A terminal window running on a Linux laptop computer.
Fatmawati Achmad Zaenuri/Shutterstock

The Linux which command identifies the executable binary that launches when you issue a command to the shell. If you have different versions of the same program on your computer, you can use which to find out which one the shell will use.

Binaries and Paths

When you try to run a program or command from the terminal window, the shell (usually, Bash on modern distributions) has to find that command and launch it. Some commands, such as cd, history, and pwd, are built into the shell, so Bash doesn’t have to work too hard to find these.

But how does Bash locate other commands, programs, and external stand-alone binaries? Well, Bash uses the path, which is actually a collection of paths, each of which points to a directory. It then searches each of those directories for an executable that matches the command or program you’re trying to run. When it finds one, Bash launches it and abandons the search.

You can use echo to check the $PATH environment variable and see the directories in your path. To do so, type the following, and then hit Enter:

echo $PATH

The output list separates each path with colons (:). On the computer we’re using, Bash will search the following directories in this order:

  •  /usr/local/sbin
  •  /usr/local/bin
  •  /usr/sbin
  •  /usr/bin
  •  /sbin
  •  /bin
  •  /user/games
  •  /usr/local/games
  •  /snap/bin

There are many folders called /sbin and /bin in the file system, which can lead to some confusion.

Watch Those Paths

Let’s say we have an updated version of a program called htg.  It’s in our current directory, and we can run it by typing the following command:


It’s not much of a program—it just prints the version number, and then closes down. The new version is 1.2.138.

To run a program in the current working directory, you must type “./” in front of the program name, so Bash knows where to find it.

Because we want to run this particular program from any directory, we’re going to move the executable into the /usr/bin directory. Bash will find that program in the path and run it for us.

We don’t need the executable in our current directory, nor do we need to type “./” in front of the program name, as shown below:

sudo mv htg /usr/bin

Now, let’s try to run the program by typing:


Something runs, but it isn’t our new, updated program. Rather, it’s the older version, 1.2.105.

The which Command

The issue we demonstrated above is why the which command was designed.

In this example, we’ll use which and pass the name of the program we’re investigating as a command-line parameter:

which htg

which reports it’s found a version of htg in the /usr/local/bin directory. Because that location appears in the path before the directory to which we moved the updated htg, Bash uses that earlier version of the program.

However, if we use the -a (all) option as shown below, which continues to search even if it finds a match:

which -a htg

It then lists all of the matches in any of the directories in the path.

So, that’s the problem—there’s an earlier version of the program in a directory that’s also in the patch. And that directory is being searched before the directory in which we dropped the new version of the program.

To verify, we can type the following and explicitly run each version of the program:


This explains the problem, and the solution is simple.

Actually, we have options. We can either delete the old version in the /use/local/bin directory or move it from /usr/bin to /usr/local/bin.

Watch Those Results

Two results don’t necessarily mean two binary files.

Let’s look at an example in which we’ll use the which command with the -a (all) option and look for versions of the less program:

which -a less

which reports two locations that house a version of the less program, but is that true? It would be odd to have two different versions (or the same version in multiple locations) of less installed on a Linux computer. So, we’re not going to accept the output from which. Instead, let’s dig a bit deeper.

We can use the ls-l (long listing), and -h (human-readable) options to see what’s going on:

ls -lh /usr/bin/less

The file size is reported as nine bytes! That’s definitely not a full copy of less.

The first character of the listing is an “l.” A normal file would have a hyphen (-) as the first character. The “l” is a symbol that means symbolic link. If you missed that detail, the --> symbol also indicates this is a symbolic link, which you can think of as a sort of shortcut. This one points to the copy of less in /bin.

Let’s try again with the version of less in /bin:

ls -lh /bin/less

This entry is obviously a “real” binary executable. The first character of the listing is a hyphen (-), which means it’s a regular file, and the file size is 167 KB. So, only one copy of less is installed, but there’s a symbolic link to it from another directory, which Bash also finds when it searches the path.

RELATED: How to Use the ls Command to List Files and Directories on Linux

Checking Multiple Commands at Once

You can pass multiple programs and commands to which, and it will check them in order.

For example, if you type:

which ping cat uptime date head

which works through the list of programs and commands you supplied it with and lists the result for each one.

Which which is which?

If you’re so inclined, you can also use which on itself by typing the following:

which which

Apart from poking around the Linux file system out of curiosity, which is most useful when you expect one set of behaviors from a command or program, but get another.

You can use which in these cases to verify the command Bash is launching is the one you want to use.

RELATED: Best Linux Laptops for Developers and Enthusiasts

Profile Photo for Dave McKay Dave McKay
Dave McKay first used computers when punched paper tape was in vogue, and he has been programming ever since. After over 30 years in the IT industry, he is now a full-time technology journalist. During his career, he has worked as a freelance programmer, manager of an international software development team, an IT services project manager, and, most recently, as a Data Protection Officer. His writing has been published by  howtogeek.com, cloudsavvyit.com, itenterpriser.com, and opensource.com. Dave is a Linux evangelist and open source advocate.
Read Full Bio »