| (同じ利用者による、間の350版が非表示) | |||
| 1行目: | 1行目: | ||
< [[Debian|Debian城]] | |||
/sbin (usr/sbin)内に格納されているシステム管理者用コマンド209個。rootで利用可。ちなみに ''アプリ'' や ''妖精 (ダイモン)'' の場合はより機能が複雑で独自のインターフェースが起動したりする。[[一般ユーザ用コマンド]]も参照。 | |||
==妖精さん== | |||
{| class="wikitable" summary="ハードウェア管理コマンド" | |||
!''arpd'' | |||
|ARP情報を収集して保持してくれる妖精。daemon collects gratuitous ARP information, saving it on local disk and feeding it to the kernel on demand to avoid redundant broadcasting due to limited size of the kernel ARP cache. | |||
|- | |||
!''cron'' | |||
|スケジュールした仕事をやってくれる妖精。daemon to execute scheduled commands (Vixie Cron). started automatically from /etc/init.d on entering multi-user runlevels. | |||
|- | |||
!''sshd'' | |||
|the daemon program for ssh(1). Together these programs replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. | |||
|} | |||
==ハードウェア管理== | ==ハードウェア管理== | ||
| 6行目: | 20行目: | ||
!概要 | !概要 | ||
|- | |- | ||
!biosdecode | |||
| | |マザボ付属BIOSに記録されているハードウェア情報を表示。parses the BIOS memory and prints information about all structures (or entry points) it knows of. | ||
|- | |||
!dmidecode | |||
|PCのSMBIOS情報を表示。tool for dumping a computer's <u>DMI (some say SMBIOS)</u> table contents in a human-readable format. | |||
|- | |||
!chcpu | |||
|configure hypervisor CPUs. it modify the state of CPUs. It can enable or disable CPUs, scan for new CPUs, etc. | |||
|- | |||
!chmem | |||
|configure hypervisor memory. it sets a particular size or range of memory online or offline. | |||
|- | |||
!discover | |||
|ハードウェア情報を表示。provides an extensible hardware detection and reporting interface. Hardware information is stored in an XML data format and can be re trieved across the network. | |||
|- | |||
!discover-modprobe | |||
|ブート時に自動的に実行されてカーネルモジュールをロード。loads kernel modules identified by discover. It will typically be invoked automatically at boot time. | |||
|- | |||
!discover-pkginstall | |||
|discoverコマンド情報を利用してハードウェア向けのパッケージをインストール。intsall packages for available hardware using discover(1).It will use the discover-data database to map for hardware to debian packages, install the packages by default. | |||
|- | |||
!udpate-pciids | |||
|download new version of the PCI ID list. it fetches the current version of the pci.ids file from the primary distribution site and installs it.This utility requires curl, wget or lynx to be installed. If gzip or bzip2 are available, it automatically downloads the compressed version of the list. | |||
|- | |||
!hwclock | |||
|administration tool for the time clocks. It can: display the Hardware Clock time; set the Hardware Clock to a specified time; set the Hardware Clock from the System Clock; set the System Clock from the Hardware Clock; | |||
|- | |||
!rtcwake | |||
|to enter a system sleep state and to automatically wake from it at a specified time. This uses cross-platform Linux interfaces to enter a system sleep state, and leave it no later than a specified time. <u>It uses any RTC framework driver</u> that supports standard driver model wakeup flags. | |||
|- | |||
!ctrlaltdel | |||
|Linuxでは「ctrl」「alt」「del」同時押しでシステムを強制リブートできる。Debian11では「soft(オフ)」。set the function of the <u>Ctrl-Alt-Del</u> combination. hard : Immediately reboot the computer without calling sync(2) and without any other preparation. | |||
|- | |||
!shutdown | |||
|used to halt, power-off or reboot the machine. The first argument may be a time string (which is usually "now"). | |||
|- | |||
!halt<br>poweroff<br>reboot | |||
|「halt」は電源を入れたままシステム停止。to halt, power-off, or reboot the machine. All three commands take the same options. | |||
|} | |} | ||
== | ==ブートローダ管理== | ||
{| class="wikitable" summary=" | {| class="wikitable" summary="ブートローダ管理コマンド" | ||
!コマンド | !コマンド | ||
!概要 | !概要 | ||
|- | |- | ||
| | !grub-bios-setup | ||
| | |<u>You shouldn't normally run this program directly. Use grub-install instead</u>. set up a device to boot using GRUB. | ||
|- | |||
!grub-install | |||
|Install GRUB on your drive. | |||
|- | |||
!grub-mkconfig | |||
|generate a GRUB configuration file. | |||
|- | |||
!grub-mkdevicemap | |||
|Generate a device map file automatically. | |||
|- | |||
!grub-probe | |||
|probe device information for GRUB. Probe device information for a given path (or device, if the -d option is given). | |||
|- | |||
!grub-reboot | |||
|Set the default boot menu entry for GRUB, for the next boot only. MENU_ENTRY is a number, a menu item title or a menu item identifier. | |||
|- | |||
!grub-set-default | |||
|Set the default boot menu entry for GRUB. This requires setting GRUB_DEFAULT=saved in /etc/default/grub. | |||
|- | |||
!grub-macbless | |||
|Mac-style bless on HFS or HFS+. MacOS 9 までの MacOSでは、起動ディスクにある「システムフォルダ」をFinderで開くと、そのCNIDをボリュームヘッダ内のFinderInfoに記録する。このディレクトリを開く行為を特に「bless」(祝福)と言っていた。 | |||
|- | |||
!udpate-grub<br>update-graub2 | |||
|is a stub for running grub-mkconfig -o /boot/grub/grub.cfg to generate a grub2 config file. | |||
|- | |||
!upgrade-from-grub-legacy | |||
|upgrade-from-grub-legacy | |||
|} | |} | ||
== | ==カーネル管理== | ||
{| class="wikitable" summary=" | {| class="wikitable" summary="カーネル管理コマンド" | ||
!コマンド | !コマンド | ||
!概要 | !概要 | ||
|- | |- | ||
| | !installkernel | ||
| | |installs a new kernel image onto the system from the Linux source tree. It is called by the Linux kernel makefiles when make install is invoked there. The new kernel is installed into {directory}/vmlinuz-{version}. | ||
|- | |||
!readprofile | |||
|read kernel profiling information | |||
|- | |||
!lsmod | |||
|is a trivial program which nicely formats the contents of the /proc/modules, showing what kernel modules are currently loaded. | |||
|- | |||
!modinfo | |||
|extracts information from the Linux Kernel modules given on the command line. If the module name is not a filename, then the /lib/modules/version directory is searched, as is also done by modprobe(8) when loading kernel modules. | |||
|- | |||
!modprobe | |||
|intelligently adds or removes a module from the Linux kernel: note that for convenience, there is no difference between _ and - in module names (automatic underscore conversion is performed). | |||
|- | |||
!insmod | |||
|is a trivial program to insert a module into the kernel. <u>Most users will want to use modprobe(8) instead</u>, which is more clever and can handle module dependencies. | |||
|- | |||
!rmmod | |||
|remove a module from the Linux Kernel | |||
|- | |||
!mkinitramfs | |||
|generates an initramfs image. The initramfs is a compressed cpio archive. The archive can be used on a different box of the same arch with the corresponding Linux kernel. mkinitramfs is meant for advanced usage. | |||
|- | |||
!update-initramfs | |||
|manages your initramfs images on your local box. It keeps track of the existing initramfs archives in /boot. There are three modes of operation create, update or delete. You must at least specify one of those modes. | |||
|- | |||
!sysctl | |||
|configure kernel parameters at runtime. The parameters available are those listed under /proc/sys/. Procfs is required for sysctl support in Linux. You can use sysctl to both read and write sysctl data. | |||
|- | |- | ||
!tc | |||
| | |is used to configure <u>Traffic Control</u> in the Linux kernel. Traffic Control consists of the following: SHAPING, SCHEDULING, POLICING, DROPPING. | ||
|} | |} | ||
| 36行目: | 140行目: | ||
!概要 | !概要 | ||
|- | |- | ||
|blkid | !''fdisk'' | ||
|ブロックデバイスのID情報を表示。locate/print block device attributes. | |dialog-driven <u>program for creation and manipulation of partition tables</u>. It understands GPT, MBR, Sun, SGI and BSD partition tables. Block devices can be divided into one or more logical disks called partitions. This division is recorded in the partition table, usually found in sector 0 of the disk. (In the BSD world one talks about `disk slices' and a `disklabel'.). All partitioning is driven by device I/O limits (the topology) by default. fdisk is able to optimize the disk layout for a 4K-sector size and use an alignment offset on modern devices for MBR and GPT. It is always a good idea to follow fdisk's defaults as the default values. | ||
|- | |||
!''cfdisk'' | |||
|Curses版パーティショニング管理アプリ。display or manipulate a disk partition table. <u>Curses-based</u> program for partitioning any block device. The default device is /dev/sda. | |||
|- | |||
!sfdisk | |||
|is a script-oriented tool for partitioning any block device. It runs in interactive mode if executed on terminal. | |||
|- | |||
!blkid | |||
|ブロックデバイスのID情報を表示。locate/print <u>block</u> device attributes. | |||
|- | |- | ||
!badblocks | |||
|パーティション内のブロックの欠陥を探す。used to search for bad blocks on a device (usually a disk partition). | |パーティション内のブロックの欠陥を探す。used to search for bad blocks on a device (usually a disk partition). | ||
|- | |- | ||
!blkdeactivate | |||
|ブロックデバイスをオフにする。deactivates block devices. For mounted block devices, it attempts to unmount it automatically before trying to deactivate. | |ブロックデバイスをオフにする。deactivates block devices. For mounted block devices, it attempts to unmount it automatically before trying to deactivate. | ||
|- | |- | ||
!blkdiscard | |||
|デバイスのセクターを直接破棄。discard device sectors. This is useful for solid-state drivers (SSDs) and thinly-provisioned storage. Unlike fstrim(8), this command is used directly on the block device. | |デバイスのセクターを直接破棄。discard device sectors. This is useful for solid-state drivers (SSDs) and thinly-provisioned storage. Unlike fstrim(8), this command is used directly on the block device. | ||
|- | |- | ||
!blkzone | |||
|run zone command on device that support the Zoned Block Commands (ZBC) or Zoned-device ATA Commands (ZAC). | |run zone command on device that support the Zoned Block Commands (ZBC) or Zoned-device ATA Commands (ZAC). | ||
|- | |- | ||
!blockdev | |||
| | |allows one to call <u>block device</u> ioctls from the command line. | ||
|- | |||
!dmsetup | |||
|manages logical devices that use the <u>device-mapper driver</u>. Devices are created by loading a table that specifies a target for each sector (512 bytes) in the logical device. | |||
|- | |||
!dmstats | |||
|manages IO statistics regions for devices that use the device-mapper driver. Statistics regions may be created, deleted, listed and reported on using the tool. | |||
|- | |||
!fdformat | |||
|does a low-level format on a <u>floppy disk</u>. device is usually one of the following. /dev/fd0d360 (minor = 4),/dev/fd0h1200 (minor = 8),etc. | |||
|- | |||
!ldattach | |||
|The ldattach daemon opens the specified device file (which should refer to a serial device) and <u>attaches the line discipline</u> ldisc to it for processing of the sent and/or received data. It then goes into the background keeping the device open so that the line discipline stays loaded. | |||
|- | |||
!losetup | |||
|is used to <u>associate loop devices with regular files or block devices</u>, to detach loop devices, and to query the status of a loop device. | |||
|- | |||
!mkswap | |||
|sets up a Linux swap area on a device or in a file. The device argument will usually be a disk partition (something like /dev/sdb7) but can also be a file. | |||
|- | |||
!swapon<br>swapoff | |||
|is used to specify devices on which paging and swapping are to take place. The device or file used is given by the specialfile parameter. It may be of the form -L label or -U uuid to indicate a device by label or uuid. swapoff disables swapping on the specified devices and files. | |||
|- | |||
!swaplabel | |||
|will display or change the label or UUID of a swap partition located on device (or regular file). print or change the label or UUID of a swap area. | |||
|- | |||
!raw | |||
|bind a Linux raw character device to a block device. Any block device may be used: at the time of binding, the device driver does not even have to be accessible (it may be loaded on demand as a kernel module later). | |||
|- | |||
!zramctl | |||
|is used to quickly set up zram device parameters, to reset zram devices, and to query the status of used zram devices. | |||
|- | |||
!kbdrate | |||
|キーボードの同じキーのリピート速度と遅延時間を変更。reset the keyboard repeat rate and delay time. | |||
|- | |||
!setvesablank | |||
|Turn VESA screen blanking on or off | |||
|} | |||
==ファイルシステム管理== | |||
{| class="wikitable" summary="デバイス管理コマンド" | |||
!コマンド | |||
!概要 | |||
|- | |||
!''mke2fs''<br>mkfs.ext2[34] | |||
|mke2fs is used to create an ext2, ext3, or ext4 filesystem, usually in a disk partition (or file) named by device. | |||
|- | |||
!mkfs | |||
|This mkfs frontend is <u>deprecated</u> in favour of filesystem specific mkfs.<type> utils. | |||
|- | |||
!mkfs.cramfs | |||
|Files on cramfs file systems are zlib-compressed one page at a time to allow random read access. The metadata is not compressed, but is expressed in a terse representation that is more space-efficient than conventional file systems. | |||
|- | |||
!mkfs.bfs | |||
|creates an SCO bfs filesystem on a block device (usually a disk partition or a file accessed via the loop device). | |||
|- | |||
!mkfs.minix | |||
|creates a Linux MINIX filesystem on a device (usually a disk partition). | |||
|- | |||
!''fsck'' | |||
|<u>check and optionally repair one or more Linux filesystems</u>. filesys can be a device name (e.g., /dev/hdc1, /dev/sdb2), a mount point (e.g., /, /usr, /home), or an filesystem label or UUID specifier (e.g., UUID=8868abf6-88c5-4a83-98b8-bfc24057f7bd or LABEL=root). Normally, the fsck program will try to handle filesystems on different physical disk drives in parallel to reduce the total amount of time needed to check all of them. | |||
|- | |||
!fsck.ext2[34]<br>e2fsck | |||
|check the ext2/ext3/ext4 family of file systems. For ext3 and ext4 filesystems that use a journal, if the system has been shut down uncleanly without any errors, normally, after replaying the committed transactions in the journal, the file system should be marked as clean. Hence, for filesystems that use journalling, e2fsck will normally replay the journal and exit, unless its superblock indicates that further checking is required. Note that in general it is <u>not safe to run e2fsck on mounted filesystems</u>. | |||
|- | |||
!fsck.cramfs | |||
|used to check the [https://ja.wikipedia.org/wiki/Cramfs cramfs] file system. | |||
|- | |||
!fsck.minix | |||
|check consistency of Minix filesystem. | |||
|- | |||
!fsfreeze | |||
|suspends or resumes access to a filesystem. fsfreeze halts any new access to the filesystem and creates a stable image on disk. fsfreeze is intended to be used with hardware RAID devices that support the creation of snapshots. | |||
|- | |||
!fstrim | |||
|used on a mounted filesystem to discard (or "trim") blocks which are not in use by the filesystem. This is useful for solid-state drives (SSDs) and thinly-provisioned storage. By default, fstrim will discard all unused blocks in the filesystem. Options may be used to modify this behavior based on range or size. | |||
|- | |||
!tune2fs | |||
|adjust tunable filesystem parameters on ext2/ext3/ext4 filesystems. The current values of these options can be displayed by using the -l option to tune2fs(8) program, or by using the dumpe2fs(8) program. | |||
|- | |||
!''debugfs'' | |||
|対話的にファイルシステムをデバッグする。ext2/ext3/ext4 file system debugger.It can be used to examine and change the state of an ext2, ext3, or ext4 file system. | |||
|- | |||
!dpkg-fsys-usrunmess | |||
|tool to fix up filesystems that have been installed anew with recent installers with unfortunate defaults or migrated to the broken merged /usr | |||
|- | |||
!dumpe2fs | |||
|prints the super block and blocks group information for the filesystem present on device. When used with a mounted filesystem, the printed information may be old or inconsistent. | |||
|- | |||
!e2freefrag | |||
|report free space fragmentation on ext2/3/4 file systems. | |||
|- | |||
!e2image | |||
|Save critical ext2/ext3/ext4 filesystem metadata to a file. | |||
|- | |||
!e2label | |||
|display or change the volume label on the ext2, ext3, or ext4 filesystem located on device. | |||
|- | |||
!e2mmpstatus | |||
|Check MMP status of an ext4 filesystem. used to check Multiple-Mount Protection (MMP) status of an ext4 filesystem with the mmp feature enabled. | |||
|- | |||
!e2scrub | |||
|check (but not repair) all metadata in a mounted ext[234] filesystem if the filesystem resides on an LVM logical volume.This program snapshots the volume and runs a file system check on the snapshot to look for corruption errors. | |||
|- | |||
!e2scrub_all | |||
|Searches the system for all LVM logical volumes containing an ext2, ext3, or ext4 file system, and checks them for problems. The checking is performed by invoking the e2scrub tool, which will look for corruptions. | |||
|- | |||
!e2undo | |||
|replay the undo log undo_log for an ext2/ext3/ext4 filesystem found on device. This can be used to undo a failed operation by an e2fsprogs program. | |||
|- | |||
!e4crypt | |||
|performs encryption management for ext4 file systems. | |||
|- | |||
!e4defrag | |||
|reduces fragmentation of extent based file. The file targeted by e4defrag is created on ext4 filesystem made with "-O extent" option (see mke2fs(8)). The targeted file gets more contiguous blocks and improves the file access speed. | |||
|- | |||
!filefrag | |||
|reports on how badly fragmented a particular file might be. It makes allowances for indirect blocks for ext2 and ext3 filesystems, but can be used on files for any filesystem. | |||
|- | |||
!findfs | |||
|find a filesystem by label or UUID. search the block devices in the system <u>looking for a filesystem or partition</u> with specified tag. The currently supported tags are: LAVEL, UUID, etc. | |||
|- | |||
!isosize | |||
|This command outputs the length of an iso9660 filesystem that is contained in the specified file. This file may be a normal file or a block device (e.g. /dev/hdd or /dev/sr0). In the absence of any options (and errors), <u>it will output the size of the iso9660 filesystem in bytes. This can now be a large number (>> 4 GB)</u>. | |||
|- | |||
!resize2fs | |||
|will resize ext2, ext3, or ext4 file systems. It can be used to enlarge or shrink an unmounted file system located on device. If the filesystem is mounted, it can be used to expand the size of the mounted filesystem, assuming the kernel and the file system supports on-line resizing. | |||
|- | |||
!chroot | |||
|「/(ルート)」の場所を隠蔽してコマンドを実行。run command or interactive shell with special root directory. | |||
|- | |||
!pivot_root | |||
|pivot_root moves the root file system of the current process to the directory put_old and makes new_root the new root file system. <u>Note that chroot must be available under the old root and under the new root</u>, because pivot_root may or may not have implicitly changed the root directory of the shell. | |||
|- | |||
!switch_root | |||
|moves already mounted /proc, /dev, /sys and /run to newroot and makes newroot the new root filesystem and starts init process. WARNING: switch_root removes recursively all files and directories on the current root filesystem. | |||
|- | |||
!wipefs | |||
|can erase filesystem, raid or partition-table signatures (magic strings) from the specified device to make the signatures invisible for lib- blkid. wipefs <u>does not erase the filesystem itself nor any other data from the device</u>. | |||
|} | |||
==サービス管理== | |||
{| class="wikitable" summary="システム管理コマンド" | |||
!コマンド | |||
!概要 | |||
|- | |||
!''systemd''<br>''init'' | |||
|[[systemd]] is <u>a system and service manager for Linux operating systems</u>. When run as first process on boot (as PID 1), it acts as init system that brings up and maintains userspace services. Separate instances are started for logged-in users to start their services. systemd is usually not invoked directly by the user, but is installed as the /sbin/init symlink and started during early boot. The user manager instances are started automatically through the user@.service(5) service. | |||
|- | |||
!killall5 | |||
|is the SystemV killall command. <u>It sends a signal to all processes except kernel threads and the processes in its own session</u>, so it won't kill the shell that is running the script it was called from. Its primary (only) use is in the rc scripts found in the /etc/init.d directory. | |||
|- | |||
!start-stop-daemon | |||
|to control the creation and termination of system-level processes. Using one of the matching options, start-stop-daemon can be configured to find existing instances of a running process. | |||
|- | |||
!sulogin | |||
|sulogin is invoked by init when the system goes into <u>single-user mode</u>. | |||
|- | |||
!invoke-rc.d | |||
|is <u>a generic interface to execute System V style init script /etc/init.d/name actions</u>, obeying runlevel constraints as well as any local policies set by the system administrator. | |||
|- | |||
!udpate-rc.d | |||
|install and remove System-V style init script links | |||
|- | |||
!service | |||
|runs a System V init script or systemd unit in as predictable an environment as possible, removing most environment variables and with the current working directory set to /. | |||
|- | |||
!runlevel | |||
|"Runlevels" are an <u>obsolete way to start and stop groups of services used in SysV init</u>. systemd provides a compatibility layer that maps runlevels to targets, and associated binaries like runlevel.0=poweroff.target; 1=rescue.target; 2, 3, 4=multi-user.target; 5=graphical.target; 6=reboot.target. | |||
|- | |||
!telinit | |||
|SysV runlevels is <u>obsolete</u> the runlevel requests will be transparently translated into systemd unit activation requests. | |||
|} | |||
==プロセス管理== | |||
{| class="wikitable" summary="プロセス管理" | |||
!コマンド | |||
!概要 | |||
|- | |||
!setcap | |||
|In the absence of the -v (verify) option setcap sets the capabilities of each specified filename to the capabilities specified. | |||
|- | |||
!getcap | |||
|プロセスの特権状況(ケーパビリティ)を確認。displays the name and [https://gihyo.jp/admin/serial/01/linux_containers/0042 <u>capabilities</u>] of each specified file. | |||
|- | |||
!getpcaps | |||
|displays the <u>capabilities on the processes</u> indicated by the pid value(s) given on the command line. A pid of 0 displays the capabilities of the process that is running getpcaps itself. | |||
|- | |||
!capsh | |||
|capability shell wrapper. This tool provides a handy wrapper for certain types of capability testing and environment creation. It also provides some debugging features useful for summarizing capability state. | |||
|- | |||
!tipc | |||
|a TIPC configuration and management tool. The <u>Transparent Inter-Process Communication</u> (TIPC) protocol offers total address transparency between processes which allows applications in a clustered computer environment to communicate quickly and reliably with each other, regardless of their location within the cluster. | |||
|} | |} | ||
== | ==パッケージ管理== | ||
{| class="wikitable" summary=" | {| class="wikitable" summary="パッケージ管理" | ||
!コマンド | !コマンド | ||
!概要 | !概要 | ||
|- | |- | ||
| | !dpkg-preconfigure | ||
| | |インストールされる前に新しいパッケージが質問してくる。lets packages ask questions before they are installed. It operates on a set of debian packages, and all packages that use debconf will have their config script run so they can examine the system and ask questions. | ||
|- | |||
!dpkg-reconfigure | |||
|名前を指定してインストール済みパッケージの設定を組み直す。reconfigures packages after they have already been installed. Pass it the names of a package or packages to reconfigure. It will ask configuration questions, much like when the package was first installed. If you just want to see the current configuration of a package, see debconf-show(1) instead. | |||
|- | |||
!udpate-locale | |||
|This program can be called by maintainer scripts when Debian packages are installed or removed, it updates the /etc/default/locale file to reflect changes in system configuration related to global locale settings. | |||
|- | |||
!update-mime | |||
|updates the /etc/mailcap file to reflect mime information changed by a Debian package during installation or removal. | |||
|} | |||
==ログ管理== | |||
{| class="wikitable" summary="=ログ管理コマンド" | |||
!コマンド | |||
!概要 | |||
|- | |||
!''rsyslogd'' | |||
|Note that this version of rsyslog ships with extensive documentation in HTML format. This is provided in the ./doc subdirectory and probably in a separate package if you installed rsyslog via a packaging system. To use rsyslog's advanced features, <u>you need to look at the HTML documentation, because the man pages only covers basic aspects of operation</u>. For details and configuration examples, see the rsyslog.conf (5) man page and the on‐line documentation at https://www.rsyslog.com/doc/ | |||
|- | |||
!logrotate | |||
|is <u>designed to ease administration of systems that generate large numbers of log files</u>. It allows automatic rotation, compression, removal, and mailing of log files. Each log file may be handled daily, weekly, monthly, or when it grows too large. Normally, logrotate is run as a daily cron job. | |||
|- | |||
!logsave | |||
|will execute cmd_prog with the specified argument(s), and save a copy of its output to logfile. | |||
|} | |||
==ユーザ管理== | |||
{| class="wikitable" summary="ユーザ管理コマンド" | |||
!コマンド | |||
!概要 | |||
|- | |||
!adduser<br>addgroup | |||
|システムにユーザやグループを追加。add a user or group to the system. They are <u>friendlier front ends to the low level tools like useradd, groupadd and usermod programs</u>. | |||
|- | |||
!useradd<br>groupadd | |||
|low level utility for adding users. <u>On Debian, administrators should usually use adduser(8) instead</u>. | |||
|- | |||
!usermod | |||
|modifies the system account files to reflect the changes that are specified on the command line. | |||
|- | |||
!deluser<br>delgroup | |||
|システムからユーザやグループを削除。remove a user or group from the system. | |||
|- | |||
!userdel<br>groupdel | |||
|low level utility for removing users. <u>On Debian, administrators should usually use deluser(8) instead</u>. | |||
|- | |||
!chpasswd | |||
|ユーザのパスワードを変更。update passwords in batch mode. reads a list of user name and password pairs from standard input and uses this information to update a group of existing users. | |||
|- | |||
!chgpasswd | |||
|グループのパスワードを変更。update group passwords in batch mode. it reads a list of group name and password pairs from standard input and uses this information to update a set of existing groups. | |||
|- | |||
!udpate-passwd | |||
|handles updates of /etc/passwd, /etc/shadow and /etc/group on running Debian systems. It compares the current files to master copies, distributed in the base-passwd package, and updates all entries in the global system range (that is, 0–99). | |||
|- | |||
!vipw<br>vigr | |||
|edit the password, group, shadow-password or shadow-group file | |||
|- | |||
!faillock | |||
|application which can be used to examine and modify the contents of the tally files. It can <u>display the recent failed authentication attempts</u> of the username or clear the tally files of all or individual usernames. | |||
|- | |||
!groupmems | |||
|allows a user to administer their own group membership list without the requirement of superuser privileges. The groupmems utility is for systems that configure its users to be in their own name sake primary group (i.e., guest / guest). Only the superuser, as administrator, can use groupmems to alter the memberships of other groups. | |||
|- | |||
!groupmod | |||
|modifies the definition of the specified GROUP by modifying the appropriate entry in the group database. | |||
|- | |||
!grpck | |||
|verifies the integrity of the groups information. It <u>checks that all entries in /etc/group and /etc/gshadow have the proper format and contain valid data</u>. The user is prompted to delete entries that are improperly formatted or which have other uncorrectable errors. | |||
|- | |||
!pwconv<br>pwunconv | |||
|creates shadow from passwd. pwunconv command creates passwd from passwd and shadow and then removes shadow. | |||
|- | |||
!grpconv<br>grpunconv | |||
|creates gshadow from group. grpunconv command creates group from group and gshadow and then removes gshadow. | |||
|- | |||
!newusers | |||
|The newusers command reads a file (or the standard input by default) and uses this information to update a set of existing users or to create new users. Each line is in the same format as the standard password file (see passwd(5)) with the exceptions explained below: | |||
|- | |||
!nologin | |||
|politely refuse a login. displays a message that an account is not available and exits non-zero. It is intended as a replacement shell field for accounts that have been disabled. | |||
|- | |||
!pwck | |||
|verifies the integrity of the users and authentication information. It checks that all entries in /etc/passwd and /etc/shadow have the proper format and contain valid data. <u>The user is prompted to delete entries that are improperly formatted or which have other uncorrectable errors</u>. | |||
|- | |||
!runuser | |||
|run commands with a substitute user and group ID. | |||
|- | |||
!shadowconfig | |||
|shadowconfig は on/off で shadowパスワードの有効無効を切り替える。 | |||
|} | |||
==環境管理== | |||
{| class="wikitable" summary="ユーザ管理コマンド" | |||
!コマンド | |||
!概要 | |||
|- | |||
!getty<br>agetty | |||
|マシンを制御するために[https://ja.wikipedia.org/wiki/%E3%83%86%E3%83%AC%E3%82%BF%E3%82%A4%E3%83%97%E7%AB%AF%E6%9C%AB テレタイプ]を起動。alternative Linux getty. Opens a tty port, prompts for a login name and invokes the /bin/login command. It is normally invoked by init(8). | |||
|- | |||
!add-shell | |||
|システムに利用可能なシェルを追加。add shells to the list of valid login shells | |||
|- | |||
!remove-shell | |||
|remove shells from the list of valid login shells | |||
|- | |||
!validlocale | |||
|Test if the locale given as argument is a valid locale. If it isn't, print on stdout the string to add to /etc/locale.gen to make locale-gen generate the locale (if it exists at all). | |||
|- | |||
!locale-gen | |||
|By default, the locale package which provides the base support for localisation of libc-based programs does not contain usable localisation files for every supported language. This limitation has became necessary because of the substantial size of such files and the large number of languages supported by libc. As a result, Debian uses a special mechanism where we prepare the actual localisation files on the target host and distribute only the templates for them. locale-gen is a program that reads the file /etc/locale.gen and invokes localedef for the chosen localisation profiles. Run locale-gen after you have modified the /etc/locale.gen file. | |||
|- | |||
!mkhomedir_helper | |||
|is a helper program for the pam_mkhomedir module that creates home directories and populates them with contents of the specified skel directory. The default value of umask is 0022 and the default value of path-to-skel is /etc/skel. The helper is separated from the module to not require direct access from login SELinux domains to the contents of user home directories. | |||
|- | |||
!mklost+found | |||
|mklost+found is used to create a lost+found directory in the current working directory on a Linux second extended file system. There is normally a lost+found directory in the root directory of each filesystem. | |||
|- | |||
!tzconfig | |||
|タイムゾーンを設定。最近のLinuxディストリビューションでは使えない。 | |||
|- | |- | ||
!zic | |||
| | |The zic program reads text from the file(s) named on the command line and <u>creates the time conversion information files</u> specified in this input. If a filename is “-”, standard input is read. | ||
|} | |} | ||
| 72行目: | 497行目: | ||
!概要 | !概要 | ||
|- | |- | ||
!''dhclient'' | |||
| | |provides a means for configuring one or more network interfaces using the Dynamic Host Configuration Protocol, BOOTP protocol, or if these protocols fail, by statically assigning an address. | ||
|- | |- | ||
|bridge | !dhclient-script | ||
|The DHCP client network configuration script is invoked from time to time by dhclient(8). | |||
|- | |||
!ifup<br>ifdown<br>ifquery | |||
|The ifup and ifdown commands may be used to configure (or, respectively, deconfigure) network interfaces based on interface definitions in the file /etc/network/interfaces. ifquery command may be used to parse interfaces configuration. | |||
|- | |||
!ip | |||
|show / manipulate routing, network devices, interfaces and tunnels. | |||
|- | |||
!bridge | |||
|show / manipulate bridge addresses and devices. | |show / manipulate bridge addresses and devices. | ||
|- | |||
!''nft'' | |||
|is the command line tool used to set up, maintain and inspect packet filtering and classification rules in the Linux kernel, in the nftables framework. The Linux kernel subsystem is known as [https://knowledge.sakura.ad.jp/22636/ nf_tables], and <u>‘nf’ stands for Netfilter</u>. | |||
|- | |||
!devlink | |||
|Devlink tool | |||
|- | |||
!ethtool | |||
|used to query and control network device driver and hardware settings, particularly for wired Ethernet devices. | |||
|- | |||
!genl | |||
|provides a simple frontend to the <u>generic netlink library</u>. Although it's designed to support multiple OBJECTs, for now only the ctrl object is available, which is used to query the generic netlink controller. | |||
|- | |||
!rmt<br>rmt-tar | |||
|<u>remote magnetic tape</u> server provides remote access to files and devices for tar(1), cpio(1), and similar backup utilities. It is normally called by running rsh(1) or ssh(1) to the remote machine, optionally using a different login name if one is supplied. | |||
|- | |||
!nstat<br>rtacct | |||
|tools to monitor kernel snmp;Simple Network Management Protocol; counters and network interface statistics. nstat can filter kernel snmp counters by name with one or several specified wildcards. Wildcards are case-insensitive and can include special symbols ? and *. | |||
|- | |||
!rtmon | |||
|listens to and <u>monitors RTnetlink</u>. rtmon listens on netlink socket and monitors routing table changes. rtmon can be started before the first network configuration command is issued. | |||
|- | |||
![[traceroute]]<br>tcptraceroute<br>tcptraceroute.db | |||
|tracks the route packets taken from an IP network on their way to a given host. It utilizes the IP protocol's time to live (TTL) field and attempts to elicit an ICMP TIME_EXCEEDED response from each gateway along the path to the host. | |||
|- | |||
!update-ca-certificates | |||
|is a program that updates the directory /etc/ssl/certs to hold SSL certificates and generates ca-certificates.crt, a concatenated single-file list of certificates. It reads the file /etc/ca-certificates.conf. Each line gives a pathname of a CA certificate under /usr/share/ca-certificates that should be trusted. | |||
|} | |||
==セキュリティ管理== | |||
{| class="wikitable" summary="=セキュリティ管理コマンド" | |||
!コマンド | |||
!概要 | |||
|- | |||
!pam-auth-update | |||
|is a utility that permits configuring the central authentication policy for the system using pre-defined profiles as supplied by PAM module packages. PAM:Pluggable Authenticaton Modules. | |||
|- | |||
!pam_getenv | |||
|will print out the value of env_var from /etc/environment. It will attempt to expand environment variable references in the definition of env_var but will fail if PAM items are expanded. | |||
|- | |||
!pam_timestamp_check | |||
|With no arguments pam_timestamp_check will check to see if the default timestamp is valid, or optionally remove it. | |||
|- | |||
!unix_chkpwd | |||
|is a helper program for the pam_unix module that verifies the password of the current user. It also checks password and account expiration dates in shadow. It is <u>not intended to be run directly from the command line</u> and logs a security violation if done so. | |||
|- | |||
!unix_update | |||
|is a helper program for the pam_unix module that updates the password of a given user. It is not intended to be run directly from the command line and logs a security violation if done so. | |||
|- | |||
!aa-status<br>apparmor_status | |||
|will report various aspects of the current state of AppArmor confinement. | |||
|- | |||
!apparmor_parser | |||
|loads AppArmor profiles into the kernel | |||
|- | |||
!aa-teardown | |||
|unload all AppArmor profiles | |||
|- | |||
!aa-remove-unknow | |||
|remove unknown AppArmor profiles | |||
|} | |||
==情報探索== | |||
{| class="wikitable" summary="情報探索コマンド" | |||
!コマンド | |||
!概要 | |||
|- | |||
!accessdb | |||
|「man」関連のデータベース内情報を表示。dumps the content of a man-db database in a human readable format. | |||
|- | |||
!aspell-autobuildhash | |||
|「dictionaries-common」から呼ばれる。script that will manage aspell hash files autobuild, intended to be called from the dictionaries-common tools. | |||
|- | |||
!update-dictcommon-aspell<br>update-default-aspell | |||
|rebuild aspell database and emacsen stuff | |||
|- | |||
!select-default-ispell | |||
|This program is responsible for selecting default ispell dictionary. | |||
|- | |||
!update-default-ispell | |||
|update default ispell dictionary | |||
|- | |||
!remove-default-ispell | |||
|remove default ispell dictionary | |||
|- | |||
!ispell-autobuildhash | |||
|is a script that will manage ispell hash files autobuild, intended to be <u>called from the dictionaries-common tools</u>. | |||
|- | |||
!update-dictcommon-hunspell | |||
|rebuild hunspell database and emacsen stuff | |||
|- | |||
!select-default-wordlist | |||
|This program is responsible for selecting default wordlist. | |||
|- | |||
!udpate-default-wordlist | |||
|update default wordlist. | |||
|- | |||
!remove-default-wordlist | |||
|remove default wordlist | |||
|- | |||
!iconvconfig | |||
|文字コード変換の設定ファイルをキャッシュ。iconv(3) function internally uses gconv modules to convert to and from a character set. A configuration file is used to determine the needed modules for a conversion. Loading and parsing such a configuration file would slow down programs that use iconv(3), so a caching mechanism is employed. | |||
|} | |||
==港開発ツール== | |||
{| class="wikitable" summary="開発ツール" | |||
!コマンド | |||
!概要 | |||
|- | |||
!depmod | |||
|Linuxシステムでは複数のモジュールを使い回しながらサービスを提供している。ゆえにモジュール間の依存関係は複雑になりがち。depmodは各モジュールの依存状況を /lib/modules/version から読み取って依存関係リスト modules.dep を作成する。 | |||
|- | |||
!ldconfig | |||
|ldconfig creates the necessary links and cache to the most recent shared libraries found in the directories specified on the command line, in the file /etc/ld.so.conf, and in the trusted directories, /lib and /usr/lib. | |||
|- | |||
!tarcat | |||
|simply concatenates the files from a GNU tar multi-volume archive into a single tar archive. | |||
|} | |} | ||
==その他== | |||
{| class="wikitable" summary="その他" | |||
!コマンド | |||
!概要 | |||
|- | |||
!cppw<br>cpgr | |||
|will copy, with locking, the given file to /etc/passwd and /etc/group, respectively. | |||
cpgr | |- | ||
!fstab-decode | |||
|decodes escapes (such as newline characters and other whitespace) in the specified ARGUMENTs and uses them to run COMMAND. In essence fstab-decode can be used anytime we want to pass multiple parameters to a command as a list of command line arguments. | |||
|- | |||
!ownership | |||
|retrieves and prints the <u>"ownership tag" that can be set on Compaq computers</u>. Contrary to all other programs of the dmidecode package, ownership doesn't print any version information, nor labels, but only the raw ownership tag. This should help its integration in scripts. | |||
|- | |||
!vpddecode | |||
|prints the "vital product data" information that can be found in almost all IBM and Lenovo computers. Available items are: BIOS Build ID, Motherboard Serial Number, Machine Type/Model, etc. | |||
|- | |||
!vcstime | |||
|Show time in upper right hand corner of the console screen | |||
|} | |||
fstab-decode | |||
2023年4月20日 (木) 17:13時点における最新版
< Debian城
/sbin (usr/sbin)内に格納されているシステム管理者用コマンド209個。rootで利用可。ちなみに アプリ や 妖精 (ダイモン) の場合はより機能が複雑で独自のインターフェースが起動したりする。一般ユーザ用コマンドも参照。
妖精さん
| arpd | ARP情報を収集して保持してくれる妖精。daemon collects gratuitous ARP information, saving it on local disk and feeding it to the kernel on demand to avoid redundant broadcasting due to limited size of the kernel ARP cache. |
|---|---|
| cron | スケジュールした仕事をやってくれる妖精。daemon to execute scheduled commands (Vixie Cron). started automatically from /etc/init.d on entering multi-user runlevels. |
| sshd | the daemon program for ssh(1). Together these programs replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. |
ハードウェア管理
| コマンド | 概要 |
|---|---|
| biosdecode | マザボ付属BIOSに記録されているハードウェア情報を表示。parses the BIOS memory and prints information about all structures (or entry points) it knows of. |
| dmidecode | PCのSMBIOS情報を表示。tool for dumping a computer's DMI (some say SMBIOS) table contents in a human-readable format. |
| chcpu | configure hypervisor CPUs. it modify the state of CPUs. It can enable or disable CPUs, scan for new CPUs, etc. |
| chmem | configure hypervisor memory. it sets a particular size or range of memory online or offline. |
| discover | ハードウェア情報を表示。provides an extensible hardware detection and reporting interface. Hardware information is stored in an XML data format and can be re trieved across the network. |
| discover-modprobe | ブート時に自動的に実行されてカーネルモジュールをロード。loads kernel modules identified by discover. It will typically be invoked automatically at boot time. |
| discover-pkginstall | discoverコマンド情報を利用してハードウェア向けのパッケージをインストール。intsall packages for available hardware using discover(1).It will use the discover-data database to map for hardware to debian packages, install the packages by default. |
| udpate-pciids | download new version of the PCI ID list. it fetches the current version of the pci.ids file from the primary distribution site and installs it.This utility requires curl, wget or lynx to be installed. If gzip or bzip2 are available, it automatically downloads the compressed version of the list. |
| hwclock | administration tool for the time clocks. It can: display the Hardware Clock time; set the Hardware Clock to a specified time; set the Hardware Clock from the System Clock; set the System Clock from the Hardware Clock; |
| rtcwake | to enter a system sleep state and to automatically wake from it at a specified time. This uses cross-platform Linux interfaces to enter a system sleep state, and leave it no later than a specified time. It uses any RTC framework driver that supports standard driver model wakeup flags. |
| ctrlaltdel | Linuxでは「ctrl」「alt」「del」同時押しでシステムを強制リブートできる。Debian11では「soft(オフ)」。set the function of the Ctrl-Alt-Del combination. hard : Immediately reboot the computer without calling sync(2) and without any other preparation. |
| shutdown | used to halt, power-off or reboot the machine. The first argument may be a time string (which is usually "now"). |
| halt poweroff reboot |
「halt」は電源を入れたままシステム停止。to halt, power-off, or reboot the machine. All three commands take the same options. |
ブートローダ管理
| コマンド | 概要 |
|---|---|
| grub-bios-setup | You shouldn't normally run this program directly. Use grub-install instead. set up a device to boot using GRUB. |
| grub-install | Install GRUB on your drive. |
| grub-mkconfig | generate a GRUB configuration file. |
| grub-mkdevicemap | Generate a device map file automatically. |
| grub-probe | probe device information for GRUB. Probe device information for a given path (or device, if the -d option is given). |
| grub-reboot | Set the default boot menu entry for GRUB, for the next boot only. MENU_ENTRY is a number, a menu item title or a menu item identifier. |
| grub-set-default | Set the default boot menu entry for GRUB. This requires setting GRUB_DEFAULT=saved in /etc/default/grub. |
| grub-macbless | Mac-style bless on HFS or HFS+. MacOS 9 までの MacOSでは、起動ディスクにある「システムフォルダ」をFinderで開くと、そのCNIDをボリュームヘッダ内のFinderInfoに記録する。このディレクトリを開く行為を特に「bless」(祝福)と言っていた。 |
| udpate-grub update-graub2 |
is a stub for running grub-mkconfig -o /boot/grub/grub.cfg to generate a grub2 config file. |
| upgrade-from-grub-legacy | upgrade-from-grub-legacy |
カーネル管理
| コマンド | 概要 |
|---|---|
| installkernel | installs a new kernel image onto the system from the Linux source tree. It is called by the Linux kernel makefiles when make install is invoked there. The new kernel is installed into {directory}/vmlinuz-{version}. |
| readprofile | read kernel profiling information |
| lsmod | is a trivial program which nicely formats the contents of the /proc/modules, showing what kernel modules are currently loaded. |
| modinfo | extracts information from the Linux Kernel modules given on the command line. If the module name is not a filename, then the /lib/modules/version directory is searched, as is also done by modprobe(8) when loading kernel modules. |
| modprobe | intelligently adds or removes a module from the Linux kernel: note that for convenience, there is no difference between _ and - in module names (automatic underscore conversion is performed). |
| insmod | is a trivial program to insert a module into the kernel. Most users will want to use modprobe(8) instead, which is more clever and can handle module dependencies. |
| rmmod | remove a module from the Linux Kernel |
| mkinitramfs | generates an initramfs image. The initramfs is a compressed cpio archive. The archive can be used on a different box of the same arch with the corresponding Linux kernel. mkinitramfs is meant for advanced usage. |
| update-initramfs | manages your initramfs images on your local box. It keeps track of the existing initramfs archives in /boot. There are three modes of operation create, update or delete. You must at least specify one of those modes. |
| sysctl | configure kernel parameters at runtime. The parameters available are those listed under /proc/sys/. Procfs is required for sysctl support in Linux. You can use sysctl to both read and write sysctl data. |
| tc | is used to configure Traffic Control in the Linux kernel. Traffic Control consists of the following: SHAPING, SCHEDULING, POLICING, DROPPING. |
デバイス管理
| コマンド | 概要 |
|---|---|
| fdisk | dialog-driven program for creation and manipulation of partition tables. It understands GPT, MBR, Sun, SGI and BSD partition tables. Block devices can be divided into one or more logical disks called partitions. This division is recorded in the partition table, usually found in sector 0 of the disk. (In the BSD world one talks about `disk slices' and a `disklabel'.). All partitioning is driven by device I/O limits (the topology) by default. fdisk is able to optimize the disk layout for a 4K-sector size and use an alignment offset on modern devices for MBR and GPT. It is always a good idea to follow fdisk's defaults as the default values. |
| cfdisk | Curses版パーティショニング管理アプリ。display or manipulate a disk partition table. Curses-based program for partitioning any block device. The default device is /dev/sda. |
| sfdisk | is a script-oriented tool for partitioning any block device. It runs in interactive mode if executed on terminal. |
| blkid | ブロックデバイスのID情報を表示。locate/print block device attributes. |
| badblocks | パーティション内のブロックの欠陥を探す。used to search for bad blocks on a device (usually a disk partition). |
| blkdeactivate | ブロックデバイスをオフにする。deactivates block devices. For mounted block devices, it attempts to unmount it automatically before trying to deactivate. |
| blkdiscard | デバイスのセクターを直接破棄。discard device sectors. This is useful for solid-state drivers (SSDs) and thinly-provisioned storage. Unlike fstrim(8), this command is used directly on the block device. |
| blkzone | run zone command on device that support the Zoned Block Commands (ZBC) or Zoned-device ATA Commands (ZAC). |
| blockdev | allows one to call block device ioctls from the command line. |
| dmsetup | manages logical devices that use the device-mapper driver. Devices are created by loading a table that specifies a target for each sector (512 bytes) in the logical device. |
| dmstats | manages IO statistics regions for devices that use the device-mapper driver. Statistics regions may be created, deleted, listed and reported on using the tool. |
| fdformat | does a low-level format on a floppy disk. device is usually one of the following. /dev/fd0d360 (minor = 4),/dev/fd0h1200 (minor = 8),etc. |
| ldattach | The ldattach daemon opens the specified device file (which should refer to a serial device) and attaches the line discipline ldisc to it for processing of the sent and/or received data. It then goes into the background keeping the device open so that the line discipline stays loaded. |
| losetup | is used to associate loop devices with regular files or block devices, to detach loop devices, and to query the status of a loop device. |
| mkswap | sets up a Linux swap area on a device or in a file. The device argument will usually be a disk partition (something like /dev/sdb7) but can also be a file. |
| swapon swapoff |
is used to specify devices on which paging and swapping are to take place. The device or file used is given by the specialfile parameter. It may be of the form -L label or -U uuid to indicate a device by label or uuid. swapoff disables swapping on the specified devices and files. |
| swaplabel | will display or change the label or UUID of a swap partition located on device (or regular file). print or change the label or UUID of a swap area. |
| raw | bind a Linux raw character device to a block device. Any block device may be used: at the time of binding, the device driver does not even have to be accessible (it may be loaded on demand as a kernel module later). |
| zramctl | is used to quickly set up zram device parameters, to reset zram devices, and to query the status of used zram devices. |
| kbdrate | キーボードの同じキーのリピート速度と遅延時間を変更。reset the keyboard repeat rate and delay time. |
| setvesablank | Turn VESA screen blanking on or off |
ファイルシステム管理
| コマンド | 概要 |
|---|---|
| mke2fs mkfs.ext2[34] |
mke2fs is used to create an ext2, ext3, or ext4 filesystem, usually in a disk partition (or file) named by device. |
| mkfs | This mkfs frontend is deprecated in favour of filesystem specific mkfs.<type> utils. |
| mkfs.cramfs | Files on cramfs file systems are zlib-compressed one page at a time to allow random read access. The metadata is not compressed, but is expressed in a terse representation that is more space-efficient than conventional file systems. |
| mkfs.bfs | creates an SCO bfs filesystem on a block device (usually a disk partition or a file accessed via the loop device). |
| mkfs.minix | creates a Linux MINIX filesystem on a device (usually a disk partition). |
| fsck | check and optionally repair one or more Linux filesystems. filesys can be a device name (e.g., /dev/hdc1, /dev/sdb2), a mount point (e.g., /, /usr, /home), or an filesystem label or UUID specifier (e.g., UUID=8868abf6-88c5-4a83-98b8-bfc24057f7bd or LABEL=root). Normally, the fsck program will try to handle filesystems on different physical disk drives in parallel to reduce the total amount of time needed to check all of them. |
| fsck.ext2[34] e2fsck |
check the ext2/ext3/ext4 family of file systems. For ext3 and ext4 filesystems that use a journal, if the system has been shut down uncleanly without any errors, normally, after replaying the committed transactions in the journal, the file system should be marked as clean. Hence, for filesystems that use journalling, e2fsck will normally replay the journal and exit, unless its superblock indicates that further checking is required. Note that in general it is not safe to run e2fsck on mounted filesystems. |
| fsck.cramfs | used to check the cramfs file system. |
| fsck.minix | check consistency of Minix filesystem. |
| fsfreeze | suspends or resumes access to a filesystem. fsfreeze halts any new access to the filesystem and creates a stable image on disk. fsfreeze is intended to be used with hardware RAID devices that support the creation of snapshots. |
| fstrim | used on a mounted filesystem to discard (or "trim") blocks which are not in use by the filesystem. This is useful for solid-state drives (SSDs) and thinly-provisioned storage. By default, fstrim will discard all unused blocks in the filesystem. Options may be used to modify this behavior based on range or size. |
| tune2fs | adjust tunable filesystem parameters on ext2/ext3/ext4 filesystems. The current values of these options can be displayed by using the -l option to tune2fs(8) program, or by using the dumpe2fs(8) program. |
| debugfs | 対話的にファイルシステムをデバッグする。ext2/ext3/ext4 file system debugger.It can be used to examine and change the state of an ext2, ext3, or ext4 file system. |
| dpkg-fsys-usrunmess | tool to fix up filesystems that have been installed anew with recent installers with unfortunate defaults or migrated to the broken merged /usr |
| dumpe2fs | prints the super block and blocks group information for the filesystem present on device. When used with a mounted filesystem, the printed information may be old or inconsistent. |
| e2freefrag | report free space fragmentation on ext2/3/4 file systems. |
| e2image | Save critical ext2/ext3/ext4 filesystem metadata to a file. |
| e2label | display or change the volume label on the ext2, ext3, or ext4 filesystem located on device. |
| e2mmpstatus | Check MMP status of an ext4 filesystem. used to check Multiple-Mount Protection (MMP) status of an ext4 filesystem with the mmp feature enabled. |
| e2scrub | check (but not repair) all metadata in a mounted ext[234] filesystem if the filesystem resides on an LVM logical volume.This program snapshots the volume and runs a file system check on the snapshot to look for corruption errors. |
| e2scrub_all | Searches the system for all LVM logical volumes containing an ext2, ext3, or ext4 file system, and checks them for problems. The checking is performed by invoking the e2scrub tool, which will look for corruptions. |
| e2undo | replay the undo log undo_log for an ext2/ext3/ext4 filesystem found on device. This can be used to undo a failed operation by an e2fsprogs program. |
| e4crypt | performs encryption management for ext4 file systems. |
| e4defrag | reduces fragmentation of extent based file. The file targeted by e4defrag is created on ext4 filesystem made with "-O extent" option (see mke2fs(8)). The targeted file gets more contiguous blocks and improves the file access speed. |
| filefrag | reports on how badly fragmented a particular file might be. It makes allowances for indirect blocks for ext2 and ext3 filesystems, but can be used on files for any filesystem. |
| findfs | find a filesystem by label or UUID. search the block devices in the system looking for a filesystem or partition with specified tag. The currently supported tags are: LAVEL, UUID, etc. |
| isosize | This command outputs the length of an iso9660 filesystem that is contained in the specified file. This file may be a normal file or a block device (e.g. /dev/hdd or /dev/sr0). In the absence of any options (and errors), it will output the size of the iso9660 filesystem in bytes. This can now be a large number (>> 4 GB). |
| resize2fs | will resize ext2, ext3, or ext4 file systems. It can be used to enlarge or shrink an unmounted file system located on device. If the filesystem is mounted, it can be used to expand the size of the mounted filesystem, assuming the kernel and the file system supports on-line resizing. |
| chroot | 「/(ルート)」の場所を隠蔽してコマンドを実行。run command or interactive shell with special root directory. |
| pivot_root | pivot_root moves the root file system of the current process to the directory put_old and makes new_root the new root file system. Note that chroot must be available under the old root and under the new root, because pivot_root may or may not have implicitly changed the root directory of the shell. |
| switch_root | moves already mounted /proc, /dev, /sys and /run to newroot and makes newroot the new root filesystem and starts init process. WARNING: switch_root removes recursively all files and directories on the current root filesystem. |
| wipefs | can erase filesystem, raid or partition-table signatures (magic strings) from the specified device to make the signatures invisible for lib- blkid. wipefs does not erase the filesystem itself nor any other data from the device. |
サービス管理
| コマンド | 概要 |
|---|---|
| systemd init |
systemd is a system and service manager for Linux operating systems. When run as first process on boot (as PID 1), it acts as init system that brings up and maintains userspace services. Separate instances are started for logged-in users to start their services. systemd is usually not invoked directly by the user, but is installed as the /sbin/init symlink and started during early boot. The user manager instances are started automatically through the user@.service(5) service. |
| killall5 | is the SystemV killall command. It sends a signal to all processes except kernel threads and the processes in its own session, so it won't kill the shell that is running the script it was called from. Its primary (only) use is in the rc scripts found in the /etc/init.d directory. |
| start-stop-daemon | to control the creation and termination of system-level processes. Using one of the matching options, start-stop-daemon can be configured to find existing instances of a running process. |
| sulogin | sulogin is invoked by init when the system goes into single-user mode. |
| invoke-rc.d | is a generic interface to execute System V style init script /etc/init.d/name actions, obeying runlevel constraints as well as any local policies set by the system administrator. |
| udpate-rc.d | install and remove System-V style init script links |
| service | runs a System V init script or systemd unit in as predictable an environment as possible, removing most environment variables and with the current working directory set to /. |
| runlevel | "Runlevels" are an obsolete way to start and stop groups of services used in SysV init. systemd provides a compatibility layer that maps runlevels to targets, and associated binaries like runlevel.0=poweroff.target; 1=rescue.target; 2, 3, 4=multi-user.target; 5=graphical.target; 6=reboot.target. |
| telinit | SysV runlevels is obsolete the runlevel requests will be transparently translated into systemd unit activation requests. |
プロセス管理
| コマンド | 概要 |
|---|---|
| setcap | In the absence of the -v (verify) option setcap sets the capabilities of each specified filename to the capabilities specified. |
| getcap | プロセスの特権状況(ケーパビリティ)を確認。displays the name and capabilities of each specified file. |
| getpcaps | displays the capabilities on the processes indicated by the pid value(s) given on the command line. A pid of 0 displays the capabilities of the process that is running getpcaps itself. |
| capsh | capability shell wrapper. This tool provides a handy wrapper for certain types of capability testing and environment creation. It also provides some debugging features useful for summarizing capability state. |
| tipc | a TIPC configuration and management tool. The Transparent Inter-Process Communication (TIPC) protocol offers total address transparency between processes which allows applications in a clustered computer environment to communicate quickly and reliably with each other, regardless of their location within the cluster. |
パッケージ管理
| コマンド | 概要 |
|---|---|
| dpkg-preconfigure | インストールされる前に新しいパッケージが質問してくる。lets packages ask questions before they are installed. It operates on a set of debian packages, and all packages that use debconf will have their config script run so they can examine the system and ask questions. |
| dpkg-reconfigure | 名前を指定してインストール済みパッケージの設定を組み直す。reconfigures packages after they have already been installed. Pass it the names of a package or packages to reconfigure. It will ask configuration questions, much like when the package was first installed. If you just want to see the current configuration of a package, see debconf-show(1) instead. |
| udpate-locale | This program can be called by maintainer scripts when Debian packages are installed or removed, it updates the /etc/default/locale file to reflect changes in system configuration related to global locale settings. |
| update-mime | updates the /etc/mailcap file to reflect mime information changed by a Debian package during installation or removal. |
ログ管理
| コマンド | 概要 |
|---|---|
| rsyslogd | Note that this version of rsyslog ships with extensive documentation in HTML format. This is provided in the ./doc subdirectory and probably in a separate package if you installed rsyslog via a packaging system. To use rsyslog's advanced features, you need to look at the HTML documentation, because the man pages only covers basic aspects of operation. For details and configuration examples, see the rsyslog.conf (5) man page and the on‐line documentation at https://www.rsyslog.com/doc/ |
| logrotate | is designed to ease administration of systems that generate large numbers of log files. It allows automatic rotation, compression, removal, and mailing of log files. Each log file may be handled daily, weekly, monthly, or when it grows too large. Normally, logrotate is run as a daily cron job. |
| logsave | will execute cmd_prog with the specified argument(s), and save a copy of its output to logfile. |
ユーザ管理
| コマンド | 概要 |
|---|---|
| adduser addgroup |
システムにユーザやグループを追加。add a user or group to the system. They are friendlier front ends to the low level tools like useradd, groupadd and usermod programs. |
| useradd groupadd |
low level utility for adding users. On Debian, administrators should usually use adduser(8) instead. |
| usermod | modifies the system account files to reflect the changes that are specified on the command line. |
| deluser delgroup |
システムからユーザやグループを削除。remove a user or group from the system. |
| userdel groupdel |
low level utility for removing users. On Debian, administrators should usually use deluser(8) instead. |
| chpasswd | ユーザのパスワードを変更。update passwords in batch mode. reads a list of user name and password pairs from standard input and uses this information to update a group of existing users. |
| chgpasswd | グループのパスワードを変更。update group passwords in batch mode. it reads a list of group name and password pairs from standard input and uses this information to update a set of existing groups. |
| udpate-passwd | handles updates of /etc/passwd, /etc/shadow and /etc/group on running Debian systems. It compares the current files to master copies, distributed in the base-passwd package, and updates all entries in the global system range (that is, 0–99). |
| vipw vigr |
edit the password, group, shadow-password or shadow-group file |
| faillock | application which can be used to examine and modify the contents of the tally files. It can display the recent failed authentication attempts of the username or clear the tally files of all or individual usernames. |
| groupmems | allows a user to administer their own group membership list without the requirement of superuser privileges. The groupmems utility is for systems that configure its users to be in their own name sake primary group (i.e., guest / guest). Only the superuser, as administrator, can use groupmems to alter the memberships of other groups. |
| groupmod | modifies the definition of the specified GROUP by modifying the appropriate entry in the group database. |
| grpck | verifies the integrity of the groups information. It checks that all entries in /etc/group and /etc/gshadow have the proper format and contain valid data. The user is prompted to delete entries that are improperly formatted or which have other uncorrectable errors. |
| pwconv pwunconv |
creates shadow from passwd. pwunconv command creates passwd from passwd and shadow and then removes shadow. |
| grpconv grpunconv |
creates gshadow from group. grpunconv command creates group from group and gshadow and then removes gshadow. |
| newusers | The newusers command reads a file (or the standard input by default) and uses this information to update a set of existing users or to create new users. Each line is in the same format as the standard password file (see passwd(5)) with the exceptions explained below: |
| nologin | politely refuse a login. displays a message that an account is not available and exits non-zero. It is intended as a replacement shell field for accounts that have been disabled. |
| pwck | verifies the integrity of the users and authentication information. It checks that all entries in /etc/passwd and /etc/shadow have the proper format and contain valid data. The user is prompted to delete entries that are improperly formatted or which have other uncorrectable errors. |
| runuser | run commands with a substitute user and group ID. |
| shadowconfig | shadowconfig は on/off で shadowパスワードの有効無効を切り替える。 |
環境管理
| コマンド | 概要 |
|---|---|
| getty agetty |
マシンを制御するためにテレタイプを起動。alternative Linux getty. Opens a tty port, prompts for a login name and invokes the /bin/login command. It is normally invoked by init(8). |
| add-shell | システムに利用可能なシェルを追加。add shells to the list of valid login shells |
| remove-shell | remove shells from the list of valid login shells |
| validlocale | Test if the locale given as argument is a valid locale. If it isn't, print on stdout the string to add to /etc/locale.gen to make locale-gen generate the locale (if it exists at all). |
| locale-gen | By default, the locale package which provides the base support for localisation of libc-based programs does not contain usable localisation files for every supported language. This limitation has became necessary because of the substantial size of such files and the large number of languages supported by libc. As a result, Debian uses a special mechanism where we prepare the actual localisation files on the target host and distribute only the templates for them. locale-gen is a program that reads the file /etc/locale.gen and invokes localedef for the chosen localisation profiles. Run locale-gen after you have modified the /etc/locale.gen file. |
| mkhomedir_helper | is a helper program for the pam_mkhomedir module that creates home directories and populates them with contents of the specified skel directory. The default value of umask is 0022 and the default value of path-to-skel is /etc/skel. The helper is separated from the module to not require direct access from login SELinux domains to the contents of user home directories. |
| mklost+found | mklost+found is used to create a lost+found directory in the current working directory on a Linux second extended file system. There is normally a lost+found directory in the root directory of each filesystem. |
| tzconfig | タイムゾーンを設定。最近のLinuxディストリビューションでは使えない。 |
| zic | The zic program reads text from the file(s) named on the command line and creates the time conversion information files specified in this input. If a filename is “-”, standard input is read. |
ネットワーク
| コマンド | 概要 |
|---|---|
| dhclient | provides a means for configuring one or more network interfaces using the Dynamic Host Configuration Protocol, BOOTP protocol, or if these protocols fail, by statically assigning an address. |
| dhclient-script | The DHCP client network configuration script is invoked from time to time by dhclient(8). |
| ifup ifdown ifquery |
The ifup and ifdown commands may be used to configure (or, respectively, deconfigure) network interfaces based on interface definitions in the file /etc/network/interfaces. ifquery command may be used to parse interfaces configuration. |
| ip | show / manipulate routing, network devices, interfaces and tunnels. |
| bridge | show / manipulate bridge addresses and devices. |
| nft | is the command line tool used to set up, maintain and inspect packet filtering and classification rules in the Linux kernel, in the nftables framework. The Linux kernel subsystem is known as nf_tables, and ‘nf’ stands for Netfilter. |
| devlink | Devlink tool |
| ethtool | used to query and control network device driver and hardware settings, particularly for wired Ethernet devices. |
| genl | provides a simple frontend to the generic netlink library. Although it's designed to support multiple OBJECTs, for now only the ctrl object is available, which is used to query the generic netlink controller. |
| rmt rmt-tar |
remote magnetic tape server provides remote access to files and devices for tar(1), cpio(1), and similar backup utilities. It is normally called by running rsh(1) or ssh(1) to the remote machine, optionally using a different login name if one is supplied. |
| nstat rtacct |
tools to monitor kernel snmp;Simple Network Management Protocol; counters and network interface statistics. nstat can filter kernel snmp counters by name with one or several specified wildcards. Wildcards are case-insensitive and can include special symbols ? and *. |
| rtmon | listens to and monitors RTnetlink. rtmon listens on netlink socket and monitors routing table changes. rtmon can be started before the first network configuration command is issued. |
| traceroute tcptraceroute tcptraceroute.db |
tracks the route packets taken from an IP network on their way to a given host. It utilizes the IP protocol's time to live (TTL) field and attempts to elicit an ICMP TIME_EXCEEDED response from each gateway along the path to the host. |
| update-ca-certificates | is a program that updates the directory /etc/ssl/certs to hold SSL certificates and generates ca-certificates.crt, a concatenated single-file list of certificates. It reads the file /etc/ca-certificates.conf. Each line gives a pathname of a CA certificate under /usr/share/ca-certificates that should be trusted. |
セキュリティ管理
| コマンド | 概要 |
|---|---|
| pam-auth-update | is a utility that permits configuring the central authentication policy for the system using pre-defined profiles as supplied by PAM module packages. PAM:Pluggable Authenticaton Modules. |
| pam_getenv | will print out the value of env_var from /etc/environment. It will attempt to expand environment variable references in the definition of env_var but will fail if PAM items are expanded. |
| pam_timestamp_check | With no arguments pam_timestamp_check will check to see if the default timestamp is valid, or optionally remove it. |
| unix_chkpwd | is a helper program for the pam_unix module that verifies the password of the current user. It also checks password and account expiration dates in shadow. It is not intended to be run directly from the command line and logs a security violation if done so. |
| unix_update | is a helper program for the pam_unix module that updates the password of a given user. It is not intended to be run directly from the command line and logs a security violation if done so. |
| aa-status apparmor_status |
will report various aspects of the current state of AppArmor confinement. |
| apparmor_parser | loads AppArmor profiles into the kernel |
| aa-teardown | unload all AppArmor profiles |
| aa-remove-unknow | remove unknown AppArmor profiles |
情報探索
| コマンド | 概要 |
|---|---|
| accessdb | 「man」関連のデータベース内情報を表示。dumps the content of a man-db database in a human readable format. |
| aspell-autobuildhash | 「dictionaries-common」から呼ばれる。script that will manage aspell hash files autobuild, intended to be called from the dictionaries-common tools. |
| update-dictcommon-aspell update-default-aspell |
rebuild aspell database and emacsen stuff |
| select-default-ispell | This program is responsible for selecting default ispell dictionary. |
| update-default-ispell | update default ispell dictionary |
| remove-default-ispell | remove default ispell dictionary |
| ispell-autobuildhash | is a script that will manage ispell hash files autobuild, intended to be called from the dictionaries-common tools. |
| update-dictcommon-hunspell | rebuild hunspell database and emacsen stuff |
| select-default-wordlist | This program is responsible for selecting default wordlist. |
| udpate-default-wordlist | update default wordlist. |
| remove-default-wordlist | remove default wordlist |
| iconvconfig | 文字コード変換の設定ファイルをキャッシュ。iconv(3) function internally uses gconv modules to convert to and from a character set. A configuration file is used to determine the needed modules for a conversion. Loading and parsing such a configuration file would slow down programs that use iconv(3), so a caching mechanism is employed. |
港開発ツール
| コマンド | 概要 |
|---|---|
| depmod | Linuxシステムでは複数のモジュールを使い回しながらサービスを提供している。ゆえにモジュール間の依存関係は複雑になりがち。depmodは各モジュールの依存状況を /lib/modules/version から読み取って依存関係リスト modules.dep を作成する。 |
| ldconfig | ldconfig creates the necessary links and cache to the most recent shared libraries found in the directories specified on the command line, in the file /etc/ld.so.conf, and in the trusted directories, /lib and /usr/lib. |
| tarcat | simply concatenates the files from a GNU tar multi-volume archive into a single tar archive. |
その他
| コマンド | 概要 |
|---|---|
| cppw cpgr |
will copy, with locking, the given file to /etc/passwd and /etc/group, respectively. |
| fstab-decode | decodes escapes (such as newline characters and other whitespace) in the specified ARGUMENTs and uses them to run COMMAND. In essence fstab-decode can be used anytime we want to pass multiple parameters to a command as a list of command line arguments. |
| ownership | retrieves and prints the "ownership tag" that can be set on Compaq computers. Contrary to all other programs of the dmidecode package, ownership doesn't print any version information, nor labels, but only the raw ownership tag. This should help its integration in scripts. |
| vpddecode | prints the "vital product data" information that can be found in almost all IBM and Lenovo computers. Available items are: BIOS Build ID, Motherboard Serial Number, Machine Type/Model, etc. |
| vcstime | Show time in upper right hand corner of the console screen |