Locating Files:
The
For example:
The above example said to search the whole system, by specifying the root directory (“
find command is used to locate files on a Unix or Linux system. find will search any set of directories you specify for files that match the supplied search criteria. You can search for files by name, owner, group, type, permissions, date, and other criteria. The search is recursive in that it will search all subdirectories too. The syntax looks like this:find where-to-look criteria what-to-do
All arguments to find are optional, and there are defaults for all parts. (This may depend on which version of find is used. Here we discuss the freely available Gnu version of find, which is the version available on YborStudent.) For example,where-to-look defaults to . (that is, the current working directory), criteria defaults to none (that is, select all files), and what-to-do (known as the find action) defaults to ‑print (that is, display the names of found files to standard output). Technically, the criteria and actions are all known as find primaries.For example:
find
will display the pathnames of all files in the current directory and all subdirectories. The commandsfind . -print
find -print
find .
do the exact same thing. Here's an example find command using a search criterion and the default action:find / -name foo
This will search the whole system for any files named foo and display their pathnames. Here we are using the criterion ‑name with the argument foo to tell find to perform a name search for the filename foo. The output might look like this:/home/wpollock/foo
/home/ua02/foo
/tmp/foo
If find doesn't locate any matching files, it produces no output.The above example said to search the whole system, by specifying the root directory (“
/”) to search. If you don't run this command as root, find will display a error message for each directory on which you don't have read permission. This can be a lot of messages, and the matching files that are found may scroll right off your screen. A good way to deal with this problem is to redirect the error messages so you don't have to see them at all:find / -name foo 2>/dev/null
You can specify as many places to search as you wish:find /tmp /var/tmp . $HOME -name foo
Here's an example using two search criteria:find / -type f -mtime -7 | xargs tar -rf weekly_incremental.targzip weekly_incremental.tarwill find any regular files (i.e., not directories or other special files) with the criterion “‑type f”, and only those modified seven or fewer days ago (“‑mtime ‑7”). Note the use ofxargs, a handy utility that coverts a stream of input (in this case the output offind) into command line arguments for the supplied command (in this casetar, used to create a backup archive).Another use ofxargsis illustrated below. This command will efficiently remove all files namedcorefrom your system (provided you run the command as root of course):find / -name core | xargs /bin/rm -ffind / -name core -exec /bin/rm -f '{}' \; # same thingfind / -name core -delete # same if using Gnu findOne of my favorite of thefindcriteria is used to locate files modified less than 10 minutes ago. I use this right after using some system administration tool, to learn which files got changed by that tool:find / -mmin -10You can also find files with various permissions set. “‑perm /permissions” means to find files with any of the specified permissions on, “‑perm -permissions” means to find files with all of the specified permissions on, and “‑perm permissions” means to find files with exactly permissions. Permissions can be specified either symbolically (preferred) or with an octal number. The following will locate files that are writable by “others” (including symlinks, which should be writable by all):find . -perm -o=wWhen specifying time withfindoptions such as‑mmin(minutes) or‑mtime(24 hour periods, starting from now), you can specify a number “n” to mean exactlyn, “‑n” to mean less thann, and “+n” to mean more thann.Fractional 24-hour periods are truncated! That means that “find ‑mtime +1” says to match files modified two or more days ago.For example:find . -mtime 0 # find files modified between now and 1 day ago # (i.e., within the past 24 hours) find . -mtime -1 # find files modified less than 1 day ago # (i.e., within the past 24 hours, as before) find . -mtime 1 # find files modified between 24 and 48 hours ago find . -mtime +1 # find files modified more than 48 hours ago find . -mmin +5 -mmin -10 # find files modified between # 6 and 9 minutes agoAs a system administrator, you can usefindto locate suspicious files (e.g., world writable files, files with no valid owner and/or group, SetUID files, files with unusual permissions, sizes, names, or dates). Here's a more complex example (which I saved as a shell script so I can run it often):find / -noleaf -wholename '/proc' -prune \ -o -wholename '/sys' -prune \ -o -wholename '/dev' -prune \ -o -wholename '/windows-C-Drive' -prune \ -o -perm -2 ! -type l ! -type s \ ! \( -type d -perm -1000 \) -printTo use a more complex action with‑exec, you can use “sh ‑c complex-command” as the Unix command. Here's a somewhat contrived example, that for each found file replaces “Mr.” with “Mr. or Ms.”, and also converts the file to uppercase:find whatever... -exec sh -c 'sed "s/Mr\./Mr. or Ms./g" "{}" \ | tr "[:lower:]" "[:upper:]" >"{}.new"' \;[Source: http://content.hccfl.edu/pollock/unix/findcmd.htm]The implied parenthesis can cause unexpected results. For example, consider these two similar commands:$ find -name tmp -prune -o -name \*.txt ./bin/data/secret.txt ./tmp ./missingEOL.txt ./public_html/graphics/README.txt ./datafile.txt$ find -name tmp -prune -o -name \*.txt -print ./bin/data/secret.txt ./missingEOL.txt ./public_html/graphics/README.txt ./datafile.txtThe lack of an action in the first command means it is equivalent to:find . \( -name tmp -prune -o -name \*.txt \) -print
No comments:
Post a Comment