Description
The find command is a very powerful command to search for files and directories and take actions.
Main flags
Type
| Syntax
|
Description
|
| -type f
|
Search for files
|
| -type d
|
Search for directories
|
Name and extensions
Note
When using wildcard (*) in the name, surround the string with quotes
| Syntax
|
Description
|
Examples
|
| -name
|
Search by name (case insensitive)
|
- Search exactly file.ext
- -name file.ext
- Search all files which name contains file
- -name "*file*"
- Search all files with *.sh extension
- -name "*.sh"
|
| -iname
|
Search by name (case sensitive)
|
- Name begins with file (case insensitive)
- -iname "file*"
|
Owner
| Syntax
|
Description
|
Examples
|
| -user
|
Search files owned by "root"
|
-user root
|
| -group
|
Search files owned by group "hacker"
|
-group hacker
|
Permissions
Search for permissions is done with the -perm keyword.
| Number
|
Permission Type
|
| 0
|
No Permission (-)
|
| 1
|
Execute (x)
|
| 2
|
Write (w)
|
| 4
|
Read (r)
|
There are 2 notations:
- octal: e.g. 644
- symbolic: e.g. u=r
- u for user
- g for group
- o for other users not in the group
- a for all users (default value)
Exact, or at least:
- Exact: -perm 644 or -u=r will search for the exact permission (rw for user, read for group, read for others)
- Prefix / or -: -perm /444 will search for files that are only readable by anyone
Size
- The size of a file is specified with the -size flag.
- Exact, less, more:
- -size n: exact size
- -size -n: less than
- size +n: more than
- Units:
- c: bytes
- k: kilobytes
- M: megabytes
Time
- The flag consists of a word and a prefix'.
- Word:
- Prefix:
- a: accessed
- m: modified
- c: status changed
Examples:
- -amin +30
- search for file that were last accessed more than 30 minutes ago
- -mtime -7
- search for files that were modifed less than 7 days ago
- -mtime 0
- search for files that were modified within the last 24 hours
Actions
- Flags:
- -exec: Execute command
- -delete: Delete file
Examples:
- Remove all *.jpg files on disk
- find / -type f -name "*.jpg" -exec rm -rf {} \;
- find / -type f -name "*.jpg" -delete
Examples
| Command
|
Description
|
| find / -type f -name "*.xml"
|
Find all files whose name ends with ".xml"
|
| find /home -type f -iname user.txt
|
Find all files in the /home directory (recursive) whose name is "user.txt" (case insensitive)
|
| find / -type d -name "*exploits*"
|
Find all directories whose name contains the word "exploits"
|
| find / -type f -user kittycat
|
Find all files owned by the user "kittycat"
|
| find / -type f -size 150c
|
Find all files that are exactly 150 bytes in size
|
| find /home -type f -size -2k -name "*.txt"
|
Find all files in the /home directory (recursive) with size less than 2 KiB’s and extension ".txt"
|
| find / -type f -perm 644
|
Find all files that are exactly readable and writeable by the owner, and readable by everyone else (use octal format)
|
| find / -type f -perm /444
|
Find all files that are only readable by anyone (use octal format)
|
| find / -type f -perm -o=w -name "*.sh"
|
Find all files with write permission for the group "others", regardless of any other permissions, with extension ".sh" (use symbolic format)
|
| find /usr/bin -type f -user root -perm -u=s
|
Find all files in the /usr/bin directory (recursive) that are owned by root and have at least the SUID permission (use symbolic format)
|
| find / -type f -atime +10 -name "*.png"
|
Find all files that were not accessed in the last 10 days with extension ".png"
|
| find /usr/bin -type f -mmin 120
|
Find all files in the /usr/bin directory (recursive) that have been modified within the last 2 hours
|
