Linux Commands Cheatsheet for Cloud Engineers
Every cloud platform — AWS, GCP, Azure — runs Linux under the hood. Whether you are SSHing into a VM, debugging a container, or writing a startup script, these are the commands you need.
File and Directory Operations#
| Command | What it does |
|---|---|
ls -lah | List files with sizes in human-readable format |
cd /var/log | Change to a directory |
pwd | Print current working directory |
mkdir -p /opt/app/config | Create a directory and any missing parents |
rm -rf /tmp/old-data | Delete a directory and all its contents (no undo) |
cp -r /src /dest | Copy directory recursively |
mv /old/path /new/path | Move or rename a file/directory |
find /var/log -name "*.log" -mtime -7 | Find files modified in the last 7 days |
locate nginx.conf | Fast file search using an index (run updatedb first) |
touch app.log | Create an empty file or update its timestamp |
cat /etc/os-release | Print file contents |
less /var/log/syslog | View large files with scrolling (q to quit) |
head -20 app.log | Print first 20 lines |
tail -50 app.log | Print last 50 lines |
tail -f app.log | Stream new lines as they are written (live logs) |
wc -l app.log | Count lines in a file |
diff file1 file2 | Show differences between two files |
File Permissions#
Numeric (octal) notation#
| Octal | Symbolic | Meaning |
|---|---|---|
755 | rwxr-xr-x | Owner: full; Group + Others: read + execute |
644 | rw-r--r-- | Owner: read + write; Group + Others: read only |
600 | rw------- | Owner: read + write; no access for anyone else |
700 | rwx------ | Owner: full; no access for anyone else |
777 | rwxrwxrwx | Everyone: full (avoid this) |
chmod 755 /opt/app/start.sh # set permissions by octal
chmod +x deploy.sh # add execute bit (symbolic)
chmod -R 644 /var/www/html # apply recursively
chown ubuntu:ubuntu /opt/app # change owner and group
chgrp docker /var/run/docker.sock # change group onlySSH private keys must be 600. If they are world-readable, SSH will refuse to use them.
Process Management#
| Command | What it does |
|---|---|
ps aux | List all running processes with CPU and memory |
top | Interactive process viewer (q to quit) |
htop | Better interactive viewer (may need installing) |
kill 1234 | Send SIGTERM to process 1234 (graceful stop) |
kill -9 1234 | Send SIGKILL to process 1234 (force stop) |
killall nginx | Kill all processes named nginx |
nice -n 10 ./job.sh | Start a process with lower CPU priority |
nohup ./job.sh & | Run a process that survives terminal close |
jobs | List background jobs in current shell |
fg %1 | Bring job 1 to the foreground |
bg %1 | Resume job 1 in the background |
systemctl (for services managed by systemd)#
systemctl status nginx # check if a service is running
systemctl start nginx # start a service
systemctl stop nginx # stop a service
systemctl restart nginx # stop then start
systemctl reload nginx # reload config without stopping
systemctl enable nginx # start automatically at boot
systemctl disable nginx # remove from boot
journalctl -u nginx -f # stream logs for a serviceText Processing#
# grep — search file contents
grep "ERROR" app.log # find lines containing ERROR
grep -r "api_key" /etc/ # recursive search across files
grep -i "error" app.log # case-insensitive
grep -n "timeout" app.log # show line numbers
grep -v "DEBUG" app.log # exclude lines matching pattern
grep -E "error|warn" app.log # extended regex (OR)
grep -c "ERROR" app.log # count matching lines
# sed — stream editor, mostly used for substitution
sed 's/old/new/' file.txt # replace first match per line
sed 's/old/new/g' file.txt # replace all matches
sed -i 's/localhost/db-host/g' config.cfg # edit file in place
# awk — field-based text processing
awk '{print $1, $4}' access.log # print columns 1 and 4
awk -F':' '{print $1}' /etc/passwd # use : as field separator
awk '/ERROR/ {print $0}' app.log # print lines matching pattern
# Other useful tools
sort app.log | uniq -c | sort -rn # count unique lines, most frequent first
cut -d',' -f1,3 data.csv # extract columns 1 and 3 from CSV
tr '[:upper:]' '[:lower:]' < file # convert to lowercaseNetworking Commands#
ping google.com # test basic connectivity
curl -I https://example.com # fetch HTTP headers only
curl -o /tmp/file.zip https://example.com/file.zip # download a file
wget -q https://example.com/file.zip # download a file quietly
netstat -tulpn # list listening ports and their processes
ss -tulpn # same as netstat but faster
ip addr show # list network interfaces and IPs
ip route show # show routing table
dig example.com # DNS lookup (detailed)
nslookup example.com # DNS lookup (simple)
traceroute example.com # trace network path to a host
nmap -p 80,443 192.168.1.1 # scan specific ports on a host
iptables -L -n -v # list firewall rulesSSH#
# Connect to a remote host
ssh ubuntu@192.168.1.10
ssh -i ~/.ssh/my-key.pem ubuntu@ec2-ip.compute.amazonaws.com
# Generate an SSH key pair
ssh-keygen -t ed25519 -C "my-key" -f ~/.ssh/my-key
# Copy your public key to a remote server
ssh-copy-id -i ~/.ssh/my-key.pub ubuntu@192.168.1.10
# Copy files securely
scp -i ~/.ssh/my-key.pem file.txt ubuntu@host:/tmp/
scp -r ./configs ubuntu@host:/opt/app/
# Set correct permissions on key files
chmod 600 ~/.ssh/my-key.pem
chmod 700 ~/.ssh~/.ssh/config format#
Using a config file avoids typing long ssh commands.
Host myserver
HostName 203.0.113.10
User ubuntu
IdentityFile ~/.ssh/my-key.pem
Port 22Then connect with just ssh myserver.
Disk and Storage#
df -h # show disk usage for all mounted filesystems
du -sh /var/log # show total size of a directory
du -sh /var/log/* | sort -h # sort subdirectories by size
lsblk # list block devices (disks and partitions)
mount /dev/sdb1 /mnt/data # mount a partition
umount /mnt/data # unmountArchives#
# tar
tar -czf archive.tar.gz /opt/app # create compressed archive
tar -xzf archive.tar.gz # extract compressed archive
tar -tzf archive.tar.gz # list contents without extracting
# gzip
gzip large-file.log # compress (replaces original)
gunzip large-file.log.gz # decompress
# zip
zip -r archive.zip ./folder/
unzip archive.zip -d /opt/dest/Environment and Shell#
echo $HOME # print the value of a variable
export MY_VAR="hello" # set a variable for child processes
env # list all environment variables
printenv PATH # print one specific variable
# ~/.bashrc runs for interactive non-login shells (new terminal tabs)
# ~/.bash_profile runs for login shells (SSH sessions)
# Put exports in ~/.bashrc for interactive use
source ~/.bashrc # reload without logging outCron#
crontab -e # edit your crontab
crontab -l # list your current cron jobsCron syntax: minute hour day month weekday command
| Schedule | Cron expression |
|---|---|
| Every minute | * * * * * |
| Every hour | 0 * * * * |
| Every day at midnight | 0 0 * * * |
| Every Monday at 9am | 0 9 * * 1 |
| Every 15 minutes | */15 * * * * |
Package Management#
# Ubuntu / Debian (apt)
sudo apt update && sudo apt upgrade -y
sudo apt install -y nginx curl jq
sudo apt remove nginx
# RHEL / Amazon Linux / CentOS (yum or dnf)
sudo yum update -y
sudo yum install -y nginx
sudo dnf install -y nginx # dnf is the newer replacement for yumOne-Liners Cloud Engineers Actually Use#
# Find the 10 largest files under /var
find /var -type f -printf '%s %p\n' | sort -rn | head -10
# Grep all .log files recursively for errors from today
grep -r "ERROR" /var/log/ --include="*.log"
# Stream a log file live
tail -f /var/log/nginx/access.log
# Check disk space on all filesystems
df -h | grep -v tmpfs
# Count how many times each status code appears in an access log
awk '{print $9}' /var/log/nginx/access.log | sort | uniq -c | sort -rn
# Test if a port is open on a remote host
nc -zv 203.0.113.10 443
# Find processes using a port
ss -tulpn | grep :8080