Hits: 14,392
Home >> Software >> Find

GNU Find

Basic Find

Find is one of the most useful utilities to any UNIX system. In Linux, everything is a file. Devices are access via files too so knowing how to use a file searching program is very central to good administration. There are other utilities that can be used to find files besides "find" such as "slocate" but these are run from a index of files that only gets updated once a day by default. So if you are looking for a old file or command, then locate is faster. However, if you want to be able to do an advanced search, find is the only way to go.

Find can seem a little much at first because of its syntax. But once you get the hang of it, or remember those good old "man" pages, life will be good. We will start by a quick find for the file "monday.pdf" in our current directory. Remember that find will, by default, do a recursive search so all sub-directories will be searched as well.

find . -name monday.pdf

That's it, find will report the file(s) it finds and what directory they are in.

Now lets say we don't know that the file was a .PDF format. We could use wild card to say all files that start with "monday". NOTE to prevent any shell from expanding any matches in the local directory, we want to escape the wild card.

find . -name monday\*

This way our shell will not try to expand that into a list of files, which would really give us the wrong syntax and fail

Now, lets say you don't remember the filename at all but know you created it three days ago. For this we use -ctime argument.

find . -ctime 3

This will show us all files that a created in the last three days. But we have a small problem, it is ONLY 3 days ago. Not the last three days. To do that, we use the +/- to the time.

find . -ctime -7

Now find reports all files that were created in the last 7 days. Very handy for getting a list of files to backup. See CRON for some easy tips on that. Also remember that you can also look for mtime (Modified time), and atime (Accessed time) when looking. Again, see the man page for more details.

Advanced Find

The above is great if you just want to see the list of files found, but what if you wanted to do something to them? Enter -exec. Using this we can tell find to process the command we give it on the files it finds.

find /tmp -atime +7 -type f -exec rm -f {} \;

Lets look at this command. First we tell find to locate all files that haven't been access in the last 7 days "-atime +7". Now we only want files for this list, so we will filter this with find using the "-type f" argument. This will show us only files. You can also find directories (d), links (l), sockets (s), and more. Then the magic comes when we tell find to run "rm -f {}" on them to delete the files. This looks a little cryptic so I'll explain. The {} is expanded by find into the path and filename it locates. To tell find we are finished with he command line we need to pass it a simi-colon. But again, most shells will try and expand that thinking we want to execute another command after find. This isn't the case so we must escape the simi-colon. You can also use pipes and pipe the out to "xargs" for example.

find /tmp -atime +7 -type f | xargs rm -f

You could also, if you were brave, run it without the "-type f" and change "rm -f" to "rm -rf" to delete all directories too.

As always, for more detailed information, see the man pages.