• Get application security done the right way! Detect, Protect, Monitor, Accelerate, and more…
  • In its basic form, find is easy.  At the same time, it can be complex with the number of options, tests, and actions available.

    The find command is an incredibly powerful tool, and putting effort into learning it can be rewarding. It will help you in performing various system administration tasks efficiently, like disk space management, recursive file operations, and backups.

    Linux find command searches for files and folders based on the criteria you define and allows you to perform an action on the search results. The syntax of find is like this:

    $ find directory-to-search criteria action

    where

    • directory-to-search is the starting point from where find starts looking for files. The search includes all subdirectories under this directory.
    • criteria (test) tells which files to search for
    • action tells what to do with each file found matching the criteria.

    Tests

    Search by name

    Here is a simple example. The following command searches for the file a.txt in the current directory:

    $ find . -name "a.txt"
    ./a.txt

    Where

    • . refers to the current directory
    • -name test specifies the criteria to be matched

    This search with -name test is case-sensitive and would ignore file A.txt. To ensure that your search is case-insensitive use -iname test:

    $ find . -iname "a.txt"
    ./a.txt
    ./A.txt

    To search for all .jpg image files in the current directory, use the wildcard pattern *.jpg:

    $ find . -name "*.jpg"
    ./genxfacebook2.jpg
    ./genxfacebook1.jpg
    ./Moodle2.jpg
    ./moodle.jpg
    ./moodle/moodle1.jpg
    ./genxfacebook.jpg

    You can use the directory name in which to search. For example, to search for all .jpg images in /home directory:

    $ find /home -name "*.jpg"
    find: `/home/ubuntu/.ssh': Permission denied
    /home/vagrant/Moodle2.jpg
    /home/vagrant/moodle.jpg
    /home/me/hello.jpg
    find: `/home/me/testfiles': Permission denied
    find: `/home/me/data': Permission denied
    /home/me/water.jpg
    find: `/home/me/.cache': Permission denied

    If you see too many permissions denied errors, you can add 2>/dev/null at the end of the command. This redirects error messages to /dev/null device, and gives a cleaner output:

    find /home -name "*.jpg" 2>/dev/null
    /home/vagrant/Moodle2.jpg
    /home/vagrant/moodle.jpg
    /home/me/hello.jpg
    /home/me/water.jpg

    Search by file type

    Using the -type test you can search files by type. File types can be:

    f plain files
    d directories
    l symbolic links
    b block devices
    c character devices
    p named pipes
    s sockets

    For example, using the test -type d will list only directories:

    $ find . -type d
    .
    ./.ssh
    ./.cache
    ./moodle

    Search by file size

    You may need to search for large files and delete them. In the following example, the test -size is followed by the string +1G. This would search for all files larger than 1 GB.

    $ find . -size +1G 
    ./Microsoft_Office_16.29.19090802_Installer.pkg
    ./android-studio-ide-183.5692245-mac.dmg

    The + sign means search files larger than the following number. A minus symbol (-) can be used to indicate smaller than. Using no sign would mean match size exactly.

    The number is followed by the file size unit. Units can be:

    Character Fine size unit
    b 521 bye blocks
    c Bytes
    k Kilobytes
    M Megabytes
    G Gigabytes

    Search empty directories and files

    Use -empty test to find empty directories and files like this:

    $ find . -empty
    ./.cloud-locale-test.skip
    ./datafiles
    ./b.txt
    ...
    ./.cache/motd.legal-displayed

    Search by file modification time

    You can search for all files and directories based on create or modification time with -cmin test. To search for all files modified in the last 60 minutes (less than 60) use -60 like this:

    $ find . -cmin -60
    .
    ./a.txt
    ./datafiles

    For files modified anytime prior to the last 60 minutes, use +60.

    Search by access time

    You can search for files by last access time, with -atime test. For example, the following command searches for files not accessed in the last 180 days:

    $ find . -atime +180

    These could be moved to a backup device if disk space is running short.

    Search by user name

    With -user username test you can search all files and directories belonging to a user. For example, the following command searches for all files and directories owned by user ubuntu in /home directory:

    $ find /home -user ubuntu 2>/dev/null
    /home/ubuntu
    /home/ubuntu/.bash_logout
    /home/ubuntu/.bashrc
    /home/ubuntu/.ssh
    /home/ubuntu/.profile

    Search by mode

    Wish to search files set to a specific mode, that is, have a specific set of permissions? Use -perm test. The following example searches for files with permissions set to 777:

    $ find /home -perm 777

    Operators

    You can use the following three logical operators to combine multiple tests in a single find command:

    • -and
    • -or
    • -not

    For example, the following command searches for files larger than 100MB owned by user me:

    $ find /home  -user me  -and  -size +100M  2>/dev/null
    /home/me/kali-linux-2020.3-installer-netinst-i386.iso

    The following command looks for files larger than 100MB owned by user me or by user vagrant:

    $ find /home \( -user vagrant -or -user me \)  -and  -size +100M  2>/dev/null
    /home/vagrant/LibreOffice_7.0.1_Linux_x86-64_deb.tar.gz
    /home/me/kali-linux-2020.3-installer-netinst-i386.iso

    You need to place a backslash character in front of the parentheses so as to prevent the shell from trying to interpret them.

    Actions

    find gives you the search results and then the choice to perform an action on them. Here are some predefined actions:

    Action Description
    -delete Deletes files which match the search criteria
    -ls Shows a detailed ls output with file sizes and inode count
    -print Shows the full pathname of the matching files. It’s the default action if no other action is specified
    -exec Executes the command which follows, on each line of the search output

    So, if you wish to search for all empty files and delete them, this is how you can do it:

    $ find . -empty -delete

    Caution: Before you use the delete action it is always safe to run the command once with -print action and confirm the results.

    The -exec action is special. It allows you to execute a command of your choice on the search results.  It’s like this:

    -exec command {} \;

    Here

    • command is the command you want to execute on the search results, like rm, mv or cp.
    • {} represents the search results.
    • The command ends with a semicolon escaped with a backslash.

    So, the command to search and delete all empty files can be written like this:

    $ find . -empty -exec rm {} \;

    Here is another example using -exec action. The following command copies all .png image files to backup/images directory:

    $ find . -name "*.png" -exec cp {} /backups/images \;

    Conclusion

    You can use the Linux find command to search for files based on name, last access date, last modification date, user(owner) name, group name, size, permissions, and various other criteria. With these search results, you can perform actions on them like deleting, copying, or moving them to a different location.

    Once you master the find command, it can be of great help and can simplify system administration tasks for you. And the key to mastering it is practicing it and using it!