In this guide I am going to show you how to find files on the file system. Linux has several great utilities for finding files and I will highlight them here. I am going to show you the find, locate, and grep commands along with examples and at the end I am sure will be able to find anything on your file system.
Using the find command
The find command works using various tests to define what exactly you are searching for. You could think of the tests as criteria definitions the command uses. A full list of all the tests can be found by looking at the man page for find. I have copied some of the tests and definitions out of the man page and have examples of their usage. There are many more test then what I have shown in examples.
-name pattern
Base of file name (the path with the leading directories removed) matches shell pattern.
find / -name file1You could also use wild cards in the search
find / -name "file1.*"find / -name "*.txt"-amin n
File was last accessed n minutes ago.
find / -amin 10
-mmin n
File’s data was last modified n minutes ago.
File’s data was last modified n minutes ago.
find / -mmin 10-group gname
File belongs to group gname (numeric group ID allowed).
File belongs to group gname (numeric group ID allowed).
find / -group apache-ipath pattern
Like -path. but the match is case insensitive.
Like -path. but the match is case insensitive.
find / -ipath /var/log -size n[cwbkMG]
File uses n units of space. The following suffixes can be used:
`k’ for Kilobytes (units of 1024 bytes)
`M’ for Megabytes (units of 1048576 bytes)
`G’ for Gigabytes (units of 1073741824 bytes)
File uses n units of space. The following suffixes can be used:
`k’ for Kilobytes (units of 1024 bytes)
`M’ for Megabytes (units of 1048576 bytes)
`G’ for Gigabytes (units of 1073741824 bytes)
find / -size 5M-type c
File is of type c:
c character (unbuffered) special
d directory
f regular file
l symbolic link; this is never true if the -L option or the -follow option is in
effect, unless the symbolic link is broken.
File is of type c:
c character (unbuffered) special
d directory
f regular file
l symbolic link; this is never true if the -L option or the -follow option is in
effect, unless the symbolic link is broken.
find / -type d -name var-user uname
File is owned by user uname (numeric user ID allowed).
File is owned by user uname (numeric user ID allowed).
find / -user rootThe find command can also perform an action at the end of the finding. For example you could find files with a certain name and then delete them. Another example would be to archive all the file with the tar command. These actions are performed with the -exec switch. You can pretty much add any commands at the end of find to perform additional actions.
This added at the end of find will perform rm -f on anything that has file1 at the beginning of its name.
-exec rm -f {} \;
find / -name file1* -exec rm -f {} \;This added at the end of find will perform tar -czvf /root/archive.tgz on anything that has file1 at the beginning of its name.
-exec tar -czvf /root/archive.tgz {} \;
-exec tar -czvf /root/archive.tgz {} \;
find / -name file1* -exec tar -czvf /root/archive.tgz {} \;Using the locate command
The locate command works differently then find. Find will search the file system starting at the point defined in the command. The command find / -user root would search the whole root file system looking for files owned by root. This could take some time depending on the number of files a system has. The locate command does not search the file system but instead searches a database of all the files on the file system. This database gets updated daily with new files on the system and searching for files usually takes less then one second. The drawback to this is the database likely will not have what you are looking for if it is a brand new file. The database can be manually updated at any time but this causes the locate command the index the entire file system.
To use the locate command you will need to have the mlocate package installed.
yum install mlocate
updatedb
To find a file you would just specify it name after the locate command
locate file-nameUsing the grep command
The grep command works differently then find and locate in that it will search for text. This command can be used to search for text within a file, or whole directory, or even text output after a command is run. I will show examples of all three of these uses.
-n Show line number
-r Recursive
-r Recursive
Searching the contents of a directory for a text string
grep -n pattern file-name
grep root /etc/passwd
grep root /etc/passwd
Searching the contents of a directory for a text string
grep -rn /boot -e "root"
Searching the output of a command
To show how this examples works, I will need to use piping. The pipe in Linux is this character | and it is used to chain multiple together. Once executed it will run the command up to the first pipe and then pass the commands output to the next pipe. Piping can be a whole topic all into itself and is out of scope to this guide. If you just understand that a pipe combines multiple commands into one then you will be fine.
I started off with just the ps aux command and it dumped a list of every running process. I then wanted to know how many processes were running so I added a pipe and then used the wc -l command (counts the number of lines). My result was 429 processes. I then wanted to know how many of those processes are the httpd service so I added another pipe and another wc -l command. The end result was 10 of the running processes were the httpd service. If you look at the last line in the image, process 6078 is the grep search itself.
No comments:
Post a Comment