企业官网建设流程全解析

When the disk is filling up and you need to know what’s eating it,ncduis the fastest tool to point at the problem directory. It’s an ncurses disk usage analyzer: it scans a tree once, caches the results in memory, and then lets you browse every subdirectory sorted by size. No flags to remember, no GUI required, and it works equally well over an SSH session to a remote server.

This guide installsncduon Rocky Linux 10 and Ubuntu 24.04, then walks through the scan, navigation, export-import workflow, and a few flags that make it useful for automated disk audits over SSH.

TestedApril 2026on Rocky Linux 10.1 with ncdu 1.22 from EPEL 10

Step 1: Install ncdu

On Rocky Linux 10, AlmaLinux 10, and RHEL 10,ncdulives in EPEL. Enable the CRB repo first (EPEL packages sometimes depend on CRB) and install:

sudo /usr/bin/crb enable sudo dnf install -y epel-release sudo dnf install -y ncdu

Copy

Debian 13 and Ubuntu 24.04 ship it inmain, so a single apt call is enough:

sudo apt update sudo apt install -y ncdu

Copy

Confirm the install and version:

ncdu --version

Copy

On a current Rocky 10 minimal image this reports:

ncdu 1.22

Copy

ncdu 1.2x has the rewritten scanner that’s several times faster than the 1.x series that still ships on some older RHEL derivatives. If you get something below 1.10, upgrade before relying on it for large filesystem scans.

Step 2: Interactive scan of a directory

Runncduagainst the directory you want to analyze. The most common target is the whole root filesystem, but because descending into/proc,/sys,/dev, and mounted filesystems wastes time, use-xto stay on a single filesystem and--exclude-kernfsto skip pseudo filesystems:

sudo ncdu -x --exclude-kernfs /

Copy

The scanner runs for a few seconds to a few minutes depending on the filesystem size, then drops you into the interactive browser. The top line shows the absolute path, and the column below lists subdirectories sorted biggest-first with their usage as a percentage of the parent and a bar graph.

Step 3: Key bindings you’ll actually use

ncdu is entirely keyboard-driven. Five bindings cover 95% of real usage:

• arrow keys / j k: move up and down the list
• Enter / right arrow / l: descend into a directory
• left arrow / h: go back up
• d: delete the selected file or directory (with confirm)
• g: toggle between bytes, graph, and percentage
• q: quit

Two more worth knowing: press?anytime for the full help screen, andn/s/Ctoggle sort order by name, size, and item count. Pressingion a highlighted item opens a details pane with owner, permissions, and mtime.

Step 4: Non-interactive scans for scripting

ncdu can export a full scan to a JSON file using-o. This is perfect for automation: run the scan on a server, copy the JSON to your laptop, and open it there for analysis without touching the remote box again. The-qflag tells ncdu to run in quiet (non-interactive) mode:

ncdu -q -o /tmp/ncdu.json /usr

Copy

The output file is plain text JSON so you can inspect it withhead:

ls -la /tmp/ncdu.json head -c 200 /tmp/ncdu.json

Copy

On a stock Rocky 10 VM scanning/usr, the JSON file comes in at around 2.3 MB and starts like this:

-rw-r--r--. 1 rocky rocky 2291160 Apr 12 03:04 /tmp/ncdu.json [1,2,{"progname":"ncdu","progver":"1.22","timestamp":1775952272}, [{"name":"/usr","asize":144,"dev":64516}, [{"name":"bin","asize":24576,"dsize":40960}, {"name

Copy

Open the exported scan in another ncdu session with-f:

ncdu -f /tmp/ncdu.json

Copy

Navigation is identical to a fresh scan, but nothing touches the disk because ncdu reads from the JSON cache. This is also the way to audit a remote server without keeping an SSH session open for the duration of a slow scan: runncdu -q -o scan.json /on the server,scpthe file down, and browse it at your leisure.

Step 5: Scanning excluded paths

Skip noisy directories with--exclude. Multiple exclusions can be chained, and-X exclude.txtreads a list from a file:

sudo ncdu -x --exclude-kernfs \ --exclude /var/cache \ --exclude /var/lib/docker \ --exclude /home/*/.cache \ /

Copy

This is particularly useful when you already know Docker overlay layers or cache directories are the big consumers and you want a view of the “real” user data underneath.

Step 6: Deleting from inside ncdu

When you find a 10 GB log file you no longer need, pressdon it. ncdu asks for confirmation and then actually removes the file. The totals update immediately so you can see the reclaimed space reflected in the parent directories. This is the feature that turns ncdu from a passive analyzer into a cleanup tool.

For safety when you’re working on production, run with-r(read-only) so accidental key presses can’t delete anything:

sudo ncdu -r /var

Copy

Related tools

ncdu is the right tool when you want an interactive view of disk usage. For non-interactive one-liners (e.g., “top 10 directories by size”), the classicdu -sh */ | sort -rh | headstill works. For filesystem-level capacity and block usage on BtrFS, usebtrfs filesystem usage; for LVM thin pools,lvs. And if you just want to check that/tmpisn’t consuming disk because it’s not on its own filesystem, see our mount /tmp as tmpfs or separate partition guide.

For a broader post-install toolkit on Rocky 10, see our post-install tips guide. For interactive process monitoring see our sshfs tutorial for mounting remote filesystems you can then scan locally. And if you’re analyzing a filesystem on a disk image that isn’t mounted, the qemu-img conversion guide shows how to flip the image into a formatguestmountcan open. For hardware-level checks to pair with disk analysis, the dmidecode reference covers the other half of the audit.