Unofficial practice
Grep Context and Patterns
A log contains repeated failures. Find the matched line, read the surrounding context, and name the exact field that points to the next check.
Linux One Liners is an independent study and practice resource. It is not affiliated with, endorsed by, or approved by LPI, The Linux Foundation, CompTIA, or any certification provider. This site does not provide exam dumps or real exam questions.
Try first
grep -Rni -C2 'permission denied' /var/log 2>/dev/null | head -80
Troubleshooting ladder
- Name the symptom.
- Inspect read-only state.
- Find the owner, service, file, device, mount, or route.
- Read the decisive output field.
- Choose the next narrow command.
- Avoid broad or destructive changes.
- Make the smallest justified change if required.
- Verify and record what changed.
drill evidence
Sample output and answer key
Command anatomy
grep -Rni -C2 'permission denied' /var/log 2>/dev/null | head -80
grep- select matching lines
-n- print line numbers when present
-C- show context before and after the match
pattern- the text or regular expression to search
path- the file or directory being inspected
Annotated output
Jul 03 10:11:58 web01 sshd[2249]: Failed password for invalid user deploy from 203.0.113.44 port 52118 ssh2
Jul 03 10:12:01 web01 nginx[2310]: open() "/srv/app/current/.env" failed (13: Permission denied)
What to notice
- timestamp
- when the failure happened
- host
- which machine reported it
- service/pid
- which process emitted the line
- object
- the user, path, or network source involved
- cause
- the decisive error text to inspect next
Safe vs unsafe move
Common wrong move
Treating every permission error as a reason to run chmod recursively.
Next safe command
namei -l /srv/app/current/.env
Goal
Prove the condition with command output before changing the system.
Safe first command
grep -Rni -C2 'permission denied' /var/log 2>/dev/null | head -80
Correct interpretation
The decisive field is the matched message after the service/process label. The affected object is the user, path, or service named in that matched line. The `sshd` line proves failed login attempts; the `nginx` line proves a file access failure. Use the path or service to choose the next safe command, such as `namei -l /srv/app/current/.env`.
Next safe command
namei -l /srv/app/current/.env
Common wrong move
Treating every permission error as a reason to run chmod recursively.
Self-check
Which matched line points to a file-permission problem, what exact path is involved, and why is recursive chmod the wrong first move?
source and objective
Related cert objective
Source status: LPI LPIC-1 overview verified July 3, 2026. Current version 5.0; exams 101-500 and 102-500.
Related command pages
Why this matters
The point is not to memorize a flag. It is to read the evidence, name the next safe check, and avoid the tempting broad fix.