Find Command Usage and Examples in linux

Sarath Pillai's picture
find command in linux

Searching for files is a very normal and a necessary task in any operating system. People who are novice in Linux, find this task a difficult one, just because they are unaware of the command line strength.

Most of the Linux distribution's comes prepacked with the "find" command tool to search for files. The problem with find command is that, it accepts a lot number of command line options and arguments, which makes it almost impossible to remember them all in one go.

And the foremost thing a user expects from any file searching tool is that, he should get the results immediately with least overhead in remembering search options. New users of find command find it irritating because it dumps a lot of output on the screen when searched with no argument. I have tried to compile some the find command usage and its examples in this post. I recommend bookmarking this, for your "find" command reference.

Let's see what happens when you just type the command find in your Linux machine.

[root@localhost ~]# find
.
./.bash_profile
./.tcshrc
./.gconf
./.gconf/apps
./.gconf/apps/gnome-session
./.gconf/apps/gnome-session/%gconf.xml
./.gconf/apps/gnome-session/options
./.gconf/apps/gnome-session/options/%gconf.xml
./.gconf/apps/%gconf.xml
./.bash_logout
./.gconfd
./.gconfd/saved_state
./install.log
./.bash_history
./.cshrc
./.bashrc
./install.log.syslog

You can see from the above output that the find command just gave me the full directory path listing of my current directory where i ran the command.

search for a file by its name, in a location,by using find command.

[root@localhost ~]# find /var/ -name mail
/var/spool/mail
/var/log/mail
/var/mail

the first argument, (/var) is the path where find command will search.

the second argument -name is used to specify the string which will be used to search the filename.

the third argument "mail" is the "string" that find command will look for, as filename, in /var directory

Search for a file in the entire machine with find command

So if you want to search the same string in the whole machine, then you need to give "/" as the second argument to search the full file system.

[root@localhost ~]# find / -name mail
/usr/share/emacs/21.4/lisp/mail
/var/spool/mail
/var/log/mail
/var/mail
/etc/mail
/bin/mail

An important fact to note here is that, if the above command is run by a normal user, you will be shown a lot of permission denied messages, as normal user do not have permission on the entire system.

Search Multiple Locations using find command

If you want to search multiple locations with find command in Linux, then you can simply do that, by specifying the locations one after the other, in the command line as shown below.

[root@localhost ~]# find /var/ /usr/ -name mail
/var/spool/mail
/var/log/mail
/var/mail
/usr/share/emacs/21.4/lisp/mail
[root@localhost ~]#

Ignoring Capital & small letters in find command Search

You can also ignore case, in your search by using "iname" argument instead of name with the find command.

[root@localhost ~]# find /var/ /usr/ -iname mail
/var/spool/mail
/var/log/mail
/var/mail
/usr/share/emacs/21.4/lisp/mail
/usr/bin/Mail

find files with starting and ending charecters with find command

Searching files with starting and ending characters can be done with find command as shown below.

[root@localhost ~]# find /var/ -iname a*og
/var/log/anaconda.log
/var/log/audit/audit.log
/var/log/anaconda.syslog

i have given the starting character as "a" and ending characters' as "og"

Search Only directories using Find command

If you want to use find Command to only search directories in a location, then that can be done as shown below.

[root@localhost log]# find /var/log/ -type d -name mail
/var/log/mail

Search files owned by a user with find command

Finding file's owned by a particular user can be done by using find command in linux as shown below.

[root@localhost ~]# find /var/ -user john
/var/spool/mail/john

The above command searches for files owned by user john, in /var directory..you can also search for files owned by john on the entire system, by just replacing  /var with "/".

Find files modified more than X no of days

To find file's in the system which were modified more than a specified number of days, then you can do that with the below command.

[root@localhost ~]# find /var/lib/ -type f -mtime +30
/var/lib/hsqldb/sqltool.rc
/var/lib/hsqldb/webserver.properties
/var/lib/hsqldb/server.properties
/var/lib/hsqldb/lib/functions
/var/lib/xkb/README.compiled
/var/lib/sepolgen/perm_map

The above shown example will give you file's in the directory /var/lib which were modified more than 30 days ago.

Find files modified within X no of days with find command

You can also do the reverse of the above command, for example files that were modified less than 30 days, with find command in linux.

[root@localhost ~]# find /var/lib/ -type f -mtime -30
/var/lib/setroubleshoot/audit_listener_database.xml
/var/lib/setroubleshoot/email_alert_recipients
/var/lib/dhclient/dhclient-eth0.leases
/var/lib/logrotate.status
/var/lib/alternatives/jaxp_parser_impl
/var/lib/alternatives/etags

the main difference is the way you pass option to -mtime argument. using "-" option with mtime will give you files modified within 30 days, and using "+" option with -mtime will give you files modified more than 30 days ago.

You might have seen that we have used -type option to specify both file and also directory using the find command search. You can do some more refined searches using the find command's -type option, because it also supports the following file types.

SSocket File
lLink File(Symbolic)
CCharecter file
bBlock file
pPipe file

 

 

 

 

 

Search files with respect to their permission using find command

Now lets search file's based on their permission. Lets search for all those files on the system whose permission is 666(which will be a long list..i will not be showing the whole output here in the example)

[root@myvm1 ~]# find /var/ -perm 666
/var/run/sdp
/var/run/acpid.socket
/var/spool/postfix/private/rewrite
/var/spool/postfix/private/bounce
/var/spool/postfix/private/cyrus

Most of you guys might know the fact that, SUID, SGID bits are set on some command's so that it can be run be normal users with the permission of the owner. Now lets see how we can search all the files with SUID bit on our system using find command.

[root@myvm1 ~]# find / -perm /u=s
/usr/sbin/ccreds_validate
/usr/sbin/suexec
/usr/sbin/userhelper
/usr/sbin/usernetctl
/usr/bin/newgrp
/usr/bin/chsh
/usr/bin/rcp
/usr/bin/chfn
/usr/bin/gpasswd
/usr/bin/sudo
/usr/bin/at
/usr/bin/Xorg
/usr/bin/chage

In the above command, i have used "/" as an argument to search in the entire filesystem.

Same can be done for SGID by using the below method.

[root@myvm1 ~]# find / -perm /g=s
/usr/sbin/postqueue
/usr/sbin/sendmail.sendmail
/usr/sbin/postdrop
/usr/sbin/lockdev

Earlier we have seen example's for find files modified more than or within a specified number of days with find command. Now lets see the files that are accessed before or within the specified number of days with find command.

[root@myvm1 ~]# find /var/log/ -type f -atime -10
/var/log/wtmp
/var/log/boot.log.1
/var/log/rpmpkgs
/var/log/xferlog.1
/var/log/messages.2

The above command will give you those files which are accessed within 10 days. You can also search for files that are accessed before 10 days by just changing the "-10" to "+10" in the above command.

Find files modified just a few minutes ago

Till now we only saw, methods to search for files with specified attributes in day's. Now lets see, how we can use find command to search files which are modified,accessed, in specified minutes.

For example, lets find all those files in the system which were modified within 10 minutes.

[root@myvm1 ~]# find /var/log/ -mmin -10
/var/log/sa/sa27
/var/log/messages
/var/log/cron

Now lets find files which were accessed before 20 minutes.

[root@myvm1 ~]# find /var/log/ -amin +20
/var/log/anaconda.xlog
/var/log/wtmp

Now if you want to find files that was modified exactly 30 minutes back, then you can do that by not giving any sign(neither - nor +) to -mmin argument.

Find files with a specified size

Now lets start searching files with specified size, with the help of find command. We will be using -size option in find command to achieve this.

[root@myvm1 ~]# find /var/log/ -type f -size +10M
/var/log/file1

The above shown example command will search for files in /var/log directory which are more than 10MB in size.

Cused to specify size of the file in bytes
KKilo Bytes
MMega Bytes
GGiga Bytes

 

 

 

 

 

you can use the above shown options to find files, greater than or less than or exactly the same size

Now lets file in a specified location with exactly the file size we mention.

[root@myvm1 ~]# find /var/log/ -type f -size 1000M
/var/log/file1

The above shown command will find the files that are exactly 1000M in size.

Find files with specified size and delete them

Now lets see how can we find all the files which are more than 100M in the location /var/log/ and delete them in one go.

[root@myvm1 ~]# find /var/log/ -type f -size 1000M -exec rm {} \;
[root@myvm1 ~]#

Search files using inode

You can also search files with a specific inode, if you know the inode number using find command in linux.

[root@myvm1 ~]# find / -inum 511571
/root/test

Search files in a directory without searching its subdirectories

The below command will search for the name "mail" inside /var/log/ but will not search directories inside /var/log

[root@myvm1 ~]# find /var/log/ -maxdepth 1 -name mail
/var/log/mail

maxdepth option shown in the above example can be used to specify the depth till where to search, for example a maxdepth of 2 will search the subdirectories but not subdirectories inside subdirectoreis.

Find files modifed before 5 days and are of a specified size

the below command will search files inside /var/log which are modified before 10 days and are below 1M in size.

[root@myvm1 ~]# find /var/log/ -mtime +10 -size -1M
/var/log/pm/suspend.log
/var/log/tallylog
/var/log/nginx_access_log
/var/log/puppet/masterhttp.log
/var/log/xferlog.3

Find files with zero bytes

For finding files that are empty or of zero bytes, you can use the below command.

[root@myvm1 ~]# find /var/log/ -empty
/var/log/pm/suspend.log
/var/log/tallylog
/var/log/nginx_access_log
/var/log/puppet/masterhttp.log
/var/log/ppp
/var/log/xferlog.3

-empty argument is used to search for empty files with zero bytes.

Find all files with links

You can use the -l option with the type argument previously mentioned to find files with soft links.

[root@myvm1 ~]# find / -type l | head -10
/usr/sbin/system-config-network-cmd
/usr/sbin/authconfig-tui
/usr/sbin/adsl-setup
/usr/sbin/vgrename
/usr/sbin/pvck
/usr/sbin/vidmode

I have listed asked the above command to list only first 10 files it finds, because the output will be too long, as the system contains a lot of linked files.

Find all files whose permission is not 755

To find all the files in the system whose permission is not 755, we can use the same permission option previously used but in a different way.

[root@myvm1 ~]# find / -type f ! -perm 0755 | head -10
/usr/sbin/ypserv_test
/usr/sbin/postqueue
/usr/sbin/lvm
/usr/sbin/pppoe-discovery
/usr/sbin/makemap
/usr/sbin/groupdel
/usr/sbin/callback
/usr/sbin/makewhatis
/usr/sbin/redhat_lsb_trigger.i386
/usr/sbin/tcpd

In the above command we have used a negation with "!" for finding files which do not have the permission 755.

Find all executable files in the system

You can find all executable files in the system with the following find command.

[root@myvm1 ~]# find / -perm /a=x | head -10
/usr/sbin/ntp-keygen
/usr/sbin/vgrename
/usr/sbin/foomatic-fix-xml
/usr/sbin/pvck
/usr/sbin/nscd
/usr/sbin/vidmode
/usr/sbin/postkick
/usr/sbin/tunelp
/usr/sbin/reject
/usr/sbin/pm-suspend

The above command will give you the list of all the files with execute permission for all. I have used head option because the output is too large.

Search all Empty Directories using find command

you can find all empty directories in linux, exactly the same way we searched for empty files.

[root@myvm1 ~]# find /var/log/ -type d -empty
/var/log/ppp
/var/log/conman
/var/log/conman.old
/var/log/samba


Note that we have used "d" option with -type argument for searching directories. replace /var/log/ with "/" if you want to search the entire system.

Find files between 5Mb and 10M

Now to find all those files whose size is between 5MB and 10Mb(greater than 5M and less than 10M), we can use the the below command.

[root@myvm1 conman]# find / -type f -size +5M -size -10M
/usr/libexec/gcc/i386-redhat-linux/4.1.1/f951
/usr/libexec/gcc/i386-redhat-linux/4.1.1/cc1
/usr/libexec/gcc/i386-redhat-linux/4.1.1/cc1plus
/usr/libexec/mysqld
/usr/lib/vmware-tools/lib64/libgtkmm-2.4.so.1/libgtkmm-2.4.so.1
/usr/lib/mysql/plugin/ha_innodb_plugin.so.0.0.0

"+" option with -size argument is always used to specify files greater than...and "-" option with -size argument is used to specify files less than

 

Hope this tutorial was helpful in understanding find command usage in linux. I will be updating this tutorial from time to time.

Rate this article: 
Average: 3.5 (11231 votes)

Comments

Yes, as always.

Add new comment

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.