The find command: a powerful way to find files in Linux. The find command and its options in examples Finding a file in Linux by name

Hello to the entire Habr community.
This is my first post and hopefully not the last. Therefore, all sorts of shortcomings, bugs and some wateriness of the text are inevitable, so please do not judge strictly :)
I was prompted to write this post by the topic “Console for a beginner.” , where ISVir raised, in my opinion, a pressing topic - how to tell newcomers about the console in an accessible language, without scaring them off with its imaginary super-complexity.

I’m not going to take away parity from ISVir, I’ll just tell you about practical use several of the most basic “every day” utilities, without which working in the console is impossible for me.

So what we have:

find- search for files. allows you to search for files, directories, symlinks and other file objects. find Allows you to specify many search options such as:

• search by mask (in name)
• control of search nesting depth
• search for specific file types (directory, symlinks, sockets)
• search by file creation/modification time
• you can set the size (from and to in range) of the file
• perform actions on each found file

In the find mana you can read about other options and parameters.

So, right off the bat - search for all files in the /etc/ directory that have been changed in the last 24 hours:

$find /etc/ -type f -mtime -1

Let's look at what we wrote:

The first parameter is always the starting directory to search.
option -type with parameter f speaks find, that you need to search only for ordinary files.
option -mtime with parameter -1 indicates find that you need to find files that have changed in the last 24 hours.
"-" before 1 sets the upper limit of the range, i.e. “everything that has changed in the last 24 hours”

If we indicated "+" before 1 , That find would find all files that changed from 01/01/1970 to yesterday (more than a day ago)
you can also specify the exact date by putting the number without a modifier.

Perform actions on found files.
option -exec accepts a line with a command that will be executed for each found file
the parameter passed to the command is indicated by {}
the line must end with the characters " \; "

Let's look at an example:
* find in the /tmp directory all files that have changed over the last month and copy them to the directory
/tmp/backup/

$find /tmp -type f -mtime -30 -exec cp () /tmp/backup \;

* delete all directories (recursively) with the name logs that have changed in the last day in the directory
/var/www

$find /var/www -type d -mtime 0 -name logs -exec sudo rm -fr () \;

parameter d in option -type indicates search only directories
option -name searches by name.
It’s worth adding here that deleting files in this way is not optimal (slow).
To delete, find has a built-in option -delete, which is an order of magnitude faster.

Let's consider the utility awk.
awk is a programming language designed for file processing. Its purpose
development - to facilitate the formulation and solution of many problems associated with processing text information. In fact, awk is a utility available from the console.
For obvious reasons, I will not consider techniques for writing awk code here - I will only tell you about one technique that is important for us.

First, awk can get data from STDIN: $echo "test"|awk ...
secondly, awk is effective when writing one-liners in the console, because executes the code given to it as a parameter:

awk splits the input stream into fields and places these fields in variables like $1,$2,..$N
By default, the field separator is space, but using the option -F"_delimiter_" this can be overridden:

$head -4 /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh

$cat /etc/passwd|awk -F":" "(print $1)"
root
daemon
bin

For example, we have several sites in the /var/www directory. for each site there is a logs directory, where Apache logs are written (for this site). And now we want to find out the total volume of these logs, as well as find all logs larger than 100Mb.

1.search for large logs:

$find /var/www -type f -name “access.log*” -size +100M
/var/www/site1/logs/access.log
/var/www/site2/logs/access.log.1.gz

2.calculate the total volume of logs:

Find /var/www/ -type f -name "access.log*" -exec du -k () \;|awk "(s+=$1)END(print s)"
5071604

So, don’t be scared - I’ll explain everything right now :)

Find searches for all files by mask (access.log*) and runs the command for each one du.
team du prints the file size. option -k outputs in kilobytes.
then the processor starts awk, simply sums the first field of strings (numbers) into a variable s and displays the value of the variable on the screen.

Another example: let’s find all the files and directories in the system that belong to the user test1 and calculate the total volume.

#find / -user test1 -exec du -sm () \;|awk "(s+=$1)END(print s)"

those. here using the option -user find searches for files belonging to user test1 and for each file/directory we calculate its size (du command)
Then, through the conveyor, this data is received by awk and, as we did above, calculates their sum in Kb.

OK. I think that's enough for today.
The post turned out to be quite large, apparently out of habit :)

I want to say right away that my goal was not to simply talk about the use of find and awk, but to give examples of practical application in real situations.
If you like the article, I will continue to write in this direction.

Thank you for your time.

Very often you need to urgently find some file in file system, but where he is you have no idea. And if GUI utilities for searching a file are boring or you don’t have a GUI installed at all or you don’t use it at all, then extensive commands for searching files, folders and parts of a file in Linux will come to the rescue.

Search for a file by name in the database.
The locate command can be used to search for file(s) based on part of the file name. The command scans the name database and returns the path to the file(s) being searched. We recommend running the command with the -i option: locate -i for a case-insensitive search.
Example:

subsanek@subsanek-laptop:~$ locate -i .ogg
/home/subsanek/unknown - unknown/01 - unknown 1 - ???.ogg
/usr/local/Zend/ZendStudio-7.1.2/docs/PHPmanual/book.oggvorbis.html
/usr/local/Zend/ZendStudio-7.1.2/docs/PHPmanual/intro.oggvorbis.html
/usr/share/kde4/apps/bball/bounce.ogg
/usr/share/kde4/apps/klettres/en_GB/alpha/a.ogg
/usr/share/kde4/apps/klettres/en_GB/alpha/b.ogg
/usr/share/kde4/apps/klettres/en_GB/alpha/c.ogg
(truncated)

-calling the command found all files in the system with the ogg extension.
locate searches for files very quickly, but it only scans a list of names from the database and if the file was created recently, then there is a high probability that it will not be found.
Database update.
You can update the locate command database with the command (as a superuser):
updatedb
Human-readable output.
Often the locate command can produce many thousands of results that will simply flash in front of the screen and do nothing for your eyes, to avoid this you can redirect the output result to a container:
locate -i .ogg | less
You can also set how many results you want to display using the -n option:
locate -i .ogg -n 10
-will display the first 10 results.

Search for files with real scanning.
The find command scans the file system to find a file, making this tool slow but effective.
To search by name, you must specify the -name key
Example:
find -name filename.txt
By default, find searches recursively in the current directory.

Search for text using a fragment from the text.
Legendary grep command can serve almost any purpose. I like to use it not only for search necessary files in the source directory. You can also use grep to search for regular expressions.
Command prototype:
grep "search pattern" file_to_search
Example:
grep -R "text" /
-the command will search recursively in all text files system word text.
Grep has an impressive number of options that may be needed quite often:

subsanek@subsanek-laptop:~$ grep --help
Usage: grep [KEY]... PATTERN [FILE]...
Search for PATTERN in each FILE or standard input.
By default, PATTERN is a simple regular expression (BRE).
Example: grep -i "hello world" menu.h main.c

Selecting the type of regular expression and its interpretation:
-E, --extended-regexp PATTERN - extended regular expression (ERE)
-F, --fixed-regexp PATTERN - fixed length strings, delimited
symbol new line
-G, --basic-regexp PATTERN - simple regular expression (BRE)
-P, --perl-regexp PATTERN - Perl regular expressions
-e, --regexp=PATTERN use PATTERN to search
-f, --file=FILE take PATTERN from FILE
-i, --ignore-case ignore case difference
-w, --word-regexp PATTERN must match all words
-x, --line-regexp PATTERN must match the entire line
-z, --null-data lines are separated by a byte with zero value, but not
end-of-line character

Additionally:
-s, --no-messages suppress error messages
-v, --revert-match select unmatched lines
-V, --version print version information and exit
--help show help and exit
--mmap use memory mapping (mmap) whenever possible

Output Control:
-m, --max-count=NUM stop after the specified NUMBER of matches
-b, --byte-offset print offset in
bytes
-n, --line-number print line number along with output lines
--line-buffered reset buffer after each line
-H, --with-filename print the filename for each match
-h, --no-filename do not start output with filename
--label=LABEL output LABEL as the file name for
standard input
-o, --only-matching show only the part of the string that matches the PATTERN
-q, --quiet, --silent suppress all normal output
--binary-files=TYPE assume binary file is TYPE:
binary, text or without-match.
-a, --text same as --binary-files=text
-I same as --binary-files=without-match
-d, --directories=ACTION how to handle directories
ACTION can be read (read),
recurse (recursively), or skip (skip).
-D, --devices=ACTION how to handle devices, FIFOs and sockets
ACTION can be "read" or "skip"
-R, -r, --recursive same as --directories=recurse
--include=F_TEMPLATE process only files matching F_TEMPLATE
--exclude=F_PATTERN skip files and directories,
falling under F_TEMPLATE
--exclude-from=FILE skip files matching the pattern
files from FILE
--exclude-dir=PATTERN directories matching PATTERN
will be missed
-L, --files-without-match print only FILE names without matches
-l, --files-with-matches print only FILE names with matches
-c, --count print only the number of matches
lines per FILE
-T, --initial-tab align with tabs (if necessary)
-Z, --null print byte 0 after the FILE name

Context management:
-B, --before-context=NUM print the NUMBER of lines of the preceding context
-A, --after-context=NUM print the NUMBER lines of subsequent context
-C, --context[=NUM] print the NUMBER of context lines,
--color[=WHEN],
--colour[=WHEN] use markers to differentiate matching
lines; WHEN it can be always (always),
never (never), or auto (automatically)
--color, --colour use markers to distinguish matching lines
-U, --binary do not remove CR characters at the end of the line (MSDOS)
-u, --unix-byte-offsets output offset as if there are no CRs (MSDOS)

Instead of egrep, grep -E is supposed to be run. Instead of fgrep, grep -F is assumed.
It is better not to run as egrep or fgrep.
When FILE is not specified, or when FILE is -, then standard input is read.
If fewer than two files are specified, -h is assumed. When you find
matches, the program exit code will be 0, and 1 if not. If
errors, or if the -q option is not specified, the exit code will be 2.

Undoubtedly, when working with Linux, sometimes there is a need file search with certain characteristics. These characteristics may be file size or type, access rights, and more.

Availability of command in Linux find, helps a lot to cope with searching for files according to various criteria.

Today we will look searching files in Linux and give the main command options find that you can apply in your work.

Command Format find:

findpath-options

Where path- this is the directory in which to search. The following values ​​can be specified as the path:

. - search in the current directory;

/ - search from the root directory;

~ - search in the home directory.

As for the options, there is a much larger list, which is extremely important to read carefully (this will help a lot in the future!). So, basic find command options:

-name- search for files by name using the template provided;

-user- search for files belonging to the specified user;

-group- search for files belonging to a specified group;

-perm- search for files with the specified access mode;

-type- search for files of a specific type. There are also plenty of types:

• b - special block file;
• d - directory;
• c - special symbol file;
• f - regular file;
• l - symbolic link;
• p - named pipe;
• s - socket.

-size n- search for files with size n units;

-mtime -n +n- search for files whose contents were changed less than (-) or more than (+) days ago.

Let's look at some examples of using the command find :

The most commonly used option is the option -name, which searches for files by name.

Examples with the -name option :

$ find /mnt/usb -name "*.mp3" -print

will search for all files (indicated by the * sign) with the .mp3 extension on a USB device mounted in the /mnt/usb directory.

$ find ~ -name "test*" -print

will display a list of files in the home directory starting with test.

If you need to find files starting with certain letters (for example, from a to j), then it will be convenient to use regular expressions, which are extremely convenient to use:

$ find / -name "*" -print

The above command will find all files on the system starting with the letters a to j.

Search for files with specific access modes

If you need to find files that have specific access modes, the option will help you -perm, which will easily help with this.

For example, let's search for files with access mode 775 (owner and group have full rights and other users) located in the current directory have a write restriction:

$ find . -perm 775 -print

Searching using find With the -perm option, you can use another method - you can put a hyphen in front of the mode value and then it will search for files for which all the specified permission bits are set. Moreover, the remaining bits are ignored in this case.

For example, let's find files to which group users have access full access:

$ find . -perm -070 -print

Instead of a hyphen, you can use a plus sign. In this case, it will search for files that have at least one of the specified permission bits set. The remaining bits are ignored.

Search for files of a specific user or group

Searching for files of a specific user is extremely simple to implement. To do this, just run the command:

$ find / -user admin -print

The above command will produce file search in the system belonging to the admin user.

In order to find files belonging to a specific group (for example, managers), run the command:

$ find / -group managers -print

To search for files of non-existent users or groups, you can use the options -nouser And -nogroup:

$ find / -nouser -print

$ find / -nogroup -print

Search for files of a specific type

One of the convenient features of the command find, is the ability to search for files of a specific type. Let's consider options for using the option -type:

Search for symbolic links in the /etc directory:

$ find /etc -type l -print

Display a list of directories present in the /mnt/raid directory

$ find /mnt/raid -type d -print

Search for files of a specific size

Option -size allows you to search for files of a certain size and has the following appearance when executed:

$ find. -size 2000k -print

The above command will find and display 2 megabyte files located in the current directory. If, for example, you need to find files smaller than 500 kilobytes, then the command will look like this:

$ find . -size -500k -print

If you need to find files larger than 600 megabytes, then use the command:

$ find / -size +600M -print

Finding files using the -mtime option

Option -mtime will allow you to find files that have changed over a period of time.

For example, we were faced with the task of searching for files located in the /mnt/raid/upload directory that had changed over the last 5 days. The team will help us with this:

$ find /mnt/raid/upload -mtime -5 -print

If we need the opposite, for example, to find files that have not changed for a week, we use the command:

$ find /mnt/raid/upload -7 -print

Team find is extremely convenient tool For file search and can also be used for file search on NFS disks (network file systems), but in this case it is necessary to take into account that searching for something on NFS will take much more time than on local disks.

In this article, we looked at only the basic options of the find command that will help you in your work. Use what is convenient and don’t worry about trifles!

You are probably familiar with this problem: There is a file, and you don’t remember where you put it.

In this case, the find command is convenient. How to use it? Of course, this utility comes with a large man page, but we will look at some typical cases. Browse the directory tree, starting with the current one, and find the file lostfile.txt:

If you are searching through a large directory tree, the find command can be quite slow. Sometimes it is more convenient to use the locate command. It does not look for the file directly in the file system, but looks through its database. This method is much faster, but the database may become outdated. On some distributions this database is modified every night. You can manually run the updatedb command from time to time to modify it. locate searches for substrings:

The number of misspellings allowed depends on the length of the filename, but can be set using the -t option. To allow a maximum of 2 errors and use a special character, simply type:

Directory tree overview

Sometimes it is necessary to get an overview of the directory tree. For example, you received a new CD-ROM and would like to know what's on it. You can simply use ls -R . Personally, I prefer one of the following methods for readability. Tree (sunsite.unc.edu/pub/Linux/utils/file/tree-1.2.tgz) displays a directory tree as a diagram.

Or use good old find . The Gnu version of find that usually ships with Linux has the ability to change the output format to display, for example, the file name and its size:

You can use a small perl procedure that works with the ls command, which does similar things. It can be downloaded from here: lsperl.gz. There are many other directory tree browsing utilities, but for most cases these are sufficient.

Search files by content (search for text strings in files).

The standard utilities for searching for text strings in files are grep/egrep for regular expression searches and fgrep for literal string searches. To search for an expression in all files in the current directory, simply type:

If you find it difficult to remember these long commands, use a small script that can be downloaded from here: grepfind.gz. The script also removes non-printable characters from the search string so that you do not accidentally receive a binary file as a result of an egrep search.

Very interesting program search - agrep . Agrep works basically like egrep, but allows spelling errors to be searched. To search for an expression and allow up to 2 spelling errors, type:

After this you can search for a string in all files that were previously indexed

glimpse -i -2 "search exprission"

glimpse - also allows spelling errors (like agrep) and -2 indicates that two errors are allowed. glimpse available at

Starting with Linux server, users often face the problem of finding the necessary files.

This tutorial covers the use of the corresponding find command, which allows you to search for files using various filters and parameters. Additionally, this guide briefly covers the locate command, which can be used to locate commands.

Search by file name

Of course, searching for a file by name is the most obvious way to find the file you need.

To do this use:

find -name "query"

This command is case sensitive (that is, it treats files named file and File as two different files).

To find a file by name, insensitive to case, type:

find -iname "query"

To find files that do not match a particular pattern, you need to invert the search using the -not flags or the "!" metacharacter. Please note that when using "!" you need to escape characters so that the bash shell doesn't interpret the "!" even before the find command is executed.

find -not -name"query_to_avoid"

find\! -name "query_to_avoid"

Search by file type

Using the "-type" parameter you can specify the type required file. It works like this:

find -type type_descriptor query

Here is a list of common descriptors that can be used to indicate the file type:

• f: regular file;
• d: directory;
• l: symbolic link;
• c: character devices;
• b: block devices.

For example, to find all character devices in the system, you need to run the command:

find / -type c
/dev/parport0
/dev/snd/seq
/dev/snd/timer
/dev/autofs
/dev/cpu/microcode
/dev/vcsa7
/dev/vcs7
/dev/vcsa6
/dev/vcs6
/dev/vcsa5
/dev/vcs5
/dev/vcsa4
. . .

To find all files that end in .conf use:

find / -type f -name "*.conf"
/var/lib/ucf/cache/:etc:rsyslog.d:50-default.conf
/usr/share/base-files/nsswitch.conf
/usr/share/initramfs-tools/event-driven/upstart-jobs/mountall.conf
/usr/share/rsyslog/50-default.conf
/usr/share/adduser/adduser.conf
/usr/share/davfs2/davfs2.conf
/usr/share/debconf/debconf.conf
/usr/share/doc/apt-utils/examples/apt-ftparchive.conf
. . .

Filter by time and size

The find command allows you to filter the result based on size and last modified time.

file size

To filter files by size, use the -size parameter.

You also need to add a suffix at the end of the value to indicate the size:

• c: byte
• k: kilobyte
• M: megabyte
• G: gigabyte
• b: blocks of 512 bytes

To find files exactly 50 bytes in size, type:

find / -size 50c

To find files that are smaller than 50 bytes, use the "-" symbol in front of the value:

find / -size -50c

Accordingly, to find files larger than 700 megabytes, use the + symbol in front of the value; the command looks like this:

find / -size +700M

Search based on time

Linux stores data about access time, modification time and change time.

• access time: time of the last access to the file (when the file was read or appended);
• modification time: time of the last modification of the file contents;
• change time: time of the last change of the inode of the file.

To filter files by time, use the "-atime", "-mtime" and "-ctime" parameters respectively.

Meaning this parameter indicates how many days ago the file was modified. As with file size, you can use the – and + symbols to get files modified less than or more than n days ago.

That is, to find a file whose contents were modified 1 day ago, use:

To list files that were accessed less than 1 day ago, use:

find / -atime -1

To find files whose inodes were changed more than three days ago, enter:

find / -ctime +3

There are also related options that let you specify minutes instead of days:

This will return files whose contents were changed a minute ago.

Additionally, the find command can compare files and output the newer ones:

find / -newer myfile

Search by owner and privileges

Using the find command, you can search for files by owner or file permissions.

For this, the parameters –user, –group, and -perm are used, respectively. For example, to find a file owned by a user named syslog, type:

find / -user syslog

Likewise, to list files belonging to the shadow group, use:

find / -group shadow

You can also search for files with special privileges.

To find a file with specific permissions, use:

find / -perm 644

This line will display all files with these rights.

To list all files whose privileges are greater than or equal to the specified ones, use the syntax:

find / -perm -644

This will return all files with additional privileges (for example, a file with privileges 744).

Filtering files by depth

To run the examples in this section, create a directory structure in the temporary directory. It should consist of three levels of directories, with ten directories on the first level. Each directory (including the test directory) must contain ten files and ten subdirectories.

To create such a structure, run the following command:

CD
mkdir -p ~/test/level1dir(1..10)/level2dir(1..10)/level3dir(1..10)
touch ~/test/(file(1..10),level1dir(1..10)/(file(1..10),level2dir(1..10)/(file(1..10),level3dir( 1..10)/file(1..10))))
cd ~/test

To review the structure you just created and check that everything was created correctly, use the ls and cd commands. Then return to the test directory test:

This section will show you how to extract specific directories from this structure. To get started, try a simple search for the file by name:

find -name file1







./level1dir7/level2dir8/level3dir6/file1
./level1dir7/level2dir8/level3dir5/file1

. . .

This command produced a fairly voluminous result. By passing this result to the counter, you can see that in the end 1111 files were output.

find -name file1 | wc -l
1111

Of course, in most cases this conclusion is too lengthy and inconvenient. Try narrowing it down.

To do this, you can use the –maxdepth parameter to set the maximum search depth:

find -maxdepth num -name query

To find file1 in level1 and higher directories, specify a maximum depth of 2 (1 for the top-level directory and 1 for level1 directories).

find -maxdepth 2 -name file1
./level1dir7/file1
./level1dir1/file1
./level1dir3/file1
./level1dir8/file1
./level1dir6/file1
./file1
./level1dir2/file1
./level1dir9/file1
./level1dir4/file1
./level1dir5/file1
./level1dir10/file1

As you can see, this result has a much more convenient appearance.

In addition, you can specify the minimum search depth:

find -mindepth num -name query

This is used to find files that are at the end of directory branches:

find -mindepth 4 -name file
./level1dir7/level2dir8/level3dir9/file1
./level1dir7/level2dir8/level3dir3/file1
./level1dir7/level2dir8/level3dir4/file1
./level1dir7/level2dir8/level3dir1/file1
./level1dir7/level2dir8/level3dir8/file1
./level1dir7/level2dir8/level3dir7/file1
./level1dir7/level2dir8/level3dir2/file1
. . .

Again, this result will contain a huge number of files (1000).

The maximum and minimum search depths can be combined to reduce the search range:

find -mindepth 2 -maxdepth 3 -name file
./level1dir7/level2dir8/file1
./level1dir7/level2dir5/file1
./level1dir7/level2dir7/file1
./level1dir7/level2dir2/file1
./level1dir7/level2dir10/file1
./level1dir7/level2dir6/file1
./level1dir7/level2dir3/file1
./level1dir7/level2dir4/file1
./level1dir7/file1
. . .

Executing and Combining Commands

The find utility allows you to execute any auxiliary command on all found files; The –exec option is used for this. The basic syntax looks like this:

find search_parameters -exec command_and_parameters () \;

The () characters are used as placeholders for found files. Symbols \; are used to allow find to determine where the command ends.

For example, you can find files with privileges 644 (as in the previous section) and change their privileges to 664:

cd ~/test
find . -perm 644 -exec chmod 664 ()\;

Then you can change the directory privileges:

find . -perm 755 -exec chmod 700 ()\;

To chain multiple results, use the -and or -or commands. The –and command is assumed if omitted.

find . -name file1 -or -name file9

Finding Files Using the Locate Command

The locate command is an alternative to find. This command is generally faster and can easily search the entire file system.

You can install this command using apt-get:

sudo apt-get update
sudo apt-get install mlocate

But why is the locate command faster than find? The thing is that locate depends on the database of files on the filesystem.

Typically, the cron script updates this database once a day; but it can also be updated manually. Run this command:

Remember: the database must be updated regularly so that it contains current data; otherwise, it will be impossible to find recently received or created files.

To find files using the locate command, simply use the following syntax:

The result can also be filtered.

For example, to return only files that contain the request itself, rather than listing every file that contains the request in the directories leading to it, you can use the -b flag (to search only basename, the base name of the file):

To have the locate command return only files that still exist on the file system (that is, files that were not deleted between the last time you ran updated and the current call to locate), use the -e flag:

To view the statistics cataloged by the locate command, use the –S option:

locate -S
Database /var/lib/mlocate/mlocate.db:
3,315 directories
37,228 files
1,504,439 bytes in file names
594,851 bytes used to store database

Results

The find and locate commands are excellent tools for finding files in UNIX-like operating systems. Each of these utilities has its own advantages.

Although the find and locate commands are very powerful on their own, they can be enhanced by combining them with other commands. Once you've learned how to use find and locate, try filtering their results using the wc, sort, and grep commands.

Tags: ,