Linux File Lookup tool find command usage

File Lookup:

Operators in the operation of the operating system, to contact a large number of files, in order to avoid the embarrassment of forgetting the location of file storage, we need a file to find tools to help, the following is two files to find tools for detailed, locate and found, respectively, to share to everyone.

The first tool: Locate

Locate–find Files by name

Locate's work relies on a previously constructed index library, while locating files directly searches for the location of the files recorded in the index library;

Index Library Location:/var/lib/mlocate/mlocate.db

Building the Index Library:

Automatic implementation of the system (periodic task);

Update the database manually (UpdateDB), but the process of indexing construction needs to traverse the entire file system, which is extremely consuming system resources;

Updatedb–update a database for mlocate;

Working characteristics:

Query speed, but not necessarily accurate, can not match the creation of the database after the creation of files;

Non-real-time lookup, can not real-time feedback on the current file system file status;

How to use:

Locate [OPTIONS] FILE.

Options:

Default command: Search for files with keywords

-I: Ignore case

-N #: List only the first # of search results

-C: Count the number of search results

-B: Match only base names in the path

-R: Write matching pattern based on basic regular expressions

[root@wen-7 ~] # locate-c "passwd"
165
[root@wen-7 ~] # locate-c "Inittab"
4
[root@wen-7 ~] # locate-b "Inittab"
/etc/inittab
/usr/local/share/man/zh_cn/man5/inittab. 5
/usr/share/augeas/lenses/dist/inittab. Aug
/usr/share/vim/vim74/syntax/inittab vim.
[root@wen-7 ~] # locate-r "/passwd
The second tool: find

Find:find–search for files in a directory hierarchy

Mode of work: through the disk in the specified starting path under the file system hierarchy to complete the file lookup;

Working characteristics:

The search speed is slow;

Accurate search;

Real-time search;

How to use:

Find [-h] [l] [P] [D-debugopts] [-olevel] [path ...] [Expression]

fing [OPTIONS] [Find starting path] [find conditions] [handling actions]

Find start Path: Specifies the start path of the specific search target; the default current directory;

Find criteria: Specify the lookup criteria, which can be based on the file name, size, type, dependencies, permissions, and other criteria, default to the specified directory of all the conditions

Handling actions: Actions that are made to a qualifying file, such as deletions, default to output to standard output

Find condition Description:

Include options and test conditions in the form of an expression

Test: The result is usually Boolean data ("True" "Fales")

Default multi-condition parallel execution, rather-a relationship with

(1) Find out according to file name Note: Support Glob style wildcard character

-name "pattern": Case sensitive

-iname "pattern": does not distinguish between the case of a name,

-inum N: Find Find-inum by inode number 21321321

-samefile Name: file with the same inode number Find-somefile AAA

-links N: A file with a link number of n find-link 3

-regex "Patten": Looking for files based on regular expression patterns, matching is the entire path, not just its name; Find-regex ". *\.sh$"

[Root@w7 ~] # find/etc-iname "passwd"
/etc/passwd
/etc/pam. d/passwd
[Root@w7 ~] # find/etc-iname "*PASSWD"
/etc/passwd
/etc/pam. d/passwd
/etc/security/opasswd
[Root@w7 ~] # find/etc-iname "passwd*"
/etc/passwd
/etc/passwd-
/etc/pam. d/passwd
[Root@w7 ~] # find/etc-iname "passwd?"
/etc/passwd-
[Root@w7 ~] # find/etc-iname "passwd[[:p Lace:]]"
[Root@w7 ~] #
(2) Search based on file dependencies

-user Username: Find all files belonging to the primary designated user;

-group groupname: Find all files of a group of assigned users;

-uid uid: Finds all files that are of the primary specified UID;

-gid GID: Finds all files of a group-specific GID; #find/etc-gid 5000
-nouser: Find files that have no owner #find/etc-nouser

-ngroup: Find files with no group #find/etc-nogroup

[Root@w7 ~] # find/var/tmp/-user CentOS #属主查找
/var/tmp/test/a. CentOS
/var/tmp/test/b. CentOS

[Root@w7 ~] # find/var/tmp/-group mygrp-ls #属组查找
Drwxrwsr-t 2 root Mygrp 04:43/var/tmp/test
-rw-rw-r--1 CentOS mygrp 04:43/var/tmp/test/b. CentOS
-rw-rw-r--1 Fedora mygrp 0 04:43/var/tmp/test/b. Fedora

[ROOT@W7 ~] # ID CentOS #UID查找
uid=1001 (CentOS) gid=1001 (CentOS) groups =1001 (CentOS), 1003 (MYGRP)
[Root@w7 ~] # find/var/tmp/-uid 1001
/var/tmp/test/a. CentOS
/var/tmp/test/b. CentOS

[Root@w7 ~] # Tail-n2/etc/group #GID查找
Mygrp:x:1003:centos,fedora
HODOOP:X:1004:
[Root@w7 ~] # find/var/tmp/-gid 1003
/var/tmp/test
/var/tmp/test/b. CentOS
/var/tmp/test/b. Fedora

[root@wen-7 ~] # Find/etc-nouser #没有属主
[root@wen-7 ~] # Find/etc-nogroup #没有属组
(3) Find by file type

-type type: Combined action-ls Use to view file details

F: Ordinary Documents
D: Table of Contents

L: Linked files

B: Block device files
C: Character device files

S: Socket file
P: Pipe File

Example: Find/-name "*int*"-type d-ls

Find/-type B

Combination test:

With:-A default combination operation logic: both set up

Or:-O conforms to one of the items

Non:-not or "!" Take the counter

The law of De Morgan:

Non-A or non-B = Non (A and B)

Non-A and b= non-(A or B)

! A-a! b=! (A-o B)

! A-o! b=! (A-a B)
Exclude a directory:
find/etc/-path/etc/bin-a-prune-o name "*.sh"-print
Cut the/etc/bin, don't search, find the name in the remaining catalogue. sh file

Exercise: Find a file that is not root/etc/subordinate, and the file name does not contain fstab

[root@wen-7 ~] # find/etc/! -user root-ls-a-not-name "Fatab"
1233465 0 drwx------2 polkitd Root 63 July 19:07/etc/polkit-1/rules. D
34785013 8-rw-------1 TSS TSS 7046 November 2015/ETC/TCSD. conf
35135850 0 drwx--x--x 2 sssd SSSD 6 November 2015/ETC/SSSD
(4) Find according to file size

-siza[+|-] #UNIT: Common units: K,m,g

#UNIT: (#-1,#] equals number

-#UNIT: [0,#-1) less than number
+ #UNIT:(#,00) greater than number

-empty: Find empty files.

[root@wen-7 var] # find/etc/-size-4k-a-exec ls-lh {} \;
-rw-r--r--. 1 root root 465 July 18:59/etc/fstab
-RW-------. 1 root root 0 July 18:59/etc/crypttab
lrwxrwxrwx. 1 root 17 July 18:59/etc/mtab->/proc/self/mounts
-rw-r--r--1 root root 228 July 18:31/etc/resolv. conf
[Root@wen-7 usr] # find/etc/-size 4k-a-exec ls-lh {} \;
[Root@wen-7 usr] # find/etc/-size 4k-a-exec ls-lh {} \;
(5) According to the time stamp to find

In days

-atime [+|-]#: [#,#-1]

7 [7,8] [#,#+1]
-7 [0.7] [0,#]
+7 [8,+∞] [#+1,∞]

-mtime

-ctime
In minutes
-amin
-mmin
-cmin

(6) According to the right to find

-perm [/|-]mode:

Mode: Exact lookup of-perm-664 file permissions exactly conforms to mode (mode is a octal representation of file permissions). 0 means that the permissions are not related to their location

/mode: Any one of the user (U,g,o) permissions (RWX) meets the condition that the file Permissions section conforms to mode

A "or" relationship exists between 9-bit permissions
-mode: Each type of user (U,g,o) in the permissions of each (E,W,X) at the same time meet the condition is satisfied;

The "and" relationship file permissions exist between 9-bit permissions exactly as mode.

As long as anyone has write permission, Find-perm +222 will match

• find-perm-222 match only if everyone has Write permission

• find-perm-002 match only if other people have write permission

[root@wen-7 ~] # Find. -perm 644
./.bash_logout./.bashrc./.CSHRC./.TCSHRC
[root@wen-7 ~] # Find. -perm-644
./.bash_logout./.bashrc./.CSHRC./.TCSHRC
./.CACHE/ABRT
./.cache/abrt/applet_dirlist
[root@wen-7 ~] # find/tmp/-perm/222
/tmp//tmp/log/tmp/log/tallylog/tmp/log/lastlog
Handling actions

-print: Output to standard output, default action

-ls: is similar to executing the "ls-l" command on the found file, outputting the file details.
-delete: Delete the found file;
-fls/path/to/somefile: Save long format information for all files found to the specified file
-ok COMMAND {} \; : Executes command-represented commands for each file you look for, with user confirmation for each operation;
-exec COMMAND {} \; : commands are executed for each file that is searched;
Example: Find-perm-222-exec cp {} {}.bak \;

Note: Find passes the found file path to the following command, it is first to find all eligible file path, and pass to the following command;

However, some commands do not accept too long parameters, at which point the command execution fails, and another way to circumvent this problem.
Find | Xargs command Learn Xargs commands

[root@wen-7 ~] # find/tmp-name "qwe.sh"-type f-delete
[root@wen-7 ~] # ls/tmp/
Hogsuspend Log

[root@wen-7 ~] # find/etc/! -perm/222-type f-fls/tmp/qwe.sh
[root@wen-7 ~] # cat/tmp/qwe.sh
33885564 196-r--r--r--1 root 198453 July 19:02/etc/pki/ca-trust/extracted/java/cacerts
67923558 352-r--r--r--1 root root 359773, July 19:02/etc/pki/ca-trust/extracted/openssl/ca-bundle. Crt
[root@wen-7 ~] # find/etc/! -perm/222-type f-ok ls-lh {} \;
< ls .../etc/pki/ca-trust/extracted/java/cacerts >? Y
-r--r--r--. 1 root 194K July 19:02/etc/pki/ca-trust/extracted/java/cacerts
< ls .../etc/pki/ca-trust/extracted/openssl/ca-bundle. trust.crt >? Y
-r--r--r--. 1 root 352K July 19:02/etc/pki/ca-trust/extracted/openssl/ca-bundle. trust.crt
< ls .../etc/pki/ca-trust/extracted/pem/tls-ca-bundle. Pem >? Y
[root@wen-7 ~] # find/etc/! -perm/222-type f-exec ls-lh {} \;
-r--r--r--. 1 root 194K July 19:02/etc/pki/ca-trust/extracted/java/cacerts
-r--r--r--. 1 root 352K July 19:02/etc/pki/ca-trust/extracted/openssl/ca-bundle. trust.crt
-r--r--r--. 1 root 261K July 19:02/etc/pki/ca-trust/extracted/pem/tls-
Xargs command:

The main function of this command is to build and execute shell commands from the input.

When you use the-EXEC option of the Find command to process matching files, the Find command passes all matching files to exec execution. However, some systems have limits on the length of commands that can be passed to exec, so that an overflow error occurs several minutes after the find command has been run. The error message is usually either "too long" or "parameter column overflow." This is the use of the Xargs command, especially with the Find command.

The Find command passes the matching file to the Xargs command, and the Xargs command gets only a portion of the file at a time instead of all, unlike the-exec option. This allows it to process the first part of the file, then the next batch, and so on.

In some systems, using the-EXEC option initiates a corresponding process for processing each matching file, rather than executing all the matching files as parameters, so that in some cases there will be too many processes to degrade the performance of the system, thus inefficient;

With the Xargs command, there is only one process. In addition, when using the Xargs command, whether to get all the parameters at once, or get the parameters in batches, and each time the number of parameters will be obtained according to the option of the command and the corresponding adjustable parameters in the system kernel.

#查找当前目录下的每一个普通文件, and then use the Xargs command to test which types of files they belong to.

root@wen-7 ~] # Find. -type F-print | Xargs file
. /users2:ascii text
. /datafile3:empty
. /users:ascii text
. /test. Tar. Bz2:bzip2 compressed data, block size = 900k
#回收当前目录下所有普通文件的执行权限.

[root@wen-7 ~] # Find. -type F-print|xargs chmod a-x
[Root@wen-7 ~] # LL
Total dosage 8-rw-r--r--1 root 0 July 11:38 ad
-rwsr--r--1 root root 2620 July 10:10 passwd. bak
Drwxr-xr-x 2 root 6 July 12:31 qwe drwxr-xr-x 2 root root 4096 July 20:10 shell drwxr-xr-x 2 root root 125 July 16:02 Shlianxi
#在当面目录下查找所有普通文件, using the grep command to find the word hostname in the searched file

[root@wen-7 ~] # Find/etc-type F-print | Xargs grep "hostname"
Practical Walkthrough:

1. Find all files or directories whose/var/directory is root and the array is mall;

[root@wen-7 ~] # find/var/-user root-a-group Mail
/var/spool/mail/var/spool/mail/root
2. Find all files or directories that do not belong to Root,bin, or Hadoop, in the/usr directory, in two ways

[root@wen-7 ~]# find/usr/-not \ (-user root-o-user bin-o-user hadoop\) [root@wen-7 ~]# find/usr/-not-user] Root-a -not-user bin-a not-usr Hadoop
3. Find files or directories whose files have been modified in the last week of the/etc/directory and are not user of the root or Hadoop

[Root@w7 ~] # Find/-mtime-7-A! -user root-a! -user Hadoop
4. Find files or directories on the current system that have no owner or group and have been accessed in the last week
[root@wen-7 ~] # Find/-nouser-o-nogroup-a-atime-7
[root@wen-7 ~] #find/\ (-nouser-o-nogroup\)-atime-7-ls
5, find all files in the/etc/directory that are larger than 1M and are of type normal files

[root@wen-7 ~] # find/etc/-size +1m-a-type f-ls
[root@wen-7 ~] # find/etc/-size +1m-type f-exec ls-lh {} \;
6, find files in the/etc/directory where all users do not have write permissions

[root@wen-7 ~] # find/etc/! -perm/222
7. Find files in the/etc/directory where at least one type of user does not have permission to execute

[Root@w7 ~] # find/etc/! -perm-111-type F-ls
8. Find all files in the/ETC/INIT.D directory where all users have execute permissions and other users have write permissions.

[root@wen-7 ~] #find/etc/-perm-111-a-perm-002-type f-ls
[root@wen-7 ~] #find/etc/-perm-113-type f-ls