Working with Files and Directories

Working with Files and Directories

File and directory manipulation is the most frequent task in Ubuntu server administration. Whether you are deploying an application, editing a config, rotating logs, or cleaning up disk space, you are doing one of five operations: create, copy, move, delete, or read. This article covers all five with the flags that actually matter in production.

Creating files and directories

# Create an empty file (or update its modification timestamp if it exists)
touch /tmp/test.txt

# Create a file with content (overwrites if exists)
echo "server_name=web01" > /etc/myapp/config.txt

# Append to a file without overwriting
echo "log_level=info" >> /etc/myapp/config.txt

# Create a directory
mkdir /var/backup

# Create a directory and all parent directories in one command
# Without -p, this fails if /var/backup/ does not exist
mkdir -p /var/backup/2026/06/

# Create multiple directories at once
mkdir -p /srv/{web,api,static}
ls /srv/

Output

api  static  web

Copying files and directories

# Copy a file
cp nginx.conf nginx.conf.backup

# Copy a file to a directory
cp nginx.conf /tmp/

# Copy and preserve timestamps, permissions, and ownership
cp -p nginx.conf /backup/nginx.conf

# Copy a directory recursively
cp -r /etc/nginx/ /backup/nginx/

# Copy recursively and preserve all attributes
cp -a /etc/nginx/ /backup/nginx/

# Copy with verbose output (shows each file as it is copied)
cp -rv /etc/nginx/ /backup/nginx/

# Copy only if source is newer than destination
cp -u sourcefile.conf destfile.conf

💡 TIP: Use cp -a (archive mode) when copying files for backup purposes. It is equivalent to -dR --preserve=all and preserves symlinks, permissions, ownership, and timestamps. Plain cp -r may lose attributes depending on your system configuration.

Moving and renaming

On Linux, moving and renaming are the same operation: mv. A rename is just a move within the same directory.

# Rename a file
mv old-name.conf new-name.conf

# Move a file to a different directory
mv file.conf /etc/myapp/

# Move multiple files to a directory
mv *.log /var/archive/

# Move a directory
mv /tmp/nginx-backup/ /var/backup/nginx-2026-06-10/

# Move but do not overwrite if destination exists
mv -n source.conf dest.conf

# Move with verbose output
mv -v file.conf /etc/myapp/

⚠️ WARNING: mv does not ask for confirmation when overwriting files. If you move a file to a path where a file already exists with that name, the existing file is silently replaced. Use mv -i (interactive) to get a prompt before overwriting, or mv -n to never overwrite.

Deleting files and directories

# Delete a file
rm /tmp/test.txt

# Delete with confirmation prompt (safer for scripts)
rm -i important-file.conf

# Delete multiple files
rm file1.txt file2.txt file3.txt

# Delete all files matching a pattern
rm /var/log/app/*.log

# Delete a directory and all its contents recursively
rm -r /tmp/old-backup/

# Force delete (no confirmation, even for read-only files)
rm -rf /tmp/old-backup/

⚠️ WARNING: rm -rf is immediate and permanent. There is no undo, no trash, no confirmation. Before running rm -rf /path/, always run ls /path/ first to verify you are targeting the right directory. A misplaced space in rm -rf /var /log (note the space) deletes /var instead of /var/log.

# Delete empty directory only
rmdir /tmp/empty-dir/

# Find and delete files matching criteria (safer than rm with wildcards)
find /var/log -name "*.log" -mtime +30 -delete

Reading and writing file content

# Print an entire file
cat /etc/os-release

# Print with line numbers
cat -n /etc/nginx/nginx.conf

# Scroll through a large file (q=quit, /=search, n=next match)
less /var/log/syslog

# First N lines
head -n 20 /var/log/syslog

# Last N lines
tail -n 50 /var/log/nginx/error.log

# Follow a log file in real time (Ctrl+C to stop)
tail -f /var/log/syslog

# Follow multiple files at once
tail -f /var/log/syslog /var/log/auth.log

# Word count: lines, words, characters
wc -l /etc/nginx/nginx.conf
wc -c /etc/nginx/nginx.conf

Searching file content with grep

# Search for a string in a file
grep "error" /var/log/syslog

# Case-insensitive search
grep -i "error" /var/log/syslog

# Show line numbers
grep -n "listen" /etc/nginx/nginx.conf

# Search recursively in a directory
grep -r "PermitRootLogin" /etc/ssh/

# Count the number of matching lines
grep -c "Failed password" /var/log/auth.log

# Invert match (show lines that do NOT match)
grep -v "^#" /etc/nginx/nginx.conf    # Show config without comments

# Show context around matches (3 lines before and after)
grep -C 3 "server_name" /etc/nginx/sites-available/default

# Use extended regex
grep -E "^[0-9]+\.[0-9]+" /var/log/nginx/access.log

Practical example: find failed SSH attempts

$ grep -c "Failed password" /var/log/auth.log
47

Mass operations with wildcards

Wildcards let you operate on many files at once. They expand before the command sees them, which is why they are powerful and why mistakes are hard to undo.

# Archive all .conf files in /etc/nginx
tar -czf /backup/nginx-conf-$(date +%F).tar.gz /etc/nginx/*.conf

# Delete all .tmp files older than 7 days in /tmp
find /tmp -name "*.tmp" -mtime +7 -delete

# Copy all nginx site configs to a backup directory
cp /etc/nginx/sites-available/*.conf /backup/nginx-sites/

# Use brace expansion to create a directory structure
mkdir -p /var/app/{logs,cache,uploads,config}

Conclusion

File operations on Ubuntu are five commands: touch/mkdir to create, cp -a to copy with all attributes, mv to move or rename, rm to delete (carefully), and grep to search content. The habit to build is: always ls or find before a bulk delete, always cp -a for backups to preserve permissions, and always test wildcard expansion with echo before using it with rm.