Simply finding a file:
find / -iname "foo.bar"Case sensitive search for a file
find / -name "foo.bar"Note that we do not have to give find a full file name:
find / -iname "*.bar"Or:
find / -iname "foo.*"Let's say you wish to search only your home directory:
find /home/ford -iname "foo.bar"Or:
find $HOME -iname "foo.bar"Multiple patterns? No problem.
find . -iname "*.pdf" -o -iname "*.txt"Now, assuming that we are looking for files of certain ownership, we could change things up. Let's say that we wish to find all files on a machine that belong to me, Ford, we could use this command:
find / -user fordSo, let's say we want to find any file modified in the past 4 days, and we want to find only those files that I own:
find / -user ford -mtime -4We could also use access time:
find / -user ford -atime -4To be more specific with find and time, '+' is greater than and '-' is less than. For four days ago we would just do '-mtime 4', if we want more than for days ago we would use '-mtime +4' and should we wish to find files less than four days ago we would use '-mtime -4'. It is also worth noting that we can search for files of a certain group as well:
find / -group users -atime 4This command would find all files belonging to the group 'users' with an access time of four days ago. With ownership there are also permissions. If we want to find files whose owners have read and write permissions we can use
find / -u+r+wOr we can look for abandoned files
find / -nouser -o -nogroupIt's useful to use some of these in conjunction. If I know that I need something that isn't a link, but could be a file or directory, and I know it's readable and writable, and I know I accessed it within the last 2 days, and I know it is mine:
find / -user ford -perm -u+r+w -atime -2 ! -type lSometimes, you know the size of the file you want, and you want to search for it based upon that known size. Find has you covered. In this case '-size' expects a number in blocks. We can search for sizes in bytes by adding a 'c' to the number (char = byte) or you can use 'k' for kilobyte. Once again, '+' is greater than, '-' is less than. So:
find / -user ford -atime +4 -size -1000000cmeans that we are searching all folders for files owned by the user 'ford' which were accessed more than 4 days ago, and are less than 1 million bytes in size.
Time options get a little confusing with the 'ctime'. Many people consider this to be the 'creation time' but that isn't so. The 'ctime' option refers to inode change time. This means that when a file is created or its datestamp is modified it will affect your ctime result. If you are using GNU Find, you will also be able to search in minutes with amin mmin and cmin.
Moving right along, let's say you do not want directories or links returned in any results:
find / -type fwould return only files. You can also search for directories or links using '-type d' or '-type l'. Note that this will not exempt the traversing of mounted drives, for that you should use '-mount'. If you are trying to avoid following symlinks you can use '-P' or '-H' if you want it to follow them while processing command line arguments. If you want to traverse a non-unix filesystem you will need to add '-noleaf'. If you want to exclude a specific directory you can use
-wholename /path/to/exclude -prune -o -printOccasionally, you will want to find the files and delete them. Use this with care
find / -user ford -perm -u+x -atime -5 -mount -size -2000k -wholename '/proc' prune -o -wholename '/sys' -prune -o -wholename '/dev' -prune -o -exec /bin/rm -f '{}' \;This one will search the filesystem for files owned by ford that are executable and have been accessed within the last five days so long as they are smaller than 2000kb and are not under proc, sys, or dev. It will then remove those files found.
I hope this gets you started with find! There is a lot more to learn, but this should give you enough information to start using it and exploring it.
4 comments:
Very good reading :)
than you petr
Very nice tutorial. I often forget the cli is there awaiting use. Recently I came back here to re-read this and put it to use. I have mention your blog in my post. It is a fledgling blog for Linux and as I mention from the eyes of someone not completely knowledgable. I have linked to this post and I hope you do not mind. I will remove it if you object.
Thanks for the tutorial since it did help me solve a minor issue.
http://pensivepenguin.com/2011/09/05/linux-communtiy-helps-to-solve-a-problem-with-a-scanner/
Not a problem at all. Nice article, and thank you for the mention!
Post a Comment