HB Computer Security | Aide Memoire
  • Introduction
  • Core Technical Skills
    • Core Skills
      • Linux
        • Getting to Know Linux
          • Using the Shell
            • Shells, Terminals, and Virtual Consoles
            • Choose your Shell
            • Shell Commands
              • Non-PATH Commands
              • Command History
                • Command Line Editing
                  • Keystrokes for Navigating Command Lines
                  • Keystrokes for Editing Command Lines
                  • Keystrokes for Cutting and Pasting Text from within Command Lines
                • Command Line Recall
                  • Keystrokes for Command Line Recall
              • Connecting and Expanding Commands
                • Piping Between Commands
                • Sequential Commands
                • Expanding Commands
            • Shell Variables
              • Common Shell Variables
            • Aliases
            • Create your Own Shell Environment
              • Modification Ideas
          • Navigating the Linux File System (LFS)
            • Filesystem Commands
            • Listing Files and Directories
            • File Permissions and Ownership
              • Modifying Permissions with chmod
              • Modifying Default Permissions with umask
              • Change File Ownership with chown
            • Copying, Moving, and Removing Files
            • Finding Files
              • locate
              • find
              • grep
            • Downloading Files
              • axel
              • wget
              • curl
                • User-Agent: Googlebot
          • Working with Text Files
            • Using vim and vi to Edit Text Files
              • Starting with vi
              • Adding Text
              • Moving Around in the Text
            • Text Manipulation
        • System Administration
          • Installing Linux
            • Installing from Live Media
            • Installing in the Enterprise
            • Partitioning Hard Disks
              • Tips for Creating Partitions
          • Account Administration
            • The root Account
              • Becoming root with su
              • sudo
                • The /etc/sudoers File
                • Granting sudo privileges
                  • visudo Guidance
                • Useful sudo Hints
            • Other Administrative Accounts
            • Standard User Accounts
              • Risks of userdel: Orphaned Files
          • Graphical Remote Administration
            • Cockpit
              • Installation Guide
            • Remote Desktop Protocol with xrdp
              • Installation and Configuration
            • Remote Desktop with vnc
              • Installation and Configuration
              • Running VNC as a System Service
          • Managing Running Processes
            • Listing Processes
              • ps
              • top
              • htop
            • Backgrounding and Foregrounding
              • Starting a Background Process
              • Using Foreground and Background Commands
            • Killing and Recining Processes
              • kill and killall
          • Managing Software
            • Managing Software from the Desktop
            • Going Beyond the Limitations of Software Center
              • Debian Packages
                • Advanced Package Tool (apt)
                • Repositories
                • dpkg
        • Shell Scripting
          • Variables
            • Command Substitution
            • Arguments
          • Reading User Input
          • if, else, and elif
          • BOOLEAN Logic
          • Loops
            • for Loops
            • while Loops
          • Functions
          • Local Vs Global Variables
          • Summary
        • Securing Linux
      • Windows
        • Security Hardening
Powered by GitBook
On this page
  • General Syntax
  • Additional Options
  • Find Files by Name
  • Find Files by Type
  • Find Files by Size
  • Find Files by Modification Date
  • Find Files by Permissions
  • Find Files by Owner
  • Find and Delete Files

Was this helpful?

  1. Core Technical Skills
  2. Core Skills
  3. Linux
  4. Getting to Know Linux
  5. Navigating the Linux File System (LFS)
  6. Finding Files

find

Looking for files on your Linux system? The find command is your best friend. It lets you scour your filesystem for files based on all sorts of things like their names, who owns them, their sizes, and even when they were last modified. Once you spot the files you're looking for, you can do stuff with them using options like -exec or -okay to achieve command execution.

One cool thing about find is that it searches in real-time. That means it might be a tad slower than locate, but you get the freshest, most up-to-date results.

Want a tip to make it faster? Tell find where to start its search in the filesystem. By narrowing down the search area, it'll zoom through even quicker.

The possibilities with find are pretty awesome. From file names to permissions, and even mix-and-matching different attributes – it’s got you covered!

General Syntax

The general syntax for the find command is as follows:

find [options] [path...] [expression]
  • The options attribute controls the treatment of the symbolic links, debugging options, and optimization method

  • The path... attribute defines the starting directory or directories where find will search the files

  • The expression attribute is made up of options, search patterns, and actions separated by operators

Using find doesn't magically give you the power to see every file. So, if there are files that are off-limits to your user account, find won't show them to you. This might lead to a few error messages popping up. But here's a pro tip: if you run find with some extra privileges (think sudo), it'll scour every nook and cranny of your filesystem if you ask it to.

It's more thorough than locate in that sense!

Let’s take a look at the following example:

find -L /var/www -name "*.js"
  • The option -L (options) tells the find command to follow symbolic links

  • The /var/www (path…) specifies the directory that will be searched

  • The (expression) -name "*.js tells find to search files ending with .js (JavaScript files)

Additional Options

Find Files by Name

Finding files by name is probably the most common use of the find command. To find a file by its name, use the -name option followed by the name of the file you are searching for.

For example, to search for a file named document.pdf in the /home/example directory, you would use the following command:

find /home/example-type f -name document.pdf

To run a case-insensitive search, change the -name option with -iname:

find /home/example -type f -iname document.pdf

The command above will match “Document.pdf”, “DOCUMENT.pdf” ..etc.

Find Files by Type

Sometimes you might need to search for specific file types such as regular files, directories, or symlinks. In Linux, everything is a file.

To search for files based on their type, use the -type option, along with one of the following descriptors to specify the file type:

  • f: a regular file

  • d: directory

  • c: character devices

  • b: block devices

  • p: named pipe (FIFO)

  • s: socket

For instance, to find all directories in the current working directory , you would use:

find . -type d
find /var/www/my_website -type d -exec chmod 0755 {} \;
find /var/www/my_website -type f -exec chmod 0644 {} \;

Find Files by Size

To find files based on the file size, pass the -size parameter along with the size criteria. You can use the following suffixes to specify the file size:

  • b: 512-byte blocks (default)

  • c: bytes

  • w: two-byte words

  • k: Kilobytes

  • M: Megabytes

  • G: Gigabytes

The following command will find all files of exactly 1024 bytes inside the /tmp directory:

find /tmp -type f -size 1024c

The find command also allows you to search for files that are greater or less than a specified size.

In the following example, we search for all files less than 1MB inside the current working directory. Notice the minus - symbol before the size value:

find . -type f -size -1M

If you want to search for files with a size greater than 1MB, then you need to use the plus + symbol:

find . -type f -size +1M

You can even search for files within a size range. The following command will find all files between 1 and 2MB:

find . -type f -size +1M -size 21M

Find Files by Modification Date

The find command can also search for files based on their last modification, access, or change time. Much the same as when searching by size, you can use the plus and minus symbols for “greater than” or “less than”.

Let’s say that a few days ago, you modified one of the dovecot configuration files, but you forgot which one. You can easily filter all files under the /etc/dovecot/conf.d directory that ends with .conf and has been modified in the last five days:

find /etc/dovecot/conf.d -name "*.conf" -mtime 5

Here is another example of filtering files based on the modification date using the -daystart option. The command below will list all files in the /home directory that were modified 30 or more days ago:

find /home -mtime +30 -daystart

Find Files by Permissions

The -perm option allows you to search for files based on the file permissions.

For example, to find all files with permissions of exactly 775 inside the /var/www/html directory, you would use:

find /var/www/html -perm 644

You can prefix the numeric mode with minus - or slash /.

When slash / is used as the prefix, then at least one category (user, group, or others) must have at least the respective bits set for a file to match.

Consider the following example command:

find . -perm /444

The above command will match all the files with read permissions set for either user, group, or others.

If minus - is used as the prefix, then for the file to match, at least the specified bits must be set. The following command will search for files that have read and write permission for the owner and group and are readable by other users:

find . -perm -664

Find Files by Owner

To find files owned by a particular user or group, use the -user and -group options.

For example, to search for all files and directories owned by the user example, you would run:

find / -user example

Here is a real-world example. Let’s say you want to find all files owned by the user www-data and change the ownership of the matched files from www-data to nginx:

find / -user www-data -type f  -exec chown nginx {} \;

Find and Delete Files

To delete all matching files, append the -delete option to the end of the match expression.

Ensure you are using this option only when you are confident that the result matches the files you want to delete. It is always a good idea to print the matched files before using the -delete option.

For example, to delete all files ending with .temp from the /var/log/, you would use:

find /var/log/ -name `*.temp` -delete

Use the -delete option with extreme caution. The find command is evaluated as an expression and if you add the -delete option first, the command will delete everything below the starting points you specified.

PreviouslocateNextgrep

Last updated 1 year ago

Was this helpful?

l:

The common example would be to recursively change the website file permissions to 644 and directory permissions to 755 using the command:

When it comes to directories, find can delete only empty directories, same as .

symbolic link
chmod
rmdir