Ubuntu Command Reference & Cheat Sheet
The essential guide for managing Ubuntu and Debian-based servers and desktops. Learn package management, services, firewalls, and system administration.
📦 Package Management (APT)
Ubuntu uses apt (Advanced Package Tool) to manage software. Always run sudo apt update first to refresh the package index.
| Command | Action |
|---|---|
sudo apt update | Refreshes the list of available packages and versions (run this first!) |
sudo apt upgrade | Installs newer versions of packages you currently have |
sudo apt install <pkg> | Installs a new package (e.g., nginx, nodejs) |
sudo apt remove <pkg> | Removes a package but keeps configuration files |
sudo apt purge <pkg> | Removes package AND its configuration files |
sudo apt autoremove | Removes packages that were installed as dependencies but are no longer needed |
apt search <term> | Search for packages by name or description |
apt show <pkg> | Display detailed information about a package |
⚙️ Service Management (Systemd)
Control background services (daemons) like web servers, databases, and other server applications.
sudo systemctl start nginxsudo systemctl stop nginxsudo systemctl restart nginxsudo systemctl reload nginxsudo systemctl enable nginxsudo systemctl disable nginxsudo systemctl status nginx🛡️ Firewall (UFW)
Uncomplicated Firewall is Ubuntu's default firewall configuration tool, providing a simple interface to iptables.
sudo ufw allow sshsudo ufw allow 80/tcpsudo ufw allow 443/tcpsudo ufw enablesudo ufw statussudo ufw delete allow 80Comprehensive Ubuntu Server Administration Guide
Ubuntu is the most popular Linux distribution for cloud servers, powering millions of instances on AWS, Azure, Google Cloud, and other platforms. Its combination of stability, security, long-term support, and comprehensive documentation makes it the go-to choice for both beginners and experienced system administrators. Whether you are setting up a personal development server or managing production infrastructure, understanding Ubuntu's administrative tools is essential.
This guide focuses on Ubuntu-specific tools and conventions, though much of what you learn applies to other Debian-based distributions as well. Ubuntu is based on Debian and shares the same package format (DEB) and package manager (APT), so skills transfer between the two distributions.
Understanding APT: The Package Manager
APT (Advanced Package Tool) is the heart of software management on Ubuntu. Unlike downloading installers from websites on Windows, Linux uses centralized repositories—curated collections of software packages maintained by Ubuntu and the community. When you run apt install, APT downloads the package and all its dependencies from these repositories.
The first step in any package operation should be sudo apt update. This downloads the latest package indexes from the repositories—think of it as refreshing the list of what is available and what versions exist. Without this step, you might install outdated versions or fail to find packages that were recently added.
sudo apt upgrade then installs newer versions of all packages you currently have installed. This is how you apply security patches and bug fixes. For important servers, you might want to run this regularly (perhaps weekly or monthly), reviewing what will be upgraded before proceeding.
The difference between apt remove and apt purge is important. Remove uninstalls the package but leaves configuration files in place—useful if you might reinstall later. Purge removes both the package and its configuration, leaving the system as if the package had never been installed.
Systemd: Managing Services
Systemd is the init system used by modern Ubuntu (and most other major Linux distributions). It is responsible for booting the system and managing services—background processes that run continuously, like web servers, databases, and system daemons.
The systemctl command is your interface to systemd. Every service has a unit file that describes how to start it, what dependencies it needs, and what to do if it crashes. You typically do not need to write these yourself; packages create them during installation.
systemctl status is invaluable for debugging. It shows whether the service is running, its PID, recent log entries, and any errors. If a service fails to start, the status output often contains the specific error message explaining why.
The distinction between start/stop and enable/disable is crucial. Starting a service runs it now; enabling it makes it start automatically on boot. These are independent—you can enable a service without starting it (it will start on next boot) or start a service without enabling it (it will run now but not survive a reboot).
For many services, reload applies configuration changes without fully restarting. This is gentler than restart—for a web server, reload typically does not drop active connections, while restart does. Not all services support reload; check the service documentation.
UFW: Firewall Configuration
UFW (Uncomplicated Firewall) provides a simplified interface to the powerful but complex iptables firewall. By default, UFW is installed but not enabled on Ubuntu. Before enabling it, you must allow SSH access, or you will be locked out of your server.
The single most critical command when setting up a remote server is sudo ufw allow ssh followed by sudo ufw enable. If you forget to allow SSH before enabling, you will need console access (through your cloud provider's web interface) to recover.
UFW uses a default-deny incoming, default-allow outgoing policy. This means all incoming connections are blocked unless explicitly allowed, while outgoing connections from the server are permitted. This is a sensible security stance that requires you to consciously open ports for services you run.
You can allow services by name (ufw allow ssh, ufw allow http) or by port number (ufw allow 80/tcp). Named services are defined in /etc/services. For non-standard ports, you must use the numeric form.
User and Permission Management
Ubuntu follows the principle of least privilege. Regular users have limited permissions, and administrative tasks require sudo. This protects against accidental damage and adds accountability—all sudo commands are logged.
To create a new user, use sudo adduser username. To grant them sudo privileges, add them to the sudo group: sudo usermod -aG sudo username. For servers, you typically want to set up SSH key authentication instead of passwords, then disable password authentication entirely for security.
File permissions in Linux use the read/write/execute model for owner, group, and others. The chmod command changes permissions, and chown changes ownership. Understanding these is essential for web servers, where files often need to be readable by the web server user but owned by a deployment user.
System Monitoring and Logs
journalctl is the systemd log viewer. journalctl -u nginx shows logs for a specific service. journalctl -f follows logs in real-time. journalctl --since "1 hour ago" filters by time. This unified logging system has largely replaced the traditional scattered log files in /var/log.
For resource monitoring, htop (install with apt install htop) provides an interactive process viewer superior to the traditional top. df -h shows disk usage, free -h shows memory usage, and uptime shows system load averages.
Keeping Ubuntu Secure and Updated
Ubuntu LTS (Long Term Support) releases receive security updates for five years. Running sudo apt update && sudo apt upgrade regularly ensures you have security patches. For automated security updates, install the unattended-upgrades package.
Use strong SSH configurations: disable password authentication, disable root login, use key-based authentication, and consider changing the default SSH port or implementing fail2ban to block brute-force attempts. These measures significantly reduce the attack surface of your server.
Regularly review what services are running with systemctl list-units --type=service and disable anything you do not need. Every running service is a potential vulnerability. Similarly, review open ports with sudo netstat -tulpn or sudo ss -tulpn.
Snap Packages
Modern Ubuntu also supports Snap packages, a containerized package format. Snaps include all dependencies, making them larger but more reliable across different Ubuntu versions. Install snaps with sudo snap install package. Many popular applications like VS Code, Slack, and Spotify are distributed as snaps.
Snaps update automatically in the background, which is convenient for desktop applications but requires consideration for servers where you may want to control update timing. You can configure snap refresh schedules or defer updates for critical systems.