Linux Find command detailed

Source: Internet
Author: User

Find detailed
The Linux system has two commands to find files on the file system that match the query criteria:
    • Locate

    • Find

1. Locate command

The locate command is primarily used to find system files with the following operating characteristics:

    • Find Fast. The locate command is a file query based on a file directory index database built outside of the Linux file system, that is, the locate command relies on a pre-built index library rather than simply traversing all files under the Linux system for file lookups.

    • Fuzzy Lookup. If you search without any parameters, all directories and files containing the search characters will be searched.

    • Non-real-time lookups. The index database for locate is updated by the UpdateDB program and is set up periodically by Cron daemon to update tasks rather than live updates. The update time is usually evening. If the file is created or updated on the same day, because the task execution time is not updated periodically, it is generally not possible to find the file with the locate command.

Another two points to note is that the index database file for the Locate command is in the "/var/lib/mlocate" directory and may vary depending on the Linux system location. The second is that the updatedb command indexing process needs to traverse the entire root file system, consuming resources extremely.

1.1. Command format

Locate [ parameters ] ... PATTERN ...

1.2. Common options

"Locate-c", indicating the total number of results recorded in the search for statistics
示例:locate -c sh*
Search for the number of files beginning with all sh in the current directory

"Locate-b", which represents a file that only matches the base name in the path that contains the search character

"Locate-r", indicating the criteria for finding using regular expressions
示例:[[email protected]~]# locate -r makefile$
Find files ending in makefile

2. Find command

Find is a real-time Find File tool that accomplishes file lookups by iterating through the file system hierarchy under the specified starting path. The Linux Find command provides quite a lot of search criteria and is powerful. But when running a very resource-intensive find command, it's best to put it in the background, because traversing a large file system can take a long time.

2.1. Command format

Find [OPTIONS] [ find starting path ] [ find condition ] [ processing action ]

    • find the starting path : Specify the specific search target starting path, default to the current directory;

    • Find criteria: The specified lookup criteria can be based on file name, size, type, affiliation, permissions, and so on, the default is to find all the files under the specified path;

    • handling Actions: Actions that are made on files that match the search criteria, such as deletions, are output to standard output by default.

2.2. Find conditions

The expressions for finding criteria are generally divided into two types, namely, options and tests.

Test: The result is usually a Boolean ("true", "false") 1) combination test:

    • With:-A, the result is true only if all the conditions are met. The combination logic for the default lookup criteria.

    • Or:-o, the result is true as long as one meets the criteria.

    • Non:-not, lookup condition reversed.

示例1:find /tmp -not -user root -type f
Identify all files in the/tmp directory that are not root;

示例2:find /tmp -not -name "fstab" -type f
Locate the file in the/tmp directory that does not contain the Fstab string, and the default lookup condition combination is-a.

示例3:find /tmp -not -user root -a -not -name "fstab" -type f
Find files in the/TMP directory where the main is non-root and the file name does not contain the Fstab string. The example can also achieve the same effect with a command like this:find /tmp -not \( -user root -o iname "fstab" \) -a -type f
Where the two backslashes next to parentheses \ are used for escaping. And the combination logic is as follows:
! A-a! B =! (A-o B)
! A-o! B =! (a-a b) options are generally available in the following categories: 1). Search by file name

    • -name "pattern"
      Find files that match the pattern content
       示例:find /etc -name "shadow"
      Find files named Shadow in/etc directory;

    • -iname "pattern"
      File name matching pattern ignores case
       示例:find /tmp -iname "test"
      Find files with file name test and ignore case in/tmp directory

Here, there are two points to note:

    • Finds wildcard characters that support the glob style , rather than wildcards for regular expressions, based on the file name.
      示例:find /etc/ -name “sh*”
      Look for files that start with SH in the/etc path.

    • When the lookup condition is-regex pattern: finds the file based on the regular expression pattern, matching the entire path, not just the name of the file you are looking for. In fact, with the locate command can also achieve the same purpose, find the path efficiency will be higher, find faster, so this search criteria parameters generally used not much.

2). Find based on file affiliation

  • -user USERNAME Find all files or directories owned by the owner for the specified user;

     示例:find /tmp -user root

  • -group GRPNAME Find all files or directories belonging to the specified group;

     示例:find /tmp -group gentoo

  • -uid The uid finds all files or directories belonging to the specified UID of the master;

     示例:find /etc/ -uid 3000

  • -gid gid finds all files or directories belonging to the specified GID group;

     示例:find /tmp -gid 4001

  • -nouse Find files or directories that are not owned by the master;
     示例:find /tmp -nouser
    Find files or directories that are not owned by the/tmp directory

  • -nogroup
    Find files or directories that are not owned by a group;
     示例:find /tmp -nogroup
    Find files or directories in the/TMP directory that are not owned by a group

3). Search by File type

-type TYPE
F: Normal file
D: Catalog file
L: Symbolic Link file
B: Block device files
C: Character device file
P: Pipeline File
S: Socket file

示例1:find /etc -name "sh*" -type f
Find files with file names starting with SH in/etc directory

示例2:find /etc -type l
Find all symbolic connection files in the/etc directory

示例3:find /dev -type c
Find all character device files in the/dev directory

4). Search by File size
The format is:-size [+|-] #Unit, where # represents a value, unit represents units
Common units: K,m,g, default units are bytes

#Unit: Indicates that size range is (#-1,#], such as-size 4M, which indicates the file size to find is 3m< file ≤4m

-#Unit: Indicates that size range is [0,#-1], such as-size-4m, which indicates that the file size to find is 0m≤ file ≤3m

+ #Unit: Indicates that size range is (#,oo), such as-size +4m, which indicates the file size to find is a file >4m

5). Find by Time stamp

In "Days" as the unit:
The format is:
-atime [+|-]#, which indicates that a file has been accessed at a specified time, meaning that the file has been read;
-mtime [+|-]#, a file that has been altered at a specified time, meaning that the contents of the file have been changed;
-ctime [+|-]#, which indicates that a file has been changed at a specified time, meaning that the file permissions have been changed;

Note the point:

    • #表示一个单位24小时.

    • The time is a unit of 24 hours. Note that the lookup time is pushed back at the point in time of the current execution of the command as the starting point.

    • For example, start looking for a file of a specified time range on May 20, 2017 12:00 o ' Day.
      #: For example,-atime 3, to find out the 3rd day of access to the file, the time range is 2017/05/16 12:00~2017/05/17 12:00, (that is, from the point of execution command time to push forward 72-96 hours)
        示例:方法一: find /var/log/ -atime 3 -type f -print       方法二:find /var/log/ -atime +2 -mtime -4 -type f -print

-#:-atime-3, for example, identifies files that have been accessed within 3 days , the time range is 2017/05/17 12:00~2017/05/20 12:00, (i.e. 0-72 hours from the time of execution of the command point forward)
  示例:find /var/log/ -atime -3 -type f -print   

+#:-atime +3, for example, identifies files that were accessed 3 days ago , in the time range of 2017/05/17 12:00 (that is, >72 hours from the point at which the command was executed to push forward)
  示例:find /var/log/ -atime +3 -type f -print

Other examples:
示例1:find / \( -nouser -o -nogroup \) -atime -7 -ls
Find files or directories on the current system that are not owned by the owner or group and have been visited in the last week.

示例2: find /etc -mtime -7 -a not \( -user root -o -user hadoop \) -ls
Find files or directories for the most recent week in the/etc directory whose contents have been modified and are neither the main booth nor the root user nor the Hadoop user

The use of-atime-mtime-ctime is similar.

In "Minutes" units:
The format is:
-amin [+|-]#
-mmin [+|-]#
-cmin [+|-]#
The usage is consistent with the usage in "days", except that the unit becomes the number of minutes.

6). Search by permissions
Format is:-perm [/|-]mode
Mode: indicates exact permission match;
/mode: Indicates that any one (r,w,x) in the permission of any user (User,group,other) is satisfied with the condition. There is a "or" relationship between 9-bit permissions;
-mode: Indicates that each of the users (User,group,other) in the permissions of each bit (R,W,X) meets the condition at the same time. There is a "and" relationship between 9-bit permissions;

示例1:find ./ -not -perm -222 ls
Indicates that there are at least one class of users in the current directory that do not have W permissions

示例2:find ./ -perm -222 -ls
Represents a file that finds the W permission for each class of user in the current directory

2.3. Handling Actions
  • -print: Output to standard input, as the default action;

  • -ls: Similar to the "ls-l" command for the found file, the output file details;

  • -delete: Delete the found file;

  • fls/path/to/somefile: Saves the long format information of all files found to the specified file;

  • -ok COMMAND {} \; : Executes commands for each file found, and each operation is confirmed by the customer; curly braces indicate references to files found;
    示例:find ./ -nouser -a -nogroup -ok chown root:root {} \;
    Indicates that a file is found that is not owned by the current directory and is not a group, and that both the owner and the group are changed to root. '

  • -exec COMMAND {} \; : Executes command-represented commands for each file found, unlike-ok command {}/; the difference is that the customer is no longer required to confirm each operation.
    示例:find ./ -perm /002 -exec mv {} {}.danger \;
    Represents a file that finds the W permission for other users in the current directory and renames it as the original name. Danger

Note: When find passes the file path found to the following command, it is the first time to find out all eligible file paths and pass them to the following commands at once, but some commands cannot accept too long arguments, and the command execution will fail;

    • Find | Xargs COMMAND

      When a matching file is processed using the-EXEC option of the Find command, the Find command passes all matching files to exec execution. However, some systems have a limit on the length of the command that can be passed to exec so that an overflow error occurs after the Find command runs for a few minutes. The error message is usually "parameter column too Long" or "parameter column overflow". This is where the Xargs command is used, especially with the Find command.

      The find command passes the matched file to the Xargs command, and the Xargs command takes only a subset of the files at a time instead of all, unlike the-exec option. This allows it to first process a portion of the file that was first fetched, then the next batch, and so on.

      In some systems, the use of the-EXEC option initiates a corresponding process for processing each matching file, not all of the matching files are executed once as parameters, so that in some cases there will be too many processes and degraded system performance, so the efficiency is not high;

      With the Xargs command, there is only one process. In addition, when using the Xargs command, whether to get all the parameters at once or to get the parameters in batches, and the number of parameters to get each time will be determined according to the command's options and the corresponding tunable parameters in the system kernel.

示例:find /tmp -perm /002 -type f | xargs chmod o-w
Find the other user with W permission under/tmp and write permission to it

This article is from the "sink-to-life another starting point" blog, be sure to keep this source

Linux Find command detailed

Related Article

E-Commerce Solutions

Leverage the same tools powering the Alibaba Ecosystem

Learn more >

Apsara Conference 2019

The Rise of Data Intelligence, September 25th - 27th, Hangzhou, China

Learn more >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.