How to use find Command in Linux? [A Beginner’s Guide]

How to use find Command in Linux? [A Beginner’s Guide]

In its basic form, find is easy.  At the same time, it can be complex with the number of options, tests, and actions available.

The find command is an incredibly powerful tool, and putting effort into learning it can be rewarding. It will help you in performing various system administration tasks efficiently, like disk space management, recursive file operations, and backups.

Linux find command searches for files and folders based on the criteria you define and allows you to perform an action on the search results. The syntax of find is like this:

$ find directory-to-search criteria action

where

  • directory-to-search is the starting point from where find starts looking for files. The search includes all subdirectories under this directory.
  • criteria (test) tells which files to search for
  • action tells what to do with each file found matching the criteria.

Tests

Search by name

Here is a simple example. The following command searches for the file a.txt in the current directory:

$ find . -name "a.txt" ./a.txt

Where

  • . refers to the current directory
  • -name test specifies the criteria to be matched

This search with -name test is case-sensitive and would ignore file A.txt. To ensure that your search is case-insensitive use -iname test:

$ find . -iname "a.txt" ./a.txt ./A.txt

To search for all .jpg image files in the current directory, use the wildcard pattern *.jpg:

$ find . -name "*.jpg" ./genxfacebook2.jpg ./genxfacebook1.jpg ./Moodle2.jpg ./moodle.jpg ./moodle/moodle1.jpg ./genxfacebook.jpg

You can use the directory name in which to search. For example, to search for all .jpg images in /home directory:

$ find /home -name "*.jpg" find: `/home/ubuntu/.ssh': Permission denied /home/vagrant/Moodle2.jpg /home/vagrant/moodle.jpg /home/me/hello.jpg find: `/home/me/testfiles': Permission denied find: `/home/me/data': Permission denied /home/me/water.jpg find: `/home/me/.cache': Permission denied

If you see too many permissions denied errors, you can add 2>/dev/null at the end of the command. This redirects error messages to /dev/null device, and gives a cleaner output:

find /home -name "*.jpg" 2>/dev/null /home/vagrant/Moodle2.jpg /home/vagrant/moodle.jpg /home/me/hello.jpg /home/me/water.jpg

Search by file type

Using the -type test you can search files by type. File types can be:

f plain files d directories l symbolic links b block devices c character devices p named pipes s sockets

For example, using the test -type d will list only directories:

$ find . -type d . ./.ssh ./.cache ./moodle

Search by file size

You may need to search for large files and delete them. In the following example, the test -size is followed by the string +1G. This would search for all files larger than 1 GB.

$ find . -size +1G ./Microsoft_Office_16.29.19090802_Installer.pkg ./android-studio-ide-183.5692245-mac.dmg

The + sign means search files larger than the following number. A minus symbol (-) can be used to indicate smaller than. Using no sign would mean match size exactly.

The number is followed by the file size unit. Units can be:

Character Fine size unit
b 521 bye blocks
c Bytes
k Kilobytes
M Megabytes
G Gigabytes

Search empty directories and files

Use -empty test to find empty directories and files like this:

$ find . -empty ./.cloud-locale-test.skip ./datafiles ./b.txt ... ./.cache/motd.legal-displayed

Search by file modification time

You can search for all files and directories based on create or modification time with -cmin test. To search for all files modified in the last 60 minutes (less than 60) use -60 like this:

$ find . -cmin -60 . ./a.txt ./datafiles

For files modified anytime prior to the last 60 minutes, use +60.

Search by access time

You can search for files by last access time, with -atime test. For example, the following command searches for files not accessed in the last 180 days:

$ find . -atime +180

These could be moved to a backup device if disk space is running short.

Search by user name

With -user username test you can search all files and directories belonging to a user. For example, the following command searches for all files and directories owned by user ubuntu in /home directory:

$ find /home -user ubuntu 2>/dev/null /home/ubuntu /home/ubuntu/.bash_logout /home/ubuntu/.bashrc /home/ubuntu/.ssh /home/ubuntu/.profile

Search by mode

Wish to search files set to a specific mode, that is, have a specific set of permissions? Use -perm test. The following example searches for files with permissions set to 777:

$ find /home -perm 777

Operators

You can use the following three logical operators to combine multiple tests in a single find command:

  • -and
  • -or
  • -not

For example, the following command searches for files larger than 100MB owned by user me:

$ find /home -user me -and -size +100M 2>/dev/null /home/me/kali-linux-2020.3-installer-netinst-i386.iso

The following command looks for files larger than 100MB owned by user me or by user vagrant:

$ find /home ( -user vagrant -or -user me ) -and -size +100M 2>/dev/null /home/vagrant/LibreOffice_7.0.1_Linux_x86-64_deb.tar.gz /home/me/kali-linux-2020.3-installer-netinst-i386.iso

You need to place a backslash character in front of the parentheses so as to prevent the shell from trying to interpret them.

Actions

find gives you the search results and then the choice to perform an action on them. Here are some predefined actions:

Action Description
-delete Deletes files which match the search criteria
-ls Shows a detailed ls output with file sizes and inode count
-print Shows the full pathname of the matching files. It’s the default action if no other action is specified
-exec Executes the command which follows, on each line of the search output

So, if you wish to search for all empty files and delete them, this is how you can do it:

$ find . -empty -delete

Caution: Before you use the delete action it is always safe to run the command once with -print action and confirm the results.

The -exec action is special. It allows you to execute a command of your choice on the search results.  It’s like this:

-exec command {} ;

Here

  • command is the command you want to execute on the search results, like rm, mv or cp.
  • {} represents the search results.
  • The command ends with a semicolon escaped with a backslash.

So, the command to search and delete all empty files can be written like this:

$ find . -empty -exec rm {} ;

Here is another example using -exec action. The following command copies all .png image files to backup/images directory:

$ find . -name "*.png" -exec cp {} /backups/images ;

Conclusion

You can use the Linux find command to search for files based on name, last access date, last modification date, user(owner) name, group name, size, permissions, and various other criteria. With these search results, you can perform actions on them like deleting, copying, or moving them to a different location.

Once you master the find command, it can be of great help and can simplify system administration tasks for you. And the key to mastering it is practicing it and using it!

NEWEST POSTS

Our trusted sources

We only publish news from well-known cybercrime magazines via RSS. You will find here everything about hackers & cybercrime. Also you can visit the direct sources from us.

Just click on one of the buttons.

PROTECT YOURSELF

Check out our Guidebook page.  And read everything about it.  Also how to protect yourself from hacker attacks.  An all in one thing.