• Get application security done the right way! Detect, Protect, Monitor, Accelerate, and more…
  • One of the basic file system administration tasks involves creating, modifying, and deleting different types of files and directories. Knowing some basic tools and concepts for file deletion comes in handy and can save you time.

    Linux offers several tools that can help us accomplish file removal tasks. Often we need to remove not just a single, but a bunch of files and directories, based on some criteria. It is helpful to know a few common commands and their combinations to get our task done easily.

    • Use the below commands with caution especially the ones which use regular expressions or some search patterns with the find command. An incorrect expression or pattern may delete essential data/system files or simply non-intended files.
    • Always secure the latest backup of important data and system files.
    • Take caution before running such commands especially when running it with Sudo or as superuser (root).

    Remove using unlink

    Not so popular. To remove a single file permanently, we can use unlink command.

    $ unlink {file-name}

    Remove single file

    There’s a more commonly used command for removing files, i.e., rm command, which supports removing one or more files simultaneously.

    $ rm {file-name}

    rm prompts you to confirm file deletion for files that are write-protected else it proceeds to directly remove the file. To make rm always prompt before deleting a file, use -i flag:

    $ rm -i {file-name}

    rm command deletes without displaying any messages on the screen. To list what rm command is actually doing, use rm with -v flag.

    $ rm -v {file-name}

    To remove write-protected files without prompting for confirmation, use -f flag.

    $ rm -f {file-name}

    Remove multiple files

    Multiple files can be removed by specifying multiple filenames to rm as arguments.

    $ rm {file-name-1} {file-name-2} {file-name-3} ... {file-name-N}

    rm also supports regular expressions. If you want to delete all files named file-name-*, you can use:

    $ rm file-name-*

    We can also specify multiple files using regular expressions. If we want to delete three files that match file-name-1, file-name-2 and file-name-3, we can use something like:

    $ rm file-name-[123]

    Remove directory

    An empty directory can be deleted using rm command with -d option.

    $ rm -d {dir-name}

    Options supported for file removal can also be combined with directory removal using -d flag as well. For example:

    $ rm -idv {dir-name}

    To delete a directory that is non-empty use -r flag.

    $ rm -r {dir-name}

    If you don’t want any prompts before deleting the directory and its contents, use -rf flag. This WILL delete everything inside the directory including the directory itself without any confirmation. Do use caution while using it especially as root.

    $ rm -rf {dir-name}

    Find and remove files

    For more complex requirements, we can use the find command with different options. To remove all files matching pattern {pattern} inside a path given by {dir-to-search}

    $ find {dir-to-search} -type f -name {pattern} -exec rm -f {} \;


    $ find /var/tmp -type f -name "*.tmp" -exec rm -f {} \;

    If we want to remove anything that matches a pattern {pattern} including directories inside {dir-to-search}, we can slightly modify the above command as:

    $ find {dir-to-search} -name {pattern} -exec rm -rf {} \;

    Modern versions of the find command support the delete function internally. Here -delete flag replaces rm command while -depth instructs find command to first process the contents of the directory before the directory itself :

    $ find {dir-to-search} -type f -name {file-name-pattern} -depth -delete

    The above example is more efficient when working with a large number of files as it doesn’t spawn a new external process for rm command for each matched file. But not all versions of find command (yet) may support -delete flag. As an alternate, we have the option to use xargs command with find as shown in the next example below:

    $ find {dir-to-search} -type f -name {pattern} -print0 | xargs -0 rm

    Or use exec command’s + terminator to chain together everything found by find command like xargs:

    $ find {dir-to-search} -name {pattern} -exec rm -rf {} +

    By default, the find command uses -print flag which we usually skip writing. With xargs, we need to avoid new-line character between each filename. As such -print0 flag instructs find to print null character after every found filename.

    Similarly, we specify -0 flag with xargs so that both commands couple up. rm command here deletes the file passed on to by piped find input. For example, the below command will search and remove all *.tmp files from the current user’s home directory (given by ~ symbol).

    $ find ~ -name "*.tmp" -print0 | xargs -0 rm

    find command offers several ways to search files and directories including ownership, permission, timestamp, etc. We’ll be covering a few such ways that can help us in specific file removal tasks.

    Find and remove files by a user

    To delete everything inside a given directory owned by a specific user, use:

    $ find {dir-to-search} -mindepth 1 -user {user-name} -delete

    In the above example, -mindepth flag with value 1 prevents the directory given by {dir-to-search} from deletion if it matches the find pattern and criteria. Or to delete everything inside a given directory belonging to a particular group, use:

    $ find {dir-to-search} -mindepth 1 -group {group-name} -delete

    If you do not want to traverse the sub-directories under the search path, you also have the option to use -maxdepth with appropriate directory depth value.

    Here’s an example run:

    $ find tempdir/ -mindepth 1 -maxdepth 1 -user abhisheknair -group abhisheknair -delete

    If you want to specify user-id and group-id instead, you can try something like:

    $ find {dir-to-search} -mindepth 1 -uid {user-id} -gid {group-id} -delete

    Find and remove empty directories

    To delete all empty directories inside a given path {dir-to-search}, you can use:

    $ find {dir-to-search} -type d -empty -delete

    Instead, to delete all empty files inside a given path {dir-to-search}, use:

    $ find {dir-to-search} -type f -empty -delete

    Find and remove files older than X

    Sometimes, you may need to delete files older than x days. find has options to read file’s creation (ctime), access (atime) and modification (mtime) times. We can use mtime option with find to find and delete files modified more than x days ago.

    $ find {dir-to-search} -type f -mtime +{X} -delete

    For instance, to delete all files with extension log inside /var/tmp with a modification time of 30 days ago or more, we can use:

    $ find /var/tmp -name "*.log" -type f -mtime +30 -delete

    Find and remove files by permission

    Now, we can also delete files based on some specific permission, like:

    $ find {dir-to-search} -name {pattern} -perm {NNN} -delete


    $ find /var/tmp -name "temp*" -perm 755 -delete

    Or if we want to use a symbolic form for permission, use:

    $ find {dir-to-search} -name {pattern} -perm u={rwx},g={rwx},o={rwx} -delete


    $ find /var/tmp -name "temp*" -perm u=rwx,g=rw,o=rw -delete

    Summing Up

    Linux offers unlink, rm and rmdir commands that are simple and can be easily extended with the use of regular expressions. For more advanced needs, you have the option to use a combination of tools like find and xargs to achieve what you need. Other than the examples in this article, you’ve got the option to use find with any of its available flags to customize your search. Refer man pages for respective commands to learn more about them.

    Always run find commands without rm or -delete flag and analyze its output to know which files or directories will be impacted by the execution of an actual command. Having proper backup configuration and policy helps not only in case of accidental deletions but also in cases of hardware failures and cyber-attacks.