2015
# -print Will find files to standard output Space between; and \ will be found in the
file execute command operations, {} -;
# -exec command {} \
# -ok And -exec, except that before proceeding to inquire user
-name filename
-perm
# Press executing authority to find
-user username
# Press file owner to find
-group groupname # as a group to find
-mtime -nn
-atime -nn
-user username
# Press file to change the time to find the file, -n means less
than n days, n refers to the n days ago
# Press file access times to check GIN: 0px "> - perm # press
execute permissions to find
# Press file owner to find
-group groupname
-mtime -nn
# as a group to find
# Press file to change the time to find the file, -n means less
than n days, n refers to the n days ago
-atime -nn
-nogroup
# Press file access time to find the file, -n means less than n
days, n refers to the n days ago
# by file creation time to find the file, -n means less than n
days, n refers to the n days ago
# check file without valid genus group is a group that is not
-nouser
-ctime nn
naomychan
Page 1
May 27,
2015
# check changes over time than f1 f2 new but the old files
# check file is not cross file system mount points
# If you have a symbolic link file, it referred to the trace
file links
-cpio
-prune
More information can be viewed: "Linux under the find command explanation"
http://www.phpq.net/linux/linux-find.html,"
Linux find command examples
http://www.phpq.net/linux/linux-find-demo.html .
naomychan
Page 2
May 27,
2015
1) Find in / tmp all the * .h, and look for "SYSCALL_VECTOR" In these documents,
the last print out all contain "SYSCALL_VECTOR" file name
A) find / tmp -name "* .h" | xargs -n50 grep SYSCALL_VECTOR
B) grep SYSCALL_VECTOR /tmp/*.h | cut -d ":" -f1 | uniq> filename
C) find / tmp -name "* .h" -exec grep "SYSCALL_VECTOR" {} \; -print
2) find / -name filename -exec rm -rf {} \;
find / -name filename -ok rm -rf {} \;
3) For example, to find the disk file is larger than 3M of:
. find -size 3000k -exec ls -ld {};
4) to find out what put it somewhere else
find * .c -exec cp "{}" / tmp ";"
5) If you have a special file, you can use cpio, you can also use this syntax:
find dir -name filename -print | cpio -pdv newdir
6) Find files that have changed 2015-05-27 20:44:37 time
# A = `find ./ -name" * php "` | ls -l -full-time $ A 2> / dev / null | grep "2015-05-27
20:44:37
naomychan
Page 3
May 27,
2015
6. Logic
-and -or conditions or conditions
7. Find string
. find -name "* .html" -exec grep "mailto:" {}
naomychan
Page 4
May 27,
2015
Since the find has powerful features, so it's also a lot of options, most of which
options are worth our time to find out. Even if the system contains a Network File
System (NFS), find the command in the file system as effective, only you have the
appropriate permissions.
When you run a very resource-consuming find command, many people tend to put it
in the background, because traversing a large file system can take a long time (in this
case more than 30G bytes of the file system).
A, find the command format
1, find the general form of the command is;
find pathname -options [-print -exec -ok ...]
2, find the command parameters;
pathname: directory path to find the command are looking for.
For example. To indicate the current directory, use / to represent system root.
-print: file find command to match output to standard output.
-exec: find command to execute shell commands given by the parameter of the
matching files. The corresponding form of the command to "command" {} \ ;, note {}
and \; spaces between.
-ok: -exec action and the same, but in a more secure mode to execute shell
commands given by the parameter before executing each command will prompt you
to allow users to determine whether to execute.
3, find the command options
-name
Find files by file name.
-perm
To find files by file permissions.
-prune
Use this option to make the find command is not specified in the current directory to
find, if you use the -depth option, then -prune find command will be ignored.
-user
According to the file owner to locate the file.
naomychan
Page 5
May 27,
2015
-group
According to the group the file belongs to locate the file.
-mtime -n n
Change the file according to the time to find the file, - n represents the file to change
the time from within now n days, n that file to change the time from now n days ago.
There -atime and -ctime find command options, but they are and -m time options.
-nogroup
Find files without a valid-owned group, which belongs to the group that does not
exist in the file / etc / groups in.
-nouser
Find files without a valid owner, that the owner of the file does not exist in the / etc /
passwd in.
-newer file1! file2
Change the time to find new than the file file1 file2 older than the file but the file.
-type
Find certain types of files, such as:
b - block device file.
d - directory.
c - character device file.
p - pipe file.
l - a symbolic link file.
f - an ordinary file.
-size n: [c] Find files file n blocks of length, indicates that the file length in bytes time
with c.
-depth: when you find a file, first locate the files in the current directory, and then in
its subdirectories.
-fstype: Find the file is located in a certain type of file system, these file system types
can usually be found in the configuration file / etc / fstab, the configuration file
contains information regarding the system file system.
-mount: When searching files do not cross file system mount points.
-follow: If you find command encounters a symbolic link files, just follow the link
points to a file.
-cpio: for files that match the use cpio command to back up these files to tape
devices.
In addition, the following three differences:
naomychan
Page 6
May 27,
2015
-amin n
Find system files accessed last N minutes
-atime n
Find the last n * file system accessible 24 hours
-cmin n
Find the system was changed last minute N files file status
-ctime n
Find system last changed n * 24 file status file
-mmin n
The last N minutes to find the system to be changed file data file
-mtime n
Find system last changed n * 24 file data file
Page 7
May 27,
2015
Remember: Before you shell used in any way to delete a file, it should first check the
appropriate files, be careful! When used, such as mv or rm commands, you can use
safe mode -exec option. It will operate on the file before each match to prompt you.
In the following example, find command to find all the file names in the current
directory with .LOG ending time of the file changes in more than five days, and
delete them, but prompt before deleting.
. $ Find -name "* .conf" -mtime 5 -ok rm {} \;
?N
Press y to delete the file, press n is not deleted.
Any form of commands can be used in the -exec option.
In the following example, we use the grep command. find command first match all
files named "passwd *" files, such as passwd, passwd.old, passwd.bak, then execute
grep command to see if there is a user sam in these documents.
# Find / etc -name "passwd *" -exec grep "sam" {} \;
sam: x: 501: 501 :: / usr / sam: / bin / bash
Two, find examples of command;
1, to find all files in the current user's home directory:
The following two methods can be used
$ Find $ HOME -print
$ Find ~ -print
2, so that the current directory the file owner has read and write permissions, and
the file owning group and other users have read access to the file;
$ Find -type f -perm 644 -exec ls -l {} \.;
3, in order to find all files in the system's normal file length of 0, and lists the full
path;
$ Find / -type f -size 0 -exec ls -l {} \;
4. Find / var / logs directory, change the time before the 7th ordinary file and ask
them before deleting;
$ Find / var / logs -type f -mtime 7 -ok rm {} \;
5, in order to find the system root of all belong to the group of documents;
. $ Find -group root -exec ls -l {} \;
-rw-r-r- 1 root root 595 10 31 01:09 ./fie1
naomychan
Page 8
May 27,
2015
6, find the command to delete the directory when access time since the 7th of
admin.log file containing a numeric suffix.
This command checks only three digits, so the corresponding file extension should
not exceed 999. To build several admin.log * files, you can use the following
command
$ Find. -name "Admin.log [0-9] [0-9] [0-9]" -atime -7 -ok
rm {} \;
?N
?N
?N
?N
7, in order to find the current file system directory and all sort;
. $ Find -type d | sort
8, in order to find the system all the rmt tape devices;
$ Find / dev / rmt -print
Three, xargs
xargs - build and execute command lines from standard input
When the file using the find command -exec option handling to match, find the
command will be passed along to all matching files to the exec execution. However,
some systems can be passed to the exec command length is limited, so that after the
find command to run a few minutes, there will be an overflow error. Error message is
usually "parameter column too long" or "parameter column overflow." This is useful
where xargs command, especially for use with the find command.
find command to pass the file to xargs command match, and xargs command each
get only part of the file, but not all, unlike the -exec option that. So that it can be
processed to obtain the first part of the file, then the next batch, and so continue.
In some systems, the use of -exec option to process each file matching to initiate an
appropriate process, not all the files that match the first performance as an
argument; so that in some cases there will be too many processes, system
performance degradation, thus efficiency is not high;
Xargs command using only one process. In addition, when using the xargs command,
what is the first to get all of the arguments, or arguments made in batches, and each
takes parameters will be determined according to the number of options for the
naomychan
Page 9
May 27,
2015
Look under the current directory of all users have the file read, write, and execute
permissions, and recover the corresponding write permissions:
# Ls -l
drwxrwxrwx 2 sam adm 4096 10 30 20:14 file6
-rwxrwxrwx 2 sam adm 0 10 31 01:01 http3.conf
-rwxrwxrwx 2 sam adm 0 10 31 01:01 httpd.conf
# Find -perm -7 -print |. Xargs chmod o-w
# Ls -l
drwxrwxr-x 2 sam adm 4096 10 30 20:14 file6
-rwxrwxr-x 2 sam adm 0 10 31 01:01 http3.conf
-rwxrwxr-x 2 sam adm 0 10 31 01:01 httpd.conf
naomychan
Page 10
May 27,
2015
With the grep command to search for all common file hostname of the word:
# Find -type f -print |. Xargs grep "hostname"
./httpd1.conf:# different IP addresses or hostnames and have them handled by the
./httpd1.conf:# VirtualHost: If you want to maintain multiple domains / hostnames
on your
With the grep command to search the current directory of all common file
hostnames word:
# Find -name \ * -type f -print |. Xargs grep "hostnames"
./httpd1.conf:# different IP addresses or hostnames and have them handled by the
./httpd1.conf:# VirtualHost: If you want to maintain multiple domains / hostnames
Note that in the above example, \ to cancel the find command * special meaning in
the shell.
with the use of the find command exec and xargs allows users to perform almost all
of the command files to match.
Four parameters, find the command
Here are some common parameters find examples of useful time to look on the line,
like the front of a few posts, have used some of the parameters of which can also be
used to view the man or forum postings find other commands manual
naomychan
Page 11
May 27,
2015
No matter what the current path is, if you want to find the file name in the root
directory of your $ HOME that match * .txt files, use ~ as "pathname" argument, the
tilde ~ represents your $ HOME directory.
$ Find ~ -name "* .txt" -print
Want to find all the '* .txt' file in the current directory and subdirectories, you can
use:
$ Find. -name "* .txt" -print
The current directory and subdirectories to find the desired file name with a capital
letter at the beginning of the file, you can use:
$ Find. -name "[A-Z] *" -print
Want to find the file name starts with the host file in / etc directory, you can use:
$ Find / etc -name "host *" -print
Want to find $ HOME directory of files, you can use:
$ Find ~ -name "*" -print or find. -print
To get the system high load running, starting from the root directory to find all the
files.
$ Find / -name "*" -print
If you want to find the file in the current directory name starts with two lowercase
letters, followed by two digits, and finally .txt files, the following command will be
able to return to a file named ax37.txt of:
$ Find. -name "[Az] [az] [0--9] [0--9] .txt" -print
naomychan
Page 12
May 27,
2015
3, ignoring a directory
If you want to ignore a directory, because you know that the directory does not find
the file you want, you can use -prune option to indicate the directory to be ignored
when looking for files. When using -prune option to be careful, because if you use
the -depth option, then -prune option will be ignored find command.
If you want to find in the / apps directory file, but do not want to look in the / apps /
bin directory, you can use:
$ Find / apps -path "/ apps / bin" -prune -o -print
4, using the time to find files find how to avoid a file directory
For example, to find all files that are not within dir1 subdirectory under / usr / sam
directory
find / usr / sam -path "/ usr / sam / dir1" -prune -o -print
find [-path ..] [expression] is an expression of the back path list
naomychan
Page 13
May 27,
2015
-path "/ usr / sam" -prune -o -print is -path "/ usr / sam" -a -prune -o
-print shorthand expression evaluator, -a and -o are short-circuit evaluation in order,
with the shell of && and || similar if -path "/ usr / sam" is true, then evaluated
-prune, -prune Returns true, the logical expression is true; otherwise not evaluated
-prune, and the logical expression is false. If -path "/ usr / sam" -a -prune is false,
then evaluated -print, -print returns true or logical expression is true; otherwise not
evaluated -print, or logical expression is true.
This expression can be used in combination exception pseudo code is written as
if -path "/ usr / sam" then
-prune
else
-print
Avoid multiple folders
find / usr / sam \ (-path / usr / sam / dir1 -o -path / usr / sam / file1 \) -prune -o
-print
Parentheses indicate binding expression.
\ Is a reference that indicates the character after the shell does not make a special
interpretation, and left the find command to explain its significance.
Find a defined file, -name and other options added after -o
#find / usr / sam \ (- path / usr / sam / dir1 -o -path / usr / sam / file1 \) -prune -o
-name "temp" -print
Page 14
May 27,
2015
For example, you want to find all such files in the / home directory, you can use:
$ Find / home -nouser -print
6, using the group and nogroup options
Like user and nouser options like document for the user group belongs, find
command also has the same option, to look at / apps directory for files that gem user
group, you can use:
$ Find / apps -group gem -print
To find no valid user group of all files, you can use the nogroup option. The following
find command to find this file from the root of the file system
$ Find / -nogroup-print
7. Change the time or access time to find the file
If you want to change the time according to find a file, you can use the mtime, atime
or ctime options. If suddenly there is no available space, and most likely the length of
one file during this period has grown rapidly, then you can use mtime options to find
such files.
A minus sign - to change the time defined in the file n days or less ago, but with a
plus sign to change the time defined in n days ago previous file.
Change the time you want to find the root of the file system within five days, you can
use:
$ Find / -mtime -5 -print
To find in the / var / adm directory to change the time before the 3rd file, you can
use:
$ Find / var / adm -mtime 3 -print
Page 15
May 27,
2015
Change the time to find than the file sam new but the old file than the file temp:
Example: There are two files
-rw-r-r- 1 sam adm 0 10 31 01:07 fiel
-rw-rw-rw- 1 sam adm 34890 10 31 00:57 httpd1.conf
-rwxrwxr-x 2 sam adm 0 10 31 01:01 httpd.conf
drw-rw-rw- 2 gem group 4096 10 26 19:48 sam
-rw-rw-rw- 1 root root 2792 10 31 20:19 temp
# Find -newer httpd1.conf! -newer Temp -ls
1077669 0 -rwxrwxr-x 2 sam adm 0 10 31 01:01 ./httpd.conf
1077671 4 -rw-rw-rw- 1 root root 2792 10 31 20:19 ./temp
1077673 0 -rw-r-r- 1 sam adm 0 10 31 01:07 ./fiel
Find a temp file modification time than the new file:
$ Find. -newer Temp -print
9. Use the type option
Find all the directories in the / etc directory, you can use:
$ Find / etc -type d -print
Find all types of files except the directories in the current directory, you can use:
$ Find.! -type D -print
Find all symbolic link files in the / etc directory, you can use
$ Find / etc -type l -print
Page 16
May 27,
2015
Page 17
May 27,
2015
Page 18
May 27,
2015
Examples
===============================================================
$ Find ~ -name "* .txt" -print # in $ HOME in check .txt file and displays
$ Find. -name "* .txt" -print
. $ Find -name "[AZ] *" -pri26nbsp; # matching files using cpio command, they
backed up to tape devices
-prune # ignore a directory
$ Find. -name "[AZ] *" -print # check file begins with an uppercase letter
$ Find / etc -name "host *" -print # Charles beginning to host files
$ Find. -name "[Az] [az] [0--9] [0--9] .txt" -print # check both two lowercase letters
and numbers beginning with the txt file
$ Find. -perm 755 -print
$ Find -perm -007 -exec ls -l {} \;. # Check that all users can read and write files to
perform with -perm 777
$ Find. -type D -print print directory structure
$ Find.! -type D -print print the non-directory files
find / usr / include -name "* .h" -exec grep AF_INEF6 {} \;
Unable because grep recursively search subdirectories, it can be used in combination
find. Find string AF_INEF6 in / usr / include all subdirectories .h file
$ Find. -type L -print
$ Find. -size 1000000c -print # check file length is greater than 1Mb
$ Find. -size 100c -print # check file length 100c
$ Find. -size 10 -print # investigation of obsolete documents longer than 10 in (a =
512 bytes)
$ Cd /
$ Find etc home apps -depth -print | cpio -ivcdC65536 -o / dev / rmt0
$ Find / etc -name "passwd *" -exec grep "cnscn" {} \; # see if there cnscn user
$ Find -name "yao *" |. Xargs file
$ Find -name "yao *" |. Xargs echo ""> /tmp/core.log
$ Find -name "yao *" |. Xargs chmod o-w
================================================== ====
naomychan
Page 19
May 27,
2015
find -name april * Find files in april begin in the current directory
find -name april * fprint file to find the file in april begin in the current directory, and
outputs the result to file
find -name ap * -o -name may * or may look to the beginning of the file ap
find / mnt -name tom.txt -ftype vfat find the name in the / mnt as tom.txt and the
file system type vfat file
find / mnt -name t.txt! -ftype vfat look for a tom.txt and the file system type vfat file
is not in the / mnt
find / tmp -name wa * -type l look for a file named wa beginning and it's a symbolic
link in the / tmp
find / home -mtime -2 check within the last two days changed files in the / home
find / home -atime -1 investigation file is accessed within one day off
find / home -mmin 60 check 60 minutes before the changed files in the / home
find / home -amin 30 investigation files were accessed in the last 30 minutes ago off
find / home -newer tmp.txt under / home longer than tmp.txt near check update the
file or directory
find / home -anewer tmp.txt under / home check recent access time than tmp.txt file
or directory
find / home -used -2 lists the following file or directory is altered, within 2 days
accessed through a file or directory
find / home -user cnscn listed in the / home directory belongs to the user within a
file or directory cnscn
find / home -uid 501 listed in the / home directory of the user ID is greater than 501
file or directory
find / home -group cnscn lists / home within a group of files or directories cnscn
find / home -gid 501 lists / home within the group id 501 file or directory
find / home -nouser lists are not within / home user's local file or directory
find / home -nogroup listed in the / home does not belong to a local group of files or
directories
find / home -name tmp.txt -maxdepth 4 lists / tmp.txt search Deep inside the home
up to three layers
find / home -name tmp.txt -mindepth 3 from layer 2 start search
find / home -empty lookup file size 0 or empty directories
find / home -size 512k check files larger than 512k
find / home -size -512k check less than 512k file
find / home -links 2 check hard links greater than 2 file or directory
find / home -perm 0700 700 check permissions for the file or directory
naomychan
Page 20
May 27,
2015
Page 21
May 27,
2015
=================================================
To deal with queries and to awk
[Root @ book class] # who | awk "{print $ 1" \ t "$ 2}"
cnscn pts / 0
=================================================
awk-grep-sed
[Root @ book class] # df -k | awk "{print $ 1}" | grep -v "none" | sed s "/ \ / dev \ ///
g"
File System
sda2
sda1
[Root @ book class] # df -k | awk "{print $ 1}" | grep -v "none"
File System
/ Dev / sda2
/ Dev / sda1
1) Find in / tmp all the * .h, and look for "SYSCALL_VECTOR" In these documents, the
last print out all contain "SYSCALL_VECTOR" file name
A) find / tmp -name "* .h" | xargs -n50 grep SYSCALL_VECTOR
B) grep SYSCALL_VECTOR /tmp/*.h | cut -d ":" -f1 | uniq> filename
C) find / tmp -name "* .h" -exec grep "SYSCALL_VECTOR" {} \; -print
2) find / -name filename -exec rm -rf {} \;
find / -name filename -ok rm -rf {} \;
3) For example, to find the disk file is larger than 3M of:
. find -size 3000k -exec ls -ld {};
4) to find out what put it somewhere else
find * .c -exec cp "{}" / tmp ";"
If you have a special file, you can use cpio, you can also use this syntax:
find dir -name filename -print | cpio -pdv newdir
6) Find files that have changed 2004-11-30 16:36:37 time
# A = `find ./ -name" * php "` | ls -l -full-time $ A 2> / dev / null | grep "2004-11-30
16:36:37
naomychan
Page 22
May 27,
2015
Page 23