[Júne's Wiki] debian_common

This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong.
<nav> 
  * {{fa>server?color=#8B0000}} Linux
    * [[rpi_common|■ General Things on Raspbian]]
    * [[rpi_nimbus|𝐍𝐢𝐌𝐁𝐔𝐒 𝕕𝕖𝔹𝕝𝕒𝕟𝕔]]
    * [[debian_common|■ General info on Debian Linux]]
    * [[deb_cicada|𝐂𝐢𝐂𝐀𝐃𝐀 𝕊𝕒𝕩𝕠𝕥𝕦𝕞]]
    * [[deb_mutism|𝐌𝐔𝐓𝐢𝐒𝐌 𝕄𝕒𝕘𝕟𝕦𝕞]] 
    * [[deb_gilead|𝐆𝐢𝐋𝐄𝐀𝐃 𝔸𝕣𝕘𝕖𝕟𝕥𝕒]] 
    * [[deb_symbio|𝐒𝐘𝐌𝐁𝐢𝐎 ℂ𝕠𝕟𝕒𝕥𝕦𝕤]]
    * [[deb_tardis|𝐓𝐀𝐑𝐃𝐢𝐒 𝕊𝕡𝕒𝕥𝕚𝕦𝕞]] 
    * [[deb_debris|𝐃𝐄𝐁𝐑𝐢𝐒 ℂ𝕙𝕣𝕠𝕞𝕖]] 
  * {{fa>windows?color=#0000A0}} Windows
    * [[:pc_common|■ Common Works on Windows]]
    * [[PC_MESONiSM|𝐌𝐄𝐒𝐎𝐍𝐢𝐒𝐌]] 
    * [[PC_MESONiST|𝐌𝐄𝐒𝐎𝐍𝐢𝐒𝐓]]
  * {{fa>android?color=#006400}} Android
    * [[:cell_common|■ Common Stuffs on Androids]]
    * [[CELL_EPiCON|𝐄𝐏𝐢𝐂𝐎𝐍 𝔽𝟙]] 
    * [[CELL_EPiMER|𝐄𝐏𝐢𝐌𝐄𝐑 𝟡]] 
    * [[CELL_EPiLUX|𝐄𝐏𝐢𝐋𝐔𝐗 𝟟]]   
    * [[CELL_EPiTAP|𝐄𝐏𝐢𝐓𝐀𝐏 𝟙𝟙]] 
    * [[CELL_EPiETA|𝐄𝐏𝐢𝐄𝐓𝐀 𝟜]] 
</nav>

====== General info on Debian ======

{{:playground:boo_the_bunny_36.png?nolink&250|}}

----
===== Initial steps ===== 

==== Watchlist for backup ==== 

<code bash> 
/etc/nginx/sites-available/* 
/var/www/*
/etc/transmission-daemon/  
/opt/scripts/ 
</code>

**update-motd** 
<code bash>
/etc/update-motd.d/
</code>

**crontab** 
<code bash> 
sudo crontab -l 
sudo -u www-data crontab -l 
crontab -l 
</code>

**MariaDB** ''per DATABASE''
=== Backup MariaDB DATABASE === 

<code bash> 
/usr/bin/mysqldump --single-transaction -h localhost -u root -p[database_passwd] [database_name] > /..(path)../.backup/[database_name]-sqlbkp_`date +"%Y%m%d"`.bak
</code> 

---- 

=== Backup using rsync command === 

== Backup Nginx configuration files == 
<code bash> 
sudo rsync -avh --progress /etc/nginx/sites-available/ /home/meson/.backup/nginx/nginx_config_`date +"%Y%m"`/ 
</code> 

== Backup HTML source files == 
<code bash> 
sudo rsync -avh --progress /var/www/ /home/meson/.backup/html/html_backup_`date +"%Y%m"`/
</code> 

----
=== Remote backup for webpages === 
Rsync with ''[TARGET]'' using rsync from ''[SOURCE]''  
<code bash> 
sudo -u www-data rsync -azP --exclude '.ssh' -e 'ssh -p [port_number]' --rsync-path="sudo rsync" /var/www/ [user]@[TARGET]:"/[TARGET PATH]../../"
</code> 
Put ''[SOURCE]'' public key in ''[TARGET]'' user's ''authorized_keys'' 

----
==== Configure log files ==== 

Edit ''/etc/nginx/nginx.conf'' 
<code nginx> 
        access_log /var/log/nginx/_access.log;
        error_log /var/log/nginx/_error.log;
</code> 

----
==== Purge log files ==== 

== Cleaning compressed log files == 
<code bash> 
sudo find /var/log -name '*.gz' -exec rm {} \;
</code> 

----

==== Set hostnames ==== 

<code bash> 
sudo hostname HOSTiD 
sudo hostnamectl HOSTiD 
</code> 

Edit ''/etc/hostname'' with full domain name 

<code bash> 
hostid.mydomain.com
</code> 

----
==== Enable SSH ==== 

Genesis step for all {{mdi>debian?2x}} Linux works. 

----

=== Generate Public/Private key pair === 

<code bash> 
  ssh-keygen -t rsa -b 4096 
  ssh-keygen -t dsa
  ssh-keygen -t ecdsa -b 521
  ssh-keygen -t ed25519
</code> 

<code bash> 
  touch $home/.ssh/authorized_keys 
  chmod 600 $home/.ssh/authorized_keys 
</code> 

Append ''public keys'' for SSH client. 

---

=== SSH Key to ED25519 === 

<code bash> 
ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/id_ed25519 -C "john@example.com"
</code>

  * ''-o'': Save the private-key using the new OpenSSH format
  * ''-a'': KDF (Key Derivation Function) rounds. Higher numbers result in slower passphrase verification, increasing the resistance to brute-force password cracking should the private-key be stolen.
  * ''-C'': An option to specify a comment

---

==== Enable colorful terminal ==== 

Comment out **''force_color_prompt=yes''** in ''~/.bashrc''

<code bash>
  vi ~/.bashrc 
  source ./.bashrc 
</code>
 
=== Time stamp prompt === 

Edit ''~/.bashrc'' and change ''PS1'' line 

<code bash> 
if [ "$color_prompt" = yes ]; then
    PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]: \[\033[01;33m\]\D{%T}\[\033[00m\] \[\033[01;37m\]\w\$\[\033[00m\] '
else
    PS1='${debian_chroot:+($debian_chroot)}\u@\h: \D{%T} \w\$ '
fi
</code> 

Save and load ''.bashrc'' 

<code bash> 
source ~/.bashrc 
</code> 


----

==== User aliases command ==== 

If you don't have ''.bash_aliases'' in your home directory. 
<code bash> 
touch .bash_aliases    
</code> 

''Edit'' ''.bash_aliases''. Example: Backup Nginx configuration files with date stamp. 

<code bash> 
alias backup_nginx='sudo rsync -avh --progress /etc/nginx/ /home/user/storage/Nginx.Config//nginx_config_`date +"%Y%m%d"`/'
</code> 

----
===== Configure Dynamic DNS ===== 

=== Google Domains with ddclient === 
Dynamic DNS records are configured in [[https://google.com/domains|Google Domains]], then update IP using **ddclient**.[[https://support.google.com/domains/answer/6147083|Set Up Dynamic DNS]] in Google Domains. Keep ''generated credentials'' to use in ddclient. 

<code bash>
  sudo apt-get install ddclient 
</code>

''ddclient'' and related packages are installed and will pop up the screen to ask a few parameters. Just do it as you wish and exit quickly. This is not your big deal. \\ Edit ''/etc/ddclient.conf'' 

<code ini>
  protocol=dyndns2
  ssl=yes
  use=web
  server=domains.google.com
  login=generated_username
  password=generated_password
  your_resource.your_domain.tld 
</code>

If this configuration is not work when you run ''ddclient -noquiet'' with some WARNINGs because ddclient does not support Google Domains directly. Then change configuration file as followings:

Google Domain ''protocol'' is **updated**, so use it directly. 

<code ini> 
  protocol=googledomains
  use=web                # this is essential.
  ssl=yes
  login=generated_username
  password=generated_password
  your_resource.your_domain.tld 
</code>

Edit ''sudo crontab -e'' to run periodically or register as daemon to run start. 

----
=== Cloudflare with ddclient === 

Assume you already installed ''ddclient'' before this. --- [[:debian_common#google_domains_with_ddclient|Google Domains with ddclient]]

It require a package ''libjson-any-perl'' 
<code bash>
  sudo apt-get install libjson-any-perl
</code> 

edit ''/etc/ddclient.conf'' 
<code ini> 
 ssl=yes
 use=web
 protocol=cloudflare, 				\
 zone=yourhost.com,				\
 login=my-cloudflare-login@email.com,		\
 password=cloudflare-API-global-token		\
 ddns.yourhost.com,
</code> 

''login'' is email address for Cloudflare and ''password'' is API key string. Cloudflare(tm) with ''ddclient'' uses ''JSON'' format.

<code bash> 
  sudo ddclient -verbos -noquiet 
</code> 

''Run'' with ''-verbos'' and ''-noquiet'' option to see the progress. Messages, if any, error(s) show up. ''add'' work in ''crontab'' with ''root permission'' 
<code bash> 
  sudo crontab -e 
</code> 

  30 */2 * * * /usr/sbin/ddclient -quiet 

This ''crontab'' runs at minute 30 past every 2nd hour. 

----
=== FreeDNS with ddclient === 

Edit ''/etc/ddclient.conf'' 

<code ini> 
 ssl=yes
 use=web 
 protocol=freedns
 login=login_id
 password='account_password'
 ddns.yourhost.com
</code> 

Add ''crontab'' schedule, 

<code bash> 
  sudo crontab -e 
</code>

----
=== NO-IP with ddclient === 

<code ini>
  protocol=dyndns2
  server=dynupdate.no-ip.com
  login=your_login_id
  password=your_password
  your_domain.com
</code>

----

=== Google Domains with API === 

Create ''Synthetic record'' with Dynamic DNS option and keep ''generated credentials''  

<code bash> 
#!/bin/bash

### Google Domains provides an API to update a DNS "Syntheitc record". This script
### updates a record with the script-runner's public IP, as resolved using a DNS
### lookup.
###
### Google Dynamic DNS: https://support.google.com/domains/answer/6147083
### Synthetic Records: https://support.google.com/domains/answer/6069273

USERNAME="generated_id"
PASSWORD="generated_password"
HOSTNAME="yoursubdomain.yourdomain.here"

# Resolve current public IP
IP=$( dig +short myip.opendns.com @resolver1.opendns.com )
# Update Google DNS Record
URL="https://${USERNAME}:${PASSWORD}@domains.google.com/nic/update?hostname=${HOSTNAME}&myip=${IP}"
curl -s $URL
</code> 

----
=== Cloudflare with API === 

Getting user's data from Cloudfalre™ 
Before, you set up the dynamic DNS from Cloudfalre™, you need to set **A record** with your desired domain name. If you want to use ''DDNS.DOMAIN.COM'' as your dynamic DNS. Put **A record** in ''**DOMAIN.COM**'' section. 

<hidden> 
.Cloudflare API v1 not available any more 
<code bash>
  curl https://www.cloudflare.com/api_json.html \
    -d 'a=rec_load_all' \
    -d 'tkn=8afbeYOUR0API0KEY0INdCLOUDFLARE0' \
    -d 'email=YOU@DOMAIN.COM' \
    -d 'z=DOMAIN.COM'
</code>
</hidden> 

<code bash> 
curl -X GET 'https://api.cloudflare.com/client/v4/zones/7140bd43dh357d0e8ee2ea786cef70ae/dns_records' \
    -H 'X-Auth-Email: 'YOU@DOMAIN.COM \
    -H 'X-Auth-Key: '8afbeYOUR0API0KEY0INdCLOUDFLARE0 \
    -H 'Content-Type: application/json'
</code> 

Check your ''Global API key'' for ''X-Auth-Key'' from [[https://www.cloudflare.com/a/profile|My Profiles]] and ''Zone ID'' can be found in your ''**DOMAIN.COM**'' page. 


This will shows bunch of strings and just copy them or your can make text file appending ''>> ~/cloudflare.json'' 

To find data you want, you need to arrange using [[http://jsonviewer.stack.hu/|Online JSON parser]] or your editor. Find out **''id''** value for specific domains. Here assume ''id'' for ''ddns.DOMAIN.COM'' under ''DOMAIN.COM'' is ''372e679540...86b9e0b59'' Make shell script. 

<hidden> 
.Cloudflare API v1 (not used any more) 
<code bash>
  #!/bin/sh
  NEW_IP=`curl ifconfig.me/ip`
  CURRENT_IP=`cat /var/tmp/current_ip.dat`
  
  if [ "$NEW_IP" = "$CURRENT_IP" ]
  then
      echo "No Change in IP Adddress"
  else
      curl https://www.cloudflare.com/api_json.html \
          -d 'a=rec_edit' \
          -d 'tkn=8afbeYOUR0API0KEY0INdCLOUDFLARE0' \
          -d 'email=YOU@DOMAIN.COM' \
          -d 'z=DOMAIN.COM' \
          -d 'id=rec_id_FROMABOVE' \
          -d 'type=A' \
          -d 'name=DDNS.DOMAIN.COM' \
          -d 'ttl=1' \
          -d "content=$NEW_IP"
        echo $NEW_IP > /var/tmp/current_ip.dat
  fi
</code>
</hidden> 

<code bash> 
#!/bin/sh
 NEW_IP=`curl ifconfig.me/ip`
 CURRENT_IP=`cat /var/tmp/current_ip.dat`
  
  if [ "$NEW_IP" = "$CURRENT_IP" ]
  then
      echo "No Change in IP Adddress"
  else
   curl -X PUT 'https://api.cloudflare.com/client/v4/zones/7140bd43dh357d0e8ee2ea786cef70ae/dns_records/372e679540...86b9e0b59' \
    -H 'X-Auth-Email: 'YOU@DOMAIN.COM \
    -H 'X-Auth-Key: '8afbeYOUR0API0KEY0INdCLOUDFLARE0 \
    -H 'Content-Type: application/json' \
    --data '{
        "type": "A",
        "name": "ddns.domain.com",
        "content": '\"$NEW_IP\"',
        "proxied": true
    }'
   echo $NEW_IP > /var/tmp/current_ip.dat
 fi
</code>

grant execute permission 

<code bash> 
  sudo chmod +x ./ddns.sh
</code>

and touch file to record current IP address. 

<code bash>
  sudo touch /var/tmp/current_ip.dat
</code>

''ifconfig.me/ip'' is API to retrieve external IP for Dynamic DNS. Alternatives are ''ifconfig.io/ip'' or ''api.ipify.org'' \\
If your script is ''/usr/bin/ddns.sh'', edit ''crontab'' to update IP periodically. 

<code bash>
  sudo crontab -e 
  *   */3   *   *   *   /usr/bin/ddns.sh 
</code> 

Then the script runs every 3 hours. \\
 [[https://meson.ml/2vJ5wOm|Júnes's configuration and scripts]] {{fa>folder-open?color=#FFDF00}} WebDAV  --- Updated on //2017/08/24 22:06//

----

===== Disable unused settings =====

==== Disable suspend mode ==== 

Disable / Ignore ''suspend mode'' of laptop for lasting online even when LCD lid is closed. 

''Edit'' ''**/etc/systemd/logind.conf**'' 

<code ini> 
 #HandlePowerKey=poweroff  
 #HandleSuspendKey=suspend
 #HandleHibernateKey=hibernate
 #HandleLidSwitch=suspend
</code>

Comment out the items that you wish to edit. ''HandlePowerKey'' is for when pressing Power key. ''HandleSuspendKey'' is for suspend key (if exists). ''HandleHibernateKey'' is for hibernation key. And ''**HandleLidSwitch**'' is for lid panel. 

<code ini> 
 #HandlePowerKey=poweroff  
 #HandleSuspendKey=suspend
 #HandleHibernateKey=hibernate
 HandleLidSwitch=ignore
</code>

----
==== Disable Hardware Acceleration ====

<code bash> 
/etc/X11/xorg.conf.d/disable-gpu.conf

Section "Extensions"
    Option "GLX" "Disable"
EndSection
</code>

----

==== Disable power wireless off ==== 

<code bash> 
 sudo iwconfig wlan0 power off 
</code> 

----

==== Disable Bluetooth service ==== 

<code bash> 
vi /etc/bluetooth/main.conf
</code> 

Edit the line with ''AutoEnable'' with ''false'' 
<code ini>
AutoEnable = false
</code> 

A more radical way is to either stop the bluetooth service

<code bash>
sudo systemctl stop bluetooth.service
</code>

Or even more radical is to disable it permanently
<code bash> 
sudo systemctl disable bluetooth
</code> 

----

==== Debugging service ==== 

<code bash> 
  sudo service stop sshd   # ssd daemon for example 
  /usr/sbin/sshd -d       # need to specify full path 
</code> 

Find problem from messages in debugging mode. 

----

==== Configure locales ==== 

<code bash> 
 sudo dpkg-reconfigure locales
</code> 

Deselect unused ''locales'' and save them.

----




===== Install Services ===== 

==== Nextcloud™ ====

[[os_nextcloud|Nextcloud 101]] --- Nextcloud user's Guides

----

===== Upgrade & Maintenance =====

==== Major LTS upgrade ==== 

Upgrade from 18.04 LTS to 20.04 LTS (''Focal Fossa'') 

Official Guide on upgrade [[https://meson.in/2ALsTwg|How to upgrade from Ubuntu 18.04 LTS to 20.04 LTS today]] <sub>  --- Updated on //2020/07/11 03:40// </sub> 

=== Upgrade on the command line === 

Update all repository for packages, which already installed on the system. 

<code bash> 
 sudo apt update && sudo apt dist-upgrade -y && sudo apt autoremove 
</code> 

Upgrade with major LTS with 

<code bash> 
 sudo do-release-upgrade -d 
</code> 

Follow the procedures and finish.  

<code text> 
Some third party entries in your sources.list were disabled. You can 
re-enable them after the upgrade with the 'software-properties' tool 
or your package manager. 
</code>

----

==== Fetch error during update ==== 

Error during update --- ''Failed to fetch'' or something like that 

<code bash> 
sudo apt-get clean
sudo rm -vf /var/lib/apt/lists/*
sudo rm -vf /var/lib/apt/lists/partial/*
sudo apt-get update
</code> 

Run ''update'' command several times until finishing fetches


---- 
==== Upgrade php 7.x ==== 

Append additional source for php7.x latest,
<code bash> 
sudo apt install software-properties-common
sudo add-apt-repository ppa:ondrej/php
</code> 

<code bash> 
wget -q https://packages.sury.org/php/apt.gpg -O- | sudo apt-key add -
echo "deb https://packages.sury.org/php/ `lsb_release -cs` main" | sudo tee /etc/apt/sources.list.d/php.list
</code>

Append ''Nginx mainline'' packages 

<code bash> 
sudo add-apt-repository ppa:ondrej/nginx-mainline
</code> 

Update source lists

<code bash> 
sudo apt-get update
</code> 

<code text> 
Reading package lists... Done
E: The method driver /usr/lib/apt/methods/https could not be found.
N: Is the package apt-transport-https installed?
E: Failed to fetch https://packages.sury.org/php/dists/stretch/InRelease
E: Some index files failed to download. They have been ignored, or old ones used instead.
</code> 

When it comes to this errors, install additional packages for update, 

<code bash> 
sudo apt-get install ca-certificates apt-transport-https
</code> 

Install php with latest version 

<code bash> 
sudo apt-get install php7.2 php7.2-cli php7.2-common php7.2-opcache php7.2-curl php7.2-mbstring php7.2-mysql php7.2-zip php7.2-xml
</code> 

To verify the installation is completed run the following command:

<code bash> 
php -v
</code> 
 

----
==== Install & upgrade Nginx ==== 

Install the prerequisites:

<code bash>
sudo apt install curl gnupg2 ca-certificates lsb-release
</code> 

To set up the apt repository for stable nginx packages, run the following command:
<code bash> 
echo "deb http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" \
    | sudo tee /etc/apt/sources.list.d/nginx.list
</code> 

If you would like to use mainline nginx packages, run the following command instead:

<code bash> 
echo "deb http://nginx.org/packages/mainline/ubuntu `lsb_release -cs` nginx" \
    | sudo tee /etc/apt/sources.list.d/nginx.list
</code> 

Next, import an official nginx signing key so apt could verify the packages authenticity:

<code bash> 
curl -fsSL https://nginx.org/keys/nginx_signing.key | sudo apt-key add -
</code> 

Verify that you now have the proper key:

<code bash> 
sudo apt-key fingerprint ABF5BD827BD9BF62
</code>

The output should contain the full fingerprint ''573B FD6B 3D8F BC64 1079 A6AB ABF5 BD82 7BD9 BF62'' as follows:

<code txt> 
pub   rsa2048 2011-08-19 [SC] [expires: 2024-06-14]
      573B FD6B 3D8F BC64 1079  A6AB ABF5 BD82 7BD9 BF62
uid   [ unknown] nginx signing key <signing-key@nginx.com>
</code> 

To install nginx, run the following commands:

<code bash> 
sudo apt update
sudo apt install nginx
</code> 

----

==== Upgrade mariadb ==== 

<button type="link" icon="mdi mdi-database-plus">[[https://downloads.mariadb.org/mariadb/repositories|Setting up MariaDB Repositories]]</button>

Select ''Disto'', ''Release'' and ''Version'' and follow the instruction 

<code bash> 
sudo apt-get install software-properties-common
sudo apt-key adv --fetch-keys 'https://mariadb.org/mariadb_release_signing_key.asc'
sudo add-apt-repository 'deb [arch=amd64,arm64,ppc64el] https://ftp.harukasan.org/mariadb/repo/10.5/ubuntu focal main'
</code>

Once the key is imported and the repository added you can install MariaDB 10.5 from the MariaDB repository with:

<code bash>
sudo apt update
sudo apt install mariadb-server
</code>

Check service is working correctly and installed version. 

<code bash> 
sudo mysql -uroot -p
</code> 

Alternatively, edit ''/etc/apt/sources.list'' or add repository with command line. 

<code>
# MariaDB 10.5 repository list - created 2020-08-31 04:34 UTC
# http://downloads.mariadb.org/mariadb/repositories/
deb [arch=amd64] https://ftp.harukasan.org/mariadb/repo/10.5/ubuntu focal main
deb-src https://ftp.harukasan.org/mariadb/repo/10.5/ubuntu focal main
</code>

If you need debug packages, add the debug component to your sources.list with:

<code bash>
sudo add-apt-repository 'deb [arch=amd64,arm64,ppc64el] https://ftp.harukasan.org/mariadb/repo/10.5/ubuntu focal main/debug'
</code> 

MariaDB debug packages will now show up when searching for 'mariadb' with apt and are distinguished by the `-dbgsym` suffix. Debug packages are generally only needed during development and usually should not be installed unless you know that you need them.

----
==== Basic commands 101 ==== 

{{fa>terminal?size=24&color=#AABBCC}} [[https://devhints.io/|Rico's cheatsheets]] -- first glimpse on {{fa>linux?color=#a80030}} **Linux commands**


=== rm === 

<code bash> 
  rm -R			\\ Remove directory, Recursively
  rm -i			\\ Remove with confirmation 
  rm -f			\\ Force deletion of Files Directories 
  rm -v			\\ Show information of deletion process, Verbosely 
</code> 

----
=== ufw (firewalls) === 

<code bash> 
  sudo ufw app list		\\ show app list by firewall 
</code> 

<code bash> 
  sudo ufw allow OpenSSH	\\ allow OpenSSH 
  sudo ufw enable  
  sudo ufw status  
</code> 

----
=== udevadm === 

To retrieve hardware information such as serial number of product, 

<code bash> 
  sudo udevadm info --query=all --name=/dev/sda
</code>

----

=== find string(s) in files ===

<code bash> 
find /path/to/files/ -type f | xargs grep -n 'string_to_search'
</code> 

----

=== [output to file] === 

|  |  visible in terminal  | |  visible in file  |  |   | 
|  syntax  |  ''stdout''  |  ''stderr''  |  ''stdout''  |  ''stderr''  |  existing file  |
| | | | | | | 
|  ''>''  |  no  |  yes  |  yes  |  no  |  overwrite  | 
|  ''>>''  |  no  |  yes  |  yes  |  no  |  append  | 
|  ''2>''  |  yes  |  no  |  no  |  yes  |  overwrite  |
|  ''2>>''  |  yes  |  no  |  no  |  yes  |  append  |
|  ''&>''  |  no  |  no  |  yes  |  yes  |  overwrite  |
|  ''&>>''  |  no  |  no  |  yes  |  yes  |  append  |
|  ''| tee''  |  yes  |  yes  |  yes  |  no  |  overwrite  |
|  ''| tee -a''  |  yes  |  yes  |  yes  |  no  |  append  |
|  ''|& tee''  |  yes  |  yes  |  yes  |  yes  |  overwrite  |
|  ''|& tee -a''  |  yes  |  yes  |  yes  |  yes  |  append  |
| | | | | | | 

<code bash>
command > output.txt   
</code> 
The standard output stream will be redirected to the file only, it will not be visible in the terminal. If the file already exists, it gets overwritten.

<code bash>
command >> output.txt
</code> 
The standard output stream will be redirected to the file only, it will not be visible in the terminal. If the file already exists, the new data will get appended to the end of the file.

<code bash>
command 2> output.txt
</code> 
The standard error stream will be redirected to the file only, it will not be visible in the terminal. If the file already exists, it gets overwritten.

<code bash>
command 2>> output.txt
</code> 
The standard error stream will be redirected to the file only, it will not be visible in the terminal. If the file already exists, the new data will get appended to the end of the file.

<code bash>
command &> output.txt
</code> 
Both the standard output and standard error stream will be redirected to the file only, nothing will be visible in the terminal. If the file already exists, it gets overwritten.

<code bash>
command &>> output.txt
</code> 
Both the standard output and standard error stream will be redirected to the file only, nothing will be visible in the terminal. If the file already exists, the new data will get appended to the end of the file..

<code bash>
command | tee output.txt
</code> 
The standard output stream will be copied to the file, it will still be visible in the terminal. If the file already exists, it gets overwritten.

<code bash>
command | tee -a output.txt
</code> 
The standard output stream will be copied to the file, it will still be visible in the terminal. If the file already exists, the new data will get appended to the end of the file.

<code bash>
(*)
</code> 
Bash has no shorthand syntax that allows piping only StdErr to a second command, which would be needed here in combination with tee again to complete the table. If you really need something like that, please look at "How to pipe stderr, and not stdout?" on Stack Overflow for some ways how this can be done e.g. by swapping streams or using process substitution.

<code bash>
command |& tee output.txt
</code> 
Both the standard output and standard error streams will be copied to the file while still being visible in the terminal. If the file already exists, it gets overwritten.

<code bash>
command |& tee -a output.txt
</code> 
Both the standard output and standard error streams will be copied to the file while still being visible in the terminal. If the file already exists, the new data will get appended to the end of the file.

----