Linux - find
Files can be found under Linux in many different ways, using the find tool is one of the best ways to find files.
ACK-GREP
It finds a string within a files. The example below searches the current directory files for a string Cisco1941 and redirects all error messages to null device.
sudo apt-get install ack-grep ack-grep 'Cisco1941' 2>/dev/null
LOCATE
Searches for a filename in a system.
updatedb #it updates a database of all filenames and its paths locate 'filename*.conf'
FIND
Usage: find [-H] [-L] [-P] [-Olevel] [-D help|tree|search|stat|rates|opt|exec] [path...] [expression]
default path is the current directory; default expression is -print
Find a string within a file but not follow symlinks / grep don't follow sym-links
find . -type f | xargs grep "string-to-search"
Find a file with a specific name
find /etc -iname -perm 777 'program.c' # / -start searching from the root directory, by default it will be recursive search also within sub-directories # -name - filename search # -iname -case insensitive sensitive filename search # -type f -perm 777 -file with specific permissions
Find files bigger than
This command below finds files bigger than 999999B only on / root filesystem, locking up to a single file achieves by using -xdev switch
find / -xdev -size +999999 -exec ls -lhd {} \;
Other
$ find /mp3collection -name '*.mp3' -size -5000k $ find / -size +10000k
The 1st command would find within a directory called /mp3collection, only those mp3 files that have a size less than 5000 Kilobytes ( < 5MB) The 2nd command would search from the / directory for any file that is larger than 10000k (> 10MB)
$ find /home/david -amin -10 -name '*.c'
$ find /home/david -atime -2 -name '*.c' $ find /home/david -mmin -10 -name '*.c'
$ find /home/david -mtime -2 -name '*.c'
The 1st commmand searches for those files that are present in the directory /home/david and its subdirectoires which end in .c and which have been accessed in the last 10 minutes.
The 2nd command does the same but searches for those files that have been accessed in the last 10 hours.
The 3rd and the 4th commands do the same as the 1st and 2nd commands but they search for modified files rather than accessed files. Only if the contents of the files have been modified, would their names be returned in the search results.
$ find / -mount -name 'win*
This command searches for files starting with the letters 'win' in their filenames. The only difference is that the mounted filesystems would not be searched for this time. This is useful when you have your Windows partitions mounted by default. And a search for 'win' might return many files on those partitions, which you may not be really interested in. This is only one use of -mount parameter.
$ find /mp3-collection -name 'Metallica*' -and -size +10000k $ find /mp3-collection -size +10000k ! -name "Metallica*" $ find /mp3-collection -name 'Metallica*' -or -size +10000k
Boolean operators such as AND, OR and NOT make find an extremely useful tool.
The 1st command searches within the directory /mp3-collection for files that have their names beginning with 'Metallica' and whose size is greater than 10000 kilobytes (> 10 MB).
The 2nd command searches in the same directory as above case but only for files that are greater than 10MB, but they should not have 'Metallica' as the starting of their filenames.
The 3rd command searches in the same directory for files that begin with 'Metallica' in their names or all the files that are greater than 10 MB in size.
The exec option is probably the most important feature of the find tool. The exec command allows you to execute a particular command on the results of the find command. A simple demonstration of this feature is shown below. Its upto your imagination to make maximum use of this feature. Suppose you wanted to see the details of the files (read, write, execute permission, file size, owner etc..) that have been returned as a search result you could do the following
$ find / - name 'Metallica*' -exec ls -l {\}\ \;
$ find /path/to/files* -mtime +5 -exec rm {} \; # find and delete files modified more than 5 days ago
# Note that there are spaces between rm, {}, and \;
This command would find all the files on your system that begin with the letters 'Metallica' and would then execute the 'ls -l' command on these files. So basically you would be able to see the details of the files that were returned according to your search criteria.
The words following the -exec option is the command that you want to execute i.e. ls -l in this case.
- expression
{} \;means that curly brackets expands to results of find command line by line, a backslash is part of this syntax {\}\indicator that the filenames returned by the find command should be substituted here\;is the terminating string, and is required at the end of the command