Don Palmigiano

I'm into Linux among other things. Like my work? Reach out!

Note 318

Why I Live In a Bubble

Bunny Science Halo PAPR

You look either silly or suicidal.

I know. lol. I'm wearing something that saves lives.

That doesn't look safe/You're gonna die, don't you know about CO2?

It's safe for me to wear. Yes, I know about the dangers of CO2. That's why my fan has a rated static pressure of 225 Pa, as outlined here.

You CAN kill yourself or someone else hastily emulating something this silly/suicidal looking.

There's something to be said about intuition, particularly yours in this situation.

What am I looking at?

You're looking at the Halo PAPR. This 3D printed model is an adaptation of what a surgeon might use in the operating room while treating COVID-19 patients.

Did you make this?

Yes and no.

While I had the idea to design a 3D printed PAPR very similar to this, my model made use of a full-face snorkel mask.

The man who designed this is Guy Kuo. Kuo is an anesthesiologist who practices in Bellevue, Washington at Overlake Medical Center and Evergreen Health. Apart from having one of the coolest specialties in medicine, he's also a 3D printer fanatic and talented designer and engineer!

Recently, Guy became of one my few man-crushes due to his ingenious design. What you saw me wearing was the "Halo PAPR" or Personal Air Powdered Respirator.

It can be found here.

I have another, much bulkier PAPR design that is entirely my own which makes use of a ULPA ("Ultra Low Particulate Air") filter with a MERV 17 rating.

What is new is my adaptation for civilian use:

This alteration makes use of a Nalgene lid, a cut-up n95 mask, a carbon filter mask, some pillow stuffing (aka Ploy-fil useful for compressing the layers of the n95 together to maintain filter performance in addition to adding even more mechanical filtration) and aquarium silicone for a perfect seal.

Ok but why?

I'll be candid, the journey that ended here started with a sort of paranoia.

My 70-year-old mom is one of the best teachers I know. She teaches elementary and middle school as a retired teacher, turned substitute and tutor. Although she is out of work now, as are most of us including myself, I didn't know there would be a shelter-in-place order. Although I hate that she still needs to work, she's the most committed and caring person in my life. Her care and attention to students as well as my gratitude and protectiveness of her had me very concerned, to say the least. Anyone who works with children or know someone who does also knows just how often and easily those people get sick. I remember being pained every time I would see my mother battling whatever seasonal malady had been incubating among her students. I could not face the likely possibility that if she were to keep teaching that she, along with my father, would likely become very ill. I worried that even if they recovered, it might not be fully.

So rather than face this tragic likelihood, I decided to act. With social distancing loosening and uncertainty on the horizon as protesters and anti-vaxers selfishly storm the streets, I am acting once again.

As a wise former-man-crush once said: "You cannot get people to change by force. If you want change, you simply must provide a better alternative."

I act today not out of paranoia. I act to promote science, compassion for others, and creative, intrepid, action instead of ignorance, disregard, and indolence.

Finally, I also act to bring attention to Guy Kuo. Technologies like his Halo PAPR will allow caretakers and doctors in countries like India to protect themselves. It will allow people like me to protect my mom and dad. Kuo's competition, the 3M Versaflo TR-300 and similar are in short supply and can cost upwards of $3000.

How much did this cost you to make?

I was given 3D printer filament by a generous donor on Nextdoor for use in aiding healthcare workers. I took apart an old laptop and retrieved the 51mm blower fan myself. The rest has been put together with what I had around the house. Remember, I'm out of a job and out of money. I haven't even received my $1200 at this point in time.

Grand total of $0.

Why are you wearing a mask? Don't you have enough PPE already?

Look closely at the Halo PAPR. It's ok if you walk back to get a second look, I don't mind. You'll notice that while I'm protected by state of the art filtration and positive you get the unfiltered exhaust.

The ONLY reason I am wearing a mask is to protect YOU.

You're welcome.

What are you printing right now?

Great question. I'm donating these through masksfordocs.

Can I buy one? (Mask or PAPR or other)


I am living entirely off of the generosity of close family and friends at this point.

You can definitely trade me something on my amazon wishlist or some gift cards for groceries though.

However, I don't know how I feel about the ethics of monetary donations just yet. I guess I'll leave it up to you.

If I get more filament I can donate more supplies to hospitals and doctors.

Shoot me an email:

Check out my 3D prints while I work on getting my website working.

If you're hiring, please check out my landing page.

I also design websites, deliver groceries, and offer my consultation and mad research skills. My cup is as empty as my wallet; I'm open and willing to help however I can.

Donations and Cryptocurrency:

Bitcoin: 1E8CvXB4NcZ5vztFkRWKBN1P3r3rGHzpyH


Amazon Wishlist

I don't trust your links.

Good! Smart person. Try this out: or google it yourself if you've got a tin-foil hat/PAPR on too.

Who are you?

That depends on your metaphysical worldview, but this might help.

#OnePrinter: Fighting COVID-19 with the sickest beats and most inventive 3-D prints

See it live on twitch!

My best friend in LA, electronic musician fzen, joins the fight and ups the stakes.

His music is absolutely incredible. Seriously moving and melodic stuff. Hope it reminds you of all the beauty in the world. fzen spends hundreds of hours on each track. :o You heard it here first. :p

I wish I could see him right now, but we've got important things to do right where we are. I've finally mastered leveling my Ender 3, so already I'm seeing vast improvements in print time. I've also been using FreeCad to develop a honeycomb laminar flow HEPA powered design of my own. ;)

Pro tip: Use some Aquarium Silicone to coat the inside and out to ensure a watertight, durable design.

Lonny Shavelson, MD and
Thalia DeWolf, RN, CHPN of Bay Area End Of Life Options, these prints and those that follow are yours.
Keep up the amazing work. I can't think of better people or a better cause. :)

Sunny days ahead folks!

One 3D Printer Vs. COVID-19

Watch live video from donpalm on

Tracking Covid 19 in Berkeley and the Bay Area

Just a little pet project of mine, I hope you find it helpful. I may come back to this post to explain my sources as well as some of the math and statistics involved.

chattr and lsattr

chattr and lsattr commands

On Linux operating systems, the chattr command modifies the attributes of files, and lsattr lists (displays) them.

In Linux, file attributes are flags which affect how the file is stored and accessed by the filesystem. They are metadata stored in the file's associated inode.


chattr and lsattr are part of the e2fsprogs software package, available by that name in most package managers. The e2fsprogs homepage is located at


Attributes are not the same as file permissions. For information about setting permissions, see chmod.

Syntax: chattr

<b>chattr</b> [<b>-R</b>] [<b>-V</b>] [<b>-f</b>] [<b>-v</b> <i>version</i>] [<b>-p</b> <i>project</i>] <i>mode</i> ... <i>file</i> ...


chattr takes the following options:

-R Recursively change attributes of directories and their contents.
-V Provide verbose output and display program version.
-f Suppress most error messages.
-v version Set the file's version/generation number. This is an arbitrary nine-digit number assigned to a file when it is created. It is not unique. It may be changed to any other arbitrary number.
-p project Set the file's project number.
mode ... One or more mode strings. For more information, see Mode strings, below.
file ... The file or files to be changed.

Mode strings

A mode string consists of an operator and one or more attributes. It takes the form:


One of the following operators must appear at the beginning of a mode string:

character operation
+ Attributes listed will be added to the file.
- Attributes listed will be removed from the file.
= The attributes listed will be added; any attributes omitted will be removed.

The remainder of the mode string is a series of characters, each representing an attribute. They are case-sensitive, cannot be separated by whitespace, and may appear in any order. For a list of attribute characters, see Attributes, below.

Example mode strings are "+caS", "-Asd", and "=eAsS".

Multiple mode strings may be specified to combine + and - operators in a single command, e.g. "+asD -c" and "-a +s +D -c" are both valid.

Syntax: lsattr

<b>lsattr</b> [<b>-R</b>] [<b>-V</b>] [<b>-a</b>] [<b>-d</b>] [<b>-v</b>] <i>file</i> ...


-R Recursively list attributes of directories and their contents.
-V Display the program version.
-a List all files in a directory, including those whose name starts with a period ('.').
-d List directories as regular files, rather than listing their contents.
-v List the file's version/generation number in addition to its attributes.

List of Attributes

The following characters represent attributes that may be modified by chattr or listed with lsattr.

character attribute description
a append only The file may only be opened for writing in append mode: its existing data may not be overwritten. It cannot be deleted or renamed; hard links cannot be made to this file; most of its metadata cannot be changed. Modifying this attribute requires root privileges.
A no atime updates When the file is accessed, its atime record is not modified, which in some situations can reduce disk I/O.
c compressed Files with this attribute are automatically compressed by the kernel when written to disk. Its contents are uncompressed when read. Note: This attribute has no effect in the ext2, ext3, and ext4 filesystems.
C no copy on write Files with this attribute are not subject to copy-on-write updates. If this attribute is set on a directory, new files created in that directory will have this attribute set. Note: This attribute is only effective on filesystems which perform copy-on-write. On btrfs, this attribute should be set on new or empty files. If this attribute is set after a btrfs file already contains data, the time when its data will be stable is undefined.
d no dump Files with this attribute are bypassed in any backup initiated by dump, a legacy tool for ext2 filesystems.
D synchronous directory updates Changes to a directory with this attribute are written synchronously to disk. That is, the system waits for write completion before doing something else. Equivalent to the the dirsync option to the mount command, applied to a subset of files on a filesystem.
e block extents Indicates that a file should be stored using block extents. Data is stored contiguously between two blocks, and only those two blocks must be known to find the file's data. Block extent mapping may potentially save disk space, because it reduces the number of blocks which must be listed in the file's inode.
i immutable Files with this attribute cannot be deleted or renamed; hard links cannot be made to this file; most of its metadata cannot be changed; data cannot be written to the file. Modifying this attribute requires root, or a process with the CAP_LINUX_IMMUTABLE capability, as set with setcap.
j data journalling A file with this attribute has all its data written to its journal before being written to the file itself. Only effective on ext3 and ext4 filesystems which have journalling enabled and the "data=ordered" or "data=writeback" options set. If journaling is enabled in those systems, but the "data=journal" option is set, this attribute has no effect. Only root or a process with CAP_SYS_RESOURCE capability as set with setcap can change this attribute.
P project hierarchy A directory with this attribute will enforce a hierarchical structure for project IDs. Files and directories created in the directory will inherit the project ID of the directory. Rename operations are constrained so when those files or directories are moved to another directory, the project IDs will match. Hard links to these files may only be created if the project ID of the target and destination match.
s secure deletion If a file with this attribute is deleted, its data is overwritten with zeroes, similar to a simple shred. This attribute is ignored by ext2, ext3, and ext4 filesystems.
S synchronous updates When files with this attribute are modified, the changes are written synchronously to disk. Equivalent to the sync option of the mount command, for individual files.
t no tail merging A file with this attribute will not have any partial block fragment at the end of the file shared with another file's data. This attribute is necessary for software such as LILO, which reads the filesystem directly and is not aware of tail merging. Some filesystems do not support tail merging, in which case this attribute has no effect.
T top of directory hierarchy A directory with this attribute is deemed to be the top of directory hierarchies by the Orlov block allocator, used by ext2 and ext3. The attribute gives a hint to the allocator that the subdirectories are not related in how they are used, and their data should be separate when blocks are allocated. For example, the /home directory may have this attribute, indicating that /home/mary and /home/john should be placed in separate block groups.
u undeletable When a file with this attribute is deleted, its contents are saved, enabling their later undeletion. Undelete tools which can take advantage of this attribute include extundelete.

Read-only attributes

The following attributes are read-only. They cannot be set or unset by chattr, but can be listed by lsattr.

character meaning description
E compression error The filesystem is not able to automatically compress this file.
h huge file The file is storing its blocks in units of the filesystem's blocksize instead of in sectors. The file is, or previously was, larger than 2 TB.
I indexed directory The directory is being indexed with a hashed tree (htree).
N inline data The file has data stored inline, within the inode itself.
X compression raw access An experimental attribute indicating that the raw contents of a compressed file may be accessed directly.
Z compressed dirty file An experimental attribute indicating that a compressed file is dirty (incompletely written).


View attributes of files

For this example, we will create three empty files with touch:

touch file file2 .file

We can view their permissions with ls, using the -l option:

ls -l
total 8
-rw-rw-r-- 1 hope hope 0 Jun 28 09:51 file
-rw-rw-r-- 1 hope hope 0 Jun 28 09:51 file2

File names starting with a dot (period) are not listed by ls unless the -a option is used:

ls -a
total 28
-rw-rw-r-- 1 hope hope 0 Jun 28 09:51 file
-rw-rw-r-- 1 hope hope 0 Jun 28 09:51 .file
-rw-rw-r-- 1 hope hope 0 Jun 28 09:51 file2

Now let's view attributes by running lsattr:

-------------e-- ./file
-------------e-- ./file2

As with ls, we must use the -a option to view files whose name starts with a dot:

lsattr -a
-------------e-- ./file
-------------e-- ./file2
-------------e-- ./.file
-------------e-- ./.
-------------e-- ./..

To view the attributes of a specific file or files, specify their names:

lsattr file
-------------e-- file
lsattr -a file file2 .file
-------------e-- file
-------------e-- file2
-------------e-- .file

View attributes of directories

Now let's create a directory and subdirectory with mkdir -p:

mkdir -p dir/subdir

And create some empty files in those directories:

touch dir/file3 dir/file4 dir/subdir/file5

By default, lsattr does not traverse directories:

-------------e-- ./file
-------------e-- ./file2
-------------e-- ./dir

To recursively traverse and show the contents of directories, use -R:

lsattr -R
-------------e-- ./file
-------------e-- ./file2
-------------e-- ./dir
-------------e-- ./dir/file3
-------------e-- ./dir/file4
-------------e-- ./dir/subdir
-------------e-- ./dir/subdir/file5

Change attributes

By default, the files and directories we created in the above examples (on Ubuntu 16.04) have the "block extents" attribute (e) set.

-------------e-- ./file
-------------e-- ./file2
-------------e-- ./dir

Let's give them the d attribute (a legacy attribute, meaningless on our system), using +d.

chattr +d *
------d------e-- ./file
------d------e-- ./file2
------d------e-- ./dir

Some attributes, such as a (append-only), may only be modified by the root user:

<a href="">sudo</a> chattr +a file
-----ad------e-- ./file
------d------e-- ./file2
------d------e-- ./dir

Attributes which apply only to directories, such as D, will not be set on regular files, successfully — no error will be returned. For example, if you try to run chattr +D on a regular file, chattr will do nothing to those files, and return a successful exit status.

Notice in the next command that we try to set the D attribute on both a regular file and a directory. The attribute is set on the directory, is not set on the regular file, and chattr returns successfully.

chattr +D file dir && lsattr
-----ad------e-- ./file
------d------e-- ./file2
---D--d------e-- ./dir

(The && control operator will run the next command only if the previous command returns a successful exit status. For more information, see Shell grammar in bash.)

To unset an attribute, use the - operator before your list of attributes.

chattr -D dir && lsattr
-----ad------e-- ./file
-------------e-- ./file2
-------------e-- ./dir

Only one operator may be specified per mode string, but you can specify multiple attributes one after the other (without whitespace), in any order. You may specify multiple mode strings, each with their own operator.

chattr +sSc -d * && lsattr
s-S--a--c-----e---- ./file
s-S-----c-----e---- ./file2
s-S-----c-----e---- ./dir

If an attribute requires root privileges, but you are not running the command as root, chattr will not change any attributes for that file. It will continue trying to operate on other files, and when it completes, it will return a failing exit status (an error).

To illustrate this, in the next command, we'll try to set the a attribute on every file in the current directory without using sudo. This should fail (unless we are logged in as root), because setting a requires superuser privileges.

Also, note that in the next command we use echo to display the value of the bash special parameter ? (a question mark). The ? parameter contains the exit status of the previous command, so it will tell us if chattr succeeded (0) or failed (1). Like all bash parameters, we refer to its value by prefixing its name with $.

chattr -sS +a *; echo $?
chattr: Operation not permitted while setting flags on dir
chattr: Operation not permitted while setting flags on file2

The exit status 1 indicates an error occurred.

Let's look at how the attributes changed:

-----a--c-----e---- ./file
s-S-----c-----e---- ./file2
s-S-----c-----e---- ./dir

Notice that file did not cause an error. It already had the a flag from a previous command, so it causes no error; and so the rest of the changes (-sS) went through just fine. The other file and directory both caused an error, and were entirely unchanged.

To set every file to match an explicit set of attributes, use the = operator. Any listed attributes will be set, and any not listed will be unset.

sudo chattr -R =es * && lsattr -R
s----------e---- ./file
s----------e---- ./file2
s----------e---- ./dir
s----------e---- ./dir/file3
s----------e---- ./dir/file4
s----------e---- ./dir/subdir
s----------e---- ./dir/subdir/file5

Make files immutable

If you set the i attribute, a file will be marked as "immutable", meaning its data (and some vital metadata) cannot be changed, even by root, until the attribute is unset.

touch immutable && lsattr immutable
--------------e---- immutable
sudo chattr +i immutable && lsattr immutable
----i---------e---- immutable
<a href="">mv</a> immutable newname
mv: cannot move 'immutable' to 'newname': Operation not permitted
<a href="">rm</a> immutable
rm: cannot remove 'immutable': Operation not permitted
sudo rm -f immutable
rm: cannot remove 'immutable': Operation not permitted

You cannot create a hard link to an immutable file:

<a href="">ln</a> immutable hardlink
ln: failed to create hard link 'hardlink' => 'immutable': Operation not permitted

Symbolic links are OK, though:

ln -s immutable symlink && ls -l symlink
lrwxrwxrwx 1 hope hope 6 Jun 29 07:49 symlink -> immutable

This is a good time to note that symbolic links have no attributes of their own:

lsattr symlink
lsattr: Operation not supported While reading flags on symlink

To make files mutable again, use -i:

sudo chattr -i immutable && mv immutable newname && lsattr newname
--------------e---- newname

Make files append-only

The append-only attribute (a) makes a file immutable, except that data can be added to it.

touch appendonly && lsattr appendonly
--------------e---- appendonly
sudo chattr +a appendonly && lsattr appendonly
-----a--------e---- appendonly

You cannot overwrite the file with redirection (>):

echo "Overwriting is not allowed." > appendonly
bash: appendonly: Operation not permitted

But redirecting append-only (>>) is OK:

echo "Appending is allowed." >> appendonly && <a href="">cat</a> appendonly
Appending is allowed.
echo "Appending is allowed." >> appendonly && cat appendonly
Appending is allowed.
Appending is allowed.

Append-only files may not be moved, removed, renamed, or hard-linked.

sudo rm -f appendonly
rm: cannot remove 'appendonly': Operation not permitted
sudo ln appendonly hardlink
ln: failed to create hard link 'hardlink' => 'appendonly': Operation not permitted

For more information about redirection, see Redirection in bash.

chown — Change the ownership of files or directories.
chmod — Change the permissions of files and directories.
ls — List the contents of a directory or directorie


Productivity-Focused Generalist

This is a generalist engineer. They may have a variety of different technical backgrounds (back-end, systems, etc). Regardless of specialty, they have great productivity. They follow an iterative process. They are a coding machine. They are a move fast and break things programmer.

Linux Internals Engineer

This is an engineer who is comfortable working with Linux (or Unix-like) operating systems at a low level. They may have experience working on device drivers. They are comfortable thinking about scheduling, interrupts, file systems system calls. They can explain Spectre and Meltdown, and how they were mitigated.

Architecture/Design-Focused Generalist

This is a generalist engineer. They may have a variety of different technical backgrounds (back-end, systems, etc). Regardless of specialty, they have a strong focus on software architecture. They write clean, modular code. They do very well on software / OOP design problems. And they reason well about the interactions of complex systems.

Pacman Cheatsheet


< PacmanJump to navigationJump to search

This page uses a table to display the correspondence of package management commands among some of the most popular Linux distributions. The original inspiration was given by openSUSE's Software Management Command Line Comparison.

Tip: Arch users having to temporarily deal with another Linux distribution can use pacapt, a simple wrapper around other package managers.Note:

  • Some of the tools described here are specific to a certain version of pacman. The -Qk option is new in pacman 4.1.


Basic operations

ActionArchRed Hat/FedoraDebian/UbuntuSLES/openSUSEGentoo
Install a package(s) by namepacman -Sdnf installapt installzypper install
zypper in
emerge [-a]
Remove a package(s) by namepacman -Rsdnf removeapt removezypper remove
zypper rm
emerge -vc
Search for package(s) by searching the expression in name, description, short description. What exact fields are being searched by default varies in each tool. Mostly options bring tools on par.pacman -Ssdnf searchapt searchzypper search
zypper se [-s]
emerge -S
Upgrade Packages - Install packages which have an older version already installedpacman -Syudnf upgradeapt update && apt upgradezypper update zypper upemerge -uDN @world
Upgrade Packages - Another form of the update command, which can perform more complex updates -- like distribution upgrades. When the usual update command will omit package updates, which include changes in dependencies, this command can perform those updates.pacman -Syudnf distro-syncapt update && apt dist-upgradezypper dupemerge -uDN @world
Clean up all local caches. Options might limit what is actually cleaned. Autoclean removes only unneeded, obsolete information.pacman -Sc
pacman -Scc
dnf clean allapt autoclean
apt clean
zypper cleaneclean distfiles
Remove dependencies that are no longer needed, because e.g. the package which needed the dependencies was removed.pacman -Qdtq | pacman -Rs -dnf autoremoveapt autoremovezypper rm -uemerge --depclean
Remove packages no longer included in any repositories.pacman -Qmq | pacman -Rs -dnf repoquery --extrasaptitude purge '~o'
Mark a package previously installed as a dependency as explicitly required.pacman -D --asexplicitdnf mark installapt-mark manualemerge --select
Install package(s) as dependency / without marking as explicitly required.pacman -S --asdepsdnf install => dnf mark removeapt-mark autoemerge -1
Only downloads the given package(s) without unpacking or installing thempacman -Swdnf downloadapt install --download-only (into the package cache)
apt download (bypass the package cache)
zypper --download-onlyemerge --fetchonly
Start a shell to enter multiple commands in one sessionapt-config shellzypper shell
Show a log of actions taken by the software /var/log/pacman.logdnf historycat /var/log/dpkg.logcat /var/log/zypp/historylocated in /var/log/portage
Get a dump of the whole system information - Prints, Saves or similar the current state of the package management system. Preferred output is text or XML. (Note: Why either-or here? No tool offers the option to choose the output format.)(see /var/lib/pacman/local)(see /var/lib/rpm/Packages)apt-cache statsn/aemerge --info
e-mail delivery of package changesapt install apt-listchanges
ActionArchRed Hat/FedoraDebian/UbuntuSUSE/openSUSEGentoo

Querying specific packages

ActionArchRed Hat/FedoraDebian/UbuntuSLES/openSUSEGentoo
Show all or most information about a package. The tools' verbosity for the default command vary. But with options, the tools are on par with each other.pacman -[S|Q]idnf list, dnf infoapt show / apt-cache policyzypper info zypper ifemerge -S; emerge -pv; eix
Display local package information: Name, version, description, etc.pacman -Qirpm -qi / dnf info installeddpkg -s / aptitude showzypper info; rpm -qiemerge -pv and emerge -S
Display remote package information: Name, version, description, etc.pacman -Sidnf infoapt-cache show / aptitude showzypper infoemerge -pv and emerge -S or equery m (meta)
Display files provided by local packagepacman -Qlrpm -qldpkg -Lrpm -Qlequery files; qlist
Display files provided by a remote packagepacman -Fldnf repoquery -l or repoquery -l (from package yum-utils)apt-file list $patternpfl
Query the package which provides FILEpacman -Qorpm -qf (installed only) or dnf provides (everything) or repoquery -f (from package yum-utils)dpkg -S / dlocatezypper search -fequery belongs; qfile
List the files that the package holds. Again, this functionality can be mimicked by other more complex commands.pacman -Ql
pacman -Fl
dnf repoquery -ldpkg-query -Lrpm -qlequery files; qlist
Displays packages which provide the given exp. aka reverse provides. Mainly a shortcut to search a specific field. Other tools might offer this functionality through the search command.pacman -Fodnf providesapt-file searchzypper what-provides zypper wpequery belongs (only installed packages); pfl
Search all packages to find the one which holds the specified file. auto-apt is using this functionality.pacman -Fsdnf providesapt-file searchzypper search -fequery belongs; qfile
Show the changelog of a packagepacman -Qcrpm -q --changelogapt-get changelogrpm -q --changelogequery changes -f
ActionArchRed Hat/FedoraDebian/UbuntuSUSE/openSUSEGentoo

Querying package lists

ActionArchRed Hat/FedoraDebian/UbuntuSLES/openSUSEGentoo
Search for package(s) by searching the expression in name, description, short description. What exact fields are being searched by default varies in each tool. Mostly options bring tools on par.pacman -Ssdnf searchapt searchzypper search zypper se [-s]emerge -S; eix
Lists packages which have an update available. Note: Some provide special commands to limit the output to certain installation sources, others use options.pacman -Qudnf list updates, dnf check-updateapt-get upgrade -> nzypper list-updates zypper patch-check (just for patches)emerge -uDNp @world
Display a list of all packages in all installation sources that are handled by the packages management. Some tools provide options or additional commands to limit the output to a specific installation source.pacman -Sldnf list availableapt-cache dumpavail apt-cache dump (Cache only) apt-cache pkgnameszypper packagesportageq all_best_visible /
Generates a list of installed packagespacman -Qdnf list installeddpkg --list | grep ^izypper search --installed-onlyqlist -IC
List packages that are installed but are not available in any installation source (anymore).pacman -Qmdnf list extrasdeborphanzypper se -si | grep 'System Packages'eix-test-obsolete
List packages that were recently added to one of the installation sources, i.e. which are new to it.(none)dnf list recentaptitude search '~N' / aptitude forget-newn/aeix-diff
List installed local packages along with versionpacman -Qrpm -qadpkg -lzypper search -s; rpm -qaqlist -ICv
Search locally installed package for names or descriptionspacman -Qsrpm -qa '*<str>*'aptitude search '~i(~n $name|~d $description)'eix -S -I
List packages not required by any other packagepacman -Qtdnf leavesdeborphan -anp1emerge -pc
List packages installed explicitly (not as dependencies)pacman -Qednf history userinstalledapt-mark showmanualemerge -pvO @selected; eix --selected
List packages installed automatically (as dependencies)pacman -Qdapt-mark showauto
ActionArchRed Hat/FedoraDebian/UbuntuSUSE/openSUSEGentoo

Querying package dependencies

ActionArchRed Hat/FedoraDebian/UbuntuSLES/openSUSEGentoo
Display packages which require X to be installed, aka show reverse dependencies.pacman -Siidnf repoquery --alldeps --whatrequires or repoquery --whatr[equires]apt-cache rdepends / aptitude search ~D$patternzypper search --requiresemerge -pvc
Display packages which conflict with given expression (often package). Search can be used as well to mimic this function.dnf repoquery --conflictsaptitude search '~C$pattern'
List all packages which are required for the given package, aka show dependencies.pacman -[S|Q]idnf repoquery --requires or repoquery -Rapt-cache depends / apt-cache showzypper info --requiresemerge -ep
List what the current package providesdnf providesdpkg -s / aptitude showzypper info --providesequery files; qlist
List all packages that require a particular packagednf repoquery --alldeps --whatrequiresaptitude search ~D{depends,recommends,suggests}:$pattern / aptitude whyzypper search --requiresequery depends -a
Display all packages that the specified packages obsoletes.dnf list obsoletesapt-cache show
Generates an output suitable for processing with dotty for the given package(s).apt-cache dottyn/a
ActionArchRed Hat/FedoraDebian/UbuntuSUSE/openSUSEGentoo

Installation sources management

ActionArchRed Hat/FedoraDebian/UbuntuSLES/openSUSEGentoo
Installation sources management${EDITOR} /etc/pacman.conf${EDITOR} /etc/yum.repos.d/${REPO}.repo${EDITOR} /etc/apt/sources.list${EDITOR} /etc/zypp/repos.d/${REPO}.repolayman; eselect repository
Add an installation source to the system. Some tools provide additional commands for certain sources, others allow all types of source URI for the add command. Again others, like apt and dnf force editing a sources list. apt-cdrom is a special command, which offers special options design for CDs/DVDs as source./etc/pacman.conf/etc/yum.repos.d/*.repoapt-cdrom addzypper service-addlayman, overlays
Refresh the information about the specified installation source(s) or all installation sources.pacman -Sy (always upgrade the whole system afterwards)dnf clean expire-cache && dnf check-updateapt-get updatezypper refresh zypper refemerge --sync;layman -S
Prints a list of all installation sources including important information like URI, alias /etc/pacman.d/mirrorlistcat /etc/yum.repos.d/*apt-cache policyzypper service-listlayman -l; eselect repository list
List all packages from a certain repopaclist <repo> eix --in-overlay
Disable an installation source for an operationdnf --disablerepo=emerge package::repo-to-use
Download packages from a different version of the distribution than the one installed.dnf --releasever=apt-get install -t release package/ apt-get install package/release (deps not covered)echo "category/package ~amd64" >> /etc/portage/package.keywords && emerge package
ActionArchRed Hat/FedoraDebian/UbuntuSUSE/openSUSEGentoo


ActionArchRed Hat/FedoraDebian/UbuntuSLES/openSUSEGentoo
Add a package lock rule to keep its current state from being changed/etc/pacman.conf
modify IgnorePkg array
dnf.conf <--”exclude” option (add/amend)apt-mark hold pkgPut package name in /etc/zypp/locks, or zypper al/etc/portage/package.mask
Delete a package lock ruleremove package from IgnorePkg line in /etc/pacman.confapt-mark unhold pkgRemove package name from /etc/zypp/locks or zypper rl/etc/portage/package.mask (or package.unmask)
Show a listing of all lock rulescat /etc/pacman.conf/etc/apt/preferencesView /etc/zypp/locks or zypper llcat /etc/portage/package.mask
Set the priority of the given package to avoid upgrade, force downgrade or to overwrite any default behavior. Can also be used to prefer a package version from a certain installation source.${EDITOR} /etc/pacman.conf
Modify HoldPkg and/or IgnorePkg arrays
/etc/apt/preferences, apt-cache policyzypper mr -p${EDITOR} /etc/portage/package.accept_keywords
Add a line with =category/package-version
Remove a previously set priority/etc/apt/preferenceszypper mr -p${EDITOR} /etc/portage/package.accept_keywords
remove offending line
Show a list of set priorities.apt-cache policy /etc/apt/preferenceszypper lr -pgrep -r . /etc/portage/package.accept_keywords
Ignores problems that priorities may trigger.n/a
ActionArchRed Hat/FedoraDebian/UbuntuSUSE/openSUSEGentoo

Verification and repair

ActionArchRed Hat/FedoraDebian/UbuntuSLES/openSUSEGentoo
Verify single packagepacman -Qk[k]rpm -Vdebsumsrpm -Vequery check
Verify all packagespacman -Qk[k]rpm -Vadebsumsrpm -Vaequery check
Reinstall given Package - Will reinstall the given package without dependency hassle.pacman -Sdnf reinstallapt install --reinstallzypper install --forceemerge -1O
Verify dependencies of the complete system. Used if installation process was forcefully killed.pacman -Dkdnf repoquery --requiresapt-get checkzypper verifyemerge -uDN @world
Use some magic to fix broken dependencies in a systempacman dep level - pacman -Dk, shared lib level - findbrokenpkgs or lddddnf repoquery --unsatisfiedapt-get --fix-broken
aptitude install
zypper verifyrevdep-rebuild
Add a checkpoint to the package system for later rollback(unnecessary, done on every transaction)n/a
Remove a checkpoint from the systemN/AN/An/a
Provide a list of all system checkpointsN/Adnf history listn/a
Rolls entire packages back to a certain date or checkpoint.N/Adnf history rollbackn/a
Undo a single specified transaction.N/Adnf history undon/a
ActionArchRed Hat/FedoraDebian/UbuntuSUSE/openSUSEGentoo

Using package files and building packages

ActionArchRed Hat/FedoraDebian/UbuntuSLES/openSUSEGentoo
Query a package supplied on the command line rather than an entry in the package management databasepacman -Qprpm -qpdpkg -I
List the contents of a package filepacman -Qplrpmls rpm -qpldpkg -crpm -qpl
Installs local package file, e.g. app.rpm and uses the installation sources to resolve dependenciespacman -Udnf installapt installzypper inemerge
Updates package(s) with local packages and uses the installation sources to resolve dependenciespacman -Udnf upgradedebiemerge
Add a local package to the local package cache mostly for debugging purposes.cp $filename /var/cache/pacman/pkg/apt-cache addn/acp $filename /usr/portage/distfiles
Extract a packagetar -Jxvfrpm2cpio | cpio -viddpkg-deb -xrpm2cpio | cpio -vidtar -jxvf
Install/Remove packages to satisfy build-dependencies. Uses information in the source package.Use ABS && makepkg -seocdnf builddepapt-get build-depzypper si -demerge -o
Display the source package to the given package name(s)dnf repoquery -sapt-cache showsrcn/a
Downloads the corresponding source package(s) to the given package name(s)Use ABS && makepkg -odnf download --sourceapt-get source / debcheckoutzypper source-installemerge --fetchonly
Build a packagemakepkg -srpmbuild -ba (normal)
mock (in chroot)
debuildrpmbuild -ba; build; osc buildebuild; quickpkg
Check for possible packaging issuesnamcaprpmlintlintianrpmlintrepoman
ActionArchRed Hat/FedoraDebian/UbuntuSUSE/openSUSEGentoo

Groups and users

If you wanna sue, read the last section. 

Me: Alright?

Whomever: S'alright

Adding a User to a Group in Linux

If you just want to add a user to a group use the following command:

This will add your user: username, to the grouptoadd group. More often than not, this is the best practice for when you want to add a user to a group. Technically, this is considered a secondary group. The primary group defaults to a group that is the same as the username in Linux. In this example, the primary group for username would most likely be called “username” as well.

The Nitty-Gritty Details and a Tutorial

There are two kinds of groups:

  1. Primary Group: This is the group applied to you when you log in; in most user cases it has the same name as your login name. The primary group is used by default when creating new files (or directories), modifying files, or executing commands.
  2. Secondary Groups (AKA Supplementary Groups): These are groups you are a member of beyond your primary group. As an example, this means that if a directory or file belongs to the www-data group (as used by the web server process in this case), then all www-data group members can read or modify these files directly (assuming the permissions also allow for this).

A list of all currently available groups can be found in the /etc/group file.

Note that every group can also have administrators, members, and a password. See explanations of the gpasswd and sg commands below.

1. Create a New User: useradd or adduser

Linux users can be added via the useradd or adduser commands. Note that useradd is the native binary associated with Linux systems, whereas useradd is a Perl script that uses said binary in its backend. Both commands share functionality, but some say adduser is more user-friendly, so we’re going to start there in our demo. Using the adduser command, let’s create a new user: foobar. Later we’ll change the group permissions for this new user.

We will be asked to enter our (sudo-allowed) user password before the user account is created:

We see that the user, foobar, was assigned the primary group, foobar, by default.

2. Get User ID and Groups Information: id and groups

To show all the user information and group memberships, we can use the id command:

Here the gid, or group ID, is the primary user group and groups is the secondary group.

We could also get all the users’ groups with the groups command:

3. Change the Primary Group of a User: usermod -g

In some cases it can make sense to change the primary group of a user.

We can do this with the usermod command:

The lowercase -g option refers to a primary group.

Let’s verify that the change was made:

Now foobar has the www-data primary group context. So whenever a new file is created by this user, it will be assigned the www-data group by default.

Let’s undo this change before we continue:

4. Add or Change Users in Secondary Groups: adduser and usermod -G

Now let’s add our foobar user to www-data as a secondary group. The easiest way to do this is via the adduser command:

We can see the secondary group of this user was updated:

There is another way to achieve the same result as above using the usermod command:

The uppercase -G option refers to a secondary or supplementary group. Now foobar will have access to the www-data group files, but new files created by that user will not have the www-data group label by default.

It’s also possible to add a user to several secondary groups at once using the usermodcommand:

The optional -a option makes sure the groups are added to the existing secondary groups of the user (if these exist). If this option is omitted, the user will be removed from any groups not listed after the “-G.”

5. Create or Delete a Group in Linux: groupadd and groupdel

Using the groupadd command, we can create a new group: group1.

We can then remove group1 from the Linux system utilizing the groupdel command:

This will also remove the memberships of any user related to this group.

User Administration in Linux (Other Commands and Articles to Try)

Let’s wrap up this article by referring to some of the other group commands in Linux:

  • newgrp: log into a new group
  • sg: execute a command as a different group ID
  • groupmod: modify a group definition (e.g., the group ID, group name, or password)
  • gpasswd: administer /etc/group and /etc/gshadow files (every group can have administrators, members, and a password)
  • chown or chgrp: change individual or group ownership of a file or directory

Now you should be able to confidently configure users, groups, and their administrative info in Linux. Feel free to check out our article on changing file ownerships in Linux for more insights.

The following is cited and not my work. I make no money from posting such things. I just share with a few friends.

[1]S. Roberto, "Linux: Add User to Group (Primary/Secondary/New/Existing) -",, 2019. [Online]. Available: [Accessed: 28- Jun- 2019].Let’s see how we can add new and existing users to primary and secondary groups in Linux. The standard Linux permission model makes use of users, groups, and file permissions (i.e., read, write, execute, and a sticky bit).

Familiar with etcher? The guys at belena have done some magical stuff

[Info]                Build finished in 9 minutes, 2 seconds
                _.-(6'  \
               (=___._/` \
                    )  \ |
                   /   / |
                  /    > /
                 j    < _\
             _.-' :      ``.
             \ r=._\        `.
            <`\\_  \         .`-.
             \ r-7  `-. ._  ' .  `\
              \`,      `-.`7  7)   )
               \/         \|  \'  / `-._
                          ||    .'
                           \\  (
                            >\  >
                        ,.-' >.'