J
Jarret W. Buse
Guest
Linux+: Linux Shell 06 – Shell Commands Part 3
On any Operating System (OS), users usually at some point need to find files. Searching for files from the Command Line can be a simple task.
The command to search for files is 'find'. The command has a few parameters, but let's go over the basics first. The command syntax is:
find search-path expressions search-string
Depending on the search-path and expressions, the other entries are optional.
Before we get to examples, let's look over some basic details of the syntax.
If the search path is not specified, it defaults to the current directory specified by a period (.). The expressions are as follows:
-amin n – file was accessed n minutes ago
-atime n – file was accessed at least (24 * n) hours ago
-cmin n – file was changed n minutes ago
-ctime n – file was changed at least (24 * n) hours ago
-empty – file is zero bytes or empty
-exec command – with every file specified by the find criteria, execute the given command
-iname fname – case-insensitive filename search for fname
-inum n – file's inode is n
-mount – only search local filesystem
-mmin n – file was modified n minutes ago
-mtime n – file was modified at least (24 * n) hours ago
-name fname – filename should be fname and is case-sensitive
-nogroup – GID for file does not match to any valid group
-nouser – UID for file does not match any valid user
-perm mode – permission of files are checked to match mode
-print – print the filename of matching criteria
NOTE: These are but a few of the parameters for find, but these are enough to get you started and past the Linux+ certification exam.
Of course, the search string is what you are looking for with find.
Let's look at some examples:
To find a file in the home folder which has been accessed in the last hour (60 minutes), we use the following:
find ~ -amin -60
To find a file accessed at a specified time or later, we use -atime. Since it is based on increments of 24 hours, we specify how many days. If we want to find all files accessed in the Home folder 2 days ago and later, we do the following:
find ~ -atime -2
To find all files in the Root and sub-directories which were changed in the last 5 minutes we do:
find / -cmin -5
To find all files in the root changed 3 days ago, we use the following:
find / -ctime -3
To find all empty files and folders (those which are zero bytes) we perform this command:
find / -empty
The -iname is used to find a filename with a specific name or using wildcards but specify the name with no case sensitivity. In this example, let's try finding any file starting with 'tr' of any case and ending in whatever other letters or numbers (tr*). We will search the /usr/bin/ folder and subdirectories as shown:
find /usr/bin/ -iname tr*
What if you need to find a file with the inode address of 131663? This inode number may have come from a file system check error telling me that the file is corrupted. I can search for the specific file by:
find -inum 131663
NOTE: If you search across multiple partitions, you may find a file with the specified inode on each partition.
To make sure the find in the previous example does not search other partitions, use the mount parameter.
find -inum 131663 -mount
NOTE: Many permission errors are shown at times with a find command. To exclude errors, we add the following at the end of a find command: '2>/dev/null'.
The '2' represents standard errors (stderr) which is sent to the null device.
To find a file in the home folder which has been modified in the last 20 minutes, we use he following:
find ~ -mmin -20
To find a file modified at a specified time or later, we use -mtime. Since it is based on increments of 24 hours, we specify how many days. If we want to find all files accessed in the Home folder 2 days ago and later, we do the following:
find ~ -mtime -2
To find a specific filename by a special case, we use the -name parameter. So, to find a file named 'toff' in /usr/bin/ we use:
find /usr/bin/ -name toff
To find all files on the local partition which are not linked to a group ID (GID) and removing error messages, we do the following:
find / -nogroup -mount 2>/dev/null
NOTE: Useful when a group is deleted and files owned by the group are still on the hard disk.
To find all files on the local partition which are not linked to a user ID (UID) and removing error messages, we do the following:
find / -nouser -mount 2>/dev/null
NOTE: Useful when a user account has been removed to find the file they own which may need to be deleted.
To search for a file with specific permissions, we can specify the permissions using the octal numbering system.
For the system, each permission is in groups. The groups are OWNER, GROUP and OTHERS. The numbering system is based on three permission types: Read, Write and Execute. The numbering is as follows:
Read – 4 (r)
Write – 2 (w)
Execute – 1 (x)
To make this work, you add up the values for what you want as follows:
4+2+1 = 7 – Read, Write, Execute
4+2 = 6 – Read, Write
4+1 = 5 – Read, Execute
4+0 = 4 – Read
2+1=3 – Write, Execute
2+0=2 – Write
1+0=1 – Execute
For example, to allow the User Read, Write and Execute permissions (7), and the Group permissions of Read and Write (6), and Others only read permissions (4), the total Permission Mode is 764. If files were to be searched for in the Home folder with these permissions, we would use the following command:
find ~ -perm 764
To print the filename of any matching file which meets the specified criteria, we add the '-print' parameter. This parameter is assumed by default, but if you ever get strange output, put the parameter in to be sure to print out the filenames.
find -name ap* -print
What if you wanted to execute a command for every file found in the Home folder which starts with a 'T'. The command 'touch' is used to modify the file's modification and access time and date. You can 'touch' each file found by the find command and perform it as such:
find ~ -name T* -print -exec touch {} \;
NOTE: After the 'touch' command, the curly brackets are used to specify where the filename is placed. To designate the end of the command, use the escape character (\) and a semicolon (
.
Be aware that the parameters can be mixed together to allow for a more specific search criteria.
On any Operating System (OS), users usually at some point need to find files. Searching for files from the Command Line can be a simple task.
The command to search for files is 'find'. The command has a few parameters, but let's go over the basics first. The command syntax is:
find search-path expressions search-string
Depending on the search-path and expressions, the other entries are optional.
Before we get to examples, let's look over some basic details of the syntax.
If the search path is not specified, it defaults to the current directory specified by a period (.). The expressions are as follows:
-amin n – file was accessed n minutes ago
-atime n – file was accessed at least (24 * n) hours ago
-cmin n – file was changed n minutes ago
-ctime n – file was changed at least (24 * n) hours ago
-empty – file is zero bytes or empty
-exec command – with every file specified by the find criteria, execute the given command
-iname fname – case-insensitive filename search for fname
-inum n – file's inode is n
-mount – only search local filesystem
-mmin n – file was modified n minutes ago
-mtime n – file was modified at least (24 * n) hours ago
-name fname – filename should be fname and is case-sensitive
-nogroup – GID for file does not match to any valid group
-nouser – UID for file does not match any valid user
-perm mode – permission of files are checked to match mode
-print – print the filename of matching criteria
NOTE: These are but a few of the parameters for find, but these are enough to get you started and past the Linux+ certification exam.
Of course, the search string is what you are looking for with find.
Let's look at some examples:
To find a file in the home folder which has been accessed in the last hour (60 minutes), we use the following:
find ~ -amin -60
To find a file accessed at a specified time or later, we use -atime. Since it is based on increments of 24 hours, we specify how many days. If we want to find all files accessed in the Home folder 2 days ago and later, we do the following:
find ~ -atime -2
To find all files in the Root and sub-directories which were changed in the last 5 minutes we do:
find / -cmin -5
To find all files in the root changed 3 days ago, we use the following:
find / -ctime -3
To find all empty files and folders (those which are zero bytes) we perform this command:
find / -empty
The -iname is used to find a filename with a specific name or using wildcards but specify the name with no case sensitivity. In this example, let's try finding any file starting with 'tr' of any case and ending in whatever other letters or numbers (tr*). We will search the /usr/bin/ folder and subdirectories as shown:
find /usr/bin/ -iname tr*
What if you need to find a file with the inode address of 131663? This inode number may have come from a file system check error telling me that the file is corrupted. I can search for the specific file by:
find -inum 131663
NOTE: If you search across multiple partitions, you may find a file with the specified inode on each partition.
To make sure the find in the previous example does not search other partitions, use the mount parameter.
find -inum 131663 -mount
NOTE: Many permission errors are shown at times with a find command. To exclude errors, we add the following at the end of a find command: '2>/dev/null'.
The '2' represents standard errors (stderr) which is sent to the null device.
To find a file in the home folder which has been modified in the last 20 minutes, we use he following:
find ~ -mmin -20
To find a file modified at a specified time or later, we use -mtime. Since it is based on increments of 24 hours, we specify how many days. If we want to find all files accessed in the Home folder 2 days ago and later, we do the following:
find ~ -mtime -2
To find a specific filename by a special case, we use the -name parameter. So, to find a file named 'toff' in /usr/bin/ we use:
find /usr/bin/ -name toff
To find all files on the local partition which are not linked to a group ID (GID) and removing error messages, we do the following:
find / -nogroup -mount 2>/dev/null
NOTE: Useful when a group is deleted and files owned by the group are still on the hard disk.
To find all files on the local partition which are not linked to a user ID (UID) and removing error messages, we do the following:
find / -nouser -mount 2>/dev/null
NOTE: Useful when a user account has been removed to find the file they own which may need to be deleted.
To search for a file with specific permissions, we can specify the permissions using the octal numbering system.
For the system, each permission is in groups. The groups are OWNER, GROUP and OTHERS. The numbering system is based on three permission types: Read, Write and Execute. The numbering is as follows:
Read – 4 (r)
Write – 2 (w)
Execute – 1 (x)
To make this work, you add up the values for what you want as follows:
4+2+1 = 7 – Read, Write, Execute
4+2 = 6 – Read, Write
4+1 = 5 – Read, Execute
4+0 = 4 – Read
2+1=3 – Write, Execute
2+0=2 – Write
1+0=1 – Execute
For example, to allow the User Read, Write and Execute permissions (7), and the Group permissions of Read and Write (6), and Others only read permissions (4), the total Permission Mode is 764. If files were to be searched for in the Home folder with these permissions, we would use the following command:
find ~ -perm 764
To print the filename of any matching file which meets the specified criteria, we add the '-print' parameter. This parameter is assumed by default, but if you ever get strange output, put the parameter in to be sure to print out the filenames.
find -name ap* -print
What if you wanted to execute a command for every file found in the Home folder which starts with a 'T'. The command 'touch' is used to modify the file's modification and access time and date. You can 'touch' each file found by the find command and perform it as such:
find ~ -name T* -print -exec touch {} \;
NOTE: After the 'touch' command, the curly brackets are used to specify where the filename is placed. To designate the end of the command, use the escape character (\) and a semicolon (
.Be aware that the parameters can be mixed together to allow for a more specific search criteria.
