Find
Jump to navigation
Jump to search
Description
The find command is a very powerful command to search for files and directories and take actions.
Main flags
Type
| Syntax | Description |
|---|---|
| -type f | Search for files |
| -type d | Search for directories |
Name and extensions
Note
When using wildcard (*) in the name, surround the string with quotes
| Syntax | Description | Examples |
|---|---|---|
| -name | Search by name (case insensitive) |
|
| -iname | Search by name (case sensitive) |
|
Owner
| Syntax | Description | Examples |
|---|---|---|
| -user | Search files owned by "root" | -user root |
| -group | Search files owned by group "hacker" | -group hacker |
Permissions
Search for permissions is done with the -perm keyword.
| Number | Permission Type |
|---|---|
| 0 | No Permission (-) |
| 1 | Execute (x) |
| 2 | Write (w) |
| 4 | Read (r) |
There are 2 notations:
- octal: e.g. 644
- symbolic: e.g. u=r
- u for user
- g for group
- o for other users not in the group
- a for all users (default value)
Exact, or at least:
- Exact: -perm 644 or -u=r will search for the exact permission (rw for user, read for group, read for others)
- Prefix / or -: -perm /444 will search for files that are only readable by anyone
Size
- The size of a file is specified with the -size flag.
- Exact, less, more:
- -size n: exact size
- -size -n: less than
- size +n: more than
- Units:
- c: bytes
- k: kilobytes
- M: megabytes
Time
- The flag consists of a word and a prefix'.
- Word:
- min: minutes
- time: days
- Prefix:
- a: accessed
- m: modified
- c: status changed
Examples:
- -amin +30
- search for file that were last accessed more than 30 minutes ago
- -mtime -7
- search for files that were modifed less than 7 days ago
- -mtime 0
- search for files that were modified within the last 24 hours
Actions
- Flags:
- -exec: Execute command
- -delete: Delete file
Examples:
- Remove all *.jpg files on disk
- find / -type f -name "*.jpg" -exec rm -rf {} \;
- find / -type f -name "*.jpg" -delete
Examples
| Command | Description |
|---|---|
| find / -type f -name "*.xml" | Find all files whose name ends with ".xml" |
| find /home -type f -iname user.txt | Find all files in the /home directory (recursive) whose name is "user.txt" (case insensitive) |
| find / -type d -name "*exploits*" | Find all directories whose name contains the word "exploits" |
| find / -type f -user kittycat | Find all files owned by the user "kittycat" |
| find / -type f -size 150c | Find all files that are exactly 150 bytes in size |
| find /home -type f -size -2k -name "*.txt" | Find all files in the /home directory (recursive) with size less than 2 KiB’s and extension ".txt" |
| find / -type f -perm 644 | Find all files that are exactly readable and writeable by the owner, and readable by everyone else (use octal format) |
| find / -type f -perm /444 | Find all files that are only readable by anyone (use octal format) |
| find / -type f -perm -o=w -name "*.sh" | Find all files with write permission for the group "others", regardless of any other permissions, with extension ".sh" (use symbolic format) |
| find /usr/bin -type f -user root -perm -u=s | Find all files in the /usr/bin directory (recursive) that are owned by root and have at least the SUID permission (use symbolic format) |
| find / -type f -atime +10 -name "*.png" | Find all files that were not accessed in the last 10 days with extension ".png" |
| find /usr/bin -type f -mmin 120 | Find all files in the /usr/bin directory (recursive) that have been modified within the last 2 hours |