Find and Locate: Two Commands


Published on

Look at two commands you can use to find files on your Linux system.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Find and Locate: Two Commands

  1. 1. The find and locate commands Kevin B. O'Brien Washtenaw Linux Users Group 1
  2. 2. find ● find is a very powerful command ● It lets you find files by filename, by file type, by user, and even by time stamp ● You can perform actions on the files it finds 2
  3. 3. find syntax ● find start_directory test options criteria_to_match action_to_perform_on_results ● So, you can specify a directory to search, which parameter you are searching on, what to look for, etc. ● Example: Search the current directory for any file with a txt extension 3
  4. 4. Example 1 ● find . -name “*.txt” ● This searches the current directory (“.”) ● It is searching based on the file name ● It is looking for any file with the txt extension ● You could also do it as find . -name *.txt 4
  5. 5. Escaping the test value ● In either example, you need to escape the wildcard to make sure it is passed to the find command and not interpreted by the shell. ● You can do this either by enclosing the search term with quotation marks, or by preceding the search term with the escape character, a backslash. 5
  6. 6. Start directory ● You can search any directory ● The example used current directory (“.”), for which the single dot is the shortcut ● If you are not running as root or superuser, you will get “Permission denied” trying to search a directory you don't have rights for ● You can search multiple directories at once: find /usr /home /temp -name “*.jar” 6
  7. 7. No options? ● You can run find without any options, but this will generate a huge output. All three of these will produce the same result, a listing of every file in the current directory and all sub-directories, including hidden files – find – find . – find . -print 7
  8. 8. How to mess up a server ● find / ● This will build a listing of every file on this machine (if run as root, of course). If you really need to do this, do it overnight when no one needs to use the machine. ● This use of the find command without options is equivalent to ls -la, essentially ● If you do this by accident Ctrl+C is your friend. This will stop the most recently executed command. 8
  9. 9. Case sensitivity ● Linux (and Unix) are by default case sensitive ● The -name option is a case sensitive search ● You can run a search that is case insensitive by using the -iname option ● This can be handy if you have mounted a Windows drive and want to search it, for instance. Or if you are searching through downloaded files ● find /Downloads -iname “*.gif” 9
  10. 10. Other searches 1 ● You can search on other qualities than the name of a file ● Example: to generate a list of all subdirectories in the current directory – find . -type d ● The search option type lets you search based on the type of file it is. The d value tells it to search for directories. 10
  11. 11. Other searches 2 ● Example: search for all symbolic links in the /usr directory – find /usr -type l ● This would produce a large output, in all likelihood (perhaps 3,000 links). Again, remember Ctrl+C if you get into a jam. 11
  12. 12. Time search ● An important option is to search based on a time characteristic of a file – mtime: the time that the contents of the file were last modified – atime: the time that a file was read or accessed – ctime: the time that a file's status was changed 12
  13. 13. ctime explanation “Because the inode maintains metadata on each file, the inode data will change if the metadata related to the file is changed. This could be caused by a range of actions, including the creation of a symbolic link to the file, changing the permissions on a file, or moving the file. Because the contents of the file are not being read or modified in these cases, themtime and atime will not change, but the ctime will change.” - Sheryl Calish 13
  14. 14. Values with time options ● Each time option requires a value – -n returns anything less than n – +n returns anything greater than n – n, by itself, returns exact n matches ● By default, these searches go over the preceeding 24 hours, in one hour segments 14
  15. 15. Time Examples 1 ● To find all of the files in your home directory that were modified within the last 2 hours: find /home/username -mtime -2 ● To find all of the files in /usr/bin that were modified more than one hour ago: find /usr/bin -mtime +1 ● Note that matching on the exact time is highly unlikely, so this is not an option that would get much use. 15
  16. 16. Time Examples 1 ● To find all of the files in the home directory accessed in the last 2 hours: find /home -atime -2 ● Note that locating a file with the find command alters the last accessed time by updating the metadata! 16
  17. 17. Time Comparisons ● You can also look for files that have changed in comparison to some other file. this might be useful if you are looking at updating a backup, for instance. – -newer: finds files that have been modified more recently than the comparison file – -anewer: finds files that have been accessed more recently than the comparison file – -cnewer: finds files whose status has changed more recently than the comparison file 17
  18. 18. Time Comparison Example ● I have a backup file called backup.tar.gz, and I want to know if any of the files in my home directory have been edited in any way since I created this backup file: find /home/username -newer backup.tar.gz 18
  19. 19. Size ● The find command can also search for files based on their size ● This is done by the -size option ● By default, if you do not specify, it measures size in blocks of 512 bytes ● You can append a “c” to measure in bytes, or a “k” to measure in kilobytes 19
  20. 20. Size Example 1 ● You are running out of disk space in the home directory of a server. You would like to know who is keeping large files (larger than 100MB, for instance) there. ● find /home -size +100000000c ● This will return a list of all files in the /home directory greater than 100MB. 20
  21. 21. Executing Commands in find 1 ● You can execute commands inside of find and have them work on the files that find locates. ● -exec command parameters {} ; ● -exec is the option in the find command that tells it to execute the command that follows ● command is the name of the command (e.g. ls, mv, etc.) ● parameters are the switches you can pass to the command. For example, if using the ls command, you might want to use the -l switch 21
  22. 22. Executing Commands in find 2 ● The opening and closing braces {} tell the command to insert a filename that comes from the find command ● the ; is a terminator that says you are done executing the command on that file. The find command then resumes looking for additional matches. 22
  23. 23. Size Example 2 ● You know you have some empty files in the test directory, and would like to move them to a temporary directory in preparation for deleting them find test -type f -size 0 -exec mv {} /tmp/zerobyte ; ● This is a little more complex than the examples used up until now ● First, note that we specified -type f to make sure that we only moved files, not links or directories 23
  24. 24. Size Example 2.1 ● Second, we specified the size as zero. In this case, it doesn't matter whether this is in 512- byte blocks, bytes, or kilobytes. Zero is zero in any measurement.☺ ● The -exec option lets us perfom any shell command on the files we find. In this case, it is the move command, and the brackets let us move each of the files ● Then we had to specify a place to move them to. what would happen if we had specified /dev/null? 24
  25. 25. Size Example 2.2 ● Finally, the executing command needs to be terminated. This is done with the “;” ● There is also a simpler way to find empty files. That is the empty option: find test -empty 25
  26. 26. Permissions ● If you are responsible for the security of a system, you might want to know which of your users are busy undermining that security ● You can look for files that are wide open using the find command ● You can do this using either symbolic or octal notation – find /home -type f -perm a=rwx – find /home -type f -perm 777 26
  27. 27. Permissions 2 ● You can use the -exec option to get additional information by running the ls -l command within the find command – find -home -type f -perm a=rwx -exec ls -l {} ; – find -home -type f -perm 777 -exec ls -l {} ; ● Using this option, you not only get the name of each file, but you get all of the output you would get from the ls- l command for each of the files found. 27
  28. 28. Permissions 3 ● You can also narrow down your search a little, since presumably the owner should have full rights to her own files. To just look at group and other: find /home -type f -perm -og=rwx -exec ls -l {} ; ● The option for the different permissions (- ug=rwx) begins with a minus sign or dash. This means that it is searching for anything where both other and group have full permissions. 28
  29. 29. Permissions 4 ● You can also do a search for either other or group having these permissions by using a plus sign find /home -type f -perm +og=rwx -exec ls -l {} ; 29
  30. 30. Owner ● Of course, you can search by owner ● Example: Find all files on the system owned by a user named “fred” find / -type f -user fred -exec ls -l {} ; ● You can also search by group ● Example: Find all of the files owned by the group “admin” find / -type f -group admin 30
  31. 31. Owner 2 ● You could also search for directories owned by the group admin find / -type d -group admin ● Or you can search by group ID find / -type d -gid 100 ● You can find the group ID numbers in either the /etc/password or the /etc/group file 31
  32. 32. Owner 3 ● You can even look for files that have no user or group as owner. This means there is no corresponding entry in /etc/password or /etc/group find / -nouser -o -nogroup 32
  33. 33. Combining Searches ● You can search on several different characteristics simultaneously ● Example: find all files owned by fred and in his home directory that have the avi extension and are greater than 100mb find /home/fred -user fred -name “*.avi” -size +100000k 33
  34. 34. Reverse Search Options 1 ● You can also search for anything that does not match the search parameter using the -not option ● Example: Find every file in the /usr/bin directory that is not owned by user fred find /usr/bin -type f -not -user fred 34
  35. 35. Reverse Search Options 2 ● Here is a biggie: find all of the files owned by fred, with a txt extension, over 100k in size, and which are not readable by other users, and then make them readable: find / -user fred -name “*.txt” -size +100k -not -perm +o=r -exec chmod o+r {} ; 35
  36. 36. find Summary ● find is a very powerful command ● With all of its options, and the ability to execute commands on the options, it definitely deserves a place in your toolbox ● However, it can be slow, since it needs to search from scratch every time it is executed. If you are doing a search from the root directory, it can bog down your machine quite significantly. 36
  37. 37. The locate Command ● locate is a command that can come in quite handy ● It is somewhat similar to find, but but has different strengths and weaknesses ● locate uses a background process to cache the location of every file on your system ● Because of this, it is very fast ● Sometimes, if a file is new, it has not been put in the cache yet, and the search will miss it 37
  38. 38. locate syntax ● locate [options] name(s) ● among the options are: – -n: this option, followed by an integer, limits the results to a specific number of files – -i: this option makes the search case insensitive – -v: this returns the version of locate being used – -u: this option updates the database of file locations that locate uses for its search – -q: this option suppresses error messages 38
  39. 39. locate v. find ● You want to know where on your system is a file named – find / -name -type f – locate ● locate is therefore both faster and easier. ● Wildcards are built-in to the command. If you do a command like locate foo it will find foo, foobar, barfoo, or any file that contains the string “foo” in its name. 39
  40. 40. Features of locate ● As with find, you can only search for files, directories, etc. that you have permissions for. ● locate does allow for the usual wildcards. for example, you can search for all jpg files for which you have permissions by locate “*.jpg” ● Again, note that you need to escape the wildcard character here, just as with find 40
  41. 41. Examples ● You want to find all avi files on the system but don't want to see any error messages locate “*.avi” -q ● You want to find files with foo in the name, but you only want to see 10 such files locate foo -n 10 ● You want to see all files with a txt extension, but you want to see them one screen at a time locate (*.txt) | more 41
  42. 42. Conclusion ● find is the swiss army knife here. It is both a desert topping, a floor wax, and it will walk your dog. ● It is also overkill for most jobs. If you just want to find a file quickly, locate is better. ● It is not a bad idea to have both of these in your toolkit, though. 42