In this chapter, we will discover the following:
Most Linux commands are very flexible. When you enter a Linux command, there are several ways to tailor the basic command to your specific needs. We will look at the two main ways used to modify the effect of a command:
A simple way to picture what a Linux command does is to imagine that it's a black box that is part of an assembly line. Items come down a conveyor belt, enter the black box, get processed in some way, come out of the black box, and are taken away on
another conveyor belt. Command options let you fine-tune the basic process happening inside the black box. Command redirection lets you specify which conveyor belt will supply the black box with items and which conveyor belt will take away the resulting
products.
Once you understand how redirection and command options work, you will be able to (at least in principle) use any Linux or UNIX command. This is because UNIX was based on a few simple design principles. Commands, therefore, should work in consistent
ways. Of course, UNIX has grown and changed over the years, and the design principles can sometimes get buried under all the changes. But they still make up the foundation, so that UNIX-based systems such as Linux are quite coherent and consistent in how
they work.
Pressing Ctrl-U at any point, right up to before you press Enter, lets you clear everything you've typed on the command line. You can use this whenever you spot an error at the very beginning of your typing, or when you decide you don't want to run a particular command after all. You can also use the Backspace key to "back up" by erasing characters (in fact, it can be almost a reflex action), but it's usually faster to just erase the whole command line and start again.
Perhaps the most powerful keys to use at the command prompt are the arrow keys. The left and right arrows move the cursor non-destructively. If you make a typo early in the line, you can left-arrow your way to the character and type in a correction. Additionally, the up and down arrows enable you to jump through a list of the last several commands used (similar to DOS's DOSKEY utility).
You can use command options to fine-tune the actions of a Linux command. Quite often, a Linux command will do almostbut not quitewhat you want it to do. Instead of making you learn a second command, Linux lets you modify the basic, or
default, actions of the command by using options.
The ls command is an excellent, and useful, example of a command that has a great many options. The ls command lists the files found on the Linux system's hard drive. This sounds simple enough, doesn't it? Try entering the command
darkstar:~$ ls darkstar:~$
Well, nothing much seemed to happen.
Now try typing ls -a. Type it exactly as listed. The space between ls and -a is necessary, and there must be no space between the - and the a.
darkstar:~$ ls -a ./ .bash_history .less .term/ ../ .kermrc .lessrc
What you have done is modified what ls does by adding a command optionin this case, -a. By default, ls lists only files whose names don't begin with a period. However, -a tells ls to list all files, even ones that begin with a period. (These are
usually special files created for you by Linux.) At present, all the files in your directory start with a period, so ls by itself does not list any files; you must add -a to see the files you have at present.
The ls command has many more options. You can use more than one option at a time. For example, try typing ls -al:
darkstar:~$ ls -al total 10 drwxr-xr-x 3 fido users 1024 Dec 21 22:11 ./ drwxr-xr-x 6 root root 1024 Dec 14 01:39 ../ -rw-rr 1 fido users 333 Dec 21 22:11 .bash_history -rw-rr 1 fido users 163 Dec 7 14:31 .kermrc -rw-rr 1 fido users 34 Jun 6 1993 .less -rw-rr 1 fido users 114 Nov 23 1993 .lessrc drwxr-xr-x 2 fido users 1024 Dec 7 13:36 .term/
You now get a listing with many more details about the files. (These will be explained in Chapter 8, "The Linux File System.") The l option can be used by itself; ls -l will give detailed descriptions of files that
don't begin with a period. Sometimes filenames are so long they don't fit on a single line. Linux simply wraps the remainder to the next line.
Strictly speaking, the dash (-) is not part of the command option. The dash simply tells Linux to understand each letter immediately following it as a command option. There must be a space before the dash, and there must not be a space between the dash and the letter or letters making up the command option. There must be a space after the command option if anything else is to be entered on the command line after it.
You can type more than one command option after the dash, as we did with ls -al. In this case, we are specifying both the a and the l options. The order you specify options in usually doesn't matter; ls -al will give the same results as ls -la. Combining options doesn't work with all Linux commands, and then only with those that use a single letter to specify each option.
Multiple options can also be specified individually, with each option preceded by a dash and separated from other options by spacesfor example, ls -a -l. This is usually done only when a particular option requires a further parameter.
By default, ls lists files in alphabetical order. Sometimes you might be more interested in when a file was created or last modified. The t option tells ls to sort files by date instead of alphabetically by filename, showing the newest files first.
Therefore, typing ls -alt gives
darkstar:~$ ls -alt total 10 drwxr-xr-x 3 fido users 1024 Jan 2 13:48 ./ -rw-rr 1 fido users 333 Dec 21 22:11 .bash_history drwxr-xr-x 6 root root 1024 Dec 14 01:39 ../ -rw-rr 1 fido users 163 Dec 7 14:31 .kermrc drwxr-xr-x 2 fido users 1024 Dec 7 13:36 .term/ -rw-rr 1 fido users 114 Nov 23 1993 .lessrc -rw-rr 1 fido users 34 Jun 6 1993 .less
The r option tells ls to produce a reverse output. This is often used with the t option. The following is an example of what you might get if you entered ls -altr:
darkstar:~$ ls -altr total 10 -rw-rr 1 fido users 34 Jun 6 1993 .less -rw-rr 1 fido users 114 Nov 23 1993 .lessrc drwxr-xr-x 2 fido users 1024 Dec 7 13:36 .term/ -rw-rr 1 fido users 163 Dec 7 14:31 .kermrc drwxr-xr-x 6 root root 1024 Dec 14 01:39 ../ -rw-rr 1 fido users 333 Dec 21 22:11 .bash_history drwxr-xr-x 3 fido users 1024 Jan 2 13:48 ./
Many other options can be used with ls, although we have now tried the most commonly used ones. The important thing to remember is that you can usually customize a Linux command by using one or more command options.
As with basic Linux commands, case is important! For instance, ls has an R option (recursive: show files in subdirectories, too) that gives much different results from the r option.
You can think of a as the "all files" option, l as the "long list" option, t as the "sort by time" option, r as the "reverse sort" option, and so on. In fact, most options in Linux are mnemonicthe option letter stands for a word or phrase. Some option letters mean the same thing in many different Linux commands. For instance, v often means verbosein other words, "Give me lots of detail."
However, do not assume that, on any unfamiliar command, certain options will work in the "usual" way! For instance, r is the recursive option for many Linux commands; however, in the case of ls, reverse sort is more commonly used, and therefore it gets the easier-to-type lowercase r, while recursive is left with the capital R. It might seem like not much extra effort to press the Shift key to get the capital letter, but try typing a string of four or five options, one of which is capitalized!
You can easily find out which options are available for any Linux command by using the man command. See the section "The Linux Man Pages" later in this chapter.
Linux commands often use parameters that are not actual command options. These parameters, such as filenames or directories, are not preceded by a dash.
For instance, by default ls lists the files in your current directory. You can, however, tell ls to list the files in any other directory simply by adding the directory to the command line. For instance, ls /bin will list everything in the /bin
directory. This can be combined with command options, so that ls -l /bin gives you detailed listings of the files in /bin. Try this. You will be impressed by the number of files in the /bin directory!
You can also specify ls to list information about any particular file by entering its filename. For instance, ls -la .lessrc gives detailed information only about the .lessrc file.
Many Linux commands let you specify which file or directory they are to act upon, as we saw with the example ls -l /bin earlier.
You can also "pipe" the output from a command so that it becomes another command's input. This is done by typing two or more commands separated by the | character. (This character normally is found on the same key as the \ character. You must
hold down the Shift key or you will get \ instead of |). The | character means "Use the output from the previous command as the input for the next command." Therefore, typing command_1|command_2 does both commands, one after the other, before
giving you the results.
Using our assembly-line metaphor, we are processing items through two black boxes instead of just one. When we use piping, it's like hooking up the first command's output conveyor belt to become the input conveyor belt for the second command.
Although Linux doesn't care whether | is set off by spaces, if command_1 | command_2 is easier for you to read and understand than command_1|command_2, by all means use spaces around |.
You will have noticed that the output of ls -l /bin is many lines long, so that much of the information scrolls off the screen before you can read it. You can pipe this output to a formatting program called more, which displays information in
screen-sized chunks. When you enter ls -l /bin | more, you will see the following:
darkstar:~$ ls -l /bin | more total 1611 -rwxr-xr-x 1 root bin 1248 Sep 17 04:25 arch* -rwxr-xr-x 1 root bin 295940 Sep 5 01:45 bash* -rwxr-xr-x 1 root bin 4840 Nov 24 1993 cat* -rwxr-xr-x 1 root bin 9220 Jul 20 12:06 chgrp* -rwxr-xr-x 1 root bin 13316 Jul 20 12:06 chmod* -rwxr-xr-x 1 root bin 13316 Jul 20 12:06 chown* lrwxrwxrwx 1 root root 17 Dec 7 13:37 compress -> /usr/bin/comp_ress* -rwxr-xr-x 1 root bin 21508 Jul 20 12:06 cp* -rwxr-xr-x 1 root bin 41988 May 1 1994 cpio* lrwxrwxrwx 1 root root 4 Dec 7 13:40 csh -> tcsh* -rwxr-xr-x 1 root bin 5192 Nov 24 1993 cut* -rwxr-xr-x 1 root bin 19872 Mar 23 1994 date* -rwxr-xr-x 1 root bin 17412 Jul 20 12:06 dd* -rwxr-xr-x 1 root bin 13316 Jul 20 12:06 df* -rwxr-xr-x 1 root bin 66564 Jun 9 1994 dialog* -rwxr-xr-x 1 root bin 1752 Sep 17 04:25 dmesg* lrwxrwxrwx 1 root root 8 Dec 7 13:37 dnsdomainname -> hostname* -rwxr-xr-x 1 root bin 13316 Jul 20 12:06 du* -rwxr-xr-x 1 root bin 3312 Mar 23 1994 echo* -rwxr-xr-x 1 root bin 36684 May 4 1994 ed* -rwxr-xr-x 1 root bin 326 Mar 23 1994 false* More
The More at the bottom of the screen tells you that there's more text to come. To go to the next screen of text, press the spacebar. Every time you press the spacebar, more displays another screenful of text. When the last screenful of text
has been displayed, more returns you to the Linux prompt.
The more command can do many other things. For instance, to move back one screen at a time, type b for "back." Another useful command is q for "quit." This lets you leave immediately, without having to go through all the remaining screens of text.
While in more, type h for "help." This will list the commands available within more.
The Linux system sometimes uses the command less instead of more. One difference you will notice is that, unlike more, less requires you to type q to return to the command line, even if you're at the end of the text to be displayed. This might seem cumbersome, but it prevents you from accidentally exiting the program by pressing the spacebar once too often.
The name less is a play on more. Originally, less was designed to have many features that more lacked. The version of more included in your Linux system has most of these features, however.
The Linux man program, discussed later, uses less to display text. Most other UNIX systems use more by default. Don't get confused. Remember to type q to exit from less!
Another thing you can do in Linux is to send output to a file instead of the screen. There are many different reasons why you might want to do this. You might want to save a "snapshot" of a command's output as it was at a certain time, or you
might want to save a command's output for further examination. You might also want to save the output from a command that takes a very long time to run, and so on.
To send output to a file, use the > symbol (found above the period on your keyboard). For instance, you can place the output of the ls -l /bin command into a file called test by typing ls -l /bin > test. Again, spaces around > are optional and
not strictly necessary, but they do make the command much more readable.
If you now do an ls or ls -l, you will see that you've created a new file called test in your own directory.
To see the contents of a file, you can again use the more command. Just specify the name of the file you want to look at. In this case, you would type more test.
Be careful! When you use >, you completely overwrite the previous contents of the file you specify to take the output (if that file existed). For example, if we already had a file called test in our directory, its old contents would be completely replaced by the output from ls -l /bin. Linux will not warn you that you are about to do this!
Be particularly careful if you're not in your usual directory, or if you're logged in as root. You could, for instance, accidentally clobber the Linux program test, which exists as a file named testfortunately, not in the directory where we created our test file! It's a good idea to check if the output file already exists before using >. In our example, we could have typed ls -l test beforehand. If no information is displayed, the file does not exist.
You can specify that you want to add your output to the end of the file, rather than replace the file's contents, by using >>. Type who >> test to add the output of the who command to the end of the text already in the file test.
You can examine the results by using either more or less and paging through to the end of the file, or by using the Linux command tail, which displays the last few lines of the specified file. In this case, you would type tail test to see the last few
lines of the file test. Try using tail!
For a more detailed discussion of redirection and piping, see Chapter 10, "Using bash."
There is a set of accepted notational conventions used to describe, in a concise and consistent way, the correct syntax for any given Linux command. This specifies what options or parameters you must use, what options or parameters you can use or not
use, and so on. Sometimes this set of conventions is used to give a complete and exhaustive listing of a command's syntax, showing every possible command and parameter. Sometimes it is used to make a particular example more general and the command's basic
usage clearer.
If you remember the following six basic rules, you will be able, in principle, to understand the syntax of any Linux or UNIX command.
Linux has help facilities available online. If you forget the exact use of a command, or you're looking for the right command to use, the answer might be available straight from Linux. The two help facilities we will try out are the bash shell's help
command, and the man command, which is available on almost all UNIX systems, including Linux.
If you have not installed the man pages package, you should do so now. Although it is possible to get by without man pages, they are a very valuable resource for both novice and expert Linux users.
The "man" in "man pages" stands for "manual." (As usual, the creators of UNIX shortened a long but descriptive word to a shorter, cryptic one!) Typing man <command> lets you view the manual pages dealing with a
particular command.
Try typing man passwd to see what the Linux manual has to say about the passwd command.
The general layout of a man page is as follows:
COMMAND(1) Linux Programmer's Manual COMMAND(1) NAME command - summary of what command does SYNOPSIS <complete syntax of command in the standard Linux form> DESCRIPTION More verbose explanation of what "command" does. OPTIONS Lists each available option with description of what it does FILES lists files used by, or related to, command SEE ALSO command_cousin(1), command_spouse(1), etc. BUGS There are bugs in Linux commands?? AUTHOR J. S. Goobly (goobly@hurdly-gurdly.boondocks) Linux 1.0 22 June 1994 1
The man page for passwd is actually quite understandable. Be warned, however, that man pages are often written in a very formal and stylized way that sometimes bears little resemblance to English. This is done not to baffle people, but to cram a great
deal of information into as short a description as possible.
For example, try man ls. Notice how many options are available for ls and how long it takes to explain them!
Although it can take practice (and careful reading!) to understand man pages, once you get used to them, the first thing you'll do when you encounter a strange command is call up the man page for that command.
Sometimes you know what you want to do, but you don't know which command you should use to do it. You can use the keyword option by typing man -k <keyword>. The man program will return the name of every command whose name entry (which includes a
very brief description) contains that keyword.
For instance, you can search on manual:
darkstar:~$ man -k manual man (1) - Format and display the on-line manual pages whereis (1) - Locate binary, manual, and or source for program xman (1) - Manual page display program for the X Window System
You have to be careful to specify your keyword well, though! Using directory as your keyword isn't too bad, but using file will give you many more entries than you will want to wade through.
You might have noticed that commands seem to be followed by numbers in brackets, usually (1). This refers to the manual section. Back in the days when UNIX manuals came in printed, bound volumes, normal commands were in Section 1, files used by administrators were in Section 5, programming routines were described in Section 3, and so on.
Therefore, some man pages are not about commands at all, but rather about files or system calls used in Linux!
If a particular entry shows up in more than one section, man will show you the lowest-numbered entry by default. You can see higher-numbered entries by specifying the section number. For instance, Section 5 has a manual entry on the passwd file. To see this rather than the manual entry for the passwd command type man 5 passwd.
When you type a command at the prompt, the shell program takes what you've written, interprets it as necessary, and passes the result to the Linux operating system. Linux then performs the actions requested of it. Many Linux commands require Linux to
find and start up a new program. However, the shell itself can perform a number of functions. These functions can be simple, often-used commands, so that the overhead of starting up separate programs is eliminated, or they can be facilities that make the
shell environment friendlier and more useful. One of these facilities is the help command, which provides information on the bash shell's built-in functions.
Type help at the prompt. You will see at least some of the following:
GNU bash, version 1.14.6(1) Shell commands that are defined internally. Type 'help' to see this list. Type 'help name' to find out more about the function 'name'. Use 'info bash' to find out more about the shell in general. A star (*) next to a name means that the command is disabled. %[DIGITS | WORD] [&] . [filename] : [ arg... ] alias [ name[=value] ... ] bg [job_spec] bind [-lvd] [-m keymap] [-f filena break [n] builtin [shell-builtin [arg ...]] case WORD in [PATTERN [| PATTERN]. cd [dir] command [-pVv] [command [arg ...]] continue [n] declare [-[frxi]] name[=value] ... dirs [-l] echo [-neE] [arg ...] enable [-n] [name ...] eval [arg ...] exec [ [-] file [redirection ...]] exit [n] export [-n] [-f] [name ...] or exp fc [-e name] [-nlr] [first] [last fg [job_spec] for NAME [in WORDS ... ;] do COMMA function NAME { COMMANDS ; } or NA getopts optstring name [arg] hash [-r] [name ...] help [pattern ...] history [n] [ [-awrn] [filename]] if COMMANDS; then COMMANDS; [elif jobs [-lnp] [jobspec ...] | jobs - kill [-s sigspec | -sigspec] [pid let arg [arg ...] local name[=value] ... logout popd [+n | -n] pushd [dir | +n | -n] pwd read [-r] [name ...] readonly [-n] [-f] [name ...] or r return [n] select NAME [in WORDS ... ;] do CO set [abefhknotuvxldHCP] [-o opti shift [n] source filename suspend [-f] test [expr] times trap [arg] [signal_spec] type [-all] [-type | -path] [name typeset [-[frxi]] name[=value] ... ulimit [-SHacdmstfpnuv [limit]] umask [-S] [mode] unalias [-a] [name ...] unset [-f] [-v] [name ...] until COMMANDS; do COMMANDS; done variables - Some variable names an wait [n] while COMMANDS; do COMMANDS; done { COMMANDS }
You will have to pipe the output of help to more (help | more) to keep the first part from scrolling off your screen.
In many a late-night card game, jokers are shuffled into the deck. The jokers are wildcards that can become any card of your choice. This is obviously very useful! Linux has wildcards also. They are, if anything, more useful than jokers in a card game.
Linux has several wildcards. Wildcards are used as a convenient and powerful shortcut when specifying files (or directories) that a command is to operate on. We will briefly look at the two most popular wildcards: * and ?.
The most commonly used wildcard is *, which stands in for any combination of one or more characters. For example, c* will match all filenames that begin with c. You can see this for yourself by typing ls /bin/c*.
What happens if you type ls /bin/c*t? How about ls /bin/*t?
The ? wildcard is more restrictive than *. It only stands in for any one character. You can see this by comparing ls/bin/d* with ls/bin/d?.
Wildcards can only be used to match filenames and directory names. You can't, for example, type pass* at the Linux prompt and expect Linux to run the passwd program for you.
Be very careful when using wildcards with dangerous commands, such as the ones used to permanently delete files! A good check is to run ls with the wildcards you plan to use and examine the resulting list of files to see if the wildcard combination did what you expected it to do. Also double-check that you typed everything correctly before pressing the Enter key!
When you log in, Linux keeps a number of useful data items in the background ready for the system to use. The actual data is held in something called an environment variable, whose name is often descriptive or mnemonic. In fact, this is no different
from the way you and I remember things. We know that there always is a piece of information called "day of the week" (the environment variable); however, we change the data in this variable, from Monday to Tuesday to Wednesday, and so on, as days
go by.
To see the list of exported environment variables, type env. The environment variable's name is on the left, and the value held by the variable is on the right.
The most important variable to note is the PATH, whose value is your search path. As we will see in the next chapter, when you type a command, Linux will search every place listed in your search path for that command.
A longer list of environment variables, consisting of several new variables in addition to the ones you saw earlier, is displayed by the command set. The new variables are local: they have not been marked for export. For more information on exporting
variables, see Chapter 10. You can think of local variables as items of information you need for only a certain time or location. For instance, remembering the variable "what-floor-am-I-on" becomes an unnecessary piece of
information once you leave the building!
In the previous chapter, we learned about the who command, which shows you the usernames of everyone who is logged into the system. The who program actually gets its information from the Linux system, which maintains and updates the list of the system's
current users.
In fact, Linux keeps much more detailed records about what is happening on the system than just who is logged in. Because Linux is a multitasking system, in which many programs or program threads may be running simultaneously, Linux keeps track of
individual tasks or processes.
Although these processes are usually well-behaved and well-managed by Linux, sometimes they might go out of control. This can happen if a program hits a bug or a flaw in its internal code or supplied data, or if you accidentally enter the wrong command
or command option.
Being able to identify these misbehaving processes, and then being able to terminate or kill them, is an essential piece of knowledge for all Linux/UNIX users. (Obviously the world was a less kind and gentle place when the kill command was developed and
named.) When you are your own system administrator, as in our case, it's doubly important!
To find out what processes are running, we use the ps command. ps stands for "process status," not the "post script" you would write at the end of a letter.
Typing ps by itself gives you a concise listing of your own processes:
darkstar:~$ ps PID TTY STAT TIME COMMAND 41 v01 S< 0:00 -bash 134 v01 R< 0:00 ps
The information in the first column, headed PID, is important. This is the Process ID number, which is unique, and which Linux uses to identify that particular process. You must know a process's PID to be able to kill it.
The TTY column shows you which terminal the process was started from.
The STAT column gives the status of the process. The two most common entries in the status column are S for sleeping and R for running. A sleeping process is one that isn't currently active. However, don't be misled. A sleeping process might just be
taking a very brief catnap! In fact, a process might switch between sleeping and running many times every second.
The TIME column shows the amount of system time used by the process. Clearly, neither of our processes are taking up any appreciable system time!
Finally, the COMMAND column contains the name of the program you're running. This will usually be the command you typed at the command line. However, sometimes the command you type starts one or more child processes, and in this case, you would see
these additional processes show up as well, without ever having typed them yourself. Your login shell will have a - before it, as in -bash in the previous example. This helps to distinguish this primary shell from any shells you might enter from it. These
will not have the - in front.
If you are logged in as root, you will see a list of all processes on the system. This is because the root username, being the superuser, owns everything that happens on the Linux system.
If you are an "ordinary" user, but have also logged in on another terminal (including another virtual terminal you have selected by pressing Alt-Fn as discussed in Chapter 6, "Getting Started with Linux"), you will see the processes you are running on the other terminal (or terminals) as well.
One useful option with ps is u. Although it stands for "user," as in "List the username as well," it actually adds quite a few more columns of information in addition to just the username:
darkstar:~$ ps -u USER PID %CPU %MEM SIZE RSS TTY STAT START TIME COMMAND fido 41 0.1 6.8 364 472 v01 S< 23:19 0:01 -bash fido 138 0.0 3.3 72 228 v01 R< 23:34 0:00 ps -u
In addition to the username in the USER column, other interesting new items include %CPU, which shows you what percentage of your computer's processing power is being used by the process, and %MEM, which shows you what percentage of your computer's
memory is being used by the process.
If you want to see all processes running on the system, and not just the processes started by your own username, you can use the a command option. (The root login sees everyone's processes automatically and does not have to use a, so root can get the
following output by simply typing ps.)
darkstar:~$ ps -a PID TTY STAT TIME COMMAND 62 v03 S< 0:00 /sbin/agetty 38400 tty3 63 v04 S< 0:00 /sbin/agetty 38400 tty4 64 v05 S< 0:00 /sbin/agetty 38400 tty5 65 v06 S< 0:00 /sbin/agetty 38400 tty6 330 v02 S< 0:00 -bash 217 v01 S< 0:00 -bash 217 v01 S< 0:00 ps -a
As you can see, quite a few "other" processes are happening on the system! In fact, most of the processes we see here will be running whether or not anyone is actually logged into the Linux system. All the processes listed as running on tty
psf are actually system processes, and are started every time you boot up the Linux system. Processes of the form /sbin/agetty 38400 tty6 are login processes running on a particular terminal waiting for your login.
It can be useful to combine the a and u options (if you're not root).
darkstar:~$ ps -au USER PID %CPU %MEM SIZE RSS TTY STAT START TIME COMMAND root 72 0.0 3.6 390 532 v01 S< 17:55 0:01 -bash root 74 0.0 1.5 41 224 v03 S< 17:55 0:00 /sbin/agetty 38400 tty3 root 75 0.0 1.5 41 224 v04 S< 17:55 0:00 /sbin/agetty 38400 tty4 root 76 0.0 1.5 41 224 v05 S< 17:55 0:00 /sbin/agetty 38400 tty5 root 77 0.0 1.5 41 224 v06 S< 17:55 0:00 /sbin/agetty 38400 tty6 root 78 0.0 1.5 56 228 s00 S< 17:55 0:00 gpm -t mman root 98 0.0 1.5 41 224 v02 S< 18:02 0:00 /sbin/agetty 38400 tty2 root 108 18.8 3.6 384 528 pp0 S< 18:27 0:01 -bash
A more technical l option can sometimes be useful:
darkstar:~$ ps -l F UID PID PPID PRI NI SIZE RSS WCHAN STAT TTY TIME COMMAND 0 501 41 1 15 0 364 472 114d9c S< v01 0:00 -bash 0 501 121 41 29 0 64 208 0 R< v01 0:00 ps -l
The interesting information is in the PPID column. PPID stands for "Parent Process ID"in other words, the process that started the particular process. Notice that the ps -l command was started by -bash, the login shell. In other words,
ps -l was started from the command line. Notice also that the PPID for the login shell is PID 1. If you check the output from ps -au shown previously, you will see that the process with PID of 1 is init. The init process is the one that spawns, or starts,
all other processes. If init dies, the system crashes!
The Linux ps command has some quirks when it comes to options.
First of all, the dash before the options is not necessary. In the earlier example, ps l would work the same as ps -l. Because most Linux commands do require the use of dashes with their command options, and other versions of UNIX might require dashes when using ps, it's best to use the dash anyway.
Second, the order in which you enter the options does matter, especially if you try to combine the l and u options! Try typing ps -lu, and then ps -ul. This behavior is not covered in the ps man page. The moral is twofold: First, use the minimum possible number of command options. Second, the man pages are, alas, not always correct and complete.
The kill command is used to terminate processes that can't be stopped by other means.
Before going through the following procedure, if it's a program you're stuck in, make sure you can't stop or exit it by typing Ctrl-C or some other key combination.
- Switch to another virtual console and log in as root.
- Run ps -u and identify the offending process. You will use its PID in the next step.
- Use the kill program by typing kill <PID>, where PID is the Process ID you wish to kill. Make sure that you have correctly identified the offending process! As root, you can kill any user process, including the wrong one if you misread or mistype the PID.
- Verify that the process has been killed by using ps -u again. You can type ps -u <PID>, which shows you the status of only the specified PID. If there's a null result and you're just given the Linux prompt again, the PID is dead, so go to step 8. However, it's best to look at the complete ps -u list if it's not too long. Sometimes the offending process reappears with a new PID! If that is the case, go to step 6.
- If the process is still alive and has the same PID, use kill's 9 option. Type kill -9 <PID>. Check it as in step 4. If this does not kill the process, go to step 7. If the process is now dead, go to step 8.
- If the offending process has reappeared with a new PID, that means that it's being created automatically by some other process. The only thing to do now is to kill the parent process, which is the true offender! You might also have to kill the parent process when kill -9 does not work.
- Use ps -l to identify the troublesome process's PPID. This is the PID of the parent process. You should check the parent's identity more closely by typing ps -u <Parent PID> before going ahead and killing it as described in step 3, using the PID of the parent in the kill command. You should follow through with step 4 and, if necessary, step 5, making sure the parent process has been killed.
- The process is killed. Remember to log off. You should not leave root logged in on virtual consoles, because you will forget that the root logins are there!
Sometimes processes are simply unkillable! In this case, you're best off shutting down the Linux system and rebooting.
Linux keeps ordinary users (as opposed to root) from killing other users' processes (maliciously or otherwise). For instance, if you are an ordinary user and you try to kill the init process, which always has Pid=1, you will see
darkstar:~$ kill 1 kill: (1) - Not owner
Actually, not even root can kill the init process, although there is no error message. The init process is one of those "unkillable" processes discussed earlier, because it's such a key process. That's all for the best!
Usually, when you want to temporarily become a different user, you will simply switch to another virtual terminal, log in as the other user, log out when you're done, and return to your "home" virtual terminal. However, there are times when
this is impractical or inconvenient. Perhaps all your virtual terminals are already busy, or perhaps you're in a situation (such as logged on via a telephone and modem) in which you don't have virtual terminals available.
In these cases, you can use the su command. "su" stands for "super user." If you type su by itself, you will be prompted for the root password. If you successfully enter the root password, you will see the root # prompt, and you will
have all of root's privileges.
You can also become any other user by typing su <username>. If you are root when you type su <username>, you are not asked for that user's password since in principle you could change the user's password or examine all the user's files from
the root login anyway. If you are an "ordinary" user trying to change to another ordinary user, you will be asked to enter the password of the user you are trying to become.
Although su grants you all the privileges you would get if you logged on as that user, be aware that you won't inherit that login's exact environment or run that login's startup files (if any). This means that su is not really suited to doing extended work, and it's quite unsuitable for troubleshooting problems with that login.
"What on earth does grep mean?" you ask.
This is a fair question. grep must be the quintessential UNIX acronym, because it's impossible to understand even when it's spelled out in full!
grep stands for Global Regular Expression Parser. You will understand the use of this command right away, but when "Global Regular Expression Parser" becomes a comfortable phrase in itself, you should probably consider taking a vacation.
What grep does, essentially, is find and display lines that contain a pattern that you specify. There are two basic ways to use grep.
The first use of grep is to filter the output of other commands. The general syntax is <command> | grep <pattern>. For instance, if we wanted to see every actively running process on the system, we would type ps -a | grep R. In this
application, grep passes on only those lines that contain the pattern (in this case, the single letter) R. Note that if someone were running a program called Resting, it would show up even if its status were S for sleeping, because grep would match the R
in Resting. An easy way around this problem is to type grep " R ", which explicitly tells grep to search for an R with a space on each side. You must use quotes whenever you search for a pattern that contains one or more blank spaces.
The second use of grep is to search for lines that contain a specified pattern in a specified file. The syntax here is grep <pattern> <filename>. Be careful. It's easy to specify the filename first and the pattern second by mistake! Again,
you should be as specific as you can with the pattern to be matched, in order to avoid "false" matches.
By this point you should have tried enough different Linux commands to start getting familiar (if not yet entirely comfortable) with typical Linux usage conventions.
It is important that you be able to use the man pages provided online by Linux. A very good exercise at this point is to pull up man pages for all the commands we have looked at in the past two chapters: login, passwd, who, adduser, and so on. If some
of the commands listed under "See also:" look interesting, by all means take a look at their man pages too!
Some man pages, such as the one for bash, are extremely long. Do not plan to read them all in one sitting!
In Chapter 8, we head out from "home" and poke around in the Linux filesystem. As system administrators, we should know what our hard drives contain! For instance, there are special "administrator-only"
directories crammed with goodies.
Several more "essential" commands will be introduced. By the end of the next chapter, you will have seen and tried most of the important "user" Linux commands and will have had a taste of some of the "administrator" commands.