Linux Command Line 101: Basic File and Directory Operations

The ability to use the Linux terminal is a valuable skill for a cybersecurity professional. Many tasks in cybersecurity domains like penetration testing, digital forensics, cloud security involve using Linux commands on a regular basis. Knowing how to use simple commands will help you easily interpret and use complex commands. This blog post introduces you to some basic commands to manage files and directories. The following operations were performed on Ubuntu. The commands discussed in this blog post would be the same across all Linux distributions.

What’s on the GUI?

User spark is logged into the computer. Within the /home directory of user spark there is a folder called /test. This post gives you an idea about the directory structure on Linux.

alt text

On Windows machines, you can view the full path leading to the current folder in the address bar. To view the same on Ubuntu, use the Ctrl +l (lower-case L) keystroke within a folder. You can view the path leading to the current folder as shown in the following screenshot. Notice that forward slashes (/) are used in Linux, whereas in Windows backward slashes (\) would be used.

alt text

Within the /test directory there are two other directories: /one and /two, and a file file3.txt.

alt text

You can view the path of this current folder using the Ctrl +l (lower-case L) keystroke. The terms folder and directory can be used interchangeably.

alt text

Within directory /one there is one file file1.txt.

alt text

Within directory /two there is one file file2.txt.

alt text

Using the Terminal

Let us perform some basic file and directory operations in the command line using the Terminal application. While in the /test folder in the GUI, right click anywhere on the screen and select Open in Terminal. This will bring up the Terminal application with a prompt like this one.

[email protected]: ~/test$

Listing the contents of a directory

To view the contents of the /test folder, type ls, which means to ‘list’ the contents of a folder. You can see the names of the two folders (directories) and one file. Note the different colours used to represent the file and folder names. The colour combinations used will depend on the theme used by the Terminal application.

alt text

Changing between directories

Command cd means to ‘change directories’. It is used to navigate between directories on the command line. We know that directory /one has one file file1.txt. Let us navigate to directory /one and list its contents.

The command syntax to change directories is:

cd <directory-to-change-into>

The following screenshot shows the command used to navigate into directory /one. Directory /test is referred to as the parent directory of /one.

alt text

Do you want to guess which command can be used to view the contents of directory /one? Yes, it is ls. The following screenshot represents the contents of directory /one.

alt text

Now we will use cd command to head back into /test folder. Currently we are in /home/spark/test/one. To navigate into the parent directory /home/spark/test, cd command is used again. The directory to change into, which is the parent directory, is represented by two dots (..) In Linux, the parent directory of any directory is always represented by two dots. The following screenshot shows how a user can navigate to a parent directory.

alt text

Now let’s assume you are in directory /one again.

alt text

To navigate to directory /two from directory /one, cd command can be used. But we cannot jump between directories. We must first land in the common directory, here the parent directory /test and then navigate into /two. This operation can be combined into one command as shown in the following screenshot.

alt text

Copying files

Now let’s head back into /test. Let us attempt to copy file3.txt into directory /two. This simple operation can be performed using cp command, which stands for copy. Its syntax is:

cp <source> <destination>

The result of copy command is similar to the copy+paste operation. The following screenshot shows how cp command is used to copy file3.txt into directory /two. Now a copy of file3.txt exists in /test directory and in /test/two directory.

alt text

Directory /two has two files now.

alt text

A file can also be copied with a different name. Do you want to guess what the command shown in the following screenshot does?

alt text

It makes a copy of file3.txt in directory /two with the name file3-copy.txt.

You guessed right! Now directory /two has three files.

alt text

Moving files

Now we are back to /test directory. Let’s attempt to move file1.txt in directory /one to directory /two. mv command can be used for this task. Its syntax is:

mv <file to be moved> <new location of the file>

The following screenshot shows how mv command is used to move file1.txt in directory /one to directory /two. Move is similar to a cut+paste operation.

alt text

This means that directory /one is empty. This can be verified using ls.

alt text

Now directory /two has four files in total.

alt text

When a file is moved, it can also have a new name in the new location. It can be done using the following syntax:

mv <file to be moved> <new location of the file/new name>

Deleting files

Now what if we want to delete a file? rm command is used to ‘remove’ a file. Its syntax is:

rm <name of file to be removed>

From within the /test directory, the following command shows how rm command is used to delete the file file3.copy.txt within directory /two.

alt text

Now directory /two has only three files.

alt text

Deleting directories

Now let’s delete directory one which is empty. rmdir command is used to delete a directory. Its syntax is:

rmdir <name of directory to be removed>

A directory must be empty before it can be deleted.

alt text

Within /test directory, we have only /two and file3.txt.

alt text

Creating directories

Let’s create a new directory called /four within /test. mkdir command is used to make or create a directory. Its syntax is:

mkdir <name of directory to be created>

alt text

Now we can see that /test has two directories: /two and /four, and one file file3.txt

alt text

Wrapping up

In this blog post, we have seen how to:

  • List the contents of a directory
  • Navigate between directories
  • Copy, move and delete files
  • Create and delete directories

A word on file/directory paths

Let’s assume we are in directory /one. The path of /one with respect to only its parent directory /test will be /test/one. This path is referred to as its relative path. The complete path of /one within the /home directory of user spark is /home/spark/test/one, which is formally referred to as absolute path.

Relative path is always relative to one level up in the directory hierarchy. Absolute path refers to the complete chain of directories in a path.

Within /test, the relative path of file3.txt is /test/file3.txt

The absolute path of file3.txt is /home/spark/test/file3.txt

What’s the next step?

Are you wondering when and where you will use all these commands?

  • During a penetration testing engagement, you may have to list the contents of the directory
  • During a digital forensic investigation, you may have to create a directory to hold the evidence
  • While working with cloud infrastructure, you may have to navigate between directories

This is just a small list of Linux command-line operations you can do for cybersecurity.

Here is a project idea for you:

  • Research what pwd command does
  • Set up an Ubuntu virtual machine and set up the directory structure we discussed here, with the /test directory
  • Navigate to /test directory in the terminal and observe what pwd command displays
  • Navigate to /test/one directory in the terminal and observe what pwd command displays
  • Navigate to /test/two directory in the terminal and observe what pwd command displays

On all Linux systems, once you open the Terminal application, you can navigate to a directory of your choice using the cd command to perform various activities.