Back to cert prep

Unofficial practice

Grep Context and Patterns

A log contains repeated failures. Find the matched line, read the surrounding context, and name the exact field that points to the next check.

Linux One Liners is an independent study and practice resource. It is not affiliated with, endorsed by, or approved by LPI, The Linux Foundation, CompTIA, or any certification provider. This site does not provide exam dumps or real exam questions.

Try first

grep -Rni -C2 'permission denied' /var/log 2>/dev/null | head -80

Troubleshooting ladder

  1. Name the symptom.
  2. Inspect read-only state.
  3. Find the owner, service, file, device, mount, or route.
  4. Read the decisive output field.
  5. Choose the next narrow command.
  6. Avoid broad or destructive changes.
  7. Make the smallest justified change if required.
  8. Verify and record what changed.

drill evidence

Sample output and answer key

Command anatomy

grep -Rni -C2 'permission denied' /var/log 2>/dev/null | head -80
grep
select matching lines
-n
print line numbers when present
-C
show context before and after the match
pattern
the text or regular expression to search
path
the file or directory being inspected

Annotated output

Jul 03 10:11:58 web01 sshd[2249]: Failed password for invalid user deploy from 203.0.113.44 port 52118 ssh2
Jul 03 10:12:01 web01 nginx[2310]: open() "/srv/app/current/.env" failed (13: Permission denied)

What to notice

timestamp
when the failure happened
host
which machine reported it
service/pid
which process emitted the line
object
the user, path, or network source involved
cause
the decisive error text to inspect next

Safe vs unsafe move

Common wrong move

Treating every permission error as a reason to run chmod recursively.

Next safe command

namei -l /srv/app/current/.env

Goal

Prove the condition with command output before changing the system.

Safe first command

grep -Rni -C2 'permission denied' /var/log 2>/dev/null | head -80

Correct interpretation

The decisive field is the matched message after the service/process label. The affected object is the user, path, or service named in that matched line. The `sshd` line proves failed login attempts; the `nginx` line proves a file access failure. Use the path or service to choose the next safe command, such as `namei -l /srv/app/current/.env`.

Next safe command

namei -l /srv/app/current/.env

Common wrong move

Treating every permission error as a reason to run chmod recursively.

Self-check

Which matched line points to a file-permission problem, what exact path is involved, and why is recursive chmod the wrong first move?

source and objective

Related cert objective

Source status: LPI LPIC-1 overview verified July 3, 2026. Current version 5.0; exams 101-500 and 102-500.

Open related practice area

Related command pages

Why this matters

The point is not to memorize a flag. It is to read the evidence, name the next safe check, and avoid the tempting broad fix.