Common Linux commands - Elastic Compute Service - Alibaba Cloud Documentation Center

Linux operating systems are widely used on servers. Most Linux operating systems do not provide a GUI. In this case, administrators must use a CLI to interact with Linux servers. This topic describes the commonly used commands in Linux operating systems.

Commands used to manage processes

ps

Command

ps stands for Process Status. The ps command is used to provide a snapshot of the current processes on your system.

Common options

Option	Description
-A	Displays all processes.
-a	Displays all processes on the current controlling terminal.
-e	Displays all processes. This option functions similarly to the -A option.
-f	Displays a full-format list of processes, including the UID, PPIP, C, and STIME columns.
-u	Displays processes for an effective user.
-U	Displays processes for a real user.
-x	Displays all processes without controlling terminals.

Note

For information about other options, run the man ps command.

Examples

Query all processes.
```
ps -ef
```
Query a full-format list of all processes that match a specific keyword.
```
ps -ef | grep <key_word>
```
Replace <key_word> in the preceding command with an actual keyword.
Query all processes for an effective user that match a specific keyword without controlling terminals.
```
ps -aux | grep <key_word>
```
Replace <key_word> in the preceding command with an actual keyword.
Query a process tree.
```
ps -ejH
```
Query information about all processes, including thread information.
```
ps -eLf
```

Query thread information based on user-defined fields.

ps -eo pid,tid,class,rtprio,ni,pri,psr,pcpu,stat,wchan:14,comm

Query specific metrics of a process by process ID (PID). In this example, the PID is set to 1 and the comm= metric is specified, which indicates the command.
```
ps -q 1 -o comm=
```

top

Command

The top command provides a real-time dynamic display of running processes in Linux, an overview of system information, and the processes managed by the Linux kernel.

Common options

Option	Description
-d	Specifies the refresh frequency.
-p	Monitors the status of a process by PID.
-s	Tells top to run in secure mode to disable potentially dangerous interactive commands.
-i	Ignores idle and zombie processes.
-c	Displays the command line instead of only the command name.

Fields in a top command output

The following figure shows specific fields in a top command output and the corresponding values. The values of the fields vary based on the sampling period. The following figure is only for reference.

Fields

Fields in the system information summary and process list

Fields in the system information summary

Field (row)	Description
top	The general information about the system. The current time. up: the system uptime. user: the number of active users. load average: the load average, which is the average queue length. The load averages for the previous 1, 5, and 15 minutes are displayed.
Tasks	The statistics of processes in different states. total: the total number of processes. running: the number of running processes. sleeping: the number of sleeping processes. stopped: the number of stopped processes. zombie: the number of zombie processes.
%Cpu(s)	The statistics on CPU utilization. us: the percentage of CPU time spent running user processes. sy: the percentage of CPU time spent running kernel processes. ni: the percentage of CPU time spent running user processes prioritized by using the nice command. id: the percentage of time for which the CPU remains idle. wa: the percentage of CPU time spent waiting for I/O. hi: the percentage of CPU time spent servicing hardware interrupts. si: the percentage of CPU time spent servicing software interrupts. st: the steal time.
MiB Mem	The statistics on memory usage. total: the total amount of physical memory. free: the amount of available memory. used: the amount of used memory. buff/cache: the amount of memory used for kernel cache and buffers.
MiB Swap	The statistics on swap usage. total: the total amount of swap space. free: the amount of available swap space. used: the amount of used swap space. avail Mem: the total amount of cached swap space.

Fields in the process list

Field (column)	Description
PID	The PID.
USER	The username of the process owner.
PR	The scheduling priority of the process. A smaller value indicates a higher priority.
NI	The priority specified by the nice command for the process.
VIRT	The amount of virtual memory used by the process.
RES	The amount of physical memory used by the process.
SHR	The amount of shared memory used by the process.
S	The process status. R: running S: sleeping Z: zombie D: uninterruptible sleep T: traced or stopped
%CPU	The percentage of CPU usage by the process.
%MEM	The percentage of physical memory usage by the process.
TIME+	The total CPU time used by the process.
COMMAND	The command used to initiate the process.

Examples

Query system metrics with a specific sampling frequency
Run the following command to query system metrics with a sampling frequency of 3 seconds:
```
top 3
```
Note
When you run the top command to query system metrics, the default sampling frequency is 5 seconds.

Customize the top command interface

By default, the fields described in the Fields in the system information summary and process list section of this topic are displayed in a top command output. To customize the top command interface, press the f key within the interface to specify which columns to display and rearrange the order of the columns.

The following table describes the keys that you can use to manage the top command interface.

Key	Description
↑ and ↓	Scrolls up and down to select fields.
→	Selects an entire column. You can press the UP or DOWN key to move the selected column.
Space	Displays or hides the field. An asterisk (*) indicates that the field is displayed.
s	Sets the column in which the cursor is located as the sorting column.
q	Closes the top command interface and returns to the command line.

Use the top command in interactive mode

After you run the top command, the system enters interactive mode. In interactive mode, you can press keys to interactively use the command. The following table describes the keys.

Key	Description
1	Displays the status of each logical CPU.
u	Displays the processes of a user.
E	Selects the unit that you want to use for memory values in the top command. Valid units: KiB, MiB, GiB, TiB, PiB, and EiB.
x	Displays the sorting column.
y	Displays the running processes.
?	Displays help information of the top command.

Query the names and directories of processes by PID
Run the top command to query process information. In this example, the aliyun-service process is used. The top command output indicates that the PID of the aliyun-service process is 1325.
Run the following command to query the directory of the aliyun-service process:
```
cd /proc/1352
ls -ail
```
Terminate a process by PID
Run the top command. In interactive mode, press the k key, enter a PID, and then press the Enter key to terminate the process.

kill

Command

The kill command is used to terminate processes in Linux.

Common options

Option	Description
-l	Displays all available signal names.
-L	Displays all signal names and the corresponding numbers.

Examples

Terminate all processes.
```
sudo kill -9 -1
```
Display the name of the signal whose number is 11.
```
sudo kill -l 11
```
Display all signal names and the corresponding numbers.
```
sudo kill -L
```
Terminate a process by PID.
```
sudo kill -9 <PID>
```
Replace <PID> in the preceding command with an actual PID.

killall

Command

The killall command is used to terminate multiple processes by name.

Common options

Option	Description
-g	Terminates processes in the process group.
-i	Requests user confirmation before terminating a process.
-v	Reports whether the signal is sent.

Examples

Terminate the top process.

sudo killall top

Commands used to query system information

When you use Linux instances, you can run the uname command to query system information.

uname

Command

The uname command is used to display system information.

Common options

Option	Description
-a	Displays all system information.
-s	Displays the kernel name.
-n	Displays the hostname of the network node.
-r	Displays the kernel release.
-v	Displays the kernel version.
-m	Displays the name of the machine hardware.
-P	Displays the processor type.
-i	Displays hardware platform information.
-o	Displays operating system information.

Examples

Query all system information.
```
uname -a
```
Run the uname -m or arch command to query the CPU architecture. The command output varies based on the architecture.
Command output for the Arm architecture
Command output for the x86 architecture

dmidecode

The dmidecode command is used to extract and display hardware information from the BIOS of a Linux system. The dmidecode command reads the Desktop Management Interface (DMI) table and displays hardware information in a human-readable format. The dmidecode command provides various hardware details, including but not limited to the following information:

System information: includes the vendor, name, version, serial number (SN), and model of the system.
Processor information: includes the model, speed, and number of cores of each processor.
Memory information: includes the number of memory slots, memory sizes, memory types, and memory speeds.
Motherboard information: includes the vendor, version, and SN of the motherboard.
BIOS information: includes the version and release date of the BIOS.
Power supply information: includes the power supply specifications and models.
Device information: includes information about various hardware components, such as network adapters.

Display all hardware information from the DMI table.

sudo dmidecode

Sample command output:

# dmidecode 3.5
Getting SMBIOS data from sysfs.
SMBIOS 2.8 present.
9 structures occupying 451 bytes.
Table at 0x7BBCB000.
Handle 0x0100, DMI type 1, 27 bytes
System Information
        Manufacturer: Alibaba Cloud
        Product Name: Alibaba Cloud ECS
        Version: pc-i440fx-2.1
        Serial Number: a430fe54-aef6-4eae-a1ef-63******beb
        UUID: a430fe54-aef6-4eae-a1ef-63******beb
        Wake-up Type: Power Switch
        SKU Number: Not Specified
        Family: Not Specified
Handle 0x0300, DMI type 3, 21 bytes
Chassis Information
        Manufacturer: Alibaba Cloud
        Type: Other
        Lock: Not Present
        Version: pc-i440fx-2.1
        Serial Number: Not Specified
        Asset Tag: Not Specified
        Boot-up State: Safe
        Power Supply State: Safe
        Thermal State: Safe
        Security Status: Unknown
        OEM Information: 0x00000000
        Height: Unspecified
        Number Of Power Cords: Unspecified
        Contained Elements: 0
Handle 0x0400, DMI type 4, 42 bytes
Processor Information
        Socket Designation: CPU 0
        Type: Central Processor
        Family: Other
        Manufacturer: Alibaba Cloud
        ID: 54 06 05 00 FF FB 8B 1F
        Version: pc-i440fx-2.1
        Voltage: Unknown
        External Clock: Unknown
        Max Speed: Unknown
        Current Speed: Unknown
        Status: Populated, Enabled
        Upgrade: Other
        L1 Cache Handle: Not Provided
        L2 Cache Handle: Not Provided
        L3 Cache Handle: Not Provided
        Serial Number: Not Specified
        Asset Tag: Not Specified
        Part Number: Not Specified
        Core Count: 1
        Core Enabled: 1
        Thread Count: 2
        Characteristics: None
Handle 0x1000, DMI type 16, 23 bytes
Physical Memory Array
        Location: Other
        Use: System Memory
        Error Correction Type: Multi-bit ECC
        Maximum Capacity: 2 GB
        Error Information Handle: Not Provided
        Number Of Devices: 1
Handle 0x1100, DMI type 17, 40 bytes
Memory Device
        Array Handle: 0x1000
        Error Information Handle: Not Provided
        Total Width: Unknown
        Data Width: Unknown
        Size: 2 GB
        Form Factor: DIMM
        Set: None
        Locator: DIMM 0
        Bank Locator: Not Specified
        Type: RAM
        Type Detail: Other
        Speed: Unknown
        Manufacturer: Alibaba Cloud
        Serial Number: Not Specified
        Asset Tag: Not Specified
        Part Number: Not Specified
        Rank: Unknown
        Configured Memory Speed: Unknown
        Minimum Voltage: Unknown
        Maximum Voltage: Unknown
        Configured Voltage: Unknown
Handle 0x1300, DMI type 19, 31 bytes
Memory Array Mapped Address
        Starting Address: 0x00000000000
        Ending Address: 0x0007FFFFFFF
        Range Size: 2 GB
        Physical Array Handle: 0x1000
        Partition Width: 1
Handle 0x2000, DMI type 32, 11 bytes
System Boot Information
        Status: No errors detected
Handle 0x0000, DMI type 0, 26 bytes
BIOS Information
        Vendor: EFI Development Kit II / OVMF
        Version: 0.0.0
        Release Date: 02/06/2015
        Address: 0xE8000
        Runtime Size: 96 kB
        ROM Size: 64 kB
        Characteristics:
                BIOS characteristics not supported
                Targeted content distribution is supported
                UEFI is supported
                System is a virtual machine
        BIOS Revision: 0.0
Handle 0xFEFF, DMI type 127, 4 bytes
End Of Table

To display only the entries of a specific type from the DMI table, use the -t option in the command. For example, run the following command to display only entries about memory from the DMI table:

sudo dmidecode -t memory

Sample command output:

# dmidecode 3.5
Getting SMBIOS data from sysfs.
SMBIOS 2.8 present.
Handle 0x1000, DMI type 16, 23 bytes
Physical Memory Array
        Location: Other
        Use: System Memory
        Error Correction Type: Multi-bit ECC
        Maximum Capacity: 2 GB
        Error Information Handle: Not Provided
        Number Of Devices: 1
Handle 0x1100, DMI type 17, 40 bytes
Memory Device
        Array Handle: 0x1000
        Error Information Handle: Not Provided
        Total Width: Unknown
        Data Width: Unknown
        Size: 2 GB
        Form Factor: DIMM
        Set: None
        Locator: DIMM 0
        Bank Locator: Not Specified
        Type: RAM
        Type Detail: Other
        Speed: Unknown
        Manufacturer: Alibaba Cloud
        Serial Number: Not Specified
        Asset Tag: Not Specified
        Part Number: Not Specified
        Rank: Unknown
        Configured Memory Speed: Unknown
        Minimum Voltage: Unknown
        Maximum Voltage: Unknown
        Configured Voltage: Unknown

Query physical CPU and memory information

Note

Total number of cores = Number of physical CPUs × Number of cores per physical CPU
Total number of logical CPUs = Number of physical CPUs × Number of cores per physical CPU × Hyper-Threading factor

You can run the following commands to query physical CPU and memory information.

Query the number of physical CPUs.

cat /proc/cpuinfo| grep "physical id"| sort| uniq| wc -l

Query the number of cores per physical CPU.
```
cat /proc/cpuinfo| grep "cpu cores"| uniq
```

Query the number of logical CPUs.

cat /proc/cpuinfo| grep "processor"| wc -l

Query the CPU model.

cat /proc/cpuinfo | grep name | cut -f2 -d: | uniq -c

Query memory information.
```
cat /proc/meminfo
```

Query CPU details

Run the lscpu command to query CPU details. The command output varies based on the architecture.

Command output for the Arm architecture
Command output for the x86 architecture

Query operating system information

Run the cat /proc/version command to query operating system information and the compiler version. The command output varies based on the architecture.

Command output for the x86 architecture
Command output for the Arm architecture

Commands used to manage disks

df

Command

The df command is used to report the file system space usage on disks.

Common options

Option	Description
-a	Includes pseudo, duplicate, and inaccessible file systems.
-B	Scales block sizes by the specified size for output.
-h	Displays sizes in a human-readable format by using a scale factor of 1,024. Example: 1023M.
-H	Displays sizes in a human-readable format by using a scale factor of 1,000. Example: 1.1G.
-k	Equivalent to -- block-size=1K.
-l	Displays a list of local file systems.
-t	Displays information about file systems of the specified type.

Examples

Query the disk space usage and display block sizes in MB.

df -BM

The following command output is returned:

Filesystem     1M-blocks  Used Available Use% Mounted on
tmpfs               742M   22M      721M   3% /run
/dev/vda3         39943M 2542M    35556M   7% /
tmpfs              3708M    0M     3708M   0% /dev/shm
tmpfs                 5M    0M        5M   0% /run/lock
tmpfs               742M    1M      742M   1% /run/user/0

lsblk

Command

The lsblk command is used to display the details of block devices.

Common options

Option	Description
-a	Displays all devices, including empty and memory disk devices.
-b	Displays sizes in bytes.
-f	Displays information, including information about file systems.

Examples

Query information about block devices, including information about file systems.

lsblk -f

The following command output is returned:

NAME   FSTYPE FSVER LABEL UUID                                 FSAVAIL FSUSE% MOUNTPOINTS
vda                                                                           
|-vda1                                                                        
|-vda2 vfat   FAT32       6175-F96E                                           
`-vda3 ext4   1.0         df02e0a1-d28d-41b1-99c2-58f2b684cc79   34.7G     6% /

Query the SN of a disk.
The methods for querying the SNs of disks may vary based on the Linux distribution. For Alibaba Cloud Linux 3, CentOS 7, or Ubuntu 18, perform the following steps to query the SN of a disk:
1. Query the block storage devices mounted in the operating system.
```
lsblk
```
2. Query the SN of a block storage device. For example, run the following command to query the SN of the /dev/vda disk:
```
udevadm info --query=all --name=/dev/vda | grep ID_SERIAL
```

blkid

Command

The blkid command is used to display block device attributes.

Examples

Query the attributes of a block device.

blkid  /dev/vda

The following command output is returned:

/dev/vda: PTUUID="bdee1c7f-46fc-4838-9a74-9exxxxxxxxaf" PTTYPE="gpt"

fdisk

Command

The fdisk command is used to manage disk partition tables in Linux.

Common options

Option	Description
-l	Displays the partition tables of the specified devices.
-u	Displays the partition information of partition tables in numbers of sectors instead of numbers of cylinders.

Examples

Query the partition tables on all disks and the partition information in numbers of sectors.

sudo fdisk -lu

The following command output is returned:

Disk /dev/vda: 40 GiB, 42949672960 bytes, 83886080 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: BDEE1C7F-46FC-4838-9A74-9E57F8FD63AF

Device      Start      End  Sectors  Size Type
/dev/vda1    2048     4095     2048    1M BIOS boot
/dev/vda2    4096   413695   409600  200M EFI System
/dev/vda3  413696 83886046 83472351 39.8G Linux filesystem

mount

Command

The mount command is used to mount file systems.

Common options

Option	Description
-a	Mounts all file systems configured in the `/etc/fstab` file.
-L	Mounts the partition that has the specified label.
-r	Mounts the file system read-only.
-w	Mounts the file system read/write.
-U	Mounts the partition that has the specified `UUID`.

Examples

Mount all file systems that are configured in the /etc/fstab file.
```
sudo mount -a
```
Mount a file system read/write.
```
sudo mount -w /dev/vdb1 /mnt
```

umount

Command

The umount command is used to unmount file systems.

Common options

Option	Description
-r	Remounts the file system that fails to be unmounted read-only.
-a	Unmounts all file systems configured in the `/etc/fstab` file.
-t	Specifies the type of file system to unmount. If you specify multiple file system types, separate the types with commas (,).
-f	Forcefully unmounts the file system.

Examples

Forcefully unmount the file system from a partition.

sudo umount -f /dev/vdb1

Commands used to manage services

systemctl

Command

The systemctl command is used to manage services.

Common options

Option	Description
-a	Displays all loaded units or attributes.

Common unit commands

Command	Description
start	Starts the specified loaded units.
stop	Stops the specified loaded units.
restart	Restarts the specified loaded units.
reload	Reloads the configuration of the specified units.
status	Displays the runtime status of the specified units. Common runtime status of a service: active (running): The service is running in the background. active (exited): The service ran and exited. active (waiting): The service is running and waiting to be triggered by a specific condition or event. inactive: The service is not running.

Common unit file commands

Command	Description
enable	Enables the specified units or unit instances.
disable	Disables the specified units or unit instances.

Examples

Restart the NGINX service.
```
sudo systemctl restart nginx
```
Check the runtime status of the NGINX service.
```
sudo systemctl status nginx
```
Configure the NGINX service to automatically start on system startup.
```
sudo systemctl enable nginx
```
Query the services that automatically start on system startup.
```
sudo systemctl list-unit-files --type=service --state=enabled
```

Commands used to manage resource usage

lsof

Command

The lsof command is used to display opened files.

Note

If the lsof tool is not pre-installed on your Linux distribution, you can use a package management tool to install the Isof tool.

Alibaba Cloud Linux, CentOS, and RHEL: sudo yum install lsof.
Ubuntu and Debian: sudo apt install lsof.

Common options

Option	Description
-p	Displays files opened by a process.
-l	Replaces a user ID with a username in the output.
-u	Displays files opened by a user.
-c	Displays opened files in the `COMMAND` column that include specific keywords.
-d	Displays opened files that include specific file descriptors.
-i	Displays opened files that match the specified condition. Optional -i options: 46: the IP version, which can be IPv4 or IPv6. protocol: the protocol name, which can be TCP or UDP. hostname: the network hostname. hostaddr: the IP address. service: the service name included in the `/etc/services` file. port: one or more port numbers.

Command output

The following figure shows an Isof command output.

The following table describes the options in the command output.

Option	Description
COMMAND	The command name.
PID	The PID.
TID	The thread ID (TID). A blank TID indicates a process.
TASKCMD	The task name, which is the same as the COMMAND value in most cases.
USER	The user ID or logon username.
FD	The file descriptor.
TYPE	The type of the node associated with the file.
DEVICE	The device number.
SIZE/OFF	The size of the file or the file offset in bytes.
NODE	The node of the file.
NAME	The name of the mount point and file system on which the file resides.

Examples

Query files opened by a process.
```
sudo  lsof -p 1
```
Replace 1 in the preceding command with an actual PID.
Query files opened by a user.
```
sudo lsof -u <user-name>
```
Replace <user-name> in the preceding command with an actual username.
Query information about the process that opens a specific file.
```
sudo lsof <file-name>
```
Replace <file-name> in the preceding command with an actual file name.
Query opened files associated with IPv4 network connections.
```
sudo lsof -i 4
```

netstat

Command

The netstat command is used to display network status and protocol statistics, such as TCP and UDP ports and processes.

Common options

Option	Description
-t	Displays only TCP options.
-u	Displays only UDP options.
-i	Displays a list of network interfaces.
-n	Displays numerical addresses instead of resolving them to hostnames.
-l	Displays only listening sockets.
-p	Displays the processes associated with network connections.
-s	Displays network statistics.

Examples

Query network statistics about port 8000.
```
netstat -tunlp | grep 8000
```
Replace 8000 in the preceding command with an actual port number.
Query all TCP ports that are in the listening state and the processes that use the ports.
```
netstat -ntlp
```

vmstat

Command

The Virtual Memory Statistics (vmstat) command is used to report virtual memory statistics. You can use it to view operating system metrics, such as virtual memory, processes, and CPU usage.

Common options

The vmstat syntax is as follows:

vmstat [-n] [delay [count]]

Option	Description
-n	Displays the column header only once.
[delay]	The time interval between output updates. If you do not specify this option, only one report is printed.
[count]	The number of output updates. If you specify the [delay] option but do not specify this option, the command infinitely runs. To stop the vmstat command, press `Ctrl`+`C` to exit it.

Examples

Run the following command to report CPU usage for each process for four times at 1-second intervals:

vmstat -n 1 4

A command output similar to the following one is returned:

procs -----------memory---------- ---swap-- -----io---- -system-- ------cpu-----
 r  b   swpd   free   buff  cache   si   so    bi    bo   in   cs us sy id wa st
 1  0      0 2684984 310452 2364304    0    0     5    17   19   35  4  2 94  0  0
 0  0      0 2687504 310452 2362268    0    0     0   252 1942 4326  5  2 93  0  0
 0  0      0 2687356 310460 2362252    0    0     0    68 1891 4449  3  2 95  0  0
 0  0      0 2687252 310460 2362256    0    0     0     0 1906 4616  4  1 95  0  0

Fields in the command output:

r: the number of threads waiting to be processed by the CPU. A CPU can process only one thread at a time. A larger value indicates a slower system.
us: the percentage of CPU time spent in user mode. A high value indicates that the user process spends a significant amount of CPU time. If the value exceeds 50%, optimize the program algorithm or code.
sy: the percentage of CPU time spent in kernel mode.
wa: the percentage of CPU time spent waiting for I/O. A high value indicates a significant I/O wait time, which may be caused by a large number of random disk accesses or a bottleneck in disk performance.
id: the percentage of CPU time spent in an idle state. If the value remains at 0 and the sy value is twice the us value, a CPU resource shortage occurs.

Commands used to retrieve user logon information

The following files are related to user logon records:

Typically, user logon information is recorded in files such as /var/run/utmp, /var/log/wtmp, /var/log/btmp, and /var/log/lastlog.
The who, w, and users commands can be run to query information about the current logon user in the /var/run/utmp file.
The last command can be run to query information about current and historical logon users in the /var/log/wtmp file.
The lastb command can be run to query information about all users who failed to log on in the /var/log/btmp file.
The lastlog command can be run to query information about the most recent logons of users in the /var/log/lastlog file.

who

The who command is used to query information about the current logon user. A command output similar to the following one is returned.

w

The w command is used to query the username of the current logon user and the tasks that the user is executing. A command output similar to the following one is returned.

users

The users command is used to query the username of the current logon user. A command output similar to the following one is returned.

last

The last command is used to query information about all users who have logged on. A command output similar to the following one is returned.

lastb

The lastb command is used to query information about all users who failed to log on. A command output similar to the following one is returned.

lastlog

The lastlog command is used to query information about the most recent logons of users. A command output similar to the following one is returned.

cat /var/log/secure

The cat /var/log/secure command is used to query the logon records of all users. A command output similar to the following one is returned.

Commands used to manage users

In Linux, you can run commands, such as useradd, wheel, passwd, and userdel, to manage system users and the permissions of the users.

useradd

Command

The useradd command is used to create users. This command is similar to the adduser command. After you create a user, you can run the cat /etc/passwd | grep username command to query information about the user.

You can create users only if you have the root permissions or required sudo permissions.
After you create a user by running the useradd command, we recommend that you configure a password for the user.
When you create users, make sure that primary and supplementary groups already exist. Otherwise, the user cannot be created.

Common options

Option	Description
-d	The home directory of the user. If you do not specify this option, the default `/home/<Username>` directory is used as the home directory.
-m	Creates a home directory for the user. If you specify this option and the `-d` option, the home directory is created.
-s	The logon shell of the user. Default value: `/bin/bash`.
-g	The primary group to which to assign the user. If no primary groups exist, create a primary group first.
-G	The supplementary groups to which to assign the user. If you specify multiple supplementary groups, separate the groups with commas (,).
-p	The password of the user. Make sure that the password is encrypted and is not displayed in plaintext in the useradd command. Sample useradd command that includes an encrypted password: `sudo useradd -p $(openssl passwd -6 '<Password in plaintext>') newusername`
-u	The numerical value of the ID of the user.
-e	The date on which the user account is disabled. Specify the value in the YYYY-MM-DD format.

Examples

Create a user named jack with a specific home directory and a specific logon shell.
```
useradd -m -d /home/jack -s /bin/bash jack
```
After the user is created, run the cat /etc/passwd | grep jack command to query information about the user. The following command output is returned:
```
jack:x:1000:1000::/home/jack:/bin/bash
```
After the user is created, run the passwd command to configure a password for the user.
```
passwd jack
```
Create a user named alice and assign the user to the developers supplementary group.
```
useradd -m -G developers alice
```
Create a user named bob and set the user ID to 1001.
```
useradd -m -u 1001 bob
```
To create a user who has the root permissions, perform the following steps:
Important
We recommend that you follow the security best practices to grant the root permissions to users only when required.
1. Run the useradd command to create a user named john.
```
useradd john
```
2. Configure a password for the new user.
```
passwd john
```
3. Add the new user to the wheel group. In most cases, you can grant sudo permissions to users by adding the users to the wheel group. Run the grep '^wheel:' /etc/group command to query the members of the wheel group.
```
sudo usermod -aG wheel john
```
4. Test the sudo permissions of the new user. Switch to the new user and run a sudo command.
```
su - john
sudo ls /root
```
  If the sudo command is run as expected, you are prompted to enter a password. After you enter the correct password of the new user, the content in the /root directory is displayed, which indicates that the new user has the sudo permissions and can be used for remote logon.
5. (Optional) Modify the sudoers file. Add specific permissions for the user in the sudoers file.
```
sudo visudo
```

userdel

Command

The userdel command is used to delete users.

Common options

Option	Description
-r	Deletes the home directory of the user and the files in the home directory.
-f	Forcefully deletes the user even if the user is still logged on.

Examples

Delete a user named john.
Switch to the root user and run the cat /etc/passwd | grep john command to query the home directory of the john user. The following command output is returned:
```
john:x:1001:1001::/home/john:/bin/bash
```
Delete a user named john and retain the home directory of the user and the files in the home directory.
```
userdel john
```
Delete a user named john, the home directory of the user, and the files in the home directory.
```
userdel -r username
```
Forcefully delete a user.
```
userdel -f username
```

wheel

Command

wheel is a user group that controls access to the su command, which allows users to switch to the superuser. In most cases, the superuser is the root user.

By default, the wheel group exists. If the wheel group does not exist, you can run the sudo groupadd wheel command to create the group.
By default, regular users can run the su command and enter a correct password to switch to the root user and perform system management and configuration.
To improve system security, you can use the wheel group in Linux to restrict regular users from switching to the root user. A user can run the su command to switch to the root user only if the user is a member of the wheel group.

Examples

Check whether a user is a member of the wheel group.
```
groups username
```
Add the user to the wheel group.
```
sudo usermod -aG wheel username
```
Run the visudo command to securely edit the /etc/sudoers file. The %wheel ALL=(ALL) ALL line indicates that members of the wheel group can use sudo to run all commands.
To allow members of the wheel group to use sudo without passwords, modify the %wheel ALL=(ALL) ALL line as follows:
```
%wheel ALL=(ALL) NOPASSWD: ALL
```