Find Command Usage and Examples in linux
Searching for files is a very normal and a necessary task in any operating system. People who are novice in Linux, find this task a difficult one, just because they are unaware of the command line strength.
Most of the Linux distribution's comes prepacked with the "find" command tool to search for files. The problem with find command is that, it accepts a lot number of command line options and arguments, which makes it almost impossible to remember them all in one go.
And the foremost thing a user expects from any file searching tool is that, he should get the results immediately with least overhead in remembering search options. New users of find command find it irritating because it dumps a lot of output on the screen when searched with no argument. I have tried to compile some the find command usage and its examples in this post. I recommend bookmarking this, for your "find" command reference.
Let's see what happens when you just type the command find in your Linux machine.
[root@localhost ~]# find
.
./.bash_profile
./.tcshrc
./.gconf
./.gconf/apps
./.gconf/apps/gnome-session
./.gconf/apps/gnome-session/%gconf.xml
./.gconf/apps/gnome-session/options
./.gconf/apps/gnome-session/options/%gconf.xml
./.gconf/apps/%gconf.xml
./.bash_logout
./.gconfd
./.gconfd/saved_state
./install.log
./.bash_history
./.cshrc
./.bashrc
./install.log.syslog
You can see from the above output that the find command just gave me the full directory path listing of my current directory where i ran the command.
search for a file by its name, in a location,by using find command.
[root@localhost ~]# find /var/ -name mail
/var/spool/mail
/var/log/mail
/var/mail
the first argument, (/var) is the path where find command will search.
the second argument -name is used to specify the string which will be used to search the filename.
the third argument "mail" is the "string" that find command will look for, as filename, in /var directory
Search for a file in the entire machine with find command
So if you want to search the same string in the whole machine, then you need to give "/" as the second argument to search the full file system.
[root@localhost ~]# find / -name mail
/usr/share/emacs/21.4/lisp/mail
/var/spool/mail
/var/log/mail
/var/mail
/etc/mail
/bin/mail
An important fact to note here is that, if the above command is run by a normal user, you will be shown a lot of permission denied messages, as normal user do not have permission on the entire system.
Search Multiple Locations using find command
If you want to search multiple locations with find command in Linux, then you can simply do that, by specifying the locations one after the other, in the command line as shown below.
[root@localhost ~]# find /var/ /usr/ -name mail
/var/spool/mail
/var/log/mail
/var/mail
/usr/share/emacs/21.4/lisp/mail
[root@localhost ~]#
Ignoring Capital & small letters in find command Search
You can also ignore case, in your search by using "iname" argument instead of name with the find command.
[root@localhost ~]# find /var/ /usr/ -iname mail
/var/spool/mail
/var/log/mail
/var/mail
/usr/share/emacs/21.4/lisp/mail
/usr/bin/Mail
find files with starting and ending charecters with find command
Searching files with starting and ending characters can be done with find command as shown below.
[root@localhost ~]# find /var/ -iname a*og
/var/log/anaconda.log
/var/log/audit/audit.log
/var/log/anaconda.syslog
i have given the starting character as "a" and ending characters' as "og"
Search Only directories using Find command
If you want to use find Command to only search directories in a location, then that can be done as shown below.
[root@localhost log]# find /var/log/ -type d -name mail
/var/log/mail
Search files owned by a user with find command
Finding file's owned by a particular user can be done by using find command in linux as shown below.
[root@localhost ~]# find /var/ -user john
/var/spool/mail/john
The above command searches for files owned by user john, in /var directory..you can also search for files owned by john on the entire system, by just replacing /var with "/".
Find files modified more than X no of days
To find file's in the system which were modified more than a specified number of days, then you can do that with the below command.
[root@localhost ~]# find /var/lib/ -type f -mtime +30
/var/lib/hsqldb/sqltool.rc
/var/lib/hsqldb/webserver.properties
/var/lib/hsqldb/server.properties
/var/lib/hsqldb/lib/functions
/var/lib/xkb/README.compiled
/var/lib/sepolgen/perm_map
The above shown example will give you file's in the directory /var/lib which were modified more than 30 days ago.
Find files modified within X no of days with find command
You can also do the reverse of the above command, for example files that were modified less than 30 days, with find command in linux.
[root@localhost ~]# find /var/lib/ -type f -mtime -30
/var/lib/setroubleshoot/audit_listener_database.xml
/var/lib/setroubleshoot/email_alert_recipients
/var/lib/dhclient/dhclient-eth0.leases
/var/lib/logrotate.status
/var/lib/alternatives/jaxp_parser_impl
/var/lib/alternatives/etags
the main difference is the way you pass option to -mtime argument. using "-" option with mtime will give you files modified within 30 days, and using "+" option with -mtime will give you files modified more than 30 days ago.
You might have seen that we have used -type option to specify both file and also directory using the find command search. You can do some more refined searches using the find command's -type option, because it also supports the following file types.
S | Socket File |
l | Link File(Symbolic) |
C | Charecter file |
b | Block file |
p | Pipe file |
Search files with respect to their permission using find command
Now lets search file's based on their permission. Lets search for all those files on the system whose permission is 666(which will be a long list..i will not be showing the whole output here in the example)
[root@myvm1 ~]# find /var/ -perm 666
/var/run/sdp
/var/run/acpid.socket
/var/spool/postfix/private/rewrite
/var/spool/postfix/private/bounce
/var/spool/postfix/private/cyrus
Most of you guys might know the fact that, SUID, SGID bits are set on some command's so that it can be run be normal users with the permission of the owner. Now lets see how we can search all the files with SUID bit on our system using find command.
[root@myvm1 ~]# find / -perm /u=s
/usr/sbin/ccreds_validate
/usr/sbin/suexec
/usr/sbin/userhelper
/usr/sbin/usernetctl
/usr/bin/newgrp
/usr/bin/chsh
/usr/bin/rcp
/usr/bin/chfn
/usr/bin/gpasswd
/usr/bin/sudo
/usr/bin/at
/usr/bin/Xorg
/usr/bin/chage
In the above command, i have used "/" as an argument to search in the entire filesystem.
Same can be done for SGID by using the below method.
[root@myvm1 ~]# find / -perm /g=s
/usr/sbin/postqueue
/usr/sbin/sendmail.sendmail
/usr/sbin/postdrop
/usr/sbin/lockdev
Earlier we have seen example's for find files modified more than or within a specified number of days with find command. Now lets see the files that are accessed before or within the specified number of days with find command.
[root@myvm1 ~]# find /var/log/ -type f -atime -10
/var/log/wtmp
/var/log/boot.log.1
/var/log/rpmpkgs
/var/log/xferlog.1
/var/log/messages.2
The above command will give you those files which are accessed within 10 days. You can also search for files that are accessed before 10 days by just changing the "-10" to "+10" in the above command.
Find files modified just a few minutes ago
Till now we only saw, methods to search for files with specified attributes in day's. Now lets see, how we can use find command to search files which are modified,accessed, in specified minutes.
For example, lets find all those files in the system which were modified within 10 minutes.
[root@myvm1 ~]# find /var/log/ -mmin -10
/var/log/sa/sa27
/var/log/messages
/var/log/cron
Now lets find files which were accessed before 20 minutes.
[root@myvm1 ~]# find /var/log/ -amin +20
/var/log/anaconda.xlog
/var/log/wtmp
Now if you want to find files that was modified exactly 30 minutes back, then you can do that by not giving any sign(neither - nor +) to -mmin argument.
Find files with a specified size
Now lets start searching files with specified size, with the help of find command. We will be using -size option in find command to achieve this.
[root@myvm1 ~]# find /var/log/ -type f -size +10M
/var/log/file1
The above shown example command will search for files in /var/log directory which are more than 10MB in size.
C | used to specify size of the file in bytes |
K | Kilo Bytes |
M | Mega Bytes |
G | Giga Bytes |
you can use the above shown options to find files, greater than or less than or exactly the same size
Now lets file in a specified location with exactly the file size we mention.
[root@myvm1 ~]# find /var/log/ -type f -size 1000M
/var/log/file1
The above shown command will find the files that are exactly 1000M in size.
Find files with specified size and delete them
Now lets see how can we find all the files which are more than 100M in the location /var/log/ and delete them in one go.
[root@myvm1 ~]# find /var/log/ -type f -size 1000M -exec rm {} \;
[root@myvm1 ~]#
Search files using inode
You can also search files with a specific inode, if you know the inode number using find command in linux.
[root@myvm1 ~]# find / -inum 511571
/root/test
Search files in a directory without searching its subdirectories
The below command will search for the name "mail" inside /var/log/ but will not search directories inside /var/log
[root@myvm1 ~]# find /var/log/ -maxdepth 1 -name mail
/var/log/mail
maxdepth option shown in the above example can be used to specify the depth till where to search, for example a maxdepth of 2 will search the subdirectories but not subdirectories inside subdirectoreis.
Find files modifed before 5 days and are of a specified size
the below command will search files inside /var/log which are modified before 10 days and are below 1M in size.
[root@myvm1 ~]# find /var/log/ -mtime +10 -size -1M
/var/log/pm/suspend.log
/var/log/tallylog
/var/log/nginx_access_log
/var/log/puppet/masterhttp.log
/var/log/xferlog.3
Find files with zero bytes
For finding files that are empty or of zero bytes, you can use the below command.
[root@myvm1 ~]# find /var/log/ -empty
/var/log/pm/suspend.log
/var/log/tallylog
/var/log/nginx_access_log
/var/log/puppet/masterhttp.log
/var/log/ppp
/var/log/xferlog.3
-empty argument is used to search for empty files with zero bytes.
Find all files with links
You can use the -l option with the type argument previously mentioned to find files with soft links.
[root@myvm1 ~]# find / -type l | head -10
/usr/sbin/system-config-network-cmd
/usr/sbin/authconfig-tui
/usr/sbin/adsl-setup
/usr/sbin/vgrename
/usr/sbin/pvck
/usr/sbin/vidmode
I have listed asked the above command to list only first 10 files it finds, because the output will be too long, as the system contains a lot of linked files.
Find all files whose permission is not 755
To find all the files in the system whose permission is not 755, we can use the same permission option previously used but in a different way.
[root@myvm1 ~]# find / -type f ! -perm 0755 | head -10
/usr/sbin/ypserv_test
/usr/sbin/postqueue
/usr/sbin/lvm
/usr/sbin/pppoe-discovery
/usr/sbin/makemap
/usr/sbin/groupdel
/usr/sbin/callback
/usr/sbin/makewhatis
/usr/sbin/redhat_lsb_trigger.i386
/usr/sbin/tcpd
In the above command we have used a negation with "!" for finding files which do not have the permission 755.
Find all executable files in the system
You can find all executable files in the system with the following find command.
[root@myvm1 ~]# find / -perm /a=x | head -10
/usr/sbin/ntp-keygen
/usr/sbin/vgrename
/usr/sbin/foomatic-fix-xml
/usr/sbin/pvck
/usr/sbin/nscd
/usr/sbin/vidmode
/usr/sbin/postkick
/usr/sbin/tunelp
/usr/sbin/reject
/usr/sbin/pm-suspend
The above command will give you the list of all the files with execute permission for all. I have used head option because the output is too large.
Search all Empty Directories using find command
you can find all empty directories in linux, exactly the same way we searched for empty files.
[root@myvm1 ~]# find /var/log/ -type d -empty
/var/log/ppp
/var/log/conman
/var/log/conman.old
/var/log/samba
Note that we have used "d" option with -type argument for searching directories. replace /var/log/ with "/" if you want to search the entire system.
Find files between 5Mb and 10M
Now to find all those files whose size is between 5MB and 10Mb(greater than 5M and less than 10M), we can use the the below command.
[root@myvm1 conman]# find / -type f -size +5M -size -10M
/usr/libexec/gcc/i386-redhat-linux/4.1.1/f951
/usr/libexec/gcc/i386-redhat-linux/4.1.1/cc1
/usr/libexec/gcc/i386-redhat-linux/4.1.1/cc1plus
/usr/libexec/mysqld
/usr/lib/vmware-tools/lib64/libgtkmm-2.4.so.1/libgtkmm-2.4.so.1
/usr/lib/mysql/plugin/ha_innodb_plugin.so.0.0.0
"+" option with -size argument is always used to specify files greater than...and "-" option with -size argument is used to specify files less than
Hope this tutorial was helpful in understanding find command usage in linux. I will be updating this tutorial from time to time.
Comments
Find command
Yes, as always.
Add new comment