Linux File Search

1. Overview of the find Command

The need for file searching arises because we often forget the location of a file, and at such times, we need to use the find command to locate it.

The find command can search for files based on various criteria, such as file name, file size, file modification time, owner, group, permissions, and more. Mastering the find command is essential in Linux.

*The basic syntax of the find command is as follows*

Command	Path	Options	Expression	Action
find	[path…]	[options]	[expression]	[action]
Search	Location	Criteria	18-25 years	Match?

It is a real-time search tool in Linux that completes file searches by specifying a path.

find [options] ….. [search path] [search criteria] [action]

Search path: The location to search, defaulting to the current folder.

Search criteria: The standards for searching, such as file name, size, type, date, etc.

Action: What to do with the files that meet the criteria, defaulting to outputting to the screen.

2. Examples of the find Command

*The following lists all commonly used options for find*

1. Name Search with find

#1. Create file touch /etc/sysconfig/network-scripts/{ifcfg-eth1,IFCFG-ETH1}
#2. Find files in the /etc directory containing the name ifcfg-eth0
[root@lqz ~]# find /etc -name "ifcfg-eth1"
#3. -i Ignore case
[root@lqz ~]# find /etc -iname "ifcfg-eth1"
# Find all files in the /etc directory containing the name ifcfg-eth
[root@lqz ~]# find /etc/ -name "ifcfg-eth*"
[root@lqz ~]# find /etc -iname "ifcfg-eth*"

2. Size Search with find

#1. Find files larger than 5M
[root@lqz ~]# find /etc -size +5M
#2. Find files equal to 5M
[root@lqz ~]# find /etc -size 5M
#3. Find files smaller than 5M
[root@lqz ~]# find /etc -size -5M

3. Type Search with find

# f File
[root@lqz ~]# find /dev -type f
# d Directory
[root@lqz ~]# find /dev -type d
# l Link
[root@lqz ~]# find /dev -type l
# b Block device
[root@lqz ~]# find /dev -type b
# c Character device
[root@lqz ~]# find /dev -type c
# s Socket
[root@lqz ~]# find /dev -type s
# p Pipe file
[root@lqz ~]# find /dev -type p

4. Time Search with find

#1. Create test files (to be covered later in shell)
[root@lqz ~]# for i in {01..28};do date -s  201904$i && touch file-$i;done
#2. Find files older than 7 days (will not print today's files)
[root@lqz ~]# find ./ -iname "file-*" -mtime +7
#3. Find files modified in the last 7 days, not recommended (will print today's files)
[root@lqz ~]# find ./ -iname "file-*" -mtime -7
#4. Find files modified on the 7th day (will not print today's files)
[root@lqz ~]# find ./ -iname "file-*" -mtime 7
#5. Keep local files with backups from the last 7 days, and keep backups on the server for 3 months (actual usage scenario)
find /backup/ -iname "*.bak" -mtime +7 -delete
find /backup/ -iname "*.bak" -mtime +90 -delete

5. User Search with find

# Find files owned by jack
[root@lqz ~]# find /home -user jack
# Find files belonging to the group admin
[root@lqz ~]# find /home -group admin
# Find files owned by jack and belonging to the group admin
[root@lqz ~]# find /home -user jack -group admin
# Find files owned by jack and belonging to the group admin
[root@lqz ~]# find /home -user jack -a -group admin
# Find files owned by jack or belonging to the group admin
[root@lqz ~]# find /home -user jack -o -group admin
# Find files without an owner
[root@lqz ~]# find /home -nouser
# Find files without a group
[root@lqz ~]# find /home -nogroup
# Find files without an owner or group
[root@lqz ~]# find /home -nouser -o -nogroup

6. Permission Search with find

# Exact match for 644 permissions
[root@lqz ~]# find . -perm 644 -ls
# Includes 444 permissions
[root@lqz ~]# find . -perm -444  -ls
# Find globally writable (each permission must include w)
[root@lqz ~]# find . -perm -222 -ls
# Includes set uid
[root@lqz ~]# find  /usr/sbin -perm -4000 -ls
# Includes set gid
[root@lqz ~]# find  /usr/sbin -perm -2000 -ls
# Includes sticky
[root@lqz ~]# find  /usr/sbin -perm -1000 -ls

Search Criteria

Search by file name

-name Specify name, can use regular expressions
-iname Ignore case
-links n Files with n links
-regex Followed by the full path, not just the file name, must match the entire path

Specify search depth

-maxdepth level Maximum search depth, the specified directory is level 1
-mindepth level Minimum search depth, including level

Search by owner and group

-user username Find files owned by username
-group groupname Find files belonging to groupname
-uid id Find files owned by id
-gid id Find files belonging to id
-nouser Find files without an owner
-nogroup Find files without a group

m[root@192 test]#chown qiao bm
[root@192 test]#ll
total 0
drwxr-xr-x. 4 root root 24 Dec  4 22:50 a
-rw-r--r--. 1 qiao root  0 Dec  6 17:53 bm
[root@192 test]#chown :llx bm
[root@192 test]#ll
total 0
drwxr-xr-x. 4 root root 24 Dec  4 22:50 a
-rw-r--r--. 1 qiao llx   0 Dec  6 17:53 bm
[root@192 test]#find -group llx
./bm
[root@192 test]#id root
uid=0(root) gid=0(root) groups=0(root)
m[root@192 test]#id qiao
uid=1000(qiao) gid=1000(qiao) groups=1000(qiao)
m[root@192 test]#find -uid 1000
./b
m[root@192 test]#useradd xiaobao
[root@192 test]#chown xiaobao bm
[root@192 test]#ll
total 0
drwxr-xr-x. 4 root    root 24 Dec  4 22:50 a
-rw-r--r--. 1 xiaobao llx   0 Dec  6 17:53 bm
[root@192 test]#userdel xiaobao
[root@192 test]#ll
total 0
drwxr-xr-x. 4 root root 24 Dec  4 22:50 a
-rw-r--r--. 1 1002 llx   0 Dec  6 17:53 bm
[root@192 test]#find -nouser
./b
# Search the entire disk
m[root@192 test]#find / -nouser

Search by file type -type

d Directory
f File
l Symbolic link
s Socket
b Block device
c Character device
p Pipe file

m[root@192 test]#find -type f
./b

Empty files or directories

-empty

m[root@192 test]#find -empty

Conditions

With -a
Or -o
Not -not

m[root@192 test]#find -empty -o -type d
m[root@192 test]#find -empty -not -type d
./b

De Morgan’s Law

Not (A or B) = Not A and Not B
Not (A and B) = Not A or Not B

m[root@192 ~]#find !(-empty -a -tpye d)

Exclude directories

-path

[root@localhost test]#find /etc -name *_config
/etc/ssh/ssh_config
/etc/ssh/sshd_config
[root@localhost test]#find /etc -path /etc/ssh -name *_config

Search by size

-size # (#-1,#] Excludes # -1, includes #
-size -# [0,#-1] Includes # -1
-size +# (#,……)

Search by time

-amin
-mmin
-cmin
-atime # [#,#+1)
-atime -# (0,#)
-atime +# [#+1,….]
Find files older than 7 days find -atime +7
-mtime
-ctime
In minutes

3. Action Handling

Actions for find, for example, after finding a file, what to do with it, the default action of find is -print

1. Example of Action Commands after find

Action	Meaning
-print	Print the found content (default)
-ls	Print the found content in long format
-delete	Delete the found files (can only delete empty directories)
-ok	Followed by a custom shell command (will prompt for confirmation)
-exec	Followed by a custom shell command (standard syntax -exec 😉

– -print is the default action, displayed on the screen– -ls is similar to ls -l displaying in long format– -delete deletes the found files– -fls file saves the found results in long format to a file– -ok command {} \; executes the command for each found file, prompting the user for confirmation before execution

find -size 2M -ok rm -rf {} \;
Find files of 2M, delete, prompt for deletion

-exec command {} \; Executes the command for each found file without confirmation, processing them all at once

find -size 2M -exec rm -rf {} \;

m[root@192 test]#find -size 2M -delete

#1. Use -print to print the found files
[root@lqz ~]# find /etc -name "ifcfg*"
[root@lqz ~]# find /etc -name "ifcfg*" -print
#2. Use -ls to print the found files in long format
[root@lqz ~]# find /etc -name "ifcfg*" -ls
#3. Use -delete to delete files, but can only delete empty directories
[root@lqz ~]# find /etc -name "ifcfg*" -delete
#4. Use -ok to implement file copy, but will prompt for confirmation
[root@lqz ~]# find /etc -name "ifcfg*" -ok cp -rvf {} /tmp \;
#5. Use -exec to implement file copy and file deletion.
[root@lqz ~]# find /etc -name "ifcfg*" -exec cp -rvf {} /tmp \;
[root@lqz ~]# find /etc -name "ifcfg*" -exec rm -f {} \;

2. Using the find Command with xargs

Some commands do not support pipes
Command parameters are too long
xargs passes the content before the pipe to the command after it one by one

echo file{1..50000}|xargs touch

Generally used with find

#xargs passes the files found by the previous command as input to the latter command
[root@lqz ~]# touch file.txt
[root@lqz ~]# find . -name "file.txt" |xargs rm -f
[root@lqz ~]# find . -name "file.txt" |xargs -I {} cp -rvf {} /var/tmp

3. Logical Operators in find

Symbol	Function
-a	And
-o	Or
-not\|!	Not

#1. Find all files in the current directory not owned by hdfs
[root@lqz ~]# find . -not -user hdfs
[root@lqz ~]# find . ! -user hdfs
#2. Find all files in the current directory owned by hdfs and larger than 300 bytes
[root@lqz ~]# find . -type f -a -user hdfs -a -size +300c
#3. Find all files in the current directory owned by hdfs or ending with xml
[root@lqz ~]# find . -type f -a \( -user hdfs -o -name '*.xml' \)

4. Related Exercises for find

1. Find files in the /tmp directory not owned by root and not starting with f.
2. Find all files in the /var directory owned by root and belonging to the mail group.
3. Find all files in the /var directory not owned by root, lp, or gdm.
4. Find all files in the /var directory modified in the last week, not owned by root or postfix.
5. Find all files in the /etc directory larger than 1M and of type regular file.
6. Copy all directories (only directories) from /etc/ to /tmp, preserving the directory structure.
7. Copy the /etc directory to /var/tmp/, setting all directory permissions to 777 and all file permissions in /var/tmp/etc to 666.
8. Keep the log files in /var/log/ from the last 7 days, deleting all others.
9. Create touch file{1..10} for 10 files, keeping file9 and deleting all others at once.
10. Explain the meaning of each command below:
mkdir /root/dir1
touch /root/dir1/file{1..10}
find /root/dir1 -type f -name "file5"
find /root/dir1 ! -name "file5"
find /root/dir1 -name "file5" -o -name "file9"
find /root/dir1 -name "file5" -o -name "file9" -ls
find /root/dir1 \( -name "file5" -o -name "file9" \) -ls
find /root/dir1 \( -name "file5" -o -name "file9" \) -exec rm -rvf {} \;
find /root/dir1  ! \( -name "file4" -o -name "file8" \) -exec rm -vf {}  \;

The Three Musketeers of Linux

Detailed explanation of the Three Musketeers

grep

awk

sed

grep

grep [option] “pattern” file

option

--color=auto Add color to matching lines
-v Invert match
-i Case insensitive
-n Add line numbers to the found content
-c Print the number of matching lines
-o Only show matching text
-q Silent mode
-A # after Show # lines below
-B # before Show # lines above
-C # context Show # lines above and below
-e or grep -e 'user' -e 'root' passwd means or
-E Extended regular expressions
-F Do not use regular expressions
-r Recursive
-w Match whole words

Regular Expression Metacharacters

Character Matching

. Any single character
[] Match any single character within the specified range [0-9] [a-z] [A-Z]
[^] Negation
[:upper:] Uppercase letters
[:lower:] Lowercase letters
[:alnum:] Letters and numbers
[:alpha:] Uppercase and lowercase letters
[:digit:] Numbers

m[root@192 test]#grep '[[:digit:]]\+' c# Match digits

[:blank:] Whitespace
[:punct:] Punctuation
Matching Times

* Any number of times
.* Any character any number of times
\? 0 or 1 time
\+ At least once
\{n\} Exactly n times
\{m,n\} At least m times, at most n times
\{n,\} At least n times
\{,n\} At most n times

Position Anchors

^ Beginning
$ End
^$ Empty line

grep -v "^#" /etc/ssh/sshd_config |grep -v "^$" Show lines that do not start with # and are not empty

Grouping

grep "\(c\|C\)at" a

Backreference

\1 Matches the content of the first parenthesis after it appears again
\2 Matches the content of the second parenthesis after it appears again

grep "\(l..e\).\*\1" clove djfdjfd;d love

Extended Regular Expressions

The difference from regular expressions is that no escaping is needed

grep -E "(c|C)at" a

No need to escape with \

Link: https://www.cnblogs.com/coderxueshan/p/17933844.html

(Copyright belongs to the original author, please delete if infringed)

WeChat group

WeChat group