Linux foundation file search

Posted by balistic on Mon, 25 Oct 2021 15:03:21 +0200

Common file search tools in Linux mainly include locate and find. However, because the locate tool depends on its own index database / var/lib/mlocate/mlocate.db, it is rarely used to accurately find the latest data in the cache of the database. However, its advantage is that it will not traverse all files when searching, so as to ensure that the query occupies less resources and is fast.
Only the use of the find command is described here

Introduction to find tool

The find real-time search tool completes the search by traversing the specified path

Working characteristics:

The search speed is slightly slow
 Exact search
 Real time search
 Rich search conditions
 Only directories where the user has read and execute permissions may be searched


find [OPTION]... [Find path] [Search criteria] [Processing action]

Find path: specify the specific target path; The default is the current directory
Search criteria: the specified search criteria, including file name, size, type, permission, etc; The default is to find all files in the specified path
Processing action: operate on qualified files and output to the screen by default

Specify search directory level

	-maxdepth level Maximum search directory depth,The files in the specified directory are level 1
	-mindepth level Minimum search directory depth

For each directory, first deal with the files in the directory, and then deal with the directory itself

-d #warning: the -d option is deprecated; please use -depth instead, because the 
latter is a POSIX-compliant feature

Find by file name and inode

-name "File name" #glob is supported, such as: *?, [], [^], wildcards should be enclosed in double quotation marks
-iname "File name"  #Case insensitive
-inum n #Find by inode number
-samefile name #Files with the same inode number
-links n   #Files with n links
-regex "PATTERN"    #Match the entire file path with PATTERN, not the file name

Find by owner and group

-user USERNAME #Find a file whose owner is the specified user (UID)
-group GRPNAME #Find files that belong to a specified group (GID)
-uid UserID #Find a file whose owner is the specified UID number
-gid GroupID #Find a file that belongs to the GID number specified by the group
-nouser #Find files that do not belong to a master
-nogroup #Find files that do not belong to a group

Find by file type

-type TYPE
TYPE It can be in the following form:
f: Ordinary file
d: Catalog file
l: Symbolic link file
s: s socket 
b: Block device file
c: Character device file
p: Pipeline file

Empty file or directory


Combination condition

And:-a ,The default multiple conditions are and relationships
 Or:-o (The or here is the same as and)
Non:-not   !
virtue·Morgan's Law:
(wrong A) or (wrong B) = wrong(A And B) 
(wrong A) And (wrong B) = wrong(A or B)

Example 1:

lookup/The subordinate primary and subordinate groups of the directory are yao Directory of
[23:42:39 root@server[ yao]#find / -type d -user yao -group yao

Example 2:

lookup/Directory subordinate master is yao,Group is not yao Directory of
[23:42:39 root@server[ yao]#find / -type d -user yao -not -group yao

Example 3:

lookup/Under the directory, the owner is oracle perhaps yao Directory of
[23:55:21 root@server[ ~]#find / -type d -user oracle -o -user yao

Example 4:

lookup/tmp The user name in the directory is not root And the file name is not f Start file
find /tmp -not \( -user root -o -name 'f*' \) –ls   
Spaces are required before and after parentheses

Example 5:

#Find all files with. conf suffix in / etc / except / etc/security directory
[21:03:42 root@server[ ~]#find /etc/ -path '/etc/security/' -a -prune -o -name '*.conf'

Example 6:

#Find all. conf suffix files in / etc / except / etc/security and / etc / SYSTEMd and / etc / dbus-1 under / etc /
[21:16:19 root@server[ ~]#find /etc/ \( -path "/etc/sst-pathem.d" -o -path "/etc/db -pathus-1" -o -path "/etc/security" \) -a -prune -o -name '*.conf'

Find by file size

-size [+|-]#UNIT #Common units: k, M, G, c (byte). Be case sensitive
#UNIT: #express(#-1, #]For example, 6k means (5k,6k]
-#UNIT #express[0,#-1] For example: - 6k means [0,5k]
+#UNIT #express(#, ∞), for example, + 6k means (6k, ∞)

Example 1:

Find root directory greater than 10 G Directory of
[21:22:50 root@server[ ~]#find / -size +10G

Find by timestamp

#In days
-atime [+|-]# 
# #express[#,#+1)
+# #express[#+1,∞]
-# #express[0,#)
#In minutes

Find by permissions

-perm [/|-]MODE
MODE  #Exact permission matching
/MODE #As long as one of the permissions of any kind of (u,g,o) object can match, or relationship, + it will be eliminated from CentOS 7
-MODE #Each type of object must have the specified permission at the same time, which is related to
0 Expressed no concern

Processing action

-print: The default processing action is displayed to the screen
-ls: This is similar to executing on a found file"ls -dils"Command format output
-fls file: The long format information of all found files is saved to the specified file, equivalent to -ls > file
-delete: Delete the found file with caution!
-ok COMMAND {} \; Execute by for each file found COMMAND The specified command is displayed for each file before executing the command
 Interactive require user confirmation
-exec COMMAND {} \; Execute by for each file found COMMAND For the specified command, note that spaces should be added before and after the final curly braces
{}: Used to reference the found file name itself

Example 1:

Backup to/etc/Below./conf End of file
22:49:22 root@server[ etc]#find /etc/ -name "*.conf" -exec cp -a {} {}.orag \;
Backup to/etc/Below./conf End of file to/usr/local/test In the directory
[22:57:33 root@server[ etc]#find /etfind /etc/ -name "*.conf" -exec cp {} /usr/local/test/ \;

Example 2:

	Interactive prompt to delete those that exist for more than 3 days root Temporary file for
	[23:04:09 root@server[ ~]# find /tmp -ctime +3 -usr root -ok rm -rf {} \;

Example 3:

#Find ordinary files with 644 permissions and sh suffix under / data, and increase execution permissions
[23:04:09 root@server[ ~]#find /data/ -name "*.sh" -type f -perm 644 -exec chmod 755 {} \;

Parameter replacement xargs

Because many commands do not support pipeline to pass parameters, xargs is used to generate the parameters of a command, and xargs can read the number of stdin
The data of stdin is separated into parameters by a space character or carriage return character
In addition, many commands cannot accept too many parameters, and command execution may fail. xargs can solve this problem
Note: the file name or other nouns contain spaces
find is often combined with xargs command in the following form:

	find | xargs COMMAND

lookup/var The subordinate primary of the directory is root,And belongs to group mail All files
[23:49:18 root@server[ ~]#find /var/ -user root -group  mail -type f
 lookup/var Directory does not belong to root,lp,gdm All files
[23:57:32 root@server[ ~]#find /var/  -not \( -user root -o -user ip -o -user gdm \) -type f
 lookup/etc Directory is greater than 1 M All documents of normal type
[20:51:34 root@server[ ~]#find /etc/ -size +1M 
Find files that do not belong to a master or group on the current system and have been accessed in the last week
find / \( -nouser -o -nogroup -a -atime 7 \)
lookup/etc All users in the directory do not have write permission
[21:50:28 root@server[ ~]#ls -la /find /etc/ -not \( -perm /222 \)  

Topics: Linux Operation & Maintenance