「システム管理者用コマンド」の版間の差分

/sbin (usr/sbin)内に格納されているシステム管理者用コマンド202個。rootで利用可。ちなみに アプリ や 妖精 (ダイモン) の場合はより機能が複雑で独自のインターフェースが起動したりする。一般ユーザ用コマンドも参照。

妖精さん

arpd	ARP情報を収集して保持してくれる妖精。daemon collects gratuitous ARP information, saving it on local disk and feeding it to the kernel on demand to avoid redundant broadcasting due to limited size of the kernel ARP cache.
cron	スケジュールした仕事をやってくれる妖精。daemon to execute scheduled commands (Vixie Cron). started automatically from /etc/init.d on entering multi-user runlevels.

ハードウェア管理

コマンド	概要
biosdecode	マザボ付属BIOSに記録されているハードウェア情報を表示。parses the BIOS memory and prints information about all structures (or entry points) it knows of.
dmidecode	PCのSMBIOS情報を表示。tool for dumping a computer's DMI (some say SMBIOS) table contents in a human-readable format.
chcpu	configure CPUs. it modify the state of CPUs. It can enable or disable CPUs, scan for new CPUs, etc.
chmem	configure memory. it sets a particular size or range of memory online or offline.
discover	ハードウェア情報を表示。provides an extensible hardware detection and reporting interface. Hardware information is stored in an XML data format and can be re trieved across the network.
discover-modprobe	ブート時に自動的に実行されてカーネルモジュールをロード。loads kernel modules identified by discover. It will typically be invoked automatically at boot time.
discover-pkginstall	discoverコマンド情報を利用してハードウェア向けのパッケージをインストール。intsall packages for available hardware using discover(1).It will use the discover-data database to map for hardware to debian packages, install the packages by default.
hwclock	administration tool for the time clocks. It can: display the Hardware Clock time; set the Hardware Clock to a specified time; set the Hardware Clock from the System Clock; set the System Clock from the Hardware Clock;
ctrlaltdel	Linuxでは「ctrl」「alt」「del」同時押しでシステムを強制リブートできる。Debian11では「soft（オフ）」。set the function of the Ctrl-Alt-Del combination. hard : Immediately reboot the computer without calling sync(2) and without any other preparation.
halt poweroff reboot	to halt, power-off, or reboot the machine. All three commands take the same options.

ブートローダ管理

コマンド	概要
grub-bios-setup	You shouldn't normally run this program directly. Use grub-install instead. set up a device to boot using GRUB.
grub-install	Install GRUB on your drive.
grub-mkconfig	generate a GRUB configuration file.
grub-mkdevicemap	Generate a device map file automatically.
grub-probe	probe device information for GRUB. Probe device information for a given path (or device, if the -d option is given).
grub-reboot	Set the default boot menu entry for GRUB, for the next boot only. MENU_ENTRY is a number, a menu item title or a menu item identifier.
grub-set-default	Set the default boot menu entry for GRUB. This requires setting GRUB_DEFAULT=saved in /etc/default/grub.
grub-macbless	Mac-style bless on HFS or HFS+. MacOS 9 までの MacOSでは、起動ディスクにある「システムフォルダ」をFinderで開くと、そのCNIDをボリュームヘッダ内のFinderInfoに記録する。このディレクトリを開く行為を特に「bless」（祝福）と言っていた。

カーネル管理

コマンド	概要
installkernel	installs a new kernel image onto the system from the Linux source tree. It is called by the Linux kernel makefiles when make install is invoked there. The new kernel is installed into {directory}/vmlinuz-{version}.
readprofile	read kernel profiling information
lsmod	is a trivial program which nicely formats the contents of the /proc/modules, showing what kernel modules are currently loaded.
modinfo	extracts information from the Linux Kernel modules given on the command line. If the module name is not a filename, then the /lib/modules/version directory is searched, as is also done by modprobe(8) when loading kernel modules.
modprob	intelligently adds or removes a module from the Linux kernel: note that for convenience, there is no difference between _ and - in module names (automatic underscore conversion is performed).
insmod	is a trivial program to insert a module into the kernel. Most users will want to use modprobe(8) instead, which is more clever and can handle module dependencies.
rmmod	remove a module from the Linux Kernel
mkinitramfs	generates an initramfs image. The initramfs is a compressed cpio archive. The archive can be used on a different box of the same arch with the corresponding Linux kernel. mkinitramfs is meant for advanced usage.

デバイス管理

コマンド	概要
fdisk	dialog-driven program for creation and manipulation of partition tables. It understands GPT, MBR, Sun, SGI and BSD partition tables. Block devices can be divided into one or more logical disks called partitions. This division is recorded in the partition table, usually found in sector 0 of the disk. (In the BSD world one talks about `disk slices' and a `disklabel'.). All partitioning is driven by device I/O limits (the topology) by default. fdisk is able to optimize the disk layout for a 4K-sector size and use an alignment offset on modern devices for MBR and GPT. It is always a good idea to follow fdisk's defaults as the default values.
cfdisk	Curses版パーティショニング管理アプリ。display or manipulate a disk partition table. Curses-based program for partitioning any block device. The default device is /dev/sda.
blkid	ブロックデバイスのID情報を表示。locate/print block device attributes.
badblocks	パーティション内のブロックの欠陥を探す。used to search for bad blocks on a device (usually a disk partition).
blkdeactivate	ブロックデバイスをオフにする。deactivates block devices. For mounted block devices, it attempts to unmount it automatically before trying to deactivate.
blkdiscard	デバイスのセクターを直接破棄。discard device sectors. This is useful for solid-state drivers (SSDs) and thinly-provisioned storage. Unlike fstrim(8), this command is used directly on the block device.
blkzone	run zone command on device that support the Zoned Block Commands (ZBC) or Zoned-device ATA Commands (ZAC).
blockdev	The utility blockdev allows one to call block device ioctls from the command line.
dmsetup	manages logical devices that use the device-mapper driver. Devices are created by loading a table that specifies a target for each sector (512 bytes) in the logical device.
dmstats	manages IO statistics regions for devices that use the device-mapper driver. Statistics regions may be created, deleted, listed and reported on using the tool.
fdformat	does a low-level format on a floppy disk. device is usually one of the following./dev/fd0d360 (minor = 4),/dev/fd0h1200 (minor = 8),etc.
ldattach	The ldattach daemon opens the specified device file (which should refer to a serial device) and attaches the line discipline ldisc to it for processing of the sent and/or received data. It then goes into the background keeping the device open so that the line discipline stays loaded.
losetup	is used to associate loop devices with regular files or block devices, to detach loop devices, and to query the status of a loop device.
mkswap	sets up a Linux swap area on a device or in a file. The device argument will usually be a disk partition (something like /dev/sdb7) but can also be a file.
raw	bind a Linux raw character device to a block device. Any block device may be used: at the time of binding, the device driver does not even have to be accessible (it may be loaded on demand as a kernel module later).

ファイルシステム管理

コマンド	概要
mke2fs mkfs.ext2[34]	mke2fs is used to create an ext2, ext3, or ext4 filesystem, usually in a disk partition (or file) named by device.
mkfs	This mkfs frontend is deprecated in favour of filesystem specific mkfs.<type> utils.
mkfs.cramfs	Files on cramfs file systems are zlib-compressed one page at a time to allow random read access. The metadata is not compressed, but is expressed in a terse representation that is more space-efficient than conventional file systems.
mkfs.bfs	creates an SCO bfs filesystem on a block device (usually a disk partition or a file accessed via the loop device).
mkfs.minix	creates a Linux MINIX filesystem on a device (usually a disk partition).
fsck	check and optionally repair one or more Linux filesystems. filesys can be a device name (e.g., /dev/hdc1, /dev/sdb2), a mount point (e.g., /, /usr, /home), or an filesystem label or UUID specifier (e.g., UUID=8868abf6-88c5-4a83-98b8-bfc24057f7bd or LABEL=root). Normally, the fsck program will try to handle filesystems on different physical disk drives in parallel to reduce the total amount of time needed to check all of them.
fsck.ext2[34] e2fsck	check the ext2/ext3/ext4 family of file systems. For ext3 and ext4 filesystems that use a journal, if the system has been shut down uncleanly without any errors, normally, after replaying the committed transactions in the journal, the file system should be marked as clean. Hence, for filesystems that use journalling, e2fsck will normally replay the journal and exit, unless its superblock indicates that further checking is required. Note that in general it is not safe to run e2fsck on mounted filesystems.
fsck.cramfs	used to check the cramfs file system.
fsck.minix	check consistency of Minix filesystem.
fsfreeze	suspends or resumes access to a filesystem. fsfreeze halts any new access to the filesystem and creates a stable image on disk. fsfreeze is intended to be used with hardware RAID devices that support the creation of snapshots.
fstrim	used on a mounted filesystem to discard (or "trim") blocks which are not in use by the filesystem. This is useful for solid-state drives (SSDs) and thinly-provisioned storage. By default, fstrim will discard all unused blocks in the filesystem. Options may be used to modify this behavior based on range or size.
debugfs	対話的にファイルシステムをデバッグする。ext2/ext3/ext4 file system debugger.It can be used to examine and change the state of an ext2, ext3, or ext4 file system.
dpkg-fsys-usrunmess	tool to fix up filesystems that have been installed anew with recent installers with unfortunate defaults or migrated to the broken merged /usr
dumpe2fs	prints the super block and blocks group information for the filesystem present on device. When used with a mounted filesystem, the printed information may be old or inconsistent.
e2freefrag	report free space fragmentation on ext2/3/4 file systems.
e2image	Save critical ext2/ext3/ext4 filesystem metadata to a file.
e2label	display or change the volume label on the ext2, ext3, or ext4 filesystem located on device.
e2mmpstatus	Check MMP status of an ext4 filesystem. used to check Multiple-Mount Protection (MMP) status of an ext4 filesystem with the mmp feature enabled.
e2scrub	check (but not repair) all metadata in a mounted ext[234] filesystem if the filesystem resides on an LVM logical volume.This program snapshots the volume and runs a file system check on the snapshot to look for corruption errors.
e2scrub_all	Searches the system for all LVM logical volumes containing an ext2, ext3, or ext4 file system, and checks them for problems. The checking is performed by invoking the e2scrub tool, which will look for corruptions.
e2undo	replay the undo log undo_log for an ext2/ext3/ext4 filesystem found on device. This can be used to undo a failed operation by an e2fsprogs program.
e4crypt	performs encryption management for ext4 file systems.
e4defrag	reduces fragmentation of extent based file. The file targeted by e4defrag is created on ext4 filesystem made with "-O extent" option (see mke2fs(8)). The targeted file gets more contiguous blocks and improves the file access speed.
filefrag	reports on how badly fragmented a particular file might be. It makes allowances for indirect blocks for ext2 and ext3 filesystems, but can be used on files for any filesystem.
findfs	find a filesystem by label or UUID. search the block devices in the system looking for a filesystem or partition with specified tag. The currently supported tags are: LAVEL, UUID, etc.
isosize	This command outputs the length of an iso9660 filesystem that is contained in the specified file. This file may be a normal file or a block device (e.g. /dev/hdd or /dev/sr0). In the absence of any options (and errors), it will output the size of the iso9660 filesystem in bytes. This can now be a large number (>> 4 GB).
resize2fs	will resize ext2, ext3, or ext4 file systems. It can be used to enlarge or shrink an unmounted file system located on device. If the filesystem is mounted, it can be used to expand the size of the mounted filesystem, assuming the kernel and the file system supports on-line resizing.

サービス管理

コマンド	概要
systemd init	systemd is a system and service manager for Linux operating systems. When run as first process on boot (as PID 1), it acts as init system that brings up and maintains userspace services. Separate instances are started for logged-in users to start their services. systemd is usually not invoked directly by the user, but is installed as the /sbin/init symlink and started during early boot. The user manager instances are started automatically through the user@.service(5) service.
killall5	is the SystemV killall command. It sends a signal to all processes except kernel threads and the processes in its own session, so it won't kill the shell that is running the script it was called from. Its primary (only) use is in the rc scripts found in the /etc/init.d directory.
invoke-rc.d	is a generic interface to execute System V style init script /etc/init.d/name actions, obeying runlevel constraints as well as any local policies set by the system administrator.

プロセス管理

コマンド	概要
getcap	プロセスの特権状況（ケーパビリティ）を確認。displays the name and capabilities of each specified file.
getpcaps	displays the capabilities on the processes indicated by the pid value(s) given on the command line. A pid of 0 displays the capabilities of the process that is running getpcaps itself.

ログ管理

コマンド	概要
rsyslogd	Note that this version of rsyslog ships with extensive documentation in HTML format. This is provided in the ./doc subdirectory and probably in a separate package if you installed rsyslog via a packaging system. To use rsyslog's advanced features, you need to look at the HTML documentation, because the man pages only covers basic aspects of operation. For details and configuration examples, see the rsyslog.conf (5) man page and the on‐line documentation at https://www.rsyslog.com/doc/
logrotate	is designed to ease administration of systems that generate large numbers of log files. It allows automatic rotation, compression, removal, and mailing of log files. Each log file may be handled daily, weekly, monthly, or when it grows too large. Normally, logrotate is run as a daily cron job.
logsave	will execute cmd_prog with the specified argument(s), and save a copy of its output to logfile.

セキュリティ管理

コマンド	概要
pam-auth-update	is a utility that permits configuring the central authentication policy for the system using pre-defined profiles as supplied by PAM module packages.
pam_getenv	will print out the value of env_var from /etc/environment. It will attempt to expand environment variable references in the definition of env_var but will fail if PAM items are expanded.
pam_timestamp_check	With no arguments pam_timestamp_check will check to see if the default timestamp is valid, or optionally remove it.

パッケージ管理

コマンド	概要
dpkg-preconfigure	インストールされる前に新しいパッケージが質問してくる。lets packages ask questions before they are installed. It operates on a set of debian packages, and all packages that use debconf will have their config script run so they can examine the system and ask questions.
dpkg-reconfigure	名前を指定してインストール済みパッケージの設定を組み直す。reconfigures packages after they have already been installed. Pass it the names of a package or packages to reconfigure. It will ask configuration questions, much like when the package was first installed. If you just want to see the current configuration of a package, see debconf-show(1) instead.

ユーザ管理

コマンド	概要
adduser addgroup	システムにユーザやグループを追加。add a user or group to the system. They are friendlier front ends to the low level tools like useradd, groupadd and usermod programs.
useradd groupadd	low level utility for adding users. On Debian, administrators should usually use adduser(8) instead.
deluser delgroup	システムからユーザやグループを削除。remove a user or group from the system.
userdel groupdel	low level utility for removing users. On Debian, administrators should usually use deluser(8) instead.
chpasswd	ユーザのパスワードを変更。update passwords in batch mode. reads a list of user name and password pairs from standard input and uses this information to update a group of existing users.
chgpasswd	グループのパスワードを変更。update group passwords in batch mode. it reads a list of group name and password pairs from standard input and uses this information to update a set of existing groups.
faillock	application which can be used to examine and modify the contents of the tally files. It can display the recent failed authentication attempts of the username or clear the tally files of all or individual usernames.
groupmems	allows a user to administer their own group membership list without the requirement of superuser privileges. The groupmems utility is for systems that configure its users to be in their own name sake primary group (i.e., guest / guest). Only the superuser, as administrator, can use groupmems to alter the memberships of other groups.
groupmod	modifies the definition of the specified GROUP by modifying the appropriate entry in the group database.
grpck	verifies the integrity of the groups information. It checks that all entries in /etc/group and /etc/gshadow have the proper format and contain valid data. The user is prompted to delete entries that are improperly formatted or which have other uncorrectable errors.
pwconv pwunconv	creates shadow from passwd. pwunconv command creates passwd from passwd and shadow and then removes shadow.
grpconv grpunconv	creates gshadow from group. grpunconv command creates group from group and gshadow and then removes gshadow.
newusers	The newusers command reads a file (or the standard input by default) and uses this information to update a set of existing users or to create new users. Each line is in the same format as the standard password file (see passwd(5)) with the exceptions explained below:
nologin	politely refuse a login. displays a message that an account is not available and exits non-zero. It is intended as a replacement shell field for accounts that have been disabled.
pwck	verifies the integrity of the users and authentication information. It checks that all entries in /etc/passwd and /etc/shadow have the proper format and contain valid data. The user is prompted to delete entries that are improperly formatted or which have other uncorrectable errors.

環境管理

コマンド	概要
getty agetty	マシンを制御するためにテレタイプを起動。alternative Linux getty. Opens a tty port, prompts for a login name and invokes the /bin/login command. It is normally invoked by init(8).
add-shell	システムに利用可能なシェルを追加。add shells to the list of valid login shells
remove-shell	remove shells from the list of valid login shells
capsh	capability shell wrapper. This tool provides a handy wrapper for certain types of capability testing and environment creation. It also provides some debugging features useful for summarizing capability state.
chroot	「/（ルート）」の場所を隠蔽してコマンドを実行。run command or interactive shell with special root directory.
pivot_root	pivot_root moves the root file system of the current process to the directory put_old and makes new_root the new root file system. Note that chroot must be available under the old root and under the new root, because pivot_root may or may not have implicitly changed the root directory of the shell.
locale-gen	By default, the locale package which provides the base support for localisation of libc-based programs does not contain usable localisation files for every supported language. This limitation has became necessary because of the substantial size of such files and the large number of languages supported by libc. As a result, Debian uses a special mechanism where we prepare the actual localisation files on the target host and distribute only the templates for them. locale-gen is a program that reads the file /etc/locale.gen and invokes localedef for the chosen localisation profiles. Run locale-gen after you have modified the /etc/locale.gen file.
mkhomedir_helper	is a helper program for the pam_mkhomedir module that creates home directories and populates them with contents of the specified skel directory. The default value of umask is 0022 and the default value of path-to-skel is /etc/skel. The helper is separated from the module to not require direct access from login SELinux domains to the contents of user home directories.
mklost+found	mklost+found is used to create a lost+found directory in the current working directory on a Linux second extended file system. There is normally a lost+found directory in the root directory of each filesystem.

ネットワーク

コマンド	概要
dhclient	provides a means for configuring one or more network interfaces using the Dynamic Host Configuration Protocol, BOOTP protocol, or if these protocols fail, by statically assigning an address.
dhclient-script	The DHCP client network configuration script is invoked from time to time by dhclient(8).
ifup ifdown ifquery	The ifup and ifdown commands may be used to configure (or, respectively, deconfigure) network interfaces based on interface definitions in the file /etc/network/interfaces. ifquery command may be used to parse interfaces configuration.
ip	show / manipulate routing, network devices, interfaces and tunnels.
bridge	show / manipulate bridge addresses and devices.
nft	is the command line tool used to set up, maintain and inspect packet filtering and classification rules in the Linux kernel, in the nftables framework. The Linux kernel subsystem is known as nf_tables, and ‘nf’ stands for Netfilter.
devlink	Devlink tool
ethtool	used to query and control network device driver and hardware settings, particularly for wired Ethernet devices.
genl	provides a simple frontend to the generic netlink library. Although it's designed to support multiple OBJECTs, for now only the ctrl object is available, which is used to query the generic netlink controller.
rmt rmt-tar	remote magnetic tape server provides remote access to files and devices for tar(1), cpio(1), and similar backup utilities. It is normally called by running rsh(1) or ssh(1) to the remote machine, optionally using a different login name if one is supplied.

情報探索

コマンド	概要
accessdb	「man」関連のデータベース内情報を表示。dumps the content of a man-db database in a human readable format.
aspell-autobuildhash	「dictionaries-common」から呼ばれる。script that will manage aspell hash files autobuild, intended to be called from the dictionaries-common tools.
remove-default-ispell	remove default ispell dictionary
remove-default-wordlist	remove default wordlist
iconvconfig	文字コード変換の設定ファイルをキャッシュ。iconv(3) function internally uses gconv modules to convert to and from a character set. A configuration file is used to determine the needed modules for a conversion. Loading and parsing such a configuration file would slow down programs that use iconv(3), so a caching mechanism is employed.

港開発ツール

コマンド	概要
depmod	Linuxシステムでは複数のモジュールを使い回しながらサービスを提供している。ゆえにモジュール間の依存関係は複雑になりがち。depmodは各モジュールの依存状況を /lib/modules/version から読み取って依存関係リスト modules.dep を作成する。
ldconfig	ldconfig creates the necessary links and cache to the most recent shared libraries found in the directories specified on the command line, in the file /etc/ld.so.conf, and in the trusted directories, /lib and /usr/lib.

その他

コマンド	概要
cppw cpgr	will copy, with locking, the given file to /etc/passwd and /etc/group, respectively.
fstab-decode	decodes escapes (such as newline characters and other whitespace) in the specified ARGUMENTs and uses them to run COMMAND. In essence fstab-decode can be used anytime we want to pass multiple parameters to a command as a list of command line arguments.
ispell-autobuildhash	is a script that will manage ispell hash files autobuild, intended to be called from the dictionaries-common tools.
ownership	retrieves and prints the "ownership tag" that can be set on Compaq computers. Contrary to all other programs of the dmidecode package, ownership doesn't print any version information, nor labels, but only the raw ownership tag. This should help its integration in scripts.

pam_timestamp_check pivot_root poweroff pwck pwconv pwunconv qemu-ga raw readprofile reboot remove-default-ispell remove-default-wordlist remove-shell resize2fs rmmod rmt rmt-tar rsyslogd rtacct rtcwake rtmon runlevel runuser select-default-ispell select-default-wordlist service setcap sfdisk shadowconfig shutdown sshd start-stop-daemon sulogin swaplabel swapoff swapon switch_root sysctl tarcat tc tcptraceroute tcptraceroute.db telinit tipc traceroute tune2fs tzconfig unix_chkpwd unix_update update-ca-certificates update-default-aspell update-default-ispell update-default-wordlist update-dictcommon-aspell update-dictcommon-hunspell update-grub update-grub2 update-initramfs update-locale update-mime update-passwd update-pciids update-rc.d upgrade-from-grub-legacy useradd userdel usermod validlocale vigr vipw vpddecode wipefs zic zramctl