/sbin (usr/sbin)内に格納されているシステム管理者用コマンド202個。rootで利用可。ちなみに アプリ や 妖精 (ダイモン) の場合はより機能が複雑で独自のインターフェースが起動したりする。一般ユーザ用コマンドも参照。
妖精さん
| arpd | ARP情報を収集して保持してくれる妖精。daemon collects gratuitous ARP information, saving it on local disk and feeding it to the kernel on demand to avoid redundant broadcasting due to limited size of the kernel ARP cache. |
|---|---|
| cron | スケジュールした仕事をやってくれる妖精。daemon to execute scheduled commands (Vixie Cron). started automatically from /etc/init.d on entering multi-user runlevels. |
ハードウェア管理
| コマンド | 概要 |
|---|---|
| biosdecode | マザボ付属BIOSに記録されているハードウェア情報を表示。parses the BIOS memory and prints information about all structures (or entry points) it knows of. |
| dmidecode | PCのSMBIOS情報を表示。tool for dumping a computer's DMI (some say SMBIOS) table contents in a human-readable format. |
| chcpu | configure CPUs. it modify the state of CPUs. It can enable or disable CPUs, scan for new CPUs, etc. |
| chmem | configure memory. it sets a particular size or range of memory online or offline. |
| discover | ハードウェア情報を表示。provides an extensible hardware detection and reporting interface. Hardware information is stored in an XML data format and can be re trieved across the network. |
| discover-modprobe | ブート時に自動的に実行されてカーネルモジュールをロード。loads kernel modules identified by discover. It will typically be invoked automatically at boot time. |
| discover-pkginstall | discoverコマンド情報を利用してハードウェア向けのパッケージをインストール。intsall packages for available hardware using discover(1).It will use the discover-data database to map for hardware to debian packages, install the packages by default. |
| hwclock | administration tool for the time clocks. It can: display the Hardware Clock time; set the Hardware Clock to a specified time; set the Hardware Clock from the System Clock; set the System Clock from the Hardware Clock; |
| rtcwake | to enter a system sleep state and to automatically wake from it at a specified time. This uses cross-platform Linux interfaces to enter a system sleep state, and leave it no later than a specified time. It uses any RTC framework driver that supports standard driver model wakeup flags. |
| ctrlaltdel | Linuxでは「ctrl」「alt」「del」同時押しでシステムを強制リブートできる。Debian11では「soft(オフ)」。set the function of the Ctrl-Alt-Del combination. hard : Immediately reboot the computer without calling sync(2) and without any other preparation. |
| halt poweroff reboot |
to halt, power-off, or reboot the machine. All three commands take the same options. |
ブートローダ管理
| コマンド | 概要 |
|---|---|
| grub-bios-setup | You shouldn't normally run this program directly. Use grub-install instead. set up a device to boot using GRUB. |
| grub-install | Install GRUB on your drive. |
| grub-mkconfig | generate a GRUB configuration file. |
| grub-mkdevicemap | Generate a device map file automatically. |
| grub-probe | probe device information for GRUB. Probe device information for a given path (or device, if the -d option is given). |
| grub-reboot | Set the default boot menu entry for GRUB, for the next boot only. MENU_ENTRY is a number, a menu item title or a menu item identifier. |
| grub-set-default | Set the default boot menu entry for GRUB. This requires setting GRUB_DEFAULT=saved in /etc/default/grub. |
| grub-macbless | Mac-style bless on HFS or HFS+. MacOS 9 までの MacOSでは、起動ディスクにある「システムフォルダ」をFinderで開くと、そのCNIDをボリュームヘッダ内のFinderInfoに記録する。このディレクトリを開く行為を特に「bless」(祝福)と言っていた。 |
カーネル管理
| コマンド | 概要 |
|---|---|
| installkernel | installs a new kernel image onto the system from the Linux source tree. It is called by the Linux kernel makefiles when make install is invoked there. The new kernel is installed into {directory}/vmlinuz-{version}. |
| readprofile | read kernel profiling information |
| lsmod | is a trivial program which nicely formats the contents of the /proc/modules, showing what kernel modules are currently loaded. |
| modinfo | extracts information from the Linux Kernel modules given on the command line. If the module name is not a filename, then the /lib/modules/version directory is searched, as is also done by modprobe(8) when loading kernel modules. |
| modprob | intelligently adds or removes a module from the Linux kernel: note that for convenience, there is no difference between _ and - in module names (automatic underscore conversion is performed). |
| insmod | is a trivial program to insert a module into the kernel. Most users will want to use modprobe(8) instead, which is more clever and can handle module dependencies. |
| rmmod | remove a module from the Linux Kernel |
| mkinitramfs | generates an initramfs image. The initramfs is a compressed cpio archive. The archive can be used on a different box of the same arch with the corresponding Linux kernel. mkinitramfs is meant for advanced usage. |
デバイス管理
| コマンド | 概要 |
|---|---|
| fdisk | dialog-driven program for creation and manipulation of partition tables. It understands GPT, MBR, Sun, SGI and BSD partition tables. Block devices can be divided into one or more logical disks called partitions. This division is recorded in the partition table, usually found in sector 0 of the disk. (In the BSD world one talks about `disk slices' and a `disklabel'.). All partitioning is driven by device I/O limits (the topology) by default. fdisk is able to optimize the disk layout for a 4K-sector size and use an alignment offset on modern devices for MBR and GPT. It is always a good idea to follow fdisk's defaults as the default values. |
| cfdisk | Curses版パーティショニング管理アプリ。display or manipulate a disk partition table. Curses-based program for partitioning any block device. The default device is /dev/sda. |
| blkid | ブロックデバイスのID情報を表示。locate/print block device attributes. |
| badblocks | パーティション内のブロックの欠陥を探す。used to search for bad blocks on a device (usually a disk partition). |
| blkdeactivate | ブロックデバイスをオフにする。deactivates block devices. For mounted block devices, it attempts to unmount it automatically before trying to deactivate. |
| blkdiscard | デバイスのセクターを直接破棄。discard device sectors. This is useful for solid-state drivers (SSDs) and thinly-provisioned storage. Unlike fstrim(8), this command is used directly on the block device. |
| blkzone | run zone command on device that support the Zoned Block Commands (ZBC) or Zoned-device ATA Commands (ZAC). |
| blockdev | The utility blockdev allows one to call block device ioctls from the command line. |
| dmsetup | manages logical devices that use the device-mapper driver. Devices are created by loading a table that specifies a target for each sector (512 bytes) in the logical device. |
| dmstats | manages IO statistics regions for devices that use the device-mapper driver. Statistics regions may be created, deleted, listed and reported on using the tool. |
| fdformat | does a low-level format on a floppy disk. device is usually one of the following./dev/fd0d360 (minor = 4),/dev/fd0h1200 (minor = 8),etc. |
| ldattach | The ldattach daemon opens the specified device file (which should refer to a serial device) and attaches the line discipline ldisc to it for processing of the sent and/or received data. It then goes into the background keeping the device open so that the line discipline stays loaded. |
| losetup | is used to associate loop devices with regular files or block devices, to detach loop devices, and to query the status of a loop device. |
| mkswap | sets up a Linux swap area on a device or in a file. The device argument will usually be a disk partition (something like /dev/sdb7) but can also be a file. |
| raw | bind a Linux raw character device to a block device. Any block device may be used: at the time of binding, the device driver does not even have to be accessible (it may be loaded on demand as a kernel module later). |
ファイルシステム管理
| コマンド | 概要 |
|---|---|
| mke2fs mkfs.ext2[34] |
mke2fs is used to create an ext2, ext3, or ext4 filesystem, usually in a disk partition (or file) named by device. |
| mkfs | This mkfs frontend is deprecated in favour of filesystem specific mkfs.<type> utils. |
| mkfs.cramfs | Files on cramfs file systems are zlib-compressed one page at a time to allow random read access. The metadata is not compressed, but is expressed in a terse representation that is more space-efficient than conventional file systems. |
| mkfs.bfs | creates an SCO bfs filesystem on a block device (usually a disk partition or a file accessed via the loop device). |
| mkfs.minix | creates a Linux MINIX filesystem on a device (usually a disk partition). |
| fsck | check and optionally repair one or more Linux filesystems. filesys can be a device name (e.g., /dev/hdc1, /dev/sdb2), a mount point (e.g., /, /usr, /home), or an filesystem label or UUID specifier (e.g., UUID=8868abf6-88c5-4a83-98b8-bfc24057f7bd or LABEL=root). Normally, the fsck program will try to handle filesystems on different physical disk drives in parallel to reduce the total amount of time needed to check all of them. |
| fsck.ext2[34] e2fsck |
check the ext2/ext3/ext4 family of file systems. For ext3 and ext4 filesystems that use a journal, if the system has been shut down uncleanly without any errors, normally, after replaying the committed transactions in the journal, the file system should be marked as clean. Hence, for filesystems that use journalling, e2fsck will normally replay the journal and exit, unless its superblock indicates that further checking is required. Note that in general it is not safe to run e2fsck on mounted filesystems. |
| fsck.cramfs | used to check the cramfs file system. |
| fsck.minix | check consistency of Minix filesystem. |
| fsfreeze | suspends or resumes access to a filesystem. fsfreeze halts any new access to the filesystem and creates a stable image on disk. fsfreeze is intended to be used with hardware RAID devices that support the creation of snapshots. |
| fstrim | used on a mounted filesystem to discard (or "trim") blocks which are not in use by the filesystem. This is useful for solid-state drives (SSDs) and thinly-provisioned storage. By default, fstrim will discard all unused blocks in the filesystem. Options may be used to modify this behavior based on range or size. |
| debugfs | 対話的にファイルシステムをデバッグする。ext2/ext3/ext4 file system debugger.It can be used to examine and change the state of an ext2, ext3, or ext4 file system. |
| dpkg-fsys-usrunmess | tool to fix up filesystems that have been installed anew with recent installers with unfortunate defaults or migrated to the broken merged /usr |
| dumpe2fs | prints the super block and blocks group information for the filesystem present on device. When used with a mounted filesystem, the printed information may be old or inconsistent. |
| e2freefrag | report free space fragmentation on ext2/3/4 file systems. |
| e2image | Save critical ext2/ext3/ext4 filesystem metadata to a file. |
| e2label | display or change the volume label on the ext2, ext3, or ext4 filesystem located on device. |
| e2mmpstatus | Check MMP status of an ext4 filesystem. used to check Multiple-Mount Protection (MMP) status of an ext4 filesystem with the mmp feature enabled. |
| e2scrub | check (but not repair) all metadata in a mounted ext[234] filesystem if the filesystem resides on an LVM logical volume.This program snapshots the volume and runs a file system check on the snapshot to look for corruption errors. |
| e2scrub_all | Searches the system for all LVM logical volumes containing an ext2, ext3, or ext4 file system, and checks them for problems. The checking is performed by invoking the e2scrub tool, which will look for corruptions. |
| e2undo | replay the undo log undo_log for an ext2/ext3/ext4 filesystem found on device. This can be used to undo a failed operation by an e2fsprogs program. |
| e4crypt | performs encryption management for ext4 file systems. |
| e4defrag | reduces fragmentation of extent based file. The file targeted by e4defrag is created on ext4 filesystem made with "-O extent" option (see mke2fs(8)). The targeted file gets more contiguous blocks and improves the file access speed. |
| filefrag | reports on how badly fragmented a particular file might be. It makes allowances for indirect blocks for ext2 and ext3 filesystems, but can be used on files for any filesystem. |
| findfs | find a filesystem by label or UUID. search the block devices in the system looking for a filesystem or partition with specified tag. The currently supported tags are: LAVEL, UUID, etc. |
| isosize | This command outputs the length of an iso9660 filesystem that is contained in the specified file. This file may be a normal file or a block device (e.g. /dev/hdd or /dev/sr0). In the absence of any options (and errors), it will output the size of the iso9660 filesystem in bytes. This can now be a large number (>> 4 GB). |
| resize2fs | will resize ext2, ext3, or ext4 file systems. It can be used to enlarge or shrink an unmounted file system located on device. If the filesystem is mounted, it can be used to expand the size of the mounted filesystem, assuming the kernel and the file system supports on-line resizing. |
サービス管理
| コマンド | 概要 |
|---|---|
| systemd init |
systemd is a system and service manager for Linux operating systems. When run as first process on boot (as PID 1), it acts as init system that brings up and maintains userspace services. Separate instances are started for logged-in users to start their services. systemd is usually not invoked directly by the user, but is installed as the /sbin/init symlink and started during early boot. The user manager instances are started automatically through the user@.service(5) service. |
| killall5 | is the SystemV killall command. It sends a signal to all processes except kernel threads and the processes in its own session, so it won't kill the shell that is running the script it was called from. Its primary (only) use is in the rc scripts found in the /etc/init.d directory. |
| invoke-rc.d | is a generic interface to execute System V style init script /etc/init.d/name actions, obeying runlevel constraints as well as any local policies set by the system administrator. |
| runlevel | "Runlevels" are an obsolete way to start and stop groups of services used in SysV init. systemd provides a compatibility layer that maps runlevels to targets, and associated binaries like runlevel.0=poweroff.target; 1=rescue.target; 2, 3, 4=multi-user.target; 5=graphical.target; 6=reboot.target. |
プロセス管理
| コマンド | 概要 |
|---|---|
| getcap | プロセスの特権状況(ケーパビリティ)を確認。displays the name and capabilities of each specified file. |
| getpcaps | displays the capabilities on the processes indicated by the pid value(s) given on the command line. A pid of 0 displays the capabilities of the process that is running getpcaps itself. |
ログ管理
| コマンド | 概要 |
|---|---|
| rsyslogd | Note that this version of rsyslog ships with extensive documentation in HTML format. This is provided in the ./doc subdirectory and probably in a separate package if you installed rsyslog via a packaging system. To use rsyslog's advanced features, you need to look at the HTML documentation, because the man pages only covers basic aspects of operation. For details and configuration examples, see the rsyslog.conf (5) man page and the on‐line documentation at https://www.rsyslog.com/doc/ |
| logrotate | is designed to ease administration of systems that generate large numbers of log files. It allows automatic rotation, compression, removal, and mailing of log files. Each log file may be handled daily, weekly, monthly, or when it grows too large. Normally, logrotate is run as a daily cron job. |
| logsave | will execute cmd_prog with the specified argument(s), and save a copy of its output to logfile. |
セキュリティ管理
| コマンド | 概要 |
|---|---|
| pam-auth-update | is a utility that permits configuring the central authentication policy for the system using pre-defined profiles as supplied by PAM module packages. |
| pam_getenv | will print out the value of env_var from /etc/environment. It will attempt to expand environment variable references in the definition of env_var but will fail if PAM items are expanded. |
| pam_timestamp_check | With no arguments pam_timestamp_check will check to see if the default timestamp is valid, or optionally remove it. |
パッケージ管理
| コマンド | 概要 |
|---|---|
| dpkg-preconfigure | インストールされる前に新しいパッケージが質問してくる。lets packages ask questions before they are installed. It operates on a set of debian packages, and all packages that use debconf will have their config script run so they can examine the system and ask questions. |
| dpkg-reconfigure | 名前を指定してインストール済みパッケージの設定を組み直す。reconfigures packages after they have already been installed. Pass it the names of a package or packages to reconfigure. It will ask configuration questions, much like when the package was first installed. If you just want to see the current configuration of a package, see debconf-show(1) instead. |
ユーザ管理
| コマンド | 概要 |
|---|---|
| adduser addgroup |
システムにユーザやグループを追加。add a user or group to the system. They are friendlier front ends to the low level tools like useradd, groupadd and usermod programs. |
| useradd groupadd |
low level utility for adding users. On Debian, administrators should usually use adduser(8) instead. |
| deluser delgroup |
システムからユーザやグループを削除。remove a user or group from the system. |
| userdel groupdel |
low level utility for removing users. On Debian, administrators should usually use deluser(8) instead. |
| chpasswd | ユーザのパスワードを変更。update passwords in batch mode. reads a list of user name and password pairs from standard input and uses this information to update a group of existing users. |
| chgpasswd | グループのパスワードを変更。update group passwords in batch mode. it reads a list of group name and password pairs from standard input and uses this information to update a set of existing groups. |
| faillock | application which can be used to examine and modify the contents of the tally files. It can display the recent failed authentication attempts of the username or clear the tally files of all or individual usernames. |
| groupmems | allows a user to administer their own group membership list without the requirement of superuser privileges. The groupmems utility is for systems that configure its users to be in their own name sake primary group (i.e., guest / guest). Only the superuser, as administrator, can use groupmems to alter the memberships of other groups. |
| groupmod | modifies the definition of the specified GROUP by modifying the appropriate entry in the group database. |
| grpck | verifies the integrity of the groups information. It checks that all entries in /etc/group and /etc/gshadow have the proper format and contain valid data. The user is prompted to delete entries that are improperly formatted or which have other uncorrectable errors. |
| pwconv pwunconv |
creates shadow from passwd. pwunconv command creates passwd from passwd and shadow and then removes shadow. |
| grpconv grpunconv |
creates gshadow from group. grpunconv command creates group from group and gshadow and then removes gshadow. |
| newusers | The newusers command reads a file (or the standard input by default) and uses this information to update a set of existing users or to create new users. Each line is in the same format as the standard password file (see passwd(5)) with the exceptions explained below: |
| nologin | politely refuse a login. displays a message that an account is not available and exits non-zero. It is intended as a replacement shell field for accounts that have been disabled. |
| pwck | verifies the integrity of the users and authentication information. It checks that all entries in /etc/passwd and /etc/shadow have the proper format and contain valid data. The user is prompted to delete entries that are improperly formatted or which have other uncorrectable errors. |
| runuser | run commands with a substitute user and group ID. |
環境管理
| コマンド | 概要 |
|---|---|
| getty agetty |
マシンを制御するためにテレタイプを起動。alternative Linux getty. Opens a tty port, prompts for a login name and invokes the /bin/login command. It is normally invoked by init(8). |
| add-shell | システムに利用可能なシェルを追加。add shells to the list of valid login shells |
| remove-shell | remove shells from the list of valid login shells |
| capsh | capability shell wrapper. This tool provides a handy wrapper for certain types of capability testing and environment creation. It also provides some debugging features useful for summarizing capability state. |
| chroot | 「/(ルート)」の場所を隠蔽してコマンドを実行。run command or interactive shell with special root directory. |
| pivot_root | pivot_root moves the root file system of the current process to the directory put_old and makes new_root the new root file system. Note that chroot must be available under the old root and under the new root, because pivot_root may or may not have implicitly changed the root directory of the shell. |
| locale-gen | By default, the locale package which provides the base support for localisation of libc-based programs does not contain usable localisation files for every supported language. This limitation has became necessary because of the substantial size of such files and the large number of languages supported by libc. As a result, Debian uses a special mechanism where we prepare the actual localisation files on the target host and distribute only the templates for them. locale-gen is a program that reads the file /etc/locale.gen and invokes localedef for the chosen localisation profiles. Run locale-gen after you have modified the /etc/locale.gen file. |
| mkhomedir_helper | is a helper program for the pam_mkhomedir module that creates home directories and populates them with contents of the specified skel directory. The default value of umask is 0022 and the default value of path-to-skel is /etc/skel. The helper is separated from the module to not require direct access from login SELinux domains to the contents of user home directories. |
| mklost+found | mklost+found is used to create a lost+found directory in the current working directory on a Linux second extended file system. There is normally a lost+found directory in the root directory of each filesystem. |
ネットワーク
| コマンド | 概要 |
|---|---|
| dhclient | provides a means for configuring one or more network interfaces using the Dynamic Host Configuration Protocol, BOOTP protocol, or if these protocols fail, by statically assigning an address. |
| dhclient-script | The DHCP client network configuration script is invoked from time to time by dhclient(8). |
| ifup ifdown ifquery |
The ifup and ifdown commands may be used to configure (or, respectively, deconfigure) network interfaces based on interface definitions in the file /etc/network/interfaces. ifquery command may be used to parse interfaces configuration. |
| ip | show / manipulate routing, network devices, interfaces and tunnels. |
| bridge | show / manipulate bridge addresses and devices. |
| nft | is the command line tool used to set up, maintain and inspect packet filtering and classification rules in the Linux kernel, in the nftables framework. The Linux kernel subsystem is known as nf_tables, and ‘nf’ stands for Netfilter. |
| devlink | Devlink tool |
| ethtool | used to query and control network device driver and hardware settings, particularly for wired Ethernet devices. |
| genl | provides a simple frontend to the generic netlink library. Although it's designed to support multiple OBJECTs, for now only the ctrl object is available, which is used to query the generic netlink controller. |
| rmt rmt-tar |
remote magnetic tape server provides remote access to files and devices for tar(1), cpio(1), and similar backup utilities. It is normally called by running rsh(1) or ssh(1) to the remote machine, optionally using a different login name if one is supplied. |
| nstat rtacct |
tools to monitor kernel snmp;Simple Network Management Protocol; counters and network interface statistics. nstat can filter kernel snmp counters by name with one or several specified wildcards. Wildcards are case-insensitive and can include special symbols ? and *. |
| rtmon | listens to and monitors RTnetlink. rtmon listens on netlink socket and monitors routing table changes. rtmon can be started before the first network configuration command is issued. |
情報探索
| コマンド | 概要 |
|---|---|
| accessdb | 「man」関連のデータベース内情報を表示。dumps the content of a man-db database in a human readable format. |
| aspell-autobuildhash | 「dictionaries-common」から呼ばれる。script that will manage aspell hash files autobuild, intended to be called from the dictionaries-common tools. |
| select-default-ispell | This program is responsible for selecting default ispell dictionary. |
| remove-default-ispell | remove default ispell dictionary |
| select-default-wordlist | This program is responsible for selecting default wordlist. |
| remove-default-wordlist | remove default wordlist |
| iconvconfig | 文字コード変換の設定ファイルをキャッシュ。iconv(3) function internally uses gconv modules to convert to and from a character set. A configuration file is used to determine the needed modules for a conversion. Loading and parsing such a configuration file would slow down programs that use iconv(3), so a caching mechanism is employed. |
港開発ツール
| コマンド | 概要 |
|---|---|
| depmod | Linuxシステムでは複数のモジュールを使い回しながらサービスを提供している。ゆえにモジュール間の依存関係は複雑になりがち。depmodは各モジュールの依存状況を /lib/modules/version から読み取って依存関係リスト modules.dep を作成する。 |
| ldconfig | ldconfig creates the necessary links and cache to the most recent shared libraries found in the directories specified on the command line, in the file /etc/ld.so.conf, and in the trusted directories, /lib and /usr/lib. |
その他
| コマンド | 概要 |
|---|---|
| cppw cpgr |
will copy, with locking, the given file to /etc/passwd and /etc/group, respectively. |
| fstab-decode | decodes escapes (such as newline characters and other whitespace) in the specified ARGUMENTs and uses them to run COMMAND. In essence fstab-decode can be used anytime we want to pass multiple parameters to a command as a list of command line arguments. |
| ispell-autobuildhash | is a script that will manage ispell hash files autobuild, intended to be called from the dictionaries-common tools. |
| ownership | retrieves and prints the "ownership tag" that can be set on Compaq computers. Contrary to all other programs of the dmidecode package, ownership doesn't print any version information, nor labels, but only the raw ownership tag. This should help its integration in scripts. |
rtmon runlevel runuser select-default-ispell select-default-wordlist service setcap sfdisk shadowconfig shutdown sshd start-stop-daemon sulogin swaplabel swapoff swapon switch_root sysctl tarcat tc tcptraceroute tcptraceroute.db telinit tipc traceroute tune2fs tzconfig unix_chkpwd unix_update update-ca-certificates update-default-aspell update-default-ispell update-default-wordlist update-dictcommon-aspell update-dictcommon-hunspell update-grub update-grub2 update-initramfs update-locale update-mime update-passwd update-pciids update-rc.d upgrade-from-grub-legacy useradd userdel usermod validlocale vigr vipw vpddecode wipefs zic zramctl