Summary of the command to find files under Linux system, this is awesome!

The way to find the absolute path of a command is to use the which command. The which command has a very convenient function, it can find the path of a given command in the PATH parameter of the environment variable. By using the which command, we can easily obtain the full path information of a command. This is useful for scripts and programs that need to execute specific commands. So, using which command, we can easily find and display the absolute path of a given command.

[root@localhost ~]# which bash
/usr/bin/bash

[root@localhost ~]# which ls
alias ls='ls --color=auto'
    /usr/bin/ls

Find specific files:

The whereis command is used to locate the path of the instruction's binary program, source code file, man manual page and other related files. This command can only be used to search for program names

[root@localhost ~]# whereis --help

语法格式：[ whereis [选项] 文件名 ]

        -b              #只找二进制文件
        -m              #只找man文档
        -s              #只找源代码

Use the whereis -b command to find binary files and help manuals.

[root@localhost ~]# whereis -b ifconfig
ifconfig: /usr/sbin/ifconfig

[root@localhost ~]# whereis -m ifconfig
ifconfig: /usr/share/man/man8/ifconfig.8.gz

Cache lookup file:

locate searches a database /var/lib/mlocatedb. This database contains all local file information. The Linux system automatically creates this database and automatically updates it once a day. Therefore, the latest changed files cannot be found using the locate command. In order To avoid this situation, you can use the updatedb command to manually update the database before using locate. The updatedb command will update the file according to /etc/updatedb.conf.

[root@localhost ~]# yum install -y mlocate
[root@localhost ~]# locate --help

语法格式：[ locate [选项] 文件名 ]

        -d 目录        #指定数据库所在的目录
        -i             #忽略大小写差异
        -r             #后面接正则表达式

Use the locate command to query a file.

[root@localhost ~]# updatedb 
[root@localhost ~]# locate /etc/passwd
/etc/passwd
/etc/passwd-

Traverse files to find:

The find command can be said to be the most important search command. This command has many parameters.

[root@localhost ~]# find --help

语法格式：[ find [目录] [属性] 文件名 ]

        -name         #按文件名查找
        -size         #根据大小查找
        -user         #根据属主查找
        -perm         #根据权限查找
        -type         #根据类型查找
        -time         #按时间查找
        -inum         #根据i节点查询
        -exec         #查找后执行命令

-name Search by file name:

Common query wildcards

\*     #匹配任意一个或多个字符
？     #匹配任意一个字符
[]     #指定范围,外侧加引号

Search for files ending with .log in the /var/ directory.

[root@localhost ~]# find /var/ -name "*.log"
/var/log/tuned/tuned.log
/var/log/audit/audit.log
/var/log/anaconda/X.log
/var/log/anaconda/program.log
....省略....

Look for files in the /root/ directory that start with [1-3] and end with .txt

[root@localhost ~]# ls
1.txt  2.txt  3.txt  Catalog  File

[root@localhost ~]# find /root/ -name "[1-3].txt"
/root/1.txt
/root/2.txt
/root/3.txt

Search for files in the /etc/ directory that begin with 6 arbitrary characters

[root@localhost ~]# find /etc/ -name "??????"
/etc/grub.d
/etc/grub.d/README
/etc/shells
/etc/init.d
....省略....

-size Search based on size

单位是 block 数据块  一块是512字节
1M -> 1024k -> 2048 块  (1块是0.5k 也就是512字节)
100M -> 102400k -> 204800块

Find files less than 10k in the /etc/ directory

root@localhost ~]# find /etc/ -size -10k
/etc/crypttab
/etc/.pwd.lock
/etc/environment
....省略....

Search for files larger than 1M in the /etc/ directory

[root@localhost ~]# find /etc/ -size +1M   #查询大于1M的文件
/etc/udev/hwdb.bin
/etc/selinux/targeted/active/policy.kern
/etc/selinux/targeted/contexts/files/file_contexts.bin
/etc/selinux/targeted/policy/policy.31
....省略....

#注意：+-号如果没有,是精确到这么大,通常都会带上+或-号表示一个范围.

-user search based on owner and permissions

Look for files belonging to the wang user in the /root directory

[root@localhost ~]# find /root/ -user wang
/root/1.txt
/root/2.txt
/root/3.txt
#注意：系统中要存在该用户,否则会报错误.

Find files with permission 644 in the /boot/ directory

[root@localhost ~]# find /boot/ -perm 0644
/boot/grub2/device.map
/boot/grub2/i386-pc/gcry_rmd160.mod
/boot/grub2/i386-pc/acpi.mod
/boot/grub2/i386-pc/gcry_rsa.mod
....省略....

-type Search by type

-type f 二进制文件（普通文件）
-type l 软链接文件
-type d 目录

Look for the /usr/bin/ directory, the type is binary file.

[root@localhost ~]# find /usr/bin/ -type f
/usr/bin/cp
/usr/bin/gzip
/usr/bin/alias
/usr/bin/csplit
/usr/bin/bash
....省略....

-time Search by time

按天数   ctime  atime  mtime
按分钟   cmin   amin     mmin

  c  change   #表示属性被修改过：所有者、所属组、权限
  a  access   #被访问过(被查看过)
  m  modify   #表示内容被修改过

Search for files in the /etc/ directory whose contents have been modified within 120 minutes

[root@localhost ~]# find /etc/ -mmin -120
/etc/
/etc/resolv.conf
/etc/group-
/etc/gshadow-
/etc/group
/etc/gshadow
....省略....

Look for files in the /etc/ directory whose attributes were modified 7 days ago

[root@localhost ~]# find /etc/ -ctime +7
/etc/resolv.conf
/etc/group-
/etc/gshadow-
....省略....

-inum Query based on i node

There are a lot of hard links to some files with the same i-node. Find the i-node number of one of the files and delete it at once.

[root@localhost ~]# find ./ -inum 1024 -exec rm{} \;   #删除相同I节点的数据

-and or logical connector

-a    （and 逻辑与）     
-o    （or  逻辑或)

In the /etc/ directory, search for files larger than 1k and smaller than 10k

[root@localhost ~]# find /etc/ -size +1k -a -size -10k
/etc/
/etc/grub.d/00_header
/etc/grub.d/20_ppc_terminfo
/etc/grub.d/00_tuned
/etc/rc.d/init.d/README
/etc/rc.d/init.d/netconsole
/etc/rc.d/init.d/network
/etc/pam.d
....省略....

-exec command execution connector

[查询格式] find  ...  -exec 命令 {}  \;

{}        #表示find查询的结果集
\         #是转义符,不使用命令别名,直接使用命令本身
;         #分号是表示语句的结束.

#注意：固定格式,只能这样写.注意中间的空格.
（公众号：网络工程师阿龙）-----------------------------------------------------------------
说明： 转义符的作用是什么？

在linux中有一个别名机制，如rm删除文件，执行的却是rm -i(用which rm 可以查看命令别名)，
使用rm删除文件前会提示，就是因为rm -i这个参数。如果想使用命令原意，可以在加\转义，
如：\rm test.txt   则不会提示，直接删除

Look for files in the /var/log/ directory with names ending in .log. After finding them, execute ls -l to display detailed information.

[root@localhost ~]# find /var/log/ *.log -exec ls -l {} \;
total 1176
drwxr-xr-x. 2 root   root      204 Sep 18 09:12 anaconda
drwx------. 2 root   root       23 Sep 18 09:12 audit
-rw-------. 1 root   root    53001 Sep 19 00:57 boot.log
-rw-------. 1 root   utmp      384 Sep 18 09:22 btmp
drwxr-xr-x. 2 chrony chrony      6 Apr 12 13:37 chrony
-rw-------. 1 root   root     3523 Sep 19 01:01 cron
-rw-r--r--  1 root   root   119414 Sep 19 00:57 dmesg
-rw-r--r--  1 root   root   119599 Sep 18 23:35 dmesg.old
-rw-r--r--. 1 root   root     1320 Sep 19 00:23 firewalld
-rw-r--r--. 1 root   root      193 Sep 18 09:05 grubby_prune_debug
....

Look for files whose names start with "init*" in the /etc/ directory. After finding them, only list the files, filter out the directories, and execute ls -l to display detailed information.

[root@localhost ~]# find /etc/ -name "init*" -a -type f -exec ls -l {} \;

-rw-r--r--. 1 root root 511 Apr 11 01:09 /etc/inittab
-rw-r--r--. 1 root root 798 Apr 11 01:09 /etc/sysconfig/init
-rwxr-xr-x. 1 root root 5419 Jan  2  2018 /etc/sysconfig/network-scripts/init.ipv6-global
-rw-r--r--. 1 root root 30 Apr 11 14:12 /etc/selinux/targeted/contexts/initrc_context

Look for the yum.log file under /tmp/ and delete it directly after finding it.

[root@localhost tmp]# find /tmp/ -name yum.log -exec rm {} \;
[root@localhost tmp]#

Search under the root, look for all files about the lyshark user, and delete them directly after finding them.

[root@localhost ~]# find / -user lyshark -exec rm -r {} \;

find: ‘/proc/1465/task/1465/fd/6’: No such file or directory
find: ‘/proc/1465/task/1465/fdinfo/6’: No such file or directory
find: ‘/proc/1465/fd/5’: No such file or directory
find: ‘/proc/1465/fdinfo/5’: No such file or directory
find: ‘/root/Catalog’: No such file or directory
find: ‘/home/lyshark’: No such file or directory
#rm -r 连带目录一起删除.报错原因：-exec 不适合大量传输,速率慢导致.

Under the root, search for the lyshark user's files and delete them after finding them. You will be prompted whether to delete them before deleting them.

[root@localhost ~]# find / -user lyshark -ok rm -r {} \;
find: ‘/proc/1777/task/1777/fd/6’: No such file or directory
find: ‘/proc/1777/task/1777/fdinfo/6’: No such file or directory

 ? y
# -ok的使用和-exec是一样的,区别是-ok,执行时会提示你是否进行下一步操作.

The above is the detailed content of Summary of the command to find files under Linux system, this is awesome!. For more information, please follow other related articles on the PHP Chinese website!