Listing Files

The ls command is used to list the contents of a directory. You've already seen it used a few
times before in examples, but this page will help ensure you are comfortable with its use.

ls [OPTIONS] [FILE]

By default, when the ls command is used with no options or arguments, it will list the files in
the current directory:

sysadmin@localhost:~$ ls
Desktop Documents Downloads Music Pictures Public Templates Videos

To learn the details about a file, such as the type of file, the permissions, ownerships or the
timestamp, perform a long listing using the -l option to the ls command. Below, a listing of
the /var/log directory is used as an example, since it provides a variety of output:

sysadmin@localhost:~$ ls -l /var/log/
total 832
-rw-r--r-- 1 root root 17869 Mar 14 17:48 alternatives.log
drwxr-x--- 2 root adm 4096 Mar 14 17:48 apache2
drwxr-xr-x 2 root root 4096 Mar 14 17:45 apt
-rw-r----- 1 syslog adm 380 Jul 28 03:45 auth.log
-rw-r--r-- 5 root root 47816 Mar 2 23:10 bootstrap.log
-rw-rw---- 5 root utmp 0 Mar 2 23:10 btmp
-rw-r----- 1 syslog adm 324 Jul 28 03:45 cron.log
-rw-r----- 1 root adm 85083 Mar 14 17:48 dmesg
-rw-r--r-- 1 root root 315196 Mar 14 17:48 dpkg.log
-rw-r--r-- 1 root root 32064 Mar 14 17:48 faillog
drwxr-xr-x 2 root root 4096 Jun 30 06:53 fsck
-rw-r----- 1 syslog adm 106 Jul 28 03:45 kern.log
-rw-rw-r-- 1 root utmp 292584 Jul 28 03:45 lastlog
-rw-r----- 1 syslog adm 18703 Jul 28 03:46 syslog
drwxr-xr-x 2 root root 4096 Apr 11 2014 upstart
-rw-rw-r-- 1 root utmp 384 Jul 28 03:45 wtmp

Each line corresponds to a file contained within the directory. The information can be broken
down into fields separated by spaces. The fields are as follows:
 File Type
 - rw-r--r-- 1 root root 17869 Mar 14 17:48 alternatives.log
 d rwxr-x--- 2 root adm 4096 Mar 14 17:48 apache2

The first field actually contains ten characters, where the first character indicates the
type of file and the next nine specify permissions. The file types are:

Symbo
l File Type Description

d directory A file used to store other files.

- regular file Includes readable files, images files, binary

files, and compressed files.

l symbolic Points to another file.

link

s socket Allows for communication between processes.

p pipe Allows for communication between processes.

b block file Used to communicate with hardware.

c character Used to communicate with hardware.

file

The first file alternatives.log is a regular file -, while the second file apache2 is a

directory d.
Permissions

d rwxr-xr-x 1 root root 0 Apr 11 21:58 upstart

Permissions indicate how certain users can access a file. Keep reading to learn more
about permissions.
 Hard Link Count

-rw-r----- 1 syslog adm 23621 Aug 23 15:17 auth.log

 This number indicates how many hard links point to this file. Hard links are beyond the
scope of this module, but are covered in the NDG Linux Essentials course.
 User Owner

-rw-r----- 1 syslog adm 416 Aug 22 15:43 kern.log

User syslog owns this file. Every time a file is created, the ownership is automatically
assigned to the user who created it.
 Group Owner

-rw-rw-r-- 1 root utmp 292584 Aug 20 18:44 lastlog

Indicates which group owns this file

 File Size

-rw-r----- 1 syslog adm 1087150 Aug 23 15:17 syslog.1

Directories and larger files may be shown in kilobytes since displaying their size in
bytes would present a very large number. Therefore, in the case of a directory, it might
actually be a multiple of the block size used for the file system. Block size is the size of
a series of data stored in the filesystem.
 Timestamp

drwxr-xr-x 1 root root 32 Jul 17 03:36 fsck

This indicates the time that the file's contents were last modified.
 Filename

-rw-r--r-- 1 root root 47816 Jul 17 03:36 bootstrap.log

The final field contains the name of the file or directory.

Consider This
In the case of symbolic links, a file that points to another file, the link name will be
displayed along with an arrow and the pathname of the original file.

lrwxrwxrwx. 1 root root 22 Nov 6 2012 /etc/grub.conf ->

../boot/grub/grub.conf

Symbolic links are beyond the scope of this module, but are covered in the NDG Linux
Essentials course.

Sorting
By default the output of the ls command is sorted alphabetically by filename. It can sort by
other methods as well.
Follow Along
The options in examples below will be combined with the -l option so the relevant details of
the files are displayed. Notice fields corresponding to the search option.
The -t option will sort the files by timestamp:

sysadmin@localhost:~$ ls -lt /var/log

total 840
-rw-r----- 1 syslog adm 27014 Jul 28 00:10 syslog
-rw-r----- 1 syslog adm 380 Jul 27 23:10 auth.log
-rw-rw-r-- 1 root utmp 292584 Jul 27 23:10 lastlog
-rw-rw-r-- 1 root utmp 384 Jul 27 23:10 wtmp
-rw-r----- 1 syslog adm 324 Jul 27 23:10 cron.log
-rw-r----- 1 syslog adm 106 Jul 27 23:10 kern.log
drwxr-xr-x 2 root root 4096 Jun 30 06:56 fsck
-rw-r--r-- 1 root root 17869 Mar 14 17:48 alternatives.log
-rw-r----- 1 root adm 85083 Mar 14 17:48 dmesg
-rw-r--r-- 1 root root 32064 Mar 14 17:48 faillog
-rw-r--r-- 1 root root 315196 Mar 14 17:48 dpkg.log
drwxr-x--- 2 root adm 4096 Mar 14 17:48 apache2
drwxr-xr-x 2 root root 4096 Mar 14 17:45 apt
-rw-r--r-- 5 root root 47816 Mar 2 23:10 bootstrap.log
-rw-rw---- 5 root utmp 0 Mar 2 23:10 btmp
drwxr-xr-x 2 root root 4096 Apr 11 2014 upstart

The -S option will sort the files by file size:

sysadmin@localhost:~$ ls -l -S /var/log
total 840
-rw-r--r-- 1 root root 315196 Mar 14 17:48 dpkg.log
-rw-rw-r-- 1 root utmp 292584 Jul 27 23:10 lastlog
-rw-r----- 1 root adm 85083 Mar 14 17:48 dmesg
-rw-r--r-- 5 root root 47816 Mar 2 23:10 bootstrap.log
-rw-r--r-- 1 root root 32064 Mar 14 17:48 faillog
-rw-r----- 1 syslog adm 27014 Jul 28 00:10 syslog
-rw-r--r-- 1 root root 17869 Mar 14 17:48 alternatives.log
drwxr-x--- 2 root adm 4096 Mar 14 17:48 apache2
drwxr-xr-x 2 root root 4096 Mar 14 17:45 apt
drwxr-xr-x 2 root root 4096 Jun 30 06:56 fsck
drwxr-xr-x 2 root root 4096 Apr 11 2014 upstart
-rw-rw-r-- 1 root utmp 384 Jul 27 23:10 wtmp
-rw-r----- 1 syslog adm 380 Jul 27 23:10 auth.log
-rw-r----- 1 syslog adm 324 Jul 27 23:10 cron.log
-rw-r----- 1 syslog adm 106 Jul 27 23:10 kern.log
-rw-rw---- 5 root utmp 0 Mar 2 23:10 btmp

The -r option will reverse the order of any type of sort. Notice the difference when it is added
to the previous example:

sysadmin@localhost:~$ ls -lSr /var/log

total 840
-rw-rw---- 5 root utmp 0 Mar 2 23:10 btmp
-rw-r----- 1 syslog adm 106 Jul 27 23:10 kern.log
-rw-r----- 1 syslog adm 324 Jul 27 23:10 cron.log
-rw-r----- 1 syslog adm 380 Jul 27 23:10 auth.log
-rw-rw-r-- 1 root utmp 384 Jul 27 23:10 wtmp
drwxr-xr-x 2 root root 4096 Apr 11 2014 upstart
drwxr-xr-x 2 root root 4096 Jun 30 06:56 fsck
drwxr-xr-x 2 root root 4096 Mar 14 17:45 apt
drwxr-x--- 2 root adm 4096 Mar 14 17:48 apache2
-rw-r--r-- 1 root root 17869 Mar 14 17:48 alternatives.log
-rw-r----- 1 syslog adm 27014 Jul 28 00:10 syslog
-rw-r--r-- 1 root root 32064 Mar 14 17:48 faillog
-rw-r--r-- 5 root root 47816 Mar 2 23:10 bootstrap.log
-rw-r----- 1 root adm 85083 Mar 14 17:48 dmesg
-rw-rw-r-- 1 root utmp 292584 Jul 27 23:10 lastlog
-rw-r--r-- 1 root root 315196 Mar 14 17:48 dpkg.log

The numbers in file size field switch from descending to ascending.

Used alone the -r option with list the files in reverse alphabetical order:

sysadmin@localhost:~$ ls -r /var/log
wtmp lastlog faillog cron.log auth.log alternatives.log
upstart kern.log dpkg.log btmp apt
syslog fsck dmesg bootstrap.log apache2

Administrative Access
There are many Linux commands which deal with sensitive information like passwords, system
hardware, or otherwise operate under other exceptional circumstances. Preventing regular
users from executing these commands helps to protect the system. Logging in as the root user
provides administrative access, allowing for the execution of some of the privileged commands.

The su Command
su OPTIONS USERNAME

The su command allows you to temporarily act as a different user. It does this by creating a
new shell. The shell is simply a text input console that lets you type in commands. By default, if
a user account is not specified, the su command will open a new shell as the root user, which
provides administrative privileges.
Follow Along
Utilizing the login shell option is recommended, as the login shell fully configures the new shell
with the settings of the new user. This option can be specified one of three ways:
su -
su -l
su --login

After executing the su command, a password is required. On our virtual machines, the

password for both the root and sysadmin accounts is netlab123. If you ever forget, it is
displayed every time a new virtual machine is started. As a security measure, the password will
not be visible as it is typed.

sysadmin@localhost:~$ su -
Password:
root@localhost:~#

Note the command prompt has changed to reflect that you are now logged in as
the root user. To logout and return to the sysadmin account, use the exit command. Note
the prompt changes back:

root@localhost:~# exit
exit
sysadmin@localhost:~$
To avoid executing any sensitive commands, we’ve configure the Steam Locomotive
command, the sl command, to require administrative access. If the command is executed
as sysadmin, it fails:

sysadmin@localhost:~$ sl
sl: Permission denied

Use the su command to switch to the root account and execute the sl command with
administrative access:

sysadmin@localhost:~$ su -
Password:
root@localhost:~# sl
(@@) ( ) (@) ( ) @@ () @ O
@
( )
(@@@@)
( )

(@@@)
==== ________ ___________
_D _| |_______/ \__I_I_____===__|_________|
|(_)--- | H\________/ | | =|___ ___|
_________________
/ | | H | | | | ||_| |_|| _|
| | | H |__--------------------| [___] | =|
| ________|___H__/__|_____/[][]~\_______| | -|
|/ | |-----------I_____I [][] [] D |=======|____|
__________________
__/ =| o |=-~~\ /~~\ /~~\ /~~\ ____Y___________|__|
____________________
|/-=|___|= || || || |_____/~\___/ |_D__D__D_|
|_D__
\_/ \_O=====O=====O=====O/ \_/ \_/ \_/
\_/

Use the exit command again to return to the sysadmin account.

root@localhost:~# exit
exit
sysadmin@localhost:~$

The sudo Command
sudo [OPTIONS] COMMAND

The sudo command allows a user to execute a command as another user without creating a

new shell. Instead, to execute a command with administrative privileges, use it as an argument
to the sudo command. Like the su command, the sudo command assumes by default
the root user account should be used to execute commands.
Consider This
The sudo command can be used to switch to other user accounts as well. To specify a different
user account use the -u option.
Execute the sl command as the root user by putting sudo in front of it:

sysadmin@localhost:~$ sudo sl
Password:

Note
Remember the password is netlab123. The prompt for the password will not appear again as
long as the user continues to execute sudo commands less than five minutes apart.
Once the command has completed, notice the prompt has not changed, you are still logged in
as sysadmin. The sudo command only provides administrative access for the execution of the
specified command. This is an advantage as it reduces the risk that a user accidentally
executes a command as root. The intention to execute a command is clear; the command is
executed as root if prefixed with the sudo command. Otherwise, the command is executed as a
regular user.

Permissions
Permissions determine the ways different users can interact with a file or directory. When
listing a file with the ls -l command, the output includes permission information. For the
example we will use a script called hello.sh located in the Documents directory:
Follow Along
Use the following command to switch to the Documents directory:
sysadmin@localhost:~$ cd ~/Documents
sysadmin@localhost:~/Documents$ ls -l hello.sh
-rw-r--r-- 1 sysadmin sysadmin 647 Dec 20 2017 hello.sh

Below is a review of the fields relevant to permissions.

File Type Field
- rw-r--r-- 1 sysadmin sysadmin 647 Dec 20 2017 hello.sh

The first character of this output indicates the type of a file. Recall that if the first character is
a -, this is a regular file. If the character was a d, it would be a directory.

Permissions Field
- rw-r--r-- 1 sysadmin sysadmin 647 Dec 20 2017 hello.sh

After the file type character, the permissions are displayed. The permissions are broken into
three sets of three characters:

 Owner
- rw- r--r-- 1 sysadmin sysadmin 647 Dec 20 2017 hello.sh

The first set is for the user who owns the file. If your current account is the user
owner of the file, then the first set of the three permissions will apply and the
other permissions have no effect.
The user who owns the file, and who these permissions apply to, can be
determined by the user owner field:

-rw-r--r-- 1 sysadmin sysadmin 647 Dec 20 2017 hello.sh

 Group
-rw- r-- r-- 1 sysadmin sysadmin 647 Dec 20 2017 hello.sh

The second set is for the group that owns the file. If your current account is
not the user owner of the file and you are a member of the group that owns the
file, then the group permissions will apply and the other permissions have no
effect.
The group for this file can be determined by the group owner field:

-rw-r--r-- 1 sysadmin sysadmin 647 Dec 20 2017 hello.sh

 Other
-rw-r-- r-- 1 sysadmin sysadmin 647 Dec 20 2017 hello.sh

The last set is for everyone else, any one who that first two sets of permissions
do not apply to. If you are not the user who owns the file or a member of the
group that owns the file, the third set of permissions applies to you.
Permission Types
There are three different permissions that can be placed on a file or directory: read, write, and
execute. The manner in which these permissions apply differs for files and directories, as
shown in the chart below:

Permissio
n Effects on File Effects on Directory

read (r) Allows for file contents
to be read or copied.
Without execute permission on the
directory, allows for a non-detailed
listing of files. With execute
permission, ls -l can provide a
detailed listing.

write (w) Allows for contents to be
modified or overwritten.
Allows for files to be
added or removed from a
directory.
For this permission to work, the
directory must also have execute
permission.

execute (x) Allows for a file to be Allows a user to change to the

run as a process, directory if parent directories have
although script files execute permission as well.
require read permission,
as well.

Consider This
Understanding which permissions apply is an important skill set in Linux. For example,
consider the following set of permissions:
-r--rw-rwx. 1 sysadmin staff 999 Apr 10 2013 /home/sysadmin/test

In this scenario, the user sysadmin ends up having less access to this file than members of
the staff group or everyone else. The user sysadmin only has the permissions of r--. It
doesn't matter if sysadmin is a member of the staff group; once user ownership has been
established, only the user owner's permissions apply.

Changing File Permissions

The chmod command is used to change the permissions of a file or directory. Only the root user
or the user who owns the file is able to change the permissions of a file.
Consider This
Why is the command named chmod instead of chperm? Permissions used to be referred to
as modes of access, so the command chmod really means change the modes of access.
There are two techniques for changing permissions with
the chmod command: symbolic and octal. The symbolic method is good for changing one set of
permissions at a time. The octal or numeric method requires knowledge of the octal value of
each of the permissions and requires all three sets of permissions (user, group, other) to be
specified every time. For the sake of simplicity, only the symbolic method will be covered. To
learn more about the octal method check out NDG Linux Essentials!

The Symbolic Method

chmod [<SET><ACTION><PERMISSIONS>]... FILE

To use the symbolic method of chmod first indicate which set of permissions is being changed:

chmod [ <SET> <ACTION><PERMISSIONS>]... FILE

Symbol Meaning

u User: The user who owns the file.

g Group: The group who owns the file.

o Others: Anyone other than the user owner or member of the group
owner.

a All: Refers to the user, group and others.

Next, specify an action symbol:

chmod [<SET> <ACTION> <PERMISSIONS>]... FILE

Symbol Meaning

+ Add the permission, if necessary

= Specify the exact permission

 Symbol Meaning

- Remove the permission, if necessary

After an action symbol, specify one or more permissions to be acted upon.

chmod [<SET><ACTION> <PERMISSIONS> ]... FILE

Symbol Meaning

r read

w write

x execute

Finally, a space and the pathnames for the files to assign those permissions.

chmod [<SET><ACTION><PERMISSIONS>]... FILE

The file hello.sh used in the examples on the previous page is a script. A script is a file that
can be executed, similar to a command:

sysadmin@localhost:~/Documents$ ls -l hello.sh
-rw-r--r-- 1 sysadmin sysadmin 647 Dec 20 2017 hello.sh

However currently, the execute permission is not set for any of the permission groups:

-rw - r- - r- - 1 sysadmin sysadmin 647 Dec 20 2017 hello.sh

Attempting to execute this script using the following syntax fails:

sysadmin@localhost:~/Documents$ ./hello.sh
-bash: ./hello.sh: Permission denied

Since the system is currently logged in as the sysadmin user, and sysadmin is the owner of

this file, giving the user owner the execute permission should allow you to execute this script.
Using the chmod command with the u character to represent the user owner permission set,
the + character to indicate a permission is being added, and the x character to represent the
execute permission, the command should be executed as follows:

sysadmin@localhost:~/Documents$ chmod u+x hello.sh

No output indicates the command succeeded. Confirm by checking the permissions using
the ls -l command:

sysadmin@localhost:~/Documents$ ls -l hello.sh
-rwxr--r-- 1 sysadmin sysadmin 647 Dec 20 2017 hello.sh

The user owner now has the execute permission listed:

-rw x rw-r-- 1 sysadmin sysadmin 21 Aug 1 02:35 hello.sh

Finally, attempt to execute the script again. Use the command syntax shown below:

./hello.sh
sysadmin@localhost:~/Documents$ ./hello.sh
______________
( Hello World! )
--------------
\
\
<(^)
( )

Consider This
Notice that to execute the script in the previous example, a ./ character combination was
placed before the script name.

./ hello.sh

This indicates the "command" should be run from the current directory.

Changing File Ownership

Initially, the owner of a file is the user who creates it. The chown command is used to change
the ownership of files and directories. Changing the user owner requires administrative access.
A regular user cannot use this command to change the user owner of a file, even to give the
ownership of one of their own files to another user. However, the chown command also permits
changing group ownership, which can be accomplished by either root or the owner of the file.
To change the user owner of a file, the following syntax can be used. The first
argument, [OWNER], specifies which user is to be the new owner. The second
argument, FILE, specifies which file's ownership is changing.

chown [OPTIONS] [OWNER] FILE

Follow Along
Use the following command to switch to the Documents directory:
sysadmin@localhost:~$ cd ~/Documents

Currently all the files in the Documents directory are owned by the sysadmin user. This can
be verified by using the ls -l command. Recall that the third column indicates the user owner.

sysadmin@localhost:~/Documents$ ls -l
total 144
drwx------ 5 sysadmin sysadmin 4096 Dec 20 2017 School
drwx------ 2 sysadmin sysadmin 4096 Dec 20 2017 Work
-rw-r--r-- 1 sysadmin sysadmin 39 Dec 20 2017 adjectives.txt
-rw-r--r-- 1 sysadmin sysadmin 90 Dec 20 2017 alpha-first.txt
-rw-r--r-- 1 sysadmin sysadmin 106 Dec 20 2017 alpha-second.txt
-rw-r--r-- 1 sysadmin sysadmin 195 Dec 20 2017 alpha-third.txt
-rw-r--r-- 1 sysadmin sysadmin 390 Dec 20 2017 alpha.txt
-rw-r--r-- 1 sysadmin sysadmin 42 Dec 20 2017 animals.txt
-rw-r--r-- 1 sysadmin sysadmin 14 Dec 20 2017 food.txt
-rwxr--r-- 1 sysadmin sysadmin 647 Dec 20 2017 hello.sh
-rw-r--r-- 1 sysadmin sysadmin 67 Dec 20 2017 hidden.txt
-rw-r--r-- 1 sysadmin sysadmin 10 Dec 20 2017 letters.txt
-rw-r--r-- 1 sysadmin sysadmin 83 Dec 20 2017 linux.txt
-rw-r--r-- 1 sysadmin sysadmin 66540 Dec 20 2017 longfile.txt
-rw-r--r-- 1 sysadmin sysadmin 235 Dec 20 2017 newhome.txt
-rw-r--r-- 1 sysadmin sysadmin 10 Dec 20 2017 numbers.txt
-rw-r--r-- 1 sysadmin sysadmin 77 Dec 20 2017 os.csv
-rw-r--r-- 1 sysadmin sysadmin 59 Dec 20 2017 people.csv
-rw-r--r-- 1 sysadmin sysadmin 110 Dec 20 2017 profile.txt
-rw-r--r-- 1 sysadmin sysadmin 51 Dec 20 2017 red.txt

To switch the owner of the hello.sh script to the root user, use root as the first argument

and hello.sh as the second argument. Don't forget to use the sudo command in order to
gain the necessary administrative privileges. Use password netlab123 when prompted:
sysadmin@localhost:~/Documents$ sudo chown root hello.sh
[sudo] password for sysadmin:

Confirm the user owner has changed by executing the ls -l command. Use the filename as
an argument to limit the output:

sysadmin@localhost:~/Documents$ ls -l hello.sh
-rwxr--r-- 1 root sysadmin 647 Dec 20 2017 hello.sh

The user owner field is now root indicating the change was successful.

Consider This
Try executing the hello.sh script again. It fails! Why?
sysadmin@localhost:~/Documents$ ./hello.sh
-bash: ./hello.sh: Permission denied

Only the user owner has the execute permission, and now the root user is the user owner.
This file now requires administrative access to execute. Use the sudo command to execute the
script as the root user.
sysadmin@localhost:~/Documents$ sudo ./hello.sh
[sudo] password for sysadmin:
______________
( Hello World! )
--------------
\
\
<(^)
( )

Regular Expressions
Regular expressions have two common forms: basic and extended. Most commands that use
regular expressions can interpret basic regular expressions. However, extended regular
expressions are not available for all commands and a command option is typically required for
them to work correctly.
The following table summarizes basic regular expression characters:
 Basic Regex
Character(s) Meaning

. Any one single character

[ ] Any one specified character

[^ ] Not the one specified character

* Zero or more of the previous character

^ If first character in the pattern, then pattern must

be at beginning of the line to match, otherwise
just a literal ^

$ If last character in the pattern, then pattern must

be at the end of the line to match, otherwise just a
literal $

The following table summarizes the extended regular expressions, which must be used with
either the egrep command or the -E option with the grep command:

Extended Regex
Character(s) Meaning

+ One or more of the previous pattern

? The preceding pattern is optional

{ } Specify minimum, maximum or exact

matches of the previous pattern

| Alternation - a logical "or"

( ) Used to create groups

 Extended Regex
Character(s) Meaning

Only basic regular expressions have been covered here. For more information concerning
extended regular expressions, check out the NDG Linux Essentials and NDG Introduction to
Linux courses.

Basic Patterns
Regular expressions are patterns that only certain commands are able to interpret. Regular
expressions can be expanded to match certain sequences of characters in text. The examples
displayed on this page will make use of regular expressions to demonstrate their power when
used with the grep command. In addition, these examples provide a very visual demonstration
of how regular expressions work, the text that matches will be displayed in a red color.
Follow Along
Use the following cd command to change to the Documents directory.
sysadmin@localhost:~$ cd ~/Documents

The simplest of all regular expressions use only literal characters, like the example from the
previous page:

sysadmin@localhost:~/Documents$ grep sysadmin passwd

sysadmin:x:1001:1001:System Administrator,,,,:/home/sysadmin:/bin/bash

Anchor Characters
Anchor characters are one of the ways regular expressions can be used to narrow down
search results. For example, the pattern root appears many times in the /etc/passwd file:

sysadmin@localhost:~/Documents$ grep 'root' passwd

root:x:0:0:root:/root:/bin/bash
operator:x:1000:37::/root:

To prevent the shell from misinterpreting them as special shell characters, these patterns
should be protected by strong quotes, which simply means placing them between single
quotes.
The first anchor character ^ is used to ensure that a pattern appears at the beginning of the
line. For example, to find all lines in /etc/passwd that start with root use the pattern ^root.
Note that ^ must be the first character in the pattern to be effective.

sysadmin@localhost:~/Documents$ grep '^root' /etc/passwd

root:x:0:0:root:/root:/bin/bash

For the next example, first examine the alpha-first.txt file. The cat command can be

used to print the contents of a file:

sysadmin@localhost:~/Documents$ cat alpha-first.txt

A is for Animal
B is for Bear
C is for Cat
D is for Dog
E is for Elephant
F is for Flower

The second anchor character $ can be used to ensure a pattern appears at the end of the line,
thereby effectively reducing the search results. To find the lines that end with an r in
the alpha-first.txt file, use the pattern r$:

sysadmin@localhost:~/Documents$ grep 'r$' alpha-first.txt

B is for Bear
F is for Flower

Again, the position of this character is important, the $ must be the last character in the pattern
in order to be effective as an anchor.

Match a Single Character With .

The following examples will use the red.txt file:

sysadmin@localhost:~/Documents$ cat red.txt

red
reef
rot
reeed
rd
rod
roof
reed
root
reel
read
One of the most useful expressions is the period . character. It will match any character except
for the new line character. The pattern r..f would find any line that contained the
letter r followed by exactly two characters (which can be any character except a newline) and
then the letter f:

sysadmin@localhost:~/Documents$ grep 'r..f' red.txt

reef
roof

The same concept can be repeated using other combinations. The following will find four letter
words that start with r and with d:

sysadmin@localhost:~/Documents$ grep 'r..d' red.txt

reed
read

This character can be used any number of times. To find all words that have at least four
characters the following pattern can be used:

sysadmin@localhost:~/Documents$ grep '....' red.txt

reef
reeed
roof
reed
root
reel
read

The line does not have to be an exact match, it simply must contain the pattern, as seen here
when r..t is searched for in the /etc/passwd file:

sysadmin@localhost:~/Documents$ grep 'r..t' /etc/passwd

root:x:0:0:root:/root:/bin/bash
operator:x:1000:37::/root:

Match a Single Character With []

The square brackets [ ] match a single character from the list or range of possible characters
contained within the brackets.
For example, given the profile.txt file:

sysadmin@localhost:~/Documents$ cat profile.txt

Hello my name is Joe.
I am 37 years old.
3121991
My favorite food is avocados.
I have 2 dogs.
123456789101112

To find all the lines in the profile.txt which have a number in them, use the
pattern [0123456789] or [0-9]:

sysadmin@localhost:~/Documents$ grep '[0-9]' profile.txt

I am 37 years old.
3121991
I have 2 dogs.
123456789101112

On the other hand, to find all the lines which contain any non-numeric characters, insert a ^ as
the first character inside the brackets. This character negates the characters listed:

sysadmin@localhost:~/Documents$ grep '[^0-9]' profile.txt

Hello my name is Joe.
I am 37 years old.
My favorite food is avocados.
I have 2 dogs.

Note
Do not mistake [^0-9] to match lines which do not contain numbers. It actually matches lines
which contain non-numbers. Look at the original file to see the difference. The third and sixth
lines only contain numbers, they do not contain non-numbers so those lines do not match.
When other regular expression characters are placed inside of square brackets, they are
treated as literal characters. For example, the . normally matches any one character, but
placed inside the square brackets, then it will just match itself. In the next example, only lines
which contain the . character are matched.

sysadmin@localhost:~/Documents$ grep '[.]' profile.txt

Hello my name is Joe.
I am 37 years old.
My favorite food is avocados.
I have 2 dogs.
Match a Repeated Character Or Patterns With *
The regular expression character * is used to match zero or more occurrences of a character
or pattern preceding it. For example e* would match zero or more occurrences of the letter e:

sysadmin@localhost:~/Documents$ cat red.txt

red
reef
rot
reeed
rd
rod
roof
reed
root
reel
read
sysadmin@localhost:~/Documents$ grep 're*d' red.txt
red
reeed
rd
reed

It is also possible to match zero or more occurrences of a list of characters by utilizing the
square brackets. The pattern [oe]* used in the following example will match zero or more
occurrences of the o character or the e character:

sysadmin@localhost:~/Documents$ grep 'r[oe]*d' red.txt

red
reeed
rd
rod
reed

When used with only one other character, * isn't very helpful. Any of the following patterns
would match every string or line in the file: .* e* b* z*.

sysadmin@localhost:~/Documents$ grep 'z*' red.txt

red
reef
rot
reeed
rd
rod
roof
reed
root
reel
read
sysadmin@localhost:~/Documents$ grep 'e*' red.txt
red
reef
rot
reeed
rd
rod
roof
reed
root
reel
read

This is because * can match zero occurrences of a pattern. In order to make the * useful, it is

necessary to create a pattern which includes more than just the one character preceding *. For
example, the results above can be refined by adding another e to make the
pattern ee* effectively matching every line which contains at least one e.

sysadmin@localhost:~/Documents$ grep 'ee*' red.txt

red
reef
reeed
reed
reel
read
Standard Input
If a file name is not given, the grep command will read from standard input, which normally
comes from the keyboard with input provided by the user who runs the command. This
provides an interactive experience with grep where the user types in the input and grep filters
as it goes. Feel free to try it out, just press Ctrl-D when you're ready to return to the prompt.

Follow Along
Use the following cd command to return to the home directory:
sysadmin@localhost:~/Documents$ cd ~