How to use find is a very basic, but important, UNIX lesson. Find is a very useful command which can help us not just finding a particular file, but for examples files or directories matching certain criteria such as: size, permissions, type.
The basic mode of operation for find is the following:
find path criteria action
find –> we use ‘find’ to invoke the command
path –> this is the directory/ies where we want to perform our search
criteria –> this can consist of different values, such as permissions, size, filename contains or type.
action –> this is a complement to indicate find what to do with the output, for example listing it, removing, etc.
If you find the articles in Adminbyaccident.com useful to you, please consider making a donation.
Use this link to get $200 credit at DigitalOcean and support Adminbyaccident.com costs.
Get $100 credit for free at Vultr using this link and support Adminbyaccident.com costs.
Mind Vultr supports FreeBSD on their VPS offer.
Summary
In this quick how to use find guide, we will go through a few examples. We will look for files or directories with certain string in their name, for its type as for they are either files or directories. We’ll also look for files bigger, smaller or within a given size, but we’ll also look for files with specific permissions as well.
Example 1.- How to look for a specific file we know its name.
Let’s imagine we are looking for a file called HenryRollins.mp3. We want to share this file for some reason, but we totally forgot where its location is. This is how to look for it.
[albert@centos7 ~]$ sudo find / -type f -name HenryRollins.mp3
/home/albert/Music/HenryRollins.mp3
[albert@centos7 ~]$
The find command has looked throughout the whole filesystem looking for a filetype named HenryRollins.mp3.
find --> this is the command to invoke the action
/ --> this indicates where to look, in this case the whole filesystem
-type --> this is indicating what type of thing we are looking for
f --> after the ‘-type’ this indicates find will have to look for a file
-name --> this tells find to look for a very specific string, the name of the file
This is the same for FreeBSD, as you can see in the example below.
[albert@freebsd-13 ~]$ sudo find / -type f -name RivalSons.mp3
/usr/home/albert/Music/RivalSons.mp3
[albert@freebsd-13 ~]$
In this first contact, we can already see how useful learning how to use find is.
Example 2.- How to look for a specific file we don’t know its name but know its type.
Let’s imagine in this case we are system administrators, and we know our users are storing many different types of files. Management has decided music files are forbidden to be stored. We know we need to remove music files but we have no clue about their names or location in the system. Let’s use find to solve that.
Because we know many music related files inside computers are using the .mp3 format, we can leverage that information in order to find those music files, since all of them will have that extension at the end of the filename.
[albert@centos7 ~]$ sudo find / -type f -name "*mp3"
/home/albert/Music/TheStooges.mp3
/home/albert/Music/TheCadillacThree.mp3
/home/albert/Music/RivalSons.mp3
/home/albert/Music/HenryRollins.mp3
[albert@centos7 ~]$
Ok, we have found a few music files in this system. But upper management wants these removed. What can be one? We can use find for this too.
[albert@centos7 ~]$ sudo find / -type f -name "*mp3" -exec rm -i {} \;
rm: ¿borrar el fichero regular vacío «/home/albert/Music/TheStooges.mp3»? (s/n) s
[albert@centos7 ~]$
As it can be seen above we will be asked permission for the removal of every file. This can be fine but given the volumes we can encounter ourselves with it may be more useful not to be asked for confirmation. Here’s how:
[albert@centos7 ~]$ sudo find / -type f -name "*mp3" -exec rm -f {} \;
[albert@centos7 ~]$
There are no files with the mp3 extension on the system after using the just above command.
Instead of looking for music files you may want to chase other types such as video, since they are usually bigger in size. In that case one can use different extensions such as .avi or .mpeg.
Example 3.- Looking for files bigger or smaller than a given size.
Let’s imagine we are running out of space in a given system. The root cause of this issue may be related to several things. If the system is a personal, one we may have way too many information for that system’s disk to hold it. But on an educational or enterprise setup users may be uploading big files not related to music or videos. There’s the chance log rotation has failed for some reason and log files are filling up the system. Whatever the reason is, the find command can help us out finding files of a given size, bigger or smaller too.
To find files bigger than 200 megabyes:
[albert@centos7 ~]$ sudo find / -type f -size +200M
/proc/kcore
find: ‘/proc/22359/task/22359/fdinfo/5’: No existe el fichero o el directorio
find: ‘/proc/22359/fdinfo/6’: No existe el fichero o el directorio
/home/albert/log_files.txt
[albert@centos7 ~]$
For files smaller than 1 megabyte:
[albert@centos7 ~]$ sudo find / -type f -size -1M
/proc/fb
/proc/fs/xfs/xqm
/proc/fs/xfs/xqmstat
/proc/bus/pci/devices
/proc/bus/input/devices
/proc/bus/input/handlers
/proc/dma
/proc/irq/0/node
/proc/irq/0/spurious
…..
…..
[albert@centos7 ~]$
Another way to ask for size information is without a minus or plus and match the size.
Actions to remove files larger than a selected size can also be achieved, although you may want to be asked for a confirmation before deleting them.
[albert@centos7 ~]$ sudo find / -type f -size +200M -exec rm -i {} \;
rm: ¿borrar el fichero regular «/proc/kcore»? (s/n) n
find: ‘/proc/22622/task/22622/fdinfo/5’: No existe el fichero o el directorio
find: ‘/proc/22622/fdinfo/6’: No existe el fichero o el directorio
rm: ¿borrar el fichero regular «/home/albert/log_files.txt»? (s/n) n
[albert@centos7 ~]$
For the sake of evidence and confirmation the same commands and flags apply on FreeBSD.
[albert@freebsd-13 ~]$ sudo find / -type f -size +200M -exec rm -i {} \;
remove /usr/local/www/apache24/data/MediaWiki.ova? n
remove /usr/home/albert/MediaWiki.ova? n
remove /usr/home/albert/hts-cache/new.zip? n
remove /usr/home/albert/log_files.txt? n
[albert@freebsd-13 ~]$
Example 4.- Permissions check.
Let’s imagine we want to find out what users have messed up their permissions in their home folders. Or we have been fiddling in a configuration file and we can’t remember where it is located and what permissions we left it with. Find to the rescue, again.
In this example we will use the find command to look for directories with the sticky bit permission set up.
[albert@centos7 ~]$ sudo find / -type d -perm -1000 -ls
7103 0 drwxrwxrwt 2 root root 40 feb 12 11:48 /dev/mqueue
7177 0 drwxrwxrwt 2 root root 40 feb 12 11:48 /dev/shm
201326721 4 drwxrwxrwt 15 root root 4096 feb 12 12:44 /tmp
201512637 0 drwxrwxrwt 2 root root 6 dic 1 2016 /tmp/.ICE-unix
439427 0 drwxrwxrwt 2 root root 6 dic 1 2016 /tmp/.X11-unix
201512638 0 drwxrwxrwt 2 root root 6 dic 1 2016 /tmp/.Test-unix
439428 0 drwxrwxrwt 2 root root 6 dic 1 2016 /tmp/.font-unix
67468969 0 drwxrwxrwt 2 root root 6 dic 1 2016 /tmp/.XIM-unix
68225707 0 drwxrwxrwt 2 root root 6 feb 12 10:48 /tmp/systemd-private-0bfe0e1f3f944d4db7a257d68a6a90ad-chronyd.service-oWQrX1/tmp
134707392 0 drwxrwx--T 2 avahi-autoipd avahi-autoipd 6 abr 1 2020 /var/lib/avahi-autoipd
1426 0 drwxrwxrwt 3 root root 84 feb 12 11:49 /var/tmp
202974278 0 drwxrwxrwt 2 root root 6 feb 12 10:48 /var/tmp/systemd-private-0bfe0e1f3f944d4db7a257d68a6a90ad-chronyd.service-zkVMvz/tmp
67858639 0 drwsrwxrwt 2 root root 6 feb 4 10:03 /datos
[albert@centos7 ~]$
As it can be seen the sticky bit sign (a ‘t’ at the end of the permissions listing on each directory) is clearly seen in all the entries.
The same applies on FreeBSD:
[albert@freebsd-13 ~]$ sudo find / -type d -perm -1000 -ls
4 23 drwxrwxrwt 23 root wheel 23 Feb 13 03:25 /tmp
393355 1 drwxrwxrwt 2 root wheel 2 Dec 28 19:13 /tmp/.X11-unix
393356 1 drwxrwxrwt 2 root wheel 2 Dec 28 19:13 /tmp/.XIM-unix
393362 1 drwxrwxrwt 2 root wheel 2 Dec 28 19:13 /tmp/.font-unix
393361 1 drwxrwxrwt 2 root wheel 2 Dec 28 19:13 /tmp/.ICE-unix
15112 1 drwxrwxrwt 3 root wheel 3 Apr 9 2021 /var/tmp
15129 1 drwxrwxrwt 2 root wheel 3 Feb 7 19:24 /var/tmp/vi.recover
33141 1 drwxrwxrwt 2 root wheel 2 Aug 28 09:03 /run/cloud-init/tmp
[albert@freebsd-13 ~]$
So far we have been looking for directories, but we can also look for files, just by changing the -type from d for directory to f for file.
[albert@freebsd-13 ~]$ sudo find / -type f -perm -4000 -ls
66488 20 -r-sr-xr-- 2 root operator 15600 Aug 28 09:58 /sbin/shutdown
581044 82 -r-sr-xr-x 2 root wheel 63696 Dec 17 00:26 /sbin/ping6
581044 82 -r-sr-xr-x 2 root wheel 63696 Dec 17 00:26 /sbin/ping
65621 14 -r-sr-xr-- 1 root operator 11176 Aug 28 09:58 /sbin/mksnap_ffs
66488 20 -r-sr-xr-- 2 root operator 15600 Aug 28 09:58 /sbin/poweroff
209766 57 -r-sr-xr-x 1 root wheel 44136 Sep 4 00:06 /usr/local/sbin/fping
…….
…….
[albert@freebsd-13 ~]$
Conclusion
The find command can be very useful for any user. From finding a specific file, to specific permissions sets, through file sizes and other parameters. Hopefully, at this point you’ve seen the importance on learning how to use find.
If you find the articles in Adminbyaccident.com useful to you, please consider making a donation.
Use this link to get $200 credit at DigitalOcean and support Adminbyaccident.com costs.
Get $100 credit for free at Vultr using this link and support Adminbyaccident.com costs.
Mind Vultr supports FreeBSD on their VPS offer.