CompTIA Linux+ (XK0-004)
Red Hat Enterprise Linux
Git and Github
Learn Docker and Kubernates
Tips and Tricks

2. Working with Directory

  • cd ~ It takes you to the home dir

  • cd It also takes you to the home dir

  • cd - It takes you back to the directory where you were before

The Filesystem Hierarchy Standard

Linux Filesystem Hierarchy

Filesystem Links (ln)

Hard links - directory entry that references the same inode as anther directory entry. In simple words, it is just a different name to the same file on the disk. Just like a person has multiple names.

  • can't span filesystems

  • can't create hard links to non-existent file

  • can't create hard links to directories

  • do not require additional storage space (i.e. blocks)

  • If you edit one file, the other will reflect the changes automatically.

Hard link - two files pointing to the same inode in the disk
Notice '3' how the number in increasing every time you create a new hard link

Notice: looks like every time we're creating a file, it takes up 677K space in the space. But this is not the case. Because it is essentially coping all the attributes of the original file and pointing to the same file.

Also notice that deleting one file, doesn't affect the other file.

Symbolic links - file that references another file (shortcut in Windows)

  • can reference directories

  • can span filesystems

  • can reference non-existent files

  • occupies space (blocks)

Symbolic Link Demo:

Command: ln -s source destinaton

Always use the absolute path for both source and destination files when working with symbolic links.


  • myfirstlinkfile is the shortcut pointing to the services file.

  • myfirstlinkfile takes up some memory.

  • Notice the l bit set in the beginning which indicates a symbolic link (or shortcut).

symbolic link shortcut
Notice that the symbolic link doesn't point to the same inode.

File Extension and Content

File extensions have no special meaning to the Linux kernel.

The file command - determines file type

  • -z try to look inside compressed files

Searching the Filesystem

find - searches a directory structure for requested files in real-time. Slow.

  • print is the default action and displays matches

  • ls displays full details on matches

  • exec allows a command to be run against each

  • ok can be used when a confirmation prompt is desired

How it works:

Example 1

find / -name "song*.mp3" 2>/dev/null
find a files with the pattern and send the error message (if any) to the /dev/null

Example 2: Narrow the search down

find / -name "*song*.mp3" 2>/dev/null -user username 2>/dev/null
Narrowing the search down by Find files based on the user name.

Example 3: Found the desired file? Now you can take an action.

find / -name "*song*.mp3" -user root 2>/dev/null -exec ls -la {} \;
After searching the file, we can take an action by using -exec

Example 4: Deleting the files after identifying them.

find / -name "*song*.mp3" -user osboxes 2>/dev/null -exec rm -f {} \;
Deleting the files after finding them

Example 5: After identifying them, you can take some actions such as copying them to another directory or deleting them.

find / -name "*.pdf" -user osboxes 2>/dev/null -exec cp {} /root/ \;
find / -name "*.pdf" -user osboxes 2>/dev/null -exec rm -f {} \;
Identify, coping and deleting the files

Example 6: Find files/directories bigger than 100 MB

find / -size +100M # any file bigger than 100MB
identify files bigger than 100 MB

Example 7: Find files/directories whose size is between 100 MB and 200 MB.

find / -size +100M -size -200M 2>/dev/null # any file between 100 MB and 200 MB in size
Any file whose size is between 100 MB and 200 MB

Example 8: find files or directories with -type

find / -type f -size +100M # Looking for files greater than 100MB
find / -type d -size +100M # Looking for directories greater than 100 MB

Example 9: Advanced usages of find

find /etc -exec grep -l bablu {} \; -exec cp {} root/bablu/ \;
find /etc -exec grep -r bablu {} \; -exec cp {} root/bablu/ \;
these dirs contain the word 'osboxes'

In the above example, we are using two -exec and that's perfectly well as long as it makes sense. The above expression reads as "find files inside /etc directory who text matches the text "bablu"; and then, copy those files to /root/bablu directory.

Example 10: finding the text

find /etc -name '*' -type f -exec grep -l '' {} \; 2>/dev/null

The following way is another way to achieve almost the same result but in this case, it also shows the number of times the text has appeared:

find /etc -name '*' -type f | xargs grep ""; 2>/dev/null

Disk usages

[[email protected] ~]$ sudo find /boot -size +10M -type f -exec du -h {} \;
[sudo] password for tux:
60M /boot/initramfs-0-rescue-df89305f90b84054a78ea7b8ccfdedd6.img
21M /boot/initramfs-3.10.0-1160.24.1.el7.x86_64.img
21M /boot/initramfs-3.10.0-1160.el7.x86_64.img

Locate command

locate - high-speed and low-impact searching

  • searches index instead of actual filesystem

  • index updated each night by default using cron job.

  • locate won't know about recently added/deleted files until database is updated. Due to this, you may get false positive many times. So update the index as often as possible before searching with the locate command.

  • update the database: sudo updatedb

locate "*.mp3" # case-sensitive
locate "*.mp3" -i # case-insensitive
Locate all files that end with .mp3

When using a wildcard, it is a good idea to use quotes (") around the pattern, so the bash doesn't conflict with it.

Important: There are certain directories that the locate command doesn't search by default. For example, /tmp

You can check sudo vi /etc/updatedb.conf for which directories aren't searched by default.

updatedb.conf gets updated with the cron job
Part 1
Part 2

Commands - which, whereis, type

which - prints the absolute path of matching command in $PATH.

  • which dig

  • which nmap

  • rpm -qf `which dig`

whereis - used to identify the location of a command, related source code, and man pages.

type - identifies the type of command being executed.