Find all .htaccess files starting in “/” directory:

find / -name ".htaccess" -print

Or

locate .htaccess

For more information of the file(s) such as permissions, ownership, and last modification timestamp:

ls -l $(locate .htaccess)

Find all files with specific extension starting from “/”:

find / -name '*.txt'

To find a specific file with extension “.txt” in current directory just exclude “/”

Find more information of files with specific extension such as ownership, file location, permission and last edit date:

ls -l $(locate *.txt)

Find all hidden directories starting in “/”:

find / -type f -name ".*"

First and most importantly, we need to locate the correct drive. In a terminal session (command line), type:

Try to type the commands in, instead of copy/paste, this helps with retention for next time.

lsblk

In other words, ‘List Block Devices’

This command will list all block devices, hard drives, USB drives, scsi devices, RAID devices and their partitions.

In this case here is what is displayed:

NAME                        MAJ:MIN RM   SIZE RO TYPE   MOUNTPOINT
sda                           8:0    0 465.8G  0 disk   
└─isw_ccheigfjba_Volume0    254:0    0 931.5G  0 dmraid 
  ├─isw_ccheigfjba_Volume01 254:1    0 893.8G  0 dmraid /
  └─isw_ccheigfjba_Volume05 254:2    0  37.7G  0 dmraid 
sdb                           8:16   0 465.8G  0 disk   
└─isw_ccheigfjba_Volume0    254:0    0 931.5G  0 dmraid 
  ├─isw_ccheigfjba_Volume01 254:1    0 893.8G  0 dmraid /
  └─isw_ccheigfjba_Volume05 254:2    0  37.7G  0 dmraid 
sdc                           8:32   1   1.9G  0 disk   
└─sdc1                        8:33   1   1.1G  0 part 

We can see ‘sda’ and ‘sdb’ are defined as raid members. Where sdc is a disk, which has one partition ‘sdc1’ ,which is in this case the USB drive we will be working with.

---

Unmount the device

umount /dev/sdc

The USB device will not always be automatically mounted upon insertion, even if it shows as a block device. Depending on previous configurations, so don’t be concerned after running the command if you are told ‘umount: /dev/sdc: not mounted’

---

At this point we are ready to format and partition the device in one command.

NOTE: Continuing will permanently Destroy and Delete anything on the chosen device.

Format USB Drive:

mkfs.msdos -n 'random' -I /dev/sdc

Where: mkfs.msdos = make file system & partition as msdos

-n = Name the Volume

-I = Partitioning within the block device itself

/dev = Device

/dev/sdc = the device we are formatting and partitioning

---

The output:

mkfs.fat 3.0.27 (2014-11-12)
mkfs.fat: warning - lowercase labels might not work properly with DOS or Windows

If you are greeted with something to the effect of:

mkfs.msdos: unable to open /dev/sdc: Device or resource busy

Chances are your USB drive is write protected.

You may be required to install hdparm:

sudo apt-get install hdparm

Then remove the write protection by running:

sudo hdparm -r0 /dev/sdc

Output:

/dev/sdc:
 setting readonly to 0 (off)
 readonly      =  0 (off)

If your still getting errors and care not to save Any data on the drive, you can write zeros to the device by running:

sudo dd if=/dev/zero of=/dev/sdc  bs=512  count=1

---

Then go ahead and try formatting again.

After a successful format, the version, and a warning should be self explanatory.

At this point, the device should have been formatted and partitioned, time depends on how large and complex the partitioning scheme.

In formatting this particular device, a 2GB USB drive, the time was ~3 seconds, for reference.

---

There are many other type of partitions we can use, such as the following, however in this case, I’m going to be transferring an ISO from one (linux) machine to a non networked (windows) machine. Where msdos is highly compatible.

Examples of file system types: mkfs.msdos; mkfs.ext2; mkfs.ext3; mkfs.ext4; mkfs.vfat and many more depending on the intended application.

---

You can re-list all block devices to see your final result. Only this time, we want to verify the file system type, so we add the ‘-f’ flag

lsblk -f

NAME                        FSTYPE          LABEL  UUID                                 MOUNTPOINT
sda                         isw_raid_member                                             
└─isw_ccheigfjba_Volume0                                                                
  ├─isw_ccheigfjba_Volume01 ext4                   5ba67ace-a42d-404b-a6dc-eb2a73e8429c /
  └─isw_ccheigfjba_Volume05 swap                   66b5b874-e24c-45df-a669-4b205affa2fc 
sdb                         isw_raid_member                                             
└─isw_ccheigfjba_Volume0                                                                
  ├─isw_ccheigfjba_Volume01 ext4                   5ba67ace-a42d-404b-a6dc-eb2a73e8429c /
  └─isw_ccheigfjba_Volume05 swap                   66b5b874-e24c-45df-a669-4b205affa2fc 
sdc                         vfat            random 2B9E-2530                            /media/rick/random

As we can see, now /dev/sdc has been formatted and partitioned vfat, which is essentially the same as FAT32 and allows the use of longer volume names, post WIN95.

In other words, it’s compatible for basic storage on linux, as well as readable on windows versions supplied in the last ~20 years.

Fin!

For a more comprehensive or detailed guide, as to securely wiping a drive, visit nixCraft-how-do-i-permanently-erase-hard-disk

Recently I came across an older DVR unit, taking into consideration I’m not one to pass up an opportunity to harvest tech, so I took the liberties I had been granted.

Just want the commands and take your chances? Skip down beyond my rambling.

Not much useful inside most of these units, but there was a mechanical HDD.

The drive is a WD5000AVVS, after a bit of googling around, I found Western Digital made these specifically for a DVR application. In other words, not really made to support a desktop environment. No reason to let that stop me from adding it for basic storage.

---

The drive was utilizing PUIS or Power [Up In Standby] , something WD came up with themselves, from the wiki:

Power-up in standby (PUIS) or power management 2 mode (PM2; Western Digital specific) is a SATA or Parallel ATA (aka PATA) hard disk configuration which prevents the drive from automatic spinup when power is applied. The spinup occurs later by an ATA command, only when the disk is needed, to conserve electric power[dubious – discuss] and to avoid a power consumption peak caused by a simultaneous spin-up of multiple disks.

---

Useful tip: Since the drive will not power up on boot, I had to connect the drive to a raid controller to get it to spin up. I’m sure there are other means, such as issuing ATA commands.

---

Set PUIS mode on Western Digital Hard Drive

Enter the hdparm command , for help on commands just type in:

hdparm

hdparm - get/set hard disk parameters - version v9.43, by Mark Lord.

Usage:  hdparm  [options] [device ...]

Options:
 -a   Get/set fs readahead
 -A   Get/set the drive look-ahead flag (0/1)
 -b   Get/set bus state (0 == off, 1 == on, 2 == tristate)
 -B   Set Advanced Power Management setting (1-255)
 -c   Get/set IDE 32-bit IO setting
 -C   Check drive power mode status
 -d   Get/set using_dma flag
 -D   Enable/disable drive defect management
 -E   Set cd/dvd drive speed
 -f   Flush buffer cache for device on exit
 -F   Flush drive write cache
 -g   Display drive geometry
 -h   Display terse usage information
 -H   Read temperature from drive (Hitachi only)
 -i   Display drive identification
 -I   Detailed/current information directly from drive
 -J   Get/set Western DIgital "Idle3" timeout for a WDC "Green" drive (DANGEROUS)
 -k   Get/set keep_settings_over_reset flag (0/1)
 -K   Set drive keep_features_over_reset flag (0/1)
 -L   Set drive doorlock (0/1) (removable harddisks only)
 -m   Get/set multiple sector count
 -M   Get/set acoustic management (0-254, 128: quiet, 254: fast)
 -n   Get/set ignore-write-errors flag (0/1)
 -N   Get/set max visible number of sectors (HPA) (VERY DANGEROUS)
 -p   Set PIO mode on IDE interface chipset (0,1,2,3,4,...)
 -P   Set drive prefetch count
 -q   Change next setting quietly
 -Q   Get/set DMA queue_depth (if supported)
 -r   Get/set device readonly flag (DANGEROUS to set)
 -R   Get/set device write-read-verify flag
 -s   Set power-up in standby flag (0/1) (DANGEROUS)
 -S   Set standby (spindown) timeout
 -t   Perform device read timings
 -T   Perform cache read timings
 -u   Get/set unmaskirq flag (0/1)
 -U   Obsolete
 -v   Use defaults; same as -acdgkmur for IDE drives
 -V   Display program version and exit immediately
 -w   Perform device reset (DANGEROUS)
 -W   Get/set drive write-caching flag (0/1)
 -x   Obsolete
 -X   Set IDE xfer mode (DANGEROUS)
 -y   Put drive in standby mode
 -Y   Put drive to sleep
 -z   Re-read partition table
 -Z   Disable Seagate auto-powersaving mode
 --dco-freeze      Freeze/lock current device configuration until next power cycle
 --dco-identify    Read/dump device configuration identify data
 --dco-restore     Reset device configuration back to factory defaults
 --direct          Use O_DIRECT to bypass page cache for timings
 --drq-hsm-error   Crash system with a "stuck DRQ" error (VERY DANGEROUS)
 --fallocate       Create a file without writing data to disk
 --fibmap          Show device extents (and fragmentation) for a file
 --fwdownload            Download firmware file to drive (EXTREMELY DANGEROUS)
 --fwdownload-mode3      Download firmware using min-size segments (EXTREMELY DANGEROUS)
 --fwdownload-mode3-max  Download firmware using max-size segments (EXTREMELY DANGEROUS)
 --fwdownload-mode7      Download firmware using a single segment (EXTREMELY DANGEROUS)
 --idle-immediate  Idle drive immediately
 --idle-unload     Idle immediately and unload heads
 --Istdin          Read identify data from stdin as ASCII hex
 --Istdout         Write identify data to stdout as ASCII hex
 --make-bad-sector Deliberately corrupt a sector directly on the media (VERY DANGEROUS)
 --offset          use with -t, to begin timings at given offset (in GiB) from start of drive
 --prefer-ata12    Use 12-byte (instead of 16-byte) SAT commands when possible
 --read-sector     Read and dump (in hex) a sector directly from the media
 --security-help   Display help for ATA security commands
 --trim-sector-ranges        Tell SSD firmware to discard unneeded data sectors: lba:count ..
 --trim-sector-ranges-stdin  Same as above, but reads lba:count pairs from stdin
 --verbose         Display extra diagnostics from some commands
 --write-sector    Repair/overwrite a (possibly bad) sector directly on the media (VERY DANGEROUS)

As we can see, there is a command we can utilize to change the PUIS setting of the drive:

hdparm -s

Of course you must enter the device name you wish to change the settings on. So we can use:

lsblk

The lsblk command will list all block devices in the system

Which in this case spits out the following:

NAME   MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
sda      8:0    0 465.8G  0 disk 
└─sda1   8:1    0 465.8G  0 part 
sdb      8:16   0 465.8G  0 disk 
└─sdb1   8:17   0 465.8G  0 part /media/rick/WD500GB
sdc      8:32   0 465.8G  0 disk 
└─sdc2   8:34   0     1K  0 part

This is now that the drive is finished, formatted and partitioned in the system. Sometimes you’ll need a bit more data to make the choice as to which drive you’ll be schnookering.

So we can use lsblk flags as well.

lsblk --output MODE,NAME,FSTYPE,LABEL,UUID

Which spits out the following infos:

MODE       NAME   FSTYPE          LABEL   UUID
brw-rw---- sda    isw_raid_member         
brw-rw---- └─sda1                         
brw-rw---- sdb                            
brw-rw---- └─sdb1 ext4            WD500GB 4e423629-51e8-41b3-a9be-9c9af4d31732
brw-rw---- sdc    isw_raid_member         
brw-rw---- └─sdc2 

Well I know the two disks which say raid member are not it, and at this point there is only three block devices in the system, so I’ll use /dev/sdb

If we look at the hdparm command to turn on or off PUIS, it states the two options which are 0/1 = Off or On

So the command I’ll run on /dev/sdb to wake it up with hdparm is:

hdparm -s 0 /dev/sdb

Done with that jazz. The drive should spin up when powered on. Lest, we are not finished here. We should clean things up a bit.

---

For simplicity I enjoy the shred command, plus it sounds serious, which it is.

To find shred commands, we just run:

shred --help

Which pukes out this:

Usage: shred [OPTION]... FILE...
Overwrite the specified FILE(s) repeatedly, in order to make it harder
for even very expensive hardware probing to recover the data.

Mandatory arguments to long options are mandatory for short options too.
  -f, --force    change permissions to allow writing if necessary
  -n, --iterations=N  overwrite N times instead of the default (3)
      --random-source=FILE  get random bytes from FILE
  -s, --size=N   shred this many bytes (suffixes like K, M, G accepted)
  -u, --remove[=HOW]  truncate and remove file after overwriting; See below
  -v, --verbose  show progress
  -x, --exact    do not round file sizes up to the next full block;
                   this is the default for non-regular files
  -z, --zero     add a final overwrite with zeros to hide shredding
      --help     display this help and exit
      --version  output version information and exit

Remember, this can be done on any drive, so everything and anything will be lost to the abyss forever. Pay attention to which drive letter / name you are using.

The default pass is 25 times, yea, I’ve never needed a 25 pass random write scrub and I hope never to. So we can use the flag -n to limit how many passes shred does.

I enjoy seeing output, so I’ll use the -v or, Verbose / noisy output flag as well.

I also had no idea what permissions were set, so I used the -f or Force flag As stated, this changes permissions to allow for the write procedure if required.

If your obsessive about keeping things straight, use the -z flag also, this will add one more pass after ‘shredding’ and write zero’s across the drive. Instead of having the drive look as if someone intentionally randomly repeatedly wrote ‘junk’ to it. Just make your bed.

The command I used to wipe the drive was as follows:

shred -n 5 -v -f -z /dev/sdb 

Let the shredding begin, here is the initial output:

shred: /dev/sdb: pass 1/6 (random)...
shred: /dev/sdb: pass 1/6 (random)...330MiB/466GiB 0%
shred: /dev/sdb: pass 1/6 (random)...687MiB/466GiB 0%
shred: /dev/sdb: pass 1/6 (random)...1.0GiB/466GiB 0%
shred: /dev/sdb: pass 1/6 (random)...1.3GiB/466GiB 0%
shred: /dev/sdb: pass 1/6 (random)...1.7GiB/466GiB 0%
shred: /dev/sdb: pass 1/6 (random)...2.1GiB/466GiB 0%
shred: /dev/sdb: pass 1/6 (random)...2.4GiB/466GiB 0%
shred: /dev/sdb: pass 1/6 (random)...2.8GiB/466GiB 0%
shred: /dev/sdb: pass 1/6 (random)...3.1GiB/466GiB 0%

And this goes on for quite some time. Notice we used the -n 5 flag, for five passes, yet we can see shred is currently on pass 1/6. Good, this means the last pass will be all zeros.

Go do something else until your ready to format and partition the drive. Let it run!

There are still those times when {place whatever issue or project here} will require burning optical media, even a CD if you enjoy toying around with older, even ancient hardware.

That said there are many GUI programs which can accomplish this. However that’s not always viable, or desired. Especially when you care more about the command line and keeping your brain from going sedentary, by constantly clicking a button and having something done for you. /snarky

In this instance I’ll burn an ISO image of hdat2 to a cd from the command line using wodim on Debian.

---

Install wodim:

sudo apt-get install wodim

---

Burn ISO to a cd:

Find the drive name in which you will use to write the image: You can have a quick look at how to burn an ISO to USB which contains the same basic procedure for locating storage devices locally. Or continue on.

Locate the device which you intend to use to burn by using the command:

lsblk

In this case the output is as follows:

rick@deb:~$ lsblk
NAME                        MAJ:MIN RM   SIZE RO TYPE   MOUNTPOINT
sda                           8:0    0 465.8G  0 disk   
└─isw_ccheigfjba_Volume0    254:0    0 931.5G  0 dmraid 
  ├─isw_ccheigfjba_Volume01 254:1    0 893.8G  0 dmraid /
  └─isw_ccheigfjba_Volume05 254:2    0  37.7G  0 dmraid 
sdb                           8:16   0 465.8G  0 disk   
└─isw_ccheigfjba_Volume0    254:0    0 931.5G  0 dmraid 
  ├─isw_ccheigfjba_Volume01 254:1    0 893.8G  0 dmraid /
  └─isw_ccheigfjba_Volume05 254:2    0  37.7G  0 dmraid 
sdc                           8:32   0     2T  0 disk 

This shows two disks (sda & sdb) in raid form, as well as the optical device we will use (SDC)

Next, Navigate to the directory of the ISO (not required but simplifies the command) many times in the downloads directory.

Now we are ready to burn the ISO to cd.

Type the following in command line:

wodim -v dev=/dev/sr0 -eject -sao hdat2cd_51.iso

Here is the output after hitting return:

TOC Type: 1 = CD-ROM
scsidev: '/dev/sr0'
devname: '/dev/sr0'
scsibus: -2 target: -2 lun: -2
Linux sg driver version: 3.5.27
Wodim version: 1.1.11
SCSI buffer size: 64512
Device type    : Removable CD-ROM
Version        : 0
Response Format: 3
Capabilities   : 
Vendor_info    : 'ATAPI   '
Identification : 'iHAS324   A     '
Revision       : 'BL1A'
Device seems to be: Generic mmc2 DVD-R/DVD-RW.
Current: 0x000A (CD-RW)
Profile: 0x002B (DVD+R/DL) 
Profile: 0x001B (DVD+R) 
Profile: 0x001A (DVD+RW) 
Profile: 0x0016 (DVD-R/DL layer jump recording) 
Profile: 0x0015 (DVD-R/DL sequential recording) 
Profile: 0x0014 (DVD-RW sequential recording) 
Profile: 0x0013 (DVD-RW restricted overwrite) 
Profile: 0x0012 (DVD-RAM) 
Profile: 0x0011 (DVD-R sequential recording) 
Profile: 0x0010 (DVD-ROM) 
Profile: 0x000A (CD-RW) (current)
Profile: 0x0009 (CD-R) 
Profile: 0x0008 (CD-ROM) 
Profile: 0x0002 (Removable disk) 
Using generic SCSI-3/mmc   CD-R/CD-RW driver (mmc_cdr).
Driver flags   : MMC-3 SWABAUDIO BURNFREE FORCESPEED 
Supported modes: TAO PACKET SAO SAO/R96P SAO/R96R RAW/R16 RAW/R96P RAW/R96R
Drive buf size : 1275648 = 1245 KB
Beginning DMA speed test. Set CDR_NODMATEST environment variable if device
communication breaks or freezes immediately after that.
FIFO size      : 12582912 = 12288 KB
Track 01: data    13 MB        
Total size:       15 MB (01:34.97) = 7123 sectors
Lout start:       16 MB (01:36/73) = 7123 sectors
Current Secsize: 2048
ATIP info from disk:
  Indicated writing power: 3
  Reference speed: 6
  Is not unrestricted
  Is erasable
  Disk sub type: High speed Rewritable (CAV) media (1)
  ATIP start of lead in:  -11745 (97:25/30)
  ATIP start of lead out: 359848 (79:59/73)
  1T speed low:  4 1T speed high: 10
  2T speed low:  4 2T speed high:  0 (reserved val  6)
  power mult factor: 1 5
  recommended erase/write power: 5
  A1 values: 24 1A D8
  A2 values: 26 B2 4A
Disk type:    Phase change
Manuf. index: 40
Manufacturer: INFODISC Technology Co., Ltd.
Blocks total: 359848 Blocks current: 359848 Blocks remaining: 352725
Forcespeed is OFF.
Speed set to 1765 KB/s
Starting to write CD/DVD at speed  10.0 in real SAO mode for single session.
Last chance to quit, starting real write in    0 seconds. Operation starts.
Waiting for reader process to fill input buffer ... input buffer ready.
Performing OPC...
Sending CUE sheet...
Writing pregap for track 1 at -150
Starting new track at sector: 0
Track 01:   13 of   13 MB written (fifo 100%) [buf 100%]  10.6x.
Track 01: Total bytes read/written: 14587904/14587904 (7123 sectors).
Writing  time:   27.528s
Average write speed   3.9x.
Min drive buffer fill was 100%
Fixating...
Fixating time:   17.593s
BURN-Free was never needed.
wodim: fifo had 230 puts and 230 gets.
wodim: fifo was 0 times empty and 30 times full, min fill was 96%.

As you can see, the -v flag (verbose) allows us to get a bit more data as the process is happening. Of course this particular image was only ~15MB, so the time was very short, larger images will of course take much longer.

The burner door will open when the process is complete.

---

To burn a DVD via command line : We’ll use a script called growisofs:

sudo apt-get install growisofs

Follow the same procedure to locate the proper device using the command:

lsblk

Move to the directory the ISO is located, and type:

growisofs -dvd-compat -Z /dev/sr0=hdat2cd_51.iso

Fin

To create a bootable image on a USB ‘stick’ aka ‘thumb drive’ ‘flash drive’ in linux or OS x we use the ‘dd’ command.

In this case, we’ll write the latest (as of this writeup) Debian Image , which happens to be 8.5.0 amd64

I generally try to use the torrent, taking in consideration the server/ bandwidth costs involved with free and open software.

Download the image you wish to use. Many times the image you use, will depend on what size USB device you have available. Or obviously what you wish to accomplish.

In this case I’m using a USB card reader, with a 32 GB Micro SD card

---

You’ll need to know what USB device name to use. An easy way to view what devices are currently mounted would be to use:

lsblk

---

There are many options, or flags if you need them. From the man pages:

       -a, --all
              Also list empty devices.  (By default they are skipped.)

       -b, --bytes
              Print the SIZE column in bytes rather than in a human-readable
              format.

       -D, --discard
              Print information about the discarding capabilities (TRIM,
              UNMAP) for each device.

       -d, --nodeps
              Do not print holder devices or slaves.  For example, lsblk
              --nodeps /dev/sda prints information about the sda device
              only.

       -e, --exclude list
              Exclude the devices specified by the comma-separated list of
              major device numbers.  Note that RAM disks (major=1) are
              excluded by default.  The filter is applied to the top-level
              devices only.

       -f, --fs
              Output info about filesystems.  This option is equivalent to
              -o NAME,FSTYPE,LABEL,UUID,MOUNTPOINT.  The authoritative
              information about filesystems and raids is provided by the
              blkid(8) command.

       -h, --help
              Display help text and exit.

       -I, --include list
              Include devices specified by the comma-separated list of major
              device numbers.  The filter is applied to the top-level
              devices only.

       -i, --ascii
              Use ASCII characters for tree formatting.

       -J, --json
              Use JSON output format.

       -l, --list
              Produce output in the form of a list.

       -m, --perms
              Output info about device owner, group and mode.  This option
              is equivalent to -o NAME,SIZE,OWNER,GROUP,MODE.

       -n, --noheadings
              Do not print a header line.

       -o, --output list
              Specify which output columns to print.  Use --help to get a
              list of all supported columns.

              The default list of columns may be extended if list is
              specified in the format +list (e.g. lsblk -o +UUID).

       -O, --output-all
              Output all available columns.

       -P, --pairs
              Produce output in the form of key="value" pairs.  All
              potentially unsafe characters are hex-escaped (\x<code>).

       -p, --paths
              Print full device paths.

       -r, --raw
              Produce output in raw format.  All potentially unsafe
              characters are hex-escaped (\x<code>) in the NAME, KNAME,
              LABEL, PARTLABEL and MOUNTPOINT columns.

       -S, --scsi
              Output info about SCSI devices only.  All partitions, slaves
              and holder devices are ignored.

       -s, --inverse
              Print dependencies in inverse order.

       -t, --topology
              Output info about block-device topology.  This option is
              equivalent to -o NAME,ALIGNMENT,MIN-IO,OPT-IO,PHY-SEC,LOG-
              SEC,ROTA,SCHED,RQ-SIZE,RA,WSAME.

       -V, --version
              Display version information and exit.

       -x, --sort column
              Sort output lines by column.

---

In this case, the system spits out the following disks:

NAME                        MAJ:MIN RM   SIZE RO TYPE   MOUNTPOINT
sda                           8:0    0 465.8G  0 disk   
└─isw_ccheigfjba_Volume0    254:0    0 931.5G  0 dmraid 
  ├─isw_ccheigfjba_Volume01 254:1    0 893.8G  0 dmraid /
  └─isw_ccheigfjba_Volume05 254:3    0  37.7G  0 dmraid 
sdb                           8:16   0 465.8G  0 disk   
└─isw_ccheigfjba_Volume0    254:0    0 931.5G  0 dmraid 
  ├─isw_ccheigfjba_Volume01 254:1    0 893.8G  0 dmraid /
  └─isw_ccheigfjba_Volume05 254:3    0  37.7G  0 dmraid 
sdc                           8:32   1   1.9G  0 disk   
├─sdc1                        8:33   1   925M  0 part   
└─sdc2                        8:34   1  86.1M  0 part

We can see three devices on this system shown by ‘sda’ ‘sdb’ and ‘sdc’, where sda and sdb are each 500GB drives in a raid array. And sdc is the USB device we’ll use.

---

These naming conventions will not always be the case, depending on operating system. sdc will not always be your USB device.

---

It’s very important to insure you are writing to the correct disk, as well as not trying to write to a partition on the desired target disk. As in:

sdc                           8:32   1   1.9G  0 disk   
├─sdc1                        8:33   1   925M  0 part   
└─sdc2                        8:34   1  86.1M  0 part

Where in the above example, we see ‘sdc’ as the disk, and two partitions called ‘sdc1’ and ‘sdc2’

---

You could go about formatting the disk at this point, however the commands we will use in this example will simply ignore and over write any and all partitions, erasing any and all data on the target device. Effectively destroying anything currently on the device.

---

Once the image, or ISO is downloaded to your local machine, navigate to the directory which your downloads reside (generally the users ‘Download’ directory).

Of course it is not required to move to the directory where the image is, at that point you’ll need to type the path, I say go to the Downloads directory for easy of use and simplify the command.

---

In this case the image name is: debian-8.5.0-amd64-DVD-1.iso

The disk is: sdc

So the command to write the image ‘debian-8.5.0-amd64-DVD-1.iso’ To disk ‘sdc’

You may need to unmount the device before this will work

umount /dev/sdc 

You would then run the following command:

sudo dd if=debian-8.5.0-amd64-DVD-1.iso of=/dev/sdc bs=1M

You’ll of course be requested to type in your sudo password, or at least you should not be running as root to begin with.

The write will commence, and depending on the machine capabilities and the size of the image being written, will dictate the speed at which the procedure takes.

---

There is no progress bar with this command, so sit back, or get on with another task. This could take quite some time.

---

Once the image is written to the USB device and completed, the output will look something to this effect:

3808+0 records in
3808+0 records out
3992977408 bytes (4.0 GB) copied, 288.986 s, 13.8 MB/s

We can see here, that the USB device is now partitioned and the ISO is available.

sdc                           8:32   1  29.7G  0 disk   
├─sdc1                        8:33   1   3.7G  0 part   /media/rick/Debian 8.5.0 amd64 1
└─sdc2                        8:34   1   416K  0 part

There is quite a lot of discussion as to which block size to write, or as seen in the above command ‘bs=1M’ , I have used 5M, however much faster, I’ve had instances where {something @ somewhere} went sour and left me with a useless image. Possibly due to incorrect writes, that is however for another discussion.

Many times you type:

crontab -e

And end up with key bindings your not used to. (h,j,k,i) As in vi or ed.

Say you normally use nano:

export VISUAL=nano; crontab -e

Boom, crontab will open and nano will be your editor.

---

Same goes for vi:

export VISUAL=vim; crontab -e

---

Then again maybe you want to use your preferred editor always, or as default.

Get a list of available editors currently install on your system by running:

update-alternatives --list editor

In this case, the output is:

/bin/ed
/bin/nano
/usr/bin/vim.gnome
/usr/bin/vim.tiny

So you may combine the above for on demand usage such as:

export VISUAL=ed; crontab -e

Or:

export VISUAL=vim.gnome; crontab -e

ect…

---

To make one specific editor default to your users profile, you must edit:

~/.profile

So for example if your enjoying the ease of nano:

nano ~/.profile

And add these lines as follows:

EDITOR=nano
VISUAL=$EDITOR
export EDITOR VISUAL

Replacing in the above case ‘nano’ with your desired default editor.

---

When you run the following as root, you are changing the default editor system wide, or all users. In this case, we can use ‘editor’, to see which editors are currently available on the system, as well as priorities, paths, and status:

update-alternatives --config editor

The output will be:

  Selection    Path                Priority   Status
------------------------------------------------------------
* 0            /usr/bin/vim.gnome   60        auto mode
  1            /bin/ed             -100       manual mode
  2            /bin/nano            40        manual mode
  3            /usr/bin/vim.gnome   60        manual mode
  4            /usr/bin/vim.tiny    10        manual mode
Press enter to keep the current choice[*], or type selection number: 

Then simply type the number of the default system wide editor you wish.

Recently while installing letsencrypt I’ve come across yum being broken {by something @ somewhere} where yum tossed an error of libelf.so.1, a python shared object.

Where yum nor rpm was able to run.

So I ran ldconfig, which is a program used to maintain shared libraries. This from the man pages:

• ldconfig creates the necessary links and cache to the most recent shared libraries found in the directories specified on the command line, in the file /etc/ld.so.conf, and in the trusted directories (/lib and /usr/lib). The cache is used by the run-time linker, ld.so or ld-linux.so.

ldconfig checks the header and filenames of the libraries it encounters when determining which versions should have their links updated.

So I got on with it using the -v flag or verbose

ldconfig -v

Output:

ldconfig: /etc/ld.so.conf.d/kernel-2.6.32-573.18.1.el6.x86_64.conf:6: duplicate hwcap 1 nosegneg
ldconfig: /etc/ld.so.conf.d/kernel-2.6.32-573.22.1.el6.x86_64.conf:6: duplicate hwcap 1 nosegneg
ldconfig: /etc/ld.so.conf.d/kernel-2.6.32-573.26.1.el6.x86_64.conf:6: duplicate hwcap 1 nosegneg
ldconfig: /etc/ld.so.conf.d/kernel-2.6.32-573.7.1.el6.x86_64.conf:6: duplicate hwcap 1 nosegneg
ldconfig: /etc/ld.so.conf.d/kernel-2.6.32-573.8.1.el6.x86_64.conf:6: duplicate hwcap 1 nosegneg
ldconfig: /etc/ld.so.conf.d/kernel-2.6.32-642.1.1.el6.x86_64.conf:6: duplicate hwcap 1 nosegneg
/usr/lib64/mysql:
	libmysqlclient.so.16 -> libmysqlclient.so.16.0.0
	libmysqlclient_r.so.16 -> libmysqlclient_r.so.16.0.0
/usr/lib64/tcl8.5:
	libTix.so -> libTix.so
/lib:
	libbz2.so.1 -> libbz2.so.1.0.4
	libSegFault.so -> libSegFault.so
	libnsl.so.1 -> libnsl-2.12.so
	libgssapi_krb5.so.2 -> libgssapi_krb5.so.2.2
	libgmodule-2.0.so.0 -> libgmodule-2.0.so.0.2800.8
	libkeyutils.so.1 -> libkeyutils.so.1.3
	libncursesw.so.5 -> libncursesw.so.5.7
	libfreeblpriv3.so -> libfreeblpriv3.so
	libcrypt.so.1 -> libcrypt-2.12.so
	libanl.so.1 -> libanl-2.12.so
	libext2fs.so.2 -> libext2fs.so.2.4
	libutil.so.1 -> libutil-2.12.so
	libnss_nisplus.so.2 -> libnss_nisplus-2.12.so
	libncurses.so.5 -> libncurses.so.5.7
	libattr.so.1 -> libattr.so.1.1.0
	libnss_hesiod.so.2 -> libnss_hesiod-2.12.so
	libglib-2.0.so.0 -> libglib-2.0.so.0.2800.8
	libz.so.1 -> libz.so.1.2.3
	libselinux.so.1 -> libselinux.so.1
	libkrb5.so.3 -> libkrb5.so.3.3
	libdb-4.7.so -> libdb-4.7.so
	libc.so.6 -> libc-2.12.so
	libthread_db.so.1 -> libthread_db-1.0.so
	libresolv.so.2 -> libresolv-2.12.so
	libk5crypto.so.3 -> libk5crypto.so.3.1
	libreadline.so.6 -> libreadline.so.6.0

And so many other shared libraries…

ldconfig in verbose mode will spit out shared libraries and links, re caching them.

Once this is complete I ran:

ldd /bin/rpm

Which from the lunux man:

• ldd prints the shared objects (shared libraries) required by each program or shared object specified on the command line.

Output:

linux-vdso.so.1 =>  (0x00007fffaaeba000)
	librpmbuild.so.1 => /usr/lib64/librpmbuild.so.1 (0x00007fa244e32000)
	librpm.so.1 => /usr/lib64/librpm.so.1 (0x00007fa244bc7000)
	libmagic.so.1 => /usr/lib64/libmagic.so.1 (0x00007fa2449a7000)
	librpmio.so.1 => /usr/lib64/librpmio.so.1 (0x00007fa244778000)
	libselinux.so.1 => /lib64/libselinux.so.1 (0x00007fa244559000)
	libcap.so.2 => /lib64/libcap.so.2 (0x00007fa244354000)
	libacl.so.1 => /lib64/libacl.so.1 (0x00007fa24414c000)
	libdb-4.7.so => /lib64/libdb-4.7.so (0x00007fa243dd8000)
	libbz2.so.1 => /lib64/libbz2.so.1 (0x00007fa243bc6000)
	liblzma.so.0 => /usr/lib64/liblzma.so.0 (0x00007fa2439a5000)
	liblua-5.1.so => /usr/lib64/liblua-5.1.so (0x00007fa243778000)
	libm.so.6 => /lib64/libm.so.6 (0x00007fa2434f3000)
	libelf.so.1 => /usr/lib64/libelf.so.1 (0x00007fa2432dd000)
	libnss3.so => /usr/lib64/libnss3.so (0x00007fa242f9d000)
	libpopt.so.0 => /lib64/libpopt.so.0 (0x00007fa242d93000)
	libz.so.1 => /lib64/libz.so.1 (0x00007fa242b7d000)
	librt.so.1 => /lib64/librt.so.1 (0x00007fa242975000)
	libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fa242757000)
	libc.so.6 => /lib64/libc.so.6 (0x00007fa2423c3000)
	libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007fa2421ac000)
	libdl.so.2 => /lib64/libdl.so.2 (0x00007fa241fa8000)
	/lib64/ld-linux-x86-64.so.2 (0x00007fa24506c000)
	libattr.so.1 => /lib64/libattr.so.1 (0x00007fa241da3000)
	libnssutil3.so => /usr/lib64/libnssutil3.so (0x00007fa241b76000)
	libplc4.so => /lib64/libplc4.so (0x00007fa241971000)
	libplds4.so => /lib64/libplds4.so (0x00007fa24176d000)
	libnspr4.so => /lib64/libnspr4.so (0x00007fa24152e000)

Boom, problem solved. Yum is functional again.

As note, I cannot blame this on certbot, considering this system has been beaten down as a dev / trial. break & fix whatever was the flavor of the day for the last 3++ years. So this is by far the first issue I’ve caused by intentionally wreaking havok on a system. Comes with the territory.

When you have made an error in the freebsd rc.conf file, reboot and attempt to edit rc.conf, but the system tells you "this is a read only file" , so you cannot edit the very file which allows your system to boot, do this:

drop into a shell (which would be the default ‘thing’ to do) then type in this order:

fsck -y
mount -u /
mount -a -t ufs
swapon -a

Do your thing, and reboot.

Problem solved

iPerf3 from iPerf.fr:

• iPerf3 is a tool for active measurements of the maximum achievable bandwidth on IP networks. It supports tuning of various parameters related to timing, buffers and protocols (TCP, UDP, SCTP with IPv4 and IPv6).

• For each test it reports the bandwidth, loss, and other parameters. This is a new implementation that shares no code with the original iPerf and also is not backwards compatible.

• iPerf was orginally developed by NLANR/DAST. iPerf3 is principally developed by ESnet / Lawrence Berkeley National Laboratory. It is released under a three-clause BSD license.

Install iperf Debian

apt-get install iperf3

Starting a local server is not necessary if testing to a remote server.

Example test server:

iperf -c ping.online.net -i 2 -t 20 -r

---

Start iperf server

To start Iperf in server mode, use the below command.

iperf -s

---

Start server in daemon mode

Running the server without daemon mode keeps the process running in the terminal. Use the -D switch to run it as a daemon in the background.

iperf -s -D

---

Connecting to server from client

Iperf needs to run on the local host in client mode, as well as in server mode on the remote host. To connect to the remote host, add it’s IP address after the -c switch.

iperf -c <ip or host/domain name>

Bi-directional simultaneous (test the speed both ways at the same time)

Use the -d switch to test in the network bandwidth in both directions. This will perform two tests; one from local host to remote host, and another from the remote host to the local host.

iperf -c <ip or host/domain name> -d

---

Bi-directional testing (test the speed both one after another)

Use the -r switch to test in the network bandwidth in both directions. This is similar to -d except the tests will be performed in sequence; first from local host to remote host, and another from the remote host to the local host.

iperf -c <ip or host/domain name> -r

Change the window size

The TCP window size can be changed using the -w switch followed by the number of bytes to use. the below example shows a window size of 2KB. This can be used on either the server or the client.

iperf -c <ip or host/domain name> -w 2048

iperf -s -w 2048

---

Change the port

You must use the same port on both the client and the server for the two processes to communicate with each other. Use the -p switch followed by the port number to use on both the local and remote host.

iperf -c <ip or host/domain name> -p 9000

iperf -s -p 9000

---

Change the test duration

The default test duration of Iperf is 10 seconds. You can override the default with the -t switch followed by the time in seconds the test should last.

iperf -s -t 60

---

UDP instead of TCP

The default protocol for Iperf to use is TCP. You can change this to UDP with the -u switch. You will need to run both the client and server in UDP mode to perform the tests.

iperf -s -u
iperf -c -u

The result will have an extra metric for the packet loss which should be as low as possible, otherwise the packets will have to be re-transmitted using more bandwidth.

---

Run multiple threads

Iperf can spawn multiple threads to simultaneously send and receive data. Use the -P switch followed by the number of threads to use.

iperf -c -P 4

---

Check the version of Iperf

Use the -v switch to see the version of Iperf you have installed.

iperf -v

---

See the full list of arguments

Use the -h switch to see the full list of arguments supported by Iperf.

iperf -h

A nice list of iPerf servers can be found at iPerf.fr

Command line tests:

TestMy.net

wget -O /dev/null http://testmy.net/dl-100MB

---

Dacentec Location: Lenoir S.Carolina

wget -O /dev/null http://mirror.dacentec.com/10MB.bin

wget -O /dev/null http://mirror.dacentec.com/100MB.bin

wget -O /dev/null http://mirror.dacentec.com/1000MB.bin

CacheFly Location: CDN

wget -O /dev/null http://cachefly.cachefly.net/100mb.test

---

SoftLayer Location: USA and Amsterdam

wget -O /dev/null http://speedtest.wdc01.softlayer.com/downloads/test10000.zip

wget -O /dev/null http://speedtest.dal01.softlayer.com/downloads/test100.zip

wget -O /dev/null http://speedtest.sea01.softlayer.com/downloads/test100.zip

wget -O /dev/null http://speedtest.ams01.softlayer.com/downloads/test500.zip

---

Linode Location: USA, UK, and Japan

wget -O /dev/null http://speedtest.tokyo.linode.com/100MB-tokyo.bin
wget -O /dev/null http://speedtest.london.linode.com/100MB-london.bin
wget -O /dev/null http://speedtest.newark.linode.com/100MB-newark.bin
wget -O /dev/null http://speedtest.atlanta.linode.com/100MB-atlanta.bin
wget -O /dev/null http://speedtest.dallas.linode.com/100MB-dallas.bin
wget -O /dev/null http://speedtest.fremont.linode.com/100MB-fremont.bin

---

Leaseweb Location: USA and Netherlands

wget -O /dev/null http://mirror.nl.leaseweb.net/speedtest/1000mb.bin
wget -O /dev/null http://mirror.us.leaseweb.net/speedtest/1000mb.bin

---

FDCServer Location: USA

wget -O /dev/null http://lg.denver.fdcservers.net/100MBtest.zip

---

OVH Location: France

wget -O /dev/null http://proof.ovh.net/files/100Mb.dat

man systemctl

Name

systemctl — Control the systemd system and service manager Synopsis

systemctl [OPTIONS…] COMMAND [NAME…] Description

systemctl may be used to introspect and control the state of the “systemd” system and service manager. Please refer to systemd(1) for an introduction into the basic concepts and functionality this tool manages. Options

The following options are understood:

-t, --type=

The argument should be a comma-separated list of unit types such as service and socket.

If one of the arguments is a unit type, when listing units, limit display to certain unit types. Otherwise, units of all types will be shown.

As a special case, if one of the arguments is help, a list of allowed values will be printed and the program will exit.

–state=

The argument should be a comma-separated list of unit LOAD, SUB, or ACTIVE states. When listing units, show only those in the specified states. Use --state=failed to show only failed units.

As a special case, if one of the arguments is help, a list of allowed values will be printed and the program will exit.

-p, --property=

When showing unit/job/manager properties with the show command, limit display to properties specified in the argument. The argument should be a comma-separated list of property names, such as "MainPID". Unless specified, all known properties are shown. If specified more than once, all properties with the specified names are shown. Shell completion is implemented for property names.

For the manager itself, systemctl show will show all available properties. Those properties are documented in systemd-system.conf(5).

Properties for units vary by unit type, so showing any unit (even a non-existent one) is a way to list properties pertaining to this type. Similarly, showing any job will list properties pertaining to all jobs. Properties for units are documented in systemd.unit(5), and the pages for individual unit types systemd.service(5), systemd.socket(5), etc.

-a, --all

When listing units, show all loaded units, regardless of their state, including inactive units. When showing unit/job/manager properties, show all properties regardless whether they are set or not.

To list all units installed on the system, use the list-unit-files command instead.

-r, --recursive

When listing units, also show units of local containers. Units of local containers will be prefixed with the container name, separated by a single colon character (":").

–reverse

Show reverse dependencies between units with list-dependencies, i.e. follow dependencies of type WantedBy=, RequiredBy=, PartOf=, BoundBy=, instead of Wants= and similar. 

–after

With list-dependencies, show the units that are ordered before the specified unit. In other words, recursively list units following the After= dependency.

Note that any After= dependency is automatically mirrored to create a Before= dependency. Temporal dependencies may be specified explicitly, but are also created implicitly for units which are WantedBy= targets (see systemd.target(5)), and as a result of other directives (for example RequiresMountsFor=). Both explicitly and implicitly introduced dependencies are shown with list-dependencies.

–before

With list-dependencies, show the units that are ordered after the specified unit. In other words, recursively list units following the Before= dependency.

-l, --full

Do not ellipsize unit names, process tree entries, journal output, or truncate unit descriptions in the output of status, list-units, list-jobs, and list-timers.

–show-types

When showing sockets, show the type of the socket.

–job-mode=

When queuing a new job, this option controls how to deal with already queued jobs. It takes one of "fail", "replace", "replace-irreversibly", "isolate", "ignore-dependencies", "ignore-requirements" or "flush". Defaults to "replace", except when the isolate command is used which implies the "isolate" job mode.

If "fail" is specified and a requested operation conflicts with a pending job (more specifically: causes an already pending start job to be reversed into a stop job or vice versa), cause the operation to fail.

If "replace" (the default) is specified, any conflicting pending job will be replaced, as necessary.

If "replace-irreversibly" is specified, operate like "replace", but also mark the new jobs as irreversible. This prevents future conflicting transactions from replacing these jobs (or even being enqueued while the irreversible jobs are still pending). Irreversible jobs can still be cancelled using the cancel command.

"isolate" is only valid for start operations and causes all other units to be stopped when the specified unit is started. This mode is always used when the isolate command is used.

"flush" will cause all queued jobs to be canceled when the new job is enqueued.

If "ignore-dependencies" is specified, then all unit dependencies are ignored for this new job and the operation is executed immediately. If passed, no required units of the unit passed will be pulled in, and no ordering dependencies will be honored. This is mostly a debugging and rescue tool for the administrator and should not be used by applications.

"ignore-requirements" is similar to "ignore-dependencies", but only causes the requirement dependencies to be ignored, the ordering dependencies will still be honoured.

–fail

Shorthand for --job-mode=fail.

When used with the kill command, if no units were killed, the operation results in an error. 

-i, --ignore-inhibitors

When system shutdown or a sleep state is requested, ignore inhibitor locks. Applications can establish inhibitor locks to avoid that certain important operations (such as CD burning or suchlike) are interrupted by system shutdown or a sleep state. Any user may take these locks and privileged users may override these locks. If any locks are taken, shutdown and sleep state requests will normally fail (regardless of whether privileged or not) and a list of active locks is printed. However, if --ignore-inhibitors is specified, the locks are ignored and not printed, and the operation attempted anyway, possibly requiring additional privileges.

-q, --quiet

Suppress printing of the results of various commands and also the hints about truncated log lines. This does not suppress output of commands for which the printed output is the only result (like show). Errors are always printed.

–no-block

Do not synchronously wait for the requested operation to finish. If this is not specified, the job will be verified, enqueued and systemctl will wait until the unit's start-up is completed. By passing this argument, it is only verified and enqueued.

–user

Talk to the service manager of the calling user, rather than the service manager of the system.

–system

Talk to the service manager of the system. This is the implied default.

–no-wall

Do not send wall message before halt, power-off, reboot.

–global

When used with enable and disable, operate on the global user configuration directory, thus enabling or disabling a unit file globally for all future logins of all users.

–no-reload

When used with enable and disable, do not implicitly reload daemon configuration after executing the changes.

–no-ask-password

When used with start and related commands, disables asking for passwords. Background services may require input of a password or passphrase string, for example to unlock system hard disks or cryptographic certificates. Unless this option is specified and the command is invoked from a terminal, systemctl will query the user on the terminal for the necessary secrets. Use this option to switch this behavior off. In this case, the password must be supplied by some other means (for example graphical password agents) or the service might fail. This also disables querying the user for authentication for privileged operations.

–kill-who=

When used with kill, choose which processes to send a signal to. Must be one of main, control or all to select whether to kill only the main process, the control process or all processes of the unit. The main process of the unit is the one that defines the life-time of it. A control process of a unit is one that is invoked by the manager to induce state changes of it. For example, all processes started due to the ExecStartPre=, ExecStop= or ExecReload= settings of service units are control processes. Note that there is only one control process per unit at a time, as only one state change is executed at a time. For services of type Type=forking, the initial process started by the manager for ExecStart= is a control process, while the process ultimately forked off by that one is then considered the main process of the unit (if it can be determined). This is different for service units of other types, where the process forked off by the manager for ExecStart= is always the main process itself. A service unit consists of zero or one main process, zero or one control process plus any number of additional processes. Not all unit types manage processes of these types however. For example, for mount units, control processes are defined (which are the invocations of /usr/bin/mount and /usr/bin/umount), but no main process is defined. If omitted, defaults to all.

-s, --signal=

When used with kill, choose which signal to send to selected processes. Must be one of the well-known signal specifiers such as SIGTERM, SIGINT or SIGSTOP. If omitted, defaults to SIGTERM.

-f, --force

When used with enable, overwrite any existing conflicting symlinks.

When used with halt, poweroff, reboot or kexec, execute the selected operation without shutting down all units. However, all processes will be killed forcibly and all file systems are unmounted or remounted read-only. This is hence a drastic but relatively safe option to request an immediate reboot. If --force is specified twice for these operations, they will be executed immediately without terminating any processes or unmounting any file systems. Warning: specifying --force twice with any of these operations might result in data loss.

–message=

When used with halt, poweroff, reboot or kexec, set a short message explaining the reason for the operation. The message will be logged together with the default shutdown message.

–now

When used with enable, the units will also be started. When used with disable or mask, the units will also be stopped. The start or stop operation is only carried out when the respective enable or disable operation has been successful.

–root=

When used with enable/disable/is-enabled (and related commands), use an alternate root path when looking for unit files.

–runtime

When used with enable, disable, edit, (and related commands), make changes only temporarily, so that they are lost on the next reboot. This will have the effect that changes are not made in subdirectories of /etc but in /run, with identical immediate effects, however, since the latter is lost on reboot, the changes are lost too.

Similarly, when used with set-property, make changes only temporarily, so that they are lost on the next reboot.

–preset-mode=

Takes one of "full" (the default), "enable-only", "disable-only". When used with the preset or preset-all commands, controls whether units shall be disabled and enabled according to the preset rules, or only enabled, or only disabled.

-n, --lines=

When used with status, controls the number of journal lines to show, counting from the most recent ones. Takes a positive integer argument. Defaults to 10.

-o, --output=

When used with status, controls the formatting of the journal entries that are shown. For the available choices, see journalctl(1). Defaults to "short".

–firmware-setup

When used with the reboot command, indicate to the system's firmware to boot into setup mode. Note that this is currently only supported on some EFI systems and only if the system was booted in EFI mode.

–plain

When used with list-dependencies, list-units or list-machines, the the output is printed as a list instead of a tree, and the bullet circles are omitted.

-H, --host=

Execute the operation remotely. Specify a hostname, or a username and hostname separated by "@", to connect to. The hostname may optionally be suffixed by a container name, separated by ":", which connects directly to a specific container on the specified host. This will use SSH to talk to the remote machine manager instance. Container names may be enumerated with machinectl -H HOST.

-M, --machine=

Execute operation on a local container. Specify a container name to connect to.

–no-pager

Do not pipe output into a pager.

–no-legend

Do not print the legend, i.e. column headers and the footer with hints.

-h, --help

Print a short help text and exit. 

–version

Print a short version string and exit.

Commands

The following commands are understood: Unit Commands

list-units [PATTERN…]

List known units (subject to limitations specified with -t). If one or more PATTERNs are specified, only units matching one of them are shown.

This is the default command.

list-sockets [PATTERN…]

List socket units ordered by listening address. If one or more PATTERNs are specified, only socket units matching one of them are shown. Produces output similar to

LISTEN           UNIT                        ACTIVATES
/dev/initctl     systemd-initctl.socket      systemd-initctl.service
...
[::]:22          sshd.socket                 sshd.service
kobject-uevent 1 systemd-udevd-kernel.socket systemd-udevd.service

5 sockets listed.

Note: because the addresses might contains spaces, this output is not suitable for programmatic consumption.

See also the options --show-types, --all, and --state=.

list-timers [PATTERN…]

List timer units ordered by the time they elapse next. If one or more PATTERNs are specified, only units matching one of them are shown.

See also the options --all and --state=.

start PATTERN…

Start (activate) one or more units specified on the command line.

Note that glob patterns operate on a list of currently loaded units. Units which are not active and are not in a failed state usually are not loaded, and would not be matched by any pattern. In addition, in case of instantiated units, systemd is often unaware of the instance name until the instance has been started. Therefore, using glob patterns with start has limited usefulness.

stop PATTERN…

Stop (deactivate) one or more units specified on the command line.

reload PATTERN…

Asks all units listed on the command line to reload their configuration. Note that this will reload the service-specific configuration, not the unit configuration file of systemd. If you want systemd to reload the configuration file of a unit, use the daemon-reload command. In other words: for the example case of Apache, this will reload Apache's httpd.conf in the web server, not the apache.service systemd unit file.

This command should not be confused with the daemon-reload command.

restart PATTERN…

Restart one or more units specified on the command line. If the units are not running yet, they will be started.

try-restart PATTERN…

Restart one or more units specified on the command line if the units are running. This does nothing if units are not running. Note that, for compatibility with Red Hat init scripts, condrestart is equivalent to this command.

reload-or-restart PATTERN…

Reload one or more units if they support it. If not, restart them instead. If the units are not running yet, they will be started.

reload-or-try-restart PATTERN…

Reload one or more units if they support it. If not, restart them instead. This does nothing if the units are not running. Note that, for compatibility with SysV init scripts, force-reload is equivalent to this command.

isolate NAME

Start the unit specified on the command line and its dependencies and stop all others. If a unit name with no extension is given, an extension of ".target" will be assumed.

This is similar to changing the runlevel in a traditional init system. The isolate command will immediately stop processes that are not enabled in the new unit, possibly including the graphical environment or terminal you are currently using.

Note that this is allowed only on units where AllowIsolate= is enabled. See systemd.unit(5) for details.

kill PATTERN…

Send a signal to one or more processes of the unit. Use --kill-who= to select which process to kill. Use --signal= to select the signal to send.

is-active PATTERN…

Check whether any of the specified units are active (i.e. running). Returns an exit code 0 if at least one is active, or non-zero otherwise. Unless --quiet is specified, this will also print the current unit state to standard output.

is-failed PATTERN…

Check whether any of the specified units are in a "failed" state. Returns an exit code 0 if at least one has failed, non-zero otherwise. Unless --quiet is specified, this will also print the current unit state to standard output.

status [PATTERN…|PID…]]

Show terse runtime status information about one or more units, followed by most recent log data from the journal. If no units are specified, show system status. If combined with --all, also show the status of all units (subject to limitations specified with -t). If a PID is passed, show information about the unit the process belongs to.

This function is intended to generate human-readable output. If you are looking for computer-parsable output, use show instead. By default, this function only shows 10 lines of output and ellipsizes lines to fit in the terminal window. This can be changes with --lines and --full, see above. In addition, journalctl --unit=NAME or journalctl --user-unit=NAME use a similar filter for messages and might be more convenient. 

show [PATTERN…|JOB…]

Show properties of one or more units, jobs, or the manager itself. If no argument is specified, properties of the manager will be shown. If a unit name is specified, properties of the unit is shown, and if a job ID is specified, properties of the job is shown. By default, empty properties are suppressed. Use --all to show those too. To select specific properties to show, use --property=. This command is intended to be used whenever computer-parsable output is required. Use status if you are looking for formatted human-readable output.

cat PATTERN…

Show backing files of one or more units. Prints the "fragment" and "drop-ins" (source files) of units. Each file is preceded by a comment which includes the file name.

set-property NAME ASSIGNMENT…

Set the specified unit properties at runtime where this is supported. This allows changing configuration parameter properties such as resource control settings at runtime. Not all properties may be changed at runtime, but many resource control settings (primarily those in systemd.resource-control(5)) may. The changes are applied instantly, and stored on disk for future boots, unless --runtime is passed, in which case the settings only apply until the next reboot. The syntax of the property assignment follows closely the syntax of assignments in unit files.

Example: systemctl set-property foobar.service CPUShares=777

Note that this command allows changing multiple properties at the same time, which is preferable over setting them individually. Like unit file configuration settings, assigning the empty list to list parameters will reset the list.

help PATTERN…|PID…

Show manual pages for one or more units, if available. If a PID is given, the manual pages for the unit the process belongs to are shown.

reset-failed [PATTERN…]

Reset the "failed" state of the specified units, or if no unit name is passed, reset the state of all units. When a unit fails in some way (i.e. process exiting with non-zero error code, terminating abnormally or timing out), it will automatically enter the "failed" state and its exit code and status is recorded for introspection by the administrator until the service is restarted or reset with this command.

list-dependencies [NAME]

Shows units required and wanted by the specified unit. This recursively lists units following the Requires=, Requisite=, ConsistsOf=, Wants=, BindsTo= dependencies. If no unit is specified, default.target is implied.

By default, only target units are recursively expanded. When --all is passed, all other units are recursively expanded as well.

Options --reverse, --after, --before may be used to change what types of dependencies are shown.

Unit File Commands

list-unit-files [PATTERN…]

List installed unit files and their enablement state (as reported by is-enabled). If one or more PATTERNs are specified, only units whose filename (just the last component of the path) matches one of them are shown.

enable NAME…

Enable one or more unit files or unit file instances, as specified on the command line. This will create a number of symlinks as encoded in the "[Install]" sections of the unit files. After the symlinks have been created, the systemd configuration is reloaded (in a way that is equivalent to daemon-reload) to ensure the changes are taken into account immediately. Note that this does not have the effect of also starting any of the units being enabled. If this is desired, either --now should be used together with this command, or an additional start command must be invoked for the unit. Also note that, in case of instance enablement, symlinks named the same as instances are created in the install location, however they all point to the same template unit file.

This command will print the actions executed. This output may be suppressed by passing --quiet.

Note that this operation creates only the suggested symlinks for the units. While this command is the recommended way to manipulate the unit configuration directory, the administrator is free to make additional changes manually by placing or removing symlinks in the directory. This is particularly useful to create configurations that deviate from the suggested default installation. In this case, the administrator must make sure to invoke daemon-reload manually as necessary to ensure the changes are taken into account.

Enabling units should not be confused with starting (activating) units, as done by the start command. Enabling and starting units is orthogonal: units may be enabled without being started and started without being enabled. Enabling simply hooks the unit into various suggested places (for example, so that the unit is automatically started on boot or when a particular kind of hardware is plugged in). Starting actually spawns the daemon process (in case of service units), or binds the socket (in case of socket units), and so on.

Depending on whether --system, --user, --runtime, or --global is specified, this enables the unit for the system, for the calling user only, for only this boot of the system, or for all future logins of all users, or only this boot. Note that in the last case, no systemd daemon configuration is reloaded.

Using enable on masked units results in an error.

disable NAME…

Disables one or more units. This removes all symlinks to the specified unit files from the unit configuration directory, and hence undoes the changes made by enable. Note however that this removes all symlinks to the unit files (i.e. including manual additions), not just those actually created by enable. This call implicitly reloads the systemd daemon configuration after completing the disabling of the units. Note that this command does not implicitly stop the units that are being disabled. If this is desired, either --now should be used together with this command, or an additional stop command should be executed afterwards.

This command will print the actions executed. This output may be suppressed by passing --quiet.

This command honors --system, --user, --runtime and --global in a similar way as enable.

reenable NAME…

Reenable one or more unit files, as specified on the command line. This is a combination of disable and enable and is useful to reset the symlinks a unit is enabled with to the defaults configured in the "[Install]" section of the unit file.

preset NAME…

Reset one or more unit files, as specified on the command line, to the defaults configured in the preset policy files. This has the same effect as disable or enable, depending how the unit is listed in the preset files.

Use --preset-mode= to control whether units shall be enabled and disabled, or only enabled, or only disabled.

For more information on the preset policy format, see systemd.preset(5). For more information on the concept of presets, please consult the Preset document.

preset-all

Resets all installed unit files to the defaults configured in the preset policy file (see above).

Use --preset-mode= to control whether units shall be enabled and disabled, or only enabled, or only disabled.

is-enabled NAME…

Checks whether any of the specified unit files are enabled (as with enable). Returns an exit code of 0 if at least one is enabled, non-zero otherwise. Prints the current enable status (see table). To suppress this output, use --quiet.

Table 1.  is-enabled output
Name	Description	Exit Code
"enabled"	Enabled through a symlink in a .wants/ or .requires/ subdirectory of /etc/systemd/system/ (persistently) or /run/systemd/system/ (transiently).	0
"enabled-runtime"
"linked"	Made available through one or more symlinks to the unit file (permanently in /etc/systemd/system/ or transiently in /run/systemd/system/), even though the unit file might reside outside of the unit file search path.	> 0
"linked-runtime"
"masked"	Completely disabled, so that any start operation on it fails (permanently in /etc/systemd/system/ or transiently in /run/systemd/systemd/).	> 0
"masked-runtime"
"static"	The unit file is not enabled, and has no provisions for enabling in the "[Install]" section.	0
"indirect"	The unit file itself is not enabled, but it has a non-empty Also= setting in the "[Install]" section, listing other unit files that might be enabled.	0
"disabled"	Unit file is not enabled, but contains an "[Install]" section with installation instructions.	> 0
"bad"	Unit file is invalid or another error occured. Note that is-enabled will not actually return this state, but print an error message instead. However the unit file listing printed by list-unit-files might show it.	> 0

mask NAME…

Mask one or more unit files, as specified on the command line. This will link these units to /dev/null, making it impossible to start them. This is a stronger version of disable, since it prohibits all kinds of activation of the unit, including enablement and manual activation. Use this option with care. This honors the --runtime option to only mask temporarily until the next reboot of the system. The --now option can be used to ensure that the units are also stopped.

unmask NAME…

Unmask one or more unit files, as specified on the command line. This will undo the effect of mask.

link FILENAME…

Link a unit file that is not in the unit file search paths into the unit file search path. This requires an absolute path to a unit file. The effect of this can be undone with disable. The effect of this command is that a unit file is available for start and other commands although it is not installed directly in the unit search path.

add-wants TARGET NAME…, add-requires TARGET NAME…

Adds "Wants=" or "Requires=" dependencies, respectively, to the specified TARGET for one or more units.

This command honors --system, --user, --runtime and --global in a way similar to enable.

edit NAME…

Edit a drop-in snippet or a whole replacement file if --full is specified, to extend or override the specified unit.

Depending on whether --system (the default), --user, or --global is specified, this command creates a drop-in file for each unit either for the system, for the calling user, or for all futures logins of all users. Then, the editor (see the "Environment" section below) is invoked on temporary files which will be written to the real location if the editor exits successfully.

If --full is specified, this will copy the original units instead of creating drop-in files.

If --runtime is specified, the changes will be made temporarily in /run and they will be lost on the next reboot.

If the temporary file is empty upon exit, the modification of the related unit is canceled.

After the units have been edited, systemd configuration is reloaded (in a way that is equivalent to daemon-reload).

Note that this command cannot be used to remotely edit units and that you cannot temporarily edit units which are in /etc, since they take precedence over /run.

get-default

Return the default target to boot into. This returns the target unit name default.target is aliased (symlinked) to.

set-default NAME

Set the default target to boot into. This sets (symlinks) the default.target alias to the given target unit.

Machine Commands

list-machines [PATTERN…]

List the host and all running local containers with their state. If one or more PATTERNs are specified, only containers matching one of them are shown. 

Job Commands

list-jobs [PATTERN…]

List jobs that are in progress. If one or more PATTERNs are specified, only jobs for units matching one of them are shown.

cancel JOB…

Cancel one or more jobs specified on the command line by their numeric job IDs. If no job ID is specified, cancel all pending jobs.

Environment Commands

show-environment

Dump the systemd manager environment block. The environment block will be dumped in straight-forward form suitable for sourcing into a shell script. This environment block will be passed to all processes the manager spawns.

set-environment VARIABLE=VALUE…

Set one or more systemd manager environment variables, as specified on the command line.

unset-environment VARIABLE…

Unset one or more systemd manager environment variables. If only a variable name is specified, it will be removed regardless of its value. If a variable and a value are specified, the variable is only removed if it has the specified value.

import-environment [VARIABLE…]

Import all, one or more environment variables set on the client into the systemd manager environment block. If no arguments are passed, the entire environment block is imported. Otherwise, a list of one or more environment variable names should be passed, whose client-side values are then imported into the manager's environment block.

Manager Lifecycle Commands

daemon-reload

Reload the systemd manager configuration. This will rerun all generators (see systemd.generator(7)), reload all unit files, and recreate the entire dependency tree. While the daemon is being reloaded, all sockets systemd listens on behalf of user configuration will stay accessible.

This command should not be confused with the reload command.

daemon-reexec

Reexecute the systemd manager. This will serialize the manager state, reexecute the process and deserialize the state again. This command is of little use except for debugging and package upgrades. Sometimes, it might be helpful as a heavy-weight daemon-reload. While the daemon is being reexecuted, all sockets systemd listening on behalf of user configuration will stay accessible. 

System Commands

is-system-running

Checks whether the system is operational. This returns success (exit code 0) when the system is fully up and running, specifically not in startup, shutdown or maintenance mode, and with no failed services. Failure is returned otherwise (exit code non-zero). In addition, the current state is printed in a short string to standard output, see the table below. Use --quiet to suppress this output.

Table 2. is-system-running output
Name	Description	Exit Code
initializing	

Early bootup, before basic.target is reached or the maintenance state entered.
	> 0
starting	

Late bootup, before the job queue becomes idle for the first time, or one of the rescue targets are reached.
	> 0
running	

The system is fully operational.
	0
degraded	

The system is operational but one or more units failed.
	> 0
maintenance	

The rescue or emergency target is active.
	> 0
stopping	

The manager is shutting down.
	> 0
offline	

The manager is not running. Specifically, this is the operational state if an incompatible program is running as system manager (PID 1).
	> 0
unknown	

The operational state could not be determined, due to lack of resources or another error cause.
	> 0

default

Enter default mode. This is mostly equivalent to isolate default.target.

rescue

Enter rescue mode. This is mostly equivalent to isolate rescue.target, but also prints a wall message to all users.

emergency

Enter emergency mode. This is mostly equivalent to isolate emergency.target, but also prints a wall message to all users.

halt

Shut down and halt the system. This is mostly equivalent to start halt.target --job-mode=replace-irreversibly, but also prints a wall message to all users. If combined with --force, shutdown of all running services is skipped, however all processes are killed and all file systems are unmounted or mounted read-only, immediately followed by the system halt. If --force is specified twice, the operation is immediately executed without terminating any processes or unmounting any file systems. This may result in data loss.

poweroff

Shut down and power-off the system. This is mostly equivalent to start poweroff.target --job-mode=replace-irreversibly, but also prints a wall message to all users. If combined with --force, shutdown of all running services is skipped, however all processes are killed and all file systems are unmounted or mounted read-only, immediately followed by the powering off. If --force is specified twice, the operation is immediately executed without terminating any processes or unmounting any file systems. This may result in data loss.

reboot [arg]

Shut down and reboot the system. This is mostly equivalent to start reboot.target --job-mode=replace-irreversibly, but also prints a wall message to all users. If combined with --force, shutdown of all running services is skipped, however all processes are killed and all file systems are unmounted or mounted read-only, immediately followed by the reboot. If --force is specified twice, the operation is immediately executed without terminating any processes or unmounting any file systems. This may result in data loss.

If the optional argument arg is given, it will be passed as the optional argument to the reboot(2) system call. The value is architecture and firmware specific. As an example, "recovery" might be used to trigger system recovery, and "fota" might be used to trigger a “firmware over the air” update.

kexec

Shut down and reboot the system via kexec. This is mostly equivalent to start kexec.target --job-mode=replace-irreversibly, but also prints a wall message to all users. If combined with --force, shutdown of all running services is skipped, however all processes are killed and all file systems are unmounted or mounted read-only, immediately followed by the reboot.

exit [EXIT_CODE]

Ask the systemd manager to quit. This is only supported for user service managers (i.e. in conjunction with the --user option) or in containers and is equivalent to poweroff otherwise.

The systemd manager can exit with a non-zero exit code if the optional argument EXIT_CODE is given.

switch-root ROOT [INIT]

Switches to a different root directory and executes a new system manager process below it. This is intended for usage in initial RAM disks ("initrd"), and will transition from the initrd's system manager process (a.k.a. "init" process) to the main system manager process. This call takes two arguments: the directory that is to become the new root directory, and the path to the new system manager binary below it to execute as PID 1. If the latter is omitted or the empty string, a systemd binary will automatically be searched for and used as init. If the system manager path is omitted or equal to the empty string, the state of the initrd's system manager process is passed to the main system manager, which allows later introspection of the state of the services involved in the initrd boot.

suspend

Suspend the system. This will trigger activation of the special suspend.target target. 

hibernate

Hibernate the system. This will trigger activation of the special hibernate.target target. 

hybrid-sleep

Hibernate and suspend the system. This will trigger activation of the special hybrid-sleep.target target.

Parameter Syntax

Unit commands listed above take either a single unit name (designated as NAME), or multiple unit specifications (designated as PATTERN…). In the first case, the unit name with or without a suffix must be given. If the suffix is not specified, systemctl will append a suitable suffix, “.service” by default, and a type-specific suffix in case of commands which operate only on specific unit types. For example,

systemctl start sshd

and

systemctl start sshd.service

are equivalent, as are

systemctl isolate default

and

systemctl isolate default.target

Note that (absolute) paths to device nodes are automatically converted to device unit names, and other (absolute) paths to mount unit names.

systemctl status /dev/sda

systemctl status /home

are equivalent to:

systemctl status dev-sda.device

systemctl status home.mount

In the second case, shell-style globs will be matched against currently loaded units; literal unit names, with or without a suffix, will be treated as in the first case. This means that literal unit names always refer to exactly one unit, but globs may match zero units and this is not considered an error.

Glob patterns use fnmatch(3), so normal shell-style globbing rules are used, and “*”, “?”, “[]” may be used. See glob(7) for more details. The patterns are matched against the names of currently loaded units, and patterns which do not match anything are silently skipped. For example:

systemctl stop sshd@*.service

will stop all sshd@.service instances.

For unit file commands, the specified NAME should be the full name of the unit file, or the absolute path to the unit file:

systemctl enable foo.service

or

systemctl link /path/to/foo.service

Exit status

On success, 0 is returned, a non-zero failure code otherwise. Environment

$SYSTEMD_EDITOR

Editor to use when editing units; overrides $EDITOR and $VISUAL. If neither $SYSTEMD_EDITOR nor $EDITOR nor $VISUAL are present or if it is set to an empty string or if their execution failed, systemctl will try to execute well known editors in this order: editor(1), nano(1), vim(1), vi(1). 

$SYSTEMD_PAGER

Pager to use when --no-pager is not given; overrides $PAGER. Setting this to an empty string or the value "cat" is equivalent to passing --no-pager.

$SYSTEMD_LESS

Override the default options passed to less ("FRSXMK").

See Also

systemd(1), journalctl(1), loginctl(1), machinectl(1), systemd.unit(5), systemd.resource-control(5), systemd.special(7), wall(1), systemd.preset(5), systemd.generator(7), glob(7)

systemctl Lists all loaded units or:

systemctl list-units

systemctl --failed List failed

systemctl status Print status from all units

To list all units on the machine, loaded or not:

systemctl list-unit-files

---

“A unit configuration file encodes information about a service, a socket, a device, a mount point, an automount point, a swap file or partition, a start-up target, a watched file system path, a timer controlled and supervised by systemd(1), a resource management slice or a group of externally created processes.”

systemd [unit]

systemctl enable [unit]

systemctl disable [unit]

systemctl start [unit]

systemctl stop [unit]

systemctl mask [unit]

systemctl unmask [unit]

systemctl restart [unit]

systemctl reload [unit]

systemctl reset-failed [unit]

---

Change unit definitions

systemctl edit [unit]

systemctl daemon-reload Reload after modifying/adding configs [units]

Global definitions from /lib/systemd/system will then be overruled by the new file in /etc/systemd/system

---

Listing Processes / Containers

To help identify cgroup/process relations run

ps xawf -eo pid,user,cgroup,args

---

Performance

Print startup time per service

systemd-analyze blame

---

Logging

journalctl Print all log entries

journalctl -b Print everything since boot

journalctl -u [unit] Print for unit only

journalctl --no-pager Non-interactive mode

journalctl --vacuum-size=50M Remove logs until less than 50MB is used ; good for those run away log times

journalctl --vacuum-time=1week Remove logs older than one week

---

Misc systemd commands

systemctl status

systemctl is-enabled [unit]

systemctl is-failed [unit]

Example:systemctl is-enabled nginx.service

Will print something to this effect:

  nginx.service - A high performance web server and a reverse proxy server
  Loaded: loaded (/lib/systemd/system/nginx.service; enabled)
  Active: active (running) since Sun 2016-01-03 14:18:21 EST; 1 day 21h ago
Main PID: 312 (nginx)
  CGroup: /system.slice/nginx.service
       ├─312 nginx: master process /usr/sbin/nginx -g daemon master_process on;
       ├─315 nginx: worker process
       ├─316 nginx: worker process
       ├─317 nginx: worker process
       └─319 nginx: worker process

---

Printing unit dependencies

systemctl list-dependencies nginx.service

---

The latter Rely on dbus being installed

apt-get update && apt-get install -y dbus

hostnamectl timedatectl localectl loginctl systemd-detect-virt

Locating files using the find command

The find command is a powerful utility that allows the user to find files located in the file system via criteria such as the file name, when file was last accessed, when the file status was last changed, the file’s permissions, owner, group, size.

---

Find a file “foo.bar” that exists somewhere in the file system

find / -name foo.bar -print

On most platforms the -print is optional, however, on some systems nothing will be output without it. Without specifications find searches recursively through all directories.

---

Find a file without searching network or mounted file systems

find / -name foo.bar -print -xdev

This is useful if you have network drives that you know the file would not be located on. “-mount” does the same thing as “-xdev” for compatibility with other versions of find.

---

Find a file without showing “Permission Denied” messages

find / -name foo.bar -print 2>/dev/null

When find tries to search a directory or file that you do not have permission to read the message “Permission Denied” will be output to the screen. The 2>/dev/null option sends these messages to /dev/null so that the found files are easily viewed.

---

Find a file, who’s name ends with .bar, within the current directory and only search 2 directories deep

find . -name *.bar -maxdepth 2 -print

---

Search directories “./dir1” and “./dir2” for a file "foo.bar

find ./dir1 ./dir2 -name foo.bar -print

---

Search for files that are owned by the user “skippie”

find /some/directory -user skippie -print

The files output will belong to the user “skippie”. Similar criteria are -uid to search for a user by their numerical id, -group to search by a group name, and -gid to search by a group id number.

---

Find a file that is a certain type. “-type l” searches for symbolic links

find /any/directory -type l -print

---

Several types of files can be searched for: Several types of files can be searched for:

• b block (buffered) special

• c character (unbuffered) special

• d directory

• p named pipe (FIFO)

• f regular file

• l symbolic link

• s socket

---

Search for directories that contain the phrase “foo” but do not end in “.bar”

find . -name '*foo*' ! -name '*.bar' -type d -print

The “!” allows you to exclude results that contain the phrases following it.

find becomes extremely useful when combined with other commands. One such combination would be using find and grep together.

find ~/documents -type f -name '*.txt' \ -exec grep -s DOGS {} \; -print

SCP or (secure copy) allows you to move files even entire directories to, or from local and or remote hosts, using the same authentication and securtiy levels as SSH.

Copy the file “foobar.txt” from a remote host to the local host

    $ scp username@site.com:foobar.txt /local/directory

Copy the file “foobar.txt” from the local host to a remote host

    $ scp foobar.txt username@remotehost.com:/path/to/directory

Copy the directory “foo” from the local host to a remote host’s directory “bar”

    $ scp -r foo username@remotehost.com:/remote/directory/bar

Copy the file “foobar.txt” from remote host “site1.com” to remote host “site2.com”

    $ scp username@site1.com:/remote/directory/foobar.txt \username@site2.com:/remote/directory/

Copying the files “foo.txt” and “bar.txt” from the local host to your home directory on the remote host

    $ scp foo.txt bar.txt username@site.com:~

Copy the file “foobar.txt” from the local host to a remote host using port 1000 (or whatever ssh port your running on)

    $ scp -P 1000 foobar.txt username@site.com:/remote/directory

Copy multiple files from the remote host to your current directory on the local host

    $ scp username@site.com:/remote/directory/\{a,b,c\} .

    $ scp username@site.com:~/\{foo.txt,bar.txt\} .

By default scp uses the Triple-DES cipher to encrypt the data being sent. Using the Blowfish cipher has been shown to increase speed on slower connections. This can be done by using option -c blowfish in the command line.

$ scp -c blowfish file.txt username@site.com:~

Use the -C option for compression, and a bit of speed. If you have a fast connection you might not notice much of a difference. However it is a bit more CPU intensive due to the algorithms used to generate the encryption.

Blowfish scp example:

    $ scp -c blowfish -C file.txt username@site.com:~

Deleting files To delete a file you must first have write permission to it. For information about permissions, basic file permissions Once you have write permission, in a terminal run:

rm filename

There is no “Recycle Bin” in Linux so once you delete a file, it’s gone for good.

When removing files, you may use an astrix (*) as a wildcard flag to remove certain files, for example if I wanted to remove all files that began with the letter j, I would run

rm j\

If anyone tells you to run rm -rf / as root, DO NOT LISTEN TO THEM. Running this command will delete all the files/directories on your Linux system.

Deleting directories

If you have ownership to the directory and the directory is empty, you can simply type:

rmdir directoryname

To remove the directory. If the directory is not empty and you wish to simply delete it and all its contents, run:

rm -rf directoryname

Be cautious with the -rf flag, as it will remove everything in the specified directory including sub directories. With root access and the rm -rf command you can wipe out your entire system if you make an error.