Guide to Unix/Commands/File System Utilities


LiSt contents of directory

ls is a utility for listing the files in a directory.

Most used options are:

all files (include files with . prefix)
long detail (provide file statistics)
order by creation time
sort by access time (or show when last accessed together with -l)
order by size
reverse order
mark directories with /, executables with *, symbolic links with @, local sockets with =, named pipes (FIFOs) with |

Other options include:

-Fx --color 
color-coded listing
show filesizes
"human readble"; show filesizes in kilobytes and megabytes (-h can be used together with -l or -s)
ls *st* : list files that contain st in name
ls > list : output list to file named "list"
ls | more : fit listing to screen


$ ls
fish  hello.txt
$ ls -l
-rw-r--r--    1 username    groupname        0 Apr 11 00:09 fish
-rw-r--r--    1 username    groupname       11 Apr 11 00:10 hello.txt

Several systems have an alias ll which does the same as ls -l:

$ ll
-rw-r--r--    1 username    groupname        0 Apr 11 00:09 fish
-rw-r--r--    1 username    groupname       11 Apr 11 00:10 hello.txt

Be careful with the -F option. Here is one example:

$ ls -F /usr/X11R6/bin/X*
/usr/X11R6/bin/X@          /usr/X11R6/bin/Xnest*      /usr/X11R6/bin/Xprt*
/usr/X11R6/bin/Xmark*      /usr/X11R6/bin/Xorg*       /usr/X11R6/bin/Xvfb*

We do not know yet if there is a symbolic link "X" and an executable "Xmark" or if "X@" and "Xmark*" are just the names of normal files. (Though "@" and "*" are not much found in filenames, they are possible.) So we check by dropping the -F:

$ ls /usr/X11R6/bin/X*
/usr/X11R6/bin/X           /usr/X11R6/bin/Xnest       /usr/X11R6/bin/Xprt
/usr/X11R6/bin/Xmark       /usr/X11R6/bin/Xorg        /usr/X11R6/bin/Xvfb


mkdir is a utility for creating a directory.


$ mkdir newdirectoryname

The -p option also makes parent-directories as needed. Instead of:

$ mkdir foo
$ cd foo
$ mkdir bar

you can just do:

$ mkdir -p foo/bar


change Current Directory

cd changes the current directory of the shell. This current directory will be used by other programs launched from the shell.

Because "cd" changes the state of the shell, it is a shell built-in command. In contrast, most commands are separate programs which the shell starts.


Change to 'foobar' directory:

$ cd foobar

Change to your home directory, cd command used without an option will drop you back into your home directory.

$ cd

~ (tilde) stores the path to your home directory, this command has same effect as the previous one.

$ cd ~

Change to parent directory:

$ cd ..

Change to the previous directory:

$ cd -


By setting "CDPATH" environment variable in your shell you can take advantage of shell command completion facility.

$ echo $CDPATH

If you have the $CDPATH set, then you press 'TAB' key and get possible path completions

$ cd bas [TAB]
base-config/  base-files/   base-passwd/  bash/         bastille/


Print Working Directory

pwd (for Print Working Directory) shows the current directory that you are in.

Though "pwd" is often available as an external program (like /bin/pwd), many shells offer an equivalent version as a shell builtin command. Like any external command, "pwd" would inherit the current directory from the shell or other program that starts it.


$ pwd

You can change the directory, you can also

$ cd /usr
$ pwd

You can also use "pwd" in scripts. If you have enough experience with scripting, then you would know that the next line complains if the current directory is /home/username.

$ test "x$(pwd)" = x/home/username || echo wrong directory


CHange ROOT directory

chroot changes the root filesystem. The "chroot" page at the Linux questions wiki explains why you might want to do this.


To change the root filesystem so /mnt/usbdrive/ becomes / and files outside of it cannot be seen:

# chroot /mnt/usbdrive/

You must be root user to "chroot". Other users would be able to use "chroot" to gain root (superuser) privileges, so their use of "chroot" is disallowed.

$ chroot /mnt/usbdrive/
chroot: /mnt/usbdrive/: Operation not permitted


cp copies a file

Most used options are:

copies directories (recursively)
preserves permissions, ownership, and timestamps
prompt before overwrite
verbose, show filenames as they are being copied


Makes a copy of file 'debian' and call it 'Debian' (assuming 'Debian' is not already a directory)
$ cp -i debian Debian
Makes a copy of file 'debian' and put it at /tmp/debian
$ cp -i debian /tmp/debian 
Same as the previous command (the filename defaults to be the same).
$ cp -i debian /tmp 
Makes a copy of directory 'mydir' (and all its contents) and put it at /tmp/debian
$ cp -ir mydir/ /tmp 
Copy multiple files to directory /tmp
$ cp -i foo bar baz /tmp 


mv move and/or rename files


Rename file 'unix' to 'Unix' (assuming "Unix" is not a directory)
$ mv -i unix Unix
Move file Unix from your home directory to /tmp.
$ mv -i ~/Unix /tmp/Unix
Same as the previous command (the filename defaults to be the same).
$ mv -i ~/Unix /tmp
Move file Unix from your home directory to /tmp, and rename it to 'unix'.
$ mv -i ~/Unix /tmp/unix
Move multiple files to directory /tmp
$ mv -i foo bar baz /tmp


ReMove and delete files

rm deletes a file from the filesystem, like the "del" command in DOS.

The GNU long options (like --directory) are available on Linux, but not most other systems.

Some useful options are:

-d, --directory 
unlink FILE, even if it is an empty directory (some systems let superuser unlink non-empty directories too)
-f, --force 
ignore nonexistent files, never prompt
-i, --interactive 
prompt before any removal
(*BSD only) overwrite file before deletion
-r, -R, --recursive 
remove the contents of directories recursively (the force option must often be used to successfully run rm recursively)
-v, --verbose 
(GNU only) explain what is being done
(GNU only) display help and exit
(GNU only) output version information and exit


The usage of "rm" is considered potentially more dangerous than equivalents in other operating systems because of the way the shell parses wildcards and names of special directories and in its non-verbose actions.

Here is a classic example. Instead of deleting files that end with .o ("*.o") it deletes all files in the directory ("*") and also a file called .o. There is an unwanted space between the asterisk and the period.

$ rm * .o
rm: cannot remove `.o': No such file or directory

To remove a file whose name starts with a `-', for example `-foo', use one of these commands:

$ rm -- -foo
$ rm ./-foo

It might be useful to create an alias such as "remove" which moves the files to a local "trash" file so you can go there and recover files you accidentally "remove"d.

Secure deletion of files:

Note that if you use rm to remove a file, it is usually possible to recover the contents of that file since rm does not remove it from the hard disk. It simply removes the filesystems link to it.

On *BSD systems, the -P option overwrites the data with the file before removing it.

$ rm -P secretfile

However, as the NetBSD manual page explains it:

Recent research indicates that as many as 35 overwrite passes with carefully chosen data patterns may be necessary to actually prevent recovery of data from a magnetic disk. Thus the -P option is likely both insufficient for its design purpose and far too costly for default operation.

So while examining the data (using fsdb or making a disk image) will not reveal the secret data, other methods (such as laboratory examination of the disk) will reveal the data. In short, rm -P does not delete data securely. A program that attempts to delete data securely is GNU shred, available on Linux. But "shred" is not always successful in secure deletion; read its entry below.


rmdir is a utility for deleting empty directories.


$ rmdir directoryname

If the directory is not empty, the correct way to remove the directory and all its contents recursively is to use

$ rm -r directoryname


Attempt to securely delete files

shred overwrites a file multiple times with special data patterns to make the old contents of the file unrecoverable from a disk, especially a hard disk. This command is part of GNU coreutils, so it is often only available on Linux systems.

Note that this actually is ineffective on most filesystems because they can keep old copies of data. Most popular Linux filesystems (including ext3) keep such copies through journaling. However, "shred" is very useful for destroying the data on entire partitions or disks.

Some useful options are:

-u, --remove 
unlink the file after removing it
-NUMBER, -n NUMBER, --iterations=NUMBER 
the number of iterations of overwriting the file; default is 25 iterations

Examples: Remove and completely destroy secretfile from a filesystem that overwrites data in place and does not use journaling (for example, the UFS filesystem of *BSD). For the last step, after the data is destroyed, the "-u" option unlinks the file from the filesystem.

$ shred -u secretfile

Note that if secretfile has multiple hard links (with ln for example), it will continue to exist with those other names, but will contain only random data.


touch lets you change the date on a file. Can also be used to create a blank file.


This will change the access date and time of filename to the current time. If filename doesn't exist it will create a blank file.

$ touch filename


df reports the amount of free disk space available on each partition.

$ df
Filesystem           1K-blocks      Used Available Use% Mounted on
/dev/md0               5763508    207380   5263352   4% /
/dev/md1              78819376  13722288  61093296  19% /home
/dev/md4              23070564   4309572  17589056  20% /usr
/dev/md2               5763508   1757404   3713328  33% /var
/dev/md3               2877756    334740   2396832  13% /tmp

Reports disk usage in human readable format with block-sizes in Kilo,Mega,Gigabytes.

$ df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/hda1             2.3G  2.1G  133M  95% /
tmpfs                  61M  8.0K   61M   1% /dev/shm
/dev/hda2             2.0G  1.8G  113M  94% /usr


ln creates links between files.

Symbolic links are special files that contain the absolute or relative path to a separate file. References to the symbolic link are "forwarded" to the file it (the symbolic link) points to. The file to which the reference is forwarded is not "aware" of the link; if the file pointed to is moved or deleted, the link will just point to nothing (no warnings are given, nor are any attempts made to "refresh" the link to the file's new location).

In Unix all information about files - owner, group, permissions, size, number of links, location on disk - are stored in the inode (with the notable exception of the filename). The filename is stored in directories, where inode-numbers (the way the OS refers to files) are paired with filenames (text-strings; the way the user refers to files). The "number of links" entry in the inode, keeps track of how many times the inode-number has thus been paired with a name in some directory.

When creating a (hard) link with ln, the "source" file is only used to determine the inode-number. A new inode-number-to-filename entry is then made in some directory using that inode-number, and the "number of links" counter is incremented. It's important that this (unlike a symbolic link) is the same file in every way... it's just that the file can be accessed by different names and/or from different locations. Moving or deleting the "original" source-file has no effect on the other links. Deleting one of the file's links only removes its entry from that directory... it's first when the last link in any directory is removed, that the file is actually deleted from the disk.

Hard links can not (unlike symbolic links) be used to refer to a file on another filesystem, nor can hard links usually be used to link to a directory.


To make a soft (symbolic) link "hello" to the file "/home/alice/code/bin/world":

$ ln -s /home/alice/code/bin/world hello

To make a (hard) link from the file "foo" to the file "bar":

$ ls -l
total 1
-rw-r--r--  1  rtm  users  50  Aug 15   foo
$ ln foo bar
$ ls -l
total 2
-rw-r--r--  2  rtm  users  50  Aug 15   foo
-rw-r--r--  2  rtm  users  50  Aug 15   bar

The 1st number of ls -l's listing, shows the number of (hard) links a file have - in other words, the number of times it's been entered into some directory.


CHanges OWNer of file

chown changes the owner and group of files. Normally, only root is allowed to do this, but if a user owns a file, then that user can change the group, but only to groups containing that user. On old systems, the ability of users to give files to other users caused abuses, so most systems prohibit non-root users from changing the owner of files.

Some useful options are:

recursively change owner/group on an entire directory tree
do not follow symbolic links i.e. changes owner of the link, not the target file
indicate no errors if change failed


Root changes the ownership of "/etc/passwd" and "/etc/shadow" to user root, group wheel:

# chown root:wheel /etc/passwd /etc/shadow

The same, but only changing the owner:

# chown root: /etc/{passwd,shadow}

The same, but only changing the group:

# chown :wheel /etc/{passwd,shadow}

Root gives every file in "/etc/ssh", including files in subdirectories, to user root, group wheel:

# chown -R root:wheel /etc/ssh

The same, but excluding files in directories (and the invisible files "/etc/ssh/.*" will also be missed):

# chown root:wheel /etc/ssh/*

User "tux" changes the directory "/usr/local/src/xc" from group "tux" to group "wheel". Tux is a member of both groups.

$ ls -ld /usr/local/src/xc
drwxr-xr-x  11 tux  tux  512 Sep 30 16:19 /usr/local/src/xc
$ chown tux:wheel /usr/local/src/xc
$ ls -ld /usr/local/src/xc
drwxr-xr-x  11 tux  wheel  512 Sep 30 16:19 /usr/local/src/xc


CHanges file MODe

chmod changes permissions of files. One must be familiar with Unix file permissions to understand this command. There are three permissions: read ("r"), write ("w"), and execute ("x"). There are three sets of permissions: for the owning user of the file ("u"), for the group of the file ("g"), and for other users ("o").

For a file, "execute" means to run it as a program. For a directory, "execute" permission is required to use anything in that directory tree, so doing anything with "/usr/share/doc/README" requires execute permissions on all of "/", "/usr", "/usr/share", and "/usr/share/doc".

If you are interested in more advanced topics like the set-uid, set-gid, sticky bits and octal numbers, try reading the FreeBSD manual page at (type "chmod" in the form and submit).

A useful option is:

recursively change or set permissions on an entire directory tree


We wrote a shell script called "configure". We make it executable ("+x") and then execute it as a command. Usually, "+x" is the same as "u+x" or "ug+x", depending on the status of the file mode creation mask.

$ chmod +x configure
$ ./configure

Allow the owning user to run "configure":

$ chmod u+x configure

Deny the group and other users from running "configure":

$ chmod go-x configure

For all users except the owner ("go"), disable all access to "~/mail" and "~/private" ("-rwx"). This way, the contents are private and only their owner (or root) can access them.

$ chmod go-rwx ~/mail ~/private

Note that in the previous example, "-R" was not specified. By disabling the execute bit ("-x"), all files inside ~/{mail,private} are protected even if their group and other read bits are enabled. Thus, simply moving some file from inside ~/{mail,private} to some public place like /tmp can make the files available to other users again.

The "root" user wants to set up /usr/local/src so that all users in group "wsrc" (including "tux") can create files there. Root will continue to own the directory. This is done by changing the group of /usr/local/src to "wsrc" and then by granting to the group ("g") the read, write, and execute permissions ("+rwx").

# chown :wsrc /usr/local/src
# chmod g+rwx /usr/local/src

All Unix-like systems should allow all users to create temporary files in "/tmp" and "/var/tmp". Thus root gives everyone ("a", short for "ugo") all permissions ("+rwx") on the files.

# chmod a+rwx /tmp /var/tmp

The problem with the above is that because all users have write access to /tmp and /var/tmp, every user can delete and rename files, even ones not created by them. For example, "tux" could create "/tmp/socket.3908" and another user could delete it or rename it to "/tmp/garbage", thus annoying Tux. To keep temporary files safe, we use the sticky bit called "t". This limits the deletion and renaming of files in /tmp to root, the owner of /tmp (also root), and the owner of the file (Tux for "/tmp/socket.3908"). It does the same for /var/tmp. So what we should do is:

# chmod a+rwxt /tmp /var/tmp
Last modified on 18 March 2014, at 15:10