Skip to main content

debian stable bootstrap

apk add debootstrap arch-install-scripts


prepare partition 

doas mkfs.ext4 -O ^has_journal   /dev/nvme0n1p3

doas mount /dev/nvme0n1p3 /mnt


bootstrap using debootstrap 

 --print-debs for listing pkg to be installed 


available releases are stable,testing,unstable
debootstrap --variant=minbase  stable /mnt
debootstrap --include=apt,bash,dpkg stable  /mnt


 sudo debootstrap --arch amd64   jammy 

--extractor =ar if you are using old apt without zstd support to install new image



doas debootstrap --arch amd64 chimaera /mnt


security updates 

nano /etc/apt/sources.list

deb chimaera main contrib non-free

deb chimaera-security main 

deb chimaera-updates main 



mirrorlist generator 
add security updates to apt 
cat   /mnt/etc/apt/sources.list                                      
deb jammy main universe restricted
deb jammy-security main universe restricted
deb jammy-updates main universe restricted

  apt install initramfs-tools efibootmgr iwd resolvconf ubuntu-drivers-common linux-oem-22.04

oem dirver is hardware specific . find your own.
debconf configure needs dialog based frontend  : whiptail,dialog,xdialog,
cat  /usr/share/perl5/Debconf/FrontEnd/  to see  how frontends are called 
 1. Dialog    3. Gnome  5. Editor
2. Readline 4. Kde 6. Noninteractive 
dpkg-reconfigure --frontend dialog debconf 

dpkg-reconfigure debconf
dpkg-reconfigure tzdata
dpkg-reconfigure locales
dpkg-reconfigure keyboard-configuration 
  dpkg-reconfigure console-setup

sudo update-alternatives --config editor

## setting hostname

echo "hostname" > /etc/hostname
echo " hostname" >> /etc/hosts


install from alpine linux 

doas apk add debootstrap

 doas  debootstrap   kali-rolling  ~/kali/  

maybe --variant=minbase 

without systemd cant use sway,gtk3 or any adveance wm /de on debian/kali



CHROOT into /mnt

doas arch-chroot /mnt
export TERM=linux 
source /etc/profile

custom chroot script if no  arch-install-scripts

nano arch-chroot
  mount --rbind /dev /mnt/dev && mount --make-rslave /mnt/dev
mount --rbind /dev/pts /mnt/dev/pts && mount --make-rslave /mnt/dev/pts
mount --rbind /proc /mnt/proc && mount --make-rslave /mnt/proc
mount --rbind /sys /mnt/sys && mount --make-rslave /mnt/sys
 cp --dereference  /etc/resolv.conf /mnt/etc
chroot  /mnt /bin/bash   
 sudo bash arch-chroot 

Repo config and add security,update repo

source list generator
apt install neofetch --no-install-recommends 
 apt install nano --no-install-recommends
 nano /etc/apt/sources.list
deb stable main

deb stable-updates main
deb stable-security main 

cat /etc/sources.list.d/debian.sources 
Types: deb
Suites: sid
Components: main
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg


multimedia repo 

read first  mat have problem in upding  due to pkg  conflicts
 apt install curl wget apt-transport-https dirmngr  

###### 3rd Party Binary Repos
###Debian Multimedia
deb [arch=amd64,i386] buster main non-free 

 remove some files from dpkg

cat /etc/dpkg/dpkg.cfg.d/excludes
# Drop locales except English

# Drop translated manual pages except english

 apt install nnn  -no-install-recommends

run nnn as root and remove residue dir in /usr/share/locale,man

nnn /usr/share/locale
space on folder to  keep and shift a to reverse selection  and x  and  s and y to delete  
nnn /usr/share/man 

clean locale 



 update-locale LANG=en_US.UTF-8

cat /etc/locale.gen 

 sudo locale-gen

sudo  locale-gen --purge en_US.UTF-8

locale -a
localedef --list-archive
localectl list-locales
sudo locale-a 
sudo dpkg-reconfigure locales

  • apt/apt-get clean → cleans the packages and install script in /var/cache/apt/archives/
  • apt/apt-get autoclean → cleans obsolete deb-packages, less than clean
  • apt/apt-get autoremove → removes orphaned packages which are not longer needed from the system, but not purges them, use the --purge option together with the command for that.


apt disable recommend package

list  file downloaded are from
saved in /var/lib/apt/lists/ as extracted or comressed format( if specified to )  main , contrib, non-free, non-free-firmware  

 sudo nano /etc/apt/apt.conf.d/90recommend

APT::Install-Recommends "0";

 APT::Install-Suggests "0";

Apt::AutoRemove::SuggestsImportant "0";

 APT::AutoRemove::RecommendsImportant "0";


disable downloading translated package name index


Acquire::Languages "none";


 # Disable source package cache which most users will never use

Dir::Cache::srcpkgcache "";

##dont etxtract package list, some operation like apt show pkgname becomes slow (anything that reads package list)

Acquire::GzipIndexes "true";


Acquire::IndexTargets::deb::Packages::KeepCompressedAs "xz";
Acquire::IndexTargets::deb::Translations::KeepCompressedAs "xz";
Acquire::IndexTargets::deb-src::Sources::KeepCompressedAs "xz";


#default lz4 is kept  

another style /etc/apt.conf.d/all


Install-Recommends "0";
Install-Suggests "0";
Autoremove {
SuggestsImportant "0";
RecommendsImportant "0";


Acquire {
Languages "none";
GzipIndexes "1";

Dir::Cache::srcpkgcache "";



Option: APT::AutoRemove::RecommendsImportant
Default: true
Description: If this option is true, the aptitude will not consider packages to be unused (and thus will not automatically remove them) as long as any installed package recommends them, even if APT::Install-Recommends is false. For more information, see the section called “Managing automatically installed packages”.


Option: APT::AutoRemove::SuggestsImportant
Default: true
Description: If this option is true, then aptitude will not consider packages to be unused (and thus will not automatically remove them) as long as any installed package suggests them. For more information, see the section called “Managing automatically installed packages”.


Option: APT::Install-Recommends
Default: true
Description: If this option is true and Aptitude::Auto-Install is true, then whenever you mark a package for installation, aptitude will also mark the packages it recommends for installation. Furthermore, if this option is true, aptitude will not consider packages to be unused (and thus will not automatically remove them) as long as any installed package reommends them. For more information, see the section called “Managing automatically installed packages” and the section called “Immediate dependency resolution”.


When downloading gzip compressed indexes (Packages, Sources, or
Translations), keep them gzip compressed locally instead of
unpacking them. This saves quite a lot of disk space at the expense
of more CPU requirements when building the local package caches.
False by default.

List of compression types which are understood by the acquire
methods. Files like Packages can be available in various
compression formats. By default the acquire methods can decompress
and recompress many common formats like xz and gzip; with this
scope the supported formats can be queried, modified as well as
support for more formats added (see also APT::Compressor). The
syntax for this is:

Acquire::CompressionTypes::FileExtension "Methodname";

Also, the Order subgroup can be used to define in which order the
acquire system will try to download the compressed files. The
acquire system will try the first and proceed with the next
compression type in this list on error, so to prefer one over the
other type simply add the preferred type first - types not already
added will be implicitly appended to the end of the list, so e.g.

Acquire::CompressionTypes::Order:: "gz";

can be used to prefer gzip compressed files over all other
compression formats. If xz should be preferred over gzip and bzip2
the configure setting should look like this:

Acquire::CompressionTypes::Order { "xz"; "gz"; };

It is not needed to add bz2 to the list explicitly as it will be
added automatically. 
Note that the Dir::Bin::Methodname will be checked at run time. If
this option has been set and support for this format isn't directly
built into apt, the method will only be used if this file exists;
e.g. for the bzip2 method (the inbuilt) setting is:

Dir::Bin::bzip2 "/bin/bzip2";

Note also that list entries specified on the command line will be
added at the end of the list specified in the configuration files,
but before the default entries. To prefer a type in this case over
the ones specified in the configuration files you can set the
option direct - not in list style. This will not override the
defined list; it will only prefix the list with this type.

The special type uncompressed can be used to give uncompressed
files a preference, but note that most archives don't provide
uncompressed files so this is mostly only usable for local mirrors. 

Try to download deltas called PDiffs for indexes (like Packages
files) instead of downloading whole ones. True by default.
Preferably, this can be set for specific sources.list(5) entries or
index files by using the PDiffs option there.

Two sub-options to limit the use of PDiffs are also available:
FileLimit can be used to specify a maximum number of PDiff files
should be downloaded to update a file. SizeLimit on the other hand
is the maximum percentage of the size of all patches compared to
the size of the targeted file. If one of these limits is exceeded
the complete file is downloaded instead of the patches. 

ignore/ban some package 

cat /etc/apt/preferences.d/ignored-packages
Package: grub-common grub2-common grub-pc grub-pc-bin grub-gfxpayload-lists
Pin: release *
Pin-Priority: -1


ubuntu blocklist 

Package: snapd cloud-init landscape-common popularity-contest ubuntu-advantage-tools
Pin: release *
Pin-Priority: -1      



testing using systemd as block 


remove residual config files ( dpkg -l  shows  ^rc)

dpkg --list |grep "^rc" | cut -d " " -f 3 | xargs sudo dpkg --purge 


install some package 

apt install bash-completion

. /etc/bash_completion 

apt install xserver-xorg-core 

apt install xserver-xorg-input-libinput

for runit 

runit still use sysv at 0 and 1 stage 

apt install runit-init 

 readlink -f  /sbin/init 



for sysv

sudo apt install initscripts sysv-rc-conf sysvinit-core sysvinit-utils

pstree -Ap
nano /etc/inittab 

Default runlevel

# The default runlevel.

boot loader: sysvinit 

debian still maintains sysvinit init system for base packages only. systemd is only official supported
 # Boot-time system configuration/initialization script.
# This is run first except when booting in emergency (-b) mode.
cat  /etc/init.d/rcS
# Call all S??* scripts in /etc/rcS.d/ in numerical/alphabetical order
exec /etc/init.d/rc S


# /etc/init.d executes the S and K scripts upon change
# of runlevel.
# Runlevel 0 is halt.
# Runlevel 1 S is single-user.
# Runlevels 2-5 are multi-user.
# Runlevel 6 is reboot.

l0:0:wait:/etc/init.d/rc 0
l1:1:wait:/etc/init.d/rc 1
l2:2:wait:/etc/init.d/rc 2
l3:3:wait:/etc/init.d/rc 3
l4:4:wait:/etc/init.d/rc 4
l5:5:wait:/etc/init.d/rc 5
l6:6:wait:/etc/init.d/rc 6


Getty and logins

# /sbin/getty invocations for the runlevels.
# The "id" field MUST be the same as the last
# characters of the device (after "tty").
# Format:
# <id>:<runlevels>:<action>:<process>
# Note that on most Debian systems tty7 is used by the X Window System,
# so if you want to add more getty's go ahead but skip tty7 if you run X.
1:2345:respawn:/sbin/getty --noclear 38400 tty1
2:23:respawn:/sbin/getty 38400 tty2
#3:23:respawn:/sbin/getty 38400 tty3
#4:23:respawn:/sbin/getty 38400 tty4
#5:23:respawn:/sbin/getty 38400 tty5
#6:23:respawn:/sbin/getty 38400 tty6

Single-user boot

 # What to do in single-user mode.
~~:S:wait:/sbin/sulogin --force

# Normally not reached, but fallthrough in case of emergency.
z6:6:respawn:/sbin/sulogin --force


# What to do when CTRL-ALT-DEL is pressed.
ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now


Power-sensing scripts

Init can communicate with your UPS device and execute processes based on the status of the UPS. Here are some examples:

# What to do when the power fails/returns.
pf::powerwait:/etc/init.d/powerfail start
pn::powerfailnow:/etc/init.d/powerfail now
po::powerokwait:/etc/init.d/powerfail stop
switching runlevel
passing n to kernel parameter 
/sbin/telinit n 
telinit q causes init to re-examine inittab but not switch runlevel.
Warning: Always test a modified /etc/inittab with telinit q before you reboot, 
or a small syntax error can prevent your system from booting. 

man 5 inittab
man 8 init

Disable an init script

/sbin/update-rc.d <script name> remove


enable an init script

Create a symbolic link to /etc/rc<runlevel>.d/

update-rc.d test-init defaults


remove extra tty

rm  /etc/runit/runsvdir/current/getty-tty[3-6]


boot loader : systemd-boot

#using systemd-boot 

#sudo apt install systemd-boot

sudo apt install tiny-initramfs 

sudo apt install linux-image-amd64 


blkid to get uuid of root

 cat /etc/fstab 

UUID=9dc57367-b107-4c9f-9a76-150dc47ae249 / btrfs rw,noatime,compress=zstd:3,ssd,space_cache=v2,subvolid=5,subvol=/ 0 0

UUID=e0eeee06-09f6-41cc-a7ac-b0ff3f48fc9e /home ext4 rw,noatime 0 0


tips: you dont need fstab entry for root if you pass root parameter in kernel.

with arch-install-scripts  run as root user

 genfstab -U /mnt >> /mnt/etc/fstab


cat /mnt/loader/entries/debian.conf
title Kali
linux /vmlinuz-kali
initrd /initramfs-kali

 cat /mnt/loader/entries/kali.conf
title Kali
linux /vmlinuz-kali
initrd /initramfs-kali
options rd.driver.pre=btrfs  rootfstype=btrfs   root=UUID=9dc57367-b107-4c9f-9a76-150dc47ae249  rootflags=rw,noatime,compress  quiet


options  rootfstype=btrfs   root=UUID=9dc57367-b107-4c9f-9a76-150dc47ae249  rootflags=rw,noatime,subvolid=5,subvol=/  quiet


even without  subvol and compress parameter  it mounts fine.

options  rootfstype=ext4   root=UUID=9dc57367-b107-4c9f-9a76-150dc47ae249  rootflags=rw,noatime quiet loglevel=3 systemd.show_status=auto rd.udev.log_level=3

##with this  as kernel parameter you can remove fstab root entry to avoid wasting time remounting rootfs


noauto,x-systemd.automount for /home partition to fsck and mount on first access at fstab

cat /etc/tmpfiles.d/home.conf

silent boot

touch ~/.hushlogin

 rootflag in kernel 

quiet loglevel=3 systemd.show_status=auto rd.udev.log_level=3

Note that if you often receive Core temperature above threshold, cpu clock throttled messages in the kernel log, you need to use log level 2 to silence these at boot time.

kernel.printk = 3 3 3 3
/etc/systemd/system/[email protected]/skip-prompt.conf
ExecStart=-/usr/bin/agetty --skip-login --nonewline --noissue --autologin username --noclear %I $TERM


apt install firmware-realtek sudo neofetch debsecan wpasupplicant linux-image-amd64
apt search linux-image 


dpkg-reconfigure tzdata



apt install locales
dpkg-reconfigure locales

locale -a
 cat /etc/default/locale 

apt install dialog

dpkg-reconfigure locale




 apt install console-setup
dpkg-reconfigure keyboard-configuration 




/etc/hosts     localhost
::1             localhost    name



apt install iwd openresolv dbus

User accounts


adduser kai

passwd kai

adduser username wheel

apt install sudo

cat /etc/doas.d/doas.conf
doas (kai@(none)) password:
permit persist kai
permit nopass kai as root  cmd  brightnessctl
permit nopass kai as root  cmd  ntfs-3g
permit nopass kai as root  cmd  umount

#for non systemd or no polkit reboot

#permit nopass kai as root  cmd  reboot
#permit nopass kai as root  cmd  poweroff


for wifi

 sudo apt install iwd systemd-resolved 

 cat /etc/iwd/main.conf

systemctl enable iwd

systemctl enable systemd-resolved

ls -la /etc/resolv.conf
lrwxrwxrwx 1 root root 39 Feb 27 14:30 /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf

if its file/static fix it 

ln -rsf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
apt install systemd-sysv apt install sway foot wofi alsa-utils apulse dbus-glib-1-2 libxtst6 

apt install   htop 

xorg only setup


 for iwctl without root

cat /usr/share/dbus-1/system.d/iwd-dbus.conf 
<policy group="kai">
<allow send_destination="net.connman.iwd"/>

download firefox 

mkdir ~/opt cd ~/opt extract to ~/opt apt install lbzip2 tar xf   firefox-110.0.tar.bz2cat .bashrc export PATH=$HOME/.bin:$PATH
export NNN_OPENER=$HOME/.bin/nuke  cat .bin/firefox
apulse $HOME/opt/firefox/firefox $@ 

firmwares manual install

blutooth fw

put in /lib/firmware/qca

wifi fw


download and 

cd hw1.0

 mkdir -p /lib/firmware/ath10k/QCA9377/hw1.0

mv  * /lib/firmware/ath10k/QCA9377/hw1.0


intel graphics fw

icl firmware put in /lib/firmware/i915

sudo apt remove firmware-linux-free

intel tuning

cat /etc/modprobe.d/i915.conf
options i915 fastboot=1 enable_fbc=1 enable_guc=3

list obsolete package 

apt list ?obsolete 

apt list ?essential



apt list --installed | awk -F/ '/\[installed,local\]/{print $1}'

 nnn mimetype instead of file 

 sudo apt install libfile-mimeinfo-perl


mimetype -b


nano .bashrc

export NNN_OPENER=nuke

nano nuke

MIMETYPE="$( mimetype -b  "${FPATH}" )"



get temp

cat /sys/class/thermal/thermal_zone*/type
INT3400 Thermal

sed 's/000$/°C/' /sys/class/thermal/thermal_zone*/temp


hwmon devices

readlink  -f  /sys/class/hwmon/hwmon*



cat /sys/class/hwmon/hwmon*/name

for fan speed 

here hwmon3 has dell_smm so it has fan speed

 cat  /sys/class/hwmon/hwmon3/fan1_input 

=============================== ======= ======================================= Name Perm Description =============================== ======= ======================================= fan[1-3]_input RO Fan speed in RPM. fan[1-3]_label RO Fan label. fan[1-3]_min RO Minimal Fan speed in RPM fan[1-3]_max RO Maximal Fan speed in RPM fan[1-3]_target RO Expected Fan speed in RPM pwm[1-3] RW Control the fan PWM duty-cycle. pwm1_enable WO Enable or disable automatic BIOS fan control (not supported on all laptops, see below for details). temp[1-10]_input RO Temperature reading in milli-degrees Celsius. temp[1-10]_label RO Temperature sensor label. =============================== ======= =======================================


legacy /depreciated i8k 

cat /proc/i8k 1.0 A17 2J59L02 52 2 1 8040 6420 1 2 1 2 3 4 5 6 7 8 9 10   1.0 1.1 -1 59 -22 0 -22 0 -1 -22
  The fields read from ``/proc/i8k`` are:: 1.0 A17 2J59L02 52 2 1 8040 6420 1 2 | | | | | | | | | | | | | | | | | | | +------- 10. buttons status | | | | | | | | +--------- 9. AC status | | | | | | | +-------------- 8. fan0 RPM | | | | | | +------------------- 7. fan1 RPM | | | | | +--------------------- 6. fan0 status | | | | +----------------------- 5. fan1 status | | | +-------------------------- 4. temp0 reading (Celsius) | | +---------------------------------- 3. Dell service tag (later known as 'serial number') | +-------------------------------------- 2. BIOS version +------------------------------------------ 1. /proc/i8k format version

A negative value, for example -22, indicates that the BIOS doesn't return the corresponding information. This is normal on some models/BIOSes.

pretty format

bios version 

 cat /sys/class/dmi/id/bios_version

serial no 

sudo cat /sys/class/dmi/id/board_serial 


kernel patches to debian



intel graphics  tuning 

cat /etc/modprobe.d/i915.conf
options i915 fastboot=1 enable_fbc=1 enable_guc=3


replace base-files with debian ( for switching distro i.e devian to devuan,kali etc)
download from any mirror
dpkg -i base-fiels*.deb

list obsolete package 

apt list ?obsolete
 apt list --installed | awk -F/ '/\[installed,local\]/{print $1}'

ctrl+d = ^D  ## exit terminal
sudo chvt n   ## ctrl+alt+f2 alternative ,switch vt 
su -l doesnt preseve env vars, su preserves
after cat binary-file if terminal is crazy reset cmd
adduser name , deluser --remove-home name

home dir of root is /root

basename -a, --multiple  -s, --suffix=SUFFIX (suffix to delete)  -z, --zero (separator NUL) 

Print NAME with any leading directory components removed.

avoid { } ( ) [ ] ' ` " \ / > < | ; ! # & ^ * % @ $ in filename , and space if possible

Each file, directory, named pipe (a way two programs can share data), or physical device has a data structure called an inode which describes its associated attributes such as the user who owns it (owner), the group that it belongs to, the time last accessed, etc.



u=user who owns the file

g=Other users in the group which the file belongs to

o=All other users, world/everyone


For the file/folder, each corresponding permission allows following actions.

r  = read = allows owner to examine contents of the file / list contents of the directory.

w = write = allows owner to modify the file / add or remove files in the directory

x = execute = allows owner to run the file as a command / access files in the directory,viewing their attributes, such as the size and the modification time.


ls -l 

  • Type of file (first character)

  • Access permission of the file (nine characters, consisting of three characters each for user, group, and other in this order)

  • Number of hard links to the file

  • Name of the user who owns the file

  • Name of the group which the file belongs to

  • Size of the file in characters (bytes)

  • Date and time of the file (mtime)

  • Name of the file 


 first character meaning

character meaning
- normal file
d directory
l symlink
c character device node
b block device node
p named pipe
s socket

 chown is used from the root account to change the owner of the file. 
chgrp is used from the file's owner or root account to change the group of the file. 
 chmod is used from the file's owner or root account to change file and directory access permissions.
note : users may only run chown if they have the target user and group privileges
  • The set user ID bit (s or S instead of user's x)

  • The set group ID bit (s or S instead of group's x)

  • The sticky bit (t or T instead of other's x)


Setting set group ID on a directory enables the BSD-like file creation scheme where all files created in the directory belong to the group of the directory.


Setting the sticky bit on a directory prevents a file in the directory from being removed by a user who is not the owner of the file. In order to secure contents of a file in world-writable directories such as "/tmp" or in group-writable directories, one must not only reset the write permission for the file but also set the sticky bit on the directory. Otherwise, the file can be removed and a new file can be created with the same name by any user who has write access to the directory.


 numeric permission

first digit = sum of suid(4)+sgid(2)+sticky(1)
2nd = read(4),write(2),execute for user
3rd= same for group
4th= same for others
 pertinent commands such as test(1), stat(1) and readlink(1). The shell builtin such as "[" or "test"

Default creation of files/directories is typically 777 or 666

What permissions are applied to a newly created file or directory is restricted by the umask shell builtin command. See dash(1), bash(1), and builtins(7).


 (file permissions) = (requested file permissions) & ~(umask value)

Permissions for groups of users


system-provided groups for file access

group description for accessible files and devices
dialout full and direct access to serial ports ("/dev/ttyS[0-3]")
dip limited access to serial ports for Dialup IP connection to trusted peers
cdrom CD-ROM, DVD+/-RW drives
audio audio device
video video device
scanner scanner(s)
adm system monitoring logs
staff some directories for junior administrative work: "/usr/local", "/home"


List of types of timestamps

type meaning (historic Unix definition)
mtime the file modification time (ls -l)
ctime the file status change time (ls -lc)
atime the last file access time (ls -lu)


  • Overwriting a file changes all of the mtime, ctime, and atime attributes of the file.

  • Changing ownership or permission of a file changes the ctime and atime attributes of the file.

  • Reading a file changes the atime attribute of the file on the historic Unix system.

  • Reading a file changes the atime attribute of the file on the GNU/Linux system if its filesystem is mounted with "strictatime".

  • Reading a file for the first time or after one day changes the atime attribute of the file on the GNU/Linux system if its filesystem is mounted with "relatime". (default behavior since Linux 2.6.30)

  • Reading a file doesn't change the atime attribute of the file on the GNU/Linux system if its filesystem is mounted with "noatime".

hardlink=Duplicate name for an existing file 
Symbolic link or symlink = Special file that points to another file by name


The hardlink can be made within the same filesystem and shares the same inode number which the "-i" option with ls(1) reveals.

The symlink always has nominal file access permissions of "rwxrwxrwx", with the effective access permissions dictated by permissions of the file that it points to.


named pipe(fifo)

If you write to a named pipe, the process which is writing to the pipe doesn't terminate until the information being written is read from the pipe. If you read from a named pipe, the reading process waits until there is nothing to read before terminating. The size of the pipe is always zero --- it does not store data, it just links two processes like the functionality offered by the shell "|" syntax. However, since this pipe has a name, the two processes don't have to be on the same command line or even be run by the same user.



It is similar to the named pipe (FIFO) and allows processes to exchange information even between different computers. For the socket, those processes do not need to be running at the same time nor to be running as the children of the same ancestor process. This is the endpoint for the inter process communication (IPC). The exchange of information may occur over the network between different hosts. The two most common ones are the Internet socket and the Unix domain socket.


device file

here are 2 types of device files.

  • Character device

    • Accessed one character at a time

    • 1 character = 1 byte

    • E.g. keyboard device, serial port, …

  • Block device

    • accessed in larger units called blocks

    • 1 block > 1 byte

    • E.g. hard disk,


Table 1.10. List of special device files

device file action description of response
/dev/null read return "end-of-file (EOF) character"
/dev/null write return nothing (a bottomless data dump pit)
/dev/zero read return "the \0 (NUL) character" (not the same as the number zero ASCII)
/dev/random read return random characters from a true random number generator, delivering real entropy (slow)
/dev/urandom read return random characters from a cryptographically secure pseudorandom number generator
/dev/full write return the disk-full (ENOSPC) error



The terminal feature of Ctrl-S can be disabled using stty(1).


List of basic Vim key strokes

mode key strokes action
NORMAL :help|only display the help file
NORMAL :e filename.ext open new buffer to edit filename.ext
NORMAL :w overwrite current buffer to the original file
NORMAL :w filename.ext write current buffer to filename.ext
NORMAL :q quit vim
NORMAL :q! force to quit vim
NORMAL :only close all other split open windows
NORMAL :set nocompatible? check if vim is in the sane nocompatible mode
NORMAL :set nocompatible set vim to the sane nocompatible mode
NORMAL i enter the INSERT mode
NORMAL R enter the REPLACE mode
NORMAL v enter the VISUAL mode
NORMAL V enter the linewise VISUAL mode
NORMAL Ctrl-V enter the blockwise VISUAL mode
except TERMINAL-JOB ESC-key enter the NORMAL mode
NORMAL :term enter the TERMINAL-JOB mode
TERMINAL-JOB Ctrl-W N (or Ctrl-\ Ctrl-N) enter the TERMINAL-NORMAL mode
TERMINAL-JOB Ctrl-W : enter the Ex-mode in TERMINAL-NORMAL mode


Recording the shell activities


some commands....


basic Unix commands

command description
pwd display name of current/working directory
whoami display current user name
id display current user identity (name, uid, gid, and associated groups)
file foo display a type of file for the file "foo"
type -p commandname display a file location of command "commandname"
which commandname , ,
type commandname display information on command "commandname"
apropos key-word find commands related to "key-word"
man -k key-word , ,
whatis commandname display one line explanation on command "commandname"
man -a commandname display explanation on command "commandname" (Unix style)
info commandname display rather long explanation on command "commandname" (GNU style)
ls list contents of directory (non-dot files and directories)
ls -a list contents of directory (all files and directories)
ls -A list contents of directory (almost all files and directories, i.e., skip ".." and ".")
ls -la list all contents of directory with detail information
ls -lai list all contents of directory with inode number and detail information
ls -d list all directories under the current directory
tree display file tree contents
lsof foo list open status of file "foo"
lsof -p pid list files opened by the process ID: "pid"
mkdir foo make a new directory "foo" in the current directory
rmdir foo remove a directory "foo" in the current directory
cd foo change directory to the directory "foo" in the current directory or in the directory listed in the variable "$CDPATH"
cd / change directory to the root directory
cd change directory to the current user's home directory
cd /foo change directory to the absolute path directory "/foo"
cd .. change directory to the parent directory
cd ~foo change directory to the home directory of the user "foo"
cd - change directory to the previous directory
</etc/motd pager display contents of "/etc/motd" using the default pager
touch junkfile create a empty file "junkfile"
cp foo bar copy a existing file "foo" to a new file "bar"
rm junkfile remove a file "junkfile"
mv foo bar rename an existing file "foo" to a new name "bar" ("bar" must not exist)
mv foo bar move an existing file "foo" to a new location "bar/foo" (the directory "bar" must exist)
mv foo bar/baz move an existing file "foo" to a new location with a new name "bar/baz" (the directory "bar" must exist but the directory "bar/baz" must not exist)
chmod 600 foo make an existing file "foo" to be non-readable and non-writable by the other people (non-executable for all)
chmod 644 foo make an existing file "foo" to be readable but non-writable by the other people (non-executable for all)
chmod 755 foo make an existing file "foo" to be readable but non-writable by the other people (executable for all)
find . -name pattern find matching filenames using shell "pattern" (slower)
locate -d . pattern find matching filenames using shell "pattern" (quicker using regularly generated database)
grep -e "pattern" *.html find a "pattern" in all files ending with ".html" in current directory and display them all
top display process information using full screen, type "q" to quit
ps aux | pager display information on all the running processes using BSD style output
ps -ef | pager display information on all the running processes using Unix system-V style output
ps aux | grep -e "[e]xim4*" display all processes running "exim" and "exim4"
ps axf | pager display information on all the running processes with ASCII art output
kill 1234 kill a process identified by the process ID: "1234"
gzip foo compress "foo" to create "foo.gz" using the Lempel-Ziv coding (LZ77)
gunzip foo.gz decompress "foo.gz" to create "foo"
bzip2 foo compress "foo" to create "foo.bz2" using the Burrows-Wheeler block sorting text compression algorithm, and Huffman coding (better compression than gzip)
bunzip2 foo.bz2 decompress "foo.bz2" to create "foo"
xz foo compress "foo" to create "foo.xz" using the Lempel–Ziv–Markov chain algorithm (better compression than bzip2)
unxz foo.xz decompress "foo.xz" to create "foo"
tar -xvf foo.tar extract files from "foo.tar" archive
tar -xvzf foo.tar.gz extract files from gzipped "foo.tar.gz" archive
tar -xvjf foo.tar.bz2 extract files from "foo.tar.bz2" archive
tar -xvJf foo.tar.xz extract files from "foo.tar.xz" archive
tar -cvf foo.tar bar/ archive contents of folder "bar/" in "foo.tar" archive
tar -cvzf foo.tar.gz bar/ archive contents of folder "bar/" in compressed "foo.tar.gz" archive
tar -cvjf foo.tar.bz2 bar/ archive contents of folder "bar/" in "foo.tar.bz2" archive
tar -cvJf foo.tar.xz bar/ archive contents of folder "bar/" in "foo.tar.xz" archive
zcat README.gz | pager display contents of compressed "README.gz" using the default pager
zcat README.gz > foo create a file "foo" with the decompressed content of "README.gz"
zcat README.gz >> foo append the decompressed content of "README.gz" to the end of the file "foo" (if it does not exist, create it first)


Default values of environment variables are initially set by the PAM system and then some of them may be reset by some application programs.

  • The PAM system such as pam_env may set environment variables by /etc/pam.conf", "/etc/environment" and "/etc/default/locale".

  • The display manager such as gdm3 may reset environment variables for GUI session by "~/.profile".

  • The user specific program initialization may reset environment variables by "~/.profile", "~/.bash_profile" and "~/.bashrc".



parts of locale value


Shell glob patterns

shell glob pattern description of match rule
* filename (segment) not started with "."
.* filename (segment) started with "."
? exactly one character
[…] exactly one character with any character enclosed in brackets
[a-z] exactly one character with any character between "a" and "z"
[^…] exactly one character other than any character enclosed in brackets (excluding "^")

  BASH can be tweaked to change its glob behavior with its shopt builtin options such as "dotglob", "noglob", "nocaseglob", "nullglob", "extglob", etc. See bash(1)
$?  gives return value of command

Command exit codes

command exit status numeric return value logical return value
success zero, 0 TRUE
error non-zero, -1 FALSE

hell command idioms

command idiom description
command & background execution of command in the subshell
command1 | command2 pipe the standard output of command1 to the standard input of command2 (concurrent execution)
command1 2>&1 | command2 pipe both standard output and standard error of command1 to the standard input of command2 (concurrent execution)
command1 ; command2 execute command1 and command2 sequentially
command1 && command2 execute command1; if successful, execute command2 sequentially (return success if both command1 and command2 are successful)
command1 || command2 execute command1; if not successful, execute command2 sequentially (return success if command1 or command2 are successful)
command > foo redirect standard output of command to a file foo (overwrite)
command 2> foo redirect standard error of command to a file foo (overwrite)
command >> foo redirect standard output of command to a file foo (append)
command 2>> foo redirect standard error of command to a file foo (append)
command > foo 2>&1 redirect both standard output and standard error of command to a file foo
command < foo redirect standard input of command to a file foo
command << delimiter redirect standard input of command to the following lines until "delimiter" is met (here document)
command <<- delimiter redirect standard input of command to the following lines until "delimiter" is met (here document, the leading tab characters are stripped from input lines)

$ </etc/motd pager
$ pager </etc/motd
$ pager /etc/motd
$ cat /etc/motd | pager
echo Hello >foo
$ exec 3foo 4bar  # open files
$ cat <&3 >&4       # redirect stdin to 3, stdout to 4
$ exec 3<&- 4>&-    # close files
$ cat bar

Predefined file descriptors

device description file descriptor
stdin standard input 0
stdout standard output 1
stderr standard error 2

type ls
ls is hashed (/bin/ls)
type la
la is aliased to ls -la
text tools 

No regular expression is used:

cat(1) concatenates files and outputs the whole content.

tac(1) concatenates files and outputs in reverse.

cut(1) selects parts of lines and outputs.

head(1) outputs the first part of files.

tail(1) outputs the last part of files.

sort(1) sorts lines of text files.

uniq(1) removes duplicate lines from a sorted file.

tr(1) translates or deletes characters.

diff(1) compares files line by line.

Basic regular expression (BRE) is used as default:

ed(1) is a primitive line editor.

sed(1) is a stream editor.

grep(1) matches text with patterns.

vim(1) is a screen editor.

emacs(1) is a screen editor. (somewhat extended BRE)

Extended regular expression (ERE) is used:

awk(1) does simple text processing.

egrep(1) matches text with patterns.

tcl(3tcl) can do every conceivable text processing: See re_syntax(3). Often used with tk(3tk).

perl(1) can do every conceivable text processing. See perlre(1).



Metacharacters for BRE and ERE

BRE ERE description of the regular expression
\ . [ ] ^ $ * \ . [ ] ^ $ * common metacharacters
\+ \? \( \) \{ \} \|   BRE only "\" escaped metacharacters
  + ? ( ) { } | ERE only non-"\" escaped metacharacters
c c match non-metacharacter "c"
\c \c match a literal character "c" even if "c" is metacharacter by itself
. . match any character including newline
^ ^ position at the beginning of a string
$ $ position at the end of a string
\< \< position at the beginning of a word
\> \> position at the end of a word
[abc…] [abc…] match any characters in "abc…"
[^abc…] [^abc…] match any characters except in "abc…"
r* r* match zero or more regular expressions identified by "r"
r\+ r+ match one or more regular expressions identified by "r"
r\? r? match zero or one regular expressions identified by "r"
r1\|r2 r1|r2 match one of the regular expressions identified by "r1" or "r2"
\(r1\|r2\) (r1|r2) match one of the regular expressions identified by "r1" or "r2" and treat it as a bracketed regular expression

The sed(1) command can replace all instances of "FROM_REGEX" with "TO_TEXT" in "file".

$ sed -i -e 's/FROM_REGEX/TO_TEXT/g' file

 Extracting data from text file table

Ian     Murdock   August  1993
Bruce   Perens    April   1996
awk '{ print $3 }' <DPL 
 while read first last month year; do
    echo $month
  done <DPL

script snippets for piping commands

script snippet (type in one line) effect of command
find /usr -print find all files under "/usr"
seq 1 100 print 1 to 100
| xargs -n 1 command run command repeatedly with each item from pipe as its argument
| xargs -n 1 echo split white-space-separated items from pipe into lines
| xargs echo merge all lines from pipe into a line
| grep -e regex_pattern extract lines from pipe containing regex_pattern
| grep -v -e regex_pattern extract lines from pipe not containing regex_pattern
| cut -d: -f3 - extract third field from pipe separated by ":" (passwd file etc.)
| awk '{ print $3 }' extract third field from pipe separated by whitespaces
| awk -F'\t' '{ print $3 }' extract third field from pipe separated by tab
| col -bx remove backspace and expand tabs to spaces
| expand - expand tabs
| sort| uniq sort and remove duplicates
| tr 'A-Z' 'a-z' convert uppercase to lowercase
| tr -d '\n' concatenate lines into one line
| tr -d '\r' remove CR
| sed 's/^/# /' add "#" to the start of each line
| sed 's/\.ext//g' remove ".ext"
| sed -n -e 2p print the second line
| head -n 2 - print the first 2 lines
| tail -n 2 - print the last 2 lines

List of Debian package management tools

package popcon size description
dpkg V:908, I:999 6400 low level package management system for Debian (file based)
apt V:864, I:999 4302 APT front-end to manage packages with CLI: apt/apt-get/apt-cache
aptitude V:51, I:278 4268 APT front-end to interactively manage packages with full screen console: aptitude(8)
tasksel V:35, I:980 347 APT front-end to install selected tasks: tasksel(8)
unattended-upgrades V:217, I:336 301 enhancement package for APT to enable automatic installation of security upgrades
gnome-software V:141, I:252 2995 Software Center for GNOME (GUI APT front-end)
synaptic V:44, I:367 7627 graphical package manager (GTK APT front-end)
apt-utils V:356, I:998 1061 APT utility programs: apt-extracttemplates(1), apt-ftparchive(1), and apt-sortpkgs(1)
apt-listchanges V:333, I:866 396 package change history notification tool
apt-listbugs V:6, I:9 475 lists critical bugs before each APT installation
apt-file V:17, I:71 89 APT package searching utility — command-line interface
apt-rdepends V:0, I:5 39 recursively lists package dependencies
# dpkg --root /target -i /path/to/foo_old_version_arch.deb
 dpkg's "--ignore-depends", "--force-depends
APT::Acquire::http::Dl-Limit "800";'
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::Unattended-Upgrade "1";
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::Unattended-Upgrade "0";
key file is in the "/etc/apt/trusted.gpg.d/"  


notable Pin-Priority values for apt-pinning technique.

Pin-Priority apt-pinning effects to the package
1001 install the package even if this constitutes a downgrade of the package
990 used as the default for the target release archive
500 used as the default for the normal archive
100 used as the default for the NotAutomatic and ButAutomaticUpgrades archive
100 used for the installed package
1 used as the default for the NotAutomatic archive
-1 never install the package even if recommended

apt-get install -t testing some-packag

apt-cache policy package

block pkg
Package: package-1
Pin: version *
Pin-Priority: -1

Package: package-2
Pin: version *
Pin-Priority: -1
Package: package-1
Pin: release a=unstable
Pin-Priority: 700

Package: package-2
Pin: release a=unstable
Pin-Priority: 700
 Circumventing Debian package dependencies
 This package provides a tool to create trivial Debian packages.
 Typically these packages contain only dependency information, but they
 can also include normal installed files like other packages do.
 One use for this is to create a metapackage: a package whose sole
 purpose is to declare dependencies and conflicts on other packages so
 that these will be automatically installed, upgraded, or removed.
 Another use is to circumvent dependency checking: by letting dpkg
 think a particular package name and version is installed when it
 isn't, you can work around bugs in other packages' dependencies. 

boot utilities for the Debian system

package popcon size description
systemd V:853, I:960 10217 event-based init(8) daemon for concurrency (alternative to sysvinit)
systemd-sysv V:825, I:958 75 the manual pages and links needed for systemd to replace sysvinit
init-system-helpers V:682, I:969 140 helper tools for switching between sysvinit and systemd
initscripts V:40, I:161 178 scripts for initializing and shutting down the system
sysvinit-core V:5, I:6 369 System-V-like init(8) utilities
sysv-rc V:80, I:171 86 System-V-like runlevel change mechanism
sysvinit-utils V:898, I:999 101 System-V-like utilities (startpar(8), bootlogd(8), …)
lsb-base V:768, I:809 12 Linux Standard Base 3.2 init script functionality
insserv V:98, I:170 153 tool to organize boot sequence using LSB init.d script dependencies
kexec-tools V:1, I:6 286 kexec tool for kexec(8) reboots (warm reboot)
systemd-bootchart V:0, I:0 132 boot process performance analyser
mingetty V:0, I:2 38 console-only getty(8)
mgetty V:0, I:0 315 smart modem getty(8) replacement
ps --pid 1 -f
init-system-helpers [essential]

systemd units
  • "/lib/systemd/system": OS default configuration files

  • "/etc/systemd/system": system administrator configuration files which override the OS default configuration files

  • "/run/systemd/system": run-time generated configuration files which override the installed configuration files

Their inter-dependencies are specified by the directives "Wants=", "Requires=", "Before=", "After=", 

The suffix of the unit configuration file encodes their types as:

  • *.service describes the process controlled and supervised by systemd. See systemd.service(5).

  • *.device describes the device exposed in the sysfs(5) as udev(7) device tree. See systemd.device(5).

  • *.mount describes the file system mount point controlled and supervised by systemd. See systemd.mount(5).

  • *.automount describes the file system auto mount point controlled and supervised by systemd. See systemd.automount(5).

  • *.swap describes the swap device or file controlled and supervised by systemd. See systemd.swap(5).

  • *.path describes the path monitored by systemd for path-based activation. See systemd.path(5).

  • *.socket describes the socket controlled and supervised by systemd for socket-based activation. See systemd.socket(5).

  • *.timer describes the timer controlled and supervised by systemd for timer-based activation. See systemd.timer(5).

  • *.slice manages resources with the cgroups(7). See systemd.slice(5).

  • *.scope is created programmatically using the bus interfaces of systemd to manages a set of system processes. See systemd.scope(5).

  • *.target groups other unit configuration files to create the synchronization point during start-up. See

Upon system start up (i.e., init), the systemd process tries to start the "/lib/systemd/system/ (normally symlinked to ""). First, some special target units (see systemd.special(7)) such as "", "" and "" are pulled in to mount the filesystems. Then, other target units are also pulled in by the target unit dependencies. For details, read bootup(7).
systemd offers backward compatibility features. SysV-style boot scripts in "/etc/init.d/rc[0123456S].d/[KS]name" are still parsed and telinit(8) is translated into systemd unit activation requests.

Emulated runlevel 2 to 4 are all symlinked to the same "".


The kernel maintains the system hostname. The system unit started by systemd-hostnamed.service sets the system hostname at boot time to the name stored in "/etc/hostname". This file should contain only the system hostname, not a fully qualified domain name.


After mounting all the filesystems, temporary files in "/tmp", "/var/lock", and "/var/run" are cleaned for each boot up.


Network interfaces are typically initialized in "networking.service" for the lo interface and "NetworkManager.service" for other interfaces on modern Debian desktop system under systemd.


dmesg -n3

Under systemd, both kernel and system messages are logged by the journal service systemd-journald.service (a.k.a journald) either into a persistent binary data below "/var/log/journal" or into a volatile binary data below "/run/log/journal/". These binary log data are accessed by the journalctl(1) command


journalctl -b #boot log

journalctl command snippets

Operation Command snippets
View log for system services and kernel from the last boot "journalctl -b --system"
View log for services of the current user from the last boot "journalctl -b --user"
View job log of "$unit" from the last boot "journalctl -b -u $unit"
View job log of "$unit" ("tail -f" style) from the last boot "journalctl -b -u $unit -f"


typical systemctl command snippets

Operation Command snippets
List all target unit configuration "systemctl list-units --type=target"
List all service unit configuration "systemctl list-units --type=service"
List all unit configuration types "systemctl list-units --type=help"
List all socket units in memory "systemctl list-sockets"
List all timer units in memory "systemctl list-timers"
Start "$unit" "systemctl start $unit"
Stop "$unit" "systemctl stop $unit"
Reload service-specific configuration "systemctl reload $unit"
Stop and start all "$unit" "systemctl restart $unit"
Start "$unit" and stop all others "systemctl isolate $unit"
Switch to "graphical" (GUI system) "systemctl isolate graphical"
Switch to "multi-user" (CLI system) "systemctl isolate multi-user"
Switch to "rescue" (single user CLI system) "systemctl isolate rescue"
Send kill signal to "$unit" "systemctl kill $unit"
Check if "$unit" service is active "systemctl is-active $unit"
Check if "$unit" service is failed "systemctl is-failed $unit"
Check status of "$unit|$PID|device" "systemctl status $unit|$PID|$device"
Show properties of "$unit|$job" "systemctl show $unit|$job"
Reset failed "$unit" "systemctl reset-failed $unit"
List dependency of all unit services "systemctl list-dependencies --all"
List unit files installed on the system "systemctl list-unit-files"
Enable "$unit" (add symlink) "systemctl enable $unit"
Disable "$unit" (remove symlink) "systemctl disable $unit"
Unmask "$unit" (remove symlink to "/dev/null") "systemctl unmask $unit"
Mask "$unit" (add symlink to "/dev/null") "systemctl mask $unit"
Get default-target setting "systemctl get-default"
Set default-target to "graphical" (GUI system) "systemctl set-default graphical"
Set default-target to "multi-user" (CLI system) "systemctl set-default multi-user"
Show job environment "systemctl show-environment"
Set job environment "variable" to "value" "systemctl set-environment variable=value"
Unset job environment "variable" "systemctl unset-environment variable"
Reload all unit files and daemons "systemctl daemon-reload"
Shut down the system "systemctl poweroff"
Shut down and reboot the system "systemctl reboot"
Suspend the system "systemctl suspend"
Hibernate the system "systemctl hibernate"



$unit" in the above examples may be a single unit name (suffix such as .service and .target are optional) or, in many cases, multiple unit specifications (shell-style globs "*", "?", "[]" using fnmatch(3) which will be matched against the primary names of all units currently in memory).

System state changing commands in the above examples are typically preceded by the "sudo" to attain the required administrative privilege.

The output of the "systemctl status $unit|$PID|$device" uses color of the dot ("●") to summarize the unit state at a glance.

  • White "●" indicates an "inactive" or "deactivating" state.

  • Red "●" indicates a "failed" or "error" state.

  • Green "●" indicates an "active", "reloading" or "activating" state.


disable service

 $ sudo systemctl stop sshd.service
 $ sudo systemctl mask sshd.service


sshd.socket for specifying a socket to listen on

Description=SSH Socket for Per-Connection Servers




[email protected] as the matching service file of sshd.socket

Description=SSH Per-Connection Server

ExecStart=-/usr/sbin/sshd -i


sudo systemctl daemon-reload



 The udev system provides mechanism for the automatic hardware discovery and initialization

udev system starts a user process which uses information from the sysfs filesystem (see Section 1.2.12, “procfs and sysfs”), loads required kernel modules supporting it using the modprobe 

If "/lib/modules/kernel-version/modules.dep" was not generated properly by depmod(8) for some reason, modules may not be loaded as expected by the udev system. Execute "depmod -a" to fix it.

For mounting rules in "/etc/fstab", device nodes do not need to be static ones. You can use UUID to mount devices instead of device names such as "/dev/sda".

/etc/modules #modules to load

etc/modprobes.d/blacklist  #config module

The "/lib/modules/version/modules.dep" file generated by the depmod(8) program describes module dependencies used by the modprobe(8) program.

The modinfo(8) program shows information about a Linux kernel module.

The lsmod(8) program nicely formats the contents of the "/proc/modules", showing what kernel modules are currently loaded.


Authentication using pam
Normal Unix authentication is provided by the pam_unix(8) module under the PAM (Pluggable Authentication Modules). Its 3 important configuration files, with ":" separated entries, are the following.


configuration files for pam_unix(8)

file permission user group description
/etc/passwd -rw-r--r-- root root (sanitized) user account information
/etc/shadow -rw-r----- root shadow secure user account information
/etc/group -rw-r--r-- root root group information


/etc/passwd" contains the following.

user1:x:1000:1000:User1 Name,,,:/home/user1:/bin/bash
user2:x:1001:1001:User2 Name,,,:/home/user2:/bin/bash


As explained in passwd(5), each ":" separated entry of this file means the following.

  • Login name

  • Password specification entry

  • Numerical user ID

  • Numerical group ID

  • User name or comment field

  • User home directory

  • Optional user command interpreter


The second entry of "/etc/passwd" was used for the encrypted password entry. After the introduction of "/etc/shadow", this entry is used for the password specification entry.


second entry content of "/etc/passwd"

content meaning
(empty) passwordless account
x the encrypted password is in "/etc/shadow"



/etc/shadow" contains the following.


As explained in shadow(5), each ":" separated entry of this file means the following.

  • Login name

  • Encrypted password (The initial "$1$" indicates use of the MD5 encryption. The "*" indicates no login.)

  • Date of the last password change, expressed as the number of days since Jan 1, 1970

  • Number of days the user will have to wait before she will be allowed to change her password again

  • Number of days after which the user will have to change her password

  • Number of days before a password is going to expire during which the user should be warned

  • Number of days after a password has expired during which the password should still be accepted

  • Date of expiration of the account, expressed as the number of days since Jan 1, 1970


"/etc/group" contains the following.


As explained in group(5), each ":" separated entry of this file means the following.

  • Group name

  • Encrypted password (not really used)

  • Numerical group ID


"/etc/gshadow" provides the similar function as "/etc/shadow" for "/etc/group" but is not really used.


The actual group membership of a user may be dynamically added if "auth optional"

 line is added to "/etc/pam.d/common-auth" and set it in "/etc/security/group.conf". 

 See pam_group(8).

The base-passwd package contains an authoritative list of the user and the group: "/usr/share/doc/base-passwd/users-and-groups.html".

commands to manage account information

command function
getent passwd user_name browse account information of "user_name"
getent shadow user_name browse shadowed account information of "user_name"
getent group group_name browse group information of "group_name"
passwd manage password for the account
passwd -e set one-time password for the account activation
chage manage password aging information

List of tools to generate password

package popcon size command function
whois V:26, I:271 386 mkpasswd over-featured front end to the crypt(3) library
openssl V:832, I:995 2290 openssl passwd compute password hashes (OpenSSL). passwd(1ssl)

Modern Unix-like systems such as the Debian system provide PAM (Pluggable Authentication Modules) and NSS (Name Service Switch) mechanism to the local system administrator to configure his system. The role of these can be summarizes as the following.

  • PAM offers a flexible authentication mechanism used by the application software thus involves password data exchange.

  • NSS offers a flexible name service mechanism which is frequently used by the C standard library to obtain the user and group name for programs such as ls(1) and id(1).


List of notable PAM and NSS systems

package popcon size description
libpam-modules V:878, I:999 1006 Pluggable Authentication Modules (basic service)
libpam-ldap V:1, I:7 249 Pluggable Authentication Module allowing LDAP interfaces
libpam-cracklib V:1, I:9 117 Pluggable Authentication Module to enable cracklib support
libpam-systemd V:517, I:925 570 Pluggable Authentication Module to register user sessions for logind
libpam-doc I:0 963 Pluggable Authentication Modules (documentation in html and text)
libc6 V:918, I:999 12988 GNU C Library: Shared libraries which also provides "Name Service Switch" service
glibc-doc I:8 3501 GNU C Library: Manpages
glibc-doc-reference I:4 13188 GNU C Library: Reference manual in info, pdf and html format (non-free)
libnss-mdns I:506 141 NSS module for Multicast DNS name resolution
libnss-ldap V:0, I:6 265 NSS module for using LDAP as a naming service
libnss-ldapd V:1, I:13 129 NSS module for using LDAP as a naming service (new fork of libnss-ldap)

Under systemd, libpam-systemd package is installed to manage user logins by registering user sessions in the systemd control group hierarchy for logind. See systemd-logind(8), logind.conf(5), and pam_systemd(8).


List of configuration files accessed by PAM and NSS

configuration file function
/etc/pam.d/program_name set up PAM configuration for the "program_name" program; see pam(7) and pam.d(5)
/etc/nsswitch.conf set up NSS configuration with the entry for each service. See nsswitch.conf(5)
/etc/nologin limit the user login by the pam_nologin(8) module
/etc/securetty limit the tty for the root access by the pam_securetty(8) module
/etc/security/access.conf set access limit by the pam_access(8) module
/etc/security/group.conf set group based restraint by the pam_group(8) module
/etc/security/pam_env.conf set environment variables by the pam_env(8) module
/etc/environment set additional environment variables by the pam_env(8) module with the "readenv=1" argument
/etc/default/locale set locale by pam_env(8) module with the "readenv=1 envfile=/etc/default/locale" argument (Debian)
/etc/security/limits.conf set resource restraint (ulimit, core, …) by the pam_linits(8) module
/etc/security/time.conf set time restraint by the pam_time(8) module
/etc/systemd/logind.conf set systemd login manager configuration (see logind.conf(5) and systemd-logind.service(8))

debian uses PAM, so that one can restrict the ability to use su to the root group by enabling the 
line with  "" in "/etc/pam.d/su". 

Installing the libpam-cracklib package enables you to force stricter password rule.


GNOME automatically installs libpam-gnome-keyring, "/etc/pam.d/common-password"


List of insecure and secure services and ports

insecure service name port secure service name port
www (http) 80 https 443
smtp (mail) 25 ssmtp (smtps) 465
ftp-data 20 ftps-data 989
ftp 21 ftps 990
telnet 23 telnets 992
imap2 143 imaps 993
pop3 110 pop3s 995
ldap 389 ldaps 636
The encryption costs CPU time. 
 As a CPU friendly alternative, you can keep communication in plain text
 while securing just the password with the secure authentication 
protocol such as "Authenticated Post Office Protocol" (APOP) for POP and
 "Challenge-Response Authentication Mechanism MD5" (CRAM-MD5) for SMTP 
and IMAP. 

The Secure Shell (SSH) program provides secure encrypted communications between two untrusted hosts over an insecure network with the secure authentication. It consists of the OpenSSH client, ssh(1), and the OpenSSH daemon, sshd(8). This SSH can be used to tunnel an insecure protocol communication such as POP and X securely over the Internet with the port forwarding feature.

The client tries to authenticate itself using host-based authentication,
 public key authentication, challenge-response authentication, or 
password authentication.  The use of public key authentication enables 
the remote password-less login 

tools to provide extra security measures

package popcon size description
knockd V:0, I:2 110 small port-knock daemon knockd(1) and client knock(1)
fail2ban V:103, I:116 2129 ban IPs that cause multiple authentication errors
libpam-shield V:0, I:0 115 lock out remote attackers trying password guessing

The Linux Security Module (LSM) framework provides a mechanism for various security checks to be hooked by new kernel extensions. For example:


Linux namespaces wrap a global system resource in an abstraction that makes it appear to the processes within the namespace that they have their own isolated instance of the global resource. Changes to the global resource are visible to other processes that are members of the namespace, but are invisible to other processes. Since kernel version 5.6, there are 8 kinds of namespaces (see namespaces(7), unshare(1), nsenter(1)).


network configuration tools

packages popcon size type description
network-manager V:377, I:449 15376 config::NM NetworkManager (daemon): manage the network automatically
network-manager-gnome V:120, I:365 5574 config::NM NetworkManager (GNOME frontend)
ifupdown V:590, I:982 199 config::ifupdown standardized tool to bring up and down the network (Debian specific)
isc-dhcp-client V:214, I:982 2857 config::low-level DHCP client
pppoeconf V:0, I:6 186 config::helper configuration helper for PPPoE connection
wpasupplicant V:333, I:505 3846 , , client support for WPA and WPA2 (IEEE 802.11i)
wpagui V:0, I:2 770 , , Qt GUI client for wpa_supplicant
wireless-tools V:171, I:238 292 , , tools for manipulating Linux Wireless Extensions
iw V:33, I:470 302 , , tool for configuring Linux wireless devices
iproute2 V:713, I:967 3599 config::iproute2 iproute2, IPv6 and other advanced network configuration: ip(8), tc(8), etc
iptables V:310, I:769 2408 config::Netfilter administration tools for packet filtering and NAT (Netfilter)
iputils-ping V:198, I:997 120 test test network reachability of a remote host by hostname or IP address (iproute2)
iputils-arping V:3, I:44 49 test test network reachability of a remote host specified by the ARP address
iputils-tracepath V:2, I:33 45 test trace the network path to a remote host
ethtool V:93, I:267 699 test display or change Ethernet device settings
mtr-tiny V:5, I:48 161 test::low-level trace the network path to a remote host (curses)
mtr V:4, I:42 214 , , trace the network path to a remote host (curses and GTK)
gnome-nettool V:0, I:20 2492 , , tools for common network information operations (GNOME)
nmap V:24, I:205 4450 , , network mapper / port scanner (Nmap, console)
tcpdump V:16, I:180 1340 , , network traffic analyzer (Tcpdump, console)
wireshark I:44 36 , , network traffic analyzer (Wireshark, GTK)
tshark V:2, I:26 402 , , network traffic analyzer (console)
tcptrace V:0, I:2 401 , , produce a summarization of the connections from tcpdump output
snort V:0, I:0 2203 , , flexible network intrusion detection system (Snort)
ntopng V:0, I:1 15904 , , display network usage in web browser
dnsutils V:20, I:312 263 , , network clients provided with BIND: nslookup(8), nsupdate(8), dig(8)
dlint V:0, I:4 53 , , check DNS zone information using nameserver lookups
dnstracer V:0, I:1 61 , , trace a chain of DNS servers to the source

The hostname resolution is currently supported by the NSS (Name Service Switch) mechanism too. The flow of this resolution is the following.

  1. The "/etc/nsswitch.conf" file with stanza like "hosts: files dns" dictates the hostname resolution order. (This replaces the old functionality of the "order" stanza in "/etc/host.conf".)

  2. The files method is invoked first. If the hostname is found in the "/etc/hosts" file, it returns all valid addresses for it and exits. (The "/etc/host.conf" file contains "multi on".)

  3. The dns method is invoked. If the hostname is found by the query to the Internet Domain Name System (DNS) identified by the "/etc/resolv.conf" file, it returns all valid addresses for it and exits.


The resolvconf package makes this "/etc/resolv.conf" into a symbolic link and manages its contents by the hook scripts automatically.

For the PC workstation on the typical adhoc LAN environment, the hostname can be resolved via Multicast DNS (mDNS, Zeroconf) in addition to the basic files and dns methods.

  • Avahi provides a framework for Multicast DNS Service Discovery on Debian.

  • It is equivalent of Apple Bonjour / Apple Rendezvous.

  • The libnss-mdns plugin package provides host name resolution via mDNS for the GNU Name Service Switch (NSS) functionality of the GNU C Library (glibc).

  • The "/etc/nsswitch.conf" file should have stanza like "hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4".

  • Host names ending with the ".local" pseudo-top-level domain (TLD) are resolved.

  • The mDNS IPv4 link-local multicast address "" or its IPv6 equivalent "FF02::FB" are used to make DNS query for a name ending with ".local".


The systemd uses "Predictable Network Interface Names" such as "enp0s25".

  1. Names incorporating Firmware/BIOS provided index numbers for on-board devices (example: eno1)
  2. Names incorporating Firmware/BIOS provided PCI Express hotplug slot index numbers (example: ens1)
  3. Names incorporating physical/geographical location of the connector of the hardware (example: enp2s0)
  4. Names incorporating the interfaces's MAC address (example: enx78e7d1ea46da)
  5. Classic, unpredictable kernel-native ethX naming (example: eth0)

to  disable it ln -s /dev/null /etc/systemd/network/


 List of network address ranges

Class network addresses net mask net mask /bits number of subnets
A 10.x.x.x /8 1
B 172.16.x.x — 172.31.x.x /16 16
C 192.168.0.x — 192.168.255.x /24 256



translation table from obsolete net-tools commands to new iproute2 commands

obsolete net-tools new iproute2 etc. manipulation
ifconfig(8) ip addr protocol (IP or IPv6) address on a device
route(8) ip route routing table entry
arp(8) ip neigh ARP or NDISC cache entry
ipmaddr ip maddr multicast address
iptunnel ip tunnel tunnel over IP
nameif(8) ifrename(8) name network interfaces based on MAC addresses
mii-tool(8) ethtool(8) Ethernet device settings

 List of low level network commands

command description
ip addr show display the link and address status of active interfaces
route -n display all the routing table in numerical addresses
ip route show display all the routing table in numerical addresses
arp display the current content of the ARP cache tables
ip neigh display the current content of the ARP cache tables
plog display ppp daemon log
ping check the Internet connection to ""
whois check who registered "" in the domains database
traceroute trace the Internet connection to ""
tracepath trace the Internet connection to ""
mtr trace the Internet connection to "" (repeatedly)
dig [] [{a|mx|any}] check DNS records of "" by "" for a "a", "mx", or "any" record
iptables -L -n check packet filter
netstat -a find all open ports
netstat -l --inet find listening ports
netstat -ln --tcp find listening TCP ports (numeric)
dlint check DNS zone information of ""
finding mtu
 ping -4 -c 1 -s $((1500-28)) -M do  
ping -4 -c 1 -s $((1460-28)) -M do
  ping -6 -c 1 -s $((1500-48)) -M do
MTU= Maximum Transmission Unit (MTU) 

optimal MTU value

network environment MTU rationale
Dial-up link (IP: PPP) 576 standard
Ethernet link (IP: DHCP or fixed) 1500 standard and default
MSS=maximum segment size 
  • MSS = MTU - 40 for IPv4

  • MSS = MTU - 60 for IPv6 




List of firewall tools

packages popcon size description
iptables V:310, I:769 2408 administration tools for netfilter (iptables(8) for IPv4, ip6tables(8) for IPv6)
arptables V:0, I:1 100 administration tools for netfilter (arptables(8) for ARP)
ebtables V:14, I:29 264 administration tools for netfilter (ebtables(8) for Ethernet bridging)
iptstate V:0, I:2 119 continuously monitor netfilter state (similar to top(1))
shorewall-init V:0, I:0 85 Shoreline Firewall initialization
shorewall V:3, I:9 3090 Shoreline Firewall, netfilter configuration file generator
shorewall-lite V:0, I:0 71 Shoreline Firewall, netfilter configuration file generator (light version)
shorewall6 V:0, I:1 1334 Shoreline Firewall, netfilter configuration file generator (IPv6 version)
shorewall6-lite V:0, I:0 71 Shoreline Firewall, netfilter configuration file generator (IPv6, light version)



Modern mail service are under some limitations in order to minimize exposure to the spam (unwanted and unsolicited email) problems.

  • It is not realistic to run SMTP server on the consumer grade network to send mail directly to the remote host reliably.

  • A mail may be rejected by any host en route to the destination quietly unless it appears as authentic as possible.

  • It is not realistic to expect a single smarthost to send mails of unrelated source mail addresses to the remote host reliably.

This is because:

  • The SMTP port (25) connections from hosts serviced by the consumer grade network to the Internet are blocked.

  • The SMTP port (25) connections to hosts serviced by the consumer grade network from the Internet are blocked.

  • The outgoing messages from hosts serviced by the consumer grade network to the Internet can only be sent via the message submission port (587).




    basic mail transport agent related packages

    package popcon size description
    exim4-daemon-light V:233, I:244 1504 Exim4 mail transport agent (MTA: Debian default)
    exim4-daemon-heavy V:6, I:7 1662 Exim4 mail transport agent (MTA: flexible alternative)
    exim4-base V:240, I:252 1672 Exim4 documentation (text) and common files
    exim4-doc-html I:1 3748 Exim4 documentation (html)
    exim4-doc-info I:0 639 Exim4 documentation (info)
    postfix V:129, I:138 4024 Postfix mail transport agent (MTA: secure alternative)
    postfix-doc I:7 4634 Postfix documentation (html+text)
    sasl2-bin V:5, I:15 401 Cyrus SASL API implementation (supplement postfix for SMTP AUTH)
    cyrus-sasl2-doc I:1 2175 Cyrus SASL - documentation
    msmtp V:6, I:11 616 Light weight MTA
    msmtp-mta V:5, I:6 124 Light weight MTA (sendmail compatibility extension to msmtp)
    esmtp V:0, I:0 129 Light weight MTA
    esmtp-run V:0, I:0 32 Light weight MTA (sendmail compatibility extension to esmtp)
    nullmailer V:8, I:9 476 Strip down MTA, no local mail
    ssmtp V:5, I:8 2 Strip down MTA, no local mail
    sendmail-bin V:14, I:14 1877 Full featured MTA (only if you are already familiar)
    courier-mta V:0, I:0 2390 Full featured MTA (web interface etc.)



    List of remote access server and utilities

    package popcon size tool description
    openssh-client V:854, I:997 5814 ssh(1) Secure shell client
    openssh-server V:723, I:818 1948 sshd(8) Secure shell server
    ssh-askpass I:23 102 ssh-askpass(1) asks user for a pass phrase for ssh-add (plain X)
    ssh-askpass-gnome V:0, I:4 209 ssh-askpass-gnome(1) asks user for a pass phrase for ssh-add (GNOME)
    ssh-askpass-fullscreen V:0, I:0 48 ssh-askpass-fullscreen(1) asks user for a pass phrase for ssh-add (GNOME) with extra eye candy
    shellinabox V:0, I:1 507 shellinaboxd(1) web server for browser accessible VT100 terminal emulator


    List of SSH configuration files

    configuration file description of configuration file
    /etc/ssh/ssh_config SSH client defaults, see ssh_config(5)
    /etc/ssh/sshd_config SSH server defaults, see sshd_config(5)
    ~/.ssh/authorized_keys default public SSH keys that clients use to connect to this account on this SSH server
    ~/.ssh/id_rsa secret SSH-2 RSA key of the user
    ~/.ssh/id_key-type-name secret SSH-2 key-type-name key such as ecdsa, ed25519, ... of the user



    List of print servers and utilities

    package popcon size port description
    lpr V:2, I:3 367 printer (515) BSD lpr/lpd (Line printer daemon)
    lprng V:0, I:1 3060 , , , , (Enhanced)
    cups V:102, I:431 1061 IPP (631) Internet Printing CUPS server
    cups-client V:119, I:454 425 , , System V printer commands for CUPS: lp(1), lpstat(1), lpoptions(1), cancel(1), lpmove(8), lpinfo(8), lpadmin(8), …
    cups-bsd V:30, I:230 131 , , BSD printer commands for CUPS: lpr(1), lpq(1), lprm(1), lpc(8)
    printer-driver-gutenprint V:25, I:138 1219 Not applicable printer drivers for CUPS

    other network application servers

    package popcon size protocol description
    telnetd V:0, I:2 53 TELNET TELNET server
    telnetd-ssl V:0, I:0 159 , , , , (SSL support)
    nfs-kernel-server V:48, I:66 677 NFS Unix file sharing
    samba V:107, I:135 4038 SMB Windows file and printer sharing
    netatalk V:1, I:2 2010 ATP Apple/Mac file and printer sharing (AppleTalk)
    proftpd-basic V:10, I:18 452 FTP General file download
    apache2 V:220, I:273 563 HTTP General web server
    squid V:10, I:11 9053 , , General web proxy server
    bind9 V:46, I:51 1131 DNS IP address for other hosts
    isc-dhcp-server V:19, I:39 6061 DHCP IP address of client itself


    List of desktop environment

    task package popcon size description
    task-gnome-desktop I:191 9 GNOME desktop environment
    task-xfce-desktop I:97 9 Xfce desktop environment
    task-kde-desktop I:78 6 KDE Plasma desktop environment
    task-mate-desktop I:44 9 MATE desktop environment
    task-cinnamon-desktop I:41 9 Cinnamon desktop environment
    task-lxde-desktop I:30 9 LXDE desktop environment
    task-lxqt-desktop I:19 9 LXQt desktop environment
    task-gnome-flashback-desktop I:13 6 GNOME Flashback desktop environment


    List of notable GUI infrastructure packages on gnome

    package popcon package size description
    mutter V:1, I:74 185 GNOME's mutter window manager [auto]
    xwayland V:215, I:295 2363 An X server running on top of wayland [auto]
    gnome-remote-desktop V:43, I:196 1063 Remote desktop daemon for GNOME using PipeWire [auto]
    gnome-tweaks V:19, I:219 1200 Advanced configuration settings for GNOME
    gnome-shell-extension-prefs V:13, I:195 59 Tool to enable / disable GNOME Shell extensions


    • Internationalization (I18N): To make a software potentially handle multiple locales.

    • Localization (L10N): To make a software handle an specific locale.

     There are 17, 18, or 10 letters between "m" and "n", "i" and "n", or "l" and "n" in multilingualization, internationalization, and localization which correspond to M17N, I18N, and L10N


    Actual support of locale dependent features by the libc library requires to install locales or locales-all packages. The locales package requires to be initialized properly.


    If neither locales or locales-all package are installed, support of locale features are lost and system uses US English messages and handles data as ASCII. This behavior is the same way as "$LANG" is set by "LANG=", "LANG=C", or "LANG=POSIX".


    The simplest representation of the text data is ASCII which is sufficient for English and uses less than 127 characters (representable with 7 bits).


    Even plain English text may contain non-ASCII characters, e.g. slightly curly left and right quotation marks are not available in ASCII.

    Unicode character set can represent practically all characters known to human with 21 bit code point range (i.e., 0 to 10FFFF in hexadecimal notation).

    Text encoding system UTF-8 fits Unicode code points into a sensible 8 bit data stream mostly compatible with the ASCII data processing system. This makes UTF-8 the modern preferred choice. UTF stands for Unicode Transformation Format. When ASCII plain text data is converted to UTF-8 one, it has exactly the same content and size as the original ASCII one. So you loose nothing by deploying UTF-8 locale.



    dpkg-reconfigure locales

    1. Select all required locale data to be compiled into the binary form. (Please make sure to include at least one UTF-8 locale)

    2. Set the system wide default locale value by creating "/etc/default/locale" for use by PAM (see Section 4.5, “PAM and NSS”).

    Actual traditional encoding system can be identified by "/usr/share/i18n/SUPPORTED".  Thus,
     the "LANG=en_US" is "LANG=en_US.ISO-8859-1".  

    The locales-all package comes with pre-compiled locale data for all locale data. Since it doesn't create "/etc/default/locale", you may still need to install the locales package, too.


    mount(8) for vfat filesystem assumes CP437 if used without option. You need to provide explicit mount option to use UTF-8 or CP932 for filenames 


    LANG=it_IT.UTF-8 man programname


    IBus and its engine packages

    package popcon size supported locale
    ibus V:179, I:229 1710 input method framework using dbus
    ibus-mozc V:1, I:3 935 Japanese
    ibus-anthy V:0, I:1 8856 , ,
    ibus-skk V:0, I:0 242 , ,
    ibus-kkc V:0, I:0 210 , ,
    ibus-libpinyin V:1, I:3 2719 Chinese (for zh_CN)
    ibus-chewing V:0, I:0 422 , , (for zh_TW)
    ibus-libzhuyin V:0, I:0 40987 , , (for zh_TW)
    ibus-rime V:0, I:0 77 , , (for zh_CN/zh_TW)
    ibus-cangjie V:0, I:0 119 , , (for zh_HK)
    ibus-hangul V:0, I:2 264 Korean
    ibus-libthai I:0 90 Thai
    ibus-table-thai I:0 58 Thai
    ibus-unikey V:0, I:0 318 Vietnamese
    ibus-keyman V:0, I:0 137 Multilingual: Keyman engine for over 2000 languages
    ibus-table V:0, I:1 2137 table engine for IBus
    ibus-m17n V:0, I:1 377 Multilingual: Indic, Arabic and others
    plasma-widgets-addons V:44, I:95 1984 additional widgets for Plasma 5 containing Keyboard Indicator


     For Chinese, "fcitx5" may be an alternative input method framework


     East Asian Ambiguous Character Width Characters

    export NCURSES_NO_UTF8_ACS=0.  





    debianutils  needed for bash/dash



    f programs to support console activities

    package popcon size description
    mc V:48, I:213 1490 See Section 1.3, “Midnight Commander (MC)”
    bsdutils V:560, I:999 356 script(1) command to make a record of terminal session
    screen V:77, I:240 997 terminal multiplexer with VT100/ANSI terminal emulation
    tmux V:39, I:143 1110 terminal multiplexer alternative (Use "Control-B" instead)
    fzf V:4, I:14 3409 fuzzy text finder
    fzy V:0, I:0 54 fuzzy text finder
    rlwrap V:1, I:14 330 readline feature command line wrapper
    ledit V:0, I:10 315 readline feature command line wrapper
    rlfe V:0, I:0 42 readline feature command line wrapper
    ripgrep V:4, I:16 4517 fast recursive string search in the source code tree with automatic filtering


    . List of key bindings for screen

    key binding meaning
    ^A ? show a help screen (display key bindings)
    ^A c create a new window and switch to it
    ^A n go to next window
    ^A p go to previous window
    ^A 0 go to window number 0
    ^A 1 go to window number 1
    ^A w show a list of windows
    ^A a send a Ctrl-A to current window as keyboard input
    ^A h write a hardcopy of current window to file
    ^A H begin/end logging current window to file
    ^A ^X lock the terminal (password protected)
    ^A d detach screen session from the terminal
    ^A DD detach screen session and log out


    fzf completions

    if [ -f $FZF_KEYBINDINGS_PATH ]; then
    if [ -f $FZF_COMPLETION_PATH ]; then


    rlwrap dash -i
    rg = ripgrep

    Display examples of time and date for the "ls -l" command with the time style value

    time style value locale display of time and date
    iso any 01-19 00:15
    long-iso any 2009-01-19 00:15
    full-iso any 2009-01-19 00:15:16.000000000 +0900
    locale C Jan 19 00:15
    locale en_US.UTF-8 Jan 19 00:15
    locale es_ES.UTF-8 ene 19 00:15
    +%d.%m.%y %H:%M any 19.01.09 00:15
    +%d.%b.%y %H:%M C or en_US.UTF-8 19.Jan.09 00:15
    +%d.%b.%y %H:%M es_ES.UTF-8 19.ene.09 00:15


    $ RED=$(printf "\x1b[31m")
    $ NORMAL=$(printf "\x1b[0m")
    $ REVERSE=$(printf "\x1b[7m")


    clolr cmd

    if [ "$TERM" != "dumb" ]; then
        eval "`dircolors -b`"
        alias ls='ls --color=always'
        alias ll='ls --color=always -l'
        alias la='ls --color=always -A'
        alias less='less -R'
        alias ls='ls --color=always'
        alias grep='grep --color=always'
        alias egrep='egrep --color=always'
        alias fgrep='fgrep --color=always'
        alias zgrep='zgrep --color=always'
        alias ll='ls -l'
        alias la='ls -A'

    . List of packages which can record configuration history

    package popcon size description
    etckeeper V:25, I:29 164 store configuration files and their metadata with Git (default), Mercurial, or Bazaar (new)
    timeshift V:5, I:9 3421 system restore utility using rsync or BTRFS snapshots
    snapper V:4, I:5 2351 Linux filesystem snapshot management tool

    List of tools for monitoring and controlling program activities

    package popcon size description
    coreutils V:876, I:999 18062 nice(1): run a program with modified scheduling priority
    bsdutils V:560, I:999 356 renice(1): modify the scheduling priority of a running process
    procps V:750, I:999 2163 "/proc" filesystem utilities: ps(1), top(1), kill(1), watch(1), …
    psmisc V:404, I:785 909 "/proc" filesystem utilities: killall(1), fuser(1), peekfd(1), pstree(1)
    time V:8, I:149 129 time(1): run a program to report system resource usages with respect to time
    sysstat V:153, I:175 1785 sar(1), iostat(1), mpstat(1), …: system performance tools for Linux
    isag V:0, I:3 106 Interactive System Activity Grapher for sysstat
    lsof V:401, I:943 482 lsof(8): list files opened by a running process using "-p" option
    strace V:12, I:124 2875 strace(1): trace system calls and signals
    ltrace V:0, I:15 330 ltrace(1): trace library calls
    xtrace V:0, I:0 353 xtrace(1): trace communication between X11 client and server
    powertop V:17, I:211 669 powertop(1): information about system power use
    cron V:856, I:996 227 run processes according to a schedule in background from cron(8) daemon
    anacron V:383, I:472 92 cron-like command scheduler for systems that don't run 24 hours a day
    at V:109, I:171 158 at(1) or batch(1): run a job at a specified time or below certain load level


    Display time used by the process invoked by the command.


    time some_command >/dev/null
    real    0m0.035s       # time on wall clock (elapsed real time)
    user    0m0.000s       # time in user mode
    sys     0m0.020s       # time in kernel mode

     List of nice values for the scheduling priority

    nice value scheduling priority
    19 lowest priority process (nice)
    0 very high priority process for user
    -20 very high priority process for root (not-nice)



    nice  -19 top                                      # very nice
    nice --20 wodim -v -eject speed=2 dev=0,0 disk.img # very fast

    Sometimes an extreme nice value does more harm than good to the system


    List of ps command styles

    style typical command feature
    BSD ps aux display %CPU %MEM
    System V ps -efH display PPID


    sudo lsof -p 1

    You can trace system calls of the ls command as the following.

     sudo strace ls

     Use strace-graph script found in /usr/share/doc/strace/examples/ to make a nice tree view 


    You can also identify processes using files by fuser

    sudo fuser -v /var/log/mail.log

    You can also identify processes using sockets by fuser

     sudo fuser -v smtp/tcp

    watch w

    This displays who is logged on to the system updated every 2 seconds.


    for x in *.ext; do if [ -f "$x"]; then command "$x" ; fi; done
    • find(1) and xargs(1) combination:

    find . -type f -maxdepth 1 -name '*.ext' -print0 | xargs -0 -n 1 command
    • find(1) with "-exec" option with a command:

    find . -type f -maxdepth 1 -name '*.ext' -exec command '{}' \;
    • find(1) with "-exec" option with a short shell script:

    find . -type f -maxdepth 1 -name '*.ext' -exec sh -c "command '{}' && echo 'successful'" \;



    update-alternatives(1) system for programs such as "editor", "view", "x-www-browser", "gnome-www-browser", and "www-browser"  

    The debianutils package provides sensible-browser(1), sensible-editor(1), and sensible-pager(1) which make sensible decisions on which editor, pager, and web browser to call, respectively.


    Use kill(1) to kill (or send a signal to) a process by the process ID.

    Use killall(1) or pkill(1) to do the same by the process command name and other attributes.

      signals for kill command
    signal value     signal name     action     note
    0     ---     no signal is sent (see kill(2))     check if process is running
    1     SIGHUP     terminate the process     disconnected terminal (signal hang up)
    2     SIGINT     terminate the process     interrupt from keyboard (CTRL-C)
    3     SIGQUIT     terminate the process and dump core     quit from keyboard (CTRL-\)
    9     SIGKILL     terminate the process     unblockable kill signal
    15     SIGTERM     terminate the process     blockable termination signal 

    Pressing Alt-SysRq (PrtScr) followed by one keys does the magic of rescuing control of the system.

    SAK command keys

    key following Alt-SysRq description of action
    k kill all processes on the current virtual console (SAK)
    s sync all mounted filesystems to avoid data corruption
    u remount all mounted filesystems read-only (umount)
    r restore the keyboard from raw mode after X crashes


    From SSH terminal etc., you can use the Alt-SysRq feature by writing to the "/proc/sysrq-trigger". For example, "echo s > /proc/sysrq-trigger; echo u > /proc/sysrq-trigger" from the root shell prompt syncs and umounts all mounted filesystems.


    Debian amd64 Linux kernel has /proc/sys/kernel/sysrq=438  =0b110110110


    • 0 - disable sysrq completely

    • 1 - enable all functions of sysrq

    • >1 - bitmask of allowed sysrq functions (see below for detailed function description):

        2 =   0x2 - enable control of console logging level
        4 =   0x4 - enable control of keyboard (SAK, unraw)
        8 =   0x8 - enable debugging dumps of processes etc.
       16 =  0x10 - enable sync command
       32 =  0x20 - enable remount read-only
       64 =  0x40 - enable signalling of processes (term, kill, oom-kill)
      128 =  0x80 - allow reboot/poweroff
      256 = 0x100 - allow nicing of all RT tasks

    ou can check who is on the system by the following.

    • who(1) shows who is logged on.

    • w(1) shows who is logged on and what they are doing.

    • last(1) shows listing of last logged in user.

    • lastb(1) shows listing of last bad logged in users.

    [Tip] Tip

    "/var/run/utmp", and "/var/log/wtmp" hold such user information. See login(1) and utmp(5).

    lspci -nn


    tree /sys/bus/pci

     List of hardware identification tools

    package popcon size description
    pciutils V:232, I:991 212 Linux PCI Utilities: lspci(8)
    usbutils V:72, I:865 320 Linux USB utilities: lsusb(8)
    nvme-cli V:11, I:18 1486 NVMe utilities for Linux: nvme(1)
    pcmciautils V:7, I:11 91 PCMCIA utilities for Linux: pccardctl(8)
    scsitools V:0, I:2 375 collection of tools for SCSI hardware management: lsscsi(8)
    procinfo V:0, I:8 132 system information obtained from "/proc": lsdev(8)
    lshw V:13, I:91 919 information about hardware configuration: lshw(1)
    discover V:39, I:955 98 hardware identification system: discover(8)

    hardware configuration tools

    package popcon size description
    console-setup V:96, I:966 428 Linux console font and keytable utilities
    x11-xserver-utils V:291, I:520 576 X server utilities: xset(1), xmodmap(1)
    acpid V:94, I:170 154 daemon to manage events delivered by the Advanced Configuration and Power Interface (ACPI)
    acpi V:10, I:157 47 utility to display information on ACPI devices
    sleepd V:0, I:0 86 daemon to put a laptop to sleep during inactivity
    hdparm V:206, I:383 256 hard disk access optimization (see Section 9.6.9, “Optimization of hard disk”)
    smartmontools V:196, I:244 2199 control and monitor storage systems using S.M.A.R.T.
    setserial V:4, I:7 103 collection of tools for serial port management
    memtest86+ V:1, I:22 12687 collection of tools for memory hardware management
    scsitools V:0, I:2 375 collection of tools for SCSI hardware management
    setcd V:0, I:0 37 compact disc drive access optimization
    big-cursor I:0 26 larger mouse cursors for X

    hwclock --utc --systohc

    hwclock --show
    "$TERM" environment variable
    setterm(1), stty(1), tic(1), and toe(1)   


    aplay /dev/urandom


    List of sound packages


    List of commands for disabling the screen saver

    environment command
    The Linux console setterm -powersave off
    The X Window (turning off screensaver) xset s off
    The X Window (disabling dpms) xset -dpms
    The X Window (GUI configuration of screen saver) xscreensaver-command -prefs


    echo "set bell-style none">> ~/.inputrc

    ystem security and integrity check

    package popcon size description
    logcheck V:6, I:8 110 daemon to mail anomalies in the system logfiles to the administrator
    debsums V:5, I:36 98 utility to verify installed package files against MD5 checksums
    chkrootkit V:7, I:18 924 rootkit detector
    clamav V:9, I:47 28695 anti-virus utility for Unix - command-line interface
    tiger V:1, I:2 7800 report system security vulnerabilities
    tripwire V:2, I:2 12088 file and directory integrity checker
    john V:1, I:9 471 active password cracking tool
    aide V:1, I:1 289 Advanced Intrusion Detection Environment - static binary
    integrit V:0, I:0 2659 file integrity verification program
    crack V:0, I:1 152 password guessing program

    Since the debsums package uses MD5 checksums stored locally, it can not be fully trusted as the system security audit tool against malicious attacks.


    find / -perm 777 -a \! -type s -a \! -type l -a \! \( -type d -a -perm 1777 \)

    filesystem management packages

    package popcon size description
    e2fsprogs V:742, I:999 1496 utilities for the ext2/ext3/ext4 filesystems
    btrfs-progs V:45, I:72 4851 utilities for the Btrfs filesystem
    reiserfsprogs V:12, I:26 469 utilities for the Reiserfs filesystem
    zfsutils-linux V:28, I:29 1615 utilities for the OpenZFS filesystem
    dosfstools V:180, I:526 315 utilities for the FAT filesystem. (Microsoft: MS-DOS, Windows)
    exfatprogs V:25, I:318 281 utilities for the exFAT filesystem maintained by Samsung.
    exfat-fuse V:7, I:159 73 read/write exFAT filesystem (Microsoft) driver for FUSE.
    exfat-utils V:5, I:148 231 utilities for the exFAT filesystem maintained by the exfat-fuse author.
    xfsprogs V:23, I:97 3476 utilities for the XFS filesystem. (SGI: IRIX)
    ntfs-3g V:196, I:506 1470 read/write NTFS filesystem (Microsoft: Windows NT, …) driver for FUSE.
    jfsutils V:0, I:8 1577 utilities for the JFS filesystem. (IBM: AIX, OS/2)
    reiser4progs V:0, I:2 1367 utilities for the Reiser4 filesystem
    hfsprogs V:0, I:5 394 utilities for HFS and HFS Plus filesystem. (Apple: Mac OS)
    zerofree V:5, I:128 25 program to zero free blocks from ext2/3/4 filesystems

     compress btrfs root

      btrfs filesystem defragment -r -v -czstd /


    disk image

    cp /dev/sdb disk.img
     dd if=/dev/sdb of=disk.img
    dd if=/dev/hda of=mbr.img bs=512 count=1
    dd if=/dev/hda of=mbr-nopart.img bs=446 count=1
     dd if=/dev/hda of=mbr-part.img skip=446 bs=1 count=66
    dd if=disk.img of=/dev/sdb
    dd if=partition.img of=/dev/sdb1
    losetup -v -f partition.img
    mkdir -p /mnt/loop0
    mount -t auto /dev/loop0 /mnt/loop0
    umount /dev/loop0
    losetup -d /dev/loop0
    mkdir -p /mnt/loop0
    mount -t auto -o loop partition.img /mnt/loop0
     umount partition.img
     modinfo -p loop # verify kernel capability
    modprobe loop max_part=16
    zerofree /dev/loop3
    cp --sparse=always disk.img new.img
     empty disk
    dd bs=1 count=0 if=/dev/zero of=disk.img seek=5G
     fallocate can do same

    List of packages which view and edit binary data

    package popcon size description
    coreutils V:876, I:999 18062 basic package which has od(1) to dump files (HEX, ASCII, OCTAL, …)
    bsdmainutils V:15, I:389 17 utility package which has hd(1) to dump files (HEX, ASCII, OCTAL, …)
    hexedit V:0, I:9 73 binary editor and viewer (HEX, ASCII)
    bless V:0, I:2 924 full featured hexadecimal editor (GNOME)
    okteta V:0, I:10 1581 full featured hexadecimal editor (KDE4)
    ncurses-hexedit V:0, I:1 130 binary editor and viewer (HEX, ASCII, EBCDIC)
    beav V:0, I:0 137 binary editor and viewer (HEX, ASCII, EBCDIC, OCTAL, …)

    List of packages for data file recovery and forensic analysis

    package popcon size description
    testdisk V:2, I:29 1413 utilities for partition scan and disk recovery
    magicrescue V:0, I:2 255 utility to recover files by looking for magic bytes
    scalpel V:0, I:3 88 frugal, high performance file carver
    myrescue V:0, I:2 83 rescue data from damaged harddisks
    extundelete V:0, I:8 147 utility to undelete files on the ext3/4 filesystem
    ext4magic V:0, I:4 233 utility to undelete files on the ext3/4 filesystem
    ext3grep V:0, I:2 293 tool to help recover deleted files on the ext3 filesystem
    scrounge-ntfs V:0, I:2 50 data recovery program for NTFS filesystems
    gzrt V:0, I:0 33 gzip recovery toolkit
    sleuthkit V:2, I:24 1611 tools for forensics analysis. (Sleuthkit)
    autopsy V:0, I:1 1027 graphical interface to SleuthKit
    foremost V:0, I:5 102 forensics application to recover data
    guymager V:0, I:1 1021 forensic imaging tool based on Qt
    dcfldd V:0, I:4 114 enhanced version of dd for forensics and security
    split -b 2000m large_file
    cat x* >large_file

    Please make sure you do not have any files starting with "x" to avoid name crashes.

    clear file in use 
     ls -li
     lsof -s -X / |grep deleted

    List of virtualization tools

    package popcon size description
    coreutils V:876, I:999 18062 GNU core utilities which contain chroot(8)
    systemd-container V:48, I:56 1299 systemd container/nspawn tools which contain systemd-nspawn(1)
    schroot V:5, I:7 2508 specialized tool for executing Debian binary packages in chroot
    sbuild V:1, I:3 243 tool for building Debian binary packages from Debian sources
    debootstrap V:5, I:55 308 bootstrap a basic Debian system (written in sh)
    cdebootstrap V:0, I:1 111 bootstrap a Debian system (written in C)
    virt-manager V:10, I:42 2296 Virtual Machine Manager: desktop application for managing virtual machines
    libvirt-clients V:44, I:63 1212 programs for the libvirt library
    games-emulator I:0 21 games-emulator: Debian's emulators for games
    bochs V:0, I:0 6956 Bochs: IA-32 PC emulator
    qemu I:18 97 QEMU: fast generic processor emulator
    qemu-system I:20 66 QEMU: full system emulation binaries
    qemu-user V:1, I:7 103943 QEMU: user mode emulation binaries
    qemu-utils V:11, I:104 10344 QEMU: utilities
    qemu-system-x86 V:33, I:89 45580 KVM: full virtualization on x86 hardware with the hardware-assisted virtualization
    virtualbox V:6, I:8 131137 VirtualBox: x86 virtualization solution on i386 and amd64
    xen-tools V:0, I:2 719 tools to manage debian XEN virtual server
    wine V:13, I:59 135 Wine: Windows API Implementation (standard suite)
    dosbox V:1, I:15 2671 DOSBox: x86 emulator with Tandy/Herc/CGA/EGA/VGA/SVGA graphics, sound and DOS
    lxc V:9, I:12 25643 Linux containers user space tools
    python3-venv I:72 6 venv for creating virtual python environments (system library)
    python3-virtualenv V:9, I:49 364 virtualenv for creating isolated virtual python environments
    pipx V:2, I:10 931 pipx for installing python applications in isolated environments

    List of archive and compression tools

    package popcon size extension command comment
    tar V:907, I:999 3144 .tar tar(1) the standard archiver (de facto standard)
    cpio V:439, I:998 1141 .cpio cpio(1) Unix System V style archiver, use with find(1)
    binutils V:164, I:629 143 .ar ar(1) archiver for the creation of static libraries
    fastjar V:1, I:15 183 .jar fastjar(1) archiver for Java (zip like)
    pax V:9, I:16 170 .pax pax(1) new POSIX standard archiver, compromise between tar and cpio
    gzip V:872, I:999 252 .gz gzip(1), zcat(1), … GNU LZ77 compression utility (de facto standard)
    bzip2 V:161, I:969 121 .bz2 bzip2(1), bzcat(1), … Burrows-Wheeler block-sorting compression utility with higher compression ratio than gzip(1) (slower than gzip with similar syntax)
    lzma V:1, I:18 149 .lzma lzma(1) LZMA compression utility with higher compression ratio than gzip(1) (deprecated)
    xz-utils V:380, I:979 1248 .xz xz(1), xzdec(1), … XZ compression utility with higher compression ratio than bzip2(1) (slower than gzip but faster than bzip2; replacement for LZMA compression utility)
    zstd V:125, I:325 2138 .zstd zstd(1), zstdcat(1), … Zstandard fast lossless compression utility
    p7zip V:114, I:472 987 .7z 7zr(1), p7zip(1) 7-Zip file archiver with high compression ratio (LZMA compression)
    p7zip-full V:117, I:474 4664 .7z 7z(1), 7za(1) 7-Zip file archiver with high compression ratio (LZMA compression and others)
    lzop V:15, I:139 164 .lzo lzop(1) LZO compression utility with higher compression and decompression speed than gzip(1) (lower compression ratio than gzip with similar syntax)
    zip V:47, I:387 616 .zip zip(1) InfoZIP: DOS archive and compression tool
    unzip V:102, I:774 379 .zip unzip(1) InfoZIP: DOS unarchive and decompression tool

    copy and synchronization tools

    package popcon size tool function
    coreutils V:876, I:999 18062 GNU cp locally copy files and directories ("-a" for recursive)
    openssh-client V:854, I:997 5814 scp remotely copy files and directories (client, "-r" for recursive)
    openssh-server V:723, I:818 1948 sshd remotely copy files and directories (remote server)
    rsync V:249, I:557 776
    1-way remote synchronization and backup
    unison V:3, I:13 14
    2-way remote synchronization and backup

    Copying files with rsync(8) offers richer features than others.

    • delta-transfer algorithm that sends only the differences between the source files and the existing files in the destination

    • quick check algorithm (by default) that looks for files that have changed in size or in last-modified time

    • "--exclude" and "--exclude-from" options similar to tar(1)

    • "a trailing slash on the source directory" syntax that avoids creating an additional directory level at the destination.

    tar -cvJf archive.tar.xz ./source

     tar -xvJf archive.tar.xz 

    List of filesystem choices for removable storage devices with typical usage scenarios

    filesystem name typical usage scenario
    FAT12 cross platform sharing of data on the floppy disk (<32MiB)
    FAT16 cross platform sharing of data on the small hard disk like device (<2GiB)
    FAT32 cross platform sharing of data on the large hard disk like device (<8TiB, supported by newer than MS Windows95 OSR2)
    exFAT cross platform sharing of data on the large hard disk like device (<512TiB, supported by WindowsXP, Mac OS X Snow Leopard 10.6.5, and Linux kernel since 5.4 release)
    NTFS cross platform sharing of data on the large hard disk like device (supported natively on MS Windows NT and later version, and supported by NTFS-3G via FUSE on Linux)
    ISO9660 cross platform sharing of static data on CD-R and DVD+/-R
    UDF incremental data writing on CD-R and DVD+/-R (new)
    MINIX space efficient unix file data storage on the floppy disk
    ext2 sharing of data on the hard disk like device with older Linux systems
    ext3 sharing of data on the hard disk like device with older Linux systems
    ext4 sharing of data on the hard disk like device with current Linux systems
    btrfs sharing of data on the hard disk like device with current Linux systems with read-only snapshots

    data security infrastructure tools

    package popcon size command description
    gnupg V:551, I:914 885 gpg(1) GNU Privacy Guard - OpenPGP encryption and signing tool
    gpgv V:889, I:999 917 gpgv(1) GNU Privacy Guard - signature verification tool
    paperkey V:1, I:11 58 paperkey(1) extract just the secret information out of OpenPGP secret keys
    cryptsetup V:36, I:78 410 cryptsetup(8), … utilities for dm-crypt block device encryption supporting LUKS
    coreutils V:876, I:999 18062 md5sum(1) compute and check MD5 message digest
    coreutils V:876, I:999 18062 sha1sum(1) compute and check SHA1 message digest
    openssl V:832, I:995 2290 openssl(1ssl) compute message digest with "openssl dgst" (OpenSSL)
    libsecret-tools V:0, I:13 41 secret-tool(1) store and retrieve passwords (CLI)
    seahorse V:74, I:262 7987 seahorse(1) key management tool (GNOME)

    GNU Privacy Guard commands for the key management

    command description
    gpg --gen-key generate a new key
    gpg --gen-revoke my_user_ID generate revoke key for my_user_ID
    gpg --edit-key user_ID edit key interactively, "help" for help
    gpg -o file --export export all keys to file
    gpg --import file import all keys from file
    gpg --send-keys user_ID send key of user_ID to keyserver
    gpg --recv-keys user_ID recv. key of user_ID from keyserver
    gpg --list-keys user_ID list keys of user_ID
    gpg --list-sigs user_ID list sig. of user_ID
    gpg --check-sigs user_ID check sig. of user_ID
    gpg --fingerprint user_ID check fingerprint of user_ID
    gpg --refresh-keys update local keyring

     List of GNU Privacy Guard commands on files

    command description
    gpg -a -s file sign file into ASCII armored file.asc
    gpg --armor --sign file , ,
    gpg --clearsign file clear-sign message
    gpg --clearsign file|mail [email protected] mail a clear-signed message to [email protected]
    gpg --clearsign --not-dash-escaped patchfile clear-sign patchfile
    gpg --verify file verify clear-signed file
    gpg -o file.sig -b file create detached signature
    gpg -o file.sig --detach-sign file , ,
    gpg --verify file.sig file verify file with file.sig
    gpg -o crypt_file.gpg -r name -e file public-key encryption intended for name from file to binary crypt_file.gpg
    gpg -o crypt_file.gpg --recipient name --encrypt file , ,
    gpg -o crypt_file.asc -a -r name -e file public-key encryption intended for name from file to ASCII armored crypt_file.asc
    gpg -o crypt_file.gpg -c file symmetric encryption from file to crypt_file.gpg
    gpg -o crypt_file.gpg --symmetric file , ,
    gpg -o crypt_file.asc -a -c file symmetric encryption intended for name from file to ASCII armored crypt_file.asc
    gpg -o file -d crypt_file.gpg -r name decryption
    gpg -o file --decrypt crypt_file.gpg , ,

    List of source code merge tools

    package popcon size command description
    patch V:98, I:699 248 patch(1) apply a diff file to an original
    vim V:94, I:374 3665 vimdiff(1) compare 2 files side by side in vim
    imediff V:0, I:0 169 imediff(1) interactive full screen 2/3-way merge tool
    meld V:8, I:29 3500 meld(1) compare and merge files (GTK)
    wiggle V:0, I:0 174 wiggle(1) apply rejected patches
    diffutils V:859, I:996 1598 diff(1) compare files line by line
    diffutils V:859, I:996 1598 diff3(1) compare and merges three files line by line
    quilt V:2, I:23 774 quilt(1) manage series of patches
    wdiff V:7, I:52 648 wdiff(1) display word differences between text files
    diffstat V:13, I:123 74 diffstat(1) produce a histogram of changes by the diff
    patchutils V:15, I:122 232 combinediff(1) create a cumulative patch from two incremental patches
    patchutils V:15, I:122 232 dehtmldiff(1) extract a diff from an HTML page
    patchutils V:15, I:122 232 filterdiff(1) extract or excludes diffs from a diff file
    patchutils V:15, I:122 232 fixcvsdiff(1) fix diff files created by CVS that patch(1) mis-interprets
    patchutils V:15, I:122 232 flipdiff(1) exchange the order of two patches
    patchutils V:15, I:122 232 grepdiff(1) show which files are modified by a patch matching a regex
    patchutils V:15, I:122 232 interdiff(1) show differences between two unified diff files
    patchutils V:15, I:122 232 lsdiff(1) show which files are modified by a patch
    patchutils V:15, I:122 232 recountdiff(1) recompute counts and offsets in unified context diffs
    patchutils V:15, I:122 232 rediff(1) fix offsets and counts of a hand-edited diff
    patchutils V:15, I:122 232 splitdiff(1) separate out incremental patches
    patchutils V:15, I:122 232 unwrapdiff(1) demangle patches that have been word-wrapped
    dirdiff V:0, I:2 167 dirdiff(1) display differences and merge changes between directory trees
    docdiff V:0, I:0 553 docdiff(1) compare two files word by word / char by char
    makepatch V:0, I:0 100 makepatch(1) generate extended patch files
    makepatch V:0, I:0 100 applypatch(1) apply extended patch files
     diff -u file.old > file.patch0
    merge patch
     patch -p0 file < file.patch0
    patch -p1 file < file.patch1
    imediff -o file.merged file.old
    imediff -o file.merged file.yours file.base file.theirs

    git related packages and commands

    package popcon size command description
    git V:333, I:534 44963 git(7) Git, the fast, scalable, distributed revision control system
    gitk V:5, I:32 1814 gitk(1) GUI Git repository browser with history
    git-gui V:1, I:17 2408 git-gui(1) GUI for Git (No history)
    git-email V:0, I:10 1062 git-send-email(1) send a collection of patches as email from the Git
    git-buildpackage V:1, I:9 1990 git-buildpackage(1) automate the Debian packaging with the Git
    dgit V:0, I:1 483 dgit(1) git interoperability with the Debian archive
    imediff V:0, I:0 169 git-ime(1) interactive git commit split helper tool
    stgit V:0, I:0 601 stg(1) quilt on top of git (Python)
    git-doc I:12 13067 N/A official documentation for Git
    gitmagic I:0 721 N/A "Git Magic", easier to understand guide for Git

    Git tips

    Git command line function
    gitk --all see complete Git history and operate on them such as resetting HEAD to another commit, cheery-picking patches, creating tags and branches ...
    git stash get the clean working tree without loosing data
    git remote -v check settings for remote
    git branch -vv check settings for branch
    git status show working tree status
    git config -l list git settings
    git reset --hard HEAD; git clean -x -d -f revert all working tree changes and clean them up completely
    git rm --cached filename revert staged index changed by git add filename
    git reflog get reference log (useful for recovering commits from the removed branch)
    git branch new_branch_name HEAD@{6} create a new branch from reflog information
    git remote add new_remote URL add a new_remote remote repository pointed by URL
    git remote rename origin upstream rename the remote repository name from origin to upstream
    git branch -u upstream/branch_name set the remote tracking to the remote repository upstream and its branch name branch_name.
    git remote set-url origin https://foo/bar.git change URL of origin
    git remote set-url --push upstream DISABLED disable push to upstream (Edit .git/config to re-enable)
    git checkout -b topic_branch ; git push -u topic_branch origin make a new topic_branch and push it to origin
    git branch -m oldname newname rename local branch name
    git push -d origin branch_to_be_removed remove remote branch (new method)
    git push origin :branch_to_be_removed remove remote branch (old method)
    git checkout --orphan unconnected create a new unconnected branch
    git fetch upstream foo:upstream-foo create a local (possibly orphan) upstream-foo branch as a copy of foo branch the upstream repository
    git rebase -i origin/main reorder/drop/squish commits from origin/main to clean branch history
    git reset HEAD^; git commit --amend squash last 2 commits into one
    git checkout topic_branch ; git merge --squash topic_branch squash entire topic_branch into a commit
    git fetch --unshallow --update-head-ok origin '+refs/heads/*:refs/heads/*' convert a shallow clone to the full clone of all branches
    git ime split the last commit into a series of file-by-file smaller commits etc. (imediff package required)
    git repack -a -d; git prune repack the local repository into single pack (this may limit chance of lost data recovery from erased branch etc.)

    other version control system tools

    package popcon size tool VCS type comment
    mercurial V:5, I:31 1049 Mercurial distributed DVCS in Python and some C
    darcs V:0, I:4 34070 Darcs distributed DVCS with smart algebra of patches (slow)
    bzr I:7 28 Bazaar distributed DVCS influenced by tla written in Python (historic)
    tla V:0, I:1 1022 GNU arch distributed DVCS mainly by Tom Lord (historic)
    subversion V:13, I:75 4838 Subversion remote "CVS done right", newer standard remote VCS (historic)
    cvs V:3, I:28 4609 CVS remote previous standard remote VCS (historic)
    tkcvs V:0, I:1 1498 CVS, … remote GUI display of VCS (CVS, Subversion, RCS) repository tree
    rcs V:2, I:12 564 RCS local "Unix SCCS done right" (historic)
    cssc V:0, I:0 2044 CSSC local clone of the Unix SCCS (historic)
    iconv -f encoding1 -t encoding2 input.txt >output.txt

    List of encoding values and their usage

    encoding value usage
    ASCII American Standard Code for Information Interchange, 7 bit code w/o accented characters
    UTF-8 current multilingual standard for all modern OSs
    ISO-8859-1 old standard for western European languages, ASCII + accented characters
    ISO-8859-2 old standard for eastern European languages, ASCII + accented characters
    ISO-8859-15 old standard for western European languages, ISO-8859-1 with euro sign
    CP850 code page 850, Microsoft DOS characters with graphics for western European languages, ISO-8859-1 variant
    CP932 code page 932, Microsoft Windows style Shift-JIS variant for Japanese
    CP936 code page 936, Microsoft Windows style GB2312, GBK or GB18030 variant for Simplified Chinese
    CP949 code page 949, Microsoft Windows style EUC-KR or Unified Hangul Code variant for Korean
    CP950 code page 950, Microsoft Windows style Big5 variant for Traditional Chinese
    CP1251 code page 1251, Microsoft Windows style encoding for the Cyrillic alphabet
    CP1252 code page 1252, Microsoft Windows style ISO-8859-15 variant for western European languages
    KOI8-R old Russian UNIX standard for the Cyrillic alphabet
    ISO-2022-JP standard encoding for Japanese email which uses only 7 bit codes
    eucJP old Japanese UNIX standard 8 bit code and completely different from Shift-JIS
    Shift-JIS JIS X 0208 Appendix 1 standard for Japanese (see CP932)
    iconv -f utf8 -t utf8 input.txt >/dev/null || echo "non-UTF-8 found"
    filename convert
    for x in *;
     mv "$x" "$(echo "$x" | iconv -f $ENCDN -t utf-8)"

    graphic data tools

    package popcon size keyword description
    gimp V:50, I:260 19877 image(bitmap) GNU Image Manipulation Program
    imagemagick I:321 176 image(bitmap) image manipulation programs
    graphicsmagick V:1, I:13 5510 image(bitmap) image manipulation programs (fork of imagemagick)
    xsane V:12, I:148 2339 image(bitmap) GTK-based X11 frontend for SANE (Scanner Access Now Easy)
    netpbm V:27, I:330 8200 image(bitmap) graphics conversion tools
    icoutils V:7, I:54 221 png↔ico(bitmap) convert MS Windows icons and cursors to and from PNG formats (favicon.ico)
    scribus V:1, I:16 30242 ps/pdf/SVG/… Scribus DTP editor
    libreoffice-draw V:71, I:421 13525 image(vector) LibreOffice office suite - drawing
    inkscape V:14, I:122 99316 image(vector) SVG (Scalable Vector Graphics) editor
    dia V:2, I:21 3908 image(vector) diagram editor (Gtk)
    xfig V:0, I:9 7825 image(vector) Facility for Interactive Generation of figures under X11
    pstoedit V:2, I:53 1003 ps/pdf→image(vector) PostScript and PDF files to editable vector graphics converter (SVG)
    libwmf-bin V:6, I:130 151 Windows/image(vector) Windows metafile (vector graphic data) conversion tools
    fig2sxd V:0, I:0 151 fig→sxd(vector) convert XFig files to Draw format
    unpaper V:2, I:17 412 image→image post-processing tool for scanned pages for OCR
    tesseract-ocr V:7, I:34 2135 image→text free OCR software based on the HP's commercial OCR engine
    tesseract-ocr-eng V:7, I:34 4032 image→text OCR engine data: tesseract-ocr language files for English text
    gocr V:0, I:6 545 image→text free OCR software
    ocrad V:0, I:3 578 image→text free OCR software
    eog V:57, I:270 7770 image(Exif) Eye of GNOME graphics viewer program
    gthumb V:3, I:16 5321 image(Exif) image viewer and browser (GNOME)
    geeqie V:4, I:14 15402 image(Exif) image viewer using GTK
    shotwell V:16, I:248 6187 image(Exif) digital photo organizer (GNOME)
    gtkam V:0, I:2 1154 image(Exif) application for retrieving media from digital cameras (GTK)
    gphoto2 V:0, I:7 947 image(Exif) The gphoto2 digital camera command-line client
    gwenview V:30, I:101 11755 image(Exif) image viewer (KDE)
    kamera I:101 983 image(Exif) digital camera support for KDE applications
    digikam V:1, I:9 292 image(Exif) digital photo management application for KDE
    exiv2 V:2, I:29 278 image(Exif) EXIF/IPTC metadata manipulation tool
    exiftran V:1, I:15 69 image(Exif) transform digital camera jpeg images
    jhead V:0, I:7 131 image(Exif) manipulate the non-image part of Exif compliant JPEG (digital camera photo) files
    exif V:2, I:34 339 image(Exif) command-line utility to show EXIF information in JPEG files
    exiftags V:0, I:3 292 image(Exif) utility to read Exif tags from a digital camera JPEG file
    exifprobe V:0, I:3 499 image(Exif) read metadata from digital pictures
    dcraw V:1, I:11 583 image(Raw)→ppm decode raw digital camera images
    findimagedupes V:0, I:1 76 image→fingerprint find visually similar or duplicate images
    ale V:0, I:0 839 image→image merge images to increase fidelity or create mosaics
    imageindex V:0, I:1 145 image(Exif)→html generate static HTML galleries from images
    outguess V:0, I:1 230 jpeg,png universal Steganographic tool
    librecad V:1, I:14 8798 DXF CAD data editor (KDE)
    blender V:2, I:30 89560 blend, TIFF, VRML, … 3D content editor for animation etc
    mm3d V:0, I:0 3881 ms3d, obj, dxf, … OpenGL based 3D model editor
    open-font-design-toolkit I:0 9 ttf, ps, … metapackage for open font design
    fontforge V:0, I:6 3980 ttf, ps, … font editor for PS, TrueType and OpenType fonts
    xgridfit V:0, I:0 806 ttf program for gridfitting and hinting TrueType fonts










    Popular posts from this blog

    sxhkd volume andbrightness config for dwm on void

    xbps-install  sxhkd ------------ mkdir .config/sxhkd cd .config/sxhkd nano/vim sxhkdrc -------------------------------- XF86AudioRaiseVolume         amixer -c 1 -- sset Master 2db+ XF86AudioLowerVolume         amixer -c 1 -- sset Master 2db- XF86AudioMute         amixer -c 1 -- sset Master toggle alt + shift + Escape         pkill -USR1 -x sxhkd XF86MonBrightnessUp          xbacklight -inc 20 XF86MonBrightnessDown          xbacklight -dec 20 ------------------------------------------------------------- amixer -c card_no -- sset Interface volume run alsamixer to find card no and interface names xbps-install -S git git clone xbps-install -S base-devel libX11-devel libXft-devel libXinerama-devel  vim # FREETYPEINC = ${X11INC}/freetype2 #comment for non-bsd make clean install   cp config.def.h config.h vim config.h xbps-install -S font-symbola #for emoji on statusbar support     void audio config xbps-i

    download office 2021 and activate

    get office from here open powershell as admin (win+x and a ) type cmd  goto insall dir 1.         cd /d %ProgramFiles(x86)%\Microsoft Office\Office16 2.           cd /d %ProgramFiles%\Microsoft Office\Office16 try 1 or 2 depending on installation  install volume license  for /f %x in ('dir /b ..\root\Licenses16\ProPlus2021VL_KMS*.xrm-ms') do cscript ospp.vbs /inslic:"..\root\Licenses16\%x" activate using kms cscript ospp.vbs /setprt:1688 cscript ospp.vbs /unpkey:6F7TH >nul cscript ospp.vbs /inpkey:FXYTK-NJJ8C-GB6DW-3DYQT-6F7TH cscript ospp.vbs / cscript ospp.vbs /act Automatic script (windefender may block it) ------------------------------------------------------------------------------------------------------------------- @echo off title Activate Microsoft Office 2021 (ALL versions) for FREE - =====================================================================================&

    Hidden Wiki

    Welcome to The Hidden Wiki New hidden wiki url 2015 http://zqktlwi4fecvo6ri.onion Add it to bookmarks and spread it!!! Editor's picks Bored? Pick a random page from the article index and replace one of these slots with it. The Matrix - Very nice to read. How to Exit the Matrix - Learn how to Protect yourself and your rights, online and off. Verifying PGP signatures - A short and simple how-to guide. In Praise Of Hawala - Anonymous informal value transfer system. Volunteer Here are five different things that you can help us out with. Plunder other hidden service lists for links and place them here! File the SnapBBSIndex links wherever they go. Set external links to HTTPS where available, good certificate, and same content. Care to start recording onionland's history? Check out Onionland's Museum Perform Dead Services Duties. Introduction Points - Clearnet search engine for Tor Hidden Services (allows you