command | What it does | Common example |
|---|---|---|
| `df -h` | Show disk free space, human-readable | `df -h` |
| `du -sh` | Show the total disk usage of a directory | `du -sh /var/log` |
| `du -sh *` | Show size of each item in the current directory | `du -sh *` |
| `free -h` | Show free and used memory | `free -h` |
| `uname -a` | Show kernel and system information | `uname -a` |
| `uptime` | Show how long the system has been running and load average | `uptime` |
| `lsblk` | List block devices (disks and partitions) | `lsblk` |
| `who` | Show who is currently logged in | `who` |
| `date` | Show or set the system date and time | `date` |
Tip: A full disk is one of the most common causes of a server “going down” unexpectedly. When something breaks for no obvious reason, `df -h` should be among your first checks — then use `du -sh /*` to find which directory is the culprit, often runaway logs in `/var/log`.
Run these commands on your own server with DarazHost
Reading a cheat sheet is one thing; practicing on a real Linux machine with full root access is where the knowledge sticks. A managed control panel will never give you the freedom to run every command above.
DarazHost Linux SSD VPS plans — available from Bronze through Titan — give you a fast, SSD-backed virtual server with:
- Full root access and complete SSH control, so every command in this guide is yours to run.
- NVMe/SSD storage for snappy file operations, package installs, and builds.
- A clean Linux environment to practice navigation, permissions, process management, and networking safely.
- 24/7 technical support, so if you ever lock yourself out with a `chmod` mistake, help is a message away.
Whether you are spinning up a development sandbox or running a production workload, a DarazHost SSD VPS is an ideal place to put this cheat sheet to work.
What are the package management commands?
Installing, updating, and removing software is done through your distribution’s package manager. Debian/Ubuntu systems use `apt`; RHEL/CentOS/Fedora systems use `yum` or its successor `dnf`.
| Command (Debian/Ubuntu) | Command (RHEL/CentOS) | What it does |
|---|---|---|
| `sudo apt update` | `sudo yum check-update` | Refresh the list of available packages |
| `sudo apt upgrade` | `sudo yum update` | Upgrade installed packages |
| `sudo apt install |
`sudo yum install |
Install a package |
| `sudo apt remove |
`sudo yum remove |
Remove a package |
| `apt search |
`yum search |
Search for a package |
| `apt list –installed` | `yum list installed` | List installed packages |
Tip: Always run `sudo apt update` before `sudo apt install` on Debian-based systems. The update step refreshes the package index so you install current versions rather than stale ones. On newer Red Hat-based systems, `dnf` is a drop-in replacement for `yum` with the same syntax.
What are the archive and compression commands?
Bundling files for backup or transfer, and unpacking what you download, is handled by `tar` and the compression utilities. The `tar` flags are famously cryptic, so the table below spells them out.
| Command | What it does |
|---|---|
| `tar -czvf archive.tar.gz |
Create a gzip-compressed archive (c=create, z=gzip, v=verbose, f=file) |
| `tar -xzvf archive.tar.gz` | Extract a gzip-compressed archive (x=extract) |
| `tar -tzvf archive.tar.gz` | List the contents of an archive without extracting |
| `gzip |
Compress a single file (replaces it with `.gz`) |
| `gunzip |
Decompress a `.gz` file |
| `zip -r archive.zip |
Create a `.zip` archive recursively |
| `unzip archive.zip` | Extract a `.zip` archive |
Tip: A reliable way to remember the create vs. extract flags: create vs. extract. Keep the `zvf`/`zf` part the same and just swap the first letter. To back up a web directory, `tar -czvf backup.tar.gz /var/www/html` produces a single compressed file you can move with `scp`.
How can you get help for any command?
When you forget a flag or want to know every option a command supports, Linux documents itself. These commands save you a trip to a search engine.
| Command | What it does | Example |
|---|---|---|
| `man |
Open the full manual page | `man tar` |
| ` |
Show a quick summary of options | `ls –help` |
| `tldr |
Show practical examples (community tool, must be installed) | `tldr tar` |
| `which |
Show the full path of a command’s executable | `which python3` |
| `history` | Show your recent command history | `history` |
Tip: Press `q` to exit a `man` page or a `less` view. New users frequently get “stuck” in these because they keep scrolling without realizing `q` quits.
Frequently asked questions
Which Linux commands should a beginner learn first? Start with navigation and file operations: `pwd`, `cd`, `ls`, `cp`, `mv`, `rm`, and `mkdir`. Add `cat`, `less`, and `grep` for reading files, then `chmod` and `sudo` for permissions. With those dozen commands you can comfortably move around a server and manage its files. Everything else builds on this foundation.
What is the difference between `ss` and `netstat`? Both show network connections and listening ports, but `ss` (socket statistics) is the modern replacement and is faster, especially on busy servers with many connections. `netstat` is older, sometimes not installed by default on newer distributions, and is gradually being deprecated. The command `ss -tulpn` covers most of what admins used `netstat -tulpn` for.
Is `rm -rf` safe to use? `rm -rf` is safe only when you are certain of the target path. It deletes recursively and forcefully with no confirmation and no recovery — there is no recycle bin on the command line. Always verify your location with `pwd` first, avoid running it as root unless necessary, and never use it with broad patterns like `/` or unquoted variables that could expand unexpectedly.
How do I copy files between two servers? Use `scp` (secure copy) or `rsync` over SSH. For a single file: `scp file.txt user@remote-host:/destination/path`. For directories or large syncs, `rsync -avz ./localdir user@host:/remotedir` is more efficient because it transfers only changed data and can resume interrupted transfers.
Do I need root access to run these commands? Most navigation, viewing, and personal file commands run as a normal user. Commands that change system-wide state — installing packages, restarting services, editing files owned by other users — require `sudo` or root. A VPS with full root access lets you run the complete set, which is why root-level control matters for learning and for production server administration.
Conclusion
A Linux commands cheat sheet is most valuable when you actually use it. The commands above cover the vast majority of what server admins and developers do day to day — from finding your way around the filesystem to diagnosing a live networking problem at 2 a.m. Keep this reference handy, practice the destructive commands cautiously, and within a few weeks the core dozen will become second nature.
The fastest way to internalize them is to run them on a real server you control. Spin up a Linux environment, break things safely, and rebuild — that hands-on loop is how every confident admin learned the craft.
