---text lookup for linux text processing

• File Lookup

So-called file lookups are based on the various attributes of a file to find the corresponding file under a specific path.

i. how files are searched

• Real-time lookup: Traverse all files for conditional matching. The search is accurate, but the speed is slow.

This lookup is implemented by the Find command.

• Non-real-time lookup: Search by index. The lookup is fast, but the lookup is not accurate.

This lookup locate command, which relies on the index lookup only, is created by the system automatically when the system is idle. Command-Upadtedb To manually update the database.

Second, real-time search

Implemented by the Find command. Find is to find the corresponding file in the find path according to the search criteria, and make corresponding actions according to the processing action.

usage:find [Options] ... [Find Path] [Search Criteria] [Handling Action]

Find path: Default is current path

Find condition: Default is all files under the specified path

Handling actions: Display to the screen when the default processing action occurs

Find condition Type:

Find condition Type	Specific meaning	Example
-name -iname	Wildcard characters supported -name file name -iname file name (case insensitive)	Finds the file name at the beginning of the current path Find./-name "s*" Find the current path under s| File name starting with S Find./-iname "s*"
-uid-user-nouser -gid-group-nogroup	-uid based on the file owner's UID Lookup -user based on the file owner name -nouser There are no documents belonging to the Lord	Find the main UID of the file under the current path is 500 files Find./-uid 500 Find files that do not have a master file under the current path Find./-nouser
-type	-type Search by file type File type: f,d,l,b,c,s,p	Find files that are directories under the current path Find./-type D
-size	-size Search by File size -size 12M Exact lookup (11-12m between all) -size +12m files larger than 12M -size-12m files less than 12M	Find files with file name s beginning with the current path and greater than 100G Find./-size +100g-a-name ' s* '
-atime-mtime-ctime -amin-mmin-cmin	-atime based on access time to find units is days,-amin units are divided into -mtime-mmin File Content Modification time -ctime-cmin File metadata Information modification time -atime 2 modification time is 2 days ago (2-3 days) -atime-2 modification time is within 2 days -atime +2 modification Time is 3 days away (>3 days)	Find the contents of the/etc/directory in the last week find/etc/-mtime-7 Find the contents of the/etc/directory in the last week without modification find/etc/-mtime +7
-perm	-perm Search based on file permissions -prem 644 file permissions are 644. -prem +222 As long as there is any kind of user-writable permissions (222 corresponding permissions are-w--w--w-, find the permissions of the file, as long as there is a corresponding bit W permission can be) -prem-222 Each user has at least write permission, owner, group, and each other has at least writable permission	Find/etc/directory files for which all users do not have write permission find/etc/-not-perm +222 Find files for/etc/directory All users can write permissions find/etc/-perm-222

Note: When using a find condition, you can use the combination criteria query:-A (&&),-O (| |),-NOT (!).

Handling actions:

Handling actions	Specific meaning	Example
-print	Default processing action, printing	find/etc/-mtime-7-print
-exec	-exec COMMAND {} \; Find all eligible files at once and pass them together to CMOMANDD as a parameter	find/etc/-mtime-7-exec rm-f {} \;
-ok	-ok COMMAND {} \; As with exec, it's just a hint when you execute a command.	find/etc/-nane ' I. UE '-ok rm-f {} \;

When using the Exex OK parameter, some commands accept parameters that have a limited length and a similar message that "parameter list is too long" appears during operation. You need to xargs with another command at this point. The usual usage is find [option] [Find path] [Search criteria] | Xargs COMMAND.

The execution process is: The Find command passes the matched file to the Xargs command, and the Xargs command takes only a subset of the files at a time, not all, unlike the-exec option. This allows it to first process a portion of the file that was first fetched, then the next batch, and so on.

In some systems, the use of the-EXEC option initiates a corresponding process for processing each matching file, not all of the matching files are executed once as parameters, so that in some cases, there are too many processes and degraded system performance, so the efficiency is not high , while using the Xargs command, there is only one process. In addition, when using the Xargs command, whether to get all the parameters at once or to get the parameters in batches, and the number of parameters to get each time will be determined according to the command's options and the corresponding tunable parameters in the system kernel.

Third, non-real-time search

It is a fuzzy match to find by using the Locate command.

usage:locate [option] ... [PATTERN] (wildcard character)

Common parameters:

-d Specifies the path to the database (index), which is/var/lib/mlocate/mlocate.db by default

-B ' \name ' exact match

[Email protected] ~]# locate-b ' \root '/root/etc/selinux/targeted/contexts/users/root/usr/src/kernels/2.6.32-358. el6.x86_64/include/config/usb/ehci/root/var/spool/cron/root/var/spool/mail/root## #locate ' root ' If this is the case, the query is * root* this pattern

We generally use exact lookups, so we only have a general understanding of locate.

Iv. Practice

#1, find the/var/directory belongs to the main CentOS and belong to the group mail all files;  find /var -user centos -a -group mail#2 , look for files that do not belong to root, bin, or Hadoop in the/usr directory; find /usr -not -user root -a -not -user  bin -a -not -user hadoop# the parentheses need to be escaped here, and there are spaces before and after the parentheses find /usr -not \ (  -user root -o -user bin -o -user hadoop \) #3, find/etc/ Files that have been modified in the last week in the directory and are not rooted and not part of Hadoop; Find /etc -mtime -7 -a -not \ ( -user  root -o -user hadoop \) #4, find files on the current system that are not owned by the master or group, and have been visited in the last 1 months; Find / \ ( - nouser -o -nogroup \)  -a -atime -30#5, find all files that are larger than 1M in the/etc/directory and are of the normal file type; find /etc  -size +1m -type f#6, find/etc/directory All users do not have permission to write files; find /etc/ -not -perm +222 #7, find at least one class of users/etc/directory has no write permission; find /etc/ -not -perm -222#8, find/etc/init.d/directory, All users have Execute permissions and other users have write permission to the file; find /etc/init.d/ -perm -113 

This article is from the "After Dark" blog, be sure to keep this source http://guoting.blog.51cto.com/8886857/1437432