Difference between revisions of "Linux - find"

From Ever changing code
Jump to navigation Jump to search
 
(30 intermediate revisions by the same user not shown)
Line 1: Line 1:
Files can be found under Linux in many different ways, using the find tool is one of the best ways to find files.  
Files can be found under Linux in many different ways, using the find tool is one of the best ways to find files.  


= ACK-GREP =
= <code>locate</code> =
It finds a string within a files. The example below searches the current directory files for a string ''Cisco1941'' and redirects all error messages to null device.
sudo apt-get install ack-grep
ack-grep 'Cisco1941' 2>/dev/null
 
= LOCATE =
Searches for a filename in a system.
Searches for a filename in a system.
  updatedb                    #it updates a database of all filenames and its paths
<source lang=bash>
locate 'filename*.conf'
updatedb # update database with all filenames on a filesystem
locate 'filename*.conf' # search
</source>


= FIND =
= <code>find</code> =
  Usage: find [-H] [-L] [-P] [-Olevel] [-D help|tree|search|stat|rates|opt|exec] [path...] [expression]
  Usage: find [-H] [-L] [-P] [-Olevel] [-D help|tree|search|stat|rates|opt|exec] [path...] [expression]
default path is the current directory; default expression is -print
default path is the current directory; default expression is -print
Line 26: Line 23:
</source>
</source>


=== Searching paths -path ===
To search within a path we can use the <code>-path</code> flag instead of the <code>-name</code> flag. Let’s try to find any files whose path contains the word <code>session</code>.
<source lang="bash">
$ find . -path \*session\*        #find files and directories
./actionpack/lib/action_dispatch/middleware/session/mem_cache_store.rb
./actionpack/lib/action_dispatch/request/session.rb
./actionpack/test/dispatch/request/session_test.rb
./actionpack/test/dispatch/session
./actionpack/test/dispatch/session/abstract_store_test.rb
$ find . -path \*session\* -type d #finds only directories
./actionpack/lib/action_dispatch/middleware/session
./actionpack/test/dispatch/session
</source>
=== Find files bigger than ===
=== Find files bigger than ===
This command below finds files bigger than 999999B only on / root filesystem, locking up to a single file achieves by using -xdev switch
This command below finds files bigger than 999999B only on / root filesystem, locking up to a single file achieves by using -xdev switch
find / -xdev -size +999999 -exec ls -lhd {} \;
<source lang="bash">
find / -xdev -size +999999 -exec ls -lhd {} \;
</source>


=== Other ===
=== Find with time ===
$ find /mp3collection -name '*.mp3' -size -5000k
<source lang="bash">
$ find / -size +10000k
find /home -cmin +10 -name '*.conf' # created  more than 10 minutes ago
find /home -amin -10 -name '*.conf' # accessed less than 10 minutes ago
find /home -mmin  10 -name '*.conf' # modified exactly  10 minutes ago


The 1st command would find within a directory called /mp3collection, only those mp3 files that have a size less than 5000 Kilobytes ( < 5MB)
find /home -ctime +2 -name '*.conf' # created  more then 2 days ago
The 2nd command would search from the / directory for any file that is larger than 10000k (> 10MB)
find /home -atime -2 -name '*.conf' # accessed less than 2 days ago
find /home -mtime  2 -name '*.conf' # modified exactly  2 days ago
</source>


$ find /home/david -amin -10 -name '*.c'<br/>$ find /home/david -atime -2 -name '*.c'
=== Find with size ===
$ find /home/david -mmin -10 -name '*.c'<br/>$ find /home/david -mtime -2 -name '*.c'
<source lang="bash">
 
find /mp3collection -name '*.mp3' -size -5000k # have a size less than 5000 Kilobytes (<  5MB)
The 1st commmand searches for those files that are present in the directory /home/david and its subdirectoires which end in .c and which have been accessed in the last 10 minutes.<br>
find / -size +10000k                          # any file that is larger than 10000k  (> 10MB)
The 2nd command does the same but searches for those files that have been accessed in the last 10 hours.<br/>The 3rd and the 4th commands do the same as the 1st and 2nd commands but they search for modified files rather than accessed files. Only if the contents of the files have been modified, would their names be returned in the search results.
find / -size +10000k                          # any file that is larger than 10M    (> 10MB)
</source>


=== Find mounting points ===
  $ find / -mount -name 'win*
  $ find / -mount -name 'win*
This command searches for files starting with the letters 'win' in their filenames. The only difference is that the mounted filesystems would not be searched for this time. This is useful when you have your Windows partitions mounted by default. And a search for 'win' might return many files on those partitions, which you may not be really interested in. This is only one use of -mount parameter.
This command searches for files starting with the letters 'win' in their filenames. The only difference is that the mounted filesystems would not be searched for this time. This is useful when you have your Windows partitions mounted by default. And a search for 'win' might return many files on those partitions, which you may not be really interested in. This is only one use of -mount parameter.


$ find /mp3-collection -name 'Metallica*' -and -size +10000k
=== Boolean operators such as AND, OR and NOT ===
$ find /mp3-collection -size +10000k ! -name "Metallica*"
Boolean operators such as AND, OR and NOT make find an extremely useful tool. The 1st command searches within the directory /mp3-collection for files that have their names beginning with 'Metallica' and whose size is greater than 10000 kilobytes (> 10 MB). The 2nd command searches in the same directory as above case but only for files that are greater than 10MB, but they should not have 'Metallica' as the starting of their filenames. The 3rd command searches in the same directory for files that begin with 'Metallica' in their names or all the files that are greater than 10 MB in size.
$ find /mp3-collection -name 'Metallica*' -or -size +10000k
<source lang="bash">
find /mp3-collection -name 'Metallica*' -and -size +10000k
find /mp3-collection -size +10000k ! -name "Metallica*"
find /mp3-collection -name 'Metallica*' -or -size +10000k
</source>
 
=== Performing operations ===
==== Find and execute command (-exec) ====
The '''exec''' option is probably the most important feature of the find tool. The exec command allows you to execute a particular command on the results of the find command. A simple demonstration of this feature is shown below. Its upto your imagination to make maximum use of this feature. Suppose you wanted to see the details of the files (read, write, execute permission, file size, owner etc..) that have been returned as a search result you could do the following
<source lang="bash">
# find string within find files results
find . -type f -exec grep -l 'string-to-search' {} \;
# find and delete files modified more than 5 days ago
find /home -mtime +5 -exec rm {} \; 
</source>
 
 
The words following the -exec option is the command that you want to execute i.e. ls -l in this case.
*<code>-exec command {} \;</code> curly brackets expand to a single matching file, line by line, a backslash <code>\</code> escapes command termination <code>;</code> can also be used <code>';'</code> so won't need escaping.
==== Find directory's and execute command to change permissions ====
<source lang="bash">
$ find . -type d -exec chmod 0755 {} \;
</source>
 
==== Find and -delete ====
The find tool also has the built-in ability to execute certain commands. The <code>-delete</code> flag will, as its name suggests, delete all files and directories that match the pattern. Here the <code>-print</code> flag is used to show the files that will be deleted.
<source lang="bash">
find ./logs -mtime +14 -type f              -print -delete # delete files older than 14 days
find ./logs            -type f -name \*.log -print -delete # delete files '*.log'
</source>
 
==== Find and -exec | rename ====
<source lang="bash">
sudo apt-get install rename #it's Perl version of rename util
$ find . -iname "*foo*" -print0 | xargs -0 rename "s/<old>/<new>/"
# find files mattching fileglob *foo*
# -print0 :- print space delimited instead line by line
# pass each found file_path to Perl's rename utility to do 's' substitution of pattern '<old>' to '<new>'
# the '/' is here as a delimiter
</source>
 
;xargs
Because Unix filenames can contain blanks and newlines, this default behaviour is often problematic; filenames containing  blanks        and/or newlines  are incorrectly processed by <code>xargs</code>. In these situations it is better to use the <code>-0</code> option, which prevents such        problems. When using this option you will need to ensure that the program which produces the input for <code>xargs</code> also uses a null character as a separator. If that program is GNU <code>find</code> the <code>-print0</code> option does this for you.
 
==== Rename using bash expansion ====
<source lang="bash">
for i in *.ogg; do mv "$i" "${i/Beatles/TheBeatles}"; done
# following expansion is doing replace in string
</source>
 
==== Find and update symlink content ====
This works for both updating a directory in symlink or part of target name.
<source lang="bash">
find . -type l -lname '*old*' -printf '%l\0%p\0' | sed -z 's|old|NEW|;n' | xargs -r0n2 ln -sfT
# -type l :- symlink
# -lname  :- target of symlink matches a pattern


<font face="Verdana, Arial, Helvetica, sans-serif" size="-1">Boolean operators such as AND, OR and NOT make find an extremely useful tool.<br/>The 1st command searches within the directory /mp3-collection for files that have their names beginning with 'Metallica' and whose size is greater than 10000 kilobytes (> 10 MB).<br/>The 2nd command searches in the same directory as above case but only for files that are greater than 10MB, but they should not have 'Metallica' as the starting of their filenames.<br/>The 3rd command searches in the same directory for files that begin with 'Metallica' in their names or all the files that are greater than 10 MB in size.
vars_app.tf -> ../../../stacks/old/vars_old.tf #before
vars_app.tf -> ../../../stacks/NEW/vars_NEW.tf #after
</source>


The '''exec''' option is probably the most important feature of the find tool. The exec command allows you to execute a particular command on the results of the find command. A simple demonstration of this feature is shown below. Its upto your imagination to make maximum use of this feature. Suppose you wanted to see the details of the files (read, write, execute permission, file size, owner etc..) that have been returned as a search result you could do the following<br/><br/>
==== Find a file using grep and sed it ====
<source lang="bash">
$ grep -rl <pattern> * | xargs sed -i 's/<old>/<new>/g'
# -rl :- find and display files matching <pattern>
# pass each file path to sed to do substitution
</source>


$ find / - name 'Metallica*' -exec ls -l {\}\ \;
= <code>ack</code> and <code>ag</code> - grep on steroids =
$ find /path/to/files* -mtime +5 -exec rm {} \;    # find and delete files modified more than 5 days ago
Tools for searching large code bases. Ack and Ag are 99% feature compatible with each other, so you can use them interchangeably. Ag is significantly faster than Ack, and it has built-in version control system (VCS) awareness.
                                                    # Note that there are spaces between rm, {}, and \;


<br/><br/>This command would find all the files on your system that begin with the letters 'Metallica' and would then execute the 'ls -l' command on these files. So basically you would be able to see the details of the files that were returned according to your search criteria.<br/><br/>The words following the -exec option is the command that you want to execute i.e. ls -l in this case.
Both Ack and Ag treat the search term as a regular expression by default.
<source lang="bash">
# Install CentOS, Amazon Linux AMI
yum search silver_searcher
sudo yum install -y the_silver_searcher.x86_64


*expression <code>{} \;</code> means that curly brackets expands to results of find command line by line, a backslash is part of this syntax
# Install Ubuntu
*<code>{\}\</code> indicator that the filenames returned by the find command should be substituted here
$ sudo apt-get install ag ack
*<code>\;</code> is the terminating string, and is required at the end of the command</font>
ag LOG #search for 'LOG' string any file in CWD and display matching lines
ag  ^LOG #regular expression search (default)
ag -Q LOG #literal string search
ag LOG /var/log/ #search within given path
# -l -list files that contain matching pattern
# -i -case insensitive search
# -G <file_matching_pattern> -scope search to files names that match a pattern
# --ignore-dir -ignore path(s) in search
</source>
 
 
Old <code>ack-grep</code> tool
<source lang="bash">
sudo apt-get install ack-grep
ack-grep 'Cisco1941'
</source>


= References =
= References =

Latest revision as of 12:23, 11 June 2021

Files can be found under Linux in many different ways, using the find tool is one of the best ways to find files.

locate

Searches for a filename in a system. 

updatedb  # update database with all filenames on a filesystem
locate 'filename*.conf' # search

find

Usage: find [-H] [-L] [-P] [-Olevel] [-D help|tree|search|stat|rates|opt|exec] [path...] [expression]

default path is the current directory; default expression is -print

Find a string within a file but not follow symlinks / grep don't follow sym-links

find . -type f | xargs grep "string-to-search"

Find a file with a specific name

find /etc -iname -perm 777 'program.c'
# / -start searching from the root directory, by default it will be recursive search also within sub-directories
# -name - filename search
# -iname -case insensitive sensitive filename search
# -type f -perm 777 -file with specific permissions

Searching paths -path

To search within a path we can use the -path flag instead of the -name flag. Let’s try to find any files whose path contains the word session. 

$ find . -path \*session\*         #find files and directories
./actionpack/lib/action_dispatch/middleware/session/mem_cache_store.rb
./actionpack/lib/action_dispatch/request/session.rb
./actionpack/test/dispatch/request/session_test.rb
./actionpack/test/dispatch/session
./actionpack/test/dispatch/session/abstract_store_test.rb

$ find . -path \*session\* -type d #finds only directories
./actionpack/lib/action_dispatch/middleware/session
./actionpack/test/dispatch/session

Find files bigger than

This command below finds files bigger than 999999B only on / root filesystem, locking up to a single file achieves by using -xdev switch 

find / -xdev -size +999999 -exec ls -lhd {} \;

Find with time

find /home -cmin +10 -name '*.conf' # created  more than 10 minutes ago
find /home -amin -10 -name '*.conf' # accessed less than 10 minutes ago
find /home -mmin  10 -name '*.conf' # modified exactly   10 minutes ago

find /home -ctime +2 -name '*.conf' # created  more then 2 days ago
find /home -atime -2 -name '*.conf' # accessed less than 2 days ago
find /home -mtime  2 -name '*.conf' # modified exactly   2 days ago

Find with size

find /mp3collection -name '*.mp3' -size -5000k # have a size less than 5000 Kilobytes (<  5MB)
find / -size +10000k                           # any file that is larger than 10000k  (> 10MB)
find / -size +10000k                           # any file that is larger than 10M     (> 10MB)

Find mounting points

$ find / -mount -name 'win*

This command searches for files starting with the letters 'win' in their filenames. The only difference is that the mounted filesystems would not be searched for this time. This is useful when you have your Windows partitions mounted by default. And a search for 'win' might return many files on those partitions, which you may not be really interested in. This is only one use of -mount parameter.

Boolean operators such as AND, OR and NOT

Boolean operators such as AND, OR and NOT make find an extremely useful tool. The 1st command searches within the directory /mp3-collection for files that have their names beginning with 'Metallica' and whose size is greater than 10000 kilobytes (> 10 MB). The 2nd command searches in the same directory as above case but only for files that are greater than 10MB, but they should not have 'Metallica' as the starting of their filenames. The 3rd command searches in the same directory for files that begin with 'Metallica' in their names or all the files that are greater than 10 MB in size. 

find /mp3-collection -name 'Metallica*' -and -size +10000k
find /mp3-collection -size +10000k ! -name "Metallica*"
find /mp3-collection -name 'Metallica*' -or -size +10000k

Performing operations

Find and execute command (-exec)

The exec option is probably the most important feature of the find tool. The exec command allows you to execute a particular command on the results of the find command. A simple demonstration of this feature is shown below. Its upto your imagination to make maximum use of this feature. Suppose you wanted to see the details of the files (read, write, execute permission, file size, owner etc..) that have been returned as a search result you could do the following 

# find string within find files results 
find . -type f -exec grep -l 'string-to-search' {} \;
# find and delete files modified more than 5 days ago
find /home -mtime +5 -exec rm {} \;


The words following the -exec option is the command that you want to execute i.e. ls -l in this case.

  • -exec command {} \; curly brackets expand to a single matching file, line by line, a backslash \ escapes command termination ; can also be used ';' so won't need escaping.

Find directory's and execute command to change permissions

$ find . -type d -exec chmod 0755 {} \;

Find and -delete

The find tool also has the built-in ability to execute certain commands. The -delete flag will, as its name suggests, delete all files and directories that match the pattern. Here the -print flag is used to show the files that will be deleted. 

find ./logs -mtime +14 -type f              -print -delete # delete files older than 14 days
find ./logs            -type f -name \*.log -print -delete # delete files '*.log'

Find and -exec | rename

sudo apt-get install rename #it's Perl version of rename util
$ find . -iname "*foo*" -print0 | xargs -0 rename "s/<old>/<new>/"
# find files mattching fileglob *foo*
# -print0 :- print space delimited instead line by line
# pass each found file_path to Perl's rename utility to do 's' substitution of pattern '<old>' to '<new>'
# the '/' is here as a delimiter
xargs

Because Unix filenames can contain blanks and newlines, this default behaviour is often problematic; filenames containing blanks and/or newlines are incorrectly processed by xargs. In these situations it is better to use the -0 option, which prevents such problems. When using this option you will need to ensure that the program which produces the input for xargs also uses a null character as a separator. If that program is GNU find the -print0 option does this for you.

Rename using bash expansion

for i in *.ogg; do mv "$i" "${i/Beatles/TheBeatles}"; done
# following expansion is doing replace in string

Find and update symlink content

This works for both updating a directory in symlink or part of target name. 

find . -type l -lname '*old*' -printf '%l\0%p\0' | sed -z 's|old|NEW|;n' | xargs -r0n2 ln -sfT
# -type l :- symlink
# -lname  :- target of symlink matches a pattern

vars_app.tf -> ../../../stacks/old/vars_old.tf #before
vars_app.tf -> ../../../stacks/NEW/vars_NEW.tf #after

Find a file using grep and sed it

$ grep -rl <pattern> * | xargs sed -i 's/<old>/<new>/g'
# -rl :- find and display files matching <pattern>
# pass each file path to sed to do substitution

ack and ag - grep on steroids

Tools for searching large code bases. Ack and Ag are 99% feature compatible with each other, so you can use them interchangeably. Ag is significantly faster than Ack, and it has built-in version control system (VCS) awareness.

Both Ack and Ag treat the search term as a regular expression by default. 

# Install CentOS, Amazon Linux AMI
yum search silver_searcher
sudo yum install -y the_silver_searcher.x86_64

# Install Ubuntu
$ sudo apt-get install ag ack
ag LOG #search for 'LOG' string any file in CWD and display matching lines
ag   ^LOG #regular expression search (default)
ag -Q LOG #literal string search
ag LOG /var/log/ #search within given path
# -l -list files that contain matching pattern
# -i -case insensitive search
# -G <file_matching_pattern> -scope search to files names that match a pattern
# --ignore-dir -ignore path(s) in search


Old ack-grep tool 

sudo apt-get install ack-grep
ack-grep 'Cisco1941'

References

Retrieved from ‘http://wiki.ciscolinux.co.uk/index.php?title=Linux_-_find&oldid=6460