Linux Command Line 101: Basic File and Directory Operations
Contents
Linux Command Line 101: Basic File and Directory Operations#
The ability to use the Linux terminal is a valuable skill for a cybersecurity professional. Many tasks in cybersecurity domains like penetration testing, digital forensics, cloud security involve using Linux commands on a regular basis. Knowing how to use simple commands will help you easily interpret and use complex commands. This blog post introduces you to some basic commands to manage files and directories. The following operations were performed on Ubuntu. The commands discussed in this blog post would be the same across all Linux distributions.
What’s on the GUI?#
User spark is logged into the computer. Within the /home directory of user spark there is a folder called /test. A Note on Linux Directory Structure for DFIR post gives you an idea about the directory structure on Linux.
On Windows machines, you can view the full path leading to the current folder in the address bar. To view the same on Ubuntu, use the Ctrl +l (lower-case L) keystroke within a folder. You can view the path leading to the current folder as shown in the following screenshot. Notice that forward slashes (/) are used in Linux, whereas in Windows backward slashes (\) would be used.
Within the /test directory there are two other directories: /one and /two, and a file file3.txt.
You can view the path of this current folder using the Ctrl +l (lower-case L) keystroke. The terms folder and directory can be used interchangeably.
Within directory /one there is one file file1.txt.
Within directory /two there is one file file2.txt.
Using the Terminal#
Let us perform some basic file and directory operations in the command line using the Terminal application. While in the /test folder in the GUI, right click anywhere on the screen and select Open in Terminal. This will bring up the Terminal application with a prompt like this one.
spark@workstation: ~/test$
Listing the contents of a directory#
To view the contents of the /test folder, type ls
, which means to ‘list’ the contents of a folder. You can see the names of the two folders (directories) and one file. Note the different colours used to represent the file and folder names. The colour combinations used will depend on the theme used by the Terminal application.
Changing between directories#
Command cd
means to ‘change directories’. It is used to navigate between directories on the command line. We know that directory /one has one file file1.txt. Let us navigate to directory /one and list its contents.
The command syntax to change directories is:
cd <directory-to-change-into>
The following screenshot shows the command used to navigate into directory /one. Directory /test is referred to as the parent directory of /one.
Do you want to guess which command can be used to view the contents of directory /one? Yes, it is ls
. The following screenshot represents the contents of directory /one.
Now we will use cd
command to head back into /test folder. Currently we are in /home/spark/test/one. To navigate into the parent directory /home/spark/test, cd
command is used again. The directory to change into, which is the parent directory, is represented by two dots (…) In Linux, the parent directory of any directory is always represented by two dots. The following screenshot shows how a user can navigate to a parent directory.
Now let’s assume you are in directory /one again.
To navigate to directory /two from directory /one, cd
command can be used. But we cannot jump between directories. We must first land in the common directory, here the parent directory /test and then navigate into /two. This operation can be combined into one command as shown in the following screenshot.
Copying files#
Now let’s head back into /test. Let us attempt to copy file3.txt into directory /two. This simple operation can be performed using cp
command, which stands for copy. Its syntax is:
cp <source> <destination>
The result of copy command is similar to the copy+paste operation. The following screenshot shows how cp
command is used to copy file3.txt into directory /two. Now a copy of file3.txt exists in /test directory and in /test/two directory.
Directory /two has two files now.
A file can also be copied with a different name. Do you want to guess what the command shown in the following screenshot does?
It makes a copy of file3.txt in directory /two with the name file3-copy.txt.
You guessed right! Now directory /two has three files.
Moving files#
Now we are back to /test directory. Let’s attempt to move file1.txt in directory /one to directory /two. mv
command can be used for this task. Its syntax is:
mv <file to be moved> <new location of the file>
The following screenshot shows how mv
command is used to move file1.txt in directory /one to directory /two. Move is similar to a cut+paste operation.
This means that directory /one is empty. This can be verified using ls
.
Now directory /two has four files in total.
When a file is moved, it can also have a new name in the new location. It can be done using the following syntax:
mv <file to be moved> <new location of the file/new name>
Deleting files#
Now what if we want to delete a file? rm
command is used to ‘remove’ a file. Its syntax is:
rm <name of file to be removed>
From within the /test directory, the following command shows how rm
command is used to delete the file file3.copy.txt within directory /two.
Now directory /two has only three files.
Deleting directories#
Now let’s delete directory one which is empty. rmdir
command is used to delete a directory. Its syntax is:
rmdir <name of directory to be removed>
A directory must be empty before it can be deleted.
Within /test directory, we have only /two and file3.txt.
Creating directories#
Let’s create a new directory called /four within /test. mkdir
command is used to make or create a directory. Its syntax is:
mkdir <name of directory to be created>
Now we can see that /test has two directories: /two and /four, and one file file3.txt
Wrapping up#
In this blog post, we have seen how to:
List the contents of a directory
Navigate between directories
Copy, move and delete files
Create and delete directories
A word on file/directory paths#
Let’s assume we are in directory /one. The path of /one with respect to only its parent directory /test will be /test/one. This path is referred to as its relative path. The complete path of /one within the /home directory of user spark is /home/spark/test/one, which is formally referred to as absolute path.
Relative path is always relative to one level up in the directory hierarchy. Absolute path refers to the complete chain of directories in a path.
Within /test, the relative path of file3.txt is /test/file3.txt
The absolute path of file3.txt is /home/spark/test/file3.txt
What’s the next step?#
Are you wondering when and where you will use all these commands?
During a penetration testing engagement, you may have to list the contents of the directory
During a digital forensic investigation, you may have to create a directory to hold the evidence
While working with cloud infrastructure, you may have to navigate between directories
This is just a small list of Linux command-line operations you can do for cybersecurity.
Here is a project idea for you:
Research what
pwd
command doesSet up an Ubuntu virtual machine and set up the directory structure we discussed here, with the /test directory
Navigate to /test directory in the terminal and observe what
pwd
command displaysNavigate to /test/one directory in the terminal and observe what
pwd
command displaysNavigate to /test/two directory in the terminal and observe what
pwd
command displays
On all Linux systems, once you open the Terminal application, you can navigate to a directory of your choice using the cd
command to perform various activities.