find command useful examples

Linux‎ > ‎

find command useful examples

Thank you for visiting this page, this page has been update in another link find command useful examples

find is a tool to search for files in a directory hierarchy, very easy to use but with a lot of options to chose. It also has some security considerations, let's start from simple first.

$find ./mtx-1.3.12 -name *.c -print
./mtx-1.3.12/scsi_freebsd.c
./mtx-1.3.12/mam2debug2.c
./mtx-1.3.12/vms/scsi.c
...
$find ./mtx-1.3.12 -name *.c -print0

./mtx-1.3.12/scsi_freebsd.c./mtx-1.3.12/mam2debug2.c./mtx-1.3.12/vms/scsi.c./mtx-1.3.12/vms/ldrset.c./mtx-1.3.12/mtx-inventory.c./mtx-1.3.12/scsi_hpux.c./mtx-1.3.12/scsi_linux.c./mtx-1.3.12/nsmhack.c./mtx-1.3.12/scsieject.c./mtx-1.3.12/sg_err.c./mtx-1.3.12/mtxl-driveinfo.c./mtx-1.3.12/mtx-driveinfo.c./mtx-1.3.12/mtxl-inventory.c./mtx-1.3.12/tapeinfo.c./mtx-1.3.12/scsi_sgi.c./mtx-1.3.12/scsi_win32.c./mtx-1.3.12/du/scsi.c./mtx-1.3.12/mtxl.c./mtx-1.3.12/mtx.c./mtx-1.3.12/scsi_aix.c./mtx-1.3.12/mam2debug.c./mtx-1.3.12/scsi_sun.c./mtx-1.3.12/scsitape.c./mtx-1.3.12/loaderinfo.c[Thu Oct 10 12:31:22 simon@xldesk:~/tape]$

-print is a default behaviour of find, unless -print0 is used, which is often used in more securier environment, particularly if action options are involved, will mention it later.

-print0

              True; print the full file name on the standard output, followed by a null character (instead  of  the  newline  character  that

-print  uses).   This allows file names that contain newlines or other types of white space to be correctly interpreted by pro

grams that process the find output. This option corresponds to the -0 option of xargs.

Another thing need to mention is that treatment of symbolic, good part is that find will not follow symbolic links in default behaviour, which is much safer, if you do want, see the following options description

The -H, -L and -P options control the treatment of symbolic links.

       -P     Never  follow symbolic links.  This is the default behaviour.  When find examines or prints information a file, and the file is

a symbolic link, the information used shall be taken from the properties of the symbolic link itself.

       -L     Follow symbolic links.  When find examines or prints information about files, the information used  shall  be  taken  from  the

properties  of  the  file  to  which  the link points, not from the link itself (unless it is a broken symbolic link or find is

 unable to examine the file to which the link points).  Use of this option implies -noleaf.  If you later  use  the  -P  option,

-noleaf  will  still  be in effect.  If -L is in effect and find discovers a symbolic link to a subdirectory during its search,

the subdirectory pointed to by the symbolic link will be searched.

              When the -L option is in effect, the -type predicate will always match against the type of the file that a symbolic link points

 to  rather than the link itself (unless the symbolic link is broken).  Using -L causes the -lname and -ilname predicates always

to return false.

       -H     Do not follow symbolic links, except while processing the command line arguments.  When find  examines  or  prints  information

 about  files, the information used shall be taken from the properties of the symbolic link itself.   The only exception to this

 behaviour is when a file specified on the command line is a symbolic link, and the link can be resolved.  For  that  situation,

the information used is taken from whatever the link points to (that is, the link is followed).  The information about the link

itself is used as a fallback if the file pointed to by the symbolic link cannot be examined.  If -H is in effect and one of the

paths  specified on the command line is a symbolic link to a directory, the contents of that directory will be examined (though

of course -maxdepth 0 would prevent this).

The following 5 searching options are useful when you want to start advanced way.

-maxdepth levels

              Descend at most levels (a non-negative integer) levels of directories below the command line arguments.  -maxdepth 0

means only apply the tests and actions to the command line arguments.

-mindepth levels

              Do  not  apply  any  tests or actions at levels less than levels (a non-negative integer).  -mindepth 1 means process all files

except the command line arguments.
-regextype type

              Changes the regular expression syntax understood by -regex and -iregex tests which occur later on the command line.  Currently

implemented types are emacs (this is the default), posix-awk, posix-basic, posix-egrep and posix-extended.
       -daystart
              Measure times (for -amin, -atime, -cmin, -ctime, -mmin, and -mtime) from the beginning of today rather than from 24 hours  ago.
              This option only affects tests which appear later on the command line.

       -depth Process each directory's contents before the directory itself.  The -delete action also implies depth.
       or -d option in A synonym for -depth, for compatibility with FreeBSD, NetBSD, MacOS X and OpenBSD.

TEST options:

$find ./mtx-1.3.12 -newer ./mtx-1.3.12/mtx.c -type f -name *.c
./mtx-1.3.12/mtx-inventory.c
./mtx-1.3.12/mtx-driveinfo.c
./mtx-1.3.12/mtxl-inventory.c

Check files access in last 2 minutes, cmin or mmin can be used in the same way

$find ./mtx-1.3.12/ -amin +0 -amin -2
./mtx-1.3.12/
./mtx-1.3.12/mtx-inventory.c
./mtx-1.3.12/mtx-driveinfo.c

Measure times from the beginning of today rather than from 24 hours ago. So, to list the regular files in your home directory that were modified yesterday, do

find ~/ -daystart -type f -mtime 1
.. .recently-used.xbel
...config/gtk-2.0/gtkfilechooser.ini
...Desktop/dpool15_problematic_10g_driver_net.gif
...

/.mozilla/firefox/8k9rp8rr.default/thumbnails/773b78aca8ef5ccebde6051a9b65fb88.png
...

Of course you can easily use atime, ctime in a same way.

Here is some interesting about option -newerXY

-newerXY reference

              Compares  the  timestamp of the current file with reference.  The reference argument is normally the name of a file (and one of

its timestamps is used for the comparison) but it may also be a string describing an absolute time.  X and Y  are  placeholders

for other letters, and these letters select which time belonging to how reference is used for the comparison.

              a   The access time of the file reference
              B   The birth time of the file reference
              c   The inode status change time of reference
              m   The modification time of the file reference
              t   reference is interpreted directly as a time

              Some combinations are invalid; for example, it is invalid for X to be t.  Some combinations are not implemented on all systems;

for example B is not supported on all systems.  If an invalid or unsupported combination of XY  is  specified,  a fatal  error

 results.   Time  specifications  are interpreted as for the argument to the -d option of GNU date.  If you try to use the birth

 time of a reference file, and the birth time cannot be determined, a fatal error message results.  If you specify a test  which

refers to the birth time of files being examined, this test will fail for any files where the birth time is unknown.

There are two ways to list files in /usr modified after February 1 of the current year. One uses ‘-newermt’:

     find /usr -newermt "Feb 1"

The other way of doing this works on the versions of find before 4.3.3:

     touch -t 02010000 /tmp/stamp$$
     find /usr -newer /tmp/stamp$$
     rm -f /tmp/stamp$$

-type, -size, -fstype, example is to find /usr directory, filesystem=ext4, filetype is file, 20MB > filesize >10MB

$ find /usr/ -type f -fstype ext4 -size +10M -size -20M
/usr/lib/vmware/tools-upgraders/vmware-tools-upgrader-64
/usr/lib/vmware/bin/vmware-vmx-debug
/usr/lib/vmware/bin/vmware-vmx-stats
/usr/lib/vmware/bin/vmware-vmx

...

Some other options, easy to tell what they are going to do

# find / -perm /u=r
# find / -type d -perm 777
# find / -type d ! -perm 777
# find / -perm 2644

Action options:

As long as you know how to search files, action option is just actions to the file list you searched. But, have to mention it again, most security consideration come from here, I suggest you read the link below first before you put action options into your high security environment.Here is what find manual says

       If  you  are  using find in an environment where security is important (for example if you are using it to search directories that are

 writable by other users), you should read the "Security Considerations" chapter of the findutils documentation, which is called  Find

ing  Files  and comes with findutils.   That document also includes a lot more detail and discussion than this manual page, so you may

find it a more useful source of information.
Link: http://www.gnu.org/software/findutils/manual/html_mono/find.html#Security-Considerations

Find files named core in or below the directory /tmp and delete them. Note that this will work incorrectly if there are any filenames containing newlines or spaces.

find /tmp -name core -type f -print | xargs /bin/rm -f

Find files named core in or below the directory /tmp and delete them, processing filenames in such a way that file or directory names containing spaces or newlines are correctly handled.

find /tmp -name core -type f -print0 | xargs -0 /bin/rm -f

Find files named core in or below the directory /tmp and delete them, but more efficiently than in the previous example (because we avoid the need to use fork(2) and exec(2) to launch rm and we don't need the extra xargs process).

find /tmp -depth -name core -type f -delete

With -exec option, the command is executed in the starting directory. There are unavoidable security problems surrounding use of the -exec action; you should use the -execdir option instead.

-execdir command {} +

              Like  -exec,  but  the  specified  command  is run from the subdirectory containing the matched file, which is not normally the

 directory in which you started find.  This a much more secure method for invoking commands, as it avoids race conditions during

resolution  of the paths to the matched files.  As with the -exec action, the ‘+’ form of -execdir will build a command line to

 process more than one matched file, but any given invocation of command will only list files that exist in the  same  subdirec

tory. If you  use  this  option,  you must ensure that your $PATH environment variable does not reference ‘.’; otherwise, an

 attacker can run any commands they like by leaving an appropriately-named file in a directory in which you will  run  -execdir.

              The same applies to having entries in $PATH which are empty or which are not absolute directory names.

For example, to compare each c file in different directories:

mtx-1.2.18rel]$find . -type f -name '*.c' -execdir diff -q '{}' ../mtx-1.3.12/ ';'
Files ./scsi_freebsd.c and ../mtx-1.3.12/scsi_freebsd.c differ

Files ./mam2debug2.c and ../mtx-1.3.12/mam2debug2.c differ
...

Some other types of usecase.
See this

find bills -type f -execdir sort -o '{}.sorted' '{}' ';'


It's equivelent with the one


find bills -type f | xargs -I XX sort -o XX.sorted XX

But, the second one has a potential issue is that when you use the ‘-I’ option, each line read from the input is buffered internally. This means that there is an upper limit on the length of input line that xargs will accept when used with the ‘-I’ option. To work around this limitation, you can use the ‘-s’ option to increase the amount of buffer space that xargs uses, and you can also use an extra invocation of xargs to ensure that very long lines do not occur.

I introduced xargs in another article https://sites.google.com/site/itmyshare/linux-shell-and-others/control-and-run-multiple-processes-in-bash

Here is another way for it, you can borrow from it.

find ./x* -print0 | xargs -0 -n 1 -P 5 bzip2

or

for i in `seq 1 100` | xargs -n 1 -P 5 mytask

where, -n controls number of parameters to be processes

-P controls how many CPU/processes to run in parallel

Comments