File and Directory Operations 

  mkdir -p projects/app/src          # create parent dirs
install -d -m 755 /opt/myapp/bin    # mkdir with explicit mode

cp -a src/ backup/                 # archive mode: preserve attrs
cp -i file.txt dest/                 # interactive overwrite prompt
mv oldname.txt newname.txt
rm -i *.tmp                          # interactive delete
rm -rf build/                        # recursive — triple-check path

touch file.txt                       # create or update mtime
find . -name "*.log" -mtime +7       # modified > 7 days ago
find /var/log -size +100M -type f
find /tmp -type f -empty -delete     # remove empty files

Safety tip: Never run rm -rf with an unquoted variable that might be empty — rm -rf $EMPTY/ becomes rm -rf /.

Viewing and Editing Files 

  cat /etc/hostname
less +F /var/log/syslog            # follow mode (like tail -f)
head -n 20 access.log
tail -n 50 error.log
tail -f /var/log/nginx/error.log   # live follow; Ctrl+C to stop

wc -l access.log                   # line count
wc -c file.bin                     # byte count

nano file.txt                      # beginner editor
vim file.txt                       # :wq save, :q! discard, /pattern search

Large files: prefer less over cat. Use tail -n 1000 before piping huge logs to grep.

Search Inside Files 

  grep -r "error" /var/log/nginx/
grep -i "warning" app.log          # case insensitive
grep -E "404|500" access.log       # extended regex
grep -l "pattern" dir/*.conf       # filenames only
grep -c "200" access.log           # count matches

rg "TODO" src/                     # ripgrep — faster, respects .gitignore
rg -t py "import os" .             # filter by file type

Disk and System Info 

  df -hT                             # human-readable + filesystem type
df -i                                # inode usage (critical on many small files)
du -sh /var/log/*                    # directory sizes
du -x / --max-depth=1 2>/dev/null    # stay on one filesystem

lsblk -f                             # block devices + FS labels
blkid                                # UUID and type
mount | column -t
findmnt                              # tree view of mounts

free -h                              # memory
vmstat 1 5                           # 5 samples, 1 sec apart
uptime                               # load averages (1, 5, 15 min)
lscpu
nproc                                # CPU cores

High load with low CPU often means I/O wait — check iostat -x 1 (sysstat package).

Archives and Compression 

  tar -czvf backup.tar.gz /etc/nginx/
tar -xzvf backup.tar.gz -C /tmp/restore/
tar -tzf backup.tar.gz | head      # list contents without extracting

# Exclude paths
tar -czvf backup.tar.gz --exclude='*.log' /var/www/

zip -r docs.zip docs/
unzip -l docs.zip                    # list without extracting

Networking Basics 

  ip addr show
ip -4 route show default
ping -c 4 8.8.8.8
curl -I https://example.com          # headers only
curl -sS -o /dev/null -w '%{http_code}\n' https://example.com
wget -q --spider https://example.com && echo OK

ss -tulpn                            # listening ports
hostname -f

Users and Permissions (Quick Ref) 

  id
who
w                                    # logged-in users and their commands
last -n 10                           # recent logins
sudo -v                              # refresh sudo timestamp
sudo -u www-data ls /var/www

Command Discovery

Task Command
Find command location which nginx, type -a python3
Command help man tar, tar --help, info coreutils
What package owns file dpkg -S /usr/bin/nginx (Debian)
Run as different user sudo -u deploy bash -l
Copy to remote host scp -r dir user@host:/path
Sync directories rsync -avz --delete src/ user@host:dest/
Time a command time ./script.sh
Run with timeout timeout 30 long-running-cmd

Combining Commands 

  # Sort filesystems by use percentage
df -h | tail -n +2 | sort -k5 -h

# Top 10 largest dirs under /var
du -sh /var/* 2>/dev/null | sort -hr | head

# Find and delete old temp files (dry run first)
find /tmp -type f -mtime +30 -print
find /tmp -type f -mtime +30 -delete

Best Practices

Practice Reason
Use -i with rm/cp when learning Prevents accidental overwrites
Prefer rsync over scp for dirs Resumable, incremental, preserves attrs
Check df -i not just df -h Inode exhaustion breaks writes before disk fills
Quote paths with spaces "$HOME/My Documents/file"

Common Mistakes

Mistake Consequence
kill -9 as first resort Corrupted databases, half-written files
chmod -R on wrong path Mass permission breakage
Piping curl to shell without review Remote code execution
Ignoring exit codes Scripts continue after failures 
  # Always check exit code
if ! cp important.conf /etc/; then
    echo "Copy failed" >&2
    exit 1
fi

Troubleshooting

Command not found: Check PATH, install package, or use full path /usr/sbin/.

Permission denied: namei -l /path/to/file traces each directory’s permissions.

Disk full: du -sh /* 2>/dev/null | sort -hr | head finds largest top-level consumers.

Production Scenario

During an incident, disk hits 100% on a web server:

  df -h /
du -sh /var/log/* | sort -hr | head
journalctl --disk-usage
sudo journalctl --vacuum-size=500M
find /var/log/nginx -name "*.gz" -mtime +30 -delete

Logs freed 8 GB; service restored without reboot. Post-incident: logrotate config adjusted and disk alerts added at 80%.

Build muscle memory on these commands before diving into scripting — they are the vocabulary of every Linux troubleshooting session.