Linux Basics

Creating & Manipulating Files

Now that you can navigate around the file system, it is time to start building things. This page covers the commands you will use every day to create directories, create files, copy them, move them, rename them, and delete them. You will also learn about sudo, which you will need any time a command requires administrative privileges.

After this page, you should be able to:

  • Create directories (including nested ones) with mkdir
  • Create empty files with touch
  • Copy files and directories with cp
  • Move and rename files with mv
  • Delete files and directories with rm (and understand the risks)
  • Run commands with elevated privileges using sudo
  • Build a realistic project directory structure from scratch

mkdir — Creating Directories

mkdir stands for “make directory.” It does exactly what it sounds like: creates a new, empty folder at the path you specify.

mkdir project

That creates a directory called project in your current location. You can then cd project to move into it.

If you need to create a deeply nested structure all at once, use the -p flag. Without -p, mkdir will fail if the parent directories do not already exist.

mkdir -p projects/webapp/logs

This creates projects, then webapp inside it, then logs inside that — all in one command. Without -p, you would need three separate mkdir commands. The -p flag is something you will use constantly when setting up application directory structures, deployment folders, or log paths.

Practical context: On a real server, you might run mkdir -p /var/www/myapp/logs to set up a web application’s directory structure before deploying code. This pattern shows up in deployment scripts, CI/CD pipelines, and everyday sysadmin work.

touch — Creating Files

touch creates an empty file. If the file already exists, it updates the file’s timestamp without changing its contents.

touch app.log

That creates an empty file called app.log in the current directory. You can verify it exists by running ls -la and seeing a file with a size of 0 bytes.

The most common workflow when starting something new on a server is to create a directory, move into it, and then create the files you need:

mkdir project
cd project
touch app.log config.txt README.md

You can pass multiple file names to touch in a single command. Each one will be created as an empty file. This is faster than running touch once per file.

Why “touch”? The name comes from the original purpose of the command: updating (“touching”) a file’s modification timestamp. Creating empty files is actually a side effect that became its most common use case.

cp — Copying Files

cp copies a file from one location to another. The syntax is cp source destination.

cp app.log app-backup.log

This creates a new file called app-backup.log that is an exact copy of app.log. The original file is untouched.

To copy an entire directory and everything inside it, you need the -r (recursive) flag:

cp -r projects projects-backup

Without -r, cp will refuse to copy a directory. This is a safety measure — copying a directory means copying every file and subdirectory inside it, and the system wants you to be explicit about that.

Real-world use case: One of the most common uses of cp is creating a backup of a configuration file before you edit it. For example, before modifying a web server config, you would run cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak. If your edit breaks something, you can restore from the backup immediately.

mv — Moving and Renaming

mv serves two purposes: it moves files to a different location, and it renames files. The syntax is mv source destination.

Renaming a file:

mv app-backup.log backup.log

This renames app-backup.log to backup.log. There is no separate “rename” command in Linux — mv handles it.

Moving a file to another directory:

mv backup.log /tmp/backup.log

This moves backup.log out of the current directory and into /tmp. The file no longer exists in its original location.

You can also combine both operations — move a file to a new directory and rename it at the same time:

mv app.log /var/log/myapp/application.log

Watch out:

mv will silently overwrite the destination file if it already exists. There is no confirmation prompt and no undo. If you run mv newfile.txt important.txt and important.txt already existed, its contents are gone. Use mv -i if you want an interactive prompt before overwriting, but know that the default behavior is to overwrite without warning.

rm — Removing Files

rm deletes files. There is no trash can. There is no recycle bin. There is no confirmation. The file is gone.

rm backup.log

That deletes backup.log immediately. If you run ls afterwards, it will not be there.

To delete a directory and everything inside it, use the -r (recursive) flag:

rm -r old-project

This deletes the directory old-project and every file and subdirectory inside it, recursively.

Serious Warning: rm -rf

rm -rf means “remove recursively and forcefully.” The -f flag suppresses all confirmation prompts and ignores nonexistent files. Combined with -r, it will destroy everything inside the target path without asking a single question.

There is no undo. Linux does not have a trash can for the terminal. Once rm -rf runs, the data is gone. On servers without backups, this can mean total, permanent data loss.

The command rm -rf / is infamous because it attempts to delete every single file on the entire system, starting from the root directory. Modern Linux distributions include safeguards against running this exact command, but variations (like a misplaced space in rm -rf / tmp instead of rm -rf /tmp) can still cause catastrophic damage.

Rules to live by: Always double-check the path before pressing Enter. Never run rm -rf with variables you have not verified. If you are unsure, run ls on the path first to see what is there. Treat rm -rf with the respect it demands.

Safer alternatives: Some people create an alias so that rm always asks for confirmation (alias rm='rm -i'). Others use trash-cli, a tool that moves files to a trash folder instead of deleting them. On production servers, however, the standard behavior applies — know what you are deleting.

sudo — Running Commands as Admin

sudo stands for “superuser do.” It runs a single command with administrative (root) privileges. You will need it any time you install software, edit system configuration files, restart services, or do anything that affects the system beyond your own user account.

sudo apt update

This runs apt update (which refreshes the package manager’s list of available software) with root privileges. Without sudo, the command would fail with a “permission denied” error because regular users cannot modify system package lists.

Other common examples you will encounter constantly:

sudo nano /etc/hosts
sudo systemctl restart nginx
sudo apt install curl

Each of these commands requires elevated privileges because they modify system files or control system services. Editing /etc/hosts changes how the system resolves hostnames. Restarting nginx affects a running web server. Installing packages modifies the system.

The first time you use sudo in a terminal session, it will ask for your password. After that, it typically caches your credentials for about 15 minutes so you do not have to re-enter it for every command.

sudo vs. logging in as root:

You might wonder why we use sudo instead of just logging in as the root user directly. The answer is accountability and safety. When you use sudo, every privileged command is logged with your username, so there is an audit trail. It also means you only escalate privileges for the specific commands that need it, rather than running everything as root and risking accidental damage. Most Linux distributions and cloud providers disable direct root login by default for this reason.

Try It — Building a Project Structure

Now put everything together. Follow each step in your terminal and verify your work along the way.

  1. Create a directory called test-app and move into it:
    mkdir test-app
cd test-app
  2. Create three files inside test-app:
    touch main.log errors.log config.txt
  3. Copy config.txt to config-backup.txt:
    cp config.txt config-backup.txt
  4. Rename errors.log to app-errors.log:
    mv errors.log app-errors.log
  5. Delete config-backup.txt:
    rm config-backup.txt
  6. Verify the final state with ls -la:
    ls -la

    You should see exactly three files remaining: main.log, app-errors.log, and config.txt. The config-backup.txt file should be gone, and errors.log should no longer appear (it was renamed).

    total 0
drwxrwxr-x 2 user user 4096 Apr 12 10:00 .
drwxr-xr-x 5 user user 4096 Apr 12 09:58 ..
-rw-rw-r-- 1 user user    0 Apr 12 09:59 app-errors.log
-rw-rw-r-- 1 user user    0 Apr 12 09:59 config.txt
-rw-rw-r-- 1 user user    0 Apr 12 09:59 main.log

Bonus challenge: Without looking at the commands above, delete the test-app directory entirely (from its parent directory), then recreate the same structure using mkdir -p to create test-app/logs and test-app/config in a single command. Then use touch to recreate the files inside the appropriate subdirectories. Repetition builds muscle memory.

Checkpoint

Before moving on, make sure you can confidently do all of the following:

  • Create a directory with mkdir, including nested directories with mkdir -p
  • Create empty files with touch (single or multiple at once)
  • Copy a file with cp and a directory with cp -r
  • Rename a file with mv and move a file to a different directory
  • Delete a file with rm and a directory with rm -r
  • Explain why rm -rf is dangerous and what precautions to take
  • Use sudo to run a command with elevated privileges
  • Explain why sudo is preferred over logging in as root

These commands are the foundation of everything you will do on a Linux system. Creating files, organizing directories, making backups, cleaning up old data — this is daily work for anyone who manages servers. Next, you will learn how to edit files and read logs, which is where Linux skills start to directly impact troubleshooting.