Sunteți pe pagina 1din 172

Bash programming for linux | nubielab.

com 1
Make an alias permanent
Use your favorite text editor to create a file called ~/.bash_aliases, and type the alias commands
into the file.
.bash_aliases will run at login (or you can just execute it with ..bash_aliases )
alias Details
Create an alias, aliases allow a string to be substituted for a word when it is used as the first word
of a simple command. The first word of each simple command, if unquoted, is checked to see if it has an alias. If so, that
Syntax word is replaced by the text of the alias. The alias name and the replacement text may contain any
alias [-p] [name[=value] ...]
unalias [-a] [name ... ]
valid shell input, including shell metacharacters, with the exception that the alias name may not
Key contain `='.
-p Print the current values
-a Remove All aliases The first word of the replacement text is tested for aliases, but a word that is identical to an alias
If arguments are supplied, an alias is defined for each name whose value is given. being expanded is not expanded a second time. This means that one may alias ls to "ls -F", for
If no value is given, `alias' will print the current value of the alias. instance, and Bash does not try to recursively expand the replacement text.

Without arguments or with the `-p' option, alias prints the list of aliases on the standard output in If the last character of the alias value is a space or tab character, then the next command word
a form that allows them to be reused as input. following the alias is also checked for alias expansion.
name may not be `alias' or `unalias'.
unalias may be used to remove each name from the list of defined aliases. There is no mechanism for using arguments in the replacement text, as in csh. If arguments are
Examples needed, a shell function should be used . Aliases are not expanded when the shell is not
Create an alias 'ls' that will change the default action of ls: interactive, unless the expand_aliases shell option is set using shopt .
$ alias ls='ls --classify'
$ ls The rules concerning the definition and use of aliases are somewhat confusing. Bash always reads
$ unalias ls at least one complete line of input before executing any of the commands on that line. Aliases are
More aliases for ls: expanded when a command is read, not when it is executed. Therefore, an alias definition
$ alias la='ls -lAXh --color=always' #Show all, sort by extension appearing on the same line as another command does not take effect until the next line of input is
$ alias ls-al='ls -al' #fix typo missing space read. The commands following the alias definition on that line are not affected by the new alias.
$ alias l="ls -l" This behavior is also an issue when functions are executed. Aliases are expanded when a function
$ alias la="ls -la" definition is read, not when the function is executed, because a function definition is itself a
Use alias to fix missing space typos: compound command. As a consequence, aliases defined in a function are not available until after
$ alias cd..='cd ..' that function is executed. To be safe, always put alias definitions on a separate line, and do not
$ alias ..='cd ..' use alias in compound commands.

Display the working directory `alias' and `unalias' are BASH built-ins. For almost every purpose, shell functions are preferred
$ alias .='echo $PWD' over aliases.
Prevent accidental deletions by making rm interactive: Search for and install software packages (Debian/Ubuntu).
$ alias rm='rm -i' Syntax
Shorten apt-get installation commands: apt-get [-sqdyfmubV] [-o= config_string ] [-c= config_file ]
[-t= target] update
$ alias canhaz='sudo apt-get install'
apt-get [-sqdyfmubV] [-o= config_string ] [-c= config_file ]
Run firefox and open a specific website: [-t= target] upgrade
$ alias fftr='/home/simon/firefox/firefox' apt-get [-sqdyfmubV] [-o= config_string ] [-c= config_file ]
[-t= target] dselect-upgrade

Bash programming for linux | 2

apt-get [-sqdyfmubV] [-o= config_string ] [-c= config_file ] using dselect(1) or dpkg --remove to eliminate some of the
[-t= target] dist-upgrade offending packages). Use of this option together with -m may
apt-get [-sqdyfmubV] [-o= config_string ] [-c= config_file ] produce an error in some situations. Configuration Item:
[-t= target] install pkg [ { =pkg_version_number | /target_release_name APT::Get::Fix-Broken.
| /target_release_codename } ] ... -m, --ignore-missing, --fix-missing
apt-get [-sqdyfmubV] [-o= config_string ] [-c= config_file ] Ignore missing packages; If packages cannot be retrieved or fail
[-t= target] remove pkg... the integrity check after retrieval (corrupted package files), hold
apt-get [-sqdyfmubV] [-o= config_string ] [-c= config_file ] back those packages and handle the result. Use of this option
[-t= target] purge pkg... together with -f may produce an error in some situations. If a
apt-get [-sqdyfmubV] [-o= config_string ] [-c= config_file ] package is selected for installation (particularly if it is
[-t= target] source pkg [ { =pkg_version_number | /target_release_name | mentioned on the command line) and it could not be downloaded then
/target_release_codename } ] ... it will be silently held back. Configuration Item:
apt-get [-sqdyfmubV] [-o= config_string ] [-c= config_file ] APT::Get::Fix-Missing.
[-t= target] build-dep pkg... --no-download
apt-get [-sqdyfmubV] [-o= config_string ] [-c= config_file ] Disables downloading of packages. This is best used with
[-t= target] check --ignore-missing to force APT to use only the .debs it has already
apt-get [-sqdyfmubV] [-o= config_string ] [-c= config_file ] downloaded. Configuration Item: APT::Get::Download.
[-t= target] clean -q, --quiet
apt-get [-sqdyfmubV] [-o= config_string ] [-c= config_file ] Quiet; produces output suitable for logging, omitting progress
[-t= target] autoclean indicators. More q's will produce more quiet up to a maximum of 2.
You can also use -q=# to set the quiet level, overriding the
apt-get [-sqdyfmubV] [-o= config_string ] [-c= config_file ] configuration file. Note that quiet level 2 implies -y, you should
[-t= target] autoremove never use -qq without a no-action modifier such as -d, --print-uris
apt-get {-v | --version} or -s as APT may decided to do something you did not expect.
apt-get {-h | --help}} Configuration Item: quiet.
-s, --simulate, --just-print, --dry-run, --recon, --no-act
Where Target = {target_release_name | target_release_number_expression | No action; perform a simulation of events that would occur but do
target_release_codename} not actually change the system. Configuration Item:
Key Simulation run as user will deactivate locking (Debug::NoLocking)
n.b. Do not switch back and forth between different package managers. If you use apt to install automatic. Also a notice will be displayed indicating that this is
only a simulation, if the option
some software, and then try aptitude, it will uninstall all the packages you installed using apt. APT::Get::Show-User-Simulation-Note is set (Default: true). Neither
Choose one package manager and stick with it! NoLocking nor the notice will be triggered if run as root (root
All command line options may be set using the configuration file, the descriptions indicate the should know what he is doing without further warnings by apt-get).
configuration option to set. For boolean options you can override the config file by using
Simulate prints out a series of lines each one representing a dpkg
something like operation, Configure (Conf), Remove (Remv), Unpack (Inst). Square
-f-,--no-f, -f=no or several other variations. brackets indicate broken packages and empty set of square brackets
--no-install-recommends meaning breaks that are of no consequence (rare).
Do not consider recommended packages as a dependency for -y, --yes, --assume-yes
installing. Configuration Item: APT::Install-Recommends. Automatic yes to prompts; assume "yes" as answer to all prompts and
-d, --download-only run non-interactively. If an undesirable situation, such as
Download only; package files are only retrieved, not unpacked or changing a held package, trying to install a unauthenticated
installed. Configuration Item: APT::Get::Download-Only. package or removing an essential package occurs then apt-get will
-f, --fix-broken abort. Configuration Item: APT::Get::Assume-Yes.
Fix; attempt to correct a system with broken dependencies in place. -u, --show-upgraded
This option, when used with install/remove, can omit any packages Show upgraded packages; Print out a list of all packages that are
to permit APT to deduce a likely solution. If packages are to be upgraded. Configuration Item: APT::Get::Show-Upgraded.
specified, these have to completely correct the problem. The option -V, --verbose-versions
is sometimes necessary when running APT for the first time; APT Show full versions for upgraded and installed packages.
itself does not allow broken package dependencies to exist on a Configuration Item: APT::Get::Show-Versions.
system. It is possible that a system's dependency structure can be -b, --compile, --build
so corrupt as to require manual intervention (which usually means Compile source packages after downloading them. Configuration Item:

Bash programming for linux | 3

--install-recommends --trivial-only
Also install recommended packages. Only perform operations that are 'trivial'. Logically this can be
--no-install-recommends considered related to --assume-yes, where --assume-yes will answer
Do not install recommended packages. yes to any prompt, --trivial-only will answer no. Configuration
--ignore-hold Item: APT::Get::Trivial-Only.
Ignore package Holds; This causes apt-get to ignore a hold placed
on a package. This may be useful in conjunction with dist-upgrade --no-remove
to override a large number of undesired holds. Configuration Item: If any packages are to be removed apt-get immediately aborts
APT::Ignore-Hold. without prompting. Configuration Item: APT::Get::Remove.
Do not upgrade packages; When used in conjunction with install, --auto-remove
no-upgrade will prevent packages on the command line from being If the command is either install or remove, then this option acts
upgraded if they are already installed. Configuration Item: like running autoremove command, removing the unused dependency
APT::Get::Upgrade. packages. Configuration Item: APT::Get::AutomaticRemove.
Force yes; This is a dangerous option that will cause apt to --only-source
continue without prompting if it is doing something potentially Only has meaning for the source and build-dep commands. Indicates
harmful. It should not be used except in very special situations. that the given source names are not to be mapped through the binary
Using force-yes can potentially destroy your system! Configuration table. This means that if this option is specified, these commands
Item: APT::Get::force-yes. will only accept source package names as arguments, rather than
--print-uris accepting binary package names and looking up the corresponding
Instead of fetching the files to install their URIs are printed. source package. Configuration Item: APT::Get::Only-Source.
Each URI will have the path, the destination file name, the size
and the expected md5 hash. Note that the file name to write to will --diff-only, --dsc-only, --tar-only
not always match the file name on the remote site! This also works Download only the diff, dsc, or tar file of a source archive.
with the source and update commands. When used with the update Configuration Item: APT::Get::Diff-Only, APT::Get::Dsc-Only, and
command the MD5 and size are not included, and it is up to the user APT::Get::Tar-Only.
to decompress any compressed files. Configuration Item:
APT::Get::Print-URIs. --arch-only
--purge Only process architecture-dependent build-dependencies.
Use purge instead of remove for anything that would be removed. An Configuration Item: APT::Get::Arch-Only.
asterisk ("*") will be displayed next to packages which are
scheduled to be purged. remove --purge is equivalent to the purge --allow-unauthenticated
command. Configuration Item: APT::Get::Purge. Ignore if packages can't be authenticated and don't prompt about
--reinstall it. This is useful for tools like pbuilder. Configuration Item:
Re-Install packages that are already installed and at the newest APT::Get::AllowUnauthenticated.
version. Configuration Item: APT::Get::ReInstall.
--list-cleanup -h, --help
This option defaults to on, use --no-list-cleanup to turn it off. Show a short usage summary.
When on apt-get will automatically manage the contents of
/var/lib/apt/lists to ensure that obsolete files are erased. The -v, --version
only reason to turn it off is if you frequently change your source Show the program version.
list. Configuration Item: APT::Get::List-Cleanup.
-t, --target-release, --default-release -c, --config-file
This option controls the default input to the policy engine, it Configuration File; Specify a configuration file to use. The
creates a default pin at priority 990 using the specified release program will read the default configuration file and then this
string. This overrides the general settings in configuration file. See apt.conf(5) for syntax information.
/etc/apt/preferences. Specifically pinned packages are not affected
by the value of this option. In short, this option lets you have -o, --option
simple control over which distribution packages will be retrieved Set a Configuration Option; This will set an arbitrary
from. Some common examples might be -t '2.1*', -t unstable or -t configuration option. The syntax is -o Foo::Bar=bar. -o and
sid. Configuration Item: APT::Default-Release; see also the --option can be used multiple times to set different options.
apt_preferences(5) manual page.

Bash programming for linux | 4

update package name with a slash and the version
update is used to resynchronize the package index files from their sources. The indexes of of the distribution or the Archive name (stable, testing, unstable).
available packages are fetched from the location(s) specified in /etc/apt/sources.list. For example, Both of the version selection mechanisms can downgrade packages and must be used with care.
when using a Debian archive, this command retrieves and scans the Packages.gz files, so that This is also the target to use if you want to upgrade one or more already-installed packages
information about new and updated without upgrading every package you have on your system. Unlike the "upgrade" target, which
packages is available. An update should always be performed before an upgrade or dist-upgrade. installs the newest version of all currently installed packages, "install" will install the newest
Please be aware that the overall progress meter will be incorrect as the size of the package files version of only the package(s) specified. Simply
cannot be known in advance. provide the name of the package(s) you wish to upgrade, and if a newer version is available, it
upgrade (and its dependencies, as described above) will be downloaded and installed.
upgrade is used to install the newest versions of all packages currently installed on the system Finally, the apt_preferences(5) mechanism allows you to create an alternative installation policy
from the sources enumerated in /etc/apt/sources.list. Packages currently installed with new for individual packages.
versions available are retrieved and upgraded; under no circumstances are currently installed If no package matches the given expression and the expression contains one of '.', '?' or '*' then it
packages removed, or packages not already installed retrieved and installed. New versions of is assumed to be a POSIX regular expression, and it is applied to all package names in the
currently installed packages that cannot be upgraded without changing the install status of another database. Any matches are then installed (or removed). Note that matching is done by substring
package will be left at so 'lo.*' matches 'how-lo' and 'lowest'. If this is undesired, anchor the regular expression with a '^'
their current version. An update must be performed first so that apt-get knows that new versions or '$' character, or create a more specific regular expression.
of packages are available. remove
dselect-upgrade remove is identical to install except that packages are removed instead of installed. Note the
dselect-upgrade is used in conjunction with the traditional Debian packaging front-end, removing a package leaves its configuration files in system. If a plus sign is appended to the
dselect(1). dselect-upgrade follows the changes made by dselect(1) to the Status field of available package name (with no intervening space), the identified package will be installed instead of
packages, and performs the actions necessary to realize that state (for instance, the removal of old removed.
and the installation of new packages). purge
dist-upgrade purge is identical to remove except that packages are removed and purged (any configuration files
dist-upgrade in addition to performing the function of upgrade, also intelligently handles are deleted too).
changing dependencies with new versions of packages; apt-get has a "smart" conflict resolution source
system, and it will attempt to upgrade the most important packages at the expense of less source causes apt-get to fetch source packages. APT will examine the available packages to
important ones if necessary. So, dist-upgrade command may remove some packages. The decide which source package to fetch. It will then find and download into the current directory the
/etc/apt/sources.list file contains a list of locations from which to retrieve desired package files. newest available version of that source package while respect the default release, set with the
See also apt_preferences(5) for a mechanism for overriding the general settings for individual option APT::Default-Release, the -t option or
packages. per package with the pkg/release syntax, if possible.
install Source packages are tracked separately from binary packages via deb-src type lines in the
install is followed by one or more packages desired for installation or upgrading. Each package is sources.list(5) file. This means that you will need to add such a line for each repository you want
a package name, not a fully qualified filename (for instance, in a Debian GNU/Linux system, to get sources from. If you don't do this you will properly get another (newer, older or none)
libc6 would be the argument provided, not libc6_1.9.6-2.deb). All packages required by the source version than the one you have installed or could install.
package(s) specified for installation will also be retrieved and installed. The /etc/apt/sources.list If the --compile option is specified then the package will be compiled to a binary .deb using dpkg-
file is used to locate the desired packages. If a hyphen is appended to the package name (with no buildpackage, if --download-only is specified then the source package will not be unpacked.
intervening space), the identified package will be removed if it is installed. Similarly a plus sign A specific source version can be retrieved by postfixing the source name with an equals and then
can be used to designate a package to install. These latter features may be used to override the version to fetch, similar to the mechanism used for the package files. This enables exact
decisions made by apt-get's conflict resolution system. matching of the source package name and version, implicitly enabling the APT::Get::Only-
A specific version of a package can be selected for installation by following the package name Source option.
with an equals and the version of the package to select. This will cause that version to be located Note that source packages are not tracked like binary packages, they exist only in the current
and selected for install. Alternatively a specific distribution can be selected by following the directory and are similar to downloading source tar balls.

Bash programming for linux | 5

build-dep /etc/apt/preferences.d/
build-dep causes apt-get to install/remove packages in an attempt to satisfy the build File fragments for the version preferences. Configuration Item:
dependencies for a source package. Dir::Etc::PreferencesParts.
check /var/cache/apt/archives/
check is a diagnostic tool; it updates the package cache and checks for broken dependencies. Storage area for retrieved package files. Configuration Item:
clean Dir::Cache::Archives.
clean clears out the local repository of retrieved package files. It removes everything but the lock /var/cache/apt/archives/partial/
file from /var/cache/apt/archives/ and /var/cache/apt/archives/partial/. When APT is used as a Storage area for package files in transit. Configuration Item:
dselect(1) method, clean is run automatically. Those who do not use dselect will likely want to Dir::Cache::Archives (implicit partial).
run apt-get clean from time to time to free up disk space. /var/lib/apt/lists/
autoclean Storage area for state information for each package resource
Like clean, autoclean clears out the local repository of retrieved package files. The difference is specified in sources.list(5) Configuration Item: Dir::State::Lists.
that it only removes package files that can no longer be downloaded, and are largely useless. This /var/lib/apt/lists/partial/
allows a cache to be maintained over a long period without it growing out of control. The Storage area for state information in transit. Configuration Item:
configuration option APT::Clean-Installed will prevent installed packages from being erased if it Dir::State::Lists (implicit partial).
is set to off. Examples
autoremove These examples assume that /etc/apt/sources.list already includes the web address of at least one
autoremove is used to remove packages that were automatically installed to satisfy dependencies software repository.
for some package and that are no more needed. Sync the local software database with the repository database (build cache):
FILES $ apt-get update
/etc/apt/sources.list Search for a particular program (search the cache) in this case the gimp program:
Locations to fetch packages from. It takes the following format: $ apt-cache search gimp
deb [web address] [distribution name][maincontribnon-free] If the above succeeds then the software is abailable and can be installed:
For example, in Ubuntu, it could be something like: $ apt-get install gimp
deb lucid main restrcted To remove the software if you no longer need it:
or for debian $ apt-get remove gimp
deb lenny main Upgrade all the software on your system to the latest versions:
Configuration Item: $ apt-get upgrade
Dir::Etc::SourceList. Upgrading the whole linux distribution to a new version:
/etc/apt/sources.list.d/ $ apt-get dist-upgrade
File fragments for locations to fetch packages from. Configuration
Item: Dir::Etc::SourceParts. aptitude
/etc/apt/apt.conf Package manager (Debian/Ubuntu).
APT configuration file. Configuration Item: Dir::Etc::Main. Syntax
aptitude [options...] autoclean
/etc/apt/apt.conf.d/ aptitude [options...] clean
APT configuration file fragments. Configuration Item: aptitude [options...] forget-new
Dir::Etc::Parts. aptitude [options...] keep-all
/etc/apt/preferences aptitude [options...] update
aptitude [options...] safe-upgrade
Version preferences file. This is where you would specify aptitude [options...] changelog packages...
"pinning", i.e. a preference to get certain packages from a aptitude [options...] full-upgrade packages...
separate source or from a different version of a distribution. aptitude [options...] forbid-version packages...
Configuration Item: Dir::Etc::Preferences. aptitude [options...] hold packages...
aptitude [options...] install packages...

Bash programming for linux | 6

aptitude [options...] markauto packages...
aptitude [options...] purge packages... Remove <package>.
aptitude [options...] reinstall packages...
aptitude [options...] remove packages... <package>_
aptitude [options...] show packages... Purge <package>: remove it and all its associated configuration
aptitude [options...] unhold packages... and data files.
aptitude [options...] unmarkauto packages...
aptitude [options...] build-dep packages... <package>=
aptitude [options...] build-depends packages... Place <package> on hold: cancel any active installation,
aptitude extract-cache-subset output-directory packages... upgrade, or removal, and prevent this package from being
aptitude [options...] search patterns... automatically upgraded in the future.
aptitude [options...] add-user-tag tag packages...
aptitude [options...] remove-user-tag tag packages... <package>:
aptitude [options...] {why | why-not} [patterns...] package
aptitude [-S fname] [-u | -i] Keep <package> at its current version: cancel any installation,
aptitude help removal, or upgrade. Unlike “hold” (above) this does not
prevent automatic upgrades in the future.
n.b. Do not switch back and forth between different package managers. If you use apt to install <package>&M
Mark <package> as having been automatically installed.
some software, and then try aptitude, it will uninstall all the packages you installed using apt.
Choose one package manager and stick with it! <package>&m
The following actions are available: Mark <package> as having been manually installed.
As a special case, “install” with no arguments will act on any
Install one or more packages. The packages should be listed after stored/pending actions.
the “install” command; if a package name contains a tilde character
(“~”) or a question mark (“?”), it will be treated as a search Note
pattern and every package matching the pattern will be installed
(see the section “Search Patterns” in the aptitude reference Once you enter Y at the final confirmation prompt, the
manual). “install” command will modify aptitude's stored information
about what actions to perform. Therefore, if you issue (e.g.)
To select a particular version of the package, append “=<version>” the command “aptitude install foo bar” and then abort the
to the package name: for instance, “aptitude install apt=0.3.1”. installation once aptitude has started downloading and
Similarly, to select a package from a particular archive, append installing packages, you will need to run “aptitude remove foo
“/<archive>” to the package name: for instance, “aptitude install
apt/experimental”. bar” to cancel that order.

Not every package listed on the command line has to be installed; remove, purge, hold, unhold, keep, reinstall
you can tell aptitude to do something different with a package by These commands are the same as “install”, but apply the named
appending an “override specifier” to the name of the package. For action to all packages given on the command line for which it is
example, aptitude remove wesnoth+ will install wesnoth, not remove not overridden. The difference between hold and keep is that hold
it. The following override specifiers are available:
will cause a package to be ignored by future safe-upgrade or
<package>+ full-upgrade commands, while keep merely cancels any scheduled
actions on the package. unhold will allow a package to be upgraded
Install <package>. by future safe-upgrade or full-upgrade commands, without otherwise
altering its state.
Install <package> and immediately mark it as automatically For instance, “aptitude remove '~ndeity'” will remove all packages
installed (note that if nothing depends on <package>, this will whose name contains “deity”.
cause it to be immediately removed).
markauto, unmarkauto

Bash programming for linux | 7

Mark packages as automatically installed or manually installed, packages as possible.
respectively. Packages are specified in exactly the same way as for
the “install” command. For instance, “aptitude markauto '~slibs'” full-upgrade
will mark all packages in the “libs” section as having been Upgrades installed packages to their most recent version, removing
automatically installed. or installing packages as necessary. This command is less
conservative than safe-upgrade and thus more likely to perform
For more information on automatically installed packages, see the unwanted actions. However, it is capable of upgrading packages that
section “Managing Automatically Installed Packages” in the aptitude safe-upgrade cannot upgrade.
reference manual.
build-depends, build-dep
This command was originally named dist-upgrade for historical
Satisfy the build-dependencies of a package. Each package name may reasons, and aptitude still recognizes dist-upgrade as a
be a source package, in which case the build dependencies of that synonym for full-upgrade.
source package are installed; otherwise, binary packages are found
in the same way as for the “install” command, and the keep-all
build-dependencies of the source packages that build those binary Cancels all scheduled actions on all packages; any packages whose
packages are satisfied. sticky state indicates an installation, removal, or upgrade will
have this sticky state cleared.
If the command-line parameter --arch-only is present, only
architecture-dependent build dependencies (i.e., not forget-new
Build-Depends-Indep or Build-Conflicts-Indep) will be obeyed.
Forgets all internal information about what packages are “new”
forbid-version (equivalent to pressing “f” when in visual mode).
Forbid a package from being upgraded to a particular version. This
will prevent aptitude from automatically upgrading to this version, search
but will allow automatic upgrades to future versions. By default, Searches for packages matching one of the patterns supplied on the
aptitude will select the version to which the package would command line. All packages which match any of the given patterns
normally be upgraded; you may override this selection by appending will be displayed; for instance, “aptitude search '~N' edit” will
“=<version>” to the package name: for instance, “aptitude list all “new” packages and all packages whose name contains
“edit”. For more information on search patterns, see the section
forbid-version vim=1.2.3.broken-4”. “Search Patterns” in the aptitude reference manual.

This command is useful for avoiding broken versions of packages Unless you pass the -F option, the output of aptitude search will
without having to set and clear manual holds. If you decide you look something like this:
really want the forbidden version after all, the “install” command
will remove the ban. i apt - Advanced front-end for dpkg
pi apt-build - frontend to apt to build,
update optimize and in
Updates the list of available packages from the apt sources (this cp apt-file - APT package searching
is equivalent to “apt-get update”) utility -- command-
ihA raptor-utils - Raptor RDF Parser utilities
Each search result is listed on a separate line. The first
Upgrades installed packages to their most recent version. Installed character of each line indicates the current state of the package:
packages will not be removed unless they are unused (see the the most common states are p, meaning that no trace of the package
section “Managing Automatically Installed Packages” in the aptitude exists on the system, c, meaning that the package was deleted but
reference manual). Packages which are not currently installed may its configuration files remain on the system, i, meaning that the
be installed to resolve dependencies unless the --no-new-installs package is installed, and v, meaning that the package is virtual.
command-line option is supplied. The second character indicates the stored action (if any; otherwise
a blank space is displayed) to be performed on the package, with
It is sometimes necessary to remove one package in order to upgrade the most common actions being i, meaning that the package will be
another; this command is not able to upgrade packages in such installed, d, meaning that the package will be deleted, and p,
situations. Use the full-upgrade command to upgrade as many meaning that the package and its configuration files will be

Bash programming for linux | 8

removed. If the third character is A, the package was automatically state of each package in the dependency chain:
$ aptitude why kdepim
For a complete list of the possible state and action flags, see the i nautilus-data Recommends nautilus
section “Accessing Package Information” in the aptitude reference i A nautilus Recommends desktop-base (>= 0.2)
guide. To customize the output of search, see the command-line i A desktop-base Suggests gnome | kde | xfce4 | wmaker
options -F and --sort. p kde Depends kdepim (>= 4:3.4.3)

show The command why finds a dependency chain that installs the package
named on the command line, as above. Note that the dependency that
Displays detailed information about one or more packages, listed aptitude produced in this case is only a suggestion. This is
following the search command. If a package name contains a tilde because no package currently installed on this computer depends on
character (“~”) or a question mark (“?”), it will be treated as a or recommends the kdepim package; if a stronger dependency were
search pattern and all matching packages will be displayed (see the available, aptitude would have displayed it.
section “Search Patterns” in the aptitude reference manual).
In contrast, why-not finds a dependency chain leading to a conflict
If the verbosity level is 1 or greater (i.e., at least one -v is with the target package:
present on the command-line), information about all versions of the
package is displayed. Otherwise, information about the “candidate $ aptitude why-not textopo
version” (the version that “aptitude install” would download) is i ocaml-core Depends ocamlweb
displayed. i A ocamlweb Depends tetex-extra | texlive-latex-
You can display information about a different version of the i A texlive-latex-extra Conflicts textopo
package by appending =<version> to the package name; you can
display the version from a particular archive by appending If one or more <pattern>s are present, then aptitude will begin its
/<archive> to the package name. If either of these is present, then search at these patterns; that is, the first package in the chain
only the version you request will be displayed, regardless of the it prints will be a package matching the pattern in question. The
verbosity level. patterns are considered to be package names unless they contain a
tilde character (“~”) or a question mark (“?”), in which case they
If the verbosity level is 1 or greater, the package's architecture, are treated as search patterns (see the section “Search Patterns”
compressed size, filename, and md5sum fields will be displayed. If in the aptitude reference manual).
the verbosity level is 2 or greater, the select version or versions
will be displayed once for each archive in which they are found. If no patterns are present, then aptitude will search for
dependency chains beginning at manually installed packages. This
add-user-tag, remove-user-tag effectively shows the packages that have caused or would cause a
given package to be installed.
Adds a user tag to or removes a user tag from the selected group of
packages. If a package name contains a tilde (“~”) or question mark Note
(“?”), it is treated as a search pattern and the tag is added to or
removed from all the packages that match the pattern (see the aptitude why does not perform full dependency resolution; it
section “Search Patterns” in the aptitude reference manual). only displays direct relationships between packages. For
instance, if A requires B, C requires D, and B and C conflict,
User tags are arbitrary strings associated with a package. They can “aptitude why-not D” will not produce the answer “A depends on
be used with the ?user-tag(<tag>) search term, which will select B, B conflicts with C, and D depends on C”.
all the packages that have a user tag matching <tag>. By default aptitude outputs only the “most installed, strongest,
tightest, shortest” dependency chain. That is, it looks for a chain
why, why-not that only contains packages which are installed or will be
installed; it looks for the strongest possible dependencies under
Explains the reason that a particular package should or cannot be that restriction; it looks for chains that avoid ORed dependencies
installed on the system. and Provides; and it looks for the shortest dependency chain
meeting those criteria. These rules are progressively weakened
This command searches for packages that require or conflict with until a match is found.
the given package. It displays a sequence of dependencies leading
to the target package, along with a note indicating the installed If the verbosity level is 1 or more, then all the explanations

Bash programming for linux | 9

aptitude can find will be displayed, in inverse order of relevance.
If the verbosity level is 2 or more, a truly excessive amount of help
debugging information will be printed to standard output. Displays a brief summary of the available commands and options.
This command returns 0 if successful, 1 if no explanation could be The following options may be used to modify the behavior of the actions
constructed, and -1 if an error occured. described above. Note that while all options will be accepted for all
commands, some options don't apply to particular commands and will be
clean ignored by those commands.
Removes all previously downloaded .deb files from the package cache --add-user-tag <tag>
directory (usually /var/cache/apt/archives).
For full-upgrade, safe-upgrade, forbid-version, hold, install,
autoclean keep-all, markauto, unmarkauto, purge, reinstall, remove, unhold,
Removes any cached packages which can no longer be downloaded. This and unmarkauto: add the user tag <tag> to all packages that are
allows you to prevent a cache from growing out of control over time installed, removed, or upgraded by this command as if with the
without completely emptying it. add-user-tag command.
changelog --add-user-tag-to <tag>,<pattern>
Downloads and displays the Debian changelog for each of the given
source or binary packages. For full-upgrade, safe-upgrade forbid-version, hold, install,
keep-all, markauto, unmarkauto, purge, reinstall, remove, unhold,
By default, the changelog for the version which would be installed and unmarkauto: add the user tag <tag> to all packages that match
with “aptitude install” is downloaded. You can select a particular <pattern> as if with the add-user-tag command. The pattern is a
version of a package by appending =<version> to the package name; search pattern as described in the section “Search Patterns” in the
you can select the version from a particular archive by appending aptitude reference manual.
/<archive> to the package name.
For instance, aptitude safe-upgrade --add-user-tag-to
"new-installs,?action(install)" will add the tag new-installs to
Downloads the .deb file for the given package to the current all the packages installed by the safe-upgrade command.
directory. If a package name contains a tilde character (“~”) or a
question mark (“?”), it will be treated as a search pattern and all --allow-new-upgrades
the matching packages will be downloaded (see the section “Search When the safe resolver is being used (i.e., --safe-resolver was
Patterns” in the aptitude reference manual). passed or Aptitude::Always-Use-Safe-Resolver is set to true), allow
the dependency resolver to install upgrades for packages regardless
By default, the version which would be installed with “aptitude of the value of Aptitude::Safe-Resolver::No-New-Upgrades.
install” is downloaded. You can select a particular version of a
package by appending =<version> to the package name; you can select --allow-new-installs
the version from a particular archive by appending /<archive> to
the package name. Allow the safe-upgrade command to install new packages; when the
safe resolver is being used (i.e., --safe-resolver was passed or
extract-cache-subset Aptitude::Always-Use-Safe-Resolver is set to true), allow the
dependency resolver to install new packages. This option takes
Copy the apt configuration directory (/etc/apt) and a subset of the effect regardless of the value of
package database to the specified directory. If no packages are Aptitude::Safe-Resolver::No-New-Installs.
listed, the entire package database is copied; otherwise only the
entries corresponding to the named packages are copied. Each --allow-untrusted
package name may be a search pattern, and all the packages matching
that pattern will be selected (see the section “Search Patterns” in Install packages from untrusted sources without prompting. You
the aptitude reference manual). Any existing package database files should only use this if you know what you are doing, as it could
in the output directory will be overwritten. easily compromise your system's security.
Dependencies in binary package stanzas will be rewritten to remove --disable-columns
references to packages not in the selected set. This option causes aptitude search to output its results without

Bash programming for linux | 10

any special formatting. In particular: normally aptitude will add Aptitude::CmdLine::Package-Display-Format.
whitespace or truncate search results in an attempt to fit its
results into vertical “columns”. With this flag, each line will be -f
formed by replacing any format escapes in the format string with
the correponding text; column widths will be ignored. Try hard to fix the dependencies of broken packages, even if it
means ignoring the actions requested on the command line.
For instance, the first few lines of output from “aptitude search
This corresponds to the configuration item
-F '%p %V' --disable-columns libedataserver” might be: Aptitude::CmdLine::Fix-Broken.

disksearch 1.2.1-3 --full-resolver

hp-search-mac 0.1.3 When package dependency problems are encountered, use the default
libbsearch-ruby 1.5-5 “full” resolver to solve them. Unlike the “safe” resolver activated
libbsearch-ruby1.8 1.5-5 by --safe-resolver, the full resolver will happily remove packages
libclass-dbi-abstractsearch-perl 0.07-2 to fulfill dependencies. It can resolve more situations than the
libdbix-fulltextsearch-perl 0.73-10 safe algorithm, but its solutions are more likely to be
As in the above example, --disable-columns is often useful in
combination with a custom display format set using the command-line This option can be used to force the use of the full resolver even
option -F. when Aptitude::Always-Use-Safe-Resolver is true. The safe-upgrade
command never uses the full resolver and does not accept the
This corresponds to the configuration option --full-resolver option.
-h, --help
-D, --show-deps
Display a brief help message. Identical to the help action.
For commands that will install or remove packages (install,
full-upgrade, etc), show brief explanations of automatic --no-new-installs
installations and removals. Prevent safe-upgrade from installing any new packages; when the
safe resolver is being used (i.e., --safe-resolver was passed or
This corresponds to the configuration option Aptitude::Always-Use-Safe-Resolver is set to true), forbid the
Aptitude::CmdLine::Show-Deps. dependency resolver from installing new packages. This option takes
effect regardless of the value of
-d, --download-only Aptitude::Safe-Resolver::No-New-Installs.
Download packages to the package cache as necessary, but do not
install or remove anything. By default, the package cache is stored This mimics the historical behavior of apt-get upgrade.
in /var/cache/apt/archives.
This corresponds to the configuration option
This corresponds to the configuration option Aptitude::CmdLine::Safe-Upgrade::No-New-Installs.
-F <format>, --display-format <format>
When the safe resolver is being used (i.e., --safe-resolver was
Specify the format which should be used to display output from the passed or Aptitude::Always-Use-Safe-Resolver is set to true), allow
search command. For instance, passing “%p %V %v” for <format> will the dependency resolver to install new packages regardless of the
display a package's name, followed by its currently installed value of Aptitude::Safe-Resolver::No-New-Installs.
version and its available version (see the section “Customizing how
packages are displayed” in the aptitude reference manual for more -O <order>, --sort <order>
Specify the order in which output from the search command should be
The command-line option --disable-columns is often useful in displayed. For instance, passing “installsize” for <order> will
combination with -F. list packages in order according to their size when installed (see
the section “Customizing how packages are sorted” in the aptitude
This corresponds to the configuration option reference manual for more information).

Bash programming for linux | 11

keep-all, markauto, unmarkauto, purge, reinstall, remove, unhold,
-o <key>=<value> and unmarkauto: remove the user tag <tag> from all packages that
are installed, removed, or upgraded by this command as if with the
Set a configuration file option directly; for instance, use -o add-user-tag command.
Aptitude::Log=/tmp/my-log to log aptitude's actions to /tmp/my-log.
For more information on configuration file options, see the section --remove-user-tag-from <tag>,<pattern>
“Configuration file reference” in the aptitude reference manual.
For full-upgrade, safe-upgrade forbid-version, hold, install,
-P, --prompt keep-all, markauto, unmarkauto, purge, reinstall, remove, unhold,
and unmarkauto: remove the user tag <tag> from all packages that
Always display a prompt before downloading, installing or removing match <pattern> as if with the remove-user-tag command. The pattern
packages, even when no actions other than those explicitly is a search pattern as described in the section “Search Patterns”
requested will be performed. in the aptitude reference manual.

This corresponds to the configuration option For instance, aptitude safe-upgrade --remove-user-tag-from
"not-upgraded,?action(upgrade)" will remove the not-upgraded tag
--purge-unused from all packages that the safe-upgrade command is able to upgrade.
Purge packages that are no longer required by any installed
package. This is equivalent to passing “-o -s, --simulate
Aptitude::Purge-Unused=true” as a command-line argument. In command-line mode, print the actions that would normally be
performed, but don't actually perform them. This does not require
-q[=<n>], --quiet[=<n>] root privileges. In the visual interface, always open the cache in
Suppress all incremental progress indicators, thus making the read-only mode regardless of whether you are root.
output loggable. This may be supplied multiple times to make the
program quieter, but unlike apt-get, aptitude does not enable -y This corresponds to the configuration option Aptitude::Simulate.

when -q is supplied more than once. --safe-resolver

The optional =<n> may be used to directly set the amount of When package dependency problems are encountered, use a “safe”
quietness (for instance, to override a setting in algorithm to solve them. This resolver attempts to preserve as many
/etc/apt/apt.conf); it causes the program to behave as if -q had of your choices as possible; it will never remove a package or
been passed exactly <n> times. install a version of a package other than the package's default
candidate version. It is the same algorithm used in safe-upgrade;
-R, --without-recommends indeed, aptitude --safe-resolver full-upgrade is equivalent to
aptitude safe-upgrade. Because safe-upgrade always uses the safe
Do not treat recommendations as dependencies when installing new resolver, it does not accept the --safe-resolver flag.
packages (this overrides settings in /etc/apt/apt.conf and
~/.aptitude/config). Packages previously installed due to This option is equivalent to setting the configuration variable
recommendations will not be removed. Aptitude::Always-Use-Safe-Resolver to true.

This corresponds to the pair of configuration options --schedule-only

Apt::Install-Recommends and Aptitude::Keep-Recommends.
For commands that modify package states, schedule operations to be
-r, --with-recommends performed in the future, but don't perform them. You can execute
Treat recommendations as dependencies when installing new packages scheduled actions by running aptitude install with no arguments.
(this overrides settings in /etc/apt/apt.conf and This is equivalent to making the corresponding selections in visual
~/.aptitude/config). mode, then exiting the program normally.

This corresponds to the configuration option For instance, aptitude --schedule-only install evolution will
Apt::Install-Recommends schedule the evolution package for later installation.

--remove-user-tag <tag> -t <release>, --target-release <release>

For full-upgrade, safe-upgrade forbid-version, hold, install,

Bash programming for linux | 12

Set the release from which packages should be installed. For The following NEW packages will be installed:
instance, “aptitude -t experimental ...” will install packages libdb4.2{a} (libdb4.2-dev D: libdb4.2) libdb4.2-dev
from the experimental distribution unless you specify otherwise. The following packages will be REMOVED:
For the command-line actions “changelog”, “download”, and “show”, libdb4.4-dev{a} (libdb4.2-dev C: libdb-dev P<- libdb-dev)
this is equivalent to appending /<release> to each package named on
the command-line; for other commands, this will affect the default This option will also describe why packages are being removed, as
candidate version of packages according to the rules described in shown above. In this example, libdb4.2-dev conflicts with
apt_preferences(5). libdb-dev, which is provided by libdb-dev.

This corresponds to the configuration item APT::Default-Release. This argument corresponds to the configuration option
Aptitude::CmdLine::Show-Why and displays the same information that
-V, --show-versions is computed by aptitude why and aptitude why-not.

Show which versions of packages will be installed. -w <width>, --width <width>

This corresponds to the configuration option Specify the display width which should be used for output from the
Aptitude::CmdLine::Show-Versions. search command (by default, the terminal width is used).

-v, --verbose This corresponds to the configuration option

Causes some commands (for instance, show) to display extra Aptitude::CmdLine::Package-Display-Width
information. This may be supplied multiple times to get more and
more information. -y, --assume-yes
When a yes/no prompt would be presented, assume that the user
This corresponds to the configuration option entered “yes”. In particular, suppresses the prompt that appears
Aptitude::CmdLine::Verbose. when installing, upgrading, or removing packages. Prompts for
“dangerous” actions, such as removing essential packages, will
--version still be displayed. This option overrides -P.
Display the version of aptitude and some information about how it
was compiled. This corresponds to the configuration option
When installing or removing packages from the command line, instead
of displaying the usual prompt, start up the visual interface and Show how much disk space will be used or freed by the individual
display its preview screen. packages being installed, upgraded, or removed.

-W, --show-why This corresponds to the configuration option

In the preview displayed before packages are installed or removed, Aptitude::CmdLine::Show-Size-Changes.
show which manually installed package requires each automatically
installed package. For instance: The following options apply to the visual mode of the program, but are
primarily for internal use; you generally won't need to use them
$ aptitude --show-why install mediawiki yourself.
The following NEW packages will be installed: -i
libapache2-mod-php5{a} (for mediawiki) mediawiki php5{a} (for Displays a download preview when the program starts (equivalent to
mediawiki) starting the program and immediately pressing “g”). You cannot use
php5-cli{a} (for mediawiki) php5-common{a} (for mediawiki) this option and “-u” at the same time.
php5-mysql{a} (for mediawiki)
-S <fname>
When combined with -v or a non-zero value for Loads the extended state information from <fname> instead of the
Aptitude::CmdLine::Verbose, this displays the entire chain of standard state file.
dependencies that lead each package to be installed. For instance:
$ aptitude -v --show-why install libdb4.2-dev

Bash programming for linux | 13

Begins updating the package lists as soon as the program starts. made during spell checking.
You cannot use this option and -i at the same time.
ENVIRONMENT –sug-mode=mode
HOME The suggestion mode to use where mode is one of ultra, fast, normal, or
If $HOME/.aptitude exists, aptitude will store its configuration bad-spellers.
file in $HOME/.aptitude/config. Otherwise, it will look up the For more information on these modes see Notes on the Different Suggestion
current user's home directory using getpwuid(2) and place its Modes.
configuration file there.
PAGER -l name
If this environment variable is set, aptitude will use it to The language the document is written in. The default depends on the
display changelogs when “aptitude changelog” is invoked. If not current locale.
set, it defaults to more.
TMP Encoding the document is expected to be in. The default depends on the
current locale.
If TMPDIR is unset, aptitude will store its temporary files in TMP
if that variable is set. Otherwise, it will store them in /tmp. –master=name
-d name
TMPDIR The main dictionary to use.

aptitude will store its temporary files in the directory indicated –keymapping=name
by this environment variable. If TMPDIR is not set, then TMP will The keymapping to use. Either aspell for the default mapping or ispell to
be used; if TMP is also unset, then aptitude will use /tmp. use the same
mapping that the Ispell utility uses.
The file in which stored package states and some package flags are
stored. Examples
Check the file foo.txt:
/etc/apt/apt.conf, /etc/apt/apt.conf.d/*, ~/.aptitude/config $ aspell check foo.txt
The configuration files for aptitude. ~/.aptitude/config overrides
/etc/apt/apt.conf. See apt.conf(5) for documentation of the format
Check the file foo.txt using the bad-spellers suggestion mode and the American English
and contents of these files. dictionary:
$ aspell check --sug-mode=bad-spellers -d en_US foo.txt

aspell awk or gawk (gnu awk)

Spellcheck a file. Find and Replace text, database sort/validate/index
Syntax Syntax
aspell check [options] filename
awk <options> 'Program' Input-File1 Input-File2 ...
–mode=mode awk -f PROGRAM-FILE <options> Input-File1 Input-File2 ...
The mode to use when checking files.
The available modes are none, url, email, sgml, tex, texinfo, nroff and Key
any -F FS
others available on your system. more.. --field-separator FS
Use FS for the input field separator (the value of the `FS'
–dont-backup predefined variable).
Don't create a backup file. Normally, if there are any corrections the
Aspell utility -f PROGRAM-FILE
will append .bak to the existing file name and then create a new file with --file PROGRAM-FILE
corrections Read the `awk' program source from the file PROGRAM-FILE, instead

Bash programming for linux | 14

of from the first command line argument. If no Input-File is specified then `awk' applies the Program to
"standard input", (piped output of some other command or the terminal.
-mf NNN Typed input will continue until end-of-file (typing `Control-d')
-mr NNN Basic functions
The `f' flag sets the maximum number of fields, and the `r' flag
sets the maximum record size. These options are ignored by
`gawk', since `gawk' has no predefined limits; they are only for The basic function of awk is to search files for lines (or other units of text) that contain a pattern.
compatibility with the Bell Labs research version of Unix `awk'. When a line matches, awk performs a specific action on that line.
The Program statement that tells `awk' what to do; consists of a series of "rules". Each rule
--assign VAR=VAL specifies one pattern to search for, and one action to perform when that pattern is found.
Assign the variable VAR the value VAL before program execution
begins. For ease of reading, each line in an `awk' program is normally a separate Program statement , like
-W traditional pattern { action }
-W compat pattern { action }
--traditional ...
Use compatibility mode, in which `gawk' extensions are turned off. e.g. Display lines from my_file containing the string "123" or "abc" or "some text":
awk '/123/ { print $0 }
-W lint /abc/ { print $0 }
--lint /some text/ { print $0 }' my_file
Give warnings about dubious or non-portable `awk' constructs. A regular expression enclosed in slashes (`/') is an `awk' pattern that matches every input record
whose text belongs to that set. e.g. the pattern /foo/ matches any input record containing the three
-W lint-old
characters `foo', *anywhere* in the record.
Warn about constructs that are not available in the original `awk' patterns may be one of the following:
Version 7 Unix version of `awk'. /Regular Expression/ - Match =
Pattern && Pattern - AND
-W posix Pattern || Pattern - OR
--posix ! Pattern - NOT
Use POSIX compatibility mode, in which `gawk' extensions are Pattern ? Pattern : Pattern - If, Then, Else
turned off and additional restrictions apply. Pattern1, Pattern2 - Range Start - end
BEGIN - Perform action BEFORE input file is read
-W re-interval END - Perform action AFTER input file is read
--re-interval The special patterns BEGIN and END may be used to capture control before the first input line is
Allow interval expressions, in regexps. read and after the last. BEGIN and END do not combine with other patterns.
--source PROGRAM-TEXT Variable names with special meanings:
Use PROGRAM-TEXT as `awk' program source code. This option allows CONVFMT conversion format used when converting numbers
mixing command line source code with source code from files, and is (default %.6g)
particularly useful for mixing command line programs with library
functions. FS regular expression used to separate fields; also
settable by option -Ffs.
Signal the end of options. This is useful to allow further NF number of fields in the current record
arguments to the `awk' program itself to start with a `-'. This
is mainly for consistency with POSIX argument parsing conventions. NR ordinal number of the current record

'Program' FNR ordinal number of the current record in the current

A series of patterns and actions: see below file

Input-File FILENAME the name of the current input file

Bash programming for linux | 15

awk 'BEGIN { for (i = 1; i <= 7; i++)
RS input record separator (default newline) print int(101 * rand()) }'
Print the total number of bytes used by FILES:
OFS output field separator (default blank) ls -lg FILES | awk '{ x += $5 } ; END { print "total bytes: " x }'
ORS output record separator (default newline)
Print the average file size of all .PNG files within a directory:
ls -l *.png | gawk '{sum += $5; n++;} END {print sum/n;}'
OFMT output format for numbers (default %.6g) Print a sorted list of the login names of all users:
awk -F: '{ print $1 }' /etc/passwd | sort
SUBSEP separates multiple subscripts (default 034) Count the lines in a file:
awk 'END { print NR }' data
ARGC argument count, assignable Print the even numbered lines in the data file. If you were to use the expression 'NR % 2 == 1'
ARGV argument array, assignable; non-null members are instead, it would print the odd numbered lines.
taken as filenames awk 'NR % 2 == 0' data

ENVIRON array of
environment variables; subscripts are basename
Strip directory and suffix from filenames
In addition to simple pattern matching `awk' has a huge range of text and arithmetic Functions, Syntax
Variables and Operators. basename NAME [SUFFIX]
`gawk' will ignore newlines after any of the following:
, { ? : || && do else basename OPTION
Comments - start with a `#', and continue to the end of the line: --help
# This program prints a nice friendly message Display help
Print the Row Number (NR), then a dash and space ("- ") and then the first item ($1) from each --version
line in samplefile.txt: Output version information and exit
$ awk '{print NR "- " $1 }' samplefile.txt basename will print NAME with any leading directory components removed. If specified, it will
Print the first item ($1) and then the third last item $(NF-2) from each line in samplefile.txt: also remove a trailing SUFFIX (typically a file extention).
$ awk '{print $1, $(NF-2) }' samplefile.txt Examples
Print every line that has at least one field. This is an easy way to delete blank lines from a file (or A script to rename file extensions:
rather, to #BatchRenameExt
create a new file similar to the old file but from which the blank lines have been deleted) for file in *.$1; do
awk 'NF > 0' data.txt mv $file `basename $file $1`.$2
Comparison with grep: done
Running grep Dec against the following file listing would return the 3 rows shown in bold as it $ BatchRenameExt htm html
matches text in different places:
-rw-r--r-- 7 simon simon 12043 Jan 31 09:36 December.pdf bc
-rw-r--r-- 3 simon simon 1024 Dec 01 11:59 README An arbitrary precision calculator language
-rw-r--r-- 3 simon simon 5096 Nov 14 18:22 Decision.txt Syntax
bc options file...
Running awk '$6 == "Dec"'against the same file listing, the relational operator $6 matches the
exact field (column 6 = Month) so it will list only the December file: Options:
$ ls -l /tmp/demo | awk '$6 == "Dec"' -h, --help
Print the usage and exit.
Print the length of the longest input line:
awk '{ if (length($0) > max) max = length($0) }
file A file containing the calculations/functions to perform.
END { print max }' data
May be piped from standard input
Print seven random numbers from zero to 100, inclusive:

Bash programming for linux | 16

-i, --interactive length ( expression )
Force interactive mode.
The value of the length function is the number of significant digits in the expression.
-l, --mathlib read ( )
Define the standard math library. Read a number from the standard input, regardless of where the function occurs. Beware, this can
cause problems with the mixing of data and program in the standard input. The best use for this
-w, --warn
Give warnings for extensions to POSIX bc. function is in a previously written program that needs input from the user, but never allows
program code to be input from the user.
-s, --standard scale ( expression )
Process exactly the POSIX bc language. The number of digits after the decimal point in the expression.
-q, --quiet sqrt ( expression )
Do not print the normal GNU bc welcome. The square root of the expression.
Most standard math expressions are of course supported: + - / * % ^
-v, --version
Print the version number and copyright and quit.
++ var
bc is a language that supports arbitrary precision numbers with interactive execution of increment the variable by one and set the new value as the result of the expression.
statements. bc starts by processing code from all the files listed on the command line in the order var ++
listed. After all files have been processed, bc reads from the standard input. All code is executed The result of the expression is the value of the variable and the variable is then incremented by
as it is read. (If a file contains a command to halt the processor, bc will never read from the one.
standard input.) -- var
The most common use of bc is within a shell script, using a "here" document to pass the program decrement the variable by one and set the new value as the result of the expression.
details to bc.
Example shell script var --
#!/bin/bash The result of the expression is the value of the variable and the variable is then decremented by
# bcsample - An example of calculations with bc one.
if [ $# != 1 ]
echo "A number argument is required"
( expr )
exit Brackets alter the standard precedence to force the evaluation of an expression.
fi var = expr
The variable var is assigned the value of the expression.
scale=6 Relational expressions and Boolean operations are also legal, look at the full bc man page for
/* first we define the function */ more
define myfunc(x){ Comments
return(sqrt(x) + 10); /* In-line comments */
# single line comment. The end of line character is not part of the comment and is processed
/* then use the function to do the calculation*/ normally.
"Processing";x;" result is ";myfunc(x)
END-OF-INPUT Send job to background
echo "(to 6 decimal places)" bg [PID...]
Run the script above with:
$ chmod a+x bcsample If PID is specified, the jobs with the specified group ids are put in the
$ ./bcsample 125 background.
Standard functions supported by bc
Bash programming for linux | 17
Send the specified jobs to the background. A background job is executed simultaneously with Display a calendar
fish, and does not have access to the keyboard. If no job is specified, the last job to be used is put Syntax
cal [-mjy] [[month] year]
in the background.
The PID of the desired process is usually found by using process expansion. Options:
Put the job with job id 0 in the background: -m Display monday as the first day of the week.
bg %0 -j Display julian dates (days one-based, numbered from January 1).

break -y Display a calendar for the current year.

Exit from a for, while, until, or select loop
A single parameter specifies the 4 digit year (1 - 9999) to be displayed.
break [n]
Two parameters denote the Month (1 - 12) and Year (1 - 9999).
If n is supplied, the nth enclosing loop is exited. n must be greater than or equal to 1.
If arguments are not specified, the current month is displayed.
The return status is zero unless n is not greater than or equal to 1.
A year starts on 01 Jan.
for myloop in 1 2 3 4 5
do Conditionally perform a command, case will selectively execute the command-list corresponding
echo -n "$myloop" to the first pattern that matches word.
if [ "$myloop" -eq 3 ] Syntax
then case word in [ [(] pattern [| pattern]...) command-list ;;]... esac
break # This line will break out of the loop
fi The `|' is used to separate multiple patterns, and the `)' operator terminates a pattern list. A
done list of patterns and an associated command-list is known as a clause. Each clause must be
break is a POSIX `special' builtin terminated with `;;'.

builtin The word undergoes tilde expansion, parameter expansion, command substitution, arithmetic
Run a shell builtin, passing it args, and return its exit status. expansion, and quote removal before matching is attempted. Each pattern undergoes tilde
SYNTAX expansion, parameter expansion, command substitution, and arithmetic expansion. There may be
builtin [shell-builtin [args]]
an arbitrary number of case clauses, each terminated by a `;;'. The first pattern that matches
This is useful when defining a shell function with the same name as a shell builtin, retaining the
determines the command-list that is executed.
functionality of the builtin within the function.
For example, to write a function to replace `cd'
that writes the hostname and current directory Here is an example using case in a script that could be used to describe one interesting feature of
to an xterm title bar: an animal:
echo -n "Enter the name of an animal: "
cd() read ANIMAL
echo -n "The $ANIMAL has "
{ case $ANIMAL in
horse | dog | cat) echo -n "four";;
builtin cd "$@" && xtitle "$HOST: $PWD" man | kangaroo ) echo -n "two";;
*) echo -n "an unknown number of";;
} esac
The return status is non-zero if shell-builtin is not a shell builtin command. echo " legs."

Bash programming for linux | 18
-P Do not follow symbolic links
cat If
-L Follow symbolic links (default)
directory is not given, the value of the HOME shell variable is used.
Display the contents of a file (concatenate)
cat [Options] [File]... If the shell variable CDPATH exists, it is used as a search path.
If directory begins with a slash, CDPATH is not used.
Concatenate FILE(s), or standard input, to standard output.

-A, --show-all equivalent to -vET If directory is `-', this will change to the previous directory location (equivalent to $OLDPWD ).
-b, --number-nonblank number nonblank output lines
The return status is zero if the directory is successfully changed, non-zero otherwise.
-e equivalent to -vE Examples

-E, --show-ends display $ at end of each line Move to the sybase folder
-n, --number number all output lines $ cd /usr/local/sybase
$ pwd
-s, --squeeze-blank never more than one single blank line /usr/local/sybase
-t equivalent to -vT
Change to another folder
-T, --show-tabs display TAB characters as ^I $ cd /var/log
$ pwd
-u (ignored)
-v, --show-nonprinting use ^ and M- notation, except for LFD and TAB
Quickly get back
--help display this help and exit $ cd -
--version output version information and exit
$ pwd
With no FILE, or when FILE is -, read standard input.
Examples: move up one folder
$ cd ..
Display a file $ pwd
$ cat myfile.txt /usr/local/
Concatenate two files:
$ cat file1.txt file2.txt > union.txt $ cd (Back to your home folder)
If you need to combine two files but also eliminate duplicates, this can be done with sort unique:
$ sort -u file1.txt file2.txt > unique_union.txt cfdisk
Put the contents of a file into a variable Curses based disk partition table manipulator for Linux
$ my_variable=`cat $myfile.txt` Syntax
cfdisk [ -agvz ] [ -c cylinders ] [ -h heads ]
cd [ -s sectors-per-track ] [ -P opt ] [ device ]

Change Directory - change the current working directory to a specific Folder. Options
Syntax -a Use an arrow cursor instead of reverse video
cd [Options] [Directory] for highlighting the current partition.


Bash programming for linux | 19

-g Do not use the geometry given by the disk driver, followed by the disk drive and its geometry. The partitions section always displays the current
but try to guess a geometry from the partition table.
partition table. The command line is the place where commands and text are entered. The
-v Print the version number and copyright. available commands are usually displayed in brackets. The warning line is usually empty except
when there is important information to be displayed. The current partition is highlighted with
-z Start with zeroed partition table. reverse video (or an arrow if the -a option is given). All partition specific commands apply to the
This option is useful when you want to repartition your entire disk.
Note: this option does not zero the partition table on the disk; current partition.
rather, it simply starts the program without reading the existing The format of the partition table in the partitions section is, from left to right: Name, Flags,
partition table. Partition Type, Filesystem Type and Size. The name is the partition device name. The flags can
-c cylinders be Boot, which designates a bootable partition or NC, which stands for "Not Compatible with
-h heads DOS or OS/2". DOS, OS/2 and possibly other operating systems require the first sector of the
first partition on the disk and all logical partitions to begin on the second head. This wastes the
-s sectors-per-track second through the last sector of the first track of the first head (the first sector is taken by the
Override the number of cylinders, heads and sectors per track read
from the BIOS.
partition table itself). cfdisk allows you to recover these "lost" sectors with the maximize
If your BIOS or adapter does not supply this information or if it command (m). Note: fdisk(8) and some early versions of DOS create all partitions with the
supplies incorrect number of sectors already maximized. For more information, see the maximize command below.
information, use these options to set the disk geometry values. The partition type can be one of Primary or Logical. For unallocated space on the drive, the
-P opt
Prints the partition table in specified formats.
partition type can also be Pri/Log, or empty (if the space is unusable). The filesystem type section
opt can be one or more of "r", "s" or "t". displays the name of the filesystem used on the partition, if known. If it is unknown, then
See the print command (below) for more information on the print Unknown and the hex value of the filesystem type are displayed. A special case occurs when there
formats. are sections of the disk drive that cannot be used (because all of the primary partitions are used).
device When this is detected, the filesystem type is displayed as Unusable. The size field displays the
Typical values: size of the partition in megabytes (by default). It can also display the size in sectors and cylinders
/dev/hda [default] (see the change units command below). If an asterisks (*) appears after the size, this means that
/dev/hdb the partition is not aligned on cylinder boundaries.
/dev/sdb DOS 6.x WARNING
/dev/sdc The DOS 6.x FORMAT command looks for some information in the first sector of the data area
/dev/sdd of the partition, and treats this information as more reliable than the information in the partition
In order to write the partition table cfdisk needs something called the `geometry' of the disk: the table. DOS FORMAT expects DOS FDISK to clear the first 512 bytes of the data area of a
number of `heads' and the number of `sectors per track'. Linux does not use any geometry, so if partition whenever a size change occurs. DOS FORMAT will look at this extra information even
the disk will not be accessed by other operating systems, you can safely accept the defaults that if the /U flag is given -- we consider this a bug in DOS FORMAT and DOS FDISK.
cfdisk chooses for you. The geometry used by cfdisk is found as follows. First the partition table The bottom line is that if you use cfdisk or fdisk to change the size of a DOS partition table entry,
is examined, to see what geometry was used by the previous program that changed it. If the then you must also use dd to zero the first 512 bytes of that partition before using DOS FORMAT
partition table is empty, or contains garbage, or does not point at a consistent geometry, the kernel to format the partition. For example, if you were using cfdisk to make a DOS partition table entry
is asked for advice. If nothing works 255 heads and 63 sectors/track is assumed. The geometry for /dev/hda1, then (after exiting fdisk or cfdisk and rebooting Linux so that the partition table
can be overridden on the command line or by use of the `g' command. When partitioning an information is valid) you would use the command "dd if=/dev/zero of=/dev/hda1 bs=512
empty large modern disk, picking 255 heads and 63 sectors/track is always a good idea. There is count=1" to zero the first 512 bytes of the partition. Note:
no need to set the number of cylinders, since cfdisk knows the disk size. BE EXTREMELY CAREFUL if you use the dd command, since a small typo can make all of
Next, cfdisk tries to read the current partition table from the disk drive. If it is unable to figure out the data on your disk useless.
the partition table, an error is displayed and the program will exit. This might also be caused by For best results, you should always use an OS-specific partition table program. For example, you
incorrect geometry information, and can be overridden on the command line. Another way around should make DOS partitions with the DOS FDISK program and Linux partitions with the Linux
this problem is with the -z option. This will ignore the partition table on the disk. fdisk or Linux cfdisk program.
The main display is composed of four sections, from top to bottom: the header, the partitions, the
command line and a warning line. The header contains the program name and version number
Bash programming for linux | 20
Commands cfdisk commands can be entered by pressing the desired key (pressing Enter after to place the partition. After the partition is created, cfdisk automatically adjusts the other
the command is not necessary). Here is a list of the available commands: partition's partition types if all of the primary partitions are used.
b p
Toggle bootable flag of the current partition. This allows you to select which primary partition is Print the partition table to the screen or to a file. There are several different formats for the
bootable on the drive. partition that you can choose from:
d r
Delete the current partition. This will convert the current partition into free space and merge it Raw data format (exactly what would be written to disk)
with any free space immediately surrounding the current partition. A partition already marked as s
free space or marked as unusable cannot be deleted. Partition table in sector order format
g t
Change the disk geometry (cylinders, heads, or sectors-per-track). WARNING: This option should Partition table in raw format
only be used by people who know what they are doing. A command line option is also available The raw data format will print the sectors that would be written to disk if a write
to change the disk geometry. While at the change disk geometry command line, you can choose command is selected. First, the primary partition table is printed, followed by the
to change cylinders (c), heads (h), and sectors per track (s). The default value will be printed at partition tables associated with each logical partition. The data is printed in hex byte by
the prompt which you can accept by simply pressing the Enter key, or you can exit without byte with 16 bytes per line.
changes by pressing the ESC key. If you want to change the default value, simply enter the The partition table in sector order format will print the partition table ordered by sector
desired value and press Enter. The altered disk parameter values do not take effect until you number. The fields, from left to right, are the number of the partition, the partition type,
return the main menu (by pressing Enter or ESC at the change disk geometry command line. If the first sector, the last sector, the offset from the first sector of the partition to the start
you change the geometry such that the disk appears larger, the extra sectors are added at the of the data, the length of the partition, the filesystem type (with the hex value in
end of the disk as free space. If the disk appears smaller, the partitions that are beyond the new parenthesis), and the flags (with the hex value in parenthesis). In addition to the primary
last sector are deleted and the last partition on the drive (or the free space at the end of the and logical partitions, free and unusable space is printed and the extended partition is
drive) is made to end at the new last sector.
printed before the first logical partition.
If a partition does not start or end on a cylinder boundary or if the partition length is not
Print the help screen.
divisible by the cylinder size, an asterisks (*) is printed after the non-aligned sector
Maximize disk usage of the current partition. This command will recover the the unused space
number/count. This usually indicates that a partition was created by an operating system
between the partition table and the beginning of the partition, but at the cost of making the that either does not align partitions to cylinder boundaries or that used different disk
partition incompatible with DOS, OS/2 and possibly other operating systems. This option will geometry information. If you know the disk geometry of the other operating system, you
toggle between maximal disk usage and DOS, OS/2, etc. compatible disk usage. The default when could enter the geometry information with the change geometry command (g).
creating a partition is to create DOS, OS/2, etc. compatible partitions. For the first partition on the disk and for all logical partitions, if the offset from the
n beginning of the partition is not equal to the number of sectors per track (i.e., the data
Create new partition from free space. If the partition type is Primary or Logical, a partition of that does not start on the first head), a number sign (#) is printed after the offset. For the
type will be created, but if the partition type is Pri/Log, you will be prompted for the type you remaining partitions, if the offset is not zero, a number sign will be printed after the
want to create. Be aware that (1) there are only four slots available for primary partitions and (2) offset. This corresponds to the NC flag in the partitions section of the main display.
since there can be only one extended partition, which contains all of the logical drives, all of the The partition table in raw format will print the partition table ordered by partition
logical drives must be contiguous (with no intervening primary partition). cfdisk next prompts number. It will leave out all free and unusable space. The fields, from left to right, are
you for the size of the partition you want to create. The default size, equal to the entire free the number of the partition, the flags (in hex), the starting head, sector and cylinder, the
space of the current partition, is display in megabytes. You can either press the Enter key to filesystem ID (in hex), the ending head, sector and cylinder, the starting sector in the
accept the default size or enter a different size at the prompt. cfdisk accepts size entries in partition and the number of sectors in the partition. The information in this table can be
megabytes (M) [default], kilobytes (K), cylinders (C) and sectors (S) by entering the number directly translated to the raw data format.
immediately followed by one of (M, K, C or S). If the partition fills the free space available, the The partition table entries only have 10 bits available to represent the starting and ending
partition is created and you are returned to the main command line. Otherwise, the partition can cylinders. Thus, when the absolute starting (ending) sector number is on a cylinder
be created at the beginning or the end of the free space, and cfdisk will ask you to choose where greater than 1023, the maximal values for starting (ending) head, sector and cylinder are
printed. This is the method used by OS/2, and thus fixes the problems associated with

Bash programming for linux | 21

OS/2's fdisk rewriting the partition table when it is not in this format. Since Linux and
OS/2 use absolute sector counts, the values in the starting and ending head, sector and
cylinder are not used. -c
q --changes
Quit program. This will exit the program without writing any data to disk. Verbosely describe the action for each File whose group actually
t changes.
Change the filesystem type. By default, new partitions are created as Linux partitions, but since -f
cfdisk can create partitions for other operating systems, change partition type allows you to --silent
enter the hex value of the filesystem you desire. A list of the know filesystem types is displayed. --quiet
You can type in the filesystem type at the prompt or accept the default filesystem type [Linux]. Do not print error messages about files whose group cannot be
Change units of the partition size display. It will rotate through megabytes, sectors and cylinders. -f
W --no-dereference
Write partition table to disk (must enter an upper case W). Since this might destroy data on the Act on symbolic links themselves instead of what they point to.
disk, you must either confirm or deny the write by entering `yes' or `no'. If you enter `yes', cfdisk Only available if the `lchown' system call is provided.
will write the partition table to disk and the tell the kernel to re-read the partition table from the --reference=FILE
disk. The re-reading of the partition table works is most cases, but I have seen it fail. Don't panic. Use the group of the reference FILE instead of an explicit GROUP.
It will be correct after you reboot the system. In all cases, I still recommend rebooting the
system--just to be safe. -v
Up Arrow --verbose
Verbosely describe the action or non-action taken for every File.
Down Arrow
Move cursor to the previous or next partition. If there are more partitions than can be displayed -R
on a screen, you can display the next (previous) set of partitions by moving down (up) at the last --recursive
(first) partition displayed on the screen. Recursively change the group ownership of directories and their
Redraws the screen. In case something goes wrong and you cannot read anything, you can Example
refresh the screen from the main command line.
? Make Oracle the owner of the database directory
Print the help screen. $ chgrp oracle /usr/database
All of the commands can be entered with either upper or lower case letters (except for
Writes). When in a sub-menu or at a prompt to enter a filename, you can hit the ESC key chmod
to return to the main command line. Change access permissions, change mode.
EXIT STATUS chmod [Options]... Mode [,Mode]... file...
0: No errors; 1: Invocation error; 2: I/O error; 3: cannot get geometry; 4: bad partition table on disk.
BUGS chmod [Options]... Numeric_Mode file...
The current version does not support multiple disks. chmod [Options]... --reference=RFile file...

chgrp Options
Change group ownership -f, --silent, --quiet suppress most error messages

-v, --verbose output a diagnostic for every file processed

'chgrp' changes the group ownership of each given File to Group (which can be either a group -c, --changes like verbose but report only when a change is made
name or a numeric group id) or to match the same group as an existing reference file.
Syntax --reference=RFile use RFile's mode instead of MODE values
chgrp [Options]... {Group | --reference=File} File...

Bash programming for linux | 22

-R, --recursive change files and directories recursively chmod 010 file - execute by group
--help display help and exit
chmod 001 file - execute by world
To combine these, just add the numbers together:
--version output version information and exit chmod 444 file - Allow read permission to owner and group and world
chmod changes the permissions of each given file according to mode, where mode describes the chmod 777 file - Allow everyone to read, write, and execute file
permissions to modify. Mode can be specified with octal numbers or with letters. Using letters is Symbolic Mode
easier to understand for most people. The format of a symbolic mode is a combination of the letters +-= rwxXstugoa
Permissions: 751 Multiple symbolic operations can be given, separated by commas.
The full syntax is [ugoa...][[+-=][rwxXstugo...]...][,...] but this is explained below.
owner group other
A combination of the letters ugoa controls which users' access to the file will be changed:
User letter
write The user who owns it u
Other users in the file's Group g
Other users not in the file's group o
Numeric mode: All users a
From one to four octal digits
If none of these are given, the effect is as if a were given, but bits that are set in the umask are not
Any omitted digits are assumed to be leading zeros.
The first digit = selects attributes for the set user ID (4) and set group ID (2) and save text image
All users a is effectively user + group + others
The second digit = permissions for the user who owns the file: read (4), write (2), and execute (1)
The operator '+' causes the permissions selected to be added to the existing permissions of each
The third digit = permissions for other users in the file's group: read (4), write (2), and execute (1)
file; '-' causes them to be removed; and '=' causes them to be the only permissions that the file has.
The fourth digit = permissions for other users NOT in the file's group: read (4), write (2), and
execute (1)
The letters 'rwxXstugo' select the new permissions for the affected users:
The octal (0-7) value is calculated by adding up the values for each digit
User (rwx) = 4+2+1 = 7 Permission letter
Group(rx) = 4+1 = 5 Read r
World (rx) = 4+1 = 5 Write w
chmode mode = 0755 Execute (or access for directories) x
Execute only if the file is a directory
chmod 400 file - Read by owner (or already has execute permission for some user)
chmod 040 file - Read by group Set user or group ID on execution s
chmod 004 file - Read by world Save program text on swap device t

chmod 200 file - Write by owner u

The permissions that the User who owns the file currently has for it
chmod 020 file - Write by group
chmod 002 file - Write by world The permissions that other users in the file's Group have for it g
Permissions that Other users not in the file's group have for it o
chmod 100 file - execute by owner

Bash programming for linux | 23

Examples OWNER
If only an OWNER (a user name or numeric user id) is given, that
Deny execute permission to everyone: user is made the owner of each given file, and the files' group is
chmod a-x file not changed.

Allow read permission to everyone: OWNER.GROUP

chmod a+r file If the OWNER is followed by a colon or dot and a GROUP (a group
name or numeric group id), with no spaces between them, the group
Make a file readable and writable by the group and others: ownership of the files is changed as well (to GROUP).
chmod go+rw file
Make a shell script executable by the user/owner OWNER:
$ chmod u+x If a colon or dot but no group name follows OWNER, that user is
made the owner of the files and the group of the files is changed
to OWNER's login group.
Allow everyone to read, write, and execute the file and turn on the set group-ID:
chmod =rwx,g+s file .GROUP
Notes: If the colon or dot and following GROUP are given, but the owner
is omitted, only the group of the files is changed; in this case,
When chmod is applied to a directory: `chown' performs the same function as `chgrp'.
read = list files in the directory
write = add new files to the directory OPTIONS:
execute = access files in the directory
chmod never changes the permissions of symbolic links. This is not a problem since the Verbosely describe the action for each FILE whose ownership
permissions of symbolic links are never used. However, for each symbolic link listed on the actually changes.
command line, chmod changes the permissions of the pointed-to file. In contrast, chmod ignores
symbolic links encountered during recursive directory traversals. Do not act on symbolic links themselves but rather on what they
This page documents the GNU version of chmod. point to.

chown -f
Change owner, change the user and/or group ownership of each given File to a new Owner. --quiet
Chown can also change the ownership of a file to match the user/group of an existing reference Do not print error messages about files whose ownership cannot be
file. changed.
chown [Options]... NewOwner File... -h
chown [Options]... :Group File... Act on symbolic links themselves instead of what they point to.
This is the default. This mode relies on the `lchown' system call.
chown [Options]... --reference=RFILE File... On systems that do not provide the `lchown' system call, `chown'
fails when a file specified on the command line is a symbolic link.
If used, NewOwner specifies the new owner and/or group as follows By default, no diagnostic is issued for symbolic links encountered
(with no embedded white space): during a recursive traversal, but see `--verbose'.

[OWNER] [ [:.] [GROUP] ] --reference=FILE

Use the user and group of the reference FILE instead of an explicit
Some examples of how the owner/group can be specified: NewOwner value.


Bash programming for linux | 24

--recursive the appropriate entry as specified by the default values in
Recursively change ownership of directories and their contents. the init script. Note that default entries in LSB-delimited
'INIT INFO' sections take precedence over the default runlevels
-v in the initscript.
--verbose --del name
Verbosely describe the action (or non-action) taken for every FILE. Delete the service from chkconfig management, and remove any
If a symbolic link is encountered during a recursive traversal on links in /etc/rc[0-6].d which pertain to it.
a system without the `lchown' system call, and `--no-dereference'
is in effect, then issue a diagnostic saying neither the symbolic Note that future package installs for this service may
link nor its referent is being changed. run chkconfig --add, which will re-add such links.
To disable a service, run chkconfig name off.
chroot --list name
Run a command with a different root directory List all of the services which chkconfig knows about, and
'chroot' runs a command with a specified root directory. On many systems, only the super-user whether they are stopped or started in each runlevel.
can do this. If name is specified, information is only displayed about service
SYNTAX name.
chroot NEWROOT [COMMAND [ARGS]...] chkconfig provides a simple command-line tool for maintaining the /etc/rc[0-6].d directory
hierarchy by relieving system administrators of the task of directly manipulating the numerous
chroot OPTION symbolic links in those directories.
Ordinarily, filenames are looked up starting at the root of the directory structure, i.e. '/' This implementation of chkconfig was inspired by the chkconfig command present in the IRIX
operating system. Rather than maintaining configuration information outside of the /etc/rc[0-6].d
'chroot' changes the root to the directory NEWROOT (which must exist) and then runs hierarchy, however, this version directly manages the symlinks in /etc/rc[0-6].d. This leaves all of
COMMAND with optional ARGS. the configuration information regarding what services init starts in a single location.
chkconfig has five distinct functions: adding new services for management, removing services
If COMMAND is not specified, the default is the value of the `SHELL' environment variable or from management, listing the current startup information for services, changing the startup
`/bin/sh' if not set, invoked with the `-i' option. information for services, and checking the startup state of a particular service.
When chkconfig is run without any options, it displays usage information. If only a service name
The only options are `--help' and `--version' is given, it checks to see if the service is configured to be started in the current runlevel. If it is,
chkconfig chkconfig returns true; otherwise it returns false. The --level option may be used to have
chkconfig query an alternative runlevel rather than the current one.
Update and query runlevel information for system services. If one of on, off, or reset is specified after the service name, chkconfig changes the startup
chkconfig --list [name] information for the specified service. The on and off flags cause the service to be started or
chkconfig --add name stopped, respectively, in the runlevels being changed. The reset flag resets the startup information
chkconfig --del name for the service to whatever is specified in the init script in question.
chkconfig [--level levels] name <on|off|reset>
chkconfig [--level levels] name
By default, the on and off options affect only runlevels 2, 3, 4, and 5, while reset affects all of the
runlevels. The --level option may be used to specify which runlevels are affected.
Options: Note that for every service, each runlevel has either a start script or a stop script. When switching
--level levels runlevels, init will not re-start an already-started service, and will not re-stop a service that is not
The run levels an operation should pertain to.
Given as a string of numbers from 0 to 7. running.
For example, --level 35 specifies runlevels 3 and 5. chkconfig also can manage xinetd scripts via the means of xinetd.d configuration files. Note that
only the on, off, and --list commands are supported for xinetd.d services.
--add name Runlevel Files
Add a new service for management by chkconfig.
When a new service is added, chkconfig ensures that the Each service which should be manageable by chkconfig needs two or more commented lines
service has either a start or a kill entry in every runlevel. added to its init.d script. The first line tells chkconfig what runlevels the service should be started
If any runlevel is missing such an entry, chkconfig creates in by default, as well as the start and stop priority levels. If the service should not, by default, be

Bash programming for linux | 25

started in any runlevels, a - should be used in place of the runlevels list. The second line contains You can use the `cmp' command to show the offsets and line numbers where two files differ.
a description for the service, and may be extended across multiple lines with backslash `cmp' can also show all the characters that differ between the two files, side by side.
continuation. Syntax
cmp options... FromFile [ToFile]
For example, random.init has these three lines:
# chkconfig: 2345 20 80 Options
# description: Saves and restores system entropy pool for \ Multiple single letter options (unless they take an argument)
# higher quality random number generation. can be combined into a single command line word:
so `-cl' is equivalent to -c -l.
This says that the random script should be started in levels 2, 3, 4, and 5, that its start priority
should be 20, and that its stop priority should be 80. You should be able to figure out what the -c
description says; the \ causes the line to be continued. The extra space in front of the line is Print the differing characters. Display control characters as a
ignored. `^' followed by a letter of the alphabet and precede characters
that have the high bit set with `M-' (which stands for "meta").
# List all the startup services, and sort alphabetically: --ignore-initial=BYTES
$ sudo chkconfig --list | sort | less Ignore any differences in the the first BYTES bytes of the input
files. Treat files with fewer than BYTES bytes as if they are
# List the finger service: empty.
$ sudo chkconfig --list finger
# query a service in /etc/rc.d, and see the service settings for each runlevel: Print the (decimal) offsets and (octal) values of all differing
$ sudo chkconfig --list anacron
anacron 0:off 1:off 2:on 3:on 4:on 5:on 6:off --print-chars
# Turn nscd off in runlevels 3, 4, and 5 Print the differing characters. Display control characters as a
$ sudo chkconfig --level 345 nscd off `^' followed by a letter of the alphabet and precede characters
that have the high bit set with `M-' (which stands for "meta").
cksum --quiet
Print CRC checksum and byte counts -s
Do not print anything; only return an exit status indicating
Computes a cyclic redundancy check (CRC) checksum for each given File, or standard input if whether the files differ.
none are given or for a File of -
Syntax --verbose
cksum [Option]... [File]... Print the (decimal) offsets and (octal) values of all differing
cksum prints the CRC checksum for each file along with the number of bytes in the file, and the bytes.
filename unless no arguments were given. -v
cksum is typically used to ensure that files transferred by unreliable means (e.g., netnews) have --version
not been corrupted, by comparing the cksum output for the received files with the cksum output Output the version number of `cmp'.
for the original files (typically given in the distribution).
The file name `-' is always the standard input. `cmp' also uses the
The CRC algorithm is specified by the POSIX.2 standard. It is not compatible with the BSD or standard input if one file name is omitted.
System V sum algorithms; it is more robust.
The only options are --help and --version. An exit status of 0 means no differences were found, 1 means some
differences were found, and 2 means trouble.
cmp Example
$ cmp tnsnames.ora tnsnames.old
Compare two files, and if they differ, tells the first byte and line number where they differ.
`cmp' reports the differences between two files character by character, instead of line by line. As a

Bash programming for linux | 26

result, it is more useful than `diff' for comparing binary files. For text files, `cmp' is useful mainly Run command with arguments ignoring any shell function named command.
when you want to know only whether two files are identical. SYNTAX
command [-pVv] command [arguments ...]

For files that are identical, `cmp' produces no output. When the files differ, by default, `cmp' OPTIONS
outputs the byte offset and line number where the first difference occurs. You can use the `-s' -P Use a default path
option to suppress that information, so that `cmp' produces no output and reports whether the files -v Verbose
-V More verbose
differ using only its exit status.
Only shell builtin commands or commands found by searching the PATH are executed. If there is a
Unlike `diff', `cmp' cannot compare directories; it can only compare two files.
shell function named ls, running `command ls' within the function will execute the external
comm command ls instead of calling the function recursively.
Common - compare two sorted files line by line and write to standard output:
the lines that are common, plus the lines that are unique. The `-p' option means to use a default value for $PATH that is guaranteed to find all of the
Syntax standard utilities. The return status in this case is 127 if command cannot be found or an error
comm [options]... File1 File2 occurred, and the exit status of command otherwise.
-1 suppress lines unique to file1 If either the `-V' or `-v' option is supplied, a description of command is printed. The `-v'
-2 suppress lines unique to file2 option causes a single word indicating the command or file name used to invoke command to be
-3 suppress lines that appear in both files displayed; the `-V' option produces a more verbose description. In this case, the return status is
A file name of `-' means standard input. zero if command is found, and non-zero if not.
Before `comm' can be used, the input files must be sorted using the collating sequence specified
by the 'LC_COLLATE' locale, with trailing newlines significant. If an input file ends in a non- continue
newline character, a newline is silently appended. The 'sort' command with no options always Resume the next iteration of an enclosing for, while, until, or select loop.
outputs a file that is suitable input to 'comm'. continue [n]
If n is supplied, the execution of the nth enclosing loop is resumed. n must be greater than or
With no options, `comm' produces three column output. Column one contains lines unique to equal to 1. The return status is zero unless n is not greater than or equal to 1.
FILE1, column two contains lines unique to FILE2, and column three contains lines common to Example
both files. Columns are separated by a single TAB character. for myloop in 1 2 3 4 5
The options -1, -2, and -3 suppress printing of the corresponding columns. if [ "$myloop" -eq 3 ]
continue # Skip rest of this particular loop iteration.
Unlike some other comparison utilities, `comm' has an exit status that does not depend on the fi
result of the comparison. Upon normal completion `comm' produces an exit code of zero. If there echo -n "$myloop"
is an error it exits with nonzero status. done
$ comm -23 <(sort words.txt | uniq) <(sort countries.txt | uniq)
If the file words.txt contains a subset of countries.txt then the above will return nothing. Copy one or more files to another location
If the file words.txt contains items that don't exist in countries.txt then the above will return those
unique items. Copy SOURCE to DEST, or multiple SOURCE(s) to DIRECTORY.
To return the lines that are in both words.txt and countries.txt use: cp [options]... Source Dest
$ comm -12 <(sort words.txt | uniq) <(sort countries.txt | uniq) cp [options]... Source... Directory

command Key

Bash programming for linux | 27

-a, --archive same as -dpR

-b, --backup make backup before removal

As a special case, cp makes a backup of SOURCE when the force and backup options are given
and SOURCE and DEST are the same name for an existing, regular file.
-d, --no-dereference preserve links Examples
Copy demofile to demofile.bak :
-f, --force remove existing destinations, never prompt
$ cp demofile demofile.bak
-i, --interactive prompt before overwrite or
$ cp demofile{,.bak}
-l, --link link files instead of copying Copy demofile.txt to demofile.bak :
-p, --preserve preserve file attributes if possible $ file="demofile.txt"
$ cp $file ${file%.*}.bak
-P, --parents append source path to DIRECTORY Copy floppy to home directory:
-r copy recursively, non-directories as files
$ cp -f /mnt/floppy/* ~

--sparse=WHEN control creation of sparse files cron

daemon to execute scheduled commands
-R, --recursive copy directories recursively Syntax
-s, --symbolic-link make symbolic links instead of copying
How to run the cron daemon: Cron should be started from /etc/rc or /etc/rc.local. It will return
-S, --suffix=SUFFIX override the usual backup suffix immediately, so you don't need to start it with '&'.
-u, --update copy only when the SOURCE file is newer What cron does
than the destination file or when the
destination file is missing Cron searches /var/spool/cron for crontab files which are named after accounts in /etc/passwd;
crontabs found are loaded into memory. Cron also searches for /etc/crontab and the files in the
-v, --verbose explain what is being done /etc/cron.d/ directory, which are in a different format.
Cron then wakes up every minute, examining all stored crontabs, checking each command to see
-V, --version-control=WORD override the usual version control
if it should be run in the current minute.
-x, --one-file-system stay on this file system
--help display this help and exit Modifying a cron job
--version output version information and exit.
To edit a users crontab entry, log into your system for that particular user and type crontab -e.
By default, sparse SOURCE files are detected by a crude heuristic and the corresponding DEST The default editor for the 'crontab -e' command is vi.
file is made sparse as well. Change the default editor by running: export VISUAL='editor'
That is the behavior selected by --sparse=auto.
Specify --sparse=always to create a sparse DEST file whenever the SOURCE file contains a long cron checks each minute to see if its spool directory's modtime (or the modtime on /etc/crontab)
enough sequence of zero bytes. has changed, and if it has, cron will then examine the modtime on all crontabs and reload those
which have changed. Thus cron need not be restarted whenever a crontab file is modfied. Note
Use --sparse=never to inhibit creation of sparse files. that the crontab command updates the modtime of the spool directory whenever it changes a
The backup suffix is ~, unless set with SIMPLE_BACKUP_SUFFIX.
Mailing output
Cron will email to the user all output of the commands it runs, to silence this, redirect the output
The version control may be set with VERSION_CONTROL, values are: t, numbered make to a log file or to /dev/null
numbered backups nil, existing numbered if numbered backups exist, simple otherwise never, You can also redirect email to the user named in the MAILTO environment variable in the
simple always make simple backups crontab, if such exists.
Bash programming for linux | 28
Cron comes from the word chronos, the Greek word for time. There are several ways of specifying multiple values in a field:
• The comma (',') operator specifies a list of values, for example: "1,3,4,7,8"
crontab (cron table) • The dash ('-') operator specifies a range of values, for example: "1-6", which is equivalent to
Schedule a command to run at a later time "1,2,3,4,5,6"
SYNTAX • The asterisk ('*') operator specifies all possible values for a field. e.g. every hour or every day.
crontab [ -u user ] file
crontab [ -u user ] { -l | -r | -e }
There is also an operator which some extended versions of cron support, the slash ('/') operator,
which can be used to skip a given number of values. For example, "*/3" in the hour time field is
Key equivalent to "0,3,6,9,12,15,18,21"; "*" specifies 'every hour' but the "/3" means that only the
-l List - display the current crontab entries. first, fourth, seventh...and such values given by "*" are used.
-r Remove the current crontab. Cron will email to the user all output of the commands it runs, to silence this, redirect the output
to a log file or to /dev/null
Edit the current crontab using the editor specified by the Example
VISUAL or EDITOR environment variables. Run /usr/bin/somecommand at 12.59 every day and supress the output (redirect to null)
After you exit from the editor, the modified crontab will be installed
Crontab is the program used to install, deinstall or list the tables used to drive the cron daemon in 59 12 * * * simon /usr/bin/somecommand >> /dev/null 2>&1
Vixie Cron. Permissions
Each user can have their own crontab, and though these are files in /var, they are not intended to If the allow file exists, then you must be listed therein in order to be allowed to use this command.
be edited directly. If the allow file does not exist but the deny file does exist, then you must not be listed in the deny
file in order to use this command. If neither of these files exists, then depending on site-dependent
If the -u option is given, it specifies the name of the user whose crontab is to be tweaked. If this configuration parameters, only the super user will be allowed to use this command, or all users
option is not given, crontab examines "your" crontab, i.e., the crontab of the person executing the will be able to use this command.
command. Note that su can confuse crontab and that if you are running inside of su you should
always use the -u option for safety's sake. csplit
Split a file into context-determined pieces.
cron file is used to install a new crontab from some named file or standard input if the pseudo- csplit [options]... INPUT PATTERN...
filename `-' is given. Creates zero or more output files containing sections of INPUT (standard input if INPUT is - ).
Each line in the cron table follows the following format: 7 fields left to right The contents of the output files are determined by the PATTERNarguments, as detailed below. An
Field Meaning error occurs if a PATTERN argument refers to a nonexistent line of the input file (e.g., if no
remaining line matches a given regular expression). After every PATTERN has been matched, any
1 Minute (0-59) remaining input is copied into one last output file.
2 Hour (2-24) By default, `csplit' prints the number of bytes written to each output file after it has been created.
The types of pattern arguments are:
3 Day of month (1-31)
4 Month (1-12, Jan, Feb, ...) Create an output file containing the input up to but not including
line N (a positive integer). If followed by a repeat count, also
Day of week (0-6) 0=Sunday, 1=Monday ... create an output file containing the next LINE lines of the input
5 file once for each repeat.
or Sun, Mon, Tue, Wed, Thur, Fri
6 User that the command will run as Create an output file containing the current line up to (but not
including) the next line of the input file that contains a match
7 Command to execute for REGEXP. The optional OFFSET is a `+' or `-' followed by a

Bash programming for linux | 29

positive integer. If it is given, the input up to the matching mark the first lines of each of the sections, the first output
line plus or minus OFFSET is put into the output file, and the file will generally be a zero-length file unless you use this
line after that begins the next section of input. option.) The output file sequence numbers always run
consecutively starting from 0, even when this option is specified.
Like the previous type, except that it does not create an output -s
file, so that section of the input file is effectively ignored. -q
{REPEAT-COUNT} --quiet
Repeat the previous pattern REPEAT-COUNT additional times. Do not print counts of output file sizes.
REPEAT-COUNT can either be a positive integer or an asterisk,
meaning repeat as many times as necessary until the input is
The output files' names consist of a prefix (`xx' by default) followed by a suffix. By default, the Divide a file into several parts (columns)
suffix is an ascending sequence of two-digit decimal numbers from `00' and up to `99'. In any Writes to standard output selected parts of each line of each input file, or standard input if no files
case, concatenating the output files in sorted order by filename produces the original input file. are given or for a file name of `-'.
cut [OPTION]... [FILE]...
By default, if `csplit' encounters an error or receives a hangup, interrupt, quit, or terminate signal, In the options below, BYTE-LIST, CHARACTER-LIST, and FIELD-LIST are one or more
it removes any output files that it has created so far before it exits. numbers or ranges (two numbers separated by a dash)
The program accepts the following options.

-f PREFIX Bytes, characters, and fields are are numbered starting at 1 and separated by commas.
--prefix=PREFIX Incomplete ranges may be given: -M means 1-M ; N- means N through end of line or last field.
Use PREFIX as the output file name prefix. Options

--suffix=SUFFIX --bytes=BYTE-LIST
Use SUFFIX as the output file name suffix. When this option is Print only the bytes in positions listed in BYTE-LIST. Tabs and
specified, the suffix string must include exactly one backspaces are treated like any other character; they take up 1
`printf(3)'-style conversion specification, possibly including byte.
format specification flags, a field width, a precision
specifications, or all of these kinds of modifiers. The format -c CHARACTER-LIST
letter must convert a binary integer argument to readable form; --characters=CHARACTER-LIST
thus, only `d', `i', `u', `o', `x', and `X' conversions are Print only characters in positions listed in CHARACTER-LIST. The
allowed. The entire SUFFIX is given (with the current output file same as `-b' for now, but internationalization will change that.
number) to `sprintf(3)' to form the file name suffixes for each of Tabs and backspaces are treated like any other character; they
the individual output files in turn. If this option is used, the take up 1 character.
`--digits' option is ignored.
--digits=DIGITS Print only the fields listed in FIELD-LIST. Fields are separated
Use output file names containing numbers that are DIGITS digits by a TAB character by default.
long instead of the default 2.
-k --delimiter=INPUT_DELIM_BYTE
--keep-files For `-f', fields are separated in the input by the first character
Do not remove output files when errors are encountered. in INPUT_DELIM_BYTE (default is TAB).

-z -n
--elide-empty-files Do not split multi-byte characters (no-op for now).
Suppress the generation of zero-length output files. (In cases
where the section delimiters of the input file are supposed to -s

Bash programming for linux | 30

--only-delimited attempt is made to assign a value to an array variable without using the compound assignment
For `-f', do not print lines that do not contain the field
separator character.
syntax , one of the names is not a valid shell variable name, an attempt is made to turn off
readonly status for a readonly variable, an attempt is made to turn off array status for an array
--output-delimiter=OUTPUT_DELIM_STRING variable, or an attempt is made to display a non-existent function with `-f'.
For `-f', output fields are separated by OUTPUT_DELIM_STRING The
default is to use the input delimiter.
Disk Free - display free disk space.
Parse out column 2 from a semicolon (;) delimited file:
With no arguments, `df' reports the space used and available on all currently mounted filesystems
$ cat myfile.txt | cut -d \; -f 2 > output.txt
(of all types). Otherwise, `df' reports on the filesystem containing each argument file.
declare SYNTAX
df [option]... [file]...
Declare variables and give them attributes.
SYNTAX Normally the disk space is printed in units of 1024 bytes, but this
declare [-afFrxi] [-p] [name[=value]] can be overridden.


-a Each name is an array variable. `-a'

-f Use function names only. Include in the listing filesystems that have a size of 0 blocks,
which are omitted by default. Such filesystems are typically
-F Inhibit the display of function definitions; special-purpose pseudo-filesystems, such as automounter entries.
only the function name and attributes are printed. Also, filesystems of type "ignore" or "auto", supported by some
(implies -f) operating systems, are only included if this option is specified.

-i The variable is to be treated as an integer; `-h'

arithmetic evaluation is performed when the `--human-readable'
variable is assigned a value. Append a size letter such as `M' for megabytes to each size.
Powers of 1024 are used, not 1000; `M' stands for 1,048,576 bytes.
-p Display the attributes and values of each name. Use the `-H' or `--si' option if you prefer powers of 1000.
When `-p' is used, additional options are ignored.
-r Make names readonly. These names cannot then `--si'
be assigned values by subsequent assignment statements Append a size letter such as `M' for megabytes to each size. (SI
or unset. is the International System of Units, which defines these letters
as prefixes.) Powers of 1000 are used, not 1024; `M' stands for
-x Mark each name for export to subsequent commands 1,000,000 bytes. Use the `-h' or `--human-readable' option if you
via the environment. prefer powers of 1024.
If no names are given, then `declare' will display the values of variables instead.
Using `+' instead of `-' turns off the attribute instead. `--inodes'
List inode usage information instead of block usage. An inode
When used in a function, declare makes each name local, as with the local command. (short for index node) is contains information about a file such
as its owner, permissions, timestamps, and location on the disk.

The typeset command is supplied for compatibility with the Korn shell; however, it has been `-k'
deprecated in favor of the declare builtin command. `--kilobytes'
Print sizes in 1024-byte blocks, overriding the default block size.
The return status is zero unless an invalid option is encountered, an attempt is made to define a `-l'
function using `-f foo=bar', an attempt is made to assign a value to a readonly variable, an `--local'

Bash programming for linux | 31

Limit the listing to local filesystems. By default, remote `pcfs'
filesystems are also listed. An MS-DOS filesystem, usually on a diskette.

`-m' `-x FSTYPE'

`--megabytes' `--exclude-type=FSTYPE'
Print sizes in megabyte (that is, 1,048,576-byte) blocks. Limit the listing to filesystems not of type FSTYPE. Multiple
filesystem types can be eliminated by giving multiple `-x'
`--no-sync' options. By default, no filesystem types are omitted.
Do not invoke the `sync' system call before getting any usage data.
This may make `df' run significantly faster on systems with many `-v'
disks, but on some systems (notably SunOS) the results may be Ignored; for compatibility with System V versions of `df'.
slightly out of date. This is the default. If an argument FILE is a disk device file containing a mounted filesystem, `df' shows the space
available on that filesystem rather than on the filesystem containing the device node (i.e., the root
`--portability' filesystem). GNU `df' does not attempt to determine the disk usage on unmounted filesystems,
Use the POSIX output format. This is like the default format because on most kinds of systems doing so requires extremely nonportable intimate knowledge of
except that the information about each filesystem is always filesystem structures.
printed on exactly one line; a mount device is never put on a line
by itself. This means that if the mount device name is more than
20 characters long (e.g., for some network mounts), the columns dig (domain information groper)
are misaligned. A flexible tool for interrogating DNS name servers. It performs DNS lookups and displays the
answers that are returned from the name server(s) that were queried. Most DNS administrators
Invoke the `sync' system call before getting any usage data. On use dig to troubleshoot DNS problems because of its flexibility, ease of use and clarity of output.
some systems (notably SunOS), doing this yields more up to date Other lookup tools tend to have less functionality than dig.
results, but in general this option makes `df' much slower, Syntax:
especially when there are many or very busy filesystems. dig [@server] [-b address] [-c class] [-f filename] [-k filename]
[-p port#] [-t type] [-x addr] [-y name:key] [-4] [-6]
`-t FSTYPE' [name] [type] [class] [queryopt...]
`--type=FSTYPE' dig [-h]
Limit the listing to filesystems of type FSTYPE. Multiple
filesystem types can be specified by giving multiple `-t' options. dig [global-queryopt...] [query...]
By default, nothing is omitted.
`--print-type' -b address
Print each filesystem's type. The types printed here are the same Set the source IP address of the query to address.
ones you can include or exclude with `-t' and `-x'. The particular This must be a valid address on one of the host's network interfaces or
types printed are whatever is supported by the system. Here are "" or "::".
some of the common names (this list is certainly not exhaustive): An optional port may be specified by appending "#"

`nfs' -c class
An NFS filesystem, i.e., one mounted over a network from Over-ride the default query class (IN for internet).
another machine. This is the one type name which seems to be class is any valid class, such as HS for Hesiod records or CH for
used uniformly by all systems. CHAOSNET records.

`4.2, ufs, efs...' -f filename

A filesystem on a locally-mounted hard disk. (The system Operate in batch mode by reading a list of lookup requests to process
might even support more than one type here; Linux does.) from a file.
The file contains a number of queries, one per line.
`hsfs, cdfs' Each entry in the file should be organised in the same way they would be
A filesystem on a CD-ROM drive. HP-UX uses `cdfs', most other presented
systems use `hsfs' (`hs' for `High Sierra'). as queries to dig using the command-line interface.

Bash programming for linux | 32

-p port# know the key and algorithm that is being used. In BIND, this is done by
Specify a non-standard port number to be queried, providing
default = the standard DNS port number 53. appropriate key and server statements in named.conf.
This option would be used to test a name server that has been configured
to listen for queries on a non-standard port number. -h Print a brief summary of the command-line arguments and options.
Although dig is normally used with command-line arguments, it also has a batch mode of
-4 Force dig to only use IPv4 query transport.
operation for reading lookup requests from a file. Unlike earlier versions, the BIND9
-6 Force dig to only use IPv6 query transport. implementation of dig allows multiple lookups to be issued from the command line.
Unless it is told to query a specific name server, dig will try each of the servers listed in
-t type /etc/resolv.conf
Set the query type to type, any valid query type which is supported in
BIND9. When no command line arguments or options are given, will perform an NS query for "." (the
The default query type "A", unless the -x option is supplied to indicate root).
a reverse lookup. It is possible to set per-user defaults for dig via ${HOME}/.digrc. This file is read and any
A zone transfer can be requested by specifying a type of AXFR. options in it are applied before the command line arguments.
When an incremental zone transfer (IXFR) is required, type is set to
ixfr=N. Examples
The incremental zone transfer will contain the changes made to the zone dig
since the dig SIG
serial number in the zone's SOA record was N.
dig MX
-x addr dig A
Reverse lookups - mapping addresses to names: addr is an IPv4 address in Test your DNS resolver's source port behavior:
dotted- dig +short TXT
decimal notation, or a colon-delimited IPv6 address. When this option is
there is no need to provide the name, class and type arguments. dig eject
automatically Eject removable media
performs a lookup for a name like and sets the Syntax
query type eject -h
and class to PTR and IN respectively. By default, IPv6 addresses are eject [-vnrsfmqp] [<name>]
looked up using eject [-vn] -d
nibble format under the IP6.ARPA domain. To use the older RFC1886 method eject [-vn] -a on|off|1|0 [<name>]
using the eject [-vn] -c slot [<name>]
IP6.INT domain specify the -i option. Bit string labels (RFC2874) are now eject [-vn] -t [<name>]
experimental eject [-vn] -T [<name>]
and are not attempted. eject [-vn] -x <speed> [<name>]
eject [-vn] -X [<name>]
-k filename eject -V
Sign the DNS queries sent by dig and their responses using transaction Description
(TSIG key file). You can also specify the TSIG key itself on the command Eject allows removable media (typically a CD-ROM, floppy disk, tape, or JAZ or ZIP disk) to be
line ejected under software control. The command can also control some multi-disc CD-ROM
using the -y option; name is the name of the TSIG key and key is the changers, the auto-eject feature supported by some devices, and close the disc tray of some CD-
actual key. ROM drives.
The key is a base-64 encoded string, typically generated by dnssec-
keygen(8). The device corresponding to <name> is ejected. The name can be a device file or mount point,
Caution should be taken when using the -y option on multi-user systems as either a full path or with the leading "/dev", "/media" or "/mnt" omitted. If no name is specified,
the key the default name "cdrom" is used.
can be visible in the output from ps(1 ) or in the shell's history file.
When using TSIG authentication with dig, the name server that is queried
There are four different methods of ejecting, depending on whether the device is a CD-ROM,
needs to SCSI device, removable floppy, or tape. By default eject tries all four methods in order until it
Bash programming for linux | 33
If the device is currently mounted, it is unmounted before ejecting. some drive may not correctly report the speed and therefore this option does not work with them.
Command-line Options
-h -n
Help - displays a brief description of the command options. With this option the selected device is displayed but no action is performed.

-v -r
This makes eject run in verbose mode; more information is displayed about what the command is This option specifies that the drive should be ejected using a CDROM eject command.
-d This option specifies that the drive should be ejected using SCSI commands.
If invoked with this option, eject lists the default device name.
-a on|1|off|0 This option specifies that the drive should be ejected using a removable floppy disk eject
This option controls the auto-eject mode, supported by some devices. When enabled, the drive command.
automatically ejects when the device is closed.
-c <slot> This option specifies that the drive should be ejected using a tape drive offline command.
With this option a CD slot can be selected from an ATAPI/IDE CD-ROM changer. Linux 2.0 or
higher is required to use this feature. The CD-ROM drive can not be in use (mounted data CD or -p
playing a music CD) for a change request to work. Please also note that the first slot of the This option allow you to use /proc/mounts instead /etc/mtab. It also passes the -n option to
changer is referred to as 0, not 1. umount(1).

-t -m
With this option the drive is given a CD-ROM tray close command. Not all devices support this This option allows eject to work with device drivers which automatically mount removable media
command. and therefore must be always mount()ed. The option tells eject
to not try to unmount the given device, even if it is mounted according to /etc/mtab or
-T /proc/mounts.
With this option the drive is given a CD-ROM tray close command if it's opened, and a CD-ROM
tray eject command if it's closed. Not all devices support this command, because it uses the above -V
CD-ROM tray close command. This option causes eject to display the program version and exit.
Long Options
-x <speed> All options have corresponding long names, as listed below. The long names can be abbreviated
With this option the drive is given a CD-ROM select speed command. The speed argument is a as long as they are unique.
number indicating the desired speed (e.g. 8 for 8X speed), or 0 for maximum data rate. Not all -h --help
devices support this command and you can only specify speeds that the drive is capable of. Every -v --verbose
time the media is changed this option is cleared. This option can be used alone, or with the -t and -d --default
-c options. -a --auto
-c --changerslot
-X -t --trayclose
With this option the CD-ROM drive will be probed to detect the available speeds. The output is a -T --traytoggle
list of speeds which can be used as an argument of the -x option. This only works with Linux -x --cdspeed
2.6.13 or higher, on previous versions solely the maximum speed will be reported. Also note that -X --listspeed

Bash programming for linux | 34

-n --noop If eject determines that the device can have multiple partitions, it will attempt to unmount all
-r --cdrom mounted partitions of the device before ejecting. If an unmount fails, the program will not attempt
-s --scsi to eject the media.
-f --floppy You can eject an audio CD. Some CD-ROM drives will refuse to open the tray if the drive is
-q --tape empty. Some devices do not support the tray close command.
-V --version If the auto-eject feature is enabled, then the drive will always be ejected after running this
-p --proc command. Not all Linux kernel CD-ROM drivers support the auto-eject mode. There is no way to
-m --no-unmount find out the state of the auto-eject mode.
Examples You need appropriate privileges to access the device files. Running as root or setuid root is
Eject the default device: required to eject some devices (e.g. SCSI devices).
eject The heuristic used to find a device, given a name, is as follows. If the name ends in a trailing
Eject a device or mount point named cdrom: slash, it is removed (this is to support filenames generated using shell file name completion). If
eject cdrom the name starts with '.' or '/', it tries to open it as a device file or mount point. If that fails, it tries
Eject using device name: prepending '/dev/', '/media/' ,'/mnt/', '/dev/cdroms', '/dev/rdsk/', '/dev/dsk/', and finally './' to the
eject /dev/cdrom name, until a device file or mount point is found that can be opened. The program checks
Eject using mount point: /etc/mtab for mounted devices. If that fails, it also checks /etc/fstab for mount points of currently
eject /mnt/cdrom/ unmounted devices.
Eject 4th IDE device: Creating symbolic links such as /dev/cdrom or /dev/zip is recommended so that eject can
eject hdd determine the appropriate devices using easily remembered names.
Eject first SCSI device: To save typing you can create a shell alias for the eject options that work for your particular
eject sda setup.
Eject using SCSI partition name (e.g. a ZIP drive):
eject sda4 nv
Select 5th disc on multi-disc changer: Display, set, or remove environment variables, Run a command in a modified environment.
eject -v -c4 /dev/cdrom Syntax
Turn on auto-eject on a SoundBlaster CD-ROM drive:
eject -a on /dev/sbpcd Options
Exit Status
Returns 0 if operation was successful, 1 if operation failed or command syntax was not valid. -u NAME
Notes Remove variable NAME from the environment, if it was in the
Eject only works with devices that support one or more of the four methods of ejecting. This environment.
includes most CD-ROM drives (IDE, SCSI, and proprietary), some SCSI tape drives, JAZ drives,
ZIP drives (parallel port, SCSI, and IDE versions), and LS120 removable floppies. Users have -
also reported success with floppy drives on Sun SPARC and Apple Macintosh systems. If eject --ignore-environment
does not work, it is most likely a limitation of the kernel driver for the device and not the eject Start with an empty environment, ignoring the inherited
program itself. environment.
The -r, -s, -f, and -q options allow controlling which methods are used to eject. More than one Arguments of the form `VARIABLE=VALUE' set the environment variable VARIABLE to
method can be specified. If none of these options are specified, it tries all four (this works fine in value VALUE.
most cases).
Eject may not always be able to determine if the device is mounted (e.g. if it has several names). VALUE may be empty (`VARIABLE='). Setting a variable to an empty value is different from
If the device name is a symbolic link, eject will follow the link and use the device that it points to. unsetting it.

Bash programming for linux | 35

The first remaining argument specifies the program name to invoke; it is searched for according Exit from a program, shell or log out of a Unix network.
to the `PATH' environment variable. Any remaining arguments are passed as arguments to that Syntax
If supported will exit you from the program, shell or log you out of network.
If no command name is specified following the environment specifications, the resulting If exit does not log you out you can also do logout, lo, bye, quit, also Ctrl-D may work.
environment is printed. This is like specifying a command name of `printenv'.

eval export
Evaluate several commands/arguments Set an environment variable. Mark each name to be passed to child processes in the environment.
export [-fn] [-p] [name[=value]]
eval [arguments]
The arguments are concatenated together into a single command, which is then read and Options
executed, and its exit status returned as the exit status of eval. If there are no arguments or only -f The names refer to shell functions;
empty arguments, the return status is zero. otherwise the names refer to shell variables
-n No longer mark each name for export.
-p Display output in a form that may be reused as input.
eval is a POSIX `special' builtin If no names are supplied, or if the `-p' option is given, a list of exported names is displayed.
exec The return status is zero unless an invalid option is supplied, one of the names is not a valid shell
variable name, or `-f' is supplied with a name that is not a shell function.
Execute a command export is a BOURNE shell command and a POSIX `special' builtin.
exec [-cl] [-a name] [command [arguments]]
Example - local variables
Options old_file=export.csv
-l Place a dash at the beginning of the zeroth arg passed to command. new_file=last.csv
(This is what the login program does.) mv $old_file $new_file
-c Causes command to be executed with an empty environment. Example - global variables
-a The shell passes name as the zeroth argument to command. mydepartment=Sales ; export mydepartment
If command is supplied, it replaces the shell without creating a new process. If no command is mycustomer='Brown Brothers' ; export mycustomer
specified, redirections may be used to affect the current shell environment.
If there are no redirection errors, the return status is zero; otherwise the return status is non-zero. Partition table manipulator for Linux
exec is a BOURNE shell command and a POSIX `special' builtin Syntax
fdisk [-u] device
To run an executable file or a shell script from the command line it is often not necessary to use
exec at all, just prefix the filename with ./ fdisk -l [-u] device ...
bash will only search the path not the current working directory for the file.
To execute a program/script in the current working directory use: fdisk -s partition ...
./file_name fdisk -v
./ScriptName Options
-u When listing partition tables, give sizes in sectors instead of
You may be tempted to 'fix' this by adding '.' to $PATH but this is widely considered to be a bad
idea for security reasons. -l List the partition tables for /dev/hd[a-d], /dev/sd[a-h],
/dev/ed[a-d], and then exit.
exit -s partition

Bash programming for linux | 36

The size of the partition (in blocks) is printed on the standard cylinders. The remaining space in the volume header may
output. be used by header directory entries. No partitions may
overlap with the volume header. Also do not change its
-v Print version number of fdisk program and exit. type and make some file system on it, since you will lose
the partition table. Use this type of label only when
Description working with Linux on IRIX/SGI machines or IRIX/SGI disks
Hard disks can be divided into one or more logical disks called partitions. This division is under Linux.
described in the partition table found in sector 0 of the disk. A DOS type partition table can describe an unlimited number of partitions. In sector 0 there is
room for the description of 4 partitions (called `primary'). One of these may be an extended
In the BSD world one talks about `disk slices' and a `disklabel'. partition; this is a box holding logical partitions, with descriptors found in a linked list of sectors,
each preceding the corresponding logical partitions. The four primary partitions, present or not,
Linux needs at least one partition, namely for its root file system. It can use swap files and/or get numbers 1-4. Logical partitions start numbering from 5.
swap partitions, but the latter are more efficient. So, usually one
will want a second Linux partition dedicated as swap partition. On Intel compatible hardware, the In a DOS type partition table the starting offset and the size of each partition is stored in two
BIOS that boots the system can often only access the first 1024 cylinders of the disk. For this ways: as an absoute number of sectors (given in 32 bits) and as a Cylinders/Heads/Sectors triple
reason people with large disks often create a third partition, just a few MB large, typically (given in 10+8+6 bits). The former is OK - with 512-byte sectors this will work up to 2 TB. The
mounted on /boot, to store the kernel image and a few auxiliary files needed at boot time, so as to latter has two different problems. First of all, these C/H/S fields can be filled only when the
make sure that this stuff is accessible to the BIOS. There may be reasons of security, ease of number of heads and the number of sectors per track are known. Secondly, even if we know what
administration and backup,or testing, to use more than the minimum number of partitions. these numbers should be, the 24 bits that are available do not suffice. DOS uses C/H/S only,
Windows uses both, Linux never uses C/H/S.
fdisk (in the first form of invocation) is a menu driven program for creation and manipulation of
partition tables. If possible, fdisk will obtain the disk geometry automatically. This is not necessarily the physical
It understands DOS type partition tables and BSD or SUN type disklabels. disk geometry (indeed, modern disks do not really have anything like a physical geometry,
The device is usually one of the following: certainly not something that can be described in simplistic Cylinders/Heads/Sectors form), but is
/dev/hda the disk geometry that MS-DOS uses for the partition table.
/dev/sdb Usually all goes well by default, and there are no problems if Linux is the only system on the
(/dev/hd[a-h] for IDE disks, /dev/sd[a-p] for SCSI disks, disk. However, if the disk has to be shared with other operating systems, it is often a good idea to
/dev/ed[a-d] for ESDI disks, /dev/xd[ab] for XT disks). A let an fdisk from another operating system make at least one partition. When Linux boots
device name refers to the entire disk.

The partition is a device name followed by a partition it looks at the partition table, and tries to deduce what(fake) geometry is required for good
number. For example, /dev/hda1 is the first partition on cooperation with other systems.
the first IDE hard disk in the system. IDE disks can have
up to 63 partitions, SCSI disks up to 15. See also
/usr/src/linux/Documentation/devices.txt. Whenever a partition table is printed out, a consistency check is performed on the partition table
entries. This check verifies that the physical and logical start and end points are identical, and that
A BSD/SUN type disklabel can describe 8 partitions, the the partition starts and ends on a cylinder boundary (except for the first partition).
third of which should be a `whole disk' partition. Do not
start a partition that actually uses its first sector
(like a swap partition) at cylinder 0, since that will Some versions of MS-DOS create a first partition which does not begin on a cylinder boundary,
destroy the disklabel. but on sector 2 of the first cylinder. Partitions beginning in cylinder 1 cannot begin on a cylinder
boundary, but this is unlikely to cause difficulty unless you have OS/2 on your machine.
An IRIX/SGI type disklabel can describe 16 partitions, the
eleventh of which should be an entire `volume' partition,
while the ninth should be labeled `volume header'. The A sync() and a BLKRRPART ioctl() (reread partition table from disk) are performed before
volume header will also cover the partition table, i.e., exiting when the partition table has been updated. Long ago it used to be necessary to reboot after
it starts at block zero and extends by default over five the use of fdisk. I do not think this is the case anymore - indeed, rebooting too quickly might

Bash programming for linux | 37

cause loss of not-yet-written data. Note that both the kernel and the disk hardware may buffer
The DOS 6.x FORMAT command looks for some information in the first sector of the data area The option find
of the partition, and treats this information as more reliable than the information in the partition Search a folder hierarchy for filename(s) that meet a desired criteria: Name, Size, File Type - see
table. DOS FORMAT expects DOS FDISK to clear the first 512 bytes of the data area of a examples.
partition whenever a size change occurs. DOS FORMAT will look at this extra information even Syntax
find [-H] [-L] [-P] [path...] [expression]
if the /U flag is given, we consider this a bug in DOS FORMAT and DOS FDISK.
GNU find searches the directory tree rooted at each given file name by evaluating the given
The bottom line is that if you use cfdisk or fdisk to change the size of a DOS partition table entry, expression from left to right, according to the rules of precedence (see Operators), until the
then you must also use dd to zero the first 512 bytes of that partition before using DOS FORMAT outcome is known (the left hand side is false for AND operations, true for OR), at which point
to format the partition. find moves on to the next file name.
For example, if you were using cfdisk to make a DOS partition table entry for /dev/hda1, then Options
(after exiting fdisk or cfdisk and rebooting Linux so that the partition table information is valid) The '-H', '-L' and '-P' options control the treatment of symbolic links. Command-line arguments
you would use the command "dd if=/dev/zero of=/dev/hda1 bs=512 count=1" to zero the first 512 following these are taken to be names of files or directories to be examined, up to the first
bytes of the partition. argument that begins with '-', '(', ')', ',', or '!'. That argument and any following arguments are
taken to be the expression describing what is to be searched for. If no paths are given, the current
BE EXTREMELY CAREFUL if you use the dd command, since a small typo can make all of the directory is used. If no expression is given, the expression '-print' is used (but you should
data on your disk useless. probably consider using '-print0' instead, anyway).
This manual page talks about 'options' within the expression list. These options control the
For best results, you should always use an OS-specific partition table program. For example, you behaviour of find but are specified immediately after the last path name. The three 'real' options '-
should make DOS partitions with the DOS FDISK program and Linux partitions with the Linux H', '-L' and '-P' must appear before the first path name, if at all.
fdisk or Linux cfdisk program. -P
BUGS Never follow symbolic links. This is the default behaviour. When find examines or prints
There are several *fdisk programs around. Each has its problems and strengths. information a file, and the file is a symbolic link, the information used shall be taken from the
Try them in the order cfdisk, fdisk, sfdisk. (Indeed, cfdisk is a beautiful program that has strict properties of the symbolic link itself.
requirements on the partition tables it accepts, and produces high quality partition tables. Use it if -L
you can. Follow symbolic links. When find examines or prints information about files, the information
fdisk is a buggy program that does fuzzy things - usually it happens to produce reasonable results. used shall be taken from the properties of the file to which the link points, not from the link itself
Its single advantage is that it has some support for BSD disk labels and other non-DOS partition (unless it is a broken symbolic link or find is unable to examine the file to which the link points).
tables. Avoid it if you can. sfdisk is for hackers only - the user interface is terrible, but it is more Use of this option implies -noleaf. If you later use the -P option, -noleaf will still be in effect. If -
correct than fdisk and more powerful than both fdisk and cfdisk. Moreover, it can be used L is in effect and finddiscovers a symbolic link to a subdirectory during its search, the
noninteractively.) subdirectory pointed to by the symbolic link will be searched.
When the -L option is in effect, the -type predicate will always match against the type of the file
The IRIX/SGI type disklabel is currently not that a symbolic link points to rather than the link itself (unless the symbolic link is broken). Using
-L causes the -lname and -ilname predicates always to return false.
supported by the kernel. Moreover, IRIX/SGI -H
Do not follow symbolic links, except while processing the command line arguments. When find
header directories are not fully supported yet. examines or prints information about files, the information used shall be taken from the properties
of the symbolic link itself. The only exception to this behaviour is when a file specified on the
command line is a symbolic link, and the link can be resolved. For that situation, the information
used is taken from whatever the link points to (that is, the link is followed). The information
about the link itself is used as a fallback if the file pointed to by the symbolic link cannot be
Bash programming for linux | 38
examined. If -H is in effect and one of the paths specified on the command line is a symbolic link -follow
to a directory, the contents of that directory will be examined (though of course -maxdepth 0 Deprecated; use the -L option instead. Dereference symbolic links. Implies -noleaf. The -follow
would prevent this). option affects only those tests which appear after it on the command line. Unless the -H or -L
If more than one of -H, -L and -P is specified, each overrides the others; the last one appearing on option has been specified, the position of the -follow option changes the behaviour of the -newer
the command line takes effect. Since it is the default, the -P option should be considered to be in predicate; any files listed as the argument of -newer will be dereferenced if they are symbolic
effect unless either -H or -L is specified. links. The same consideration applies to -anewer and -cnewer. Similarly, the -type predicate will
GNU find frequently stats files during the processing of the command line itself, before any always match against the type of the file that a symbolic link points to rather than the link itself.
searching has begun. These options also affect how those arguments are processed. Specifically, Using -follow causes the -lname and -ilname predicates always to return false.
there are a number of tests that compare files listed on the command line against a file we are -help, --help
currently considering. In each case, the file specified on the command line will have been Print a summary of the command-line usage of find and exit.
examined and some of its properties will have been saved. If the named file is in fact a symbolic -ignore_readdir_race
link, and the -P option is in effect (or if neither -H nor -L were specified), the information used Normally, find will emit an error message when it fails to stat a file. If you give this option and a
for the comparison will be taken from the properties of the symbolic link. Otherwise, it will be file is deleted between the time findreads the name of the file from the directory and the time it
taken from the properties of the file the link points to. If find cannot follow the link (for example tries to stat the file, no error message will be issued. This also applies to files or directories whose
because it has insufficient privileges or the link points to a nonexistent file) the properties of the names are given on the command line. This option takes effect at the time the command line is
link itself will be used. read, which means that you cannot search one part of the filesystem with this option on and part
When the -H or -L options are in effect, any symbolic links listed as the argument of -newer will of it with this option off (if you need to do that, you will need to issue two find commands
be dereferenced, and the timestamp will be taken from the file to which the symbolic link points. instead, one with the option and one without it).
The same consideration applies to -anewer and -cnewer. -maxdepth levels
The -follow option has a similar effect to -L, though it takes effect at the point where it appears Descend at most levels (a non-negative integer) levels of directories below the command line
(that is, if -L is not used but -follow is, any symbolic links appearing after -follow on the arguments. '-maxdepth 0' means only apply the tests and actions to the command line arguments.
command line will be dereferenced, and those before it will not). -mindepth levels
Expressions Do not apply any tests or actions at levels less than levels (a non-negative integer). '-mindepth 1'
The expression is made up of options (which affect overall operation rather than the processing means process all files except the command line arguments.
of a specific file, and always return true), tests (which return a true or false value), and actions -mount
(which have side effects and return a true or false value), all separated by operators. -and is Don't descend directories on other filesystems. An alternate name for -xdev, for compatibility
assumed where the operator is omitted. with some other versions of find.
If the expression contains no actions other than -prune, -print is performed on all files for which -noignore_readdir_race
the expression is true. Turns off the effect of -ignore_readdir_race.
All options always return true. Except for -follow and -daystart, they always take effect, rather -noleaf
than being processed only when their place in the expression is reached. Therefore, for clarity, it Do not optimize by assuming that directories contain 2 fewer subdirectories than their hard link
is best to place them at the beginning of the expression. A warning is issued if you don't do this. count. This option is needed when searching filesystems that do not follow the Unix directory-
-daystart link convention, such as CD-ROM or MS-DOS filesystems or AFS volume mount points. Each
Measure times (for -amin, -atime, -cmin, -ctime, -mmin, and -mtime) from the beginning of today directory on a normal Unix filesystem has at least 2 hard links: its name and its '.' entry.
rather than from 24 hours ago. This option only affects tests which appear later on the command Additionally, its subdirectories (if any) each have a '..' entry linked to that directory. When find is
line. examining a directory, after it has statted 2 fewer subdirectories than the directory's link count, it
-depth knows that the rest of the entries in the directory are non-directories ('leaf' files in the directory
Process each directory's contents before the directory itself. tree). If only the files' names need to be examined, there is no need to stat them; this gives a
-d significant increase in search speed.
A synonym for -depth, for compatibility with FreeBSD, NetBSD, MacOS X and OpenBSD. -regextype type
Changes the regular expression syntax understood by -regex and -iregex tests which occur later

Bash programming for linux | 39

on the command line. Currently-implemented types are emacs (this is the default), posix-awk, or another is: ufs, 4.2, 4.3, nfs, tmp, mfs, S51K, S52K. You can use -printf with the %F directive
posix-basic, posix-egrep and posix-extended. to see the types of your filesystems.
-version, --version -gid n File's numeric group ID is n.
Print the find version number and exit. -group gname File belongs to group gname (numeric group ID allowed).
-warn, -nowarn -ilname pattern Like -lname, but the match is case insensitive. If the -L option or the -follow
Turn warning messages on or off. These warnings apply only to the command line usage, not to option is in effect, this test returns false unless the symbolic link is broken.
any conditions that find might encounter when it searches directories. The default behaviour -iname pattern Like -name, but the match is case insensitive. For example, the patterns 'fo*' and
corresponds to -warn if standard input is a tty, and to -nowarn otherwise. 'F??' match the file names 'Foo', 'FOO', 'foo', 'fOo', etc. In these patterns, unlike filename
-xdev expansion by the shell, an initial '.' can be matched by '*'. That is, find -name *bar will match the
Don't descend directories on other filesystems. file '.foobar'. Please note that you should quotepatterns as a matter of course, otherwise the shell
TESTS will expand any wildcard characters in them.
Numeric arguments can be specified as -inum n File has inode number n. It is normally easier to use the -samefile test instead.
+n for greater than n, -ipath pattern Behaves in the same way as -iwholename. This option is deprecated, so please do
-n for less than n, not use it.
n for exactly n. -iregex pattern Like -regex, but the match is case insensitive.
-amin n File was last accessed n minutes ago. -iwholename pattern Like -wholename, but the match is case insensitive.
-anewer file File was last accessed more recently than file was modified. If file is a symbolic link -links n File has n links.
and the -H option or the -L option is in effect, the access time of the file it points to is always -lname pattern File is a symbolic link whose contents match shell pattern pattern. The
used. metacharacters do not treat '/' or '.' specially. If the -L option or the -follow option is in effect, this
test returns false unless the symbolic link is broken.
-atime n File was last accessed n*24 hours ago. When find figures out how many 24-hour periods -mmin n File's data was last modified n minutes ago. e.g. find . -mmin +5 -mmin -10 # find files
ago the file was last accessed, any fractional part is ignored: modifed between 5 and 10 minutes ago
+7 = more than 7 days ago -mtime n File's data was last modified n*24 hours ago. See the comments for -atime to
2 = between 2 and 3 days ago understand how rounding affects the interpretation of file modification times.
-2 = within the past 2 days -name pattern
+1 = more than 1 day old Base of file name (the path with the leading directories removed) matches shell pattern pattern.
1 = between 1 and 2 days ago The metacharacters ('*', '?', and '[]') match a '.' at the start of the base name (this is a change in
-1 = within the past 1 day findutils-4.2.2; see section STANDARDS CONFORMANCE below). To ignore a directory and
0 = within the past 1 day the files under it, use -prune; see an example in the description of -wholename. Braces are not
A file 47.99 hours old will round down to 1 day, for this to have matched -atime +1, the file recognised as being special, despite the fact that some shells including Bash imbue braces with a
would have to have been accessed more than one day ago i.e two days ago or longer. To match a special meaning in shell patterns. The filename matching is performed with the use of the
date range you can specify more than one test. fnmatch(3) library function. Don't forget to enclose the pattern in quotes in order to protect it
-cmin n File's status was last changed n minutes ago. from expansion by the shell.
-cnewer file File's status was last changed more recently than file was modified. If file is a -newer file File was modified more recently than file. If file is a symbolic link and the -H option
symbolic link and the -H option or the -L option is in effect, the status-change time of the file it or the -L option is in effect, the modification time of the file it points to is always used.
points to is always used. -nouser No user corresponds to file's numeric user ID.
-ctime n File's status was last changed n*24 hours ago. See the comments for -atime to -nogroup No group corresponds to file's numeric group ID.
understand how rounding affects the interpretation of file status change times. -path pattern See -wholename. The predicate -path is also supported by HP-UX find.
-empty File is empty and is either a regular file or a directory. -perm mode
-false Always false. File's permission bits are exactly mode (octal or symbolic). Since an exact match is required, if
-fstype type File is on a filesystem of type type. The valid filesystem types vary among different you want to use this form for symbolic modes, you may have to specify a rather complex mode
versions of Unix; an incomplete list of filesystem types that are accepted on some version of Unix string. For example '-perm g=w' will only match files which have mode 0020 (that is, ones for

Bash programming for linux | 40

which group write permission is the only permission set). It is more likely that you will want to b block (buffered) special
use the '/' or '-' forms, for example '-perm -g=w', which matches any file with group write c character (unbuffered) special
permission. See the EXAMPLES section for some illustrative examples. d directory
-perm -mode p named pipe (FIFO)
All of the permission bits mode are set for the file. Symbolic modes are accepted in this form, and f regular file
this is usually the way in which would want to use them. You must specify 'u', 'g' or 'o' if you use l symbolic link; this is never true if the -L option or the -follow option is in effect, unless the
a symbolic mode. See the EXAMPLES section for some illustrative examples. symbolic link is broken. If you want to search for symbolic links when -L is in effect, use -xtype.
-perm /mode s socket
Any of the permission bits mode are set for the file. Symbolic modes are accepted in this form. D door (Solaris)
You must specify 'u', 'g' or 'o' if you use a symbolic mode. See the EXAMPLES section for some -uid n File's numeric user ID is n.
illustrative examples. If no permission bits in mode are set, this test currently matches no files. -used n File was last accessed n days after its status was last changed.
However, it will soon be changed to match any file (the idea is to be more consistent with the -user uname File is owned by user uname (numeric user ID allowed).
behaviour of perm -000). -wholename pattern
-perm +mode File name matches shell pattern pattern. The metacharacters do not treat '/' or '.' specially; so, for
Deprecated, old way of searching for files with any of the permission bits in mode set. You example,
should use -perm /mode instead. Trying to use the '+' syntax with symbolic modes will yield find . -wholename './sr*sc'
surprising results. For example, '+u+x' is a valid symbolic mode (equivalent to +u,+x, i.e. 0111) will print an entry for a directory called './src/misc' (if one exists). To ignore a whole directory
and will therefore not be evaluated as -perm +mode but instead as the exact mode specifier - tree, use -prune rather than checking every file in the tree. For example, to skip the directory
perm mode and so it matches files with exact permissions 0111 instead of files with any execute 'src/emacs' and all files and directories under it, and print the names of the other files found, do
bit set. If you found this paragraph confusing, you're not alone - just use -perm /mode. This form something like this:
of the -perm test is deprecated because the POSIX specification requires the interpretation of a find . -wholename './src/emacs' -prune -o -print
leading '+' as being part of a symbolic mode, and so we switched to using '/' instead. -xtype c
-regex pattern The same as -type unless the file is a symbolic link. For symbolic links: if the -H or -P option was
File name matches regular expression pattern. This is a match on the whole path, not a search. For specified, true if the file is a link to a file of type c; if the -L option has been given, true if c is 'l'.
example, to match a file named './fubar3', you can use the regular expression '.*bar.' or '.*b.*3', In other words, for symbolic links, -xtype checks the type of the file that -type does not check.
but not 'f.*r3'. The regular expressions understood by find are by default Emacs Regular -context pattern
Expressions, but this can be changed with the -regextype option. (SELinux only) Security context of the file matches glob pattern.
-samefile name ACTIONS
File refers to the same inode as name. When -L is in effect, this can include symbolic links. Use operators to separate multiple actions. If the operator is omitted, -and is assumed.
-size n[cwbkMG] File uses n units of space. The following suffixes can be used: The default action is to -print all files for which the expression is true.
'b' for 512-byte blocks (this is the default if no suffix is used) -delete
'c' for bytes Delete files; true if removal succeeded. If the removal failed, an error message is issued. Use of
'w' for two-byte words this action automatically turns on the '-depth' option.
'k' for Kilobytes (units of 1024 bytes) -exec command ;
'M' for Megabytes (units of 1048576 bytes) Execute command; true if 0 status is returned. All following arguments to find are taken to be
'G' for Gigabytes (units of 1073741824 bytes) arguments to the command until an argument consisting of ';' is encountered. The string '{}' is
The size does not count indirect blocks, but it does count blocks in sparse files that are not replaced by the current file name being processed everywhere it occurs in the arguments to the
actually allocated. Bear in mind that the '%k' and '%b' format specifiers of -printf handle sparse command, not just in arguments where it is alone, as in some versions of find. Both of these
files differently. The 'b' suffix always denotes 512-byte blocks and never 1 Kilobyte blocks, constructions might need to be escaped (with a '\') or quoted to protect them from expansion by
which is different to the behaviour of -ls. the shell. See the EXAMPLES section for examples of the use of the '-exec' option. The specified
-true Always true. command is run once for each matched file. The command is executed in the starting directory.
-type c File is of type c:

Bash programming for linux | 41

There are unavoidable security problems surrounding use of the -exec option; you should use the True; print the full file name on the standard output, followed by a newline. If you are piping the
-execdir option instead. output of find into another program and there is the faintest possibility that the files which you are
-exec command {} + searching for might contain a newline, then you should seriously consider using the '-print0'
This variant of the -exec option runs the specified command on the selected files, but the option instead of '-print'. See the UNUSUAL FILENAMES section for information about how
command line is built by appending each selected file name at the end; the total number of unusual characters in filenames are handled.
invocations of the command will be much less than the number of matched files. The command -okdir command ;
line is built in much the same way that xargs builds its command lines. Only one instance of '{}' Like -execdir but ask the user first (on the standard input); if the response does not start with 'y' or
is allowed within the command. The command is executed in the starting directory. 'Y', do not run the command, and return false. If the command is run, its standard input is
-execdir command ; redirected from /dev/null.
-execdir command {} + -print0
Like -exec, but the specified command is run from the subdirectory containing the matched file, True; print the full file name on the standard output, followed by a null character (instead of the
which is not normally the directory in which you started find. This a much more secure method newline character that '-print' uses). This allows file names that contain newlines or other types of
for invoking commands, as it avoids race conditions during resolution of the paths to the matched white space to be correctly interpreted by programs that process the find output. This option
files. As with the -exec option, the '+' form of -execdir will build a command line to process more corresponds to the '-0' option of xargs.
than one matched file, but any given invocation of command will only list files that exist in the -printf format
same subdirectory. If you use this option, you must ensure that your $PATH environment True; print format on the standard output, interpreting '\' escapes and '%' directives. Field widths
variable does not reference the current directory; otherwise, an attacker can run any commands and precisions can be specified as with the 'printf' C function. Please note that many of the fields
they like by leaving an appropriately-named file in a directory in which you will run -execdir. are printed as %s rather than %d, and this may mean that flags don't work as you might expect.
-fls file This also means that the '-' flag does work (it forces fields to be left-aligned). Unlike -print, -printf
True; like -ls but write to file like -fprint. The output file is always created, even if the predicate is does not add a newline at the end of the string.
never matched. See the UNUSUAL FILENAMES section for information about how unusual The escapes and directives are:
characters in filenames are handled. \a Alarm bell.
-fprint file \b Backspace.
True; print the full file name into file file. If file does not exist when find is run, it is created; if it \c Stop printing from this format immediately and flush the output.
does exist, it is truncated. The file names ''/dev/stdout'' and ''/dev/stderr'' are handled specially; \f Form feed.
they refer to the standard output and standard error output, respectively. The output file is always \n Newline.
created, even if the predicate is never matched. See the UNUSUAL FILENAMES section for \r Carriage return.
information about how unusual characters in filenames are handled. \t Horizontal tab.
-fprint0 file \v Vertical tab.
True; like -print0 but write to file like -fprint. The output file is always created, even if the \ ASCII NUL.
predicate is never matched. See the UNUSUAL FILENAMES section for information about how \\ A literal backslash ('\').
unusual characters in filenames are handled. \NNN The character whose ASCII code is NNN (octal).
-fprintf file format A '\' character followed by any other character is treated as an ordinary character, so they both are
True; like -printf but write to file like -fprint. The output file is always created, even if the printed.
predicate is never matched. See the UNUSUAL FILENAMES section for information about how %% A literal percent sign.
unusual characters in filenames are handled. %a File's last access time in the format returned by the C 'ctime' function.
-ok command ; %Ak File's last access time in the format specified by k, which is either '@' or a directive for the
Like -exec but ask the user first (on the standard input); if the response does not start with 'y' or C 'strftime' function.
'Y', do not run the command, and return false. If the command is run, its standard input is The possible values for k are listed below; some of them might not be available on all systems,
redirected from /dev/null. due to differences in 'strftime' between systems.
-print Time fields:
@ seconds since Jan. 1, 1970, 00:00 GMT.

Bash programming for linux | 42

H hour (00..23) %h Leading directories of file's name (all but the last element). If the file name contains no
I hour (01..12) slashes (since it is in the current directory) the %h specifier expands to ".".
k hour ( 0..23) %H Command line argument under which file was found.
l hour ( 1..12) %i File's inode number (in decimal).
M minute (00..59) %k The amount of disk space used for this file in 1K blocks. Since disk space is allocated in
p locale's AM or PM multiples of the filesystem block size this is usually greater than %s/1024, but it can also be
r time, 12-hour (hh:mm:ss [AP]M) smaller if the file is a sparse file.
S second (00..61) %l Object of symbolic link (empty string if file is not a symbolic link).
T time, 24-hour (hh:mm:ss) %m File's permission bits (in octal). This option uses the 'traditional' numbers which most Unix
+ Date and time, separated by '+', for example '2004-04-28+22:22:05'. The time is given in the implementations use, but if your particular implementation uses an unusual ordering of octal
current timezone (which may be affected by setting the TZ environment variable). This is a GNU permissions bits, you will see a difference between the actual value of the file's mode and the
extension. output of %m. Normally you will want to have a leading zero on this number, and to do this, you
X locale's time representation (H:M:S) should use the # flag (as in, for example, '%#m').
Z time zone (e.g., EDT), or nothing if no time zone is determinable %M File's permissions (in symbolic form, as for ls). This directive is supported in findutils 4.2.5
Date fields: and later.
a locale's abbreviated weekday name (Sun..Sat) %n Number of hard links to file.
A locale's full weekday name, variable length (Sunday..Saturday) %p File's name.
b locale's abbreviated month name (Jan..Dec) %P File's name with the name of the command line argument under which it was found removed.
B locale's full month name, variable length (January..December) %s File's size in bytes.
c locale's date and time (Sat Nov 04 12:02:33 EST 1989) %t File's last modification time in the format returned by the C 'ctime' function.
d day of month (01..31) %Tk File's last modification time in the format specified by k, which is the same as for %A.
D date (mm/dd/yy) %u File's user name, or numeric user ID if the user has no name.
h same as b %U File's numeric user ID.
j day of year (001..366) %y File's type (like in ls -l), U=unknown type (shouldn't happen)
m month (01..12) %Y File's type (like %y), plus follow symlinks: L=loop, N=nonexistent
U week number of year with Sunday as first day of week (00..53) %Z (SELinux only) file's security context.
w day of week (0..6) A '%' character followed by any other character is discarded (but the other character is printed).
W week number of year with Monday as first day of week (00..53) The %m and %d directives support the # , 0 and + flags, but the other directives do not, even if
x locale's date representation (mm/dd/yy) they print numbers. Numeric directives that do not support these flags include G, U, b, D, k and n.
y last two digits of year (00..99) The '-' format flag is supported and changes the alignment of a field from right-justified (which is
Y year (1970...) the default) to left-justified.
%b The amount of disk space used for this file in 512-byte blocks. Since disk space is allocated in See the UNUSUAL FILENAMES section for information about how unusual characters in
multiples of the filesystem block size this is usually greater than %s/1024, but it can also be filenames are handled.
smaller if the file is a sparse file. -prune If -depth is not given, true; if the file is a directory, do not descend into it. If -depth is
%c File's last status change time in the format returned by the C 'ctime' function. given, false; no effect.
%Ck File's last status change time in the format specified by k, which is the same as for %A. -quit Exit immediately. No child processes will be left running, but no more paths specified on
%d File's depth in the directory tree; 0 means the file is a command line argument. the command line will be processed. For example, find /tmp/foo /tmp/bar -print -quit will print
%D The device number on which the file exists (the st_dev field of struct stat), in decimal. only /tmp/foo. Any command lines which have been built up with -execdir ... {} + will be
%f File's name with any leading directories removed (only the last element). invoked before find exits. The exit status may or may not be zero, depending on whether an error
%F Type of the filesystem the file is on; this value can be used for -fstype. has already occurred.
%g File's group name, or numeric group ID if the group has no name. -ls True; list current file in 'ls -dils' format on standard output. The block counts are of 1K blocks,
%G File's numeric group ID. unless the environment variable POSIXLY_CORRECT is set, in which case 512-byte blocks are

Bash programming for linux | 43

used. See the UNUSUAL FILENAMES section for information about how unusual characters in expr1 , expr2 List; both expr1 and expr2 are always evaluated. The value of expr1 is discarded;
filenames are handled. the value of the list is the value of expr2.
UNUSUAL FILENAMES The comma operator can be useful for searching for several different types of thing, but
Many of the actions of find result in the printing of data which is under the control of other users. traversing the filesystem hierarchy only once. The -fprintf action can be used to list the various
This includes file names, sizes, modification times and so forth. File names are a potential matched items into several different output files.
problem since they can contain any character except '\0' and '/'. Standards Conformance
Unusual characters in file names can do unexpected and often undesirable things to your terminal The following options are specified in the POSIX standard (IEEE Std 1003.1, 2003 Edition):
(for example, changing the settings of your function keys on some terminals). Unusual characters -H This option is supported.
are handled differently by various actions, as described below. -L This option is supported.
-print0, -fprint0 -name This option is supported, but POSIX conformance depends on the POSIX conformance of
Always print the exact filename, unchanged, even if the output is going to a terminal. the system's fnmatch(3) library function. As of findutils-4.2.2, shell metacharacters ('*'. '?' or '[]'
-ls, -fls for example) will match a leading '.', because IEEE PASC interpretation 126 requires this. This is
Unusual characters are always escaped. White space, backslash, and double quote characters are a change from previous versions of findutils.
printed using C-style escaping (for example '\f', '\"'). Other unusual characters are printed using an -type Supported. POSIX specifies 'b', 'c', 'd', 'l', 'p', 'f' and 's'. GNU find also supports 'D',
octal escape. Other printable characters (for -ls and -fls these are the characters between octal 041 representing a Door, where the OS provides these.
and 0176) are printed as-is. -ok Supported. Interpretation of the response is not locale-dependent (see ENVIRONMENT
-printf, -fprintf VARIABLES).
If the output is not going to a terminal, it is printed as-is. Otherwise, the result depends on which -newer Supported. If the file specified is a symbolic link, it is always dereferenced. This is a
directive is in use. The directives %D, %F, %g, %G, %H, %Y, and %y expand to values which change from previous behaviour, which used to take the relevant time from the symbolic link; see
are not under control of files' owners, and so are printed as-is. The directives %a, %b, %c, %d, the HISTORY section below.
%i, %k, %m, %M, %n, %s, %t, %u and %U have values which are under the control of files' Other predicates - the predicates '-atime', '-ctime', '-depth', '-group', '-links', '-mtime', '-nogroup', '-
owners but which cannot be used to send arbitrary data to the terminal, and so these are printed nouser', '-perm', '-print', '-prune', '-size', '-user' and '-xdev', are all supported. The POSIX standard
as-is. The directives %f, %h, %l, %p and %P are quoted. This quoting is performed in the same specifies parentheses '(', ')', negation '!' and the 'and' and 'or' operators ('-a', '-o').
way as for GNU ls. This is not the same quoting mechanism as the one used for -ls and -fls. If you All other options, predicates, expressions and so forth are extensions beyond the POSIX standard.
are able to decide what format to use for the output of find then it is normally better to use '\0' as a Many of these extensions are not unique to GNU find, however.
terminator than to use newline, as file names can contain white space and newline characters. The POSIX standard requires that the find utility shall detect infinite loops; that is, entering a
-print, -fprint previously visited directory that is an ancestor of the last file encountered. When it detects an
Quoting is handled in the same way as for -printf and -fprintf. If you are using find in a script or infinite loop, find shall write a diagnostic message to standard error and shall either recover its
in a situation where the matched files might have arbitrary names, you should consider using - position in the hierarchy or terminate.
print0 instead of -print. The link count of directories which contain entries which are hard links to an ancestor will often
The -ok and -okdir actions print the current filename as-is. This may change in a future release. be lower than they otherwise should be. This can mean that GNU find will sometimes optimise
OPERATORS away the visiting of a subdirectory which is actually a link to an ancestor. Since find does not
Listed in order of decreasing precedence: actually enter such a subdirectory, it is allowed to avoid emitting a diagnostic message. Although
( expr ) Force precedence. this behaviour may be somewhat confusing, it is unlikely that anybody actually depends on this
! expr True if expr is false. behaviour. If the leaf optimisation has been turned off with -noleaf, the directory entry will
-not expr Same as ! expr, but not POSIX compliant. always be examined and the diagnostic message will be issued where it is appropriate. Symbolic
expr1 expr2 Two expressions in a row are taken to be joined with an implied "and"; expr2 is not links cannot be used to create filesystem cycles as such, but if the -L option or the -follow option
evaluated if expr1 is false. is in use, a diagnostic message is issued when find encounters a loop of symbolic links. As with
expr1 -a expr2 Same as expr1 expr2. loops containing hard links, the leaf optimisation will often mean that find knows that it doesn't
expr1 -and expr2 Same as expr1 expr2, but not POSIX compliant. need to call stat() or chdir() on the symbolic link, so this diagnostic is frequently not necessary.
expr1 -o expr2 Or; expr2 is not evaluated if expr1 is true. The -d option is supported for compatibility with various BSD systems, but you should use the
expr1 -or expr2 Same as expr1 -o expr2, but not POSIX compliant. POSIX-compliant option -depth instead.

Bash programming for linux | 44

The POSIXLY_CORRECT environment variable does not affect the behaviour of the -regex or - List all the file links:
iregex tests because those tests aren't specified in the POSIX standard. $ find . -type l
Environment Variables List all files (and subdirectories) in your home directory:
LANG Provides a default value for the internationalization variables that are unset or null. $ find $HOME
LC_ALL If set to a non-empty string value, override the values of all the other Find files that are over a gigabyte in size:
internationalization variables. $ find ~/Movies -size +1024M
LC_COLLATE The POSIX standard specifies that this variable affects the pattern matching to be Find files that are over 1 GB but less than 20 GB in size:
used for the '-name' option. GNU find uses the fnmatch(3) library function, and so support for $ find ~/Movies -size +1024M -size -20480M -print0
'LC_COLLATE' depends on the system library. Find files have been modified within the last day:
POSIX also specifies that the 'LC_COLLATE' environment variable affects the interpretation of $ find ~/Movies -mtime -1
the user's response to the query issued by '-ok', but this is not the case for GNU find. Find files have been modified within the last 30 minutes:
LC_CTYPE This variable affects the treatment of character classes used with the '-name' test, if $ find ~/Movies -mmin -30
the system's fnmatch(3) library function supports this. It has no effect on the behaviour of the '-ok' Find .doc files that also start with 'questionnaire' (AND)
expression. $ find . -name '*.doc' -name questionnaire*
LC_MESSAGES Determines the locale to be used for internationalised messages. List all files beginning with 'memo' and owned by Maude (AND)
NLSPATH Determines the location of the internationalisation message catalogues. $ find . -name 'memo*' -user Maude
PATH Affects the directories which are searched to find the executables invoked by '-exec', '- Find .doc files that do NOT start with 'Accounts' (NOT)
execdir', '-ok' and '-okdir'. $ find . -name '*.doc' ! -name Accounts*
POSIXLY_CORRECT Determines the block size used by '-ls' and '-fls'. If Find files named 'secrets' in or below the directory /tmp and delete them. Note that this will work
'POSIXLY_CORRECT' is set, blocks are units of 512 bytes. Otherwise they are units of 1024 incorrectly if there are any filenames containing newlines, single or double quotes, or spaces:
bytes. $ find /tmp -name secrets -type f -print | xargs /bin/rm -f
TZ Affects the time zone used for some of the time-related format directives of -printf and - Find files named 'secrets' in or below the directory /tmp and delete them, processing filenames in
fprintf. such a way that file or directory names containing single or double quotes, spaces or newlines are
Examples correctly handled. The -name test comes before the -type test in order to avoid having to call
List filenames ending in .mp3, searching in the current folder and all subfolders: stat(2) on every file.
$ find . -name "*.mp3" $ find /tmp -name secrets -type f -print0 | xargs -0 /bin/rm -f
List filenames matching the name Alice or ALICE (case insensitive), search in the current folder Run 'myapp' on every file in or below the current directory. Notice that the braces are enclosed in
(.) and all subfolders: single quote marks to protect them from interpretation as shell script punctuation. The semicolon
$ find . -iname "alice" -print0 is similarly protected by the use of a backslash, though ';' could have been used in that case also.
List filenames matching the name Alice or ALICE (case insensitive), search in the current folder find . -type f -exec myapp '{}' \;
(.) only: Traverse the filesystem just once, listing setuid files and directories into /root/suid.txt and large
$ find . -maxdepth 1 -iname "alice" -print0 files into /root/big.txt.
List filenames ending in .mp3, searching in the music folder and subfolders: find / \( -perm -4000 -fprintf /root/suid.txt '%#m %u %p\n' \) , \
$ find ./music -name "*.mp3" \( -size +100M -fprintf /root/big.txt '%-10s %p\n' \)
List files with the exact name: Sales_document.doc in ./work and subfolders: Search for files in your home directory which have been modified in the last twenty-four hours.
$ find ./work -name Sales_document.doc This command works this way because the time since each file was last modified is divided by 24
List all files that belong to the user Maude: hours and any remainder is discarded. That means that to match -mtime 0, a file will have to have
$ find . -user Maude -print0 a modification in the past which is less than 24 hours ago.
List all the directory and sub-directory names: find $HOME -mtime 0
$ find . -type d Search for files which have read and write permission for their owner, and group, but which other
List all files in those sub-directories (but not the directory names) users can read but not write to (664). Files which meet these criteria but have other permissions
$ find . -type f bits set (for example if someone can execute the file) will not be matched.

Bash programming for linux | 45

find . -perm 664 This happens because *.c has been expanded by the shell resulting in find actually receiving a
Search for files which have read and write permission for their owner and group, and which other command line like this:
users can read, without regard to the presence of any extra permission bits (for example the find . -name bigram.c code.c frcode.c locate.c -print
executable bit). This will match a file which has mode 0777, for example. That command is of course not going to work. Instead of doing things this way, you should
find . -perm -664 enclose the pattern in quotes:
Search for files which are writable by somebody (their owner, or their group, or anybody else). $ find . -name ´*.c´ -print
find . -perm /222 Bugs
All three of these commands do the same thing, but the first one uses the octal representation of The test -perm /000 currently matches no files, but for greater consistency with -perm -000, this
the file mode, and the other two use the symbolic form. These commands all search for files will be changed to match all files; this change will probably be made in early 2006. Meanwhile, a
which are writable by either their owner or their group. The files don't have to be writable by both warning message is given if you do this.
the owner and group to be matched; either will do. There are security problems inherent in the behaviour that the POSIX standard specifies for find,
find . -perm /220 which therefore cannot be fixed. For example, the -exec action is inherently insecure, and -
find . -perm /u+w,g+w execdir should be used instead. Please see Finding Files for more information.
find . -perm /u=w,g=w The best way to report a bug is to use the form at
Both these commands do the same thing; search for files which are writable by both their owner The reason for this is that you will then be able to track progress in fixing the problem. Other
and their group. comments about find(1) and about the findutils package in general can be sent to the bug-findutils
find . -perm -220 mailing list. To join the list, send email to
find . -perm -g+w,u+w This page documents the GNU version of find. If you are using find in an environment where
These two commands both search for files that are readable for everybody (-perm -444 or -perm - security is important (for example if you are using it to seach directories that are writable by other
a+r), have at least on write bit set (-perm /222 or -perm /a+w) but are not executable for anybody users), you should read the "Security Considerations" chapter of the findutils documentation,
(! -perm /111 and ! -perm /a+x respectively) which is called Finding Files and comes with findutils.
find . -perm -444 -perm /222 ! -perm /111 `dump partition table to file' is missing.
find . -perm -a+r -perm /a+w ! -perm /a+x
Performance fsck
If you need to run an action against a large quantity of files, an alternative and often much faster Filesystem consistency check and interactive repair. Journaling file systems avoid the need to run
method is to execute the command by simply piping find into xargs rather than specifying a find fsck.
action against each file. Syntax
fsck [options] [filesystem] ...

xargs, will bundle up the files and (almost always) run them through a single instance of the Options
called program -- Pass all subsequent options to filesystem-specific checker.
find -exec, will run a separate instance of the called program for each file. All options that fsck doesn't recognize will also be passed.
Exit Status -r Interactive mode; prompt before making any repairs.
find exits with status 0 if all files are processed successfully, greater than 0 if errors occur. This is
deliberately a very broad description, but if the return value is non-zero, you should not rely on -s Serial mode.
the correctness of the results of find.
-t fstype
As of findutils-4.2.2, shell metacharacters ('*'. '?' or '[]' for example) used in filename patterns Specify the filesystem type. Do not check filesystems of any other type.
will match a leading '.', because IEEE POSIX interpretation 126 requires this.
Non-bugs -A Check all filesystems listed in /etc/fstab.
$ find . -name *.c -print -N Suppress normal execution; just display what would be done.
find: paths must precede expression
Usage: find [-H] [-L] [-P] [path...] [expression] -R Meaningful only with -A: check all filesystems listed in /etc/fstab
except the root filesystem.

Bash programming for linux | 46

-T Suppress printing of title. -n space Select a different name space.
The name spaces file (file names, the default), udp (local UDP
-V Verbose mode. ports),
and tcp (local TCP ports) are supported. For ports, either the port
EXIT CODES number or
the symbolic name can be specified.
1 Errors were found and corrected. If there is no ambiguity, the shortcut notation name/Ispace (e.g.
2 Reboot suggested. 80/tcp ) can be used.
4 Errors were found but not corrected.
8 fsck encountered an operational error. -s Silent operation. -u and -v are ignored in this mode.
16 fsck was called incorrectly. -a must not be used with -s.
128 A shared library error was detected.
The return status is the exit status of the last command executed in consequent-commands, or zero -signal Use the specified signal instead of SIGKILL when killing processes.
Signals can be specified either by name (e.g. -HUP) or by number
if none were executed. (e.g. -1).
This option is silently ignored if the -k (kill)option is not used.
Identify processes using files or sockets, optionally: Kill the process that is accessing the file. -u Append the user name of the process owner to each PID.
fuser [-a|-s|-c] [-4|-6] [-n space ] [-k [-i] [-signal ] ] [-muvf] name -v Verbose mode. Processes are shown in a ps-like style.
The fields PID, USER and COMMAND are similar to ps.
fuser -l ACCESS shows how the process accesses the file. If the access is by the
fuser -V (e.g. in the case of a mount point, a swap file, etc.), kernel is shown
instead of the PID.
-V Display version information.
-a Show all files specified on the command line.
By default, only files that are accessed by at least one process are -4 Search only for IPv4 sockets.
shown. This option must not be used with the -6 option and only has an effect
with the tcp and udp namespaces.
-c Same as -m option, used for POSIX compatibility.
-6 Search only for IPv6 sockets.
-f Silently ignored, used for POSIX compatibility. This option must not be used with the -4 option and only has an effect
with the tcp and udp namespaces.
-k Kill processes accessing the file.
Unless changed with -signal, SIGKILL is sent. - Reset all options and set the signal back to SIGKILL.
An fuser process never kills itself, but may kill other fuser processes. fuser returns a non-zero return code if none of the specified files is accessed or in case of a fatal
The effective user ID of the process executing fuser is set to its real error. If at least one access has been found, fuser returns zero.
user ID before attempting to kill. In order to look up processes using TCP and UDP sockets, the corresponding name space has to
-i Ask the user for confirmation before killing a process. be selected with the -n option. By default fuser will look in both IPv6 and IPv4 sockets. To
This option is silently ignored if -k (kill) is not present too. change the default, behavior, use the -4 and -6 options. The socket(s) can be specified by the local
and remote port, and the remote address. All fields are optional, but commas in front of missing
-l List all known signal names.
fields must be present:
-m name Specifies a file on a mounted file system or a block device that is [lcl_port][,[rmt_host][,[rmt_port]]]
mounted. Either symbolic or numeric values can be used for IP addresses and port numbers.
All processes accessing files on that file system are listed. fuser outputs only the PIDs to stdout, everything else is sent to stderr.
If a directory file is specified, it is automatically changed to
name/. fuser displays the PIDs of processes using the specified files or file systems. In the default display
to use any file system that might be mounted on that directory. mode, each file name is followed by a letter denoting the type of access:
c current directory.
e executable being run.

Bash programming for linux | 47

f open file. f is omitted in default display mode. The colon (`:') and question mark (`?') may not be used as option
F open file for writing. F is omitted in default display mode. characters.
r root directory. Each time it is invoked, getopts places the next option in the shell variable name, initializing
m mmap'ed file or shared library.
name if it does not exist, and the index of the next argument to be processed into the variable
Examples OPTIND. OPTIND is initialized to 1 each time the shell or a shell script is invoked.
fuser -km /home kill all processes accessing the file system /home in any way. When an option requires an argument, getopts places that argument into the variable OPTARG.
if fuser -s /dev/ttyS1; then :; else something; fi invoke something if no other process is using The shell does not reset OPTIND automatically; it must be manually reset between multiple calls
/dev/ttyS1. to getopts within the same shell invocation if a new set of parameters is to be used.
fuser telnet/tcp shows all processes at the (local) TELNET port. When the end of options is encountered, getopts exits with a return value greater than zero.
Restrictions OPTIND is set to the index of the first non-option argument, and name is set to `?'. getopts
Processes accessing the same file or file system several times in the same way are only shown normally parses the positional parameters, but if more arguments are given in args, getopts parses
once. those instead.
If the same object is specified several times on the command line, some of those entries may be getopts can report errors in two ways. If the first character of optstring is a colon, silent error
ignored. reporting is used. In normal operation diagnostic messages are printed when invalid options or
fuser may only be able to gather partial information unless run with privileges. As a consequence, missing option arguments are encountered.
files opened by processes belonging to other users may not be listed and executables may be
classified as mapped only. If the variable OPTERR is set to 0, no error messages will be displayed, even if the first character
Installing fuser SUID root will avoid problems associated with partial information, but may be of optstring is not a colon.
undesirable for security and privacy reasons. If an invalid option is seen, getopts places `?' into name and, if not silent, prints an error message
udp and tcp name spaces, and UNIX domain sockets can't be searched with kernels older than and unsets OPTARG.
1.3.78. If getopts is silent, the option character found is placed in OPTARG and no diagnostic message is
udp and tcp currently work with IPv6 and IPv4, but the address fields can only be IPv4 addresses. printed. If a required argument is not found, and getopts is not silent, a question mark (`?') is
Accesses by the kernel are only shown with the -v option. placed in name, OPTARG is unset, and a diagnostic message is printed.
The -k option only works on processes. If the user is the kernel, fuser will print an advice, but If getopts is silent, then a colon (`:') is placed in name and OPTARG is set to the option character
take no action beyond that. found.
location of the proc file system
Search file(s) for specific text.
Bugs Syntax
fuser -m /dev/sgX will show (or kill with the -k flag) all processes, even if you don't have that grep [options] PATTERN [FILE...]
device configured. There may be other devices it does this for too.
grep [options] [-e PATTERN | -f FILE] [FILE...]
fuser cannot report on any processes that it doesn't have permission to look at the file descriptor
table for. The most common time this problem occurs is when looking for TCP or UDP sockets A simple example:
when running fuser as a non-root user. In this case fuser will report no access. $ grep "Needle in a Haystack" /etc/*

getopts Options
getopts is used by shell scripts to parse positional parameters. --after-context=NUM
Syntax Print NUM lines of trailing context after matching lines.
getopts optstring name [args] Places a line containing -- between contiguous groups of matches.
Options --text
optstring : The option characters to be recognized Process a binary file as if it were text; this is equivalent
to the --binary-files=text option.
If a character is followed by a colon, the option is expected to
have an argument, which should be separated from it by white space. -B NUM

Bash programming for linux | 48

Print NUM lines of leading context before matching lines. -E
Places a line containing -- between contiguous groups of matches. --extended-regexp
Interpret PATTERN as an extended regular expression.
--context=NUM --regexp=PATTERN
Print NUM lines of output context. Use PATTERN as the pattern; useful to protect patterns beginning with -.
Places a line containing -- between contiguous groups of matches.
-b -F
--byte-offset --fixed-strings
Print the byte offset within the input file before each line of output. Interpret PATTERN as a list of fixed strings, separated by newlines,
--binary-files=TYPE any of which is to be matched.
If the first few bytes of a file indicate that the file contains binary
data, assume -P
that the file is of type TYPE. By default, TYPE is binary, and grep --perl-regexp
normally outputs Interpret PATTERN as a Perl regular expression.
either a one-line message saying that a binary file matches, or no message
if there -f FILE
is no match. If TYPE is without-match, grep assumes that a binary file --file=FILE
does not match; Obtain patterns from FILE, one per line. The empty file contains zero
this is equivalent to the -I option. If TYPE is text, grep processes a patterns, and therefore matches nothing.
binary file as
if it were text; this is equivalent to the -a option. -G
Warning: grep --binary-files=text might output binary garbage, which can --basic-regexp
have nasty Interpret PATTERN as a basic regular expression This is the default.
side effects if the output is a terminal and if the terminal driver
interprets some -H
of it as commands. --with-filename
--colour[=WHEN] Print the filename for each match.
--color[=WHEN] -h
Surround the matching string with the marker find in GREP_COLOR --no-filename
environment variable. Suppress the prefixing of filenames on output when multiple files are
WHEN may be 'never', 'always', or 'auto' searched.
-c --help
--count Output a brief help message.
Suppress normal output; instead print a count of matching lines for each
input file. -I
With the -v, --invert-match option (see below), count non-matching lines. Process a binary file as if it did not contain matching data; this is
equivalent to the --binary-files=without-match option.
--devices=ACTION --ignore-case
If an input file is a device, FIFO or socket, use ACTION to process it. Ignore case distinctions in both the PATTERN and the input files.
By default, ACTION is read, which means that devices are read just as if
they were -L
ordinary files. If ACTION is skip, devices are silently skipped. --files-without-match
-d ACTION Suppress normal output; instead print the name of each input file from
--directories=ACTION which
If an input file is a directory, use ACTION to process it. no output would normally have been printed. The scanning will stop on the
By default, ACTION is read, which means that directories are read just as first match.
if they -l
were ordinary files. If ACTION is skip, directories are silently skipped. --files-with-matches
If ACTION is recurse, grep reads all files under each directory, Suppress normal output; instead print the name of each input file from
recursively; this which
is equivalent to the -r option.

Bash programming for linux | 49

output would normally have been printed. The scanning will stop on the Read all files under each directory, recursively; this is equivalent to
first match. the -d recurse option.
-m NUM Recurse in directories only searching file matching PATTERN.
--max-count=NUM --exclude=PATTERN
Stop reading a file after NUM matching lines. Recurse in directories skip file matching PATTERN.
If the input is standard input from a regular file, and NUM matching lines
are -s
output, grep ensures that the standard input is positioned to just after --no-messages
the last Suppress error messages about nonexistent or unreadable files.
matching line before exiting, regardless of the presence of trailing Portability note: unlike GNU grep, traditional grep did not conform to
context lines. POSIX.2 ,
This enables a calling process to resume a search. When grep stops after because traditional grep lacked a -q option and its -s option behaved like
NUM matching GNU grep's -q option. Shell scripts intended to be portable to traditional
lines, it outputs any trailing context lines. grep
When the -c or --count option is also used, grep does not output a count should avoid both -q and -s and should redirect output to /dev/null
greater instead.
than NUM. When the -v or --invert-match option is also used, grep stops
after -U, --binary
outputting NUM non-matching lines. Treat the file(s) as binary.
--mmap By default, under MS-DOS and MS-Windows, grep guesses the file type by
If possible, use the mmap(2) system call to read input, instead of the looking at
default the contents of the first 32KB read from the file. If grep decides the
read(2) system call. In some situations, --mmap yields better performance. file is a
However, --mmap can cause undefined behavior (including core dumps) if an text file, it strips the CR characters from the original file contents
input (to make regular expressions with ^ and $ work correctly).
file shrinks while grep is operating, or if an I/O error occurs. Specifying -U overrules this guesswork, causing all files to be read and
-n to the matching mechanism verbatim; if the file is a text file with CR/LF
--line-number pairs
Prefix each line of output with the line number within its input file. at the end of each line, this will cause some regular expressions to fail.
This option has no effect on platforms other than MS-DOS and MS-Windows.
--only-matching -u
Show only the part of a matching line that matches PATTERN. --unix-byte-offsets
Report Unix-style byte offsets.
--label=LABEL This switch causes grep to report byte offsets as if the file were a Unix-
Display input actually coming from standard input as input coming from style text
file LABEL. file, i.e. with CR characters stripped off. This will produce results
This is especially useful for tools like zgrep, e.g. gzip -cd foo.gz |grep identical to
--label=foo something running grep on a Unix machine.
--line-buffered This option has no effect unless -b option is also used; it has no effect
Use line buffering, it can be a performance penality. on
platforms other than MS-DOS and MS-Windows.
--quiet, --silent -V
Quiet; do not write anything to standard output. --version
Exit immediately with zero status if any match is found, even if an error Print the version number of grep to standard error.
was detected. Also see the -s or --no-messages option. This version number should be included in all bug reports (see below).
-R --invert-match
-r Invert the sense of matching, to select non-matching lines.
--recursive -w

Bash programming for linux | 50

Select only those lines containing matches that form whole words. Diagnostics
The test is that the matching substring must either be at the beginning of
the line, or preceded by a non-word constituent character. Similarly, it
must be either at the end of the line or followed by a non-word Normally, exit status is 0 if matches were found, and 1 if no matches were found (the `-v' option
constituent inverts the sense of the exit status).
character. Word-constituent characters are letters, digits, and the Exit status is 2 if there were syntax errors in the pattern, inaccessible input files, or other system
-x Examples
--line-regexp Search the file example.txt, including binary data (-a) for the string 'hunting the snark':
Select only those matches that exactly match the whole line. $ sudo grep -a 'hunting the snark' example.txt
Obsolete synonym for -i. Search the whole partition (/sda1), including binary data(-a) for the string 'hunting the snark'
-Z return all the lines starting 25 Before the text found and 50 lines After the matching text found,
--null this can be a way to discover fragments of deleted files but is very slow:
Output a zero byte (the ASCII NUL character) instead of the character that
normally follows a file name. For example, grep -lZ outputs a zero byte
$ grep -a -B 25 -A 50 'hunting the snark' /dev/sda1 > results.txt
each file name instead of the usual newline. gzip
This option makes the output unambiguous, even in the presence of file Compress or decompress named file(s)
names SYNTAX
containing unusual characters like newlines. gzip options ...
This option can be used with commands like find -print0, perl -0, sort -z,
xargs -0 to process arbitrary file names, even those that contain newline
characters. --stdout
Environment variables -c
Write output on standard output; keep original files unchanged.
Grep's behavior can be affected by setting the following environment variables If there are several input files, the output consists of a
sequence of independently compressed members. To obtain better
GREP_OPTIONS - default options compression, concatenate all input files before compressing them.
GREP_COLOR - The marker for highlighting
LC_ALL, LC_COLLATE, LANG --decompress
These variables specify the LC_COLLATE locale, which determines the collating --uncompress
sequence used to interpret range expressions like [a-z]. -d
LC_ALL, LC_CTYPE, LANG Decompress.
These variables specify the LC_CTYPE locale, which determines the type of
characters, e.g., which characters are whitespace. --force
These variables specify the LC_MESSAGES locale, which determines the Force compression or decompression even if the file has multiple
language that grep uses for messages. The default C locale uses American links or the corresponding file already exists, or if the
English messages. compressed data is read from or written to a terminal. If the
POSIXLY_CORRECT input data is not in a format recognized by `gzip', and if the
If set, grep behaves as POSIX.2 requires; otherwise, grep behaves more like option --stdout is also given, copy the input data without change
other GNU programs. to the standard ouput: let `zcat' behave as `cat'. If `-f' is not
_N_GNU_nonoption_argv_flags_ given, and when not running in the background, `gzip' prompts to
If the ith character of this environment variable's value is 1, do not verify whether an existing file should be overwritten.
the ith operand of grep to be an option, ( N is grep's numeric process ID) --help
see `info' for more on these Print a help message describing the options, then quit.
Grep stands for: Global Regular Expression Print.

Bash programming for linux | 51

-l Previous versions of gzip used the `.z' suffix. This was changed
For each compressed file, list the following fields: to avoid a conflict with `pack'.

compressed size: size of the compressed file --test

uncompressed size: size of the uncompressed file -t
ratio: compression ratio (0.0% if unknown) Test. Check the compressed file integrity.
uncompressed_name: name of the uncompressed file
The uncompressed size is given as `-1' for files not -v
in `gzip' format. Verbose. Display the name and percentage reduction for each file
-L --version
Display the `gzip' license then quit. -V
Version. Display the version number and compilation options, then
--no-name quit.
When compressing, do not save the original file name and time --fast
stamp by default. (The original name is always saved if the name --best
had to be truncated.) When decompressing, do not restore the -N
original file name if present (remove only the `gzip' suffix from Regulate the speed of compression using the specified digit N,
the compressed file name) and do not restore the original time where `-1' or `--fast' indicates the fastest compression method
stamp if present (copy it from the compressed file). This option (less compression) and `--best' or `-9' indicates the slowest
is the default when decompressing. compression method (optimal compression). The default
compression level is `-6' (that is, biased towards high
--name compression at expense of speed).
-N `gunzip' can currently decompress files created by `gzip', `zip', `compress' or `pack'. The detection
When compressing, always save the original file name and time
stamp; this is the default. When decompressing, restore the
of the input format is automatic.
original file name and time stamp if present. This option is
useful on systems which have a limit on file name length or when `gzip' is designed as a complement to `tar', not as a replacement.
the time stamp has been lost after a file transfer.

-q Remember the full pathnames of commands specified as name arguments, so they need not be
Suppress all warning messages. searched for on subsequent invocations.
--recursive hash [-r] [-p filename] [name]
Travel the directory structure recursively. If any of the file OPTIONS
names specified on the command line are directories, `gzip' will -r Reset (causes the shell to forget all remembered locations)
descend into the directory and compress all the files it finds -p Use filename as the location of name (don't search $PATH)
there (or decompress them in the case of `gunzip'). The commands are found by searching through the directories listed in $PATH.
--suffix SUF
-S SUF If no arguments are given, information about remembered commands is printed.
Use suffix `SUF' instead of `.gz'. Any suffix can be given, but
suffixes other than `.z' and `.gz' should be avoided to avoid
confusion when files are transferred to other systems. A null
The return status is zero unless a name is not found or an invalid option is supplied.
suffix forces gunzip to try decompression on all given files
regardless of suffix, as in: head
Output the first part of files, prints the first part (10 lines by default) of each file.
gunzip -S "" * (*.* for MSDOS) SYNTAX
head [options]... [file]...

Bash programming for linux | 52

Options: KEY
-c Clear the history list. This may be combined with
-NUMBER the other options to replace the history list completely.
Return the first NUMBER of lines from the file. (must be the first option
specified) -d offset
Delete the history entry at position offset.
-CountOptions offset should be specified as it appears when the history is displayed.
This option is only recognized if it is specified first. Count is a decimal number optionally
-a Append the new history lines (history lines entered since
followed by a size letter ('b', 'k', the beginning of the current Bash session) to the history file.
'm' for bytes, Kilobytes or Megabytes) , or 'l' to mean count by lines, or other option letters ('cqv').
-c BYTES -n Append the history lines not already read from the history file
--bytes=BYTES to the current history list. These are lines appended to the
Print the first BYTES bytes, instead of initial lines. Appending history file since the beginning of the current Bash session.
'b' multiplies BYTES by 512, 'k' by 1024, and 'm' by 1048576.
-r Read the current history file and append its contents to the history
-n N list.
Output the first N lines. -w Write out the current history to the history file.

-q -p Perform history substitution on the args and display the result

--quiet on the standard output, without storing the results in the history list.
Never print file name headers. -s The args are added to the end of the history list as a single entry.

-v With no options, display the history list with line numbers. Lines prefixed with with a `*' have
Always print file name headers. been modified. An argument of n lists only the last n lines.
If no files are given (or if given a FILE of '-') head will read from standard input. When any of the `-w', `-r', `-a', or `-n' options are used, if filename is given, then it is used as the
If more than one FILE is specified, 'head' will print a one-line header consisting of ==> FILE history file. If not, then the value of the HISTFILE variable is used.
NAME <== before the output for each FILE. Recalling a previous command
Pressing the UP arrow will return to previous commands.
Two option formats are accepted: the new one, in which numbers are arguments to the options ('-
q -n 1'), and the old one, in which the number precedes any option letters ('-1q') To return to a previously entered command, type ctrl-r and then begin typing the command. This
Examples will finish the command for you as you type. If you can remember to use ctrl-r, it will become
Extract the first 85 lines from a file: invaluable for repeating longer commands.
head -85 file,txt
Extract lines 40-50 from a file, first using head to get the first 50 lines then tail to get the last 10: To find a specific command among many previous commands; pipe history through grep:
head -50 file.txt | tail -10 history|grep -i first few letters of command

history History Expansion

Command Line history
SYNTAX History expansions introduce words from the history list into the input stream, making it easy to
history repeat commands, insert the arguments to a previous command into the current input line, or fix
history [n]
history -c
errors in previous commands quickly.
history -d offset
history [-anrw] [filename] History expansion takes place in two parts. The first is to determine which line from the history
history -ps arg list should be used during substitution. The second is to select portions of that line for inclusion

Bash programming for linux | 53

into the current one.
!! designates the preceding command. When you type this, the
preceding command is repeated in toto.
The line selected from the history is called the event, and the portions of that line that are acted
upon are called words. Various modifiers are available to manipulate the selected words. The line !!:$ designates the last argument of the preceding command.
is broken into words (several words surrounded by quotes are considered one word). This may be shortened to !$.

!fi:2 designates the second argument of the most recent command

History expansions are introduced by the appearance of the history expansion character, which is starting with the letters fi.
`!' by default. Only `\' and `'' may be used to escape the history expansion character.
Here are the word designators:
Several shell options settable with the shopt builtin may be used to tailor the behavior of history 0 (zero) The 0th word. For many applications, this is the command word.
n The nth word.
The `-p' option to the history builtin command may be used to see what a history expansion will ^ The first argument; that is, word 1.
do before using it.
$ The last argument.
The `-s' option to the history builtin may be used to add commands to the end of the history list
% The word matched by the most recent `?string?' search.
without actually executing them, so that they are available for subsequent recall.
x-y A range of words; `-y' abbreviates `0-y'.
Event Designators
An event designator is a reference to a command line entry in the history list. * All of the words, except the 0th. This is a synonym for `1-$'.
! Start a history substitution, except when followed by a space, It is not an error to use `*' if there is just one word in the event;
tab, the end of the line, `=' or `('. the empty string is returned in that case.

!n Refer to command line n. x* Abbreviates `x-$'

!-n Refer to the command n lines back. x- Abbreviates `x-$' like `x*', but omits the last word.

!! Refer to the previous command. This is a synonym for `!-1'. If a word designator is supplied without an event specification,
the previous command is used as the event.
!string Refer to the most recent command starting with string. Modifiers
!?string[?] Refer to the most recent command containing string. After the optional word designator, you can add a sequence of one or more of the following
The trailing `?' may be omitted if the string is followed
immediately by a newline. modifiers, each preceded by a `:'.
h Remove a trailing pathname component, leaving only the head.
^string1^string2^ Quick Substitution. Repeat the last command, replacing
string1 t Remove all leading pathname components, leaving the tail.
with string2. Equivalent to !!:s/string1/string2/.
r Remove a trailing suffix of the form `.suffix', leaving the basename.
!# The entire command line typed so far.
e Remove all but the trailing suffix.
Word Designators
p Print the new command but do not execute it.
Word designators are used to select desired words from the event. A `:' separates the event
specification from the word designator. It may be omitted if the word designator begins with a `^', q Quote the substituted words, escaping further substitutions.
`$', `*', `-', or `%'. Words are numbered from the beginning of the line, with the first word being x Quote the substituted words as with `q', but break into words at
denoted by 0 (zero). Words are inserted into the current line separated by single spaces. spaces, tabs, and newlines.
For example,

Bash programming for linux | 54

s/old/new/ With no arguments, `hostname' prints the name of the current host system. With one argument, it
Substitute new for the first occurrence of old in the event line.
Any delimiter may be used in place of `/'. The delimiter may be
sets the current host name to the specified string. You must have appropriate privileges to set the
quoted in old and new with a single backslash. host name.
If `&' appears in new, it is replaced by old.
A single backslash will quote the `&'.
The final delimiter is optional if it is the last character on the input
line. Convert encoding of a file from one character set encoding to another.
& Repeat the previous substitution. iconv [Option...] -f encoding -t encoding inputfile
iconv -l
g Cause changes to be applied over the entire event line.
Used in conjunction with `s', as in gs/old/new/, or with `&'. Options
History Configuration -f encoding
export HISTCONTROL=erasedups --from-code encoding
export HISTSIZE=10000 Convert characters From encoding.
shopt -s histappend
-t encoding
# Remove duplicates from history (when a new item is added). --to-code encoding
# Increase the history size. Convert characters To encoding.
# Append history to ~/.bash_history. when you exit a shell
From Allan Odgaard’s excellent Working With History in Bash List known coded character sets
Examples (bang commands) The encodings available are system dependent.
The following bang commands work in not just bash but also tcsh and zsh too.
Not every bang command will work in every shell, but these are pretty universal . -o file
--output file
assume these are the last three commands you ran: Specify an output file (instead of stdout.)
% which firefox
% make Options controlling conversion problems:
% ./foo -f foo.conf
-c When this option is given, characters that cannot be converted are
% vi foo.c bar.c silently
Getting stuff from the last command: discarded, instead of leading to a conversion error.
Full line: % !! becomes: % vi foo.c bar.c
Last arg : % svn ci !$ becomes: % svn ci bar.c --unicode-subst=formatstring
All args : % svn ci !* becomes: % svn ci foo.c bar.c Replace Unicode characters that cannot be represented in the target
First arg: % svn ci !!:1 becomes: % svn ci foo.c encoding with a placeholder string that is constructed from
Accessing commandlines by pattern: formatstring,
Full line: % !./f becomes: % ./foo -f foo.conf applied to the Unicode code point. The formatstring must be in the same
Full line: % vi `!whi` becomes: % vi `which firefox` format as for the printf command or the printf() function, taking
Last arg : % vi !./f:$ becomes: % vi foo.conf either
All args : % ./bar !./f:* becomes: % ./bar -f foo.conf no argument or exactly one unsigned integer argument.
First arg: % svn ci !vi:1 becomes: % svn ci foo.c
hostname Replace bytes in the input that are not valid in the source encoding
with a placeholder string constructed from the given formatstring,
Print or set system name applied to the byte's value. The formatstring must be in the same
SYNTAX format as for the printf command or the printf() function, taking
hostname [name] either
no argument or exactly one unsigned integer argument.


Bash programming for linux | 55

Replace wide characters in the input that are not valid in the source -G
encoding with a placeholder string that is constructed from the given --groups
formatstring, applied to the byte's value. The formatstring must Print only the supplementary groups.
be in the same format as for the printf command or the printf()
function, -n
taking either no argument or exactly one unsigned integer argument. --name
Print the user or group name instead of the ID number.
Options controlling error output: Requires -u, -g, or -G

−s -r
−−silent --real
Suppress error messages about invalid or unconvertible characters Print the real, instead of effective, user or group id.
are omitted Requires -u, -g, or -G

--verbose -u
Print progress information. --user
The iconv program converts the encoding of characters in inputfile from one coded character set Print only the user id.
to another. The result is written to standard output unless otherwise specified by the --output
option. if
Examples Conditionally perform a command.
Convert input.txt from ISO-8859-1 to UTF-8 and save as output.txt if test-commands; then
$ iconv -f ISO-8859-1 -t UTF-8 < input.txt > output.txt consequent-commands;
Script to convert all .HTML files in a directory from Windows 1242 to UTF8 (from [elif more-test-commands; then
brianwc/ShareAlike) more-consequents;]
[else alternate-consequents;]
#/bin/bash fi
LIST=`ls *.html` The test-commands list is executed, and if its return status is zero, the consequent-commands list
for i in $LIST; is executed.
do iconv -f WINDOWS-1252 -t UTF8 $i -o $i."utf8"; If test-commands returns a non-zero status, each elif list is executed in turn, and if its exit status
mv $i."utf8" $i; is zero, the corresponding more-consequents is executed and the command completes.

id If `else alternate-consequents' is present, and the final command in the final if or elif
clause has a non-zero exit status, then alternate-consequents is executed.
Print real and effective user id (uid) and group id (gid), prints identity information about the given
user, or if no user is specified the current process. The return status is the exit status of the last command executed, or zero if no condition tested
id [options]... [username] true.
By default, it prints the real user id, real group id, effective user id if different from the real user
id, effective group id if different from the real group id, and supplemental group ids. ifconfig
Interface configurator - display your ip address, network interfaces, transferred and received data
Each of these numeric values is preceded by an identifying string and followed by the information, configure a network interface.
corresponding user or group name in parentheses. ifconfig [interface]
The options cause `id' to print only part of the above information.
ifconfig interface [aftype] options | address ...
interface The name of the interface.
Print only the group id.

Bash programming for linux | 56

Usually a driver name followed by a unit number, eth0 = 1st The special medium type of auto can be used to tell the driver
Ethernet interface. to auto-sense the
media. Again, not all drivers can do this.
up This flag causes the interface to be activated.
It is implicitly specified if an address is assigned to the [-]broadcast [addr] If the address argument is given, set the protocol
interface. broadcast address
for this interface. Otherwise, set (or clear) the
down This flag causes the driver for this interface to be shut down. IFF_BROADCAST flag for
the interface.
[-]arp Enable or disable the use of the ARP protocol on this interface.
[-]pointopoint [addr] This keyword enables the point-to-point mode of an
[-]promisc Enable or disable the promiscuous mode of the interface. interface,meaning that
If selected, all packets on the network will be received by the it is a direct link between two machines with nobody
interface. else listening on it.
If the address argument is also given, set the protocol
[-]allmulti Enable or disable all-multicast mode. address of the other
If selected, all multicast packets on the network will be side of the link, just like the obsolete dstaddr
received by the interface. keyword does.
Otherwise, set or clear the IFF_POINTOPOINT flag for
metric N Set the interface metric. the interface.

mtu N Set the Maximum Transfer Unit (MTU) of an interface. hw class address Set the hardware address of this interface, if the device
driver supports
dstaddr addr Set the remote IP address for a point-to-point (PPP)link this operation. The keyword must be followed by the name
(obsolete; use pointopoint instead) of the hardware class
and the printable ASCII equivalent of the hardware
netmask addr Set the IP network mask for this interface. address. Hardware classes
This value defaults to the usual class A, B or C network mask currently supported include ether (Ethernet), ax25 (AMPR
(as derived from the interface IP address), but it can be set AX.25), ARCnet and
to any value. netrom (AMPR NET/ROM).

add addr/prefixlen Add an IPv6 address to an interface. multicast Set the multicast flag on the interface. Not normally be
needed as
del addr/prefixlen Remove an IPv6 address from an interface. the drivers set the flag correctly themselves.

tunnel Create a new SIT (IPv6-in-IPv4) device, tunnelling to address The IP address to be assigned to this interface.
the given destination.
txqueuelen length Set the length of the transmit queue of the device.
irq addr Set the interrupt line used by this device. It is useful to set this to small values for slower
Not all devices can dynamically change their IRQ setting. devices with a high
latency (modem links, ISDN) to prevent fast bulk transfers
io_addr addr Set the start address in I/O space for this device. from disturbing
interactive traffic like telnet too much.
mem_start addr Set the start address for shared memory used by this device. ifconfig is used at boot time to set up interfaces as necessary. After that, it is usually only needed
Only a few devices need this.
when debugging or when system tuning is needed.
media type Set the physical port or medium type to be used by the device. If no arguments are given, ifconfig displays the status of the currently active interfaces. If a single
Not all devices can change this setting, and those that can interface argument is given, it displays the status of the given interface only; if a single -a
vary argument is given, it displays the status of all interfaces, even those that are down. Otherwise, it
in what values they support. Typical values for type are
10base2 (thin Ethernet), configures an interface.
10baseT (twisted-pair 10Mbps Ethernet), AUI (external If the first argument after the interface name is recognized as the name of a supported address
transceiver) and so on. family, that address family is used for decoding and displaying all protocol addresses. Currently

Bash programming for linux | 57

supported address families include inet (TCP/IP, default), inet6 (IPv6), ax25 (AMPR Packet Bring up interface eth0
Radio), ddp (Appletalk Phase 2), ipx (Novell IPX) and netrom (AMPR Packet radio). ifup eth0
All numbers supplied as parts in IPv4 dotted decimal notation may be decimal, octal, or Bring down all interfaces that are currently up.
hexadecimal, as specified in the ISO C standard (that is, a leading 0x or 0X implies hexadecimal; ifdown -a
otherwise, a leading '0' implies octal; otherwise, the number is interpreted as decimal). Use of
hexamedial and octal numbers is not RFC-compliant and therefore its use is discouraged and may
go away. import
Capture some or all of an X server screen and save the image to file.
ifup / ifdown SYNTAX
import [ options ... ] [ file ]
Bring a network interface up or down
Syntax import reads an image from any visible window on an X server and outputs it as an image file.
ifup [options] -a | IFACE... You can capture a single window, the entire screen, or any rectangular portion of the screen.
ifdown [options] -a|IFACE...
The target window can be specified by id, name, or may be selected by clicking the mouse in the
Options desired window.
-a, --all If given to ifup, affect all interfaces marked auto.
Interfaces are brought up in the order in which they are If you press a button and then drag, a rectangle will form which expands and contracts as the
defined in /etc/network/interfaces.
mouse moves. To save the portion of the screen defined by the rectangle, just release the button.
If given to ifdown, affect all defined interfaces. The keyboard bell is rung once at the beginning of the screen capture and twice when it
Interfaces are brought down in the order in which they are completes.
currently listed in the state file. Examples
Only interfaces defined in /etc/network/interfaces will be
brought down. To select an X window with the mouse and save it in the MIFF image format to a file titled
MyTest.miff, use:
--force Force configuration or deconfiguration of the interface.

--allow=CLASS Only allow interfaces listed in an allow-CLASS line in

import MyTest.miff
to be acted upon. To save the desktop to a jpeg file, use:
-i FILE import -window root MyTest.jpg
Read interface definitions from FILE instead of from
Although not strictly speaking part of the shell `import' seems to be present on most linux
/etc/network/interfaces. distributions.
-n, --no-act Don't configure any interfaces or run any "up" or "down"
commands. -border
include image borders in the output image.
--no-mappings Don't run any mappings. See interfaces for more information -colors value
about the mapping feature. preferred number of colours in the image. The actual number of colours in the image may be less
-v, --verbose Show commands as they are executed. than your request, but never more.
-colorspace value
-h, --help Display help for ifup The type of colorspace: GRAY, OHTA, RGB, Transpar*ent, XYZ, YCbCr, YIQ, YPbPr, YUV,
or CMYK.
-V, --version Show copyright and version information. colour reduction, by default, takes place in the RGB colour space.
Bring up all the interfaces defined with auto in /etc/network/interfaces The Transparent colour space behaves uniquely in that it preserves the matte channel of the image
ifup -a

Bash programming for linux | 58

if it exists. JPEG/MIFF/PNG compression level.
The -colors or -monochrome option is required for this option to take effect. For the JPEG image format, quality is 0 (worst) to 100 (best). The default quality is 75.
-comment string Quality for the MIFF and PNG image format sets the amount of image compression (quality / 10)
annotate an image with a comment. and filter-type (quality % 10). Compression quality values range from 0 (worst) to 100 (best).
-compress type -rotate degrees{<}{>}
The type of image compression: None, BZip, Fax, Group4, JPEG, LZW, RunlengthEncoded, or apply Paeth image rotation to the image.
Specify +compress to store the binary image in an uncompressed format. The default is the Use > to rotate the image only if its width exceeds the height. < rotates the image only if its width
compression type of the specified image file. is less than the height. For example, if you specify -90> and the image size is 480x640, the image
-delay <1/100ths of a second>x
is not rotated by the specified angle. However, if the image is 640x480, it is rotated by-90
display the next image after pausing. degrees. Empty triangles left over from rotating the image are filled with the colour defined as
This option is useful for regulating the display of the sequence of images. 1/100ths of a second bordercolor (class borderColor).
must expire before the display of the next image. The default is 6/100 of a second between each -scene value
frame of the image sequence. The second value is optional. It specifies the number of seconds to Number of screen snapshots.
pause before repeating your animation sequence. Use this option to grab more than one image from the X server screen to create an animation
-density x
vertical and horizontal resolution in pixels of the image.
-frame This option indicates that the GetImage request used to obtain the image should be done on the
include window manager frame. root window, rather than directly on the specified window. In this way, you can obtain pieces of
other windows that overlap the specified window, and more importantly, you can capture menus
-geometry x{+-}{+-}{%}{!}{<}{>}
the width and height of the image. or other popups that are independent windows but appear over the specified window.
-interlace type operate silently, i.e. don't ring any bells.
The type of interlacing scheme: None, Line, Plane, or Partition. The default is None. -transparency color
This option is used to specify the type of interlacing scheme for raw image formats such as RGB make this colour transparent within the image.
or YUV.
-treedepth value
No - means do not interlace (RGBRGBRGBRGBRGBRGB...) Normally, this integer value is zero or one. A zero or one tells convert to choose a optimal tree
Line - uses scanline interlacing (RRR...GGG...BBB...RRR...GGG...BBB...) depth for the colour reduction algorithm.
Plane - uses plane interlacing (RRRRRR...GGGGGG...BBBBBB...) Try values between 2 and 8 for this parameter.
Partition - is like plane except the different planes are saved to individual files (e.g. image.R, print detailed information about the image. This information is printed: image scene number;
image.G, and image.B) image name; image size; the image class (Direct- Class or PseudoClass); the total number of
unique colours; and the number of seconds to read and write the image.
Use Line, or Plane to create an interlaced GIF or progressive JPEG image. -window id
-label name assign a label to an image.
select window with this id or name. With this option you can specify the target window by id or
Use this option to assign a specific label to the image. name rather than using the mouse. Specify `root' to select X's root window as the target window.
transform image to black and white. All Options are processed in command line order. Any option you specify on the command line
remains in effect until it is explicitly changed by specifying the option again with a different
-negate effect.
replace every pixel with its complementary colour (white becomes black, yellow
becomes blue, etc.)
Use +negate to only negate the grayscale pixels of the image. file specifies the image filename. If file is omitted, it defaults to magick.miff. The default image
format is MIFF. To specify a particular image format, precede the filename with an image format
-quality value name and a colon (i.e. gif:image) or specify the image type as the filename suffix (i.e. image.jpg).

Bash programming for linux | 59

See convert(1) for a list of valid image formats. Set the group ownership of installed files or directories to
GROUP. The default is the process's current group. GROUP may be
either a group name or a numeric group id.
Specify file as - for standard output. If file has the extension .Z or .gz, the file size is compressed
using with compress or gzip respectively. Precede the image file name | to pipe to a system -m MODE
command. If file already exists, you will be prompted as to whether it should be overwritten. --mode=MODE
Set the permissions for the installed file or directory to MODE,
install which can be either an octal number, or a symbolic mode as in
`chmod', with 0 as the point of departure (*note File
Copy files and set attributes, copies files while setting their permission modes and, if possible, permissions::). The default mode is 0755--read, write, and execute
their owner and group. for the owner, and read and execute for group and other.
install [options]... SOURCE DEST -o OWNER
install [options]... SOURCE... DIRECTORY If `install' has appropriate privileges (is run as root), set the
ownership of installed files or directories to OWNER. The default
install -d [options]... DIRECTORY... is `root'. OWNER may be either a user name or a numeric user ID.

The 3 variants above install either a single SOURCE file to DEST target --preserve-timestamps
or copy multiple SOURCE files to the destination. In the last variant, Set the time of last access and the time of last modification of
each DIRECTORY (and any missing parent directories) is created. each installed file to match those of each corresponding original
file. When a file is installed without this option, its last
`install' is similar to `cp', but allows you to control the access and last modification times are both set to the time of
attributes of destination files. It is typically used in Makefiles to installation. This option is useful if you want to use the last
copy programs into their destination directories. It refuses to copy modification times of installed files to keep track of when they
files onto themselves. were last built as opposed to when they were last installed.

-b Strip the symbol tables from installed binary executables.
Make a backup of each file that would otherwise be overwritten or -S SUFFIX
removed. *Note Backup options::. --suffix=SUFFIX
Append SUFFIX to each backup file made with `-b'.
Install file, unless target already exists and is the same file, -v
in which case the modification time is not changed. --verbose
Print the name of each file before copying it.
Ignored; for compatibility with old Unix versions of `install'. -V METHOD
-d Change the type of backups made with `-b'. The METHOD argument
--directory can be `numbered' (or `t'), `existing' (or `nil'), or `never' (or
Create each given directory and any missing parent directories, `simple').
setting the owner, group and mode as given on the command line or SysAdmins can't be sued for malpractice but surgeons don't have to deal with patients who install
to the defaults. It also gives any parent directories it creates new versions of their own innards.
those attributes. (This is different from the SunOS 4.x
`install', which gives directories that it creates the default
Print currently running jobs and their status.
-g GROUP Syntax
--group=GROUP jobs [OPTIONS] [PID]

Bash programming for linux | 60

Options: Print a line for each unpairable line in file FILE-NUMBER (either
-c `1' or `2'), in addition to the normal output.
--command Print the command name for each process in jobs
-g Replace those output fields that are missing in the input with
--group Only print the group id of each job STRING.

-h `-i'
--help Display a help message and exit `--ignore-case'
Ignore differences in case when comparing keys. With this option,
-l the lines of the input files must be ordered in the same way. Use
--last Only the last job to be started is printed `sort -f' to produce this ordering.

-p `-1 FIELD'
--pid Print the process id for each process in all jobs `-j1 FIELD'
On systems that supports this feature, jobs will print the CPU usage of each job since the last Join on field FIELD (a positive integer) of file 1.
command was executed. The CPU usage is expressed as a percentage of full CPU activity. Note `-2 FIELD'
that on multiprocessor systems, the total activity may be more than 100%. `-j2 FIELD'
Example Join on field FIELD (a positive integer) of file 2.

`-j FIELD'
$ jobs Equivalent to `-1 FIELD -2 FIELD'.

join `-o FIELD-LIST...'

Construct each output line according to the format in FIELD-LIST.
Join lines on a common field, writes to standard output a line for each pair of input lines that have
Each element in FIELD-LIST is either the single character `0' or
identical join fields. has the form M.N where the file number, M, is `1' or `2' and N is
SYNTAX a positive field number.
join [Options]... File1 File2
Description A field specification of `0' denotes the join field. In most
cases, the functionality of the `0' field spec may be reproduced
using the explicit M.N that corresponds to the join field.
Either FILE1 or FILE2 (but not both) can be `-', meaning standard input. FILE1 and FILE2 However, when printing unpairable lines (using either of the `-a'
should be already sorted in increasing textual order on the join fields, using the collating sequence or `-v' options), there is no way to specify the join field using
specified by the `LC_COLLATE' locale. M.N in FIELD-LIST if there are unpairable lines in both files. To
give `join' that functionality, POSIX invented the `0' field
specification notation.
Unless the `-t' option is given, the input should be sorted ignoring blanks at the start of the join
field, as in `sort -b'. If the `--ignore-case' option is given, lines should be sorted without regard to The elements in FIELD-LIST are separated by commas or blanks.
the case of characters in the join field, as in `sort Multiple FIELD-LIST arguments can be given after a single `-o'
-f'. option; the values of all lists given with `-o' are concatenated
together. All output lines - including those printed because of
any -a or -v option - are subject to the specified FIELD-LIST.
The defaults are:
The join field is the first field in each line; `-t CHAR'
Fields in the input are separated by one or more blanks, with leading blanks on the line ignored; Use character CHAR as the input and output field separator.
Fields in the output are separated by a space; `-v FILE-NUMBER'
Each output line consists of the join field, the remaining fields from FILE1, then the remaining Print a line for each unpairable line in file FILE-NUMBER (either
fields from FILE2. `1' or `2'), instead of the normal output.

Bash programming for linux | 61

killall -V,--version
kill Options
Stop a process from running, either via a signal or forced termination.
Syntax -e
kill [-s sigspec] [-n signum] [-sigspec] jobspec or pid --exact
kill -l [exit_status] Require an exact match for very long names.
kill -l [sigspec] If a command name is longer than 15 characters, the full name may be
unavailable (i.e. it is swapped out). In this case, killall will kill
Key everything
-l List the signal names that matches within the first 15 characters. With -e, such entries are
-s Send a specific signal skipped.
-n Send a specific signal number killall prints a message for each skipped entry if -v is specified in
Send a signal specified by sigspec or signum to the process named by job specification jobspec or addition to -e,
process ID pid.
sigspec is either a case-insensitive signal name such as SIGINT (with or without the SIG prefix) or Kill the process group to which the process belongs.
a signal number; signum is a signal number. The kill signal is only sent once per group, even if multiple processes
to the same process group were found.
If sigspec is not present, SIGTERM is used (Terminate).
-I Do case insensitive process name match.
If any arguments are supplied when `-l' is given, the names of the signals corresponding to the --ignore-case
arguments are listed, and the return status is zero. exit_status is a number specifying a signal -i Interactively ask for confirmation before killing.
number or the exit status of a process terminated by a signal. --interactive

The return status is true if at least one signal was successfully sent, or false if an error occurs or -l List all known signal names.
an invalid option is encountered.
Examples name The command/process to be killed
List the running process
$ ps -q Do not complain if no processes were killed.
1293 pts/5 00:00:00 MyProgram
-r Interpret process name pattern as an extended regular expression.
Then Kill it --regexp
$ kill 1293
[2]+ Terminated MyProgram
-s signal
To run a command and then kill it after 5 seconds: --signal signal
$ my_command & sleep 5 Send signal instead of the default SIGTERM. e.g. -9 = SIGKILL
$ kill -0 $! && kill $!
-u user
kill is a bash built in command: $ help kill --user user
Kill only processes the specified user owns. Command names are
killall optional.
kill processes by name .
Syntax -v Report if the signal was successfully sent.
killall [option(s)] [--] name ... --verbose

killall -l -V Display version information.


Bash programming for linux | 62

-w killall -w doesn't detect if a process disappears and is replaced by a new process with the same
Wait for all killed processes to die. killall checks once per second if
PID between scans.
any If processes change their name, killall may not be able to match them correctly.
of the killed processes still exist and only returns if none are left. Examples
Note that killall may wait forever if the signal was ignored, had no Kill firefox:
effect, or
if the process stays in zombie state. $ killall -9 mozilla-bin

-Z pattern
--context pattern
Display output one screen at a time, Search through output, Edit the command line.
Specify security context: kill only processes having security context SYNTAX
that match less [options]
with given expended regular expression pattern. Must precede other
arguments on <command> | less [options]
the command line. Command names are optional. (SELinux Only)
Moving Commands:
-- Each parameter after a '--' parameter is always interpreted as a non-
option parameter. Commands marked with * may be preceded by a number, N.
killall sends a signal to all processes running any of the specified commands. If no signal name is Notes in parentheses indicate the behavior if N is given.
specified, SIGTERM is sent.
Signals can be specified either by name (e.g. -HUP) or by number (e.g. -1) or by option -s. e ^E j ^N CR * Forward one line (or N lines).
y ^Y k ^K ^P * Backward one line (or N lines).
If the command name is not regular expression (option -r) and contains a slash (/), processes f ^F ^V SPACE * Forward one window (or N lines).
executing that particular file will be selected for killing, independent of their name. b ^B ESC-v * Backward one window (or N lines).
killall returns a zero return code if at least one process has been killed for each listed command, z * Forward one window (and set window to N).
or no commands were listed and at least one process matched the -u and -Z search criteria. killall w * Backward one window (and set window to N).
ESC-SPACE * Forward one window, but don't stop at end-of-file.
returns non-zero otherwise. d ^D * Forward one half-window (and set half-window to N).
A killall process never kills itself (but may kill other killall processes). u ^U * Backward one half-window (and set half-window to N).
Common kill signals ESC-( RightArrow * Left 8 character positions (or N positions).
ESC-) LeftArrow * Right 8 character positions (or N positions).
Signal name Signal value Effect F Forward forever; like "tail -f".
r ^R ^L Repaint screen.
SIGHUP 1 Hangup R Repaint screen, discarding buffered input.
SIGINT 2 Interrupt from keyboard h H Display this help.
SIGKILL 9 Kill signal q :q Q :Q ZZ Exit.
SIGTERM 15 Termination signal (allow the process to run it's exit handler) Default "window" is the screen height.
Default "half-window" is half of the screen height.
SIGSTOP 17,19,23 Stop the process
/proc Searching Commands:
location of the proc file system
Known Bugs /pattern * Search forward for (N-th) matching line.
?pattern * Search backward for (N-th) matching line.
Typing killall name may not have the desired effect on non-Linux systems, especially when done n * Repeat previous search (for N-th occurrence).
by a privileged user. e.g. on Solaris it will kill all active processes. N * Repeat previous search in reverse direction.
Killing by file only works for executables that are kept open during execution, i.e. impure ESC-n * Repeat previous search, spanning files.
executables can't be killed this way. ESC-N * Repeat previous search, reverse dir. & spanning files.
ESC-u Undo (toggle) search highlighting.

Bash programming for linux | 63

--------------------------------------------------- !command Execute the shell command with $SHELL.
Search patterns may be modified by one or more of: |Xcommand Pipe file between current pos & mark X to shell command.
^N or ! Search for NON-matching lines. v Edit the current file with $VISUAL or $EDITOR.
^E or * Search multiple files (pass thru END OF FILE). V Print version number of "less".
^F or @ Start search at FIRST file (for /) or last file (for ?). ---------------------------------------------------------------------------
^K Highlight matches, but don't move (KEEP position).
--------------------------------------------------------------------------- Most options may be changed either on the command line, or from within less by using the - or --
Jumping commands:
Options may be given in one of two forms: either a single character preceded by a -, or a name
g < ESC-< * Go to first line in file (or line N). preceeded by --.
G > ESC-> * Go to last line in file (or line N). FINDING:
p % * Go to beginning of file (or N percent into file).
{ ( [ * Find close bracket } ) ]. -a ........ --search-skip-screen
} ) ] * Find open bracket { ( [. Forward search, skips current screen.
ESC-^F * Find close bracket . -g ........ --hilite-search
ESC-^B * Find open bracket Highlight only last match for searches.
--------------------------------------------------- -G ........ --HILITE-SEARCH
Each "find close bracket" command goes forward to the close bracket Don't highlight any matches for searches.
matching the (N-th) open bracket in the top line. -h [N] .... --max-back-scroll=[N]
Each "find open bracket" command goes backward to the open bracket Backward scroll limit.
matching the (N-th) close bracket in the bottom line. -i ........ --ignore-case
Ignore case in searches.
m Mark the current position with . -I ........ --IGNORE-CASE
' Go to a previously marked position. Ignore case in searches and in search patterns.
'' Go to the previous position. -j [N] .... --jump-target=[N]
^X^X Same as '. Screen position of target lines.
--------------------------------------------------- -p [pattern] --pattern=[pattern]
A mark is any upper-case or lower-case letter. Start at pattern (from command line).
Certain marks are predefined: -t [tag] .. --tag=[tag]
^ means beginning of the file Find a tag.
$ means end of the file -T [tagsfile] --tag-file=[tagsfile]
--------------------------------------------------------------------------- Use an alternate tags file.
-y [N] .... --max-forw-scroll=[N]
Changing files: Forward scroll limit.

:e [file] Examine a new file. DISPLAY OPTIONS:

^X^V Same as :e.
:n * Examine the (N-th) next file from the command line. -D [xn.n] . --color=xn.n
:p * Examine the (N-th) previous file from the command line. Set screen colors. (MS-DOS only)
:x * Examine the first (or N-th) file from the command line. -c -C .... --clear-screen --CLEAR-SCREEN
:d Delete the current file from the command line list. Repaint by scrolling/clearing.
= ^G :f Print current file name. -P [prompt] --prompt=[prompt]
--------------------------------------------------------------------------- Define new prompt.
-m -M .... --long-prompt --LONG-PROMPT
Miscellaneous Commands: Set prompt style.
-n -N .... --line-numbers --LINE-NUMBERS
- Toggle a command line option [see OPTIONS below]. Use line numbers.
-- Toggle a command line option, by name. -r ........ --raw-control-chars
_ Display the setting of a command line option. Output "raw" control characters.
__ Display the setting of an option, by name. -s ........ --squeeze-blank-lines
+cmd Execute the less cmd each time a new file is examined. Squeeze multiple blank lines.
-S ........ --chop-long-lines

Bash programming for linux | 64

Chop long lines. CNTL-RightArrow ESC-RightArrow ESC-w Move cursor right one word.
-w ........ --hilite-unread CNTL-LeftArrow ESC-LeftArrow ESC-b Move cursor left one word.
Highlight first new line after forward-screen. HOME ESC-0 Move cursor to start of line.
-W ........ --HILITE-UNREAD END ESC-$ Move cursor to end of line.
Highlight first new line after any forward movement. BACKSPACE Delete char to left of cursor.
-~ ........ --tilde DELETE ESC-x Delete char under cursor.
Don't display tildes after end of file. CNTL-BACKSPACE ESC-BACKSPACE Delete word to left of cursor.
-z [N] .... --window=[N] CNTL-DELETE ESC-DELETE ESC-X Delete word under cursor.
Set size of window. CNTL-U ESC (MS-DOS only) Delete entire line.
UpArrow ESC-k Retrieve previous command line.
FILE OPTIONS: DownArrow ESC-j Retrieve next command line.
TAB Complete filename & cycle.
-b [N] .... --buffers=[N] SHIFT-TAB ESC-TAB Complete filename & reverse cycle.
Number of buffers. CNTL-L Complete filename, list all.
-B ........ --auto-buffers

-f ........
Don't automatically allocate buffers for pipes.
Force open non-regular files. Perform arithmetic on shell variables.
-k [file] . --lesskey-file=[file] Syntax
Use a lesskey file. let expression [expression]
-o [file] . --log-file=[file] Each expression is an arithmetic expression to be evaluated. If the last expression evaluates to 0,
Copy to log file (standard input only). let returns 1; otherwise 0 is returned.
-O [file] . --LOG-FILE=[file]
Copy to log file (unconditionally overwrite).
`let' is a bash builtin command.

-d ........--dumb
Dumb terminal. Make links between files, by default, it makes hard links; with the `-s' option, it makes symbolic
-e -E .... --quit-at-eof --QUIT-AT-EOF (or "soft") links.
Quit at end of file. Syntax
-q -Q .... --quiet --QUIET --silent --SILENT ln [Options]... target [Linkname]
Quiet the terminal bell.
-u -U .... --underline-special --UNDERLINE-SPECIAL ln [Options]... target... Directory
Change handling of backspaces.
-x [N] .... --tabs=[N] Options
Set tab stops. -b
-X ........ --no-init --backup
Don't use termcap init/deinit strings. Make a backup of each file that would otherwise be overwritten or
-" [c[c]] . --quotes=[c[c]] removed. *Note Backup options::.
Set shell quote characters.
-? ........ --help -d
Display help (from command line). -F
-V ........ --version --directory
Display the version number of "less". Allow the super-user to make hard links to directories.
Line Editing: --force
Remove existing destination files.
These keys can be used to edit text being entered
on the "command line" at the bottom of the screen. -i
RightArrow ESC-l Move cursor right one character. Prompt whether to remove existing destination files.
LeftArrow ESC-h Move cursor left one character.

Bash programming for linux | 65

-n a file--indeed, it is not incorrect to say that the inode _is_ the file.
When given an explicit destination that is a symlink to a
On all existing implementations, you cannot make a hard link to a directory, and hard links
directory, treat that destination as if it were a normal file. cannot cross filesystem boundaries. (These restrictions are not mandated by POSIX, however.)

When the destination is an actual directory (not a symlink to one), "Symbolic links" ("symlinks" for short), on the other hand, are a special file type (which not all
there is no ambiguity. The link is created in that directory.
But when the specified destination is a symlink to a directory, kernels support: System V release 3 (and older) systems lack symlinks) in which the link file
there are two ways to treat the user's request. `ln' can treat actually refers to a different file, by name. When most operations (opening, reading, writing, and
the destination just as it would a normal directory and create the so on) are passed the symbolic link file, the kernel automatically "dereferences" the link and
link in it. On the other hand, the destination can be viewed as a operates on the target of the link. But some operations (e.g., removing) work on the link file itself,
non-directory--as the symlink itself. In that case, `ln' must
delete or backup that symlink before creating the new link. The rather than on its target.
default is to treat a destination that is a symlink to a directory Examples
just like a directory. $ ln file1.txt link1
$ rm file1.txt #The file cannot be deleted until the link is removed.
--symbolic $ ln -s /some/name # create a link ./name pointing to /some/name
Make symbolic links instead of hard links. This option merely $ ln -s /some/name mylink2 # or give the link a name
produces an error message on systems that do not support symbolic
links. $ ln -s /home/simon/demo /home/jules/mylink3 #Create mylink3 pointing to demo

-S SUFFIX $ ln -s item1 item2 .. # creates links ../item1 and ../item2 pointing to

--suffix=SUFFIX ./item1 and ./item2
Append SUFFIX to each backup file made with `-b'. *Note Backup If you delete a file for which a symbolic link still exists, the rm will succeed but the symbolic link
would remain and any attempt to reference it will return a 'file not found' error.
--verbose local
Print the name of each file before linking it. Create variables
-V METHOD local [option] name[=value]
Change the type of backups made with `-b'. The METHOD argument
For each argument, a local variable named name is created, and assigned value.
can be `numbered' (or `t'), `existing' (or `nil'), or `never' (or
`simple'). The option can be any of the options accepted by declare.
* If the last argument names an existing directory, `ln' creates a link to each TARGET file in that
directory, using the TARGETs' local can only be used within a function; it makes the variable name have a visible scope
names. (But see the description of the `--no-dereference' option below.) restricted to that function and its children.

* If two filenames are given, `ln' creates a link from the second to the first. The return status is zero unless local is used outside a function, an invalid name is supplied, or
name is a readonly variable.
* If one TARGET is given, `ln' creates a link to that file in the current directory. `local' is a BASH builtin command.

* It is an error if the last argument is not a directory and more than two files are given. Without `- locate
f' or `-i' (see below), `ln' will not remove an existing file. Use the `--backup' option to make `ln' Find files.
rename existing files. Syntax
locate [options] pattern

A "hard link" is another name for an existing file; the link and the original are indistinguishable. Options
Technically speaking, they share the same inode, and the inode contains all the information about

Bash programming for linux | 66

-d path, --database=path Display any lines in file which contain string as a prefix.
Search databases in path. Syntax
path must be a colon- separated list. look [-df] [-t termchar] string [file]
-h, --help Print a help message and exit. As look performs a binary search, the lines in file must be sorted.
--version Print version information and then exit. Options:
Search database(s) of filenames and print matches. *, ?, [, and ] are treated specially; / and . are
not. -d Dictionary character set and order, i.e. only alphanumeric characters are
Matches include all files that contain pattern, unless pattern includes metacharacters, in which
case locate requires an exact match. -f Ignore the case of alphabetic characters (UPPER/lower).
If locate does not work, run the command: slocate -u to rebuild the index
-t Specify a string termination character, i.e. only the characters
logname in string up to and including the first occurrence of termchar are
Print current login name If file is not specified, the dictionary file /usr/share/dict/words is used, only alphanumeric
logname characters are compared and the case of alphabetic characters is ignored.
Prints the calling user's name, as found in the file`/var/run/utmp', and exits with a status of 0. Exits 0 if one or more lines were found and displayed, 1 if no lines were found, and >1 if an error
If there is no `/var/run/utmp' entry for the calling process, `logname' prints an error message and The return status is the exit status of the last command executed in consequent-commands, or zero
exits with a status of 1. if none were executed.

The only options are `--help' and `--version'.

line printer control program
logout SYNTAX
lpc [command [argument ...]]
Exit a login shell.
logout [n] Lpc is used by the system administrator to control the operation of the
Returns a status of n to the shell's parent. line printer system. For each line printer configured in /etc/printcap,
A login shell, is your topmost shell, and is started when you log in. lpc may be used to:
When you terminate a login shell (via the commands `exit', `logout,' or the end of file [^D]), you · Disable or enable a printer,
are logged out completely.
Sub-Shells · Disable or enable a printer's spooling queue,
A `sub-shell' is a shell created after login, either by loading a new shell or opening a window with · Rearrange the order of jobs in a spooling queue,
a graphics interface. A sub-shell usually will not accept the command `logout' to terminate, you
must use `exit' or ^D. · Find the status of printers, and their associated spooling
When you terminate a sub-shell, you are returned to the process or shell that created it. queues and printer dameons.
Example (starting from a bash shell) Without any arguments, lpc will prompt for commands from the standard input. If arguments are
$ tcsh supplied, lpc interprets the first argument as a command and the remaining arguments as
% # now in the tcsh shell parameters to the command. The standard input may be redirected causing lpc to read commands
% exit from file.
$ # now back in the bash shell Commands may be abreviated;
$ logout
? [command ...]
look help [command ...]

Bash programming for linux | 67

Print a short description of each command specified in the argument queue.
list, or,
if no arguments are given, a list of the recognized commands. up { all | printer }
Enable everything and start a new printer daemon. Undoes the effects
abort { all | printer } of down.
Terminate an active spooling daemon on the local host immediately
and then disable printing (preventing new daemons from being FILES
started by lpr) for the specified printers. /etc/printcap printer description file
/var/spool/* spool directories
clean { all | printer } /var/spool/*/lock lock file for queue control
Remove any temporary files, data files, and control files that
cannot be printed (i.e., do not form a complete printer job) from ERROR Messages
the specified printer queue(s) on the local machine.
?Ambiguous command
disable { all | printer } abbreviation matches more than one command
Turn the specified printer queues off. This prevents new printer
jobs from being entered into the queue by lpr. ?Invalid command
no match was found
down { all | printer } message ...
Turn the specified printer queue off, disable printing and put ?Privileged command
message in the printer status file. The message doesn't need to command can be executed by root only
be quoted, the remaining arguments are treated like echo(1).
This is normally used to take a printer down and let others know
why lpq(1) will indicate the printer is down and print the status
message). off line print - sends a print job to the default system queue.
enablee { all | printer } lpr [-Pprinter] [-#num] [-C class] [-J job] [-T title] [-U user] [-i
Enable spooling on the local queue for the listed printers. This [numcols]]
will allow lpr(1) to put new jobs in the spool queue. [-1234 font] [-wnum] [-cdfghlnmprstv] [name ...]

quit Exit from lpc. Lpr uses a spooling daemon to print the named files when facilities become
available. If no names appear, the standard input is assumed.

restart { all | printer } The following single letter options are used to notify the line printer
Attempt to start a new printer daemon. This is useful when some spooler that the files are not standard text files. The spooling daemon
abnormal condition causes the daemon to die unexpectedly leaving will use the appropriate filters to print the data accordingly.
jobs in the queue. Lpq will report that there is no daemon present
when this condition occurs. If the user is the super-user, -c The files are assumed to contain data produced by cifplot(1)
try to abort the current daemon first (i.e., kill and restart a
stuck daemon). -d The files are assumed to contain data from tex (DVI format from
start { all | printer }
Enable printing and start a spooling daemon for the listed printers. -f Use a filter which interprets the first character of each line as
a standard FORTRAN carriage control character.
status { all | printer }
Display the status of daemons and queues on the local machine. -g The files are assumed to contain standard plot data as produced
by the plot routines (see also plot for the filters used by the
stop { all | printer } printer spooler).
Stop a spooling daemon after the current job completes and disable
printing. -l Use a filter which allows control characters to be printed and
suppresses page breaks.
topq printer [ jobnum ... ] [ user ... ]
Place the jobs in the order listed at the top of the printer

Bash programming for linux | 68

-n The files are assumed to contain data from ditroff (device
independent lpr -C EECS foo.c
causes the system name (the name returned by hostname(1)) to be
-p Use pr(1) to format the files (equivalent to print). replaced on the burst page by EECS, and the file foo.c to be
-t The files are assumed to contain data from troff(1) (cat photo-
typesetter commands). -J job Job name to print on the burst page. Normally, the first file's
name is used.
-v The files are assumed to contain a raster image for devices like
the Benson Varian. -T title
Title name for pr(1), instead of the file name.
These options apply to the handling of the print job:
-U user
-P Force output to a specific printer. Normally, the default printer User name to print on the burst page, also for accounting purposes.
is used (site dependent), or the value of the environment This option is only honored if the real user-id is daemon
variable PRINTER is used. (or that specified in the printcap file instead of daemon), and
is intended for those instances where print filters wish to requeue
-h Suppress the printing of the burst page. jobs.

-m Send mail upon completion. -i [numcols]

The output is indented. If the next argument is numeric
-r Remove the file upon completion of spooling. Can not be used with (numcols), it is used as the number of blanks to be printed before
the -s option, due to security concerns. each line; otherwise, 8 characters are printed.

-s Use symbolic links. Usually files are copied to the spool -wnum Uses num as the page width for pr(1).
The -s option will use symlink(2) to link data files Environment
rather than trying to copy them so large files can be printed. If the following environment variable exists, it is used by lpr:
This means the files should not be modified or removed until they
have been printed. PRINTER Specifies an alternate default printer.

The remaining options apply to copies, the page display, and headers: Files
/etc/passwd Personal identification.
-#num The quantity num is the number of copies desired of each file /etc/printcap Printer capabilities data base.
named. For example, /usr/sbin/lpd* Line printer daemons.
/var/spool/output/* Directories used for spooling.
lpr -#3 foo.c bar.c more.c /var/spool/output/*/cf* Daemon control files.
/var/spool/output/*/df* Data files specified in "cf" files.
would result in 3 copies of the file foo.c, followed by 3 copies /var/spool/output/*/tf* Temporary copies of "cf" files.
of the file bar.c, etc. On the other hand,
cat foo.c bar.c more.c | lpr -#3 If you try to spool too large a file, it will be truncated. Lpr will object
to printing binary files. If a user other than root prints a file
will give three copies of the concatenation of the files. Often a and spooling is disabled, lpr will print a message saying so and will not
site will disable this feature to encourage use of a photocopier put jobs in the queue. If a connection to lpd(1) on the local machine
instead. cannot be made, lpr will say that the daemon cannot be started. Diagnostics
may be printed in the daemon's log file regarding missing spool
-[1234]font files by lpd(1).
Specifies a font to be mounted on font position i. The daemon
will construct a .railmag file referencing the font pathname. Bugs
Fonts for troff(1) and tex reside on the host with the printer. It is
-C class currently not possible to use local font libraries.
Job classification to use on the burst page. For example,

Bash programming for linux | 69

Since the spooling directory is protected from users, using Lprm is normally the only method by
lprm which a user may remove a job.
Remove jobs from the line printer spooling queue The owner of a job is determined by the user's login name and host name on the machine where
Syntax the lpr command was invoked.
lprm [-Pprinter] [-] [job# ...] [user ...]
Bug: since there are race conditions possible in the update of the lock file, the currently active job
Options and arguments: may be incorrectly identified.

-Pprinter ERROR Messages: `Permission denied' if the user tries to remove files other than their own.
Specify the queue associated with a specific printer (otherwise
the default printer is used).
- If a single `-' is given, lprm will remove all jobs which a user List information about files.
owns. If the super-user employs this flag, the spool queue will Syntax
be emptied entirely. ls [Options]... [File]...

user Causes lprm to attempt to remove any jobs queued belonging to Key
that user (or users). This form of invoking lprm is useful only Sort entries alphabetically if none of -cftuSUX nor --sort.
to the super-user.
-a, --all Do not hide entries starting with .
job# A user may dequeue an individual job by specifying its job number.
This number may be obtained from the lpq(1) program, e.g. -A, --almost-all Do not list implied . and ..

% lpq -l -b, --escape Print octal escapes for nongraphic characters

1st:ken [job #013ucbarpa] --block-size=SIZE Use SIZE-byte blocks

(standard input) 100 bytes
% lprm 13 -B, --ignore-backups Do not list implied entries ending with ~

If neither arguments or options are given, lprm will delete the currently -c Sort by change time; with -l: show ctime
active job if it is owned by the user who invoked lprm.
-C List entries by columns
lprm announces the names of any files it removes and is silent if there
are no jobs in the queue which match the request list. --color[=WHEN] Control whether color is used to distinguish file
types. WHEN may be `never', `always', or `auto'
lprm will kill off an active daemon, if necessary, before removing any
spooling files. If a daemon is killed, a new one is automatically -d, --directory List directory entries instead of contents
restarted upon completion of file removals.
-D, --dired Generate output designed for Emacs' dired mode
If the following environment variable exists, it is utilized by lprm. -f Do not sort, enable -aU, disable -lst

PRINTER If the environment variable PRINTER exists, and a printer has -F, --classify Append indicator (one of */=@|) to entries
not been specified with the -P option, the default printer is
assumed from PRINTER. --format=WORD Across -x, commas -m, horizontal -x, long -l,
single-column -1, verbose -l, vertical -C
/etc/printcap Printer characteristics file. --full-time List both full date and full time
/var/spool/* Spooling directories.
/var/spool/*/lock Lock file used to obtain the pid of the current daemon -g (ignored)
and the job number of the currently active job.
Lprm will remove a job, or jobs, from a printer's spool queue. -G, --no-group Inhibit display of group information

Bash programming for linux | 70

-h, --human-readable Print sizes in human readable format (e.g., 1K 234M -T, --tabsize=COLS assume tab stops at each COLS instead of 8
-H, --si Likewise, but use powers of 1000 not 1024 -u sort by last access time; with -l: show atime

--indicator-style=WORD Append indicator with style WORD to entry names: -U do not sort; list entries in directory order
none (default), classify (-F), file-type (-p)
-v sort by version
-i, --inode Print index number of each file
-w, --width=COLS assume screen width instead of current value
-I, --ignore=PATTERN Do not list implied entries matching shell PATTERN
-x list entries by lines instead of by columns
-k, --kilobytes Like --block-size=1024
-X sort alphabetically by entry extension
-l Use a long listing format
-1 list one file per line
-L, --dereference List entries pointed to by symbolic links
--help display help and exit
-m Fill width with a comma separated list of entries
--version output version information and exit
-n, --numeric-uid-gid List numeric UIDs and GIDs instead of names The most common options are -a (all files) and -l (long or details)
-N, --literal Print raw entry names (don't treat e.g. control
characters specially) When output to file the files are listed one per line.

-o Use long listing format without group info By default, colour is not used to distinguish types of files. That is equivalent to using --
-p, --file-type Append indicator (one of /=@|) to entries color=none.
Using the --color option without the optional WHEN argument is equivalent to using --
-q, --hide-control-chars Print ? instead of non graphic characters color=always.
With --color=auto, color codes are output only if standard output is connected to a terminal (tty).
--show-control-chars Show non graphic characters as-is (default)
-Q, --quote-name Enclose entry names in double quotes # List the contents of your home directory
--quoting-style=WORD Use quoting style WORD for entry names: $ ls ~
literal, shell, shell-always, c, escape
# list everything in a vertical list:
-r, --reverse Reverse order while sorting $ ls -al

-R, --recursive List subdirectories recursively total 109

drwxr-xr-x 18 root root 4096 Jun 9 21:12 ./
-s, --size Print size of each file, in blocks drwxr-xr-x 18 root root 4096 Jun 9 21:12 ../
drwxr-xr-x 2 root root 4096 Jun 9 21:14 bin/
-S Sort by file size drwxr-xr-x 3 root root 1024 Jun 9 20:32 boot/
drwxr-xr-x 6 root root 36864 Jul 12 10:26 dev/
--sort=WORD time -t, version -v, status -c drwxr-xr-x 34 root root 4096 Jul 12 10:25 etc/
size -S, extension -X, none -U ^
atime -u, access -u, use -u the first column is the file type
d = directory
--time=WORD Show time as WORD instead of modification time: f = file
atime, access, use, ctime or status;
also use this as a sort key if --sort=time # List the directories in the current directory:
$ ls -d */
-t sort by modification time
# list ALL subdirectories

Bash programming for linux | 71

$ ls * This option selects the listing of files for processes executing the
The default behaviour of ls is to only pass color control codes to tty output --color=auto. command that begins with the characters of c. Multiple commands may be
specified, using multiple -c options. They are joined in a single ORed set
To pipe the output to a second command complete with color codes then set --color=always before participating in AND option selection.
$ ls -lAXh --color=auto|less -R If c begins and ends with a slash ('/'), the characters between the
slashes are interpreted as a regular expression.
lsof Shell meta-characters in the regular expression must be quoted to prevent
their interpretation by the shell.
List open files. The closing slash may be followed by these modifiers:
Syntax b the regular expression is a basic one. i ignore the case of
lsof [ -?abChlnNOPRstUvVX ] [ -A A ] [ -c c ] [ +c c ] [ +|-d d ] letters. x the regular expression is an extended one (default).
[ +|-D D ] [ +|-f [cfgGn] ] [ -F [f] ] [ -g [s] ] [ -i[i] ]
[ -k k ] [ +|-L [l] ] [ +|-m m ] [ +|-M ] [ -o [o] ] [ -p s ] See the lsof FAQ (The FAQ section gives its location.) for more
[ +|-r [t] ] [ -S [t] ] [ -T [t] ] [ -u s ] [ +|-w ] information on basic and extended regular expressions.
[ -x [fl] ] [ -z [z] ] [ -Z [Z] ] [ -- ] [filenames] The simple command specification is tested first. If that test fails, the
Jump to examples command regular expression is applied.
An open file may be a regular file, a directory, a block special file, a character special file, an If the simple command test succeeds, the command regular expression test
executing text reference, a library, a stream or a network file (Internet socket, NFS file or UNIX isn't made. This
may result in ''no command found for regex:'' messages when lsof's -V
domain socket.) A specific file or all the files in a file system may be selected by path. option is specified.
Instead of a formatted display, lsof will produce output that can be parsed by other programs. See +c w
the -F, option description, and the OUTPUT FOR OTHER PROGRAMS section for more This option defines the maximum number of initial characters of the name,
supplied by the UNIX dialect, of the UNIX command associated with a
information. process to be
In addition to producing a single output list, lsof will run in repeat mode. In repeat mode it will printed in the COMMAND column. (The lsof default is nine.)
produce output, delay, then repeat the output operation until stopped with an interrupt or quit
signal. See the +|-r [t] option description for more information. Note that many UNIX dialects do not supply all command name characters to
lsof in the files and structures from
which lsof obtains command name. Often dialects limit the number of
In the absence of any options, lsof lists all open files belonging to all active processes. characters supplied in those
Options sources. For example, Linux 2.4.27 and Solaris 9 both limit command name
-? -h length to 16 characters.
These two equivalent options select a usage (help) output list. Lsof If w is zero ('0'), all command characters supplied to lsof by the UNIX
displays a shortened form of this output when it detects an error in the dialect will be printed.
options supplied to it, after it has displayed messages explaining each If w is less than the length of the column title, ''COMMAND'', it will be
error. (Escape the '?' character as your shell requires.) raised to that length.
This option causes list selection options to be ANDed, as described below. -C
This option disables the reporting of any path name components from the
-A A kernel's name cache.
This option is available on systems configured for AFS whose AFS kernel See the KERNEL NAME CACHE section for more information.
code is implemented via dynamic modules. It allows the lsof user to +d s
specify A as an alternate name list file where the kernel addresses of the This option causes lsof to search for all open instances of directory s
dynamic modules might be found. See the lsof FAQ (The Related and the files and directories it contains at its top level.
section gives its location.) for more information about dynamic modules, This option does NOT descend the directory tree, rooted at s.
their symbols, and how they affect lsof. The +D D option may be used to request a full-descent directory tree
-b search,rooted at directory D.
This option causes lsof to avoid kernel functions that might block -
lstat(2), readlink(2), and stat(2). Processing of the +d option does not follow symbolic links within s unless
See the BLOCKS AND TIMEOUTS and AVOIDING KERNEL BLOCKS sections for the -x or -x " l" option is also specified.
information on using this option. Nor does it search for open files on file system mount points on
subdirectories of s unless the -x or -x " f" option is also specified.
-c c Note: the authority of the user of this option limits it to searching for

Bash programming for linux | 72

files that the user has permission to examine with the system stat(2) b - build the device cache file
function. i - ignore the device cache file
-d s r - read the device cache file
This option specifies a list of file descriptors (FDs) to exclude from or u - read and update the device cache file
include in the output listing. The file descriptors are specified in the
comma-separated set s - e.g., ''cwd,1,3'', ''^6,^2''. (There should be no The b, r, and u functions, accompanied by a path name, are sometimes
spaces in the set.) restricted.
The list is an exclusion list if all entries of the set begin with '^'. It When these functions are restricted, they will not appear in the
is an inclusion list if no entry begins with '^'. Mixed lists are not description of the -D option that
permitted. accompanies -h or -? option output. See the DEVICE CACHE FILE section and
A file descriptor number range may be in the set as long as neither member the
is empty, both members are numbers, and sections that follow it for more information on these functions and when
the ending member is larger than the starting one - e.g., ''0-7'' or ''3- they're restricted.
10''. Ranges may be specified for exclusion if they
have the '^' prefix - e.g., ''^0-7'' excludes all file descriptors 0 The ? function reports the read-only and write paths that lsof can use for
through 7. the device cache file,
Multiple file descriptor numbers are joined in a single ORed set before the names of any environment variables whose values lsof will examine when
participating in AND option selection. forming the
When there are exclusion and inclusion members in the set, lsof reports device cache file path, and the format for the personal device cache file
them as errors and exits with a non-zero return code. path.
See the description of File Descriptor (FD) output values in the OUTPUT (Escape the '?' character as your shell requires.)
section for more information on file descriptor names. When available, the b, r, and u functions may be followed by the device
cache file's path.
+D D The standard default is .lsof_hostname in the home directory of the real
This option causes lsof to search for all open instances of directory D user ID that executes lsof,
and all the files and directories it contains to its complete depth. but this could have been changed when lsof was configured and compiled.
Processing of the +D option does not follow symbolic links within D unless (The output of the -h and -? options show the current default prefix -
the -x or -x " l" option is also specified. e.g., ''.lsof''.)
Nor does it search for open files on file system mount points on The suffix, hostname, is the first component of the host's name returned
subdirectories of D unless the -x or -x " f" option is also specified. by gethostname(2).
Note: the authority of the user of this option limits it to searching for When available, the b function directs lsof to build a new device cache
files that the user has permission to examine with the system stat(2) file at the default or specified path.
function. The i function directs lsof to ignore the default device cache file and
obtain its information about devices via direct calls to the kernel.
Further note: lsof may process this option slowly and require a large
amount of dynamic memory to do it. This is because it must descend the The r function directs lsof to read the device cache at the default or
entire directory specified path, but
tree, rooted at D, calling stat(2) for each file and directory, building a prevents it from creating a new device cache file when none exists or the
list of all the files it finds, and searching that list for a match existing one is
with every open file. When directory D is large, these steps can take a improperly structured. The r function, when specified without a path name,
long time, so use this option prudently. prevents lsof
from updating an incorrect or outdated device cache file, or creating a
-D D new one in its place.
This option directs lsof's use of the device cache file. The use of this
option is sometimes restricted. The r function is always available when it is specified without a path
See the DEVICE CACHE FILE section and the sections that follow it for name
more information on this option. argument; it may be restricted by the permissions of the lsof process.
must be followed by a function letter; the function letter may optionally When available, the u function directs lsof to read the device cache file
be followed by a path name. at the default or specified path,
if possible, and to rebuild it, if necessary. This is the default device
Lsof recognizes these function letters: cache file function when no -D option has been specified.

? - report device cache file paths +|-f [cfgGn]

Bash programming for linux | 73

f by itself clarifies how path name arguments are to be interpreted. When This option specifies a character list, f, that selects the fields to be
followed by c, f, g, G, or n in any output for processing by another program, and the character that
combination it specifies that the listing of kernel file structure terminates
information is to be enabled ('+') or inhibited ('-'). each output field. Each field to be output is specified with a single
character in f. The field terminator defaults to NL, but may be changed to
Normally a path name argument is taken to be a file system name if it NUL
matches a mounted-on directory (000). See the OUTPUT FOR OTHER PROGRAMS section for a description of the
name reported by mount(8), or if it represents a block device, named in field identification characters and the field output process.
the mount output and associated
with a mounted directory name. When +f is specified, all path name When the field selection character list is empty, all standard fields are
arguments will be taken to be selected
file system names, and lsof will complain if any are not. This can be (except the raw device field, security context and zone field for
useful, for example, when the compatibility reasons) and the NL field terminator is used.
file system name (mounted-on device) isn't a block device. This happens When the field selection character list contains only a zero ('0'), all
for some CD-ROM file systems. fields are selected
(except the raw device field for compatibility reasons) and the NUL
When -f is specified by itself, all path name arguments will be taken to terminator character is used.
be simple files. Other combinations of fields and their associated field terminator
Thus, for example, the ''-f -- /'' arguments direct lsof to search for character must be set with explicit entries in f,
open files with a '/' path name, as described in the OUTPUT FOR OTHER PROGRAMS section.
not all open files in the '/' (root) file system.
When a field selection character identifies an item lsof does not normally
Be careful to make sure +f and -f are properly terminated and aren't list -
followed by a character e.g., PPID, selected with -R - specification of the field character -
(e.g., of the file or file system name) that might be taken as a e.g., ''-FR'' - also selects the listing of the item.
For example, use ''--'' after +f and -f as in these examples.
When the field selection character list contains the single character '?',
$ lsof +f -- /file/system/name $ lsof -f -- /file/name lsof will display a help list
of the field identification characters. (Escape the '?' character as your
The listing of information from kernel file structures, requested with the shell requires.)
+f [cfgGn] option form,
is normally inhibited, and is not available for some dialects - e.g., -g [s]
/proc-based Linux. This option excludes or selects the listing of files for the processes
When the prefix to f is a plus sign ('+'), these characters request file whose optional process group IDentification (PGID) numbers are in the
structure information: comma-separated set s - e.g., ''123'' or ''123,^456''. (There should be no
c file structure use count spaces in the set.)
f file structure address PGID numbers that begin with '^' (negation) represent exclusions.
g file flag abbreviations Multiple PGID numbers are joined in a single ORed set before participating
G file flags in hexadecimal in AND option selection.
n file structure node address However, PGID exclusions are applied without ORing or ANDing and take
When the prefix is minus ('-') the same characters disable the listing of effect before other selection criteria are applied.
the indicated values. The -g option also enables the output display of PGID numbers. When
specified without a PGID set that's all it does.
File structure addresses, use counts, flags, and node addresses may be
used to detect more -i [i]
readily identical files inherited by child processes and identical files This option selects the listing of files any of whose Internet address
in use by different processes. matches the address specified in i. If no address is specified, this
Lsof column output can be sorted by output columns holding the values and option
listed to identify identical file use, selects the listing of all Internet and x.25 (HP-UX) network files.
or lsof field output can be parsed by an AWK or Perl post-filter script, If -i4 or -i6 is specified with no following address, only files of the
or by a C program. indicated IP version, IPv4 or IPv6, are displayed. (An
IPv6 specification may be used only if the dialects supports IPv6, as
-F f indicated by ''[46]'' and ''IPv[46]'' in lsof's -h or -? output.)

Bash programming for linux | 74

Sequentially specifying -i4, followed by -i6 is the same as specifying -i, service names may contain embedded minus signs, the starting entry of a range can't be a
and vice-versa.
Specifying -i4, or -i6 after -i is the same as specifying -i4 or -i6 by
service name; it can be a port number, however.
itself. Here are some sample addresses:
Multiple addresses (up to a limit of 100) may be specified with multiple - -i6 - IPv6 only
i options.
(A port number or service name range is counted as one address.) They are TCP:25 - TCP and port 25
joined in a single ORed set before participating in AND option
selection. @ - Internet IPv4 host address
An Internet address is specified in the form (Items in square brackets are
optional.): [46][protocol][@hostname|hostaddr][:service|port] @[3ffe:1ebc::1]:1234 - Internet IPv6 host address
where: 3ffe:1ebc::1, port 1234
46 specifies the IP version, IPv4 or IPv6 that applies to the following address.
UDP:who - UDP who service port
'6' may be be specified only if the UNIX dialect supports IPv6.
If neither '4' nor '6' is specified, the following address applies to all IP versions.
protocol is a protocol name - TCP or UDP. TCP@lsof.itap:513 - TCP, port 513 and host name lsof.itap
tcp@foo:1-10,smtp,99 - TCP, ports 1 through 10,
hostname is an Internet host name. Unless a specific IP version is specified, open service name smtp, port 99, host name foo
network files associated with host names of all versions will be selected.
hostaddr is a numeric Internet IPv4 address in dot form; or an IPv6 numeric address in tcp@bar:1-smtp - TCP, ports 1 through smtp, host bar
colon form, enclosed in brackets, if the UNIX dialect supports IPv6. :time - either TCP or UDP time service port
When an IP version is selected, only its numeric addresses may be specified. -k k
service is an /etc/services name - e.g., smtp - or a list of them. This option specifies a kernel name list file, k, in place of /vmunix, /mach, etc. This
port is a port number, or a list of them. option is not available under AIX on the IBM RISC/System 6000.
IPv6 options may be used only if the UNIX dialect supports IPv6. -l
To see if the dialect supports IPv6, run lsof and specify the -h or -? (help) option. If the This option inhibits the conversion of user ID numbers to login names. It is also useful
displayed description of the -i option contains ''[46]'' and ''IPv[46]'', IPv6 is supported. when login name lookup is working improperly or slowly.
IPv4 host names and addresses may not be specified if network file selection is limited +|-L [l]
to IPv6 with -i 6. This option enables ('+') or disables ('-') the listing of file link counts, where they are
IPv6 host names and addresses may not be specified if network file selection is limited available -
to IPv4 with -i 4. e.g., they aren't available for sockets, or most FIFOs and pipes. When +L is specified
When an open IPv4 network file's address is mapped in an IPv6 address, the open file's without a
type will be IPv6, not IPv4, and its display will be selected by '6', not '4'. following number, all link counts will be listed. When -L is specified (the default), no
link counts will be listed.
At least one address component - When +L is followed by a number, only files having a link count less than that number
4, 6, protocol, ,IR hostname , hostaddr, or service - must be supplied. The '@' character, will be listed.
leading the host specification, is always required; as is the ':', leading the port (No number may follow -L.) A specification of the form ''+L1'' will select open files that
specification. Specify either hostname or hostaddr. Specify either service name list or have been unlinked.
port number list. If a service name list is specified, the protocol may also need to be A specification of the form ''+aL1 <file_system>'' will select unlinked open files on the
specified if the TCP and UDP port numbers for the service name are different. Use any specified file system.
case - lower or upper - for protocol. For other link count comparisons, use field output (-F) and a post-processing script or
Service program.
names and port numbers may be combined in a list whose entries are separated by +|-m m
commas and whose numeric range entries are separated by minus signs. There may be This option specifies an alternate kernel memory file or activates mount table
no embedded spaces, and all service names must belong to the specified protocol. Since supplement processing.
The option form -m m specifies a kernel memory file, m, in place of /dev/kmem or

Bash programming for linux | 75

/dev/mem - e.g., a crash dump file. and the local and foreign Internet addresses are the same; or if it is located in the foreign
The option form +m requests that a mount supplement file be written to the standard part of its containing
output file. All other options are silently ignored. kernel structure and the foreign Internet address is INADDR_LOOPBACK (
This rule may make lsof ignore some foreign ports on machines with multiple interfaces
There will be a line in the mount supplement file for each mounted file system, when the foreign
containing the mounted file system directory, followed by a single space, followed by Internet address is on a different interface from the local one.
the device number in hexadecimal "0x" format - See the lsof FAQ (The FAQ section gives its location.) for further discussion of
e.g., portmapper registration reporting issues.
/ 0x801 -n
Lsof can use the mount supplement file to get device numbers for file systems when it This option inhibits the conversion of network numbers to host names for network files.
can't get them via stat(2) or lstat(2). Inhibiting conversion may make lsof run faster. It is also useful when host name lookup
The option form +m m identifies m as a mount supplement file. is not working properly.
Note: the +m and +m m options are not available for all supported dialects. -N
Check the output of lsof's -h or -? options to see if the +m and +m m options are This option selects the listing of NFS files.
available. -o
+|-M This option directs lsof to display file offset at all times. It causes the SIZE/OFF output
Enables (+) or disables (-) the reporting of portmapper registrations for local TCP and column title to be changed to OFFSET. Note: on some UNIX dialects lsof can't obtain
UDP ports. accurate or consistent file offset information from its kernel data sources, sometimes just
The default reporting mode is set by the lsof builder with the HASPMAPENABLED for particular kinds of files (e.g., socket files.) Consult the lsof FAQ (The FAQ section
#define in the dialect's machine.h header file; gives its location.) for more information.
lsof is distributed with the HASPMAPENABLED #define deactivated, so portmapper The -o and -s options are mutually exclusive; they can't both be specified.
reporting is disabled by default When neither is specified, lsof displays whatever value - size or offset - is appropriate
and must be requested with +M. Specifying lsof's -h or -? option will report the default and available for the type of the file.
mode. -o o
Disabling portmapper registration when it is already disabled or enabling it when already This option defines the number of decimal digits (o) to be printed after the ''0t'' for a file
enabled is acceptable. offset before the form is switched to ''0x...''.
An o value of zero (unlimited) directs lsof to use the ''0t'' form for all offset output.
When portmapper registration reporting is enabled, lsof displays the portmapper
registration (if any) for local TCP or UDP ports in square brackets immediately This option does NOT direct lsof to display offset at all times; specify -o (without a
following the port numbers or service names - e.g., '':1234[name]'' or '':name[100083]''. trailing number) to do that.
The registration information may be a name or number, depending on what the This option only specifies the number of digits after ''0t'' in either mixed size and offset
registering program supplied to the portmapper when it registered the port. or offset-only output.
Thus, for example, to direct lsof to display offset at all times with a decimal digit count
When portmapper registration reporting is enabled, lsof may run a little more slowly or of 10, use:
even become blocked -o -o 10or -oo10
when access to the portmapper becomes congested or stopped. Reverse the reporting The default number of digits allowed after ''0t'' is normally 8, but may have been
mode to determine changed by the lsof builder.
if portmapper registration reporting is slowing or blocking lsof. Consult the description of the -o o option in the output of the -h or -? option to
For purposes of portmapper registration reporting lsof considers a TCP or UDP port determine the default that is in effect.
local if: it is found in the -O
local part of its containing kernel structure; or if it is located in the foreign part of its This option directs lsof to bypass the strategy it uses to avoid being blocked by some
containing kernel structure kernel operations -

Bash programming for linux | 76

i.e., doing them in forked child processes. See the BLOCKS AND TIMEOUTS and Options that filter at the process level - e.g., -c, -g, -p, -u - are the most efficient
AVOIDING KERNEL BLOCKS sections selectors.
for more information on kernel operations that may block lsof. Repeat mode is useful when coupled with field output (see the -F, option description)
While use of this option will reduce lsof startup overhead, it may also cause lsof to hang and a supervising awk or Perl script, or a C program.
when the kernel doesn't respond to a function. -R
Use this option cautiously. This option directs lsof to list the Parent Process IDentification number in the PPID
-p s column.
This option excludes or selects the listing of files for the processes whose optional -s
process IDentification (PID) This option directs lsof to display file size at all times. It causes the SIZE/OFF output
numbers are in the comma-separated set s - e.g., ''123'' or ''123,^456''. (There should be column title to be changed to SIZE. If the file does not have a size, nothing is displayed.
no spaces in the set.) The -o (without a following decimal digit count) and -s options are mutually exclusive;
PID numbers that begin with '^' (negation) represent exclusions. they can't both be specified. When neither is specified, lsof displays whatever value -
Multiple process ID numbers are joined in a single ORed set before participating in size or offset - is appropriate and available for the type of file.
AND option selection. Since some types of files don't have true sizes - sockets, FIFOs,pipes, etc.
However, PID exclusions are applied without ORing or ANDing and take effect before - lsof displays for their sizes the content amounts in their associated kernel buffers, if
other selection criteria are applied. possible.
-P -S [t]
This option inhibits the conversion of port numbers to port names for network files. This option specifies an optional time-out seconds value for kernel functions - lstat(2),
Inhibiting the conversion may make lsof run a little faster. It is also useful when port readlink(2), and stat(2) - that might otherwise deadlock.
name lookup is not working properly. The minimum for t is two; the default, fifteen; when no value is specified, the default is
+|-r [t] used.
This option puts lsof in repeat mode. There lsof lists open files as selected by other See the BLOCKS AND TIMEOUTS section for more information.
options, delays t seconds (default fifteen), then repeats the listing, delaying and listing -T [t]
repetitively until stopped by a condition defined by the prefix to the option. This option controls the reporting of some TCP/TPI information, also reported by
If the prefix is a '-', repeat mode is endless. Lsof must be terminated with an interrupt or netstat(1), following the network addresses. In normal output the information appears in
quit signal. parentheses, each item except state identified by a keyword, followed by '=', separated
If the prefix is '+', repeat mode will end the first cycle no open files are listed - and of from others by a single space:
course when lsof is stopped
with an interrupt or quit signal. When repeat mode ends because no files are listed, <TCP or TPI state name> QR=<read queue length> QS=<send queue length>
the process exit code will be zero if any open files were ever listed; one, if none were SO=<socket options and values> SS=<socket states> TF=<TCP flags and values>
ever listed. WR=<window read length> WW=<window write length>
Not all values are reported for all UNIX dialects. Items values (when available) are
Lsof marks the end of each listing: if field output is in progress (the -F, option has been reported after the item name and '='.
specified), When the field output mode is in effect (See OUTPUT FOR OTHER PROGRAMS.)
the marker is 'm'; otherwise the marker is ''========''. The marker is followed by a NL each item appears as a field with a 'T' leading character.
character. -T
with no following key characters disables TCP/TPI information reporting.
Repeat mode reduces lsof startup overhead, so it is more efficient to use this mode than -T
to call lsof repetitively from a shell script, for example. with following characters selects the reporting of specific TCP/TPI information:
To use repeat mode most efficiently, accompany +|-r with specification of other lsof f selects reporting of socket options, states and values, and TCP flags and values.
selection options, q selects queue length reporting.
so the amount of kernel memory access lsof does will be kept to a minimum.

Bash programming for linux | 77

s selects connection state reporting. This option specifies that lsof should produce terse output with process identifiers only
w selects window size reporting. and no header - e.g., so that the output may be piped to kill(1). This option selects the -w
Not all selections are enabled for some UNIX dialects. State may be selected for all option.
dialects and is reported by default. -u s
The -h or -? help output for the -T option will show what selections may be used with This option selects the listing of files for the user whose login names or user ID numbers
the UNIX dialect. are in the comma-separated set s - e.g., ''abe'', or ''548,root''. (There should be no spaces
in the set.)
When -T is used to select information - i.e., it is followed by one or more selection Multiple login names or user ID numbers are joined in a single ORed set before
characters - the displaying of state is disabled by default, and it must be explicitly participating in AND option selection.
selected again in the characters following -T. (In effect, then, the default is equivalent to If a login name or user ID is preceded by a '^', it becomes a negation -
-Ts.) i.e., files of processes owned by the login name or user ID will never be listed.
A negated login name or user ID selection is neither ANDed nor ORed with other
For example, if queue lengths and state are desired, use -Tqs. selections;
Socket options, socket states, some socket values, TCP flags and one TCP value may be it is applied before all other selections and absolutely excludes the listing of the files of
reported (when available in the UNIX dialect) in the form of the names that commonly the process.
appear after SO_, so_, SS_, TCP_ and TF_ in the dialect's header files - most often For example, to direct lsof to exclude the listing of files belonging to root processes,
<sys/socket.h>, <sys/socketvar.h> and <netinet/tcp_var.h>. specify ''-u^root'' or ''-u^0''.
Consult those header files for the meaning of the flags, options, states and values. ''SO='' This option selects the listing of UNIX domain socket files.
precedes socket options and values; ''SS='', socket states; and ''TF='', TCP flags and -v
values. If a flag or option has a value, the value will follow an '=' and the name -- e.g., This option selects the listing of lsof version information, including: revision number;
''SO=LINGER=5'', ''SO=QLIM=5'', ''TF=MSS=512''. when the lsof binary was constructed;
who constructed the binary and where;
The following values may be reported: the name of the compiler used to construct the lsof binary;
the version number of the compiler when readily available;
Name Reported Description (Common Symbol) the compiler and loader flags used to construct the lsof binary;
KEEPALIVE keep alive time (SO_KEEPALIVE) and system information, typically the output of uname's -a option.
LINGER linger time (SO_LINGER) -V
MSS maximum segment size (TCP_MAXSEG) This option directs lsof to indicate the items it was asked to list and failed to find -
PQLEN partial listen queue connections command names, file names, Internet addresses or files, login names, NFS files, PIDs,
QLEN established listen queue connections PGIDs, and UIDs.
QLIM established listen queue limit When other options are ANDed to search options, or compile-time options restrict the
RCVBUF receive buffer length (SO_RCVBUF) listing of some files, lsof may not report that it failed to find a search item when an
SNDBUF send buffer length (SO_SNDBUF) ANDed option or compile-time option prevents the listing of the open file containing the
Details on what socket options and values, socket states, and TCP flags and values may located search item.
be displayed for particular UNIX dialects may be found in the answer to the ''Why For example, ''lsof -V -iTCP@foobar -a -d 999'' may not report a failure to locate open
doesn't lsof report socket options, socket states, and TCP flags and values for my files at ''TCP@foobar'' and may not list any, if none have a file descriptor number of
dialect?'' and ''Why doesn't lsof report the partial listen queue connection count for my 999. A similar situation arises when HASSECURITY and HASNOSOCKSECURITY
dialect?'' questions in the lsof FAQ (The FAQ section gives its location.) are defined at compile time and they prevent the listing of open files.
-t +|-w
Enables (+) or disables (-) the suppression of warning messages.
The lsof builder may choose to have warning messages disabled or enabled by default.

Bash programming for linux | 78

The default warning message state is indicated in the output of the -h or -? option. the lsof distribution for a more complete description of the Stale Segment ID bug, its
Disabling warning messages when they are already disabled or enabling them when APAR, and methods for defining readx() use when compiling lsof.
already enabled is acceptable.
The -t option selects the -w option. Linux:
-x " [fl]" This Linux option requests that lsof skip the reporting of information on all open TCP
This option may accompany the +d and +D options to direct their processing to cross and UDP IPv4 and IPv6 files.
over symbolic links and|or file system mount points encountered when scanning the This Linux option is most useful when the system has an extremely
directory (+d) or directory tree (+D). large number of open TCP and UDP files, the processing of whose information in the
If -x is specified by itself without a following parameter, cross-over processing of both /proc/net/tcp* and /proc/net/udp* files would take lsof a long time, and whose reporting
symbolic links and file system mount points is enabled. Note that when -x is specified is not of interest.
without a parameter, the next argument must begin with '-' or '+'. Use this option with care and only when you are sure that the
The optional 'f' parameter enables file system mount point cross-over processing; 'l', information you want lsof to display isn't associated with open TCP or UDP socket files.
symbolic link cross-over processing.
The -x option may not be supplied without also supplying a +d or +D option. Solaris 10 and above:
-X This Solaris 10 and above option requests the reporting of cached paths for files that
This is a dialect-specific option. have been deleted - i.e., removed with rm or unlink(2).
The cached path is followed by the string '' (deleted)'' to indicate that the path by which
AIX: the file was opened has been deleted.
This IBM AIX RISC/System 6000 option requests the reporting of executed text file and Because intervening changes made to the path - i.e., renames with mv(1) or rename(2) -
shared library references. are not recorded in the cached path, what lsof reports is only the path by which the file
WARNING: was opened, not its possibly different final path.
because this option uses the kernel readx() function, its use on a busy AIX system might -z [z]
cause an application process to hang so completely that it can neither be killed nor specifies how Solaris 10 and higher zone information is to be handled.
stopped. I have never seen this happen or had a report of its happening, but I think there Without a following argument - e.g., NO z - the option specifies that zone names are to
is a remote possibility it could happen. be listed in the ZONE output column.
By default use of readx() is disabled. The -z option may be followed by a zone name, z. That causes lsof to list only open files
On AIX 5L and above lsof may need setuid-root permission to perform the actions this for processes in that zone. Multiple -z z option and argument pairs may be specified to
option requests. form a list of named zones. Any open file of any process in any of the zones will be
The lsof builder may specify that the -X option be restricted to processes whose real UID listed, subject to other conditions specified by other options and arguments.
is root. If that has been done, the -X option will not appear in the -h or -? help output -Z[Z]
unless the real UID of the lsof process is root. The default lsof distribution allows any specifies how SELinux security contexts are to be handled.
UID to specify -X, so by default it will appear in the help output. Without a following argument - e.g., NO Z - the option specifies that security contexts
When AIX readx() use is disabled, lsof may not be able to report information for all text are to be listed in the SECURITY-CONTEXT output column.
and loader file references, but it may also avoid exacerbating an AIX kernel directory The -Z option may be followed by a wildcard security context name, Z. That causes lsof
search kernel error, known as the Stale Segment ID bug. to list only open files for processes in that security context. Multiple -ZZ option and
The readx() function, used by lsof or any other program to access some sections of argument pairs may be specified to form a list of security contexts. Any open file of any
kernel virtual memory, can trigger the Stale Segment ID bug. It can cause the kernel's process in any of the security contexts will be listed, subject to other conditions specified
dir_search() function to believe erroneously that part of an in-memory copy of a file by other options and arguments. Note that Z can be A:B:C or *:B:C or A:B:* or *:*:C to
system directory has been zeroed. Another application process, distinct from lsof, asking match against the A:B:C context.
the kernel to search the directory - e.g., by using open(2) - can cause dir_search() to loop --
forever, thus hanging the application process. The double minus sign option is a marker that signals the end of the keyed options. It
Consult the lsof FAQ (The FAQ section gives its location.) and the 00README file of may be used, for example, when the first file name begins with a minus sign. It may also

Bash programming for linux | 79

be used when the absence of a value for the last keyed option must be signified by the
presence of a minus sign in the following option and before the start of the file names. If you have also specified the -b option, the only names you may safely specify are file
filenames systems for which your mount table supplies alternate device numbers. See the
These are path names of specific files to list. AVOIDING KERNEL BLOCKS and ALTERNATE DEVICE NUMBERS sections for
Symbolic links are resolved before use. more information.
The first name may be separated from the preceding options with the ''--'' option. Multiple file names are joined in a single ORed set before participating in AND option
If a filename is the mounted-on directory of a file system or the device of the file system, selection.
lsof will list all the files open on the file system. Notes
To be considered a file system, the filename must match a mounted-on directory name in If any list request option is specified, other list requests must be specifically requested - e.g., if -U
mount output, or match the name of a block device associated with a mounted-on is specified for the listing of UNIX socket files, NFS files won't be listed unless -N is also
directory name. The +|-f option may be used to force lsof to consider a name a file specified; or if a user list is specified with the -u option, UNIX domain socket files, belonging to
system identifier (+f) or a simple file (-f). users not in the list, won't be listed unless the -U option is also specified.
Normally list options that are specifically stated are ORed - i.e., specifying the -i option without
If name is a path to a directory that is not the mounted-on directory name of a file an address and the -ufoo option produces a listing of all network files OR files belonging to
system, it is treated just as a regular file is treated - i.e., its listing is restricted to processes owned by user ''foo''. Three exceptions are: 1) the '^' (negated) login name or user ID
processes that have it open as a file or as a process-specific directory, such as the root or (UID), specified with the -u option; 2) the '^' (negated) process ID (PID), specified with the -p
current working directory. To request that lsof look for open files inside a directory option; and 3) the '^' (negated) process group ID (PGID), specified with the -g option. Since they
name, use the +d s and +D D options. represent exclusions, they are applied without ORing or ANDing and take effect before any other
selection criteria are applied.
If a name is the base name of a family of multiplexed files - e. g, AIX's /dev/pt[cs] - lsof The -a option may be used to AND the selections. For example, specifying -a, -U, and -ufoo
will list all the associated multiplexed files on the device that are open - e.g., produces a listing of only UNIX socket files that belong to processes owned by user ''foo''.
/dev/pt[cs]/1, /dev/pt[cs]/2, etc. Caution: the -a option causes all list selection options to be ANDed; it can't be used to cause
ANDing of selected pairs of selection options by placing it between them, even though its
If a name is a UNIX domain socket name, lsof will usually search for it by the characters placement there is acceptable. Wherever -a is placed, it causes the ANDing of all selection
of the name alone - exactly as it is specified and is recorded in the kernel socket options.
structure. (See the next paragraph for an exception to that rule for Linux.) Specifying a Items of the same selection set - command names, file descriptors, network addresses, process
relative path - e.g., ./file - in place of the file's absolute path - e.g., /tmp/file - won't work identifiers, user identifiers, zone names, security contexts - are joined in a single ORed set and
because lsof must match the characters you specify with what it finds in the kernel UNIX applied before the result participates in ANDing. Thus, for example, specifying -i@aaa.bbb, -
domain socket structures. i@ccc.ddd, -a, and -ufff,ggg will select the listing of files that belong to either login ''fff'' OR
''ggg'' AND have network connections to either host aaa.bbb OR ccc.ddd.
If a name is a Linux UNIX domain socket name, in one case lsof is able to search for it Options may be grouped together following a single prefix -- e.g., the option set ''-a -b -C'' may be
by its device and inode number, allowing name to be a relative path. The case requires stated as -abC. However, since values are optional following +|-f, -F, -g, -i, +|-L, -o, +|-r, -S, -T, -
that the absolute path -- i.e., one beginning with a slash ('/') be used by the process that x and -z. when you have no values for them be careful that the following character isn't
created the socket, and hence be stored in the /proc/net/unix file; and it requires that lsof ambiguous. For example, -Fn might represent the -F and -n options, or it might represent the n
be able to obtain the device and node numbers of both the absolute path in /proc/net/unix field identifier character following the -F option. When ambiguity is possible, start a new option
and name via successful stat(2) system calls. When those conditions are met, lsof will be with a '-' character - e.g., ''-F -n''. If the next option is a file name, follow the possibly ambiguous
able to search for the UNIX domain socket when some path to it is is specified in name. option with ''--'' - e.g., ''-F -- name''.
Thus, for example, if the path is /dev/log, and an lsof search is initiated when the Either the '+' or the '-' prefix may be applied to a group of options. Options that don't take on
working directory is /dev, then name could be ./log. separate meanings for each prefix - e.g., -i - may be grouped under either prefix. Thus, for
example, ''+M -i'' may be stated as ''+Mi'' and the group means the same as the separate options.
If a name is none of the above, lsof will list any open files whose device and inode match Be careful of prefix grouping when one or more options in the group does take on separate
that of the specified path name.

Bash programming for linux | 80

meanings under different prefixes - e.g., +|-M; ''-iM'' is not the same request as ''-i +M''. When in This section describes the information lsof lists for each open file. See the OUTPUT FOR
doubt, use separate options with appropriate prefixes. OTHER PROGRAMS section for additional information on output that can be processed by
Security another program.
Lsof has three features that may cause security concerns. First, its default compilation mode Lsof only outputs printable (declared so by isprint(3)) 8 bit characters. Non-printable characters
allows anyone to list all open files with it. Second, by default it creates a user-readable and user- are printed in one of three forms: the C ''\[bfrnt]'' form; the control character '^' form (e.g., ''^@'');
writable device cache file in the home directory of the real user ID that executes lsof. (The list- or hexadecimal leading ''\x'' form (e.g., ''\xab''). Space is non-printable in the COMMAND
all-open-files and device cache features may be disabled when lsof is compiled.) Third, its -k and column (''\x20'') and printable elsewhere.
-m options name alternate kernel name list or memory files. For some dialects - if HASSETLOCALE is defined in the dialect's machine.h header file - lsof
Restricting the listing of all open files is controlled by the compile-time HASSECURITY and will print the extended 8 bit characters of a language locale. The lsof process must be supplied a
HASNOSOCKSECURITY options. When HASSECURITY is defined, lsof will allow only the language locale environment variable (e.g., LANG) whose value represents a known language
root user to list all open files. The non-root user may list only open files of processes with the locale in which the extended characters are considered printable by isprint(3). Otherwise lsof
same user IDentification number as the real user ID number of the lsof process (the one that its considers the extended characters non-printable and prints them according to its rules for non-
user logged on with). printable characters, stated above. Consult your dialect's setlocale(3) man page for the names of
However, if HASSECURITY and HASNOSOCKSECURITY are both defined, anyone may list other environment variables that may be used in place of LANG - e.g., LC_ALL, LC_CTYPE,
open socket files, provided they are selected with the -i option. etc.
When HASSECURITY is not defined, anyone may list all open files. Lsof's language locale support for a dialect also covers wide characters - e.g., UTF-8 - when
Help output, presented in response to the -h or -? option, gives the status of the HASSECURITY HASSETLOCALE and HASWIDECHAR are defined in the dialect's machine.h header file, and
and HASNOSOCKSECURITY definitions. when a suitable language locale has been defined in the appropriate environment variable for the
See the Security section of the 00README file of the lsof distribution for information on lsof process. Wide characters are printable under those conditions if iswprint(3) reports them to
building lsof with the HASSECURITY and HASNOSOCKSECURITY options enabled. be. If HASSETLOCALE, HASWIDECHAR and a suitable language locale aren't defined, or if
Creation and use of a user-readable and user-writable device cache file is controlled by the iswprint(3) reports wide characters that aren't printable, lsof considers the wide characters non-
compile-time HASDCACHE option. See the DEVICE CACHE FILE section and the sections that printable and prints each of their 8 bits according to its rules for non-printable characters, stated
follow it for details on how its path is formed. For security considerations it is important to note above.
that in the default lsof distribution, if the real user ID under which lsof is executed is root, the Consult the answers to the "Language locale support" questions in the lsof FAQ (The FAQ
device cache file will be written in root's home directory - e.g., / or /root. When HASDCACHE is section gives its location.) for more information.
not defined, lsof does not write or attempt to read a device cache file. Lsof dynamically sizes the output columns each time it runs, guaranteeing that each column is a
When HASDCACHE is defined, the lsof help output, presented in response to the -h, -D?, or -? minimum size. It also guarantees that each column is separated from its predecessor by at least
options, will provide device cache file handling information. When HASDCACHE is not defined, one space.
the -h or -? output will have no -D option description. COMMAND
Before you decide to disable the device cache file feature - enabling it improves the performance contains the first nine characters of the name of the UNIX command associated with the process.
of lsof by reducing the startup overhead of examining all the nodes in /dev (or /devices) - read the If a non-zero w value is specified to the +cw option, the column contains the first w characters of
discussion of it in the 00DCACHE file of the lsof distribution and the lsof FAQ (The FAQ section the name of the UNIX command associated with the process up to the limit of characters supplied
gives its location.) to lsof by the UNIX dialect. (See the description of the +c w command or the lsof FAQ for more
WHEN IN DOUBT, YOU CAN TEMPORARILY DISABLE THE USE OF THE DEVICE information. The FAQ section gives its location.)
When lsof user declares alternate kernel name list or memory files with the -k and -m options, w is less than the length of the column title, ''COMMAND'', it will be raised to that length.
lsof checks the user's authority to read them with access(2). This is intended to prevent whatever If a zero
special power lsof's modes might confer on it from letting it read files not normally accessible via w value is specified to the +c w option, the column contains all the characters of the name of the
the authority of the real user ID. UNIX command associated with the process.
Output All command name characters maintained by the kernel in its structures
are displayed in field output when the command name descriptor ('c') is specified. See the
OUTPUT FOR OTHER COMMANDS section for information on selecting field output and the

Bash programming for linux | 81

associated command name descriptor. x for an SCO OpenServer Xenix lock on part of the file;
X for an SCO OpenServer Xenix lock on the entire file;
PID space if there is no lock.
is the Process IDentification number of the process.
ZONE See the LOCKS section for more information on the lock information character.
is the Solaris 10 and higher zone name. This column must be selected with the -z option. The FD column contents constitutes a single field for parsing in post-processing scripts.
is the SELinux security context. This column must be selected with the -Z option. TYPE is the type of the node associated with the file - e.g., GDIR, GREG, VDIR, VREG, etc.
PPID or ''IPv4'' for an IPv4 socket;
is the Parent Process IDentification number of the process. It is only displayed when the -R option or ''IPv6'' for an open IPv6 network file - even if its address is
has been specified. IPv4, mapped in an IPv6 address;
PGID or ''ax25'' for a Linux AX.25 socket;
is the process group IDentification number associated with the process. It is only displayed when or ''inet'' for an Internet domain socket;
the -g option has been specified. or ''sock'' for a socket of unknown domain;
USER or ''unix'' for a UNIX domain socket;
is the user ID number or login name of the user to whom the process belongs, usually the same as or ''BLK'' for a block special file;
reported by ps(1). However, on Linux USER is the user ID number or login that owns the or ''CHR'' for a character special file;
directory in /proc where lsof finds information about the process. Usually that is the same value or ''DEL'' for a Linux map file that has been deleted;
reported by ps(1), but may differ when the process has changed its effective user ID. (See the -l or ''DIR'' for a directory;
option description for information on when a user ID number or login name is displayed.) or ''DOOR'' for a VDOOR file;
FD or ''FIFO'' for a FIFO special file;
is the File Descriptor number of the file or: or ''KQUEUE'' for a BSD style kernel event queue file;
cwd current working directory; Lnn library references (AIX); err FD information error (see or ''LINK'' for a symbolic link file;
NAME column); jld jail directory (FreeBSD); ltx shared library text (code and data); Mxx hex or ''MPB'' for a multiplexed block file;
memory-mapped type number xx. m86 DOS Merge mapped file; mem memory-mapped file; or ''MPC'' for a multiplexed character file;
mmap memory-mapped device; pd parent directory; rtd root directory; tr kernel trace file or ''NOFD'' for a Linux /proc/<PID>/fd directory that can't be opened --
(OpenBSD); txt program text (code and data); v86 VP/ix mapped file; the directory path appears in the NAME column, followed by an error message;
FD is followed by one of these characters, describing the mode under which the file is open: or ''PAS'' for a
r for read access; /proc/as file;
w for write access; or ''PAXV'' for a
u for read and write access; /proc/auxv file;
space if mode unknown and no lock character follows; or ''PXMP'' for a
'-' if mode unknown and lock character follows /proc/xmap file;
The mode character is followed by one of these lock characters, describing the type of lock or ''REG'' for a regular file;
applied to the file: or ''SMT'' for a shared memory transport file;
N for a Solaris NFS lock of unknown type; or ''STSO'' for a stream socket;
r for read lock on part of the file; or ''UNNM'' for an unnamed type file;
R for a read lock on the entire file;
w for a write lock on part of the file; or the four type number octets if the corresponding name isn't known.
W for a write lock on the entire file; FILE-ADDR
u for a read and write lock of any length; contains the kernel file structure address when f has been specified to +f;
U for a lock of unknown type; FCT

Bash programming for linux | 82

contains the file reference count from the kernel file structure when c has been specified to +f; NBIO SYSV non-blocking I/O NBF n-buffering in effect
FILE-FLAG NC no cache
when g or G has been specified to +f, this field contains the contents of the f_flag[s] member of ND no delay
the kernel file structure and the kernel's per-process open file flags (if available); 'G' causes them NDSY no data synchronization
to be displayed in hexadecimal; 'g', as short-hand names; two lists may be displayed with entries NET network
separated by commas, the lists separated by a semicolon (';'); the first list may contain short-hand NMFS NM file system
names for f_flag[s] values from the following table: NOTO disable background stop
AIO asynchronous I/O (e.g., FAIO) NSH no share NTTY no controlling TTY
AP append OLRM OLR mirror
ASYN asynchronous I/O (e.g., FASYNC) PAIO POSIX asynchronous I/O
BAS block, test, and set in use PP POSIX pipe R read RC file and record locking cache
BKIU block if in use BL use block offsets REV revoked
BSK block seek RSH shared read
CA copy avoid RSYN read synchronization
CIO concurrent I/O SL shared lock
CLON clone SNAP cooked snapshot
CLRD SOCK socket
CL read SQSH Sequent shared set on open
CR create SQSV Sequent
DF defer SVM set on open
DFI defer IND SQR Sequent set repair on open
DFLU data flush SQS1 Sequent full shared open
DIR direct SQS2 Sequent partial shared open
DLY delay STPI stop I/O
DOCL do clone SWR synchronous read
DSYN data-only integrity SYN file integrity while writing
EVO event only EX open for exec TCPM avoid TCP collision
EXCL exclusive open TR truncate W write
FSYN synchronous writes WKUP parallel I/O synchronization
GCDF defer during unp_gc() (AIX) WTG parallel I/O synchronization
GCMK mark during unp_gc() (AIX) VH vhangup pending
GTTY accessed via /dev/tty VTXT virtual text
HUP HUP in progress XL exclusive lock
KERN kernel
KIOC kernel-issued ioctl This list of names was derived from F* #define's in dialect header files <fcntl.h>, <linux</fs.h>,
LCK has lock LG large file <sys/fcntl.c>, <sys/fcntlcom.h>, and <sys/file.h>;
MBLK stream message block see the lsof.h header file for a list showing the correspondence between the above short-hand
MK mark names and the header file definitions;
MNT mount the second list (after the semicolon) may contain short-hand names for kernel per-process open
MSYN multiplex synchronization file flags from this table:
NB non-blocking I/O ALLC allocated BR the file has been read BHUP activity stopped by SIGHUP BW the file has
NBDR no BDRM check been written CLSG closing CX close-on-exec (see fcntl(F_SETFD)) LCK lock was applied MP

Bash programming for linux | 83

memory-mapped OPIP open pending - in progress RSVW reserved wait SHMT UF_FSHMAT For files that don't have a fixed size - e.g., don't reside
set (AIX) USE in use (multi-threaded)NODE-ID on a disk device - lsof will display appropriate information about the current size or position of
(or INODE-ADDR for some dialects) contains a unique identifier for the file node (usually the the file if it is available in the kernel structures that define the file.
kernel vnode or inode address, but also occasionally a concatenation of device and node number)
when n has been specified to +f; NLINK
contains the file link count when +L has been specified;
contains the device numbers, separated by commas, for a character special, block special, regular, NODE
directory or NFS file; is the node number of a local file;
or ''memory'' for a memory file system node under Tru64 UNIX; or the inode number of an NFS file in the server host;
or the address of the private data area of a Solaris socket or the Internet protocol type - e. g, ''TCP'';
stream; or ''STR'' for a stream;
or a kernel reference address that identifies the file or ''CCITT'' for an HP-UX x.25 socket;
(The kernel reference address may be used for FIFO's, for example.); or the IRQ or inode number of a Linux AX.25 socket device.
the base address or device name of a Linux AX.25 socket device. NAME
Usually only the lower thirty two bits of Tru64 UNIX kernel addresses is the name of the mount point and file system on which the file resides;
are displayed. or the name of a file specified in the
names option (after any symbolic links have been resolved);
SIZE, SIZE/OFF, or OFFSET or the name of a character special or block special device;
is the size of the file or the file offset in bytes. A value is displayed in this column only if it is or the local and remote Internet addresses of a network file;
available. Lsof displays whatever value - size or offset - is appropriate for the type of the file and the local host name or IP number is followed by a colon (':'), the port, ''->'', and the two-part
the version of lsof. remote address; IP addresses may be reported as numbers or names, depending on the +|-M, -n,
On some UNIX dialects lsof can't obtain accurate or consistent file offset information from its and -P options; colon-separated IPv6 numbers are enclosed in square brackets; IPv4
kernel data sources, sometimes just for particular kinds of files (e.g., socket files.) In other cases, INADDR_ANY and IPv6 IN6_IS_ADDR_UNSPECIFIED addresses, and zero port numbers are
files don't have true sizes - e.g., sockets, FIFOs, pipes - so lsof displays for their sizes the content represented by an asterisk ('*'); a UDP destination address may be followed by the amount of time
amounts it finds in their kernel buffer descriptors (e.g., socket buffer size counts or TCP/IP elapsed since the last packet was sent to the destination; TCP and UDP remote addresses may be
window sizes.) Consult the lsof FAQ (The FAQ section gives its location.) for more information. followed by TCP/TPI information in parentheses - state (e.g., ''(ESTABLISHED)'', ''(Unbound)''),
The file size is displayed in decimal; queue sizes, and window sizes (not all dialects) - in a fashion similar to what netstat(1) reports;
the offset is normally displayed in decimal with a leading ''0t'' if it contains 8 digits or less; in see the -T option description or the description of the TCP/TPI field in OUTPUT FOR OTHER
hexadecimal with a leading ''0x'' if it is longer than 8 digits. (Consult the -o o option description PROGRAMS for more information on state, queue size, and window size;
for information on when 8 might default to some other value.) or the address or name of a UNIX domain socket, possibly including
Thus the leading ''0t'' and ''0x'' identify an offset when the column a stream clone device name, a file system object's path name, local and foreign kernel addresses,
may contain both a size and an offset (i.e., its title is SIZE/OFF). socket pair information, and a bound vnode address;
If the -o option is specified, lsof always displays the file offset (or nothing if no offset is or the local and remote mount point names of an NFS file;
available) and labels the column OFFSET. The offset always begins with ''0t'' or ''0x'' as described or ''STR'', followed by the stream name;
above. or a stream character device name, followed by ''->'' and the stream name
The lsof user can control the switch from ''0t'' to ''0x'' with the -o o option. Consult its description or a list of stream module names, separated by ''->'';
for more information. or ''STR:'' followed by the SCO OpenServer stream device and module
If the -s option is specified, lsof always displays the file size (or nothing if no size is available) names, separated by ''->'';
and labels the column SIZE. The -o and -s options are mutually exclusive; they can't both be or system directory name, '' -- '', and as many components of the path
specified. name as lsof can find in the kernel's name cache for selected dialects (See the KERNEL NAME

Bash programming for linux | 84

CACHE section for more information.); Moreover, when a process holds several byte level locks on a file, lsof only reports the status of
or ''PIPE->'', followed by a Solaris kernel pipe destination address; the first lock it encounters. If it is a byte level lock, then the lock character will be reported in
or ''COMMON:'', followed by the vnode device information structure's lower case - i.e., 'r', 'w', or 'x' - rather than the upper case equivalent reported for a full file lock.
device name, for a Solaris common vnode; Generally lsof can only report on locks held by local processes on local files. When a local
or the address family, followed by a slash ('/'), followed by fourteen process sets a lock on a remotely mounted (e.g., NFS) file, the remote server host usually records
comma-separated bytes of a non-Internet raw socket address; the lock state. One exception is Solaris - at some patch levels of 2.3, and in all versions above 2.4,
or the HP-UX x.25 local address, followed by the virtual connection the Solaris kernel records information on remote locks in local structures.
number (if any), followed by the remote address (if any); Lsof has trouble reporting locks for some UNIX dialects. Consult the BUGS section of this
or ''(dead)'' for disassociated Tru64 UNIX files - typically terminal files manual page or the lsof FAQ (The FAQ section gives its location.) for more information.
that have been flagged with the TIOCNOTTY ioctl and closed by daemons;
or ''rd=<offset>'' and ''wr=<offset>'' for the values of the Output for Other Programs
read and write offsets of a FIFO; When the -F option is specified, lsof produces output that is suitable for processing by another
or ''clone n:/dev/event'' for SCO OpenServer file clones of the program - e.g, an awk or Perl script, or a C program.
/dev/event device, where n is the minor device number of the file; Each unit of information is output in a field that is identified with a leading character and
or ''(socketpair: n)'' for a Solaris 2.6, 8, 9 or 10 UNIX domain socket, created by the terminated by a NL (012) (or a NUL (000) if the 0 (zero) field identifier character is specified.)
socketpair(3N) network function; The data of the field follows immediately after the field identification character and extends to the
or ''no PCB'' for socket files that do not have a protocol block field terminator.
associated with them, optionally followed by '', CANTSENDMORE'' if sending on the socket has It is possible to think of field output as process and file sets. A process set begins with a field
been disabled, or '', CANTRCVMORE'' if receiving on the socket has been disabled (e.g., by the whose identifier is 'p' (for process IDentifier (PID)). It extends to the beginning of the next PID
shutdown(2) function); field or the beginning of the first file set of the process, whichever comes first. Included in the
or the local and remote addresses of a Linux IPX socket file process set are fields that identify the command, the process group IDentification (PGID) number,
in the form <net>:[<node>:]<port>, followed in parentheses by the transmit and receive queue and the user ID (UID) number or login name.
sizes, and the connection state; A file set begins with a field whose identifier is 'f' (for file descriptor). It is followed by lines that
or ''dgram'' or ''stream'' for the type UnixWare 7.1.1 and above in-kernel describe the file's access mode, lock state, type, device, size, offset, inode, protocol, name and
UNIX domain sockets, followed by a colon (':') and the local path name when available, followed stream module names. It extends to the beginning of the next file or process set, whichever comes
by ''->'' and the remote path name or kernel socket address in hexadecimal when available. first.
For dialects that support a ''namefs'' file system, allowing one file to be attached to another with When the NUL (000) field terminator has been selected with the 0 (zero) field identifier
fattach(3C), lsof will add ''(FA:<address1><direction><address2>)'' to the NAME column. character, lsof ends each process and file set with a NL (012) character.
<address1> and <address2> are hexadecimal vnode addresses. <direction> will be ''<-'' if Lsof always produces one field, the PID ('p') field. All other fields may be declared optionally in
<address2> has been fattach'ed to this vnode whose address is <address1>; and ''->'' if the field identifier character list that follows the -F option. When a field selection character
<address1>, the vnode address of this vnode, has been fattach'ed to <address2>. <address1> may identifies an item lsof does not normally list - e.g., PPID, selected with -R - specification of the
be omitted if it already appears in the DEVICE column. field character - e.g., ''-FR'' - also selects the listing of the item.
Lsof may add two parenthetical notes to the NAME column for open Solaris 10 files: ''(?)'' if lsof It is entirely possible to select a set of fields that cannot easily be parsed - e.g., if the field
considers the path name of questionable accuracy; and ''(deleted)'' if the -X option has been descriptor field is not selected, it may be difficult to identify file sets. To help you avoid this
specified and lsof detects the open file's path name has been deleted. Consult the lsof FAQ (The difficulty, lsof supports the -F option; it selects the output of all fields with NL terminators (the -
FAQ section gives its location.) for more information on these NAME column additions. F0 option pair selects the output of all fields with NUL terminators). For compatibility reasons
Locks neither -F nor -F0 select the raw device field.
Lsof can't adequately report the wide variety of UNIX dialect file locks in a single character. These are the fields that lsof will produce. The single character listed first is the field identifier.
What it reports in a single character is a compromise between the information it finds in the a file access mode
kernel and the limitations of the reporting format. c process command name (all characters from proc or
user structure)
C file structure share count

Bash programming for linux | 85

d file's device character code You can get on-line help information on these characters and their descriptions by specifying the -
D file's major/minor device number (0x<hexadecimal>) F? option pair. (Escape the '?' character as your shell requires.) Additional information on field
f file descriptor content can be found in the OUTPUT section.
F file structure address (0x<hexadecimal>) As an example, ''-F pcfn'' will select the process ID ('p'), command name ('c'), file descriptor ('f')
G file flaGs (0x<hexadecimal>; names if +fg follows) and file name ('n') fields with an NL field terminator character; ''-F pcfn0'' selects the same output
i file's inode number with a NUL (000) field terminator character.
k link count Lsof doesn't produce all fields for every process or file set, only those that are available. Some
l file's lock status fields are mutually exclusive: file device characters and file major/minor device numbers; file
L process login name inode number and protocol name; file name and stream identification; file size and offset. One or
m marker between repeated output the other member of these mutually exclusive sets will appear in field output, but not both.
n file name, comment, Internet address Normally lsof ends each field with a NL (012) character. The 0 (zero) field identifier character
N node identifier (ox<hexadecimal> may be specified to change the field terminator character to a NUL (000). A NUL terminator may
o file's offset (decimal) be easier to process with xargs (1), for example, or with programs whose quoting mechanisms
p process ID (always selected) may not easily cope with the range of characters in the field output. When the NUL field
g process group ID terminator is in use, lsof ends each process and file set with a NL (012).
P protocol name Three aids to producing programs that can process lsof field output are included in the lsof
r raw device number (0x<hexadecimal>) distribution. The first is a C header file, lsof_fields.h, that contains symbols for the field
R parent process ID identification characters, indexes for storing them in a table, and explanation strings that may be
s file's size (decimal) compiled into programs. Lsof uses this header file.
S file's stream identification The second aid is a set of sample scripts that process field output, written in awk, Perl 4, and Perl
t file's type 5. They're located in the scripts subdirectory of the lsof distribution.
T TCP/TPI information, identified by prefixes (the The third aid is the C library used for the lsof test suite. The test suite is written in C and uses
'=' is part of the prefix): field output to validate the correct operation of lsof. The library can be found in the tests/LTlib.c
QR=<read queue size> file of the lsof distribution. The library uses the first aid, the lsof_fields.h header file.
QS=<send queue size> Blocks and Timeouts
SO=<socket options and values> (not all dialects) Lsof can be blocked by some kernel functions that it uses - lstat(2), readlink(2), and stat(2). These
SS=<socket states> (not all dialects) functions are stalled in the kernel, for example, when the hosts where mounted NFS file systems
ST=<connection state> reside become inaccessible.
TF=<TCP flags and values> (not all dialects) Lsof attempts to break these blocks with timers and child processes, but the techniques are not
WR=<window read size> (not all dialects) wholly reliable. When lsof does manage to break a block, it will report the break with an error
WW=<window write size> (not all dialects) message. The messages may be suppressed with the -t and -w options.
(TCP/TPI information isn't reported for all supported The default timeout value may be displayed with the -h or -? option, and it may be changed with
UNIX dialects. The -h or -? help output for the the -S [t] option. The minimum for t is two seconds, but you should avoid small values, since
-T option will show what TCP/TPI reporting can be slow system responsiveness can cause short timeouts to expire unexpectedly and perhaps stop lsof
requested.) before it can produce any output.
u process user ID When lsof has to break a block during its access of mounted file system information, it normally
z Solaris 10 and higher zone name continues, although with less information available to display about open files.
0 use NUL field terminator character in place of NL Lsof can also be directed to avoid the protection of timers and child processes when using the
1-9 dialect-specific field identifiers (The output kernel functions that might block by specifying the -O option. While this will allow lsof to start
of -F? identifies the information to be found up with less overhead, it exposes lsof completely to the kernel situations that might block it. Use
in dialect-specific fields.) this option cautiously.
Avoiding Kernel Blocks

Bash programming for linux | 86

You can use the -b option to tell lsof to avoid using kernel functions that would block. Some Some dialects that do not use an ASCII /etc/mtab or /etc/mnttab file for the mount table may still
cautions apply. provide an alternative device number in their internal mount tables. This includes AIX, Apple
First, using this option usually requires that your system supply alternate device numbers in place Darwin, FreeBSD, NetBSD, OpenBSD, and Tru64 UNIX. Lsof knows how to obtain the
of the device numbers that lsof would normally obtain with the lstat(2) and stat(2) kernel alternative device number for these dialects and uses it when its attempt to lstat(2) or stat(2) the
functions. See the ALTERNATE DEVICE NUMBERS section for more information on alternate file system is blocked.
device numbers. If you're not sure your dialect supplies alternate device numbers for file systems from its mount
Second, you can't specify names for lsof to locate unless they're file system names. This is table, use this lsof incantation to see if it reports any alternate device numbers:
because lsof needs to know the device and inode numbers of files listed with names in the lsof lsof -b
options, and the -b option prevents lsof from obtaining them. Moreover, since lsof only has Look for standard error file warning messages that begin ''assuming "dev=xxxx" from ...''.
device numbers for the file systems that have alternates, its ability to locate files on file systems Kernel Name Cache
depends completely on the availability and accuracy of the alternates. If no alternates are Lsof is able to examine the kernel's name cache or use other kernel facilities (e.g., the ADVFS 4.x
available, or if they're incorrect, lsof won't be able to locate files on the named file systems. tag_to_path() function under Tru64 UNIX) on some dialects for most file system types, excluding
Third, if the names of your file system directories that lsof obtains from your system's mount AFS, and extract recently used path name components from it. (AFS file system path lookups
table are symbolic links, lsof won't be able to resolve the links. This is because the -b option don't use the kernel's name cache; some Solaris VxFS file system operations apparently don't use
causes lsof to avoid the kernel readlink(2) function it uses to resolve symbolic links. it, either.)
Finally, using the -b option causes lsof to issue warning messages when it needs to use the kernel Lsof reports the complete paths it finds in the NAME column. If lsof can't report all components
functions that the -b option directs it to avoid. You can suppress these messages by specifying the in a path, it reports in the NAME column the file system name, followed by a space, two '-'
-w option, but if you do, you won't see the alternate device numbers reported in the warning characters, another space, and the name components it has located, separated by the '/' character.
messages. When lsof is run in repeat mode - i.e., with the -r option specified - the extent to which it can
Alternate Device Numbers report path name components for the same file may vary from cycle to cycle. That's because other
On some dialects, when lsof has to break a block because it can't get information about a mounted running processes can cause the kernel to remove entries from its name cache and replace them
file system via the lstat(2) and stat(2) kernel functions, or because you specified the -b option, with others.
lsof can obtain some of the information it needs - the device number and possibly the file system Lsof's use of the kernel name cache to identify the paths of files can lead it to report incorrect
type - from the system mount table. When that is possible, lsof will report the device number it components under some circumstances. This can happen when the kernel name cache uses device
obtained. (You can suppress the report by specifying the -w option.) and node number as a key (e.g., SCO OpenServer) and a key on a rapidly changing file system is
You can assist this process if your mount table is supported with an /etc/mtab or /etc/mnttab file reused. If the UNIX dialect's kernel doesn't purge the name cache entry for a file when it is
that contains an options field by adding a ''dev=xxxx'' field for mount points that do not have one unlinked, lsof may find a reference to the wrong entry in the cache. The lsof FAQ (The FAQ
in their options strings. Note: you must be able to edit the file - i.e., some mount tables like recent section gives its location.) has more information on this situation.
Solaris /etc/mnttab or Linux /proc/mounts are read-only and can't be modified. Lsof can report path name components for these dialects:
You may also be able to supply device numbers using the +m and +m m options, provided they FreeBSD
are supported by your dialect. Check the output of lsof's -h or -? options to see if the +m and +m HP-UX
m options are available. Linux
The ''xxxx'' portion of the field is the hexadecimal value of the file system's device number. NetBSD
(Consult the st_dev field of the output of the lstat(2) and stat(2) functions for the appropriate NEXTSTEP
values for your file systems.) Here's an example from a Sun Solaris 2.6 /etc/mnttab for a file OpenBSD
system remotely mounted via NFS: OPENSTEP
nfs ignore,noquota,dev=2a40001 SCO OpenServer
There's an advantage to having ''dev=xxxx'' entries in your mount table file, especially for file SCO|Caldera UnixWare
systems that are mounted from remote NFS servers. When a remote server crashes and you want Solaris
to identify its users by running lsof on one of its clients, lsof probably won't be able to get output Tru64 UNIX
from the lstat(2) and stat(2) functions for the file system. If it can obtain the file system's device Lsof can't report path name components for these dialects:AIX
number from the mount table, it will be able to display the files open on the crashed NFS server.

Bash programming for linux | 87

If you want to know why lsof can't report path name components for some dialects, see the lsof HP-UX 11.11 and 11.23
FAQ (The FAQ section gives its location.) Linux
Device Cache File The second and more common permission is setgid. It comes into effect when the effective group
Examining all members of the /dev (or /devices) node tree with stat(2) functions can be time IDentification number (GID) of the lsof process is set to one that can access kernel memory
consuming. What's more, the information that lsof needs - device number, inode number, and devices - e.g., ''kmem'', ''sys'', or ''system''.
path - rarely changes. An lsof process that has setgid permission usually surrenders the permission after it has accessed
Consequently, lsof normally maintains an ASCII text file of cached /dev (or /devices) information the kernel memory devices. When it does that, lsof can allow more liberal device cache path
(exception: the /proc-based Linux lsof where it's not needed.) The local system administrator who formations. The lsof distribution recommends that versions for these dialects run setgid and be
builds lsof can control the way the device cache file path is formed, selecting from these options: allowed to surrender setgid permission.
Path from the -D option; AIX 5.[123]
Path from an environment variable; Apple Darwin 7.x Power Macintosh systems
System-wide path; FreeBSD 4.x, 4.1x, 5.x and [67].x for x86-based systems
Personal path (the default); FreeBSD 5.x and [67].x for Alpha, AMD64 and Sparc64-based
Personal path, modified by an environment variable. systems
Consult the output of the -h, -D? , or -? help options for the current state of device cache support. HP-UX 11.00
The help output lists the default read-mode device cache file path that is in effect for the current NetBSD 1.[456], 2.x and 3.x for Alpha, x86, and SPARC-based
invocation of lsof. The -D? option output lists the read-only and write device cache file paths, the systems
names of any applicable environment variables, and the personal device cache path format. NEXTSTEP 3.[13] for NEXTSTEP architectures
Lsof can detect that the current device cache file has been accidentally or maliciously modified by OpenBSD 2.[89] and 3.[0-9] for x86-based systems
integrity checks, including the computation and verification of a sixteen bit Cyclic Redundancy OPENSTEP 4.x
Check (CRC) sum on the file's contents. When lsof senses something wrong with the file, it issues SCO OpenServer Release 5.0.6 for x86-based systems
a warning and attempts to remove the current cache file and create a new copy, but only to a path SCO|Caldera UnixWare 7.1.4 for x86-based systems
that the process can legitimately write. Solaris 2.6, 8, 9 and 10
The path from which a lsof process may attempt to read a device cache file may not be the same Tru64 UNIX 5.1
as the path to which it can legitimately write. Thus when lsof senses that it needs to update the (Note: lsof for AIX 5L and above needs setuid-root permission if its -X option is used.)
device cache file, it may choose a different path for writing it from the path from which it read an Lsof for these dialects does not support a device cache, so the permissions given to the executable
incorrect or outdated version. don't apply to the device cache file.
If available, the -Dr option will inhibit the writing of a new device cache file. (It's always Linux
available when specified without a path name argument.) Device Cache File Path from the -d Option
When a new device is added to the system, the device cache file may need to be recreated. Since The -D option provides limited means for specifying the device cache file path. Its ? function will
lsof compares the mtime of the device cache file with the mtime and ctime of the /dev (or report the read-only and write device cache file paths that lsof will use.
/devices) directory, it usually detects that a new device has been added; in that case lsof issues a When the -D b, r, and u functions are available, you can use them to request that the cache file be
warning message and attempts to rebuild the device cache file. built in a specific location (b[path]); read but not rebuilt (r[path]); or read and rebuilt (u[path]).
Whenever lsof writes a device cache file, it sets its ownership to the real UID of the executing The b, r, and u functions are restricted under some conditions. They are restricted when the lsof
process, and its permission modes to 0600, this restricting its reading and writing to the file's process is setuid-root. The path specified with the r function is always read-only, even when it is
owner. available.
Lsof Permissions that Affect Device Cache File Access The b, r, and u functions are also restricted when the lsof process runs setgid and lsof doesn't
Two permissions of the lsof executable affect its ability to access device cache files. The surrender the setgid permission. (See the LSOF PERMISSIONS THAT AFFECT DEVICE
permissions are set by the local system administrator when lsof is installed. CACHE FILE ACCESS section for a list of implementations that normally don't surrender their
The first and rarer permission is setuid-root. It comes into effect when lsof is executed; its setgid permission.)
effective UID is then root, while its real (i.e., that of the logged-on user) UID is not. The lsof A further -D function, i (for ignore), is always available.
distribution recommends that versions for these dialects run setuid-root.

Bash programming for linux | 88

When available, the b function tells lsof to read device information from the kernel with the The hostname part of the second component is the base name of the executing host, as returned
stat(2) function and build a device cache file at the indicated path. by gethostname(2). The base name is defined to be the characters preceding the first '.' in the
When available, the r function tells lsof to read the device cache file, but not update it. When a gethostname(2) output, or all the gethostname(2) output if it contains no '.'.
path argument accompanies -Dr, it names the device cache file path. The r function is always The device cache file belongs to the user ID and is readable and writable by the user ID alone -
available when it is specified without a path name argument. If lsof is not running setuid-root and i.e., its modes are 0600. Each distinct real user ID on a given host that executes lsof has a distinct
surrenders its setgid permission, a path name argument may accompany the r function. device cache file. The hostname part of the path distinguishes device cache files in an NFS-
When available, the u function tells lsof to attempt to read and use the device cache file. If it can't mounted home directory into which device cache files are written from several different hosts.
read the file, or if it finds the contents of the file incorrect or outdated, it will read information The personal device cache file path formed by this method represents a device cache file that lsof
from the kernel, and attempt to write an updated version of the device cache file, but only to a will attempt to read, and will attempt to write should it not exist or should its contents be incorrect
path it considers legitimate for the lsof process effective and real UIDs. or outdated.
Device Cache Path from an Environment Variable The -Dr option without a path name argument will inhibit the writing of a new device cache file.
Lsof's second choice for the device cache file is the contents of the LSOFDEVCACHE The -D? option will list the format specification for constructing the personal device cache file.
environment variable. It avoids this choice if the lsof process is setuid-root, or the real UID of the The conversions used in the format specification are described in the 00DCACHE file of the lsof
process is root. distribution.
A further restriction applies to a device cache file path taken from the LSOFDEVCACHE Modified Personal Device Cache Path
environment variable: lsof will not write a device cache file to the path if the lsof process doesn't If this option is defined by the local system administrator when lsof is built, the
surrender its setgid permission. (See the LSOF PERMISSIONS THAT AFFECT DEVICE LSOFPERSDCPATH environment variable contents may be used to add a component of the
CACHE FILE ACCESS section for information on implementations that don't surrender their personal device cache file path.
setgid permission.) The LSOFPERSDCPATH variable contents are inserted in the path at the place marked by the
The local system administrator can disable the use of the LSOFDEVCACHE environment local system administrator with the ''%p'' conversion in the HASPERSDC format specification of
variable or change its name when building lsof. Consult the output of -D? for the environment the dialect's machine.h header file. (It's placed right after the home directory in the default lsof
variable's name. distribution.)
System-wide Device Cache Path Thus, for example, if LSOFPERSDCPATH contains ''LSOF'', the home directory is
The local system administrator may choose to have a system-wide device cache file when ''/Homes/abe'', the host name is '''', and the HASPERSDC format is the default
building lsof. That file will generally be constructed by a special system administration procedure (''%h/%p.lsof_%L''), the modified personal device cache file path is:
when the system is booted or when the contents of /dev or /devices) changes. If defined, it is lsof's /Homes/abe/LSOF/.lsof_vic
third device cache file path choice. The LSOFPERSDCPATH environment variable is ignored when the lsof process is setuid-root or
You can tell that a system-wide device cache file is in effect for your local installation by when the real UID of the process is root.
examining the lsof help option output - i.e., the output from the -h or -? option. Lsof will not write to a modified personal device cache file path if the lsof process doesn't
Lsof will never write to the system-wide device cache file path by default. It must be explicitly surrender setgid permission. (See the LSOF PERMISSIONS THAT AFFECT DEVICE CACHE
named with a -D function in a root-owned procedure. Once the file has been written, the FILE ACCESS section for a list of implementations that normally don't surrender their setgid
procedure must change its permission modes to 0644 (owner-read and owner-write, group-read, permission.)
and other-read). If, for example, you want to create a sub-directory of personal device cache file paths by using the
Personal Device Cache Path (default) LSOFPERSDCPATH environment variable to name it, and lsof doesn't surrender its setgid
The default device cache file path of the lsof distribution is one recorded in the home directory of permission, you will have to allow lsof to create device cache files at the standard personal path
the real UID that executes lsof. Added to the home directory is a second path component of the and move them to your subdirectory with shell commands.
form .lsof_hostname. The local system administrator may: disable this option when lsof is built; change the name of the
This is lsof's fourth device cache file path choice, and is usually the default. If a system-wide environment variable from LSOFPERSDCPATH to something else; change the HASPERSDC
device cache file path was defined when lsof was built, this fourth choice will be applied when format to include the personal path component in another place; or exclude the personal path
lsof can't find the system-wide device cache file. This is the only time lsof uses two paths when component entirely. Consult the output of the -D? option for the environment variable's name and
reading the device cache file. the HASPERSDC format specification.

Bash programming for linux | 89

Diagnostics lsof /u/abe/foo
Errors are identified with messages on the standard error file. To send a SIGHUP to the processes that have /u/abe/bar open, use:
Lsof returns a one (1) if any error was detected, including the failure to locate command names, kill -HUP 'lsof -t /u/abe/bar'
file names, Internet addresses or files, login names, NFS files, PIDs, PGIDs, or UIDs it was asked To find any open file, including an open UNIX domain socket file, with the name /dev/log, use:
to list. If the -V option is specified, lsof will indicate the search items it failed to list. lsof /dev/log
It returns a zero (0) if no errors were detected and if it was able to list some information about all To find processes with open files on the NFS file system named /nfs/mount/point whose server is
the specified search arguments. inaccessible, and presuming your mount table supplies the device number for /nfs/mount/point,
When lsof cannot open access to /dev (or /devices) or one of its subdirectories, or get information use:
on a file in them with stat(2), it issues a warning message and continues. That lsof will issue lsof -b /nfs/mount/point
warning messages about inaccessible files in /dev (or /devices) is indicated in its help output - To do the preceding search with warning messages suppressed, use:
requested with the -h or >B -? options - with the message: lsof -bw /nfs/mount/point
Inaccessible /dev warnings are enabled. To ignore the device cache file, use:
The warning message may be suppressed with the -w option. It may also have been suppressed by lsof -Di
the system administrator when lsof was compiled by the setting of the WARNDEVACCESS To obtain PID and command name field output for each process, file descriptor, file device
definition. In this case, the output from the help options will include the message: number, and file inode number for each file of each process, use:
Inaccessible /dev warnings are disabled. lsof -FpcfDi
Inaccessible device warning messages usually disappear after lsof has created a working device To list the files at descriptors 1 and 3 of every process running the lsof command for login ID
cache file. ''abe'' every 10 seconds, use:
lsof -c lsof -a -d 1 -d 3 -u abe -r10
Examples To list the current working directory of processes running a command that is exactly four
For a more extensive set of examples, documented more fully, see the 00QUICKSTART file of characters long and has an 'o' or 'O' in character three, use this regular expression form of the -c c
the lsof distribution. option:
To list all open files, use: lsof -c /^..o.$/i -a -d cwd
lsof To find an IP version 4 socket file by its associated numeric dot-form address, use:
To list all open Internet, x.25 (HP-UX), and UNIX domain files, use: lsof -i@
lsof -i -U To find an IP version 6 socket file (when the UNIX dialect supports IPv6) by its associated
To list all open IPv4 network files in use by the process whose PID is 1234, use: numeric colon-form address, use:
lsof -i 4 -a -p 1234 lsof -i@[0:1:2:3:4:5:6:7]
Presuming the UNIX dialect supports IPv6, to list only open IPv6 network files, use: To find an IP version 6 socket file (when the UNIX dialect supports IPv6) by an associated
lsof -i 6 numeric colon-form address that has a run of zeroes in it - e.g., the loop-back address - use:
To list all files using any protocol on ports 513, 514, or 515 of host, lsof -i@[::1]
use: Bugs
lsof -i Since lsof reads kernel memory in its search for open files, rapid changes in kernel memory may
To list all files using any protocol on any port of ( is the default produce unpredictable results.
domain), use: When a file has multiple record locks, the lock status character (following the file descriptor) is
lsof -i @mace derived from a test of the first lock structure, not from any combination of the individual record
To list all open files for login name ''abe'', or user ID 1234, or process 456, or process 123, or locks that might be described by multiple lock structures.
process 789, use: Lsof can't search for files with restrictive access permissions by name unless it is installed with
lsof -p 456,123,789 -u 1234,abe root set-UID permission. Otherwise it is limited to searching for files to which its user or its set-
To list all open files on device /dev/hd4, use: GID group (if any) has access permission.
lsof /dev/hd4
To find the process that has /u/abe/foo open, use:

Bash programming for linux | 90

The display of the destination address of a raw socket (e.g., for ping) depends on the UNIX
help [-s] [command]
operating system. Some dialects store the destination address in the raw socket's protocol control
block, some do not. Options
Lsof can't always represent Solaris device numbers in the same way that ls(1) does. For example,
the major and minor device numbers that the lstat(2) and stat(2) functions report for the directory -s Short usage synopsis, restricts the information displayed.
on which CD-ROM files are mounted (typically /cdrom) are not the same as the ones that it -k Search by command description rather than command name.
reports for the device on which CD-ROM files are mounted (typically /dev/sr0). (Lsof reports the
directory numbers.) intro An overview of basic commands
The support for /proc file systems is available only for BSD and Tru64 UNIX dialects, Linux, and
Press <Space bar> to view the next page
dialects derived from SYSV R4 - e.g., FreeBSD, NetBSD, OpenBSD, Solaris, UnixWare. Press <return> to view next line
Some /proc file items - device number, inode number, and file size - are unavailable in some Press <ctrl-C> to exit
dialects. Searching for files in a /proc file system may require that the full path name be specified. For simplicity, this website includes both internal GNU bash commands and external unix
No text (txt) file descriptors are displayed for Linux processes. All entries for files other than the commands in a single list. Many more commands are available and the man command will list the
current working directory, the root directory, and numerical file descriptors are labeled mem full details of these.
descriptors. Internal means a command built into the shell, it's the shell that performs the action.
Lsof can't search for Tru64 UNIX named pipes by name, because their kernel implementation of External means the shell will fork and execute an external program as a new subprocess.
lstat(2) returns an improper device number for a named pipe. External commands are available when running any shell.
Lsof can't report fully or correctly on HP-UX 9.01, 10.20, and 11.00 locks because of insufficient For example, the cd command is built-in. The ls command, is external.
access to kernel data or errors in the kernel data. See the lsof FAQ (The FAQ section gives its The man command lists all the internal commands for bash under man bash
location.) for details.
The AIX SMT file type is a fabrication. It's made up for file structures whose type (15) isn't mkdir
defined in the AIX /usr/include/sys/file.h header file. One way to create such file structures is to Create new folder(s), if they do not already exist.
run X clients with the DISPLAY variable set to '':0.0''. SYNTAX
mkdir [Options] folder...
The +|-f[cfgGn] option is not supported under /proc-based Linux lsof, because it doesn't read
kernel structures from kernel memory. mkdir "Name with spaces"

Environment variables. OPTIONS

-m, --mode=MODE set permission mode (as in chmod), not rwxrwxrwx - umask
LANG defines a language locale. See setlocale(3) for the names of other variables that can be -p, --parents no error if existing, make parent directories as needed
used in place of LANG - e.g., LC_ALL, LC_TYPE, etc. --verbose print a message for each created directory
LSOFDEVCACHE defines the path to a device cache file. See the DEVICE CACHE PATH
FROM AN ENVIRONMENT VARIABLE section for more information. mkdir creates the standard entries . (dot) for the current folder
LSOFPERSDCPATH defines the middle component of a modified personal device cache file and .. (dot dot) for its parent
path. See the MODIFIED PERSONAL DEVICE CACHE PATH section for more information.
Any folder name that includes spaces may appear in some applications
man / info / help as "Name%20with%20spaces"
Display helpful information about commands.
man [-k] [command]
Make FIFOs (named pipes) with the specified names.
man intro Syntax
mkfifo [options] NAME...
man bash
info [command]

Bash programming for linux | 91

-m MODE 'q' to quit.]" and will display "[Press 'h' for instructions.]"
--mode=MODE instead of ringing the bell when an illegal key is pressed.
Set the mode of created FIFOs to MODE, which is symbolic as in
`chmod' and uses 0666 (read and write allowed for everyone) minus -l more usually treats ^L (form feed) as a special character, and will
the bits set in the umask for the point of departure. pause after any line that contains a form feed. The -l option will
A "FIFO" is a special file type that permits independent processes to communicate. One process prevent this behavior.
opens the FIFO file for writing, and another for reading, after which data can flow as with the -f Causes more to count logical, rather than screen lines (i.e., long
usual anonymous pipe in shells or elsewhere. lines are not folded).

mknod -p Do not scroll. Instead, clear the whole screen and then display
the text.
creates a FIFO, character special file, or block special file with the specified name. -c Do not scroll. Instead, paint each screen from the top, clearing
Syntax the remainder of each line as it is displayed.
mknod [options]... NAME Type [Major Minor]
-s Squeeze multiple blank lines into one.
-u Suppress underlining.
--mode=MODE +/ The +/ option specifies a string that will be searched for before
Set the mode of created files to MODE, which is symbolic as in each file is displayed.
`chmod' and uses 0666 minus the bits set in the umask as the point
of departure. +num Start at line number num.
Type The type of file to make: COMMANDS
`p' for a FIFO Interactive commands for more are based on vi(1). Some commands may be
`b' for a block special file preceeded by a decimal number, called k in the descriptions below. In
`c' for a character special file the following descriptions, ^X means control-X.
Major/Minor When making a block or character special file, the major and minor h or ? Help: display a summary of these commands. If you forget all
device numbers must be given after the file type. the other commands, remember this one.
Unlike the phrase "special file type" above, the term "special file" has a technical meaning on
Unix: something that can generate or receive data. Usually this corresponds to a physical piece of SPACE Display next k lines of text. Defaults to current screen
hardware, e.g., a printer or a disk. (These files are typically created at system-configuration time.) size.
The `mknod' command is what creates files of this type. Such devices can be read either a z Display next k lines of text. Defaults to current screen
character at a time or a "block" (many characters) at a time, hence we say there are "block size. Argument becomes new default.
special" files and "character special" files.
RETURN Display next k lines of text. Defaults to 1.
more Argument becomes new default.

Display output one screen at a time, less provides more emulation and extensive enhancements. d or ^D Scroll k lines. Default is current scroll size, initially
SYNTAX 11. Argument becomes new default.
more [-dlfpcsu] [-num] [+/ pattern] [+ linenum] [file ...]
q or Q or INTERRUPT Exits the more command.
Command line options are described below. Options are also taken from s Skip forward k lines of text. Defaults to 1.
the environment variable MORE (make sure to precede them with a dash
(``-'')) but command line options will override them. f Skip forward k screenfuls of text. Defaults to 1.

-num This option specifies an integer which is the screen size (in b or ^B Skip backwards k screenfuls of text. Defaults to 1.
' Go to place where previous search started.
-d more will prompt the user with the message "[Press space to continue,

Bash programming for linux | 92

= Display current line number.
-f Causes everything to be done except for the actual
/pattern Search for kth occurrence of regular expression. Defaults to 1. system call; if it's not obvious, this ``fakes''
mounting the file system. This option is useful in
n Search for kth occurrence of last r.e. Defaults to 1. conjunction with the -v flag to determine what the
mount command is trying to do. It can also be used
! or :! Execute in a subshell to add entries for devices that were mounted ear-
lier with the -n option.
v Start up /usr/bin/vi at current line
-n Mount without writing in /etc/mtab. This is necessary for example
^L Redraw screen when /etc is on a read-only file system.

:n Go to kth next file. Defaults to 1. -s Tolerate sloppy mount options rather than failing.
This option exists for support of the Linux
:p Go to kth previous file. Defaults to 1. autofs-based automounter.

:f Display current file name and line number -r Mount the file system read-only. A synonym is -o ro

. Repeat previous command -w Mount the file system read/write. This is the
default. A synonym is -o rw.
More utilizes the following environment variables, if they exist: -L label
Mount the partition that has the specified label.
MORE This variable may be set with favored options to more.
SHELL Current shell in use (normally set by the shell at login -U uuid
Mount the partition that has the specified uuid.
mount -o Several -o options can be specified in a comma separated
mount a file system string ... see info for more
All files accessible in a Unix system are arranged in one big tree, the file hierarchy, rooted at /.
These files can be spread out over several devices. The mount command serves to attach the file async All I/O to the file system should be done
system found on some device to the big file tree.
SYNTAX atime Update inode access time for each access.
mount -a [-fFnrsvw] [-t vfstype] This is the default.
mount [-fnrsvw] [-o options [,...]] device | dir noatime
Do not update inode access times on this
mount [-fnrsvw] [-t vfstype] [-o options] device dir file system (e.g, for faster access on the
news spool to speed up news servers).
mount [-hV]
OPTIONS auto Can be mounted with the -a option.
-a Mount all filesystems (of the given types) mentioned noauto Can only be mounted explicitly (i.e., the -a
in fstab. option will not cause the file system to be
-F (Used in conjunction with -a.) Fork off a new
incarnation of mount for each device. This will do ro Mount the file system read-only.
the mounts on different devices or different NFS
servers in parallel. This has the advantage that rw Mount the file system read-write.
it is faster; also NFS timeouts go in parallel. A
disadvantage is that the mounts are done in unde- suid Allow set-user-identifier or set-group-identifier bits to
fined order. Thus, you cannot use this option if take effect.
you want to mount both /usr and /usr/spool.

Bash programming for linux | 93

sync All I/O to the file system should be done synchronously.

-t vfstype
Mtools are typically used to manipulate FAT formatted floppy disks. Each program attempts to
The argument following the -t is used to indicate emulate the MS-DOS equivalent command, these are different from Windows NT/2000
the file system type. commands.
-h Print a help message.
Mtools is sufficient to give access to MS-DOS filesystems. For instance, commands such as `mdir
-V Output version. a:' work on the `a:' floppy without any preliminary mounting or initialization (assuming the
default `/etc/mtools.conf' works on your machine). With mtools, one can change floppies too
-v Verbose mode. without unmounting and mounting.
MTOOLS Programs
File system specific MOUNT options
see info mount for these floppyd floppy daemon to run on your X server box
The standard form of the mount command, is mount -t type device dir This tells the kernel to floppyd_installtest small utility to check for the presence of floppyd
attach the file system found on device (which is of type type) at the directory dir. The previous mattrib change MS-DOS file attribute flags
contents (if any) and owner and mode of dir become invisible, and as long as this file system mbadblocks tests a floppy disk, and marks the bad blocks in the FAT
mcat same as cat. Only useful with floppyd.
remains mounted, the pathname dir refers to the root of the file system on device. mcd change MS-DOS directory
mcopy copy MS-DOS files to/from Unix
Three forms of invocation do not actually mount anything: mdel delete an MS-DOS file
mdeltree recursively delete an MS-DOS directory
mdir display an MS-DOS directory
print a help message: mdu list space occupied by directory and its contents
mount -h mformat add an MS-DOS filesystem to a low-level formatted floppy disk
minfo get information about an MS-DOS filesystem.
mlabel make an MS-DOS volume label
print a version string: mkmanifest makes a list of short name equivalents
mount -V mmd make an MS-DOS subdirectory
mmount mount an MS-DOS disk
list all mounted file systems of type 'type' mpartition create an MS-DOS as a partition
mrd remove an MS-DOS subdirectory
mount [-t type] mmove move or rename an MS-DOS file or subdirectory
mren rename an existing MS-DOS file
The proc file system is not associated with a special device, and when mounting it, an arbitrary mshowfat shows the FAT map of a file
keyword, such as proc can be used instead of a device specification. (The customary choice none mtoolstest tests and displays the configuration
mtype display contents of an MS-DOS file
is less fortunate: the error message `none busy' from umount can be confusing.) mzip zip disk specific commands
xcopy recursively copy a dos directory into another
Most devices are indicated by a file name (of a block special device), like /dev/sda1, but there are Equivalent Windows commands:
other possibilities. For example, in the case of an NFS mount, device may look like It is possible to indicate a block special device using its volume label or UUID mtr
(see the -L and -U options below). Network diagnostics (traceroute/ping.)
mtr [-hvrctglspni46] [--help] [--version] [--report] [--report-cycles COUNT]
The file /etc/fstab (see fstab), may contain lines describing what devices are usually mounted [--curses] [--split] [--raw] [--no-dns] [--gtk] [--address
where, using which options. IP.ADD.RE.SS]
[--interval SECONDS] [--psize BYTES | -s BYTES]
Mtools is a public domain collection of tools to allow Unix systems to manipulate MS-DOS files: Key
read, write, and move around files on an MS-DOS filesystem -c COUNT

Bash programming for linux | 94

--report-cycles COUNT Force mtr to display numeric IP numbers and not try to resolve the host
Use this option to set the number of pings sent to determine both the names.
machines on the network and
the reliability of those machines. Each cycle lasts one second. -r
-s BYTES Put mtr into report mode. When in this mode, mtr will run for the number
--psize BYTES of cycles specified by
PACKETSIZE the -c option, and then print statistics and exit.
These options or a trailing PACKETSIZE on the commandline set the packet This mode is useful for generating statistics about network quality.
size (in Bytes inclusive IP and ICMP headers) used for probing. Note that each running instance of mtr generates a significant amount of
If set to a negative number, every iteration will use a different, random network traffic.
packetsize up to that number. Using mtr to measure the quality of your network may result in decreased
network performance.
--gtk -v
Force mtr to use the GTK+ based X11 window interface (if available). GTK+ --version
must have Print the installed version of mtr.
been available on the system when mtr was built for this to work. See GTK+
-4 Use IPv4 only.
--split -6 Use IPv6 only.
Set mtr to spit out a format that is suitable for a split-user interface. mtr combines the functionality of the traceroute and ping programs in a single network diagnostic
--help As mtr starts, it investigates the network connection between the host mtr runs on and
Print a summary of command line argument options. HOSTNAME. by sending packets with purposly low TTLs. It continues to send packets with low
TTL, noting the response time of the intervening routers. This allows mtr to print the response
--raw percentage and response times of the internet route to HOSTNAME. A sudden increase in
Tell mtr to use the raw output format. This format is better suited for packetloss or response time is often an indication of a bad (or simply overloaded) link.
archival of the Some modern routers give a lower priority to ICMP ECHO packets than to other network traffic.
measurement results. It could be parsed to be presented into any of the Consequently, the reliability of these routers reported by mtr will be significantly lower than the
other display methods.
actual reliability of these routers.
-a IP.ADD.RE.SS Examples
--address IP.ADD.RE.SS $ mtr
Bind outgoing packets' socket to a specific interface, so that any packet
will be sent
$ mtr
through this interface. NOTE that this option doesn't apply to DNS
requests (which
could be and could not be what you want). mv
Move or rename files or directories.
mv [options]... Source Dest
Use this option to specify the positive number of seconds between ICMP
ECHO requests. The default value for this parameter is one second.
mv [options]... Source... Directory
-t If the last argument names an existing directory, `mv' moves each other given file into a file with
--curses the same name in that directory. Otherwise, if only two files are given, it renames the first as the
Force mtr to use the curses based terminal interface (if available). second. It is an error if the last argument is not a directory and more than two files are given.
--no-dns -b

Bash programming for linux | 95

--backup -force' option is not given, `mv' prompts the user for whether to replace the file. (You might own
Make a backup of each file that would otherwise be overwritten or
the file, or have write permission on its directory.) If the response does not begin with `y' or `Y',
the file is skipped.
Remove existing destination files and never prompt the user.
Mass Move and rename - Move, copy, append or link Multiple files using wildcard patterns.
-i Syntax
--interactive mmv [Source_Option] [-h] [-d|p] [-g|t] [-v|n] [--] [from to]
Prompt whether to overwrite each existing destination file,
regardless of its permissions. If the response does not begin Options:
with `y' or `Y', the file is skipped. -h help

-S SUFFIX -d Delete
--suffix=SUFFIX -p Protect (don't delete or overwrite)
Append SUFFIX to each backup file made with `-b'. -g Go
The backup suffix is ~, unless set with SIMPLE_BACKUP_SUFFIX. -t Terminate
-v verbose mode
-u -n no-execute mode (display messages about what would have been done)
Do not move a nondirectory that has an existing destination with Source_Options:
the same or newer modification time.
-m Move source file to target name.
-v Both must be on the same device. Will not move directories.
--verbose If the source file is a symbolic link, moves the link without checking
Print the name of each file before moving it. if the link's target from the new directory is different than the old.

-V METHOD -x same as -m, except cross-device moves are done by copying, then deleting
--version-control=METHOD' source.
Change the type of backups made with `-b'. METHOD can be: When copying, sets the permission bits and file modification time of the
t, numbered make numbered backups file to that of the source file.
nil, existing numbered if numbered backups exist, simple otherwise
never, simple always make simple backups -r Rename source file or directory to target name.
The target name must not include a path: the file remains in the same
--help display help and exit directory
--version output version information and exit in all cases. This option is the only way of renaming directories under
-c Copy source file to target name.
Rename the file apple as orange.doc: Sets the file modification time and permission bits of the target file to
mv apple orange.doc that
of the source file, regardless of whether the target file already exists.
Move orange.doc to the Documents folder: Chains and cycles (to be explained below) are not allowed.
mv orange.doc ~/Documents/orange.doc
-o Overwrite target name with source file.
Rename a bunch of file extensions If target file exists, it is overwritten, keeping its original owner and
e.g. change *.txt into *.htm permission bits. If it does not exist, it is created, with read-write
for f in *.txt; do mv ./"$f" "${f%txt}htm"; done permission
bits set according to umask, and the execute permission bits copied from
`mv' can move only regular files across filesystems. the
source file. In either case, the file modification time is set to the
If a destination file exists but is normally unwritable, standard input is a terminal, and the `-f' or `- current time.

Bash programming for linux | 96

-aAppend contents of source file to target name.
Target file modification time is set to the current time. If target file
does not would rename "a" to "b" and "c" to "d".
exist, it is created with permission bits set as under -o. If a file can be matched to several of the given from patterns, the to pattern of the first matching
Unlike all other options, -a allows multiple source files to have the pair is used. Thus,
same target name,
e.g. "mmv -a \*.c big" will append all ".c" files to "big".
Chains and cycles are also allowed, so "mmv -a f f" will double up "f". mmv
-l Link target name to source file. ac
Both must be on the same device, and the source must not be a directory.
Chains and cycles are not allowed.
would give the error message "a -> c : no match" because file "a" (even if it exists) was already
-s Same as -l, but use symbolic links instead of hard links. matched by the first pattern pair.
For the resulting link to aim back at the source, either the source name
must begin with a '/', or the target must reside in either the current or
the The From Pattern
source directory. If none of these conditions are met, the link is
refused. The from pattern is a filename with embedded wildcards: ’*’, ’?’, ’[’...’]’, and ’;’. The first three
However, source and target can reside on different devices, and the
source can be a directory.
have their usual sh(1) meanings of, respectively, matching any string of characters, matching any
single character, and matching any one of a set of characters.
If no source_option is specified, the task is given by the command name under
which mmv was invoked (argv[0]): Between the ’[’ and ’]’, a range from character ’a’ through character ’z’ is specified with "a-z".
command_name default task The set of matching characters can be negated by inserting a ’^’ after the ’[’. Thus, "[^b-e2-5_]"
will match any character but ’b’ through ’e’, ’2’ through ’5’, and ’_’.
mmv -x (Move except cross device)
mcp -c (Copy) Note that paths are allowed in the patterns, and wildcards may be intermingled with slashes
mad -a (Append)
mln -l (Link) arbitrarily. The ’;’ wildcard is useful for matching files at any depth in the directory tree. It
matches the same as "*/" repeated any number of times, including zero, and can only occur either
Options need not be given separately, i.e. "mmv -mk" is allowed. at the beginning of the pattern or following a ’/’. Thus ";*.c" will match all ".c" files in or below
Mmv moves (or copies, appends, or links, as specified) each source file matching a from pattern the current directory, while "/;*.c" will match them anywhere on the file system.
to the target name specified by the to pattern.
This multiple action is performed safely, i.e. without any unexpected deletion of files due to In addition, if the from pattern (or the to pattern) begins with "~/", the ’~’ is replaced with the
collisions of target names with existing filenames or with other target names. Furthermore, before home directory name. (Note that the "~user" feature of csh(1) is not implemented.) However, the
doing anything, mmv attempts to detect any errors that would result from the entire set of actions ’~’ is not treated as a wildcard, in the sense that it is not assigned a wildcard index (see below).
specified and gives the user the choice of either proceeding by avoiding the offending parts or
aborting. Since matching a directory under a task option other than -r or -s would result in an error, tasks
mmv does support large files (LFS) but it does *NOT* support sparse files (i.e. it explodes them). other than -r and -s match directories only against completely explicit from patterns (i.e. not
Multiple Pattern Pairs containing wildcards). Under -r and -s, this applies only to "." and "..".

Multiple from -- to pattern pairs may be specified by omitting the pattern pair on the command Files beginning with ’.’ are only matched against from patterns that begin with an explicit ’.’.
line, and entering them on the standard input, one pair per line. (If a pattern pair is given on the However, if -h is specified, they are matched normally.
command line, the standard input is not read.) Thus,
Warning: since the shell normally expands wildcards before passing the command-line arguments
mmv to mmv, it is usually necessary to enclose the command-line from and to patterns in quotes.
Bash programming for linux | 97
Mmv detects chains and cycles regardless of the order in which their constituent actions are
The To Pattern actually given. Where allowed, i.e. in moving, renaming, and appending files, chains and cycles
are handled gracefully, by performing them in the proper order. Cycles are broken by first
The to pattern is a filename with embedded wildcard indexes, where an index consists of the renaming one of the files to a temporary name (or just remembering its original size when doing
character ’#’ followed by a string of digits. appends).
When a source file matches a from pattern, a target name for the file is constructed out of the to
pattern by replacing the wildcard indexes by the actual characters that matched the referenced Collisions and Deletions
wildcards in the source name. Thus, if the from pattern is "abc*.*" and the to pattern is
"xyz#2.#1", then "abc.txt" is targeted to "xyztxt.". (The first ’*’ matched "", and the second When any two or more matching files would have to be moved, copied, or linked to the same
matched "txt".) Similarly, for the pattern pair ";*.[clp]" -> "#1#3/#2", "foo1/foo2/prog.c" is target filename, mmv detects the condition as an error before performing any actions.
targeted to "foo1/foo2/c/prog". Note that there is no ’/’ following the "#1" in the to pattern, since Furthermore, mmv checks if any of its actions will result in the destruction of existing files.
the string matched by any ’;’ is always either empty or ends in a ’/’. In this case, it matches If the -d (delete) option is specified, all file deletions or overwrites are done silently.
"foo1/foo2/". Under -p (protect), all deletions or overwrites (except those specified with "(*)" on the standard
input, see below) are treated as errors. And if neither option is specified, the user is queried about
To convert the string matched by a wildcard to either lowercase or uppercase before embedding it each deletion or overwrite separately. (A new stream to "/dev/tty" is used for all interactive
in the target name, insert ’l’ or ’u’, respectively, between the ’#’ and the string of digits. queries, not the standard input.)

The to pattern, like the from pattern, can begin with a "~/" (see above). This does not necessitate Error Handling
enclosing the to pattern in quotes on the command line since csh(1) expands the ’~’ in the exact
same manner as mmv (or, in the case of sh(1), does not expand it at all). Whenever any error in the user’s action specifications is detected, an error message is given on
the standard output, and mmv proceeds to check the rest of the specified actions. Once all errors
For all task options other than -r, if the target name is a directory, the real target name is formed are detected, mmv queries the user whether he wishes to continue by avoiding the erroneous
by appending a ’/’ followed by the last component of the source file name. For example, "mmv actions or to abort altogether. This and all other queries may be avoided by specifying either the -
dir1/a dir2" will, if "dir2" is indeed a directory, actually move "dir1/a" to "dir2/a". However, if g (go) or -t (terminate)
"dir2/a" already exists and is itself a directory, this is considered an error. option. The former will resolve all difficulties by avoiding the erroneous actions; the latter will
abort mmv if any errors are detected.
To strip any character (e.g. ’*’, ’?’, or ’#’) of its special meaning to mmv, as when the actual Specifying either of them defaults mmv to -p, unless -d is specified (see above). Thus, -g and -t
replacement name must contain the character ’#’, precede the special character with a ´\’ (and are most useful when running mmv in the background or in a shell script, when interactive
enclose the argument in quotes because of the shell). This also works to terminate a wildcard queries are undesirable.
index when it has to be followed by a digit in the filename, e.g. "a#1\1".
Chains and Cycles
Once the actions to be performed are determined, mmv performs them silently, unless either the -
A chain is a sequence of specified actions where the target name of one action refers to the source v (verbose) or -n (no-execute) option is specified. The former causes mmv to report each
file of another action. For example, performed action on the standard output as

mmv a -> b : done.

bc Here, "a" and "b" would be replaced by the source and target names, respectively. If the action
deletes the old target, a "(*)" is inserted after the the target name. Also, the "->" symbol is
specifies the chain "a" -> "b" -> "c". A cycle is a chain where the last target name refers back to modified when a cycle has to be broken: the ’>’ is changed to a ’^’ on the action prior to which
the first source file, e.g. "mmv a a". the old target is renamed to a temporary, and the’-’ is changed to a ’=’ on the action where the

Bash programming for linux | 98

temporary is used.

Under -n, none of the actions are performed, but messages like the above are printed on the nice
standard output with the ": done." omitted. Run a command with modified scheduling priority, print or modify the scheduling priority of a
The output generated by -n can (after editing, if desired) be fed back to mmv on the standard nice [Option]... [Command [Arg]...]
input (by omitting the from -- to pair on the mmv command line). To facilitate this, mmv ignores
lines on the standard input that look like its own error and "done" messages, as well as all lines OPTION
beginning with white space, and will accept pattern pairs -n MyADJUSTMENT
with or without the intervening "->" (or "-^", "=>", or "=^"). Lines with "(*)" after the target --adjustment=MyADJUSTMENT
pattern have the effect of enabling -d for the files matching this pattern only, so that such
deletions are done silently. When feeding mmv its own output, one must remember to specify Priority can be adjusted by `nice' over the range
again the task option (if any) originally used to generate it. of -20 (the highest priority)
to 19 (the lowest)
If no arguments are given, `nice' prints the current scheduling priority, which it inherited.
Although mmv attempts to predict all mishaps prior to performing any specified actions,
Otherwise, `nice' runs the given Command with its scheduling priority adjusted.
accidents may happen. For example, mmv does not check for adequate free space when copying.
Thus, despite all efforts, it is still possible for an action to fail after some others have already been
If no option for MyADJUSTMENT is given, the priority of the command is incremented by 10.
done. To make recovery as easy as possible, mmv reports which actions have already been done
You must have appropriate privileges to specify a negative adjustment.
and which are still to be performed after such a failure occurs. It then aborts, not attempting to do
anything else. Once the user has cleared up the problem, he can feed this report back to mmv on
Because most shells have a built-in command by the same name, using the unadorned command
the standard input to have it complete the task. (The user is queried for a file name to dump this
name in a script or interactively may get you different functionality than that described here.
report if the standard output has not been redirected.)
Mmv exits with status 1 if it aborts before doing anything, with status 2 if it aborts due to failure
after completing some of the actions, and with status 0 otherwise.
Number lines and write files, writes each FILE to standard output, with line numbers added to
some or all of the lines.
BUGS If no input file (or `-' ) is given nl will read from standard input.
If the search pattern is not quoted, the shell expands the wildcards. Mmv then (usually) gives SYNTAX
some error message, but can not determine that the lack of quotes is the cause. nl [options]... [File]...

To avoid difficulties in semantics and error checking, mmv refuses to move or create directories.
If the mmv tool is not installed on your distro, get it with: apt-get install mmv `-b STYLE'
Examples `--body-numbering=STYLE'
Rename the file extension of all .csv files in the current directory to .xls Select the numbering style for lines in the body section of each
logical page. When a line is not numbered, the current line number
mmv "*.csv" "#1.xls" is not incremented, but the line number separator character is
Copy report6part4.txt to ./french/rapport6partie4.txt along with all similarly named files: still prepended to the line.
mmv -c "report*part*.txt" "./french/rapport#1partie#2.txt" The styles are:
Append the contents of all .txt files into one file:
`a' number all lines,
mmv -a "*.txt" "all.txt"
`t' number only nonempty lines (default for body),

netstat `n' do not number lines (default for header and footer),

Networking information `pREGEXP' number only lines that contain a match for REGEXP.

Bash programming for linux | 99

`-d CD' `-w NUMBER'
`--section-delimiter=CD' `--number-width=NUMBER'
Set the section delimiter characters to CD; default is `\:'. If Use NUMBER characters for line numbers (default 6).
only C is given, the second remains `:'. (Remember to protect `\' `nl' decomposes its input into (logical) pages; by default, the line number is reset to 1 at the top of
or other metacharacters from shell expansion with quotes or extra
each logical page.

`-f STYLE' `nl' treats all of the input files as a single document; it does not reset line numbers or logical pages
`--footer-numbering=STYLE' between files.
Analogous to `--body-numbering'.

`-h STYLE' A logical page consists of three sections: header, body, and footer. Any of the sections can be
`--header-numbering=STYLE' empty. Each can be numbered in a different style from the others.
Analogous to `--body-numbering'.

`-i NUMBER' The beginnings of the sections of logical pages are indicated in the input file by a line containing
`--page-increment=NUMBER' exactly one of these delimiter strings:
Increment line numbers by NUMBER (default 1). `\:\:\:' start of header;
`\:\:' start of body;
`--join-blank-lines=NUMBER' `\:' start of footer.
Consider NUMBER (default 1) consecutive empty lines to be one The two characters from which these strings are made can be changed from `\' and `:' via options
logical line for numbering, and only number the last one. Where (see above), but the pattern and length of each string cannot be changed. A section delimiter is
fewer than NUMBER consecutive empty lines occur, do not number
them. An empty line is one that contains no characters, not even
replaced by an empty line on output.
spaces or tabs.
Any text that comes before the first section delimiter string in the input file is considered to be
`-n FORMAT' part of a body section, so `nl' treats a file that contains no section delimiters as a single body
Select the line numbering format (default is `rn'): section.

left justified, no leading zeros;
No Hang Up. Run a command immune to hangups, runs the given command with hangup signals
`rn' ignored, so that the command can continue running in the background after you log out.
right justified, no leading zeros; SYNTAX
nohup Command [Arg]...
`rz' `nohup' increases the scheduling priority of COMMAND by 5, this gives a slightly lower priority.
right justified, leading zeros.

If standard output is a terminal, it and standard error are redirected so that they are appended to
`--no-renumber' the file `nohup.out'; if that cannot be written to, they are appended to the file
Do not reset the line number at the start of a logical page. `$HOME/nohup.out'. If that cannot be written to, the command is not run.
`--number-separator=STRING' If `nohup' creates either `nohup.out' or `$HOME/nohup.out', it creates it with no "group" or
Separate the line number from the text line in the output with "other" access permissions. It does not change the permissions if the output file already existed.
STRING (default is the TAB character).
`nohup' does not automatically put the command it runs in the background; you must do that
`--starting-line-number=NUMBER' explicitly, by ending the command line with an `&'.
Set the initial line number on each logical page to NUMBER
(default 1). notify-send
Bash programming for linux | 100
A program to send desktop notifications, inform the user about an event or display some form of Look up information for host using the current default server or using
information without getting in the user’s way. if specified. If host is an Internet address and the query type is A or
notify-send [OPTIONS] [body]
the name of the host is returned. If host is a name and does not have a
period, the default domain name is appended to the name. (This behavior
-u, --urgency=LEVEL
The urgency level (low, normal, critical).
on the state of the set options domain , srchlist , defname , and
-t, --expire-time=TIME
The timeout in milliseconds at which to expire the
To look up a host not in the current domain, append a period to the
-i, --icon=ICON[,ICON...]
server domain
An icon filename or stock icon to display.
lserver domain
Change the default server to domain ; lserver uses the initial server to
-c, --category=TYPE[,TYPE...]
look up
Specifies the notification category.
information about domain while server uses the current default server.
If an authoritative answer can't be found, the names of servers that
-?, --help
might have
Show a help message
the answer are returned.
-h, --hint=TYPE:NAME:VALUE
Change the default server to the server for the root of the domain name
Pass extra data. Valid TYPEs are int, double, string and byte.
Currently, the host is used. (This command is a synonym
To use notify-send, you may need to install the following package: for
$ sudo apt-get install libnotify-bin `lserver' The name of the root server can be changed
Examples with
the `set root ' command.
$ notify-send "Hello World"
$ notify-send -t 5000 -u low "Hello World" finger [name ] [> filename ]
The return status is zero if all information was written successfully. finger [name ] [>> filename ]
Connects with the finger server on the current host. The current host
nslookup is
defined when a previous lookup for a host was successful and returned
Query Internet name servers address
Syntax: information (see the `set querytype=A ' command). The name is optional.
nslookup > and
>> can be used to redirect output in the usual manner.
nslookup host-to-find
ls [option ] domain [> filename ]
nslookup server ls [option ] domain [>> filename ]
List the information available for domain , optionally creating or
interactive mode: appending
to filename The default output contains host names and their Internet
nslookup -server addresses.
Option can be one of the following:
nslookup [-options] [host-to-find ]
-t querytype list all records of the specified type (see querytype
Options: below).
-a list aliases of hosts in the domain; synonym for `-t
host [server ] CNAME '
-d list all records for the domain; synonym for `-t ANY'

Bash programming for linux | 101

-h list CPU and operating system information for the op mnemonic [arg]
domain; synonym for `-t HINFO'
-s list well-known services of hosts in the domain; Key
synonym for `-t WKS' -V Show version number.

When output is directed to a file, hash marks are printed for every 50 -l List available commands.
records Note that this will only display commands you are permitted to run.
received from the server. Configuration
view filename
Configuration entries are read from /etc/op.conf and all files in lexical order from /etc/op.d with
Sort and lists the output of previous ls command(s) with more(1). the extension .conf. Files must be owned by root and not have group or other permissions set.
The fields of the entries in the configuration files are separated by white space. Each entry may
set keyword [= value ] span several lines and continues until the next alphanumeric string is found at the beginning of a
This command is used to change state information that affects the
lookups. lines (which is taken to be the next mnemonic or variable definition, and thus the beginning of a
run man nslookup for a full list of valid keywords. new entry). Comments may be embedded beginning with a # character. Each entry in the
configuration files has the following form:
set all Print the current value of the frequently-used options mnemonic
to set Information about the current default server and host is also
printed. command [ arg ... ] ; [ option ... ]
help var=value
? Print a brief summary of commands.
exit Exit the program. var a variable name, which must be an upper case alphanumeric identifier. Variables are
Nslookup has two modes: interactive and non-interactive. expanded when reading options.
Interactive mode allows the user to query name servers for information about various hosts and value the remainder of the line is taken to be the value of the variable.
domains or to print a list of hosts in a domain. mnemonic a unique, alphanumeric identifier for each operator function.
Non-interactive mode is used to print just the name and requested information for a host or command the full pathname of the executable to be run by op when the associated mnemonic is
domain. chosen.
The options listed under the `set ' command can be specified in the .nslookuprc file in the user's arg(s) any arguments, either literal or variable, needed by command. Literal arguments are simply
home directory (listed one per line). Options can also be specified on the command line if they specified directly, like specific command options (0Gun) or files (/dev/rmt20). Variable
precede the arguments and are prefixed with a hyphen. arguments are specified here as $1, $2 ... $n;
For a full list look in the options section of the op man page( man op ).
open $* indicates any number trailing arguments.
Open a file in its default application, using virtual terminal (VT). Examples
Syntax Example /etc/op.conf:
open Files... # Define some users
files The filename(s) to open, wildcards are accepted. # Define hosts that Fred is restricted to
Example FRED_HOSTS=(alpha|beta)
Open all the text files in the current directory using your default text editor: # Define hosts that Barry is restricted to
open *.txt BARRY_HOSTS=(theta|gamma)
# Define user/host access list
Operator access. A flexible means for system administrators to grant trusted users access to # 'op shell' - gives user a root shell
certain root operations without having to give them full superuser privileges. shell

Bash programming for linux | 102

/bin/su -; -S, --status report password status on the named account (root only)
users=ACCESS_LIST --stdin read new tokens from stdin (root only)
password -u, --unlock unlock the named account (root only)
help="Root shell"
-?, --help Show this help message
# 'op reboot' - reboot system
reboot --usage Display brief usage message
/sbin/reboot; If no options are specified - passwd will change the password of the currently logged in user -
users=ACCESS_LIST will prompt for the old and new passwords.
password Password aging (for new accounts) can be set to enforce a limited lifetime for each password:
help="Reboot system" /etc/login.defs
# 'op shutdown <time>' - shutdown at a parameters: PASS_MAX_DAYS, PASS_MIN_DAYS, PASS_WARN_AGE
# certain time. Restricts argument to
# valid values only paste
shutdown Merge lines of files, write to standard output lines consisting of sequentially corresponding lines
/sbin/shutdown -h $1; of each given file, separated by a TAB character.
$1=(now|[0-1]?[0-9]:[0-9][0-9]|2[0-3]:[0-5][0-9]|+[0-9]+) paste [options]... [file]...
help="Shutdown system" OPTIONS
# Switch inetd on and off, shows complex -s
# shell example and 'string' arguments. $1 --serial
Paste the lines of one file at a time rather than one line from
# in this example is expanded by op each file.
inetd /bin/sh -c '
case $1 in -d DELIM-LIST
on) /usr/sbin/inetd -s ;; --delimiters DELIM-LIST
Consecutively use the characters in DELIM-LIST instead of TAB to
off) /usr/bin/pkill inetd ;; separate merged lines. When DELIM-LIST is exhausted, start again
esac at its beginning.
users=ACCESS_LIST Standard input is used for a file name of `-' or if no input files are given.
passwd Test a network connection. When using ping for fault isolation, it should first be run on the local
host, to verify that the local network interface is up and running. Then, hosts and gateways further
Modify a user password.
SYNTAX and further away should be `pinged'.
passwd [options...] Syntax
ping [options] destination_host
-d, --delete delete the password for the named account (root only) Options

-f, --force force operation (effectively calls `chfn'?) -a Audible ping.

-k, --keep-tokens keep non-expired authentication tokens -A Adaptive ping. Interpacket interval adapts to round-trip time,
so that effectively not more than one (or more, if preload is set)
-l, --lock lock the named account (root only) unanswered probes

Bash programming for linux | 103

present in the network. Minimal interval is 200msec for not super- -R Record route(IPv4 only). Includes the RECORD_ROUTE option in the
user. ECHO_REQUEST packet and
On networks with low rtt this mode is essentially equivalent to display the route buffer on returned packets.
flood mode. Note that the IP header is only large enough for nine such routes.
Many hosts ignore or discard this option.
-b Allow pinging a broadcast address.
-r Bypass the normal routing tables and send directly to a host on an
-B Do not allow ping to change source address of probes. The address attached network.
is bound to one selected when ping starts. If the host is not on a directly-attached network, an error is
-c count Stop after sending (and receiving) count ECHO_RESPONSE packets. This option can be used to ping a local host through an interface
that has no route through it
-d Debug, Set the SO_DEBUG option on the socket being used. (e.g., after the interface was dropped by routed(8)).

-F flow_label Allocate and set 20 bit flow label on echo request packets. -s packetsize
(Only ping6). The number of data bytes to be sent. The default is 56, which
If value is zero, kernel allocates random flow label. translates into
64 ICMP data bytes when combined with the 8 bytes of ICMP header
-f Flood ping, output packets as fast as they come back or 100 times data.
per second.
-S sndbuf Set socket sndbuf. If not specified, it is selected to buffer not
-i wait Set an interval of wait seconds between sending each packet. more than one packet.
default=one second.
Only super-user may set wait to values less 0.2 seconds. -t ttl Set the IP Time to Live.
(incompatible with -f)
-T timestamp_option
-I interface address Set special IP timestamp options, either 'tsonly' (only
Set source address to specified interface_address. timestamps),
Argument may be numeric IP address or name of device. 'tsandaddr' (timestamps and addresses)
Required when pinging an IPv6 link-local address. or 'tsprespec host1 [host2 [host3 [host4]]]' (timestamp
prespecified hops).
-l preload If preload is specified, ping sends that many packets as fast as
possible before falling into its normal mode of behavior. -M hint Select Path MTU Discovery strategy. hint may be either 'do'
Only the super-user may select preload more than 3. (prohibit fragmentation,
even local one), 'want' (do PMTU discovery, fragment locally when
-L Suppress loopback of multicast packets. packet size is large),
only applies if the ping destination is a multicast address. or 'dont' (do not set DF flag).

-n Numeric output only. No attempt will be made to lookup symbolic -U Print full user-to-user latency (the old behaviour).
names for host addresses. Normally ping prints network round trip time, which can be
-p pattern different f.e. due to DNS failures.
Specify up to 16 `pad' bytes to fill out the packet sent.
This is useful for diagnosing data-dependent problems in a -v Verbose output. ICMP packets other than ECHO_RESPONSE that are
network. eg, `-p ff' will fill the packet sent with all ones. received are listed.

-q Quiet output. Only display the summary lines at startup time and Ping is intended for use in network testing, measurement and management. Because of the load it
when finished.
can impose on the network, it is unwise to use ping during normal operations or from automated
-Q tos Set Quality of Service -related bits in ICMP datagrams. tos can be scripts.
a decimal or hex number. If ping does not receive any reply packets at all it will exit with code 1. If a packet count and
Multiple TOS bits should not be set simultaneously. For detail see deadline are both specified, and fewer than count packets are received by the time the deadline
RFC1349 and RFC2474
has arrived, it will also exit with code 1. On other error it exits with code 2. Otherwise it exits
with code 0. This makes it possible to use the exit code to see if a host is alive or not.

Bash programming for linux | 104

Flood Ping The maximum possible value of this field is 255, and most Unix systems set the TTL field of
For every ECHO_REQUEST sent a period `.' is printed, while for every ECHO_REPLY received ICMP ECHO_REQUEST packets to 255. This is why you will find you can `ping' some hosts,
a backspace is printed. This provides a rapid display of how many packets are being dropped. but not reach them with telnet(1) or ftp.
Only the super-user may use this option. This can be very hard on a network and should be used In normal operation ping prints the ttl value from the packet it receives. When a remote system
with caution. receives a ping packet, it can do one of three things with the TTL field in its response:
Round-trip times and packet loss statistics are computed. If duplicate packets are received, they  Not change it; this is what Berkeley Unix systems did before the 4.3BSD-Tahoe release. In this
are not included in the packet loss calculation, although the round trip time of these packets is case the TTL value in the received packet will be 255 minus the number of routers in the round-
used in calculating the minimum/average/maximum round-trip time numbers. When the specified trip path.
number of packets have been sent (and received) or if the program is terminated with a SIGINT, a  Set it to 255; this is what current Berkeley Unix systems do. In this case the TTL value in the
brief summary is displayed. received packet will be 255 minus the number of routers in the path from the remote system to
Flood pinging is not recommended in general, and flood pinging the broadcast address should the pinging host.
only be done under very controlled conditions.  Set it to some other value. Some machines use the same value for ICMP packets that they use for
ICMP Packet Details TCP packets, for example either 30 or 60. Others may use completely wild values.
An IP header without options is 20 bytes. An ICMP ECHO_REQUEST packet contains an
additional 8 bytes worth of ICMP header followed by an arbitrary amount of data. When a pgrep / pkill
packetsize is given, this indicated the size of this extra piece of data (the default is 56). Thus the pgrep searches through the currently running processes, pkill will send the specified signal (by
amount of data received inside of an IP packet of type ICMP ECHO_REPLY will always be 8 default SIGTERM) to each process instead of listing them on stdout.
bytes more than the requested data space (the ICMP header). Syntax
pgrep [-flvx] [-d delimiter] [-n|-o] [-P ppid,...] [-g pgrp,...]
If the data space is at least eight bytes large, ping uses the first eight bytes of this space to include [-s sid,...] [-u euid,...] [-U uid,...] [-G gid,...]
a timestamp which it uses in the computation of round trip times. If less than eight bytes of pad [-t term,...] [pattern]
are specified, no round trip times are given.
Duplicate and Damaged Packets pkill [-signal] [-fvx] [-n|-o] [-P ppid,...] [-g pgrp,...]
[-s sid,...] [-u euid,...] [-U uid,...] [-G gid,...]
Ping will report duplicate and damaged packets. [-t term,...] [pattern]
Duplicate packets are rarely; if ever; a good sign, although the presence of low levels of
duplicates may not always be cause for alarm. Key
Damaged packets are a serious cause for alarm and often indicate broken hardware somewhere in pattern
An Extended Regular Expression to match process names or command lines.
the ping packet's path (in the network or in the hosts).
Different Data Patterns -d delimiter
The (inter)network layer should never treat packets differently depending on the data contained in Set the string used to delimit each process ID in the output
the data portion. Unfortunately, data-dependent (by default a newline). (pgrep only.)
problems have been known to sneak into networks and remain undetected for long periods of The pattern is normally only matched against the process name.
time. If you have a data-dependent problem you will probably have to do a lot of testing to find it. When -f is set, the full command line is used.
If you are lucky, you may manage to find a file that either can't be sent across your network or -g pgrp,...
Only match processes in the process group IDs listed.
that takes much longer to transfer than other similar length files. You can then examine this file Process group 0 is translated into pgrep's or pkill's own process group.
for repeated patterns that you can test using the -p option of ping. -G gid,...
TTL Details Only match processes whose real group ID is listed.
The Time To Live, (TTL) value of an IP packet represents the maximum number of IP routers Either the numerical or symbolical value may be used.
that the packet can go through before being thrown away. In current practice you can expect each List the process name as well as the process ID. (pgrep only.)
router in the Internet to decrement the TTL field by exactly one. -n
The TCP/IP specification states that the TTL field for TCP packets should be set to 60, but many Select only the newest (most recently started) of the matching processes.
systems use smaller values (4.3 BSD uses 30, 4.2 used 15). -o
Select only the oldest (least recently started) of the matching processes.
-P ppid,...

Bash programming for linux | 105

Only match processes whose parent process ID is listed. -N Remove the Nth directory (counting from the right of the list
-s sid,... printed by dirs), starting with zero.
Only match processes whose process session ID is listed.
Session ID 0 is translated into pgrep's or pkill's own session ID. -n Suppress the normal change of directory when removing directories from
-t term,... the stack, so that only the stack is manipulated.
Only match processes whose controlling terminal is listed. When no arguments are given, popd removes the top directory from the stack and performs a cd
The terminal name should be specified without the "/dev/" prefix.
-u euid,...
to the new top directory.
Only match processes whose effective user ID is listed.
Either the numerical or symbolical value may be used. The elements are numbered from 0 starting at the first directory listed with dirs; i.e., popd is
-U uid,... equivalent to popd +0.
Only match processes whose real user ID is listed.

Either the numerical or symbolical value may be used.
Negates the matching. Prepare files for printing, printing and pagination filter for text files.
-x When multiple input files are specified, each is read, formatted, and written to standard output.
Only match processes whose name (or command line if -f is specified) SYNTAX
exactly match the pattern. pr [options] [file ...]
Defines the signal to send to each matched process. OPTIONS
Either the numeric or the symbolic signal name can be used. (pkill only.)
All the criteria have to match. +beg_pag[:end-pag],
For example, pgrep -u root sshd will only list the processes called sshd AND owned by root. --pages=[beg_pag[:end-pag]
On the other hand, pgrep -u root,daemon will list the processes owned by root OR daemon. Begin printing on page beg_pag and end on end-pag if specified.
Examples -num_cols
Example 1: Find the process ID of the named daemon: --columns=num_cols
$ pgrep -u root named Print in num_cols number of columns, balancing the number of lines
Example 2: Make syslog reread its configuration file: in the columns on each page.
$ pkill -HUP syslogd -a
Example 3: Give detailed information on all xterm processes: --across
$ ps -fp $(pgrep -d, -x xterm) Print columns horizontally, not vertically.
Example 4: Make all netscape processes run nicer: -c
$ renice +4 'pgrep netscape' --show-control-chars
Exit Status Convert control characters to hat notation (such as ^C) and other
1. One or more processes matched the criteria. unprintable characters to octal backslash format.
2. No processes matched. --double-space
3. Syntax error in the command line. Double space.
4. Fatal error: out of memory etc.
popd --expand-tabs=[tab-char[width]]
Convert tabs (or tab-chars) to spaces.
Remove the top entry from the directory stack, and cd to the new top directory. If width is specified, convert tabs to width characters (default is 8).
popd [+N | -N] [-n] -f
Key --form-feed
+N Remove the Nth directory (counting from the left of the list Separate pages with form feeds, not newlines.
printed by dirs), starting with zero.
-h header

Bash programming for linux | 106

--header=header Convert unprintable characters to octal backslash format.
Use header for the header instead of the filename.
-w page_width
-i[out-tab-char[out-tab-width]] --width=page_width
--output-tabs[=out-tab-char[out-tab-width]] Set the page width to page_width characters for multi-column output.
Replace spaces with tabs on output. Can specify alternative tab character Default is 72.
(default is tab) and width (default is 8).
-W page_width
-J --page-width=page_width
--join-lines Set the page width to always be page_width characters.
Merge full lines; ignore -W if set. Default is 72.

-l lines file
--length=lines A pathname of a file to be printed.
Set page length to lines (default 66). If lines is less than 10, omit If no file operands are specified, or if a file operand is `-',
headers and footers. the standard input is used.

-m --help
--merge Print a help message and then exit.
Print all files, one file per column.
-n[delimiter[digits]] Print version information and then exit.
Number columns, or, with the -m option, number lines.
Append delimiter to each number (default is a tab) and limit
the size of numbers to digits (default is 5). Format and print data.
Write the formatted arguments to the standard output under the control of the format.
-o width SYNTAX
--indent=width printf format [argument]...
Set left margin to width.
printf --help
--no-file-warnings printf --version
Continue silently when unable to open an input file.
--separator[=delimiter] The format characters and their meanings are:
Separate columns with delimiter (default is a tab) instead of spaces.
\" double quote
--sep-string[=string] \0NNN character with octal value NNN (0 to 3 digits)
Separate columns with string. Default is a tab with -J and a space
otherwise. \\ backslash

-t \a alert (BEL)
Suppress headers, footers, and fills at end of pages. \b backspace

-T \c produce no further output

Like -t but also suppress form feeds. \f form feed

-v \n new line

Bash programming for linux | 107

\r carriage return # Print text followed by variable $USER
$ printf "Hello, $USER.\n\n"
\t horizontal tab
# Display an integer variable
\v vertical tab $ printf "Distance = %5d Miles" $distance
Distance = 27 Miles
\xNNN byte with hexadecimal value NNN (1 to 3 digits)
# Print text interspersed with command results
\uNNNN character with hexadecimal value NNNN (4 digits) $ printf "This is `uname -s` running on a `uname -m` processor.\n\n"

character with hexadecimal value NNNNNNNN (8 digits)
Process status, information about processes running in memory. If you want a repetitive update of
%% a single % this status, use top.
%b ARGUMENT as a string with `\' escapes interpreted
ps option(s)
%Wd Integer `W' digits wide xxxx ps [-L]

%W.De Scientific notation x.xxxx e nnn. float, double Options

-L List all the keyword options
%W.Df Fixed format xx.xxxx. float, double This version of ps accepts 3 kinds of option:
%W.Dg Variable `W' digits wide,`D' decimals xxxx.xx
-Unix98 options may be grouped and must be preceeded by a dash.
%q Output the corresponding argument in a format that can be BSD options may be grouped and must not be used with a dash.
reused as shell input --GNU long options are preceeded by two dashes.
%s Character string char
Options of different types may be freely mixed. The PS_PERSONALITY environment variable
and all C format specifications ending with one of diouxXfeEgGcs, with provides more detailed control of ps behavior.
ARGUMENTs converted to proper type first. Variable widths are handled.
e.g. `\0ooo' = an octal number, `\xhhh' = a hex number
The format is a character string which contains three types of objects: The Options below are listed side-by-side (unless there are differences).
Simple Process Selection:
 Plain characters, which are simply copied to standard output, -A a select all processes (including those of other users)
 Character escape sequences, which are converted and copied to standard output, -a select all with a tty except session leaders
-d select all, but omit session leaders
 Format specifications, each of which causes printing of the next successive argument. -e select all processes
The format is reused as necessary to consume all of the arguments. If the format requires more g really all, even group leaders (does nothing w/o SunOS
arguments than are supplied, the extra format specifications behave as if a zero value or null settings)
string, as appropriate, had been supplied. -N negate selection
r restrict output to running processes
The return value is zero on success, non-zero on failure. T select all processes on this terminal
Examples x select processes without controlling ttys
# Use \n to start a new line --deselect negate selection
$ printf "Two separate\nlines\n"
Two separate Process Selection by List:
-C select by command name
# Echo a list of numbers from 1 to 100, adding 3 digits of Zero padding -G select by RGID (supports names)
# so they appear as 001, 002, 003 etc: -g select by session leader OR by group name
$ for ((num=1;num<=100;num+=1)); do echo `printf "%03d" $num`; done --Group select by real group name or ID
--group select by effective group name or ID

Bash programming for linux | 108

-p p --pid select by process ID (PID) --no-headers print no header line at all
-s --sid select by session ID --lines set screen height
-t --tty select by terminal (tty) --nul unjustified output with NULs
-u U select by effective user ID (supports names) --null unjustified output with NULs
-U select by RUID (supports names) --rows set screen height
--User select by real user name or ID --sort specify sorting order
--user select by effective user name or ID --width set screen width
--zero unjustified output with NULs
-123 implied --sid
123 implied --pid Information:
-V V print version
Output Format Control: L list all format specifiers
--help print help message
-c Different scheduler info for -l option --info print debugging info
-f Full listing --version print version
-j j Jobs format
-l l Long format Obsolete:
-O O Add the information associated with the space or comma A increase the argument space (DecUnix)
separated M use alternate core (try -n or N instead)
list of keywords specified, after the process ID, in the W get swap info from ... not /dev/drum (try -n or N instead)
default k use /vmcore as c-dumpfile (try -n or N instead)
information display. NOTES
-o o Display information associated with the space or comma
The "-g" option can select by session leader OR by group name. Selection by session leader is
separated specified by many standards, but selection by group is the logical behavior that several other
list of keywords specified. operating systems use. This ps will select by session leader when the list is completely numeric
--format user-defined format (as sessions are). Group ID numbers will work only when some group names are also specified.
s display signal format
u display user-oriented format
v display virtual memory format The "m" option should not be used. Use "-m" or "-o" with a list. ("m" displays memory info,
X old Linux i386 register format shows threads, or sorts by memory use)
-y do not show flags; show rss in place of addr

Output Modifiers: The "h" option varies between BSD personality and Linux usage (not printing the header)
C use raw CPU time for %CPU instead of decaying average Regardless of the current personality, you can use the long options --headers and --no-headers
c true command name
e show environment after the command
f ASCII-art process hierarchy (forest)
Terminals (ttys, or screens of text output) can be specified in several forms: /dev/ttyS1, ttyS1, S1.
-H show process hierarchy (forest) Obsolete "ps t" (your own terminal) and "ps t?" (processes without a terminal) syntax is
h do not print header lines (repeat header lines in BSD supported, but modern options ("T","-t" with list, "x", "t" with list) should be used instead.
-m m show all threads
-n set namelist file
The BSD "O" option can act like "-O" (user-defined output format with some common fields
n numeric output for WCHAN and USER predefined) or can be used to specify sort order. Heuristics are used to determine the behavior of
N specify namelist file this option. To ensure that the desired behavior is obtained, specify the other option (sorting or
O sorting order (overloaded) formatting) in some other way.
S include some dead child process data (as a sum with the
-w w wide output For sorting, BSD "O" option syntax is O[+|-]k1[,[+|-]k2[,...]] Order the process listing according
--cols set screen width to the multilevel sort specified by the sequence of short keys from SORT KEYS, k1, k2, ... The
--columns set screen width `+' is quite optional, merely re-iterating the default direction on a key. `-' reverses direction only
--forest ASCII art process tree
--html HTML escaped output on the key it precedes.
--headers repeat header lines The O option must be the last option in a single command argument, but specifications in
Bash programming for linux | 109
successive arguments are catenated. D uninterruptible sleep (usually IO)
R runnable (on run queue)
S sleeping
GNU sorting syntax is --sortX[+|-]key[,[+|-]key[,...]] T traced or stopped
Choose a multi-letter key from the SORT KEYS section. X may be any convenient separator Z a defunct ("zombie") process
character. To be GNU-ish use `='. The `+' is really optional since default direction is increasing
For BSD formats and when the "stat" keyword is used,
numerical or lexicographic order. For example, ps jax --sort=uid,-ppid,+pid additional letters may be displayed:
W has no resident pages
This ps works by reading the virtual files in /proc. This ps does not need to be suid kmem or have < high-priority process
any privileges to run. Do not give this ps any special permissions. N low-priority task
L has pages locked into memory (for real-time and custom IO)

This ps needs access to a namelist file for proper WCHAN display. The namelist file must match ENVIRONMENT VARIABLES and PERSONALITY (posix,linux,bsd,sun)
the current Linux kernel exactly for correct output. Examples:
List every process on the system using standard syntax:
To produce the WCHAN field, ps needs to read the file created when the kernel is ps -e
compiled. The search path is:
$PS_SYSTEM_MAP List every process on the system using BSD syntax:
/boot/`uname -r`
ps ax
/lib/modules/`uname -r`/ List the top 10 CPU users.
/usr/src/linux/ ps -e -o pcpu -o pid -o user -o args | sort -k 1 | tail -21r
The member used_math of task_struct is not shown, since crt0.s checks to see if math is present. List every process except those running as root (real & effective ID)
This causes the math flag to be set for all processes, and so it is Programs swapped out to disk ps -U root -u root -N
will be shown without command line arguments, and unless the c option is given, in brackets.
List every process with a user-defined format:
%CPU shows the cputime/realtime percentage. It will not add up to 100% unless you are lucky. It ps -eo pid,tt,user,fname,tmout,f,wchan
is time used divided by the time the process has been running.
Odd display with AIX field descriptors:
The SIZE and RSS fields don't count the page tables and the task_struct of a proc; this is at least ps -o "%u : %U : %p : %a"
12k of memory that is always resident. SIZE is the virtual size of the proc (code+data+stack).
Print only the process IDs of syslogd:
Processes marked defunct are dead processes (so-called"zombies") that remain because their ps -C syslogd -o pid=
parent has not destroyed them properly. These processes will be destroyed by init(8) if the parent When displaying multiple fields, part of the output may be truncated, to avoid this supply a width
process exits. to the arguments:
PROCESS FLAGS ps -e -o user:20,args.
ALIGNWARN 001 print alignment warning msgs
STARTING 002 being created Since ps cannot run faster than the system and is run as any other scheduled process, the
EXITING 004 getting shut down information it displays can never be exact.
PTRACED 010 set if ptrace (0) has been called
tracing system calls
forked but didn't exec
SUPERPRIV 100 used super-user privileges Save and then change the current directory. With no arguments, pushd exchanges the top two
DUMPCORE 200 dumped core directories.
SIGNALED 400 killed by a signal SYNTAX
pushd [dir | +N | -N] [-n]

Bash programming for linux | 110

+N Brings the Nth directory (counting from the left of the list The -q flag takes precedence over the -v flag.
printed by dirs, starting with zero) to the top of the list by
rotating the stack.
Quota reports the quotas of all the filesystems listed in /etc/fstab. For filesystems that are NFS-
-N Brings the Nth directory (counting from the right of the list mounted a call to the rpc.rquotad on the server machine is performed to get the information. If
printed by dirs, starting with zero) to the top of the list by quota exits with a non-zero status, one or more filesystems are over quota.
rotating the stack.

-n Suppresses the normal change of directory when adding directories to the Files
stack, so that only the stack is manipulated. quota.user located at the filesystem root with user quotas located at the filesystem root with group quotas
dir Makes the current working directory be the top of the stack, and then
executes /etc/fstab to find filesystem names and locations
the equivalent of `cd dir'. cds to dir.
pwd Scan a file system for disk usage
Print Working Directory (shell builtin) Syntax
Syntax quotacheck [-g] [-u] [-v] -a
pwd [-LP] quotacheck [-g] [-u] [-v] filesys ...
Quotacheck performs a filesystems scan for usage of files and directories, used by either user or
Options group. The output is the quota file for the corresponding filesystem. By default the names for
-P : The pathname printed will not contain symbolic links.
-L : The pathname printed may contain symbolic links
these files are:
The default action is to show the current folder as an absolute path. - A user scan: quota.user
All components of the path will be actual folder names - none will be symbolic links. - A group scan:

quota The resulting file consist of a struct dqblk for each possible id up to the highest existing uid or gid
and contains the values for the disk file and block usage and possibly excess time for these
Display disk usage and limits, by default only the user quotas are printed.
SYNTAX values. ( for definitions of struct dqblk see )
quota [ -guv | q ]
quota [ -uv | q ] user Quotacheck should be run each time the system boots and mounts non-valid file systems. This is
quota [ -gv | q ] group
most likely to happen after a system crash.
-g Print group quotas for the group of which the user The speed of the scan is proportional to the number of directories/files.
is a member. OPTIONS
-v This way the program will give some useful information
-u Print user quotas (this is the default) about what it is doing, plus some fancy
-v Verbose, will display quotas on filesystems where no
storage is allocated. -d This means debug. It will result in a lot of information
which can be used in debugging the program.
-q Print a more terse message, containing only information The output is very verbose and the scan will not be
on filesystems where usage is over quota. fast.
Specifying both -g and -u displays both the user quotas and the group quotas (for the user).
-u This flag tells the program to scan the disk and to
count the files and directories used by a certain
Only the super-user may use the -u flag and the optional user argument to view the limits of other uid. This is the default action.
users. Non- super-users can use the the -g flag and optional group argument to view only the
limits of groups of which they are members. -g This flag forces the program to count the the files
and directories used by a certain gid.

Bash programming for linux | 111

-a Check all of the quotas for the filesystems mentioned Q_SETQLIM Set disk quota limits for user or group id.
in /etc/fstab. Both user and group quotas addr is a pointer to a dqblk structure
are checked as indictated by the /etc/fstab (defined in <linux/quota.h>). This call is
options. restricted to the super-user.

-R When used in conjunction with -a, all filesystems Q_SYNC Update the on-disk copy of quota usages for
except the root filesystem are checked for quotas. a file system. If special is null then all
NOTE Quotacheck should only be run as Super User. Non-priviliged users are presumably not file systems with active quotas are
sync'ed. addr and uid are ignored.
allowed to read all the directories on the given file system.
Set disk quotas 0 on success.
#include <linux/quota.h> -1 on failure and sets errno to indicate the error.

int quotactl(cmd, special, uid, addr)

int cmd;
ram disk device
char *special;
int uid; Ram is a block device to access the ram disk in raw mode.
caddr_t addr; It is typically created by:
mknod -m 660 /dev/ram b 1 1
DESCRIPTION chown root:disk /dev/ram
The quotactl() call manipulates disk quotas. cmd indicates a command to be applied to UID id or Files
GID id. To set the type of quota use the QCMD(cmd,type) macro. special is a pointer to a null- /dev/ram
terminated string containing the path name of the block special device for the file system being
manipulated. addr is the address of an optional, command specific, data structure which is copied rcp
in or out of the system. The interpretation of addr is given with each command below. Remote Copy - move files between machines.
Q_QUOTAON Turn on quotas for a file system. addr Each file or directory is either a remote filename of the form rname@rhost:path or a local
points to the path name of file containing filename.
the quotas for the file system. The quota Syntax
file must exist; it is normally created rcp [options] file1 file2
with the quotacheck program. This call
is restricted to the super-user. rcp [options] file ... directory
Q_QUOTAOFF Turn off quotas for a file system. addr Options
and uid are ignored. This call is -k Attempt to get tickets for remote host; query krb_realmofhost to
restricted to the super-user. determine realm.
Q_GETQUOTA Get disk quota limits and current usage for -p Preserve modification times and modes of the source files.
user or group id. addr is a pointer to a
dqblk structure (defined in -r If any of the source files are directories, rcp copies each subtree
<linux/quota.h>). Only the super-user may rooted at that name.
get the quotas of a user other than himself. The destination must be a directory.

-x Turns on DES encryption for all data passed by rcp.

Q_SETQUOTA Set disk quota limits and current usage for
user or group id. addr is a pointer to a
dqblk structure (defined in read
<linux/quota.h>). This call is restricted Read a line from standard input
to the super-user. Syntax
read [-ers] [-a aname] [-p prompt] [-t timeout]

Bash programming for linux | 112

[-n nchars] [-d delim] [name...] The backslash character `\' may be used to remove any special meaning for the next character
Options read and for line continuation.

-a aname If no names are supplied, the line read is assigned to the variable REPLY. The return code is zero,
The words are assigned to sequential indices of the array variable aname,
starting at 0. All elements are removed from aname before the assignment.
unless end-of-file is encountered or read times out.
Other name arguments are ignored. Examples
-d delim read var_year
The first character of delim is used to terminate the input line,
rather than newline.
echo "The year is: $var_year"
echo -n "Enter your name and press [ENTER]: "
-e read var_name
If the standard input is coming from a terminal, Readline is used echo "Your name is: $var_name"
to obtain the line.

-n nchars readonly
read returns after reading nchars characters rather Mark variables/functions as readonly.
than waiting for a complete line of input. Syntax
readonly [-apf] [name] ...
-p prompt
Display prompt, without a trailing newline, before attempting Options
to read any input. The prompt is displayed only if input is coming from a -f Each name refers to a shell function
terminal. -a Each name refers to an array variable
-p Print a list of all readonly names (This is the default)
If this option is given, backslash does not act as an escape character.
The values of these names may not be changed by subsequent assignment.
The backslash is considered to be part of the line. In particular, a
backslash-newline The `-p' option causes output to be displayed in a format that may be reused as input.
pair may not be used as a line continuation.

-s The return status is zero unless an invalid option is supplied, one of the name arguments is not a
Silent mode. If input is coming from a terminal, characters are not echoed. valid shell variable or function name, or the `-f' option is supplied with a name that is not a shell
-t timeout readonly is a BOURNE shell command and a POSIX `special' builtin.
Cause read to time out and return failure if a complete line
of input is not read within timeout seconds. This option has no
effect if read is not reading input from the terminal or a pipe. rename (linux only, not ubuntu)
This is a BASH shell builtin. Rename files.
rename from to file...
One line is read from the standard input, and the first word is assigned to the first name, the
rename will rename the specified files by replacing the first occurrence of from in their name by
second word to the second name, and so on, with leftover words and their intervening separators
assigned to the last name.
If there are fewer words read from the standard input than names, the remaining names are Given the files foo1, ..., foo9, foo10, ..., foo278, the commands
$ rename foo foo0 foo?
assigned empty values.
$ rename foo foo0 foo??
The characters in the value of the IFS variable are used to split the line into words. will turn them into foo001, ..., foo009, foo010, ..., foo278.
Fix the extension of your .htm files so they become .html :
$ rename .htm .html *.htm

Bash programming for linux | 113

Rename all files (*) to be lowercase:
$ rename 'y/A-Z/a-z/' *
-d, --directory unlink directory, even if non-empty (super-user only)
An alternative is to use a for loop, for example to change a bunch of .txt files to have the
extension .html -f, --force ignore nonexistent files, never prompt
$ for i in *.txt; do mv "$i" "`basename $i .txt`.html"; done
-i, --interactive prompt before any removal

return -r, -R, --recursive remove the contents of directories recursively

Cause a shell function to exit with the return value n.
-v, --verbose explain what is being done
return [n]
--help display this help and exit
--version output version information and exit
n Return value i.e. an errorlevel
If n is not supplied, the return value is the exit status of the last command executed in the To remove a file you must have write permission on the file and the folder where it is stored.
function. This may also be used to terminate execution of a script being executed with the . (or
source) builtin, returning either n or the exit status of the last command executed within the script rm -rf will recursively remove folders and their contents
as the exit status of the script.
The OWNER of a file does not need rw permissions in order to rm it.
The return status is false if return is used outside a function and not during the execution of a Undeletable files
script by . or source. The rm command accepts the `--' option which will cause it to stop processing flag options from
return is a BOURNE shell command and a POSIX `special' builtin. that point forward. This allows the removal of file names that begin with a dash (`-').
rm -- -filename
rev Alternatively use an absolute or relative path reference.
rm /home/user/-filename
Reverse lines of a file.
Syntax: rm ./-filename
To delete a file with non-printable characters in the name: `bad file name' Use the shell wildcard
rev [file] "?" for each character
The rev utility copies the specified files to the standard output, reversing the order of characters in rm bad?file?name
every line. Older file systems such as ext2fs, perform badly for massive bulk deletes. The newer ext3fs
If no file is specified, the standard input is read (type CTRL-D to end). doesn't have this performance problem.
The most common use of rev is to reverse the lines, apply a sort to the result and then pipe To remove a very large number of files from a directory it can be quicker to rm them one at a
through rev a second time to restore the original. time in a loop:
Example find my_dir -type f | while read -r; do rm -v "$REPLY"; sleep 0.2; done
Given the input of:
The quick brown fox rmdir
jumps over the lazy dog Remove directory, this command will only work if the folders are empty.
Rev will output: Syntax
xof mworb kciuq ehT rmdir [options]... folder(s)...
god yzal eht revo spmuj Options
rm Ignore each failure that is solely because the
Remove files (delete/unlink) directory is non-empty.
rm [options]... file... -p, --parents Remove explicit parent directories if being emptied

Bash programming for linux | 114

--verbose Output a diagnostic for every directory processed There are six different ways of using rsync. They are:
--help Display help and exit
. Copy local files. This is invoked when neither source nor destination path contains a : separator
--version Output version information and exit
Example : Copying from the local machine to a remote machine using a remote shell program as the
$ rmdir myfolder transport (such as rsh or ssh). This is invoked when the destination path contains a single :
Before removing directories with a wildcard, it's wise to list them first: separator.
$ ls -d britney*/
: Copy from a remote machine to the local machine using a remote shell program. This is
rsync (download) invoked when the source contains a : separator.
Remote file copy - Synchronize file trees across local disks, directories or across a network.
Syntax :: Copy from a remote rsync server to the local machine. This is invoked when the source path
contains a :: separator or a rsync:// URL.
# Local file to Local file
rsync [option]... Source [Source]... Dest
:: Copy from the local machine to a remote rsync server. This is invoked when the destination
# Local to Remote path contains a :: separator.
rsync [option]... Source [Source]... [user@]host:Dest

rsync [option]... Source [Source]... [user@]host::Dest # List files on a remote machine. This is done the same way as rsync transfers except that you
leave off the local destination.
# Remote to Local
rsync [option]... [user@]host::Source [Dest]
Note that in all cases (other than listing) at least one of the source and destination paths must be
rsync [option]... [user@]host:SourceDest local.
rsync [option]... rsync://[user@]host[:PORT]/Source [Dest]
You use rsync in the same way you use rcp.
rsync is a program that behaves in much the same way that rcp does, but has many more options You must specify a source and a destination, one of which may be remote.
and uses the rsync remote-update protocol to greatly speed up file transfers when the destination
file already exists. Perhaps the best way to explain the syntax is some examples:

rsync *.c foo:src/

The rsync remote-update protocol allows rsync to transfer just the differences between two sets of
files across the network link, using an efficient checksum-search algorithm described in the this would transfer all files matching the pattern *.c from the current directory
technical report that accompanies this package. to the directory src on the machine foo.
If any of the files already exist on the remote system then the
rsync remote-update protocol is used to update the file by sending only the
Some of the additional features of rsync are: differences.
See the tech report for details.
# support for copying links, devices, owners, groups and permissions
# exclude and exclude-from options similar to GNU tar rsync -avz foo:src/bar /data/tmp
# a CVS exclude mode for ignoring the same files that CVS would ignore this would recursively transfer all files from the directory src/bar
# can use any transparent remote shell, including rsh or ssh on the machine foo into the /data/tmp/bar directory on the local machine.
# does not require root privileges The files are transferred in "archive" mode, which ensures that symbolic links,
devices, attributes, permissions, ownerships etc are preserved in the transfer.
# pipelining of file transfers to minimize latency costs Additionally, compression will be used to reduce the size of data portions of the
# support for anonymous or authenticated rsync servers (ideal for mirroring) transfer.
rsync -avz foo:src/bar/ /data/tmp

Bash programming for linux | 115

a trailing slash on the source changes this behavior to transfer all files EXAMPLES
from the directory src/bar on the machine foo into the /data/tmp/.
A trailing / on a source name means "copy the contents of this directory". To Backup the home directory using a cron job:
Without a trailing slash it means "copy the directory".
This difference becomes particularly important when using the --delete option. rsync -Cavz . ss64:backup

You can also use rsync in local-only mode, where both the source and destination Run the above over a PPP link to a duplicate directory on machine "ss64".
don't have a ':' in the name.
In this case it behaves like an improved copy command. To synchronize samba source trees use the following Makefile targets:

rsync get:

rsync -avuzb --exclude '*~' samba:samba/ .
this would list all the anonymous rsync modules available on
the host (See the following section for more details.) put:
rsync -Cavuzb . samba:samba/
sync: get put
It is also possible to use rsync without using rsh or ssh as the transport.
In this case you will connect to a remote rsync server running on TCP port 873. this allows me to sync with a CVS directory at the other end of the link.
I then do cvs operations on the remote machine, which saves a lot of time
You may establish the connection via a web proxy by setting the environment as the remote cvs protocol isn't very efficient.
RSYNC_PROXY to a hostname:port pair pointing to your web proxy. I mirror a directory between my "old" and "new" ftp sites with the command
Note that your web proxy's configuration must allow proxying to port 873.
rsync -az -e ssh --delete ~ftp/pub/samba/ nimbus:"~ftp/pub/tridge/samba"
Using rsync in this way is the same as using it with rsh or ssh except that:
this is launched from cron every few hours.
# you use a double colon :: instead of a single colon to separate the hostname
from the path. OPTIONS SUMMARY

# the remote server may print a message of the day when you connect. Here is a short summary of the options available in rsync.
Please refer to the FULL List of OPTIONS for a complete description.
# if you specify no path name on the remote server then the list of accessible
paths on the server will be shown. What to copy:
-r, --recursive recurse into directories
# if you specify no local destination then a listing of the specified files on -R, --relative use relative path names
the remote server is provided. --exclude=PATTERN exclude files matching PATTERN
--exclude-from=FILE exclude patterns listed in FILE
Some paths on the remote server may require authentication. -I, --ignore-times don't exclude files that match length and time
If so then you will receive a password prompt when you connect. --size-only only use file size when determining if a file should
You can avoid the password prompt by setting the environment variable be transferred
RSYNC_PASSWORD to the password you want to use or using the --password-file --modify-window=NUM Timestamp window (seconds) for file match
option. (default=0)
This may be useful when scripting rsync. --include=PATTERN don't exclude files matching PATTERN
--include-from=FILE don't exclude patterns listed in FILE
WARNING: On some systems environment variables are visible to all users.
On those systems using --password-file is recommended. How to copy it:
-n, --dry-run show what would have been transferred
RUNNING AN RSYNC SERVER -l, --links copy symlinks as symlinks
-L, --copy-links copy the referent of symlinks
An rsync server is configured using a config file which by default is --copy-unsafe-links copy links outside the source tree
called /etc/rsyncd.conf. Please see the rsyncd.conf(5) man page for more --safe-links ignore links outside the destination tree
information. -H, --hard-links preserve hard links

Bash programming for linux | 116

-D, --devices preserve devices (root only) Tips on how to use each of the options above can be found in the
-g, --group preserve group FULL List of OPTIONS and Exit Values
-o, --owner preserve owner (root only)
-p, --perms preserve permissions EXCLUDE PATTERNS
-t, --times preserve times
-S, --sparse handle sparse files efficiently The exclude and include patterns specified to rsync allow for flexible selection
-x, --one-file-system don't cross filesystem boundaries of
-B, --block-size=SIZE checksum blocking size (default 700) which files to transfer and which files to skip.
-e, --rsh=COMMAND specify rsh replacement
--rsync-path=PATH specify path to rsync on the remote machine rsync builds an ordered list of include/exclude options as specified on the
--numeric-ids don't map uid/gid values by user/group name command line. When a filename is encountered, rsync checks the name against each
--timeout=TIME set IO timeout in seconds exclude/include pattern in turn. The first matching pattern is acted on.
-W, --whole-file copy whole files, no incremental checks If it is an exclude pattern, then that file is skipped.
If it is an include pattern then that filename is not skipped.
Destination options: If no matching include/exclude pattern is found then the filename is not skipped.
-a, --archive archive mode
-b, --backup make backups (default ~ suffix) Note that when used with -r (which is implied by -a), every subcomponent of
--backup-dir make backups into this directory every path is visited from top down, so include/exclude patterns get applied
--suffix=SUFFIX override backup suffix recursively to each subcomponent.
-z, --compress compress file data
-c, --checksum always checksum Note also that the --include and --exclude options take one pattern each.
-C, --cvs-exclude auto ignore files in the same way CVS does To add multiple patterns use the --include-from and --exclude-from options
--existing only update files that already exist or multiple --include and --exclude options.
--delete delete files that don't exist on the sending side
--delete-excluded also delete excluded files on the receiving side The patterns can take several forms. The rules are:
--delete-after delete after transferring, not before
--force force deletion of directories even if not empty # if the pattern starts with a / then it is matched against the start of the
--ignore-errors delete even if there are IO errors filename,
--max-delete=NUM don't delete more than NUM files otherwise it is matched against the end of the filename.
--log-format=FORMAT log file transfers using specified format Thus "/foo" would match a file called "foo" at the base of the tree.
--partial keep partially transferred files On the other hand, "foo" would match any file called "foo" anywhere in the tree
--progress show progress during transfer because the algorithm is applied recursively from top down; it behaves as if
-P equivalent to --partial --progress each
--stats give some file transfer stats path component gets a turn at being the end of the file name.
-T --temp-dir=DIR create temporary files in directory DIR
--compare-dest=DIR also compare destination files relative to DIR # if the pattern ends with a / then it will only match a directory, not a file,
-u, --update update only (don't overwrite newer files) link or device.

Misc Others: # if the pattern contains a wildcard character from the set *?[ then expression
--address=ADDRESS bind to the specified address matching is applied using the shell filename matching rules.
--blocking-io use blocking IO for the remote shell Otherwise a simple string match is used.
--bwlimit=KBPS limit I/O bandwidth, KBytes per second
--config=FILE specify alternate rsyncd.conf file # if the pattern includes a double asterisk "**" then all wildcards in the
--daemon run as a rsync daemon pattern
--no-detach do not detach from the parent will match slashes, otherwise they will stop at slashes.
--password-file=FILE get password from FILE
--port=PORT specify alternate rsyncd port number # if the pattern contains a / (not counting a trailing /) then it is matched
-f, --read-batch=FILE read batch file against the full filename, including any leading directory.
-F, --write-batch write batch file If the pattern doesn't contain a / then it is matched only against the final
--version print version number component of the filename. Again, remember that the algorithm is applied
-v, --verbose increase verbosity recursively
-q, --quiet decrease verbosity so "full filename" can actually be any portion of a path.
-h, --help show this help screen
# if the pattern starts with "+ " (a plus followed by a space) then it is always

Bash programming for linux | 117

considered an include pattern, even if specified as part of an exclude option.
The "+ " part is discarded before matching. SYMBOLIC LINKS

# if the pattern starts with "- " (a minus followed by a space) then it is always Three basic behaviours are possible when rsync encounters a symbolic link in
considered an exclude pattern, even if specified as part of an include option. the source directory.
The "- " part is discarded before matching.
By default, symbolic links are not transferred at all.
# if the pattern is a single exclamation mark ! then the current include/exclude A message "skipping non-regular" file is emitted for any symlinks that exist.
is reset, removing all previously defined patterns. If --links is specified, then symlinks are recreated with the same target
on the destination. Note that --archive implies --links.
The +/- rules are most useful in exclude lists, allowing you to have a single
exclude list that contains both include and exclude options. If --copy-links is specified, then symlinks are "collapsed" by copying their
If you end an exclude list with --exclude '*', note that since the algorithm is rather than the symlink.
applied recursively that unless you explicitly include parent directories of
files you want to include then the algorithm will stop at the parent directories rsync also distinguishes "safe" and "unsafe" symbolic links.
and never see the files below them. To include all directories, use --include An example where this might be used is a web site mirror that wishes ensure the
'*/' before the --exclude '*'. rsync module they copy does not include symbolic links to /etc/passwd in the
Here are some exclude/include examples: section of the site. Using --copy-unsafe-links will cause any links to be copied
as the file they point to on the destination.
# --exclude "*.o" would
exclude all filenames matching *.o Using --safe-links will cause unsafe links to be ommitted altogether.
# --exclude "/foo" would
exclude a file in the base directory called foo
# --exclude "foo/" would
exclude any directory called foo. DIAGNOSTICS
# --exclude "/foo/*/bar"
would exclude any file called bar two levels below a
base directory called foo. rsync occasionally produces error messages that may seem a little cryptic.
# --exclude "/foo/**/bar" would exclude any file called bar two or more levels The one that seems to cause the most confusion is
below "protocol version mismatch - is your shell clean?".
a base directory called foo.
# --include "*/" --include "*.c" --exclude "*" This message is usually caused by your startup scripts or remote shell facility
would include all directories producing unwanted garbage on the stream that rsync is using for its transport.
and C source files The way to diagnose this problem is to run your remote shell like this:
# --include "foo/" --include "foo/bar.c" --exclude "*"
would include only foo/bar.c (the foo/ directory must be rsh remotehost /bin/true > out.dat
explicitly included or it would be excluded by the "*")
then look at out.dat. If everything is working correctly then out.dat should be
BATCH MODE a zero length file. If you are getting the above error from rsync then you will
probably find that out.dat contains some text or data.
The following call generates 4 files that encapsulate the information for Look at the contents and try to work out what is producing it.
synchronizing the contents of target_dir with the updates found in src_dir The most common cause is incorrectly configured shell startup scripts
(such as .cshrc or .profile) that contain output statements for non-interactive
$ rsync -F [other rsync options here] \ logins.
/somewhere/src_dir /somewhere/target_dir
If you are having trouble debugging include and exclude patterns,
The generated files are labeled with a common timestamp: then try specifying the -vv option.
At this level of verbosity rsync will show why each individual file is included
# rsync_argvs. command-line arguments or
# rsync_flist. rsync internal file metadata excluded.
# rsync_csums. rsync checksums
# rsync_delta. data blocks for file update & change SETUP
See the file README for installation instructions.
See for papers and technical
reports. Once installed you can use rsync to any machine that you can use rsh to.

Bash programming for linux | 118

rsync uses rsh for its communications, unless both the source and destination are
local. Resume a detached screen session:

You can also specify an alternative to rsh, either by using the -e command line screen -r [[pid.]tty[.host]]
option, or by setting the RSYNC_RSH environment variable.
screen -r sessionowner/[[pid.]tty[.host]]
One common substitute is to use ssh, which offers a high degree of security.
Note that rsync must be installed on both the source and destination machines.
-A -[r|R] Adapt all windows to the new display width & height.
ENVIRONMENT VARIABLES -c file Read configuration file instead of .screenrc
-d (-r) Detach the elsewhere running screen (and reattach here).
CVSIGNORE -dmS name Start as daemon: Screen session in detached mode.
The CVSIGNORE environment variable supplements any ignore patterns in -D (-r) Detach and logout remote (and reattach here).
.cvsignore files. -D -RR Do whatever is needed to Reattach a screen session.
See the --cvs-exclude option for more details. -d -m Start in "detached" mode. Useful for system startup scripts.
-D -m Start in "detached" mode, & don't fork a new process.
RSYNC_RSH -list List our SockDir and do nothing else (-ls)
The RSYNC_RSH environment variable allows you to override the default shell -r Reattach to a detached screen process.
used as -R Reattach if possible, otherwise start a new session.
the transport for rsync. This can be used instead of the -e option. -t title Set title. (window's name).
-U Tell screen to use UTF-8 encoding.
RSYNC_PROXY -x Attach to a not detached screen. (Multi display mode).
The RSYNC_PROXY environment variable allows you to redirect your rsync client -X Execute cmd as a screen command in the specified session.
use a web proxy when connecting to a rsync daemon. Interactive commands:
You should set RSYNC_PROXY to a hostname:port pair.
Control-a ? Display brief help
RSYNC_PASSWORD Control-a " List all windows for selection
Setting RSYNC_PASSWORD to the required password allows you to run Control-a ' Prompt for a window name or number to switch to.
authenticated Control-a 0 Select window 0
rsync connections to a rsync daemon without user intervention. Control-a 1 Select window 1
Note that this does not supply a password to a shell transport such as ssh. ... ...
Control-a 9 Select window 9
USER or LOGNAME Control-a A Accept a title name for the current window.
The USER or LOGNAME environment variables are used to determine the default Control-a b Send a break to window
username sent to a rsync server. Control-a c Create new window running a shell
Control-a C Clear the screen
HOME Control-a d Detach screen from this terminal.
The HOME environment variable is used to find the user's default .cvsignore Control-a D D Detach and logout.
file. Control-a f Toggle flow on, off or auto.
Control-a F Resize the window to the current region size.
FILES Control-a h Write a hardcopy of the current window to file "hardcopy.n"
Control-a H Begin/end logging of the current window to file "screenlog.n"
/etc/rsyncd.conf Control-a i Show info about this window.
Control-a k Kill (Destroy) the current window.
screen Control-a
Fully refresh current window
Monitor the current window for activity {toggle on/off}
Multiplex a physical terminal between several processes (typically interactive shells). Control-a n Switch to the Next window
Syntax: Control-a N Show the Number and Title of window
Control-a p Switch to the Previous window
Start a screen session: Control-a q Send a control-q to the current window(xon)
Control-a Q Delete all regions but the current one.(only)
screen [ -options ] [ cmd [args] ] Control-a r Toggle the current window's line-wrap setting(wrap)

Bash programming for linux | 119

Control-a s Send a control-s to the current window(xoff) scp copies files between hosts on a network. It uses ssh(1) for data transfer, and uses the same
Control-a w Show a list of windows (windows)
Control-a x Lock this terminal (lockscreen)
authentication and provides the same security as ssh(1). Unlike rcp, scp will ask for passwords or
Control-a X Kill the current region(remove) passphrases if they are needed for authentication.
Control-a Z Reset the virtual terminal to its "power-on" values Any file name may contain a host and user specification to indicate that the file is to be copied
Control-a Control-\ Kill all windows and terminate screen(quit) to/from that host.
Control-a : Enter command line mode(colon)
Control-a [ Enter copy/scrollback mode(copy) Copies between two remote hosts are permitted.
Control-a ] Write the contents of the paste buffer to stdin(paste) Options:
Control-a _ Monitor the current window for inactivity {toggle on/off} -1' Force scp to use protocol 1.
Control-a * Show a listing of all currently attached displays.
-2' Force scp to use protocol 2.
When screen is called, it creates a single window with a shell in it (or the specified command) and
then gets out of your way so that you can use the program as you normally would. -4' Force scp to use IPv4 addresses only.
Then, at any time, you can:
Create new (full-screen) windows with other programs in them (including more shells) -6' Force scp to use IPv6 addresses only.
Kill existing windows -B' Select batch mode (dont ask for passwords or passphrases).
View a list of windows
Switch between windows - all windows run their programs completely independent of each other. -C' Compression, passes the -C flag to ssh(1) to enable compression.
Programs continue to run when their window is currently not visible and even when the whole -c cipher
screen session is detached from the user's terminal. Select the cipher to use for encrypting the data transfer.
The interactive commands above assume the default key bindings. You can modify screen’s This option is directly passed to ssh(1).
settings by creating a ~/.screenrc file in your home directory. This can change the default
-F ssh_config
keystrokes, bind function keys F11, F12 or even set a load of programs/windows to run as soon as Specifies an alternative per-user configuration file for ssh.
you start screen. This option is directly passed to ssh(1).
Attaching and Detaching
Once you have screen running, switch to any of the running windows and type Control-a d. this -i identity_file
Select the file from which the identity (private key) for RSA
will detach screen from this terminal. Now, go to a different machine, open a shell, ssh to the authentication is read. This option is directly passed to ssh(1).
machine running screen (the one you just detached from), and type: % screen -r
This will reattach to the session. Just like magic, your session is back up and running, just like -l limit
Limit the used bandwidth, specified in Kbit/s.
you never left it.
Exiting screen completely -o ssh_option
Screen will exit automatically when all of its windows have been killed. Can be used to pass options to ssh in the format used in ssh_config(5).
Close whatever program is running or type `Exit ' to exit the shell, and the window that contained This is useful for specifying options for which there is no separate
scp command-line flag.
it will be killed by screen. (If this window was in the foreground, the display will switch to the
previous window) For full details of the options listed below, and their possible values,
When none are left, screen exits. see ssh_config(5).
This page is just a summary of the options available, type man screen for more.
scp BatchMode
Secure copy (remote file copy program) ChallengeResponseAuthentication
Syntax CheckHostIP
scp [-1246BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file] Cipher
[-l limit] [-o ssh_option] [-P port] [-S program] Ciphers
[ [user@]host1:]file1 [...] [ [user@]host2:]file2 Compression

Bash programming for linux | 120

ControlMaster -v' Verbose mode.
ControlPath Causes scp and ssh(1) to print debugging messages about their progress.
GlobalKnownHostsFile This is helpful in debugging connection, authentication, and
GSSAPIAuthentication configuration problems.
GSSAPIDelegateCredentials scp exits with 0 on success or >0 if an error occurred.
HostbasedAuthentication Copy file1 to a remote host:
HostKeyAlgorithms scp /home/simon/file1
IdentitiesOnly Merge two files interactively. (Show differences) with output to outfile.
KbdInteractiveDevices SYNTAX
LogLevel sdiff -o outfile [options] from-file to-file
NoHostAuthenticationForLocalhost OPTIONS
PasswordAuthentication Multiple single letter options (unless they take an argument)
Port' can be combined into a single command line argument.
Protocol -a Treat all files as text and compare them line-by-line,
ProxyCommand even if they do not appear to be text.
RekeyLimit -b Ignore changes in amount of white space.
RSAAuthentication -B Ignore changes that just insert or delete blank
SendEnv lines.
ServerAliveCountMax -d Change the algorithm to perhaps find a smaller set
SmartcardDevice of changes. This makes sdiff slower (sometimes
StrictHostKeyChecking much slower).
UsePrivilegedPort -H Use heuristics to speed handling of large files
User' that have numerous scattered small changes.
VerifyHostKeyDNS --expand-tabs

-P port Expand tabs to spaces in the output, to preserve

The port to connect to on the remote host. the alignment of tabs in the input files.
Note that this option is written with a capital 'P', because -p is
already reserved for preserving the times and modes of the file in rcp(1). -i Ignore changes in case; consider upper- and