Beta

Linux Foundation Certified System Administrator (LFCS)

Essential Commands

Search File Using Grep

In this lesson, you'll learn how to use the grep utility to search for specific text within files. Grep is particularly useful when working with large files containing thousands of lines, as it helps you quickly filter and locate the information you need.

Basic grep Usage

The general syntax for the grep command is:

grep [options] [search pattern] [file]

For example, to search for the term "password" inside the SSH daemon configuration file, run:

$ grep 'password' /etc/ssh/sshd_config
#PermitRootLogin prohibit-password
# To disable tunneled clear text passwords, change to no here!
# Change to yes to enable challenge-response passwords (beware issues with
# the setting of "PermitRootLogin without-password".

Tip

Always enclose your search pattern in single quotes to prevent Bash from misinterpreting special characters, such as asterisks used in more complex search patterns.

Case Sensitivity

By default, grep performs a case-sensitive search. This means that searching for 'password' will only match lowercase occurrences. Searching for 'Password' (with an uppercase P) produces different results.

Consider the following examples:

$ grep 'password' /etc/ssh/sshd_config
#PermitRootLogin prohibit-password
# To disable tunneled clear text passwords, change to no here!
# Change to yes to enable challenge-response passwords (beware issues with
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication, then enable this but set PasswordAuthentication

$ grep 'Password' /etc/ssh/sshd_config
#PasswordAuthentication yes
#PermitEmptyPasswords no
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication, then enable this but set PasswordAuthentication

To perform a case-insensitive search, use the -i option:

$ grep -i 'password' /etc/ssh/sshd_config
#PermitRootLogin prohibit-password
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# PasswordAuthentication. Depending on your PAM configuration,
# the setting of "PermitRootLogin without-password".
# PAM authentication, then enable this but set PasswordAuthentication

Recursive Search in Directories

Grep allows you to search through all files within a directory and its subdirectories using the -r (recursive) option. For example:

$ grep -r 'password' /etc/
/etc/fwupd/redfish.conf:# The username and password to the Redfish service
grep: /etc/sudoers.d/README: Permission denied
grep: /etc/ssl/private: Permission denied
/etc/ssl/openssl.cnf:# input_password = secret
/etc/ssl/openssl.cnf:# output_password = secret
/etc/ssl/openssl.cnf:challengePassword        = A challenge password
/etc/cloud/cloud.cfg: - set-passwords

The matched files are highlighted by default (using color) to help you quickly identify the search term. You might also see "Permission denied" messages for files your user does not have permission to read.

Combine recursive search with case-insensitivity using both -r and -i options:

$ grep -ri 'password' /etc/
/etc/fwupd/redfish.conf:# The username and password to the Redfish service
/etc/fwupd/redfish.conf:#Password=
/etc/fwupd/remotes.d/lvsf-testing.conf:#Password=
grep: /etc/sudoers.d/README: Permission denied
grep: /etc/ssl/private: Permission denied
/etc/ssl/openssl.cnf:# Passwords for private keys if not present they will be prompted for
/etc/ssl/openssl.cnf:  input_password = secret
/etc/ssl/openssl.cnf:  output_password = secret
/etc/ssl/openssl.cnf:challengePassword    = A challenge password
/etc/ssl/openssl.cnf:challengePassword_min  = 4
/etc/ssl/openssl.cnf:challengePassword_max  = 20
/etc/ssl/openssl.cnf:[pbm] # Password-based protection for Insta CA
/etc/cloud/cloud.cfg: - set-passwords

Using sudo for Restricted Files

If you need to search through files that are only accessible by the administrator (root), prepend the grep command with sudo. Note that this might disable colored output, so the --color option can be used to force it:

$ sudo grep -ri 'password' --color /etc/
/etc/fwupd/redfish.conf:# The username and password to the Redfish service
/etc/fwupd/redfish.conf:#Password=
/etc/fwupd/remotes.d/lvfs-testing.conf:#Password=
/etc/ssl/openssl.cnf:# Passwords for private keys if not present they will be prompted for
/etc/ssl/openssl.cnf:# input_password = secret
/etc/ssl/openssl.cnf:# output_password = secret
/etc/ssl/openssl.cnf:challengePassword        = A challenge password
/etc/ssl/openssl.cnf:challengePassword_min    = 4
/etc/ssl/openssl.cnf:challengePassword_max    = 20
/etc/ssl/openssl.cnf:[pbm] # Password-based protection for Insta CA
/etc/cloud/cloud.cfg:  - set-passwords

Important

When using sudo with grep, be aware that forcing colored output is necessary if you want to visualize matches in color.

If you need to display lines that do not contain a specific pattern, use the -v option. This inverts the search results to exclude the matched pattern.

Matching Whole Words

Sometimes it's important to match only the exact word "password" rather than substrings (like "PasswordAuthentication" or "passwords"). The -w option restricts grep to whole word matches. Compare the outputs below:

$ grep -i 'password' /etc/ssh/sshd_config
#PermitRootLogin prohibit-password
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# PasswordAuthentication. Depending on your PAM configuration,
# the setting of "PermitRootLogin without-password".

$ grep -wi 'password' /etc/ssh/sshd_config
#PermitRootLogin prohibit-password
# the setting of "PermitRootLogin without-password".

Notice that using the -w option excludes lines where "password" is part of a longer word.

Displaying Only the Matched Portions

By default, grep prints the entire line containing a match. If you need to extract just the text that matches your pattern, use the -o option. This is useful when you want to isolate specific data.

The following example compares two approaches:

$ grep -i 'password' /etc/ssh/sshd_config
#PermitRootLogin prohibit-password
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# PasswordAuthentication. Depending on your PAM configuration,
# the setting of "PermitRootLogin without-password".
# PAM authentication, then enable this but set PasswordAuthentication

$ grep -oi 'password' /etc/ssh/sshd_config
password
password
Password
Password
password
Password
password
Password

Using the -o option outputs only the matching portions of each line, simplifying further data processing.

Conclusion

Grep is a versatile and powerful tool for searching text within files. Its many options—such as case insensitivity, recursive searching, whole word matching, and output customization—make it an essential utility for efficiently filtering and extracting information.

Happy grepping!

For more technical guides and tips, check out our Comprehensive Unix/Linux Tutorials.

Watch Video

Watch video content

Previous
Pagers and VI
Next
Analyze Text Using Basic Regular Expressions