In a Linux file system, there are two types of search concepts: Search for file names and search for specified content in a file. File Search is a very important feature in the use of the operating system. so today we will study it. I. search for files (I)... information &
In a Linux file system, there are two types of search concepts: Search for file names and search for specified content in a file. File Search is a very important feature in the use of the operating system. so today we will study it.
I. file search
(1) command search
In the previous section, we talked about the PATH variable, where some commands are located, and we often use the TAB key complementing function, you can also find related commands in these directories. However, we may not know where a command is located. if you want to find its location, you can find it.
Find the command file which
This command searches for the content in the directory set by the environment variable PATH.
Here there is a-a parameter, which lists all the commands found from the PATH variable directory, not just the first command name found.
In the RHEL6 system, you can run a command cp to the bin (self-built) Directory of the user's home directory, and then use which and which-a to find out, you will understand the meaning of the-a parameter.
Note: The full name of the command to be searched is followed by which. wildcards cannot be used.
If you want to use which to find the cd command, you will find that the cd command cannot be found,
[Root @ yufei ~] # Which cd
/Usr/bin/which: no cd in (/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin: /usr/bin:/root/bin)
Why? This command does not exist in the system. Why can I use this command? In fact, this cd command is not placed in the system PATH, but integrated into the shell. Of course not found. However, you can also view
[Root @ yufei ~] # Type cd
Cd is a shell builtin
This type is also a command in shell.
The type command is actually not a search command. it is used to identify whether a command is provided by shell or an independent binary file outside the shell. If a command is an external command, use the-p parameter to display the path of the command, which is equivalent to the which command.
(2) Common file search
Find, the file search command on Linux, is no less than the search on windows, but find is slow, and a lot of hard disk content needs to be read. In fact, in normal use, the common commands are not find, but whereis or locate, because they search for files by looking for data in the database, this speed will become faster, but these two files may not be able to find what we want, especially some new suggested files, because the database has not stored the relevant information. What should we do? it doesn't matter. in addition to regular updates, we can also manually update this database (updatedb ). Now let's take a look at the usage of these three commands.
Whereis searches for binary files, source code files, and help manual files in the database.
-S only searches for original code files.
-S <目录> You can only find the original code file in the specified directory.
-B only searches for binary files.
-B <目录> You can only search for binary files in the specified directory.
-M: only find the description file.
-M <目录> Find the description file only in the specified directory.
If the parameter is omitted, all information is returned.
Locate is also used to find files in the database, so there is no limit on the files.
-I case-insensitive
If the command is followed by a file name (character), all the files in the system that contain this character are listed during command execution. The name after this is equivalent to the same keyword.
[Root @ yufei ~] # Locate log
Will list a lot of content
This command can use wildcards, but it must be processed with "\". Otherwise, the current directory will be queried.
[Root @ yufei ~] # Pwd
/Root
[Root @ yufei ~] # Locate *. log
/Root/install. log
/Root/install. log. bak
/Root/install. log. syslog
/Root/Desktop/install. log
/Root/Desktop/install. log. syslog
The above Command finds all the files containing. log in the current directory (/root), whether or not it ends with. log
[Root @ yufei ~] # Locate \ *. log
This shows a lot of content, and finds all the files ending with. log in the system.
Although there is only one backslash, the results are indeed different.
If you want to use "?" The-B parameter is required. Of course, the above can also use the-B parameter.
[Root @ yufei ~] # Locate-B \????. Log
/Var/log/boot. log
/Var/spool/plymouth/boot. log
To facilitate your memory, we recommend that you use the-B parameter when using the wildcard number. In addition, you can change the backslash """
For example
Locate-B '????. Log'
Locate-B '*. log'
In this way, it can be integrated with the find command, saving everyone's confusion.
For more information about the differences between single quotes and double quotes, see the use of single quotes, double quotes, backquotes, and backslashes in shell.
Both of the preceding commands use/var/lib/mlocate. the database db is used to query the content. therefore, to obtain more accurate search results, the updatedb command is executed before each command, in this way, you will not find the deleted file or the newly created file.
Find is the most common and powerful search command. you can use it to find any file you want.
Syntax format:
Find <指定目录> <指定条件> <指定动作>
Common parameters
-Name filename: searches for files by file name
-Size [+-] The SIZE is greater than the SIZE (+) or smaller. The SIZE format is as follows:
C: represents byte, and k: represents 1024 bytes.
Therefore, to find a file larger than 50 kB, use-size + 50 kB.
-Type: search for a certain type of files (B, d, c, p, l, and other file types)
-Newer file: file is an existing file that lists new files than file files.
-Depth: When searching for a file, first find the file in the current directory, and then find the file in its subdirectory
-Prune uses this option to make the find command not to be searched in the specified directory. if The-depth option is used at the same time,-prune will be ignored by the find command.
Permission-related parameters
-Perm mode
-Perm-mode. The file permission found is greater than the reference permission (mode ).
-Perm + mode: searches for files that contain any mode (the permission indicated by a number). The file permission found is smaller than the reference permission (mode ).
User and group parameters
-User username: searches for files by file owner
-Uid n: find the file according to the UID of the file owner.
-Group groupname: searches for files based on the group to which the files belong.
-Gid n: Searches for objects based on the GID of the object group.
-Nogroup: find the file with no valid group, that is, the group to which the file belongs does not exist in/etc/groups.
-Nouser: find a file without a valid owner, that is, the owner of the file does not exist in/etc/passwd.
Time-related parameters
A total of-atime,-ctime and-mtime are described as-mtime. The other two are the same.
-Mtime n: n is a number, meaning that the content is changed before n days (n day ).
-Mtime + n: name of the files that have been updated before n days (excluding n days)
-Mtime-n: name of the file that has been updated within n days (including n days)
-N indicates that the file change time is less than n days from now.
+ N indicates that the file change time is earlier than n days ago.
N indicates the day when the file is changed.
It can be viewed to help you better understand it.
For example, list the files with updated content (mtime) in the last 24 hours.
Find/-mtime 0
That 0 is the focus, and 0 represents the current time, so from now until 24 hours ago.
Subsequent action parameters
-Exec command: command is another command.-exec can be followed by an additional command to locate the result found by Richard.
Format after the exec option: the command or script to be executed + a pair of "{}" + "one space" + one "\" + one semicolon ";".
Last style:-exec command {}\;
Note:
1. {} indicates the content found by find, and the result will be placed in {}.
2.-exec till \; is a keyword. Represents the start (-exec) of the find extra action to the end (\;). in the middle of this is the extra action in the find command.
3. because ";" is of special significance in the bash environment, it is escaped using a backslash.
The following are examples:
1. search for all the files in the/etc directory and use ls-l to list them.
[Root @ yufei ~] # Find/etc/-type f-exec ls-l {}\;
2. in the/var/log/directory, find the files whose modification time was earlier than 5 days and delete them.
[Root @ yufei ~] # Find/var/log/-type f-mtime + 5-exec rm {}\;
If you want to perform this operation, we recommend that you use ls to use rm for security purposes. if you are sure there is no problem, of course there is no problem. you can use any command. Of course, there is also a validation function. let's take a look at this-OK
3. in the/var/log/directory, find all file names ending with. log, change them for more than five days, and delete them. a prompt is displayed before deletion.
[Root @ yufei ~] # Find/var/log/-name '*. log'-mtime + 5-OK rm {}\;
At this time, if the corresponding file is found, the deletion prompt will be displayed. press y to delete the file, and press n to not delete the file.
4. search for all passwd files to see if a user exists in these files.
[Root @ yufei ~] # Find/etc-name "passwd *"-exec grep "yufei "{}\;
5. find the files under/etc with a file size ranging from 50 K to 60 K, and list the permissions in full.
[Root @ yufei ~] # Find/etc-size + 50 k-a-size-60 k-exec ls-l {}\;
That-a means and, only in line with the two
6. find the files with a capacity greater than 1500 K and a capacity equal to 0 under/etc.
[Root @ yufei ~] # Find/etc-size + 1500 k-o-size 0
The-o is or (or) relative to-.
Xargs
When you use the-exec option of the find command to process matched files, the find command passes all matching files to exec for execution. However, some systems have limits on the length of commands that can be passed to exec, so that an overflow error will occur after the find command runs for several minutes. The error message is usually "the parameter column is too long" or "parameter column overflow ". This is the use of the xargs command, especially used with the find command.
Let's look at several examples.
1. find and delete the file named core in the/tmp directory.
[Root @ yufei ~] # Find/tmp-name core-type f-print | xargs/bin/rm-f
2. search for all files with read, write, and execution permissions under the current directory, and revoke the corresponding write permissions.
[Root @ yufei ~] # Find.-perm-7-print | xargs chmod o-w
3. use the grep command to search for the hostname in all common files.
[Root @ yufei ~] # Find/-type f-print | xargs grep "hostname"
[Root @ yufei ~] # Find/-name \ *-type f-print | xargs grep "hostnames"
In fact, these two commands share the same meaning. As we mentioned earlier, the backslash "\" is used to cancel the special meaning of * in shell in the find command.
Through some examples above, the find command works with exec and xargs to allow users to execute almost all the commands on the matching files. In addition, there are corresponding help instructions in the help file of find. For more information, see.
2. search for keywords in files
Grep (global search regular expression (RE) and print out the line, full search for regular expressions and print out rows) is a powerful text search tool, it can use regular expressions to search for text and print matching rows.
We haven't learned the regular expression yet. here we just give a few simple examples to let you know about grep.
1. search for yufei user information in/etc/passwd.
[Root @ yufei ~] # Grep yufei/etc/passwd
Yufei: x: 500: 500: yufei:/home/yufei:/bin/bash
2. view the system log/var/log/message file, and search for the log content for January 1, February 12.
[Root @ yufei ~] # Cat/var/log/messages | grep 'Feb 12' | more
In this example, we use the management symbol and paging command.
Through the above explanation, you will find that the search on the Linux system is no less than a windows system with a graphic interface. is it more and more like a Linux system. Today's content focuses on practice, deepen understanding through practice, and solve problems in practice
From Yu Fei's blog