Vade Mecum

When I was learning Unix in the early nineties I struggled with the syntax of commands at the console. To help myself learn, every time I “discovered” a new command, I’d record it so I had a known good starting point the next time I needed something similar. For years I kept it as a text file in ~/etc, but when I discovered wiki’s I moved it to a wiki page so I could more easily get to it from anywhere.

Inspired by Chris Horvath, who taught me the phrase vade mecum or “go with me” in Latin, it has now been updated and moved here.

To make it quick and easy to use, create an function in your .bashrc which looks like this:

vade () { links -dump -width 512 | egrep -v "^ $" | egrep --color=auto -A2 "^ # .$*.*$"; }

And then you can search the page, for any keyword, from the command line:

# vade <keyword>


macOS# brew leaves

List Homebrew packages which were installed manually (as opposed to pulled in as a dependency of something else).

macOS# sudo tmutil listlocalsnapshots /
macOS# sudo tmutil deletelocalsnapshots /

List all local snapshots and then delete them.

macOS# brew cleanup -s

Delete cached files in ~/Library/Caches/Homebrew/

# cat blah.log | xpipe -n 1000 -J % /bin/sh -c "gzip >%.gz"

Split blah.log into multiple gzip’d files each 1000 lines long.

# wget --restrict-file-names=windows -k --adjust-extension --span-hosts --convert-links --backup-converted --page-requisites

Download an archiveable copy of a website using wget.

# sqlite3 :memory: -cmd '.import -csv taxi.csv taxi' 'SELECT passenger_count, COUNT(*), AVG(total_amount) FROM taxi GROUP BY passenger_count'

Load a CSV into an in memory SQLite database and then do a SQL query on the data (details).

# shot-scraper '' --width 800 --height 600 --retina

Take a screenshot of a website (details).

# Press escape when Grub menu appears.
grub> ls
grub> set root=(hd0,msdos5)
grub> chainloader /efi/boot/grubx64.efi
grub> boot

Boot from USB stick via Grub (details).

# dog -S TXT

Look up TXT records for using DNS-over-TLS from the DNS server

# docker exec -it -u www-data nextcloud php occ user:resetpassword adam

Change password for user adam from the commandline on a Dockerised NextCloud installation.

# wget -q -O - | jq -r '.[].name'

List all tags (versions) available for a docker image at

# ssh-keyscan -D

Generate SSHFP DNS entries for a host remotely.

# lsblk -f

Get UUID for disk partition to add to /etc/fstab.

# diff --brief --recursive /backup/music /media/music

Recursively compare two folders and see differences in a format useful to humans.

# bw get item 937b567a-a8a4-4ede-9fc1-adf000c17a4b |jq '.login | .password'

Use the BitWarden commandline to retrive an item and then jq to only print the password. More information at


# ssh -o KexAlgorithms=+diffie-hellman-group1-sha1 admin@

How to SSH to a Cisco switch which only supports old key exchange algorithms. The error you get without is: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

macOS# networkQuality

New tool built into macOS 12 (Monterey) to test quality of internet connection (some details at #speedtest

# ( echo -e "one\nthree"; echo -e "two\nfour" 1>&2 ) 2> >(egrep "o|e")

How to only grep stderr without redirecting all of stderr to stdout. Can use “| tee 2> >(grep …)” on a command which doesn’t support redirection.

# git init && git remote add origin && git fetch && git checkout -t origin/main -f

Clone a git repository into a non-empty directory (note that this overwrites exiting files).

zsh# if (( ${+commands[]} )); then echo found; else echo not found; fi

Zsh trick for checking to see if a command exists without spawning a shell.

# umount /data; e2fsck -f /dev/xvda3; resize2fs -b /dev/xvda3; resize2fs /dev/xvda3; e2fsck -f /dev/xvda3; mount /data

Resize the filesystem /data (/dev/xvda3) to a larger than 32bit filesystem. Note the first resize2fs only converts to a 64 bits, the second actually resizes the filesystem.

# curl -iLo -

Print headers and contents of to standard out, but follow and show any redirects.

# docker exec -it -u www-data nextcloud-app php console.php files:scan --all

As the user “www-data” run the command “php console.php files:scan –all” on the container “nextcloud-app”.

# swaks -tls --server --to --from --auth login --auth-user --header-X-Test "test email"

Use swaks (available via Homebrew) to send a TLS encrypted email via to authenticating as via the AUTH LOGIN mechanism.

mac# netstat -nr -f inet

Print all the IPv4 routes

# dateseq 2010-01-01 2010-01-10 --skip sat,sun

Print the list of dates between 2010-01-01 and 2010-01-10 skipping weekends. Just part of the amazing dateutils package.


# ansible -Kb all -m shell -a  'ssh-keyscan >> /root/.ssh/known_hosts'

On every host defined in the Ansible inventory file, append’s SSH host key to root’s known_hosts file.

bash# export TIMEFORMAT="%3lR"; time find /etc > /dev/null

Use the Bash builtin time to see how long a process takes to run. Output is formatted with the TIMEFORMAT variable (3 decimal places, long format, Elapse time). Details here.

# export TIME="%E"
shell; /usr/bin/time find /opt/ > /dev/null

Use the time command to see how long a process takes to run. Output is formatted by the TIME variable (long format elapsed time). Details here.

# ufw allow proto tcp from any to any port 80,443,8080:8090 comment 'web app'

Update UFW firewall to allow all TCP traffic to ports 80, 443 and 8080-8090 inclusive and adds a comment for the rule.

macOS# sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder

Flush DNS cache on Catalina.

# sshpass -psecretpass rsync --progress test.ogg

Provide SSH password on commandline so you script commands like rsync.

# docker ps | awk 'BEGIN { IGNORECASE=1 } /maria|mongo|mysql|postgis|postgres/ {print $NF}'

Case-insensitive searching with gawk by setting builtin variable.

# docker ps | awk 'tolower($0) ~ /maria|mongo|mysql|postgis|postgres/ {print $NF}')

Case-insensitive searching with awk by forcing $0 to lowercase.

# ansible -Kb webservers -m shell -a "dpkg -l cronic | grep '^ii'"

Run a shell command as root on all servers in the webservers group.

# curl "

Submit DNS queries and get JSON answer back.

# awk -F: '{print $NF}' /etc/passwd

Print the last, colon-delimited field of /etc/passwd. This works because NF is the number of fields (eg. 7 for /etc/passwd) and so this is the same as “print $7”.

# openssl s_client -connect -starttls smtp

Connect to and initiate an SMTP STARTTLS session. More OpenSSL examples here.

# cat /root/.ssh/ | ssh 'dd of=.ssh/authorized_keys oflag=append conv=notrunc'

If you can’t use ssh-copy-id to upload your ssh key to a remote host you might be able to use this.

# sftp -o

Use sftp to connect to using as a jump host.

# ansible-playbook --ssh-extra-args "-o" -l -K backups.yml

Run ansible-playbook with as an SSH jump host.

# ssh-copy-id -o

Copy ssh key to leia via the jump host gateway.

# sudo certbot certonly --dns-cloudflare --dns-cloudflare-credentials /path/to/cloudflare.ini -d --preferred-challenges dns-01

Create an SSL certificate for mera using Cloudflare DNS challenge. Format of cloudflare.ini is described here. Requires installing certbot and python3-certbot-dns-cloudflare packages in Ubuntu.

# checkdmarc

Python tool (domainaware/checkdmarc)for looking up DMARC and SPF record and showing any warnings.

# docker-compose -f docker-compose.yml -f volumes-cached.yml up

Build a composite docker compose file by overlaying volumes-cached.yml over the top of docker-compose.yml.

# (set -- one two three 4 5 6 7; for i in $@; do echo $@; shift; done)

How to simulate bash commandline arguments.

# git clone; git checkout stable-4548

How to clone a repo and then take it back to a specific branch.

linux# awk '/32 host/ { print f } {f=$2}' /proc/net/fib_trie

How to look up the IP address on a Linux host which doesn’t have any binaries to look it up for you (eg. a minimal docker host without ifconfig or ip).

bash# FILENAME="/tmp/spack.txt"; echo $(dirname $FILENAME); echo $(basename $FILENAME); TMPNAME=$(basename $FILENAME) && echo ${TMPNAME%.*}; echo ${FILENAME##*.}

How to break out parts of an absolute file path in Bash.

macOS# defaults write DSDontWriteNetworkStores -bool true; defaults write DSDontWriteUSBStores -bool true

Disable .DS_Store and AppleDouble files on network and USB devices.

macOS# tmutil listlocalsnapshots /;  tmutil deletelocalsnapshots; /System/Library/Filesystems/apfs.fs/Contents/Resources/mount_apfs -s / /mnt

List all APFS snapshots on local disk; delete a snapshot to free up space and mount a snapshot to recover files.

# aptitude purge ?config-files 

Will delete all packages which have only been partially removed (eg. removed but not purged). Replace purge with search to get a list of partially removed packages.

# systemctl enable avahi-alias 

Turn on a systemd service at book (I think, need to read systemd docs …).

# wpa_passphrase spacknet secret > /tmp/wpa_supplicant.conf; wpa_supplicant -B -c /tmp/wpa_supplicant.conf -i wlp5s0; dhclient wlp5s0

Bring up a wireless wpa2 network from the command line.

# netstat -lntu

Show all currently open TCP and UDP ports.

macOS# dns-sd -B

Browse all mDNS/Bonjour/Zeroconf host names and services. Use -Z to get it in zone file format.

# openssl req -x509 -out bitwarden.local.crt -keyout bitwarden.local.key 
  -newkey rsa:2048 -nodes -sha256 
  -subj '/CN=bitwarden.local' -extensions EXT -config <( 
   printf "[dn]nCN=bitwarden.localn[req]ndistinguished_name = dnn[EXT]nsubjectAltName=DNS:bitwarden.localnkeyUsage=digitalSignaturenextendedKeyUsage=serverAuth")

Oneliner to generate a self-signed SSL certificate.

# apt-file search --regexp 'bin/netstat$'

Search packages for any file which matches the regex. Can also do a non-regex search as apt-file search bin/netstat. Nice because no longer require

# systemctl set-default

Disable X11 starting on boot with GDM3 / systemd. Use get-default to read current setting. To restore X11 use


# clamscan -r ~/Downloads/_scanme/

Use ClamAV to recursively scan ~/Downloads/_scanme for infected files.

# docker cp 01c7b7a07733:/var/lib/mysql.tbz /tmp

Copy /var/lib/mysql.tbz from the container to /tmp.

# docker-compose down; docker-compose up -d; docker-compose logs -f

Use docker-compose to stop the container, start the container and then show the logs (remember docker-compose has to be run from the directory with the docker-compose.yml file.

# apt list --upgradable |grep "$(lsb_release -cs)-security"

get list of outstanding security updates

# docker container rm gifted_villani

Delete a stopped container (remember that stopped containers will only show up with a “ls -a”).

# docker container prune

Delete all containers which aren’t running

# docker run --name zabbix-appliance -t -p 10051:10051 -p 81:80 -d zabbix/zabbix-appliance:latest

Download (if necessary) the zabbix/zabbix-appliance:latest image and name it zabbix-appliance locally. Map container ports 10051/80 to 1051/81 respectively (so that external port 81 routes to internal container port 80)

# docker exec -i -t zabbix-appliance /bin/bash

open a shell on a running container

# docker exec zabbix-appliance /usr/bin/mysql -h localhost -u zabbix -pzabbix zabbix -e "show tables;"

Open a shell on the container zabbix-appliance, and use the mysql binary in the container to connect to containers MySQL and run the “show tables;” command.

# docker exec -i -t zabbix-appliance /usr/bin/mysql -h localhost -u zabbix -pzabbix zabbix

open an interactive mysql shell on the container

# docker exec zabbix-appliance /usr/bin/mysqldump --add-drop-table -u zabbix --password=zabbix zabbix > /tmp/zabbix.sql; docker exec -i zabbix-appliance /usr/bin/mysql -u zabbix --password=zabbix zabbix < /tmp/zabbix.sql

Dump and restore MySQL (“drop tables” means you don’t have to delete the db or tables before restoring)

# docker update --restart=always zabbix

Change settings on an existing container (eg can’t use docker run on an existing container)

# snmpwalk -v2c -c public localhost

Talk to the SNMP daemon on macOS 10.14.

# sftp -q /vol/backups/

Silently download /backup/zip from and save it /vol/backups. Good for cron.

# docker cp /usr/bin/telnet.netkit  zabbix-appliance_zabbix_1:/tmp

Copy the telnet binary to a docker instance which doesn’t have it for debugging.

# grep security /etc/apt/sources.list > /tmp/security.list; sudo apt-get -s upgrade -oDir::Etc::Sourcelist=/tmp/security.list

Create a temporary sources.list file which only contains security related updates. Then run apt-get in simulation mode to show what those updates are. Run without the -s to actually install security updates.

# ansible-playbook -K -l stuff.yml

Only run the playbook stuff.yml on the host and prompt of a sudo password before running.

# ansible all -m setup

Gather facts from all configured hosts (replace all with a hostname to run against a single host).

# ansible all -m shell -a 'echo $TERM'

Get the value of $TERM from all hosts.

# hostname -I

A way to get the IP address of a host which doesn’t have ifconfig or ip installed.

# ps --no-headers -o "rss,cmd" -C php-fpm | awk '{ sum+=$1 } END { printf ("%d%sn", sum/NR/1024,"Mb") }'

Print the total MB used of php-fpm processes.

# git remote add origin; git push -u origin master

Connects a local repository to a remote one and pushes contents of local repo.

# git remote set-url origin

Changes the remote repo that the local repo is connected to.

# curl

Download adamshand’s ssh public key from Github.

# curl

Download adamshand’s ssh public key from Github in JSON.

macOS# lsbom -fls /private/var/db/receipts/org.insecure.nmap.*bom

show all files installed as part of a package.

macOS# log show -predicate '(processImagePath contains "configd") && (eventMessage contains "en0: SSID pekapeka")' -style compact -last 1d | awk '{print $1,$2,$6,$8}' | sed 's/:[0-9][0-9].[0-9][0-9][0-9]//' | uniq

Uses the new log subsystem to print a tidy list of the connections to the “pekapeka” Wi-Fi network in the last day.

macOS# networksetup -listallhardwareports | awk '/Wi-Fi/ {getline; print $2}'

Prints the name of the Wi-Fi interface on a Mac.

# nettop -m tcp -t wifi -d -p java -p httpd

Provides a top-like view of network traffic. Shows only TCP traffic on WiFi interfaces from processes named “java” or “httpd”.

# nc -z 80-90

Scan ports 80 to 90 on host to see if they are listening and report.


# tar jcvf --exclude='data/tmp' --exclude='data/cache'

Backup a DokuWiki document root but exclude temp and cache files. Note that excludes are relative paths from the point of the directory being backed up, so we’re excluding ‘’ & ‘’.

macOS# osascript -e 'display notification "Bind is not responding." with title ""'

Displays a macOS notification (can change it to an alert by setting the type of alert for “Script Editor” in “System Preferences – Notifications”.

bash# flaunt() { egrep --color "($1|$)"; }

Bash function (eg. for ~/.bash_profile) to highlight any matching text.
Usage: apt-cache –names-only search redis | flaunt ^redis

# curl -s | python -m json.tool

Retrieve cluster health from an Elastic Search node and pretty print the JSON result using Python.

macOS# defaults write IncludeInternalDebugMenu 1

Enable the Debug menu in Safari. You can use “Debug – Media Flags – Disable Inline Video” to stop vides from autoplaying.

# pip install jupyter --user python 

Install the Python package Jupyter using PIP. This works even though jupyter has dependencies which require upgrading the builtin macOS setuptools (which aren’t upgradable because of SIP).

# gpg --armor --export | pbcopy

Export my GnuPG public key and add it to the paste buffer (so I can cmd-v it somewhere else).

# sudo easy_install pip

How to best install PIP on macOS.

# wget --quiet  -O - | hxclean | hxselect div#62.toggle-table | hxselect -ic span.time-text | hxremove i | awk -v W=13 -v P=14 '{print $W", "$P}' 

Download a web page to stdout, select only the HTML within the div with id “62.toggle-table”, print the content within the spans with a class of “time-text”, remove all the italics elements and print out the 13th and 14th items on the remaining text list.

# wget --quiet  -O - | hxclean | hxselect div#62.toggle-table | hxpipe | awk -F- '/[0-9]mins / {print $2}' 

Download a web page to stdout, select only the HTML within a particular div and then convert the HTML to an easier format to use awk on.

# wget --quiet  -O - | hxnormalize -x | hxselect div#62.toggle-table | hxaddid span.time-text | hxselect -ic span.time-text | hxprune -x -c "" | hxselect -ic p

Download a web page to stdout, number all the spans with a class of “time-text” and pull out the text within the span’s with a class of “time-text”

# find . -name "*jpg" -size +1M -exec mogrify -geometry 1024x1024 {} ;

Find all files ending in *jpg which are greater than 1MB in size and resize them so that the longest dimension is 1024.

# zip -r /tmp/ web/

Recursively zip the contents of web/* into a file called

# find uploads -type f | zip /tmp/ -@

Zip the list of files that come from standard in.

# awk 'BEGIN {FS="/?(code|WRAP>)"}  {print $0}' 

Sets the field delimiter (same as awk -F) to a regular expression which matches code> or /code> or WRAP> or /WRAP>

# egrep --color "(foo|$)" 

Passes through all lines (doesn’t filter anything out) but colors any instance of “foo”.


# ( echo quit; sleep 1 ) | telnet localhost 25

Ghetto expect script, types “quit” once you’ve connected to port 25 of localhost.

# ( echo 131d; echo wq ) | ex ~/.ssh/known_hosts

Delete line 131 from the known_hosts file.

sunos# /usr/platform/sun4u/sbin/prtdiag -v

Prints hardware info

sh# 2>&1 (or &>)

Redirect stderr to stdout

bash# :(){ :|:& };:

A Bash fork bomb. Unless per user resource limits are in place (eg. ulimit -u 100) it will DOS a machine.

vim# :g/^ *$/+1 s/^ *[^ ]/&lt;p>&/

Put a &lt;p> at the beginning of every paragraph

vim# :set fileformat=unix

Converts DOS end of line markers to Unix style

# <div align=right>last updated 08 may 2000</div>

Aligns text on the right side

# <meta http-equiv="refresh" content="5; URL=">

Redirect browser to after 5 seconds

tcsh# >&

Redirect stderr to stdout

# Acquire::http::Proxy "http://ipofproxyserver:port";

apt.conf line for apt through a proxy.

macOS# CpMac -pr /Applications/iPhoto /Users/adam/Applications

Copies the iPhoto directory correctly with all resource forks and meta data preserved (requires the developer tools to be installed and you need /Developer/Tools in your path).


Grants all permissions to all tables of all databases inside a MySql server to the user “root” from any host.

macOS# MvMac /Applications/iPhoto /Users/adam/Applications

Moves the iPhoto directory correctly with all resource forks and meta data preserved (requires the developer tools to be installed and you need /Developer/Tools in your path).

macOS# SetFile -a V /foo/bar/

Make folder /foo/bar invisible.

#, you must use the 6 digit Xtra number with a 01 at the end of it

How to POP mail off Xtra

# at&f1x2&h1&r2&b1s27=48 

Good US Robotics modem init string

# ats56=128S27=48S28=100 

US Robotics modem init string, solves: CONNECT 28800/V34/NONE

# Internet History.{FF393560-!C2A7-11CF-BFF4-444553540000} 

Create this folder under “C:WindowsStart Menu”, this will create a folder which shows all the IE URLS visited.

macOS# airport --scan

Prints out the relevant info for all the currently available wireless access points (essid, encryption, channel, signal, bssid etc). There are other useful options as well (-x gives the output in XML) but the command lives in /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources so add it too your path or link it somewhere.

# append = "floppy=thinkpad apm=on"

lilo command for apm support with default debian kernel

# append = "mem=128M"

LILO command for forcing memory detection

# append="ether=12,0x300,eth0 ether=15,0x340,eth1"

sample lilo config

# apt-cache search pgp

searches for packages called pgp

# apt-cache show ssh

prints package info

# apt-get --compile source <packagename>

downloads, compiles and installs

# apt-get -d install ssh

just downloads package

# apt-get update; apt-get dist-upgrade

upgrade debian

# awk '/DAILY/ {x=$0;next } {print x,$0}'

Puts line matching /DAILY/ into $x, then skips to the next line and prints $x followed by the next line. Useful for generating reports when each log entry spans two lines. Eg. line 1 and 2 get merged into line 1, and line 3 and 4 get merged into line 2 etc. (from Shannon)

# awk '/searchfor/ {print}'  or  awk '!~/don'tsearchfor/ {print}'

How to do searches with awk.

# awk '!/^#|^$/ {print $1}' virtusertable 

Print lines which don’t start with a # or aren’t an empty line

# awk '{ if (($1<=2103) && ($2>=2103)) print $0}' findit4


# awk '{i++$3} END {print i}' checkers.sep22

How to do “wc -l” with awk?

# awk -F, '{if (/@/) {print $1} else {print $1""}}' /tmp/xmascard


# awk '{printf "%-30st%sn", $1,$2}'

Prints $1 in a left justified 30 column wide field, then a tab, then $2.

# boot: linux init=/bin/bash 

to get to root without the root password

# boot: linux root=/dev/hda1 emergency

To get a prompt off the rescue disk

# cadaver -t

Connect to your Apple iDisk via a WebDav commandline tool (available via Fink).

# cat /var/spool/mail/luser | formail -s sendmail -oi luser@new.address


# cat spoolfile | formail -s procmail

splits to single message for handling by procmail

# cat spoolfile | formail -s sendmail -v -t -odq 

resends mail.

sunos# catman -w -M <man-page-directory>

rebuilds catman index under solaris

# cd /usr/share/ssl/certs; make slapd.pem

Make a self-signed certificate for slapd (see OpenSsl for long way).

# cd /var/lib/mailman; rm archives/public/listname; bin/arch listname

this will rebuild the archives

# cd /var/mail; for i in *; do echo cat $i | formail -s sendmail -v -oi $; done

When mail gets delivered on the wrong server due to a mess up this is a life saver. For every file in /var/mail it feeds the file to formail (part of procmail), which then feeds splits the file into seperate email messages and feeds them into sendmail one at a time. Sendmail only delivers the mesesage to the person listed on the commandline but leaves the headers of the message intact so it appears corrrect to the user when it arrives.

# cd sourcedir ; tar cf - . | (cd targetdir; tar xvpf - )

Moves data from sourcedir to targetdir using tar to preserve permissions etc.

macOS# certtool i newrootcert.crt k=X509Anchors

Adds newrootcert.crt to ~/Library/Keychains/!X509Anchors, very useful for adding non-standard root certificates (ie. CaCert). This makes changes effective for your user. To make changes take effect globally you should copy /System/Library/Keychains/!X509Anchors to ~/Library/Keychains/, run certtool and then copy it back. Remember to restart applications for changes to take effect ( more information).

# chvt 1

force change to virtual terminal 1 (good way to exit X before suspending)

# ci -t/dev/null -u *

Check in all files in the current directory with no message (saves being prompted for a message for each file).

# co -r1.6 -l

Restore version 1.6 of RCS controlled file

# convert filename.jpg iptc:-

Print IPTC data from filename.jpg to standard out.

# convert source.jpg -thumbnail '100x100>' -bordercolor white -border 50 -gravity center -crop 100x100+0+0 thumb.jpg

Converts source.jpg to a square thumbnail 100×100 (if the image was not square to start with then the top/bottom or left/right is padded with a white border).

# cpu -w usermod -c "Adam Shand" -s /bin/bash adam

CPU is a LDAP aware clone of the user/add/mod/del commands, -w means prompt for the password on the command line and the rest of the arguments are very similar to user* tools. The majority of the config can go into /etc/cpu.conf

# curl -C - -O

Download the file to a local name which matches the remote name, and if the download is interupted figure out automatically the offset at which to resume.

# curl -B "ldap://,dc=org??sub?uid=adam"

Prints the results of a sub search for any entry which matches “uid=adam”

# curl -B "ldap://ldap{1,2},dc=org??sub?uid=adam"

Queries ldap1 and and prints the results of a sub search for any entry which matches “uid=adam”

# curl -B "ldap://,dc=org?uid?sub?(uid=*a*)"

Prints out the uid of any entry which as uid value that matches “*a*”.

# date --date "30 mins ago" 

prints date thirty minutes ago

# date --date "7 days" +%s

Prints the date 7 days from now in unix time (could also do –date “7 days ago”).

# dd if=/dev/zero of=/dev/hda bs=446 count=1

Clear the MBR (master boot record) of /dev/hda without harming the partition table (change 446 to 515 to delete the MBR and the partition table).

# dd if=/dev/zero of=/tmp/file bs=1024 count=2048

Create a 2MB file by pumping 2048 1k blocks into /tmp/file.

# dd if=/tmp/rescue.bin of=/dev/fd0 bs=512 

to copy a disk image onto a floppy

# defaults write _FXShowPosixPathInTitle -bool YES

Show full path in Finder window.

macOS# defaults write persistent-others -array-add '{ "tile-data" = { "list-type" = 1; }; "tile-type" = "recents-tile"; }'; killall Dock

Configures a new dock item which allows you to see recent apps/docs/volumes/servers or favorite items in a stack. You can run it multiple times to get multiple icons.

macOS# defaults delete FocusFollowsMouse

(panther) Revert focus follow mouse back to normal off setting by deleting the change.

macOS# defaults write -g NSUmask 18

Change the default umask for a user (effects finder and everything), “18” is “022” in decimal so remember to do the octal/decimal conversion.

macOS# defaults write /Library/Preferences/SystemConfiguration/autodiskmount AutomountDisksWithoutUserLogin true

Keeps drives mounted after logout and before login.

macOS# defaults write MinimumHTMLFontSize 18

Set a minimum font size for HTML email messages in (from Hawk Wings)

macOS# defaults write /Library/Preferences/ LoginHook /path/to/

Runs (as root) every time a user authenticates to the Login Window (see Bombich for more details).

macOS# defaults write FocusFollowsMouse -string YES

(panther) Set focus follow mouse for your terminal windows.

macOS# defaults write AskHotPlugAction true

Make iPhoto ask if it should open automatically when media is inserted (can also be changed via Image Caputure’s preferences)

# dh-make-perl --build --cpan Mail::Audit

Download from CPAN and build deb package of Perl module

# dig axfr @localhost

how to get a zone transfer from a server with dig

# dig . ns > /etc/bind/db.root

Update Bind’s root hints file in Debian.

macOS# diskutil info disk0

Shows harrdware information on the primary disk.

macOS# diskutil disableJournal /Volumes/iShand

Disables the HFS+ journal on the device mounted at /Volumes/iShand (in this case my iPod so it can be mounted up under Linux). You can do this with the GUI “Disk Utility” applicaiton as well but it’s a hidden option, hold down option before clicking the “File” menu and you will see an option to disable the journal.

macOS# ditto --rsrc -V foo/ /backup/foo

Copy the contents of foo to another directory, preserving resource forks by copying them to ._* files. Very useful for backing up AppleOsx files to a non-Mac NFS server.

macOS# ditto --rsrc -v -c -z foo/ /backup/foo.cpio.gz

Recursively copy the contents of and the resource forks into a compressed CPIO archive.

macOS# dns-sd -B _workstation._tcp

Uses mDNS to get a list of all machines on the current subnet.

macOS# dscacheutil -flushcache

(Leopard) Flushes the DNS cache so you can pick up changes (before Leopard was lookupd).

# dpkg --ignore-depends

eg. if you manually make apache and then want to install a debian package which requires apache

# dpkg --set-selections hold 'filename'

puts a package on hold

# dpkg-repack wterm

builds wterm_xxx.deb from installed files

# dpkg-scanpackages . /dev/null | gzip -c > Packages.gz

Create a Packages.gz file

# dpkg-reconfigure --priority=low debconf

Reconfigure a Debian system to ask you any configuration a package may want to know (by default it only asks you important questions)

# du -sk * | gawk '{ i=i+$1; print i"t ["$1"] "$2 } END {print "totalt"i}'

Run du with a cumulative space total.

# dump 0f - / | ( cd /new ; restore rf - ) 

copies one disk to another

# e2label /dev/hda1 /foo

Labels /dev/hda1 as “/foo” which can then be used instead of the raw device in /etc/fstab to label things. Without the label name it prints out the value of any existing label.

# echo "FOO"  > /dev/fd/2

Output FOO to stderr (standard error).

# echo "aes: inital checkin" | ci -u foo.txt

Checks in foo.txt using the contents of the echo for the log message.

# echo "foo bar baz" | sed 's/^.*bar (.*$)/1/'

Only prints what is after “bar ” (so just outputs “baz”).

# echo "foo bar" | perl -pe 's/foo/BAZ/'

Takes standard in (from echo in this case) and replaces all instances of “foo” with “BAZ”.

# echo "foo" | ssh "cat > /tmp/foo.txt"

Creates a file on ronin called /tmp/foo.txt with the contents of standard in using SSH as transport.

# echo -e "F A I L E D  to push nis files to ${desthost}" >&2

writes to stderr

# egrep -v "^(#| *$)" /etc/syslog.conf  

gets rid of all comment lines or blank lines

# enscript -i4 -r -2 filename   

(ascii –> postscript 2 pages/page)

netapp# exportfs -i -v -o anon=0 /

Gives everything mount rw/root perms

# fdisk /mbr

Reset the MBR (master boot record). This doesn’t clear the MBR it restores it to a factory default (or something like that??).

# fetchmail -c -u larry      

checks (but does not retrieve or delete messages for (-k keeps on server)

# ffmpeg -i frame.%06d.ppm -b 3000 movie.mp4

Convert a bunch of ppm files into a MP4 movie.

# find . | perl -pe "s/[^/]*//---|/g"

Display directory tree.

# find . -print | cpio -pmd /path/to/dest

Copy files with cpio (assumes you’re in the directory you wish to copy from)

# find / -perm -4000 -o -perm -2000 -type f -ls 

(finds SUID/GUID files)

# find / -type f -perm +111 -print | xargs file | grep '[QZ]MAGIC'

Finds a.out executables

# find / -type f ( -name "bar*" -not -regex ".*snapshot/.*" ) -ls

Search for all files which match “bar*” and the path doesn’t contain “.snapshot”. Very useful for finding stuff on NetworkAppliance volumes.

# find / -type f ( -name core -o -name dead.letter ) -atime +7 -mtime +7 -exec rm -f {} ;

Search the entire drive for files called “core” or “dead.letter” which are older then 7 days and delete them.

# find /path/to/dir -inum 23455 -print

Where 23455 is the inode you are looking for

# find /var/spool/mqueue -atime +8 -exec rm {} ;


# find `pwd` -maxdepth 1

Prints out all the files in the current directory with their full path (this works too: ls -d1 `pwd`/*).

# find foo -maxdepth 3 -type f ( -name ".env*" -not -regex ".*snapshot/.*" ) -exec rm -fv {} ;

Starting at the foo directory, recurse down three directory levels looking for any files whose name matches .env but which do not have .snapshot in their path (useful for netapps).

# for i in $(IFS=" "; grep -h '[[!tag ' ~/svnroot/ikiwiki/*/*mdwn | sed -e 's/[[!tag //' -e 's/]]//' ); do echo $i; done | sort -u

Grep my IkiWiki blog for any line beginning with [[!tag and strip off the formatting and print out one tag per line.

windows# for /f %i in ('net view /domain:TESTDOMAINNAME') do shutdown -m %i -r -t 10 -f -c "id10t system error" -d p:31:337

The -t 10 is just in case a user is actually logged in to the test system, not that 10 seconds gives them much time to do anything but freak out


. The -c is just so they ask me what an “id10t system error” is.

# for i in *; do echo ${i}; chown -R ${i} ${i}; done

Changes the ownership of everything in the current directory to user “<filename>” and group “twntyblo”.

# for i in *jpg; do echo "$i ---- "; convert $i iptc:- | strings | head -1; done > .captions

Use convert and a for loop to generate an ugly but easily cleaned .captions file for use by igal.

macOS# fs_usage

Shows file system usage.

# gawk 'BEGIN {x=0}{ while (x<2){ if (/EXAMPLE/) {x++;getline} else {print;getline}}}' /etc/raddb/users


# gawk '{if ($3!=$9) {print "rm /var/mail/"$9}}' varmail-ls.txt


# gawk -F, '{print "## "$3,$4; system("grep -i "$3" /etc/passwd | grep -i "$4" | cut -d: -f1")}' file.csv

Use awk to generate a list of usernames from a CSV list of full names by grepping the passwd file.

# gawk -F: '{print $1}' /etc/passwd /etc/shadow | sort | uniq -c | egrep -v "^ *2"

shows password file corruption

# gnome-font-install --afm-path=/usr/share/fonts/afms --pfb-assignment=ghostscript,/usr/lib/ghostscript/fonts


macOS# grep 113 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Headers/MacErrors.h

Search for the meaning of any OSX error code with 113 in it.

# LC_ALL=C grep --color '[^[:space:][:print:]]' surviving_the_nippy_bitch.mdwn

Search and highlight any non-space or non-printable characters in the file surviving_the_nippy_bitch.mdwn. Very useful for finding unicode characters which have snuck into a text file.

# gpg --verify linux-2.3.41.tar.bz2.sign linux-2.3.41.tar.bz2

to verify a tar ball against a sig file

# gpg -u old-key-id --sign-key new-key-id

sign a new key with your old key

# h2xs -AX -n IAI::Foo

Creates a bare bones perl module template

# host -t txt -c chaos version.bind ns3 

gives version number of bind


personal page to modify individual sub’s


Filer online manual pages.

# identify -verbose filename.jpg

Print all information (including IPTC data) to standard out.

sunos# ifconfig hme0:2 inet down     

removes interface completely under solaris

# ifconfig hme1 plumb -arp up

Configures an interface without an ip but so you can still send packets out of it (cause it’s plumb’d)

# igal -w 4 -n -bigy 640 -c

Create thumbnail page with four images per column, omitting image count in caption, using captions and creating “web sized” images for display in slide page.

# imapsync --syncinternaldates --host1 localhost --user1 adam --password1 YourSpackPass --host2 --user2 --password2 YourGmailPass --authmech2 plain --port2 993 --ssl2 --authmech1 PLAIN --authmech2 LOGIN --dry

Migrate your email from an unencrypted IMAP service on localhost to Google Apps Gmail. This requires that your Gmail account has IMAP enabled in the settings (new as of Oct 2007).

# inbox-path={}INBOX

for ssl imap, apparently you need to set the user-domain as well(?).

# install-user /dev/ttyS0 "larry" 135235156

where larry and 135235156 were taken from ~/.jpilot/jpilot.rc file using the value of user and user_id values.

macOS# iosnoop -e -o

shows you all the io activity for on the Mac (similar to par -k).

# ipchains -A input -s -d -j REJECT -l

where the ‘-l’ means log and IP.IP is the ip you want to block

# ipchains -D input 1

where 1 is the rule number to delete

# ipchains -I input 1 -s 0/0 -d 0/0 22 -p tcp -y -j ACCEPT

IPChains allow

macOS# ipconfig /flushdns

Flushes the local DNS cache (useful if you’ve changed mail server IP addresses or something) (pre-Leopard only)

macOS# ipconfig getoption en0 lease_time

Prints DHCP lease time for interface en0.

# ipfwadm -I -f 

flush all incoming rules

# iptables -A INPUT -s -j DROP

IPTables deny

# jhead -nf%Y-%m-%d_%H-%M-%S file.jpg

Renames all files listed to YYYY-MM-DD_HH-MM-SS (where date is when the picture was taken via EXIF data).

# jhead -nf%Y/%m/%Y-%m-%d_%H-%M-%S *.jpg

Renames *.jpg listed to YYYY/MM/YYYY-MM-DD_HH-MM-SS.

# ldapsearch -v -h -L -b "ou=people,dc=spack,dc=org" "cn=adam*" uid cn givenname

Bind anonymously and search the LDAP tree, starting at ou=people for a cn which matches the expression “adam*”. On a match print the uid, cn and given name.

# ldapsearch -v -h -L -b "ou=people,dc=spack,dc=org" -D "uid=adam,ou=people,dc=spack,dc=org" -W "cn=adam*" uid cn givenname

Same as above only bind as uid=adam and prompt for the password (-w <password> to specify on the command line)

# for i in 0 1 2; do ldapsearch -x -LLL -h ldap${i} -b "ou=Group,dc=spack,dc=org" "memberUid=adam" cn | sort | awk -F: '/^cn: /{printf $2}'; echo; done

Print out a one line list of all the groups that the user adam belongs to via direct query to each of the servers ldap{0,1,2}.

# lfjokes-arc315: "| /usr/bin/hypermail -iu -c /var/web/earthlight/lists/jokes/hm.conf"

aliases file for hypermail archiving

# lilo -r /mnt/pcmcia -C etc/lilo.conf  

installs onto the /mnt mounted device using etc/lilo.conf as the source file.

macOS# lookupd -d

Debug name service switching and attribute mapping. Try “?” for help, or tab for attribute completion (eg. “userWithName: adam” will show directory listings for adam)

# lookupd -flushcache

Flushes the local DNS cache (useful if you’ve changed mail server IP addresses or something)

sunos# lpadmin -p _default -s vger!lp -I and -T unknown

setup lp printing to a remote tcp host under solaris 2.6

# ls -id *; find . -inum <inode number> -ok rm {} ;

If you really can’t delete a file any other way. “ls -id” means don’t go into directories and print out the inode of each file. Then we take the inode of the weird file and tell find to delete that inode.

# ls | awk '{print "mv "$1, tolower($1)}'

Uses awk to rename all files and get rid of any capital letters.

# ls -F | grep '/'

List directories.

macOS# lsbom /Library/Receipts/X11SDK.pkg/Contents/

Lists all the files which were installed as part of the X11 package.

# lsof -R -p 2345

Show all files attached to PID 2345 (-R means include ppid info).

# lsof -R -u larry,101

Show all files attached to user larry and UID 101 (-R means include ppid info).

# lsof -i :80

Show all traffic on port 80.

# lsof -i tcp

Show all TCP traffic (can be udp as well).

# lsof -i tcp:80

Show all TCP traffic on port 80.

# lsof -i udp@localhost

Show all UDP traffic bound to localhost.

# lynx [-dump | -source] -nolist

converts HTML ←→ plain text

# makemap hash /etc/mailertable < /etc/mailertable


# man <command> | perl -pe "s/_10(.)/$1/g; s/(.)101/$1/g"

remove control characters from man output

# man -M /share/man -s 8 cucipop

finds non-indexed man pages

# mailx -a "Content-type: text/html;" -s "Daily Project Statistics" < project_stats.html

Send an email to with the content of project_stats.html of being displayed inline in the mail message (and rendered as HTML).

# mii-diag -F 100baseTx-FD eth0

force eth0 to mode (disable auto-negotiation)

# mkdir /ramdisk; mke2fs /dev/ram0; mount /dev/ram0 /ramdisk

create and mount a ramdisk

# mke2fs /dev/hda1

format a filesystem like newfs does in solaris

bsd# mkfifo fifo; nc -k -l 6500 > fifo < fifo & while true; do nc destination-host 6500 < fifo > fifo; done

FreeBSD/Bash while loop that will forward a local port (6500) to a remote host using netcat. Easy mod for other OS‘es (mknod for Solaris etc).

# mkinitrd -o /boot/initrd.img-2.4.17 -r ext3 /lib/modules/2.4.17-686

make an initrd filesystem with an alternate root filesystem

# mknod -m 640 /dev/tap0 c 36 16

how to make a device

# mknod /dev/hdc b 22 0

recreate device /dev/hdc (from cory)

# mogrify +profile iptc filename.jpg

Strip IPTC data from filename.jpg.

# mogrify -format jpg *.bmp 

convert all bmp images to jpg images

# mogrify -geometry 640x640 -quality 80 image.jpg

reduces image to max dimension of 640 (either x or y) and cranks up jpg compression.

# mogrify -verbose -resize x360 -resize '480x<' -resize 50% -gravity center -crop 240x180+0+0 +repage *jpg

Resizes a directory full of images to thumbnail size suitable for incorporating into a “life poster” (see comment by Mark Pilgrim).

# montage * -resize 120x90 -geometry 120x90x0x0 -tile 6x108 -quality 50 output-720x9720.jpg

Take the thumbnails created above and composite them into a 6 image by 108 image “life poster” which is made up of images 120×90 pixels (see comment by Mark Pilgrim).

# mount --bind /var/www /mnt

Mount the directory /var/www on /mnt (tre cool!)

# mount -n -o rw,remount /

Remounts root filesystem read/write

# mount -o loop rh7.2-i386-disc1.iso /mnt

Mounts ISO image

# mount -t smbfs -o username=adam // /mnt

Mount the SMB/CIFS share called “mp3” from the server “” onto the local /mnt mount point. It will prompt for a password.

# mount -t tmpfs -o size=50M,mode=700 tmpfs /mnt

Create a RAM disk (tmpfs) with a maximum size of 50MB and read/write only by root (default is mode 1777). See /usr/src

# mount -t ufs -o ufstype=44bsd /dev/hda3 /mnt/bsd

mounts a freebsd partition under linux

# mount /boot/initrd.img-2.4.17-686 /mnt -t auto -o loop=/dev/loop0

mount your initrd file or loop filesystem

# mpage -4 -Pvger /var/web/ia/arch-meeting.txt

4 pg/pg to printer vger

# mplayer -dumpstream rtsp:// -dumpfile baz.rm

Uses mplayer to download the streaming media from to a local file called baz.rm. Very useful for saving things to watch later (or dealing with high latency links). Details on the MPlayer homepage.

# mt -f /dev/rmt/0 [status|rewind]

Query or rewind the tape drive.

# mv --update --backup=numbered bar.txt foo.txt :: Only replace foo.txt with bar.txt if it's newer, and backup foo.txt to foo.txt~#~ before overwriting (where

is an ever incrementing number).

# mysql -u root -p -e "SELECT * FROM FooToBar WHERE Username="adam"" -h mysql Baz

Allows you to run a SQL query against a particular database from the command line. Useful for “for i in …” type situations.

# mysql -u root -p password drupal < /tmp/drupal.sql

Import the contents of drupal.sql into the MySql database “drupal”.

# mysqldump -Aa -u root -p password drupal > /tmp/mysql_all.sql

Dumps the structure and the data of all databases to mysql_all.sql (including all the MySql specific create commands)

# mysqldump -d -u root -p password drupal > /tmp/drupal.sql

Dumps the structure of the “drupal” database to drupal.sql.

# mysqldump -u root -p password drupal > /tmp/drupal.sql

Dumps the structure and data of the “drupal” database to drupal.sql.

# mysql> SET PASSWORD FOR 'iaddressbook'@'localhost' = PASSWORD('secretpassword');

Sets the password for the user “iaddressbook@localhost” to “secretpassword”.

# mysql> show grants for iaddressbook@'localhost';

Show all grants for the user “iaddressbook” on the host “localhost”.

# ndd -get /dev/hme adv_100fdx_cap

Queries ndd for status of that var.

# ngrep -qpi '(^user )|( login )' '(host and ((port 143) or (port 110)))'

Watch for traffic to on ports 110 or 143 which start with “user” or contain “login”.

# ngrep -t '^(GET|POST) ' 'src host and tcp and dst port 80'

For TCP traffic from to port 80 print out any data payload lines which start with GET or POST. Way handy for debugging CGI interaction.

macOS# nidump group . > /tmp/group

Dump the group data from Netinfo into a standard Unix groups file.

macOS# niload -d group . < /tmp/group

Deletes any existing Netinfo group data and then loads in the contents of a standard Unix group file.

macOS# niload -v -m group . < /tmp/group

Reads a standard Unix group file merges it into the Netinfo group database (so you end up with the union of the file and the Netinfo data).

macOS# niutil -createprop / /users/username shell /bin/bash

Changes users shell to /bin/bash (remember root)

# nmap -D -sS -S10.0.0.5 -e eth0 -P0

forges all headers

# nmap -sP -PT

is a faster way to strobe

# nroff -man manpage.1 

views a man page without man command

# nslookup -type=txt -class=chaos version.bind  ns3

same as the host version

# ntpq -p

shows which ntp servers you are connected to

# ntptrace

useful for debugging ntp

# openssl s_client -connect hostname:465

Test SSL connections to (probably SMTP) on port 465.

# openssl s_client -connect hostname:587 -starttls smtp

Test SMTP STARTTLS connections on port 25 or 587.

# openssl pkcs12 -export -in <PEM format cert> -out <PKCS12 file>

Convert a PEM format certificate to a PKCS12 format certificate.

# openssl req -new -x509 -days 365 -nodes -out slapd.pem -keyout slapd.key

use .pem for cert file, use .key file for cert and ca cert file.

# openssl req -new -x509 -days 365 -nodes -out stunnel.pem -keyout stunnel.pem

generates a new key for stunnel called stunnel.pem

# openssl req -newkey rsa:1024 -keyout tempfile1 -nodes -x509 -days 365 -out tempfile2; cat tempfile1 > slapd.pem; echo "" >> slapd.pem; cat tempfile2 >> slapd.pem

Generate a self-signed certificate.

# openssl s_client -connect localhost:993 -showcerts

connects to a ssl’d port and shows certificate information

# openssl s_client -host -port 443

similar to stunnel command, much more verbose

# openssl x509 -subject -dates -fingerprint -in stunnel.pem

prints some info about the cert

# openssl s_client -starttls smtp -crlf -connect

Connect to a mail server on port 587 (submission) which requires STARTTLS to issue any further commands.

# openssl s_client -crlf -connect

Connect to a mail server on port 465 (SMTPS) which requires SSL before it will talk to you at all.

# par -SS -s -p <pid>

Irix equivelent of Linux “strace -p <pid>”.

irix# par -SS -s /bin/ls

Irix equivelent of Linux “strace /bin/ls”.

macOS# pbpaste | wc -c

Take the contents of the clipboard (pasteboard) and pipe it to wc to count how many characters it has.

# pear config-set http_proxy

Configure PHP’s pear program to use a password protected proxy to download updates.

# perl -MMIME::Base64 -e 'print encode_base64("00adam00password")'

Generate the base64 encoded username:password pair which is used for smtp auth and (I think) HTTP basic auth (for smtp you’d use something like “AUTH PLAIN AKDJITGF3Btdd5ZnB0aGI=”).

# perl -ne '/00/ and print "$ARGV:$_";' foo.txt

“Greps” the file foo.txt for any null characters and prints “<filename>:<matching line>”.

# perl -i -pe  's/00//g;' /var/spool/mqueue/df*

Search all the data files in Sendmail’s queue for null characters and remove them. This very useful when spurious null characters crash your Cyrus LMTP process and cause your sendmail queue to backup forever.

# perl -MCPAN -e shell ; install Module::Name

Install modules inside perl

# perl -MCPAN::Nox -e shell

Tries to run things without the binary modules which will allow to to repair really broken stuff.

# perl -e 'print crypt( "blah", "AA" ) . "n";'

where AA is the salt

# perl -e 'print join "n", @INC'

Prints contents of @INC

# perl -e 'print scalar(localtime(1062518534)) . "n";'


# perl -e 'print scalar(localtime(@ARGV[0])) . "n";' <unixtime>

Convert Unix time to normal time.

# perl -e 'printf "%02x"x4 ."n",10,0,2,254;'

Converts the IP into hex.

# perl -e 'use Filter::decrypt'

Tells you if you have a module installed

# perl -pi.bak -e 's/search for/replace with/' /tmp/filename

Make a /tmp/filename for “search for” and replace it with “replace with”

# perl Makefile.PL PREFIX=/home/mydir/perl

To install modules to home direcotry and then use “use lib ‘/home/mydir/perl’;” inscript to have that dir included

# perl -nwe 'print if /[^[:ascii:]]/' surviving_the_nippy_bitch.mdwn

Search for any non-space or non-printable characters in the file surviving_the_nippy_bitch.mdwn. Very useful for finding unicode characters which have snuck into a text file.

# pgp4pine -e --debug -i /tmp/test.txt -o /tmp/test.pgp -r


# pgpk -xa

extracts public key to ascii file

# pgpv +OutputInformationFD=1 

Pipe pgp message to this in pine

# photopc -s 115200 -f "%Y.%m.%d-%H.%M-%%1d.jpg" image 1-5 /home/larry/camera


# photopc image all /home/larry/camera


# pkgutil --expand /Volumes/AirPortUtility/AirPortUtility.pkg /tmp/airport 

Extracts conents from AirPortUtility.pkg into /tmp/airport

# pkgutil --pkgs

Show all installed packages.

# pkgutil -v --file-info /usr/local/sbin/mtr

Show what package /usr/local/sbin/mtr belongs to.

# pkgutil --unlink !de.novamedia.TechnologyBase

Delete all of the files which belonged to de.novamedia.TechnologyBase.

# pkgutil --files

Show all files belonging to the package

# pkgutil --forget

Delete from the package database.

# pod2man | nroff -man 

turns perl pod docs into man page

macOS# port deactivate subversion @1.4.4_0

(MacPorts) Deselect a specific version of subversion (so you can activate a newer/older one)

# port activate subversion @1.4.5_0

(MacPorts) Select a specific version of subversion to be the active one

macOS# port uninstall subversion @1.4.4_0

(MacPorts) Uninstall a specific version of subversion

# port -u upgrade subversion

(MacPorts) Upgrade subversion to the latest version (without “-u” the old version won’t be uninstalled automatically)

# pppd idle-disconnect <# of seconds>

Undocumented pppd feature

netapp# priv set advanced

Put a filer into “secret ninja mode” where you get access to additional commands (“priv set admin” returns to normal mode).

# ps -Aw -o user,pid,ppid,pcpu,pmem,size,rss,priority,start_time,time,cmd


# ps -ef | awk '/[p]ico/ {system("kill -9 "$2)}'


# pwconf [fixes] and pwck [just checks]

finds/fixes errors in /etc/passwd and shadow

# rcs -l /etc/dhcpd.conf; ci -u /etc/dhcpd.conf

Resyncronize dhcpd.conf with the version in RCS and make it available for checking out.

# rcs -u blah blah

break a lock as root

# rename "s/[!@#$%^&)|(-:;~><,{}'`?*A]/_/g" *.mp3

Rename all *.mp3 files in the current directory by replacing any “weird” characters with an underscore (rename is a great little utility that comes with many versions of Perl). NOTE: Make sure you use “-n” because I’m not positive that there aren’t any interactions of all these special characters between the shell and Perl, it *seems* to work correctly but …

# rm -- -weirdfile

Deletes “-weirdfile”, where “–’ tells rm to not interpret any further leading -‘s as arguments (only works with GNU rm though).

# rm -f /var/lib/dpkg/{lock,methlock}

Stops locking problems with dpkg

# rm -i *

Deletes everything in the current directory but asks you for confirmation (yes/no) before each file (allows the shell to do automatic escaping of odd characters).

# rm ./-weirdfile

Deletes file called ”-weirdfile“ in current directory.

# rpm -Va  

verifies all files on the system against known md5 checksums.

# rpm -q -a 

lists all redhat packages installed

# rpm -qpil <sompackage>.rpm    

tells all about the package.

# rsync -av --partial --progress ~/Desktop/

Download the file and keep the file if the transfer gets interrupted allowing it to be resumed where it left off.

# rsync -avHx --delete-excluded --progress --stats --exclude-from=/Users/adam/etc/tacsyncrc /Users/adam/

How I backup my Mac laptop to my Linux file server (so their home directories are identical)

windows# runas /user:starshineadministrator cmd

Opens a command window as the admin user on the machine starshine.

windows# runas / "notepad my_file.txt"

Runs “notepad my_file.txt” as the user adam on the domain

macOS# sc_usage 1234

Sort of line Linux strace only in a top form and not really the same. Shows information about PID 1234

# scp ~/.ssh/ badger:.ssh/authorized_keys

Installs SSH key for passwordless SSH.

# screen -D -r  

detaches the *running* process and moves it to the current tty

# screen -r     

reattaches an already detached screen session to the current tty

# screen <command>      

runs a process normally

# security find-internet-password -gs 

Search Mac’s “Keychain Access” for all stored information (including password) associated with

# sed -i -e 131d ~/.ssh/known_hosts

Delete line 131 from the known_hosts file (warning: -i is not fully portable).

# sed 's/<[^>]*>//g' foo.txt

Removes anything contained in HTML brackets (eg. <>). The trailing “g” means replace all instances not just the first on each line.

# sed 's/tty/ /' foo.txt

Replaces first instance of tty on each line with a space where ever it finds it in foo.txt.

# sendmail -bd -d99.100 -d8.3

99.100 means don’t fork and the second -d is the debug level you want

# sendmail -bi

The same as newaliases

# sendmail -bp -O QueueDirectory=/var/spool/mqueue2

mailq from alt directory

# sendmail -bv

shows a virtual addresses actual delivery point

# sendmail -q -v -O QueueDirectory=/var/spool/mqueue2

run queue from alt. directory

macOS# service ssh start

Basically chkconfig for OSX, ”–list“ shows all available services.

cisco# set dhcp server pool enabled <option> <value> (eg. "lease 86400")

sets dhcp values on the Cisco 675

# setterm -blank 0

disable’s linux screen saver

cisco# sh ip ro

Will work with any ip not just networks

cisco# show environment all

Shows temp and stuff

cisco# show int | in Des

Basically “| grep Des”

# slapd -d 768 -f /etc/ldap/slapd.conf

Start up OpenLDAP pointing explicitly to the config file and setting debugging to my preferred setting.

# sleep `expr $RANDOM % 900`

Sleep for a random amount of time between 0 and 900 seconds.

# smbclient // -U ashand

Login to the SMB/CIFS share called “mp3” on the server with the username “ashand” (it will prompt for a password).

# snmpwalk anc-naf1 passwd .

gets enterprise mibs

# snmpwalk anc-p50 passwd .

get ip addrs

# snmpwalk anc-p50 passwd .

get usernames

macOS# softwareupdate

Lists all required software updates from the AppleOsx site. You can also use it to install the packages.

# sort -n -t. -k 1,1 -k 2,2 -k 3,3 -k 4,4 /etc/hosts

sorts ip address nicely in order

# sort -n -t, -k 1.7 -k 1.4 -k 1 /tmp/test.csv

Sorts a CSV into order by date (oldest to newest) assuming comma seperated fields and that the first field is in the format DD/MM/YYYY.

# speller=/usr/X11R6/bin/gaspell --dict-host

using gui gaspell with dict service

# speller=/usr/bin/aspell check

spell checking with aspell

# speller=/usr/bin/ispell

spell checking with ispell

# ssh -t ssh 

Transparently SSH to a second box via a first one. Very useful for opening a shell on a host which isn’t reachable from your current network.

# ssh -R

If run from a box on “’s” private network (eg. behind their firewall), it creates a tunnel from to (which bypasses the firewall). Because it’s a remote (not a local) forwarded port ”-g“ doesn’t work so it will only be available on from via localhost.

# ssh cat .bash_profile | diff -u - .bash_profile 

Compare the remote and local .bash_profile.

# ssh -nNT -L 20000:localhost:20000 bob@jones

Forwards port 20000 on jones to port 20000 on localhost while not creating a login session. Good for writing tunnel init scripts around.

# ssh -g -L

Creates a tunnel from thain:9993 to via This is especially useful if thain is behind a firewall and can’t directly connect to The ”-g“ means that any machine can connect to thain:9993 gets forwarded to (without ”-g“ it only works via localhost on thain).

# ssh-keygen -b 1024 -f /etc/ssh/ssh_host_key -N ''

Create passwordless 1024 bit SSH key (useful for “passwordless” SSH, see UsingSsh).

netapp# statit -b; statit -e

Shows detailed snapshot of utilization between the time you ran the -b (begin) and -e (end) commands (only available in priv set advanced).

# strace -f -e open,read,write ls

Uses strace to trace al open, read and write calls that a process and any forked children make.

# stunnel -c -d localhost:imap2 -r

create a daemon listening on the local imap port binding to the remove imaps port on maus

# stunnel -c -r localhost:pop3s

as a client connect to localhost:pop3s (allows testing)

# stunnel -d imaps -r localhost:imap2


# stunnel -d pop3s -r localhost:pop3

as a daemon offer and encrypted port pop3s which connects to an unencrypted port pop3 on localhost

# stunnel -d ssmtp -r localhost:smtp


# stunnel -f -D 7 -d pop3s -r localhost:pop3

as above but don’t fork into the background and put on highest debug level

# stunnel -p /etc/ssl/certs/stunnel.pem -d pop3s -r localhost:pop3

sets up stunnel to map ssl traffic coming into 995 to the local pop port unencrypted.

# su - postgres; pg_dump -F p -d foo -t bar > /tmp/foo_bar.sql

Dump the PostgreSql table “bar” of database “foo” to a file called foo_bal.sql (in ASCII format)

# svn switch --relocate svn+ssh:// svn+ssh://

Change a working SVN directory to a new repository. Really useful when things have to move and you don’t want to check everything in first.

netapp# sysconfig -r

Details of disks and volumes including failed disks, rebuiding disks and hot spares.

netapp# sysconfig -v

Verbose output including disks, serial numbers, cpu’s etc.

macOS# sysctl -w net.inet.tcp.sendspace=65536

Writes 65536 to the kernel parameter net.inet.tcp.sendspace. It will persist after a reboot.

macOS# sysctl net.inet.tcp.sendspace

Prints the value of kernel parameter net.inet.tcp.sendspace.

netapp# sysstat -u 10

Show system status with utilization percentages, updating every 10 seconds (10 seconds is optimal to sync with the Netapp internal timing mechanism).

macOS# system_profiler

Prints out a profile of all hardware and software installed.

# tar -svcf - . | ssh badger-spare 'cd /var/web/download && tar -xpf -'

Moves data from localhost to badger-spare using tar through ssh.

# tar Sczvf /syjet/debmain.tgz / --exclude tmp --exclude proc

backs up / excluding directories.

# tar cvf /dev/rmt/0c -M etc/ home/

Tar to tape, spanning multiple tapes

# tar zvfx iai-cucipop.tar.gz cucipop-1.23b3/cucipop

retrieves file cucipop from archive

portmaster# tcmcmd -G command -E soft anc-tc2-nmc:s1c1-2t1-24

Soft busies anc-tc2-nmc cards 1 & 2, time slices 1-24

# tcpdump -i en1 tcp

because I always forgot how to do this and want to put “proto” in front of it. Can also use “ip” which is helpful.

# tcpdump -X -i eth0 'dst host and (dst port 143 or dst port 110)'

Example of a more complicated tcpdump filter.

# tcpdump -qp -i eth0 '(dst port 143 or dst port 110)'

How to watch POP3 or IMAP4 traffic going to

# tcpdump -r <infile> -C 100 -s 0 -w <outfile>

Reads in saved pcap file <infile> and writes out files no larger then 100MB, ”-s 0“ means preserver the full data stream.

# telnet 4321

# tethereal -V dst port 143 | egrep -i login

Snag IMAP usernames and passwords.

# tip -v 9600 /dev/ttya

Connect to the console port on a sun

# tr '[A-Za-z]' '[N-ZA-Mn-za-m]'

un-rot13 a message, and it works in pine if you enable the “|” command

# tr '15' '12' < macfile > unixfile

Converts carriage to linefeed

# tr -d 'r' < dosfile > unixfile

removes all ^M’s from dos file)

# trap '' 1 2 15

ignore signals 1,2 and 15

# trap 'rm -f $TMP; exit 1' 1 2 15

trap for signals 1,2,15 and rm file if found

sunos# truss -f -p PID

truss pid PID and follows forks (good for daemons)

# Turns on bold: [33[1m] Turns off bold: [33[0m]

Allows bold characters in Bash prompts.

mozilla# user_pref("mail.allow_at_sign_in_user_name", true);


# valkyrie:/usr/private/etc/radpwtst -p 1645 -s larry 

make sure they are in the /usr/private/etc/raddb/clients file so that it can find the radius secret

macOS# vm_stat 5

Similar to the Unix utility. Prints out every 5 seconds.

netapp# vol scrub status

Shows the status of currently running disk scrubs.

netapp# vol status

Shows the status of all volumes, including if any are in the process of rebuilding a disk.

netapp# wcc -s ashand

Shows the Unix name that the NT name “ashand” maps to.

netapp# wcc -u ashand

Shows the NT name that the Unix name “ashand” maps to.

# withlist -l -r fix_url wordup -u

Mailman command for updating a mail list to have the correct URL (see /usr/lib/mailman/Mailman/ for more info). Very useful when migrating lists to a new domain and none of the web forms will work because the submit buttons still point to the old location.

# wget -q --mirror -p --html-extension --base=./ -k -P ./

How to make a static copy of a Drupal (or any other dynamic) site.

# wget -q --proxy=off --html-extension -r -l 2 -nH --cut-dirs=4 -np -k -P foobar -p http://user:pass@www.spack.or/one/two/Statistics/GoStats/Index.html

Okay this is complicated. (-r) Recursively download for (-l 2) two levels, (-np) but don’t go up any directory levels, (-p) everything required (css, images etc) for the URL, (–html-extension) make sure all html pages get saved to files ending in .html and (-k) rewrite the downloaded pages to link to the right page names. (-P) Save all files to a folder called foobar, (-nH) don’t create a directory for the host name and (–cut-dirs) cut four levels from the directories (so everything goes directly into foobar). Wheew …

# wget --proxy=off

Embed HTTP username and password in the URL and ignore any *_proxy environment variables which are set.

# wget -m

mirror ftp heirarchy

# wget -r -l2

recursively grab just that directory

# while /bin/true; do gawk '/eth0:/ {print  $14}' /proc/net/dev; sleep 1; done

While loop to watch collision stats under

# whois "name pixelworks"

lists first 50 domains which contain pixelworks in the name

# whois "server NSblahblah-HST"

lists the first 50 domains hosted.

# whois -h ""

help file

# whois -h

any fld will work

# whois -h 'dump dom'

raw dump, good for scripts

# whois -h 'dump han em69'

raw dump, good for scripts

# whois

gives you NSblahblah-HST (can use IP# too)

# wine -dll commctrl,comctl,commdlg,comdlg32=n napster.exe

to run windows napster

# wterm -geometry 192x8+0+0 -name console -C

my exconsole

# wterm -tr -sh -bg <tint color> -fg <text color> -st -sb


# xv -root -quit -rmode 5 image_name

equiv: Root: <something>” where 5=center

# xwrits breaktime=1 typetime=15 +finger=american +top +noiconify +mouse +lock

Sensible defaults for Xwrits.