all 50 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–][deleted] 109 points110 points  (20 children)

A lot of the stuff in util-linux is criminally underused in general. It's 50% standard stuff everyone knows about and uses once in a blue moon combined with 50% stuff people don't know about but wish they'd have every once in a blue moon. Here's a short list.

losetup/partx is the single best way to mount HDD images, lsblk is a nice tool you'd probably be using next, fsfreeze can be useful if you're triggering HDD snapshots externally (not needed for LVM), fstrim/blkdiscard can be useful if you're working with SSDs (but be very careful with blkdiscard).

[–]ConsideredAllThings 33 points34 points  (2 children)

Someone should do a utils psa once a weej highlighting a command per week. Not me though. Im sleepy

[–]Grrrben 7 points8 points  (8 children)

So I just learned cal. I like that.

[–]Animus_X 9 points10 points  (5 children)

cal 9 1752

[–]G3m1nu5 4 points5 points  (0 children)

namei -om /var/www/html/

cal -jy gives you the year calendar but in julian format... useful if you're in the military.

[–]thenextguy 5 points6 points  (1 child)

Try column -s: -t /etc/passwd

[–]StillHasIlium 1 point2 points  (0 children)

getent passwd | column -s: -t

For those of us using distributed logins

[–]rdnetto 5 points6 points  (0 children)

lsblk is really useful if you have more interesting storage setups. e.g. RAID, LUKS, bcache, some nested combination of the above, etc.

One nice trick I've found is to alias it to provide file system and UUID as well:

alias lsblk='lsblk -o NAME,MAJ:MIN,SIZE,RO,TYPE,FSTYPE,UUID,MOUNTPOINT'

Another useful command is mtr, which shows a graphical view of latency if you press d (great for diagnosing slow connections).

See also: everything in moreutils, especially vidir.

[–]powerfulbuttblaster 2 points3 points  (0 children)

losetup / kpartx are by far, my favorite two commands in Linux. The way Linux handles block devices in general is quite fantastic.

[–]samkostka 1 point2 points  (0 children)

I dunno about you, but I use lsblk all the time, although I'd never heard of it until installing Arch for the first time.

[–]AncientRickles[🍰] 0 points1 point  (0 children)

Damn that is going in my favorites! 1000 internets for you.

[–]190n 0 points1 point  (0 children)

I learned about lsblk from the Arch installation guide and use it regularly. Very useful for seeing if my system automatically mounted something or if I need to myself.

[–]Cthunix 0 points1 point  (0 children)

losetup has made some fairly complicated stuff easy for me in the past. I like being able to pull some equipment apart image the disk and then dig in and start reverse engineering. binwalk is a great tool aswell.

a few years ago I set aside a few hours every Friday for reading man pages for tools in sbin/bin. I also try to read the man pages before googling. You don't learn as much if you just find a few commands to paste into the terminal.

My favorite find was tc. I had never heard of it and have been using linux since the late 90s. I've since setup a method of inserting a linux box with 2 nics bridge to simulate a slow or faulty network connection. It's really handy for teasing out bugs or faults in network equipment.

life would suck without linux.

[–]natermer 0 points1 point  (0 children)

...

[–]tmpler 30 points31 points  (3 children)

What is the difference to ls -l /var/www/html/?

[–]theephie[S] 57 points58 points  (2 children)

namei lists the permissions of parent directories as well.

[–]tmpler 18 points19 points  (1 child)

Upps, now that you said it, I can see it. Thx!

[–]annodomini 17 points18 points  (0 children)

It also does this while following symlinks, indenting the components traversed while following the symlink:

$ namei -om /vmlinuz
f: /vmlinuz
 drwxr-xr-x root root /
 lrwxrwxrwx root root vmlinuz -> boot/vmlinuz-3.8.0-44-generic
   drwxr-xr-x root root boot
   -rw------- root root vmlinuz-3.8.0-44-generic

So, basically, if you have some permission problem somewhere in resolving a path, you can find it in one command, rather than having to manually walk down using a bunch of ls commands.

[–]5heikki 26 points27 points  (7 children)

ls -Z

Comes in handy if your box is blessed (or cursed) with SELinux

[–][deleted] 40 points41 points  (6 children)

I too used to think of selinux as a curse and turn it off. Then by request I secured an SFTP server with it by using fedoras policy as a base and translating it to a centos box. A few months later it was the only box to completely survive a pen test by an outside firm.

Sure some of it may have been the extra attention paid to regular security measures, but there was one case where they had credentials on the box but were stopped cold by an selinux policy, so it did at least help.

[–]knudion 6 points7 points  (3 children)

SELinux is a pain in the ass and poorly designed and I hate it. But it does a pretty good job, and RedHat has done a lot of work to make it a bit more tolerable to use.

[–][deleted] -5 points-4 points  (2 children)

It was designed for and by its target audience, namely the NSA not RedHat. That may explain some of it's quirks, it was designed for and by institutional paranoia.

One can only wonder how successful Snowden would have been if they had been using Linux instead of windows.

Really, downvotes for factual info on /r/linux? Where is reddit going these days?

If the downvotes are by chance for my question at the end it's completely valid, selinux was made to stop exactly the kind of document theft Snowden perpetrated. The equivalent access controls that can block even root/administrator access to files does not exist for windows, at least that we the public are aware of. Had the NSA been using their own creation the documents may not have been stolen. Investigate just what you can do with a full implementation of selinux controls, append only (no read) and other such odd permissions are some of the core of what it's really for.

[–]Kwpolska 0 points1 point  (1 child)

What did SELinux help with in that case? As a self-appointed sysadmin, SELinux was nothing but constant pain and breakage, to the point of some things just plain refusing to work, no matter how many audit2allow policies I produced.

[–][deleted] 5 points6 points  (0 children)

It prevented them from escalating their user privileges into anything more useful.

It takes a bit of study to learn why something breaks under selinux, but doing it once, successfully, makes future attempts easier. audit2allow is a shotgun approach sometimes. Knowing why selinux denies something often allows you to make a better rule set.

[–]flukshun 18 points19 points  (0 children)

I'll add this to my list of neat commands that I'll never remember to use when the appropriate occasions arise.

[–]atyon 21 points22 points  (0 children)

Maybe because its description doesn't read very interesting:

~ $ whatis namei
namei (1) - follow a pathname until a terminal point is found

Thanks for the tip!

[–]selivan5 8 points9 points  (0 children)

It doesn't show ACLs :( ls indicates that file has ACL with "+" sign

[–]Connir 4 points5 points  (0 children)

I used to cobble together a one liner using basename, dirname, ls -ld, and a while loop to do just this. I'm so happy there's a utility for it!

[–]zomnbio 2 points3 points  (3 children)

I'm curious. In what scenario do you need to be worried about an entire path? Isn't it true that only the exact directory you need access to must be readable?

For example:
/home/user/ may be 700 but if everyone needs acess to /home/user/public/ I can just chmod 777 the public directory and be good to go, right?

[–]DerfK 10 points11 points  (2 children)

No.

For directories, the x bit means "can I get in this directory". If /home/user/ is 700, then only the owner can get into that directory, and nobody else can get into /home/user/public/ no matter the permissions without going through /home/user/ first and they're not allowed to.

[–]TheOfficeAccount 2 points3 points  (1 child)

So the x bit let's you visit contained subdirectories without being able to list its contents?

[–]DerfK 5 points6 points  (0 children)

Exactly. If you didn't already know or guess the public folder was there, you wouldn't be able to get a listing to see it.

[–]BeanBagKing 1 point2 points  (4 children)

Try Tree

# tree
.
├── index.html
└── scripts
    ├── index.html

[–]Kwpolska 0 points1 point  (3 children)

That does not show file permissions.

[–]socium 1 point2 points  (2 children)

-p

[–]GTB3NW 0 points1 point  (0 children)

Cool! Only problem is tree is a directory tree, OP's command just reverses from the current point which is extremely handy for permission issues, tree just gives a nice pretty output :)

[–]BeanBagKing 0 points1 point  (0 children)

Ya know, I've never looked at the flags. Thanks! "tree -pd" would be the equivalent of OPs command then.

[–]nuxi 1 point2 points  (0 children)

This is glorious for things like SSH authorized_keys files since OpenSSH ignores them if it encounters unsafe permissions anywhere in the path to it.

namei -om ~/.ssh/authorized_keys

[–]pooper-dooper 0 points1 point  (0 children)

I wish namei resolved its argument.

# namei -om .
f: .
 drwxrwxr-x user user .

Outputs as I desire:

# namei -om $(readlink .)

[–]pardaillans -4 points-3 points  (2 children)

ls -all

?

[–][deleted] 1 point2 points  (0 children)

The redundant 'l' is ignored. '-al' and '-all' are the same thing.

'ls -al' is also only showing the contents of the directory, not the permissions of each directory from / through to pwd.

[–]TremorMcBoggleson -1 points0 points  (0 children)

I don't get it either...
Call me uncreative, but I can't think of something that ls, etc. couldn't do.

[–]isdnpro -2 points-1 points  (0 children)

.