Unix: Making better use of the find command

The find command is one of the most basic Unix commands, but that doesn't mean you're making good use of its many features.

By  

Here's a command that will only
list files that contain between 1,000 and 10,000 characters.

$ find . -size +1000c -size -10000c -print

Here's one that will list files larger 10,000 characters:

$ find . -size +10000c

And, as you might already know, it's no longer necessary to tack -print on to the end of your find command. That's the default action and the find command will assume this when you don't specify some other action.

You can also use the find command to locate files with specific permissions. Not many files will require 777 (giving everyone read, write, and execute access). So, maybe you want to look for them and maybe you want to use the -ls option to show a long listing to confirm those settings.

$ find . -type f -perm 777 -ls
15089878    4 -rwxrwxrwx   1 shs      staff        31 Mar  1 15:22 ./bin/runme

Another good use for find is to find files with the setuid or setgid bit set:

$ find . -perm -4000 -o -perm -2000
./bin/try3
./bin/showday
$ find . -perm -4000 -o -perm -2000 | xargs ls -l
-rwsr-xr-x 1 shs staff  79 Aug 31 15:19 ./bin/showday
-rwsr-sr-x 1 shs staff 100 Jul 11  2010 ./bin/try3

Note that the "000" in the permissions spec does not mean that no other permissions are set.

You might especially want to look for files with these settings that are owned by root:

# find / -user root -perm -4000 -o -perm -2000

The find command also allows you to search for files by timestamp. The -mtime (last modification time), -atime (last access time), and -ctime (last status change time) can all be used in find commands. This command will find files that have been changed in the last 10 days:

$ find . -mtime -10 -ls

There are two ways to add an action to the end of a find command. One is to use the -exec option. The other is to pass the output of the find command to xargs for further processing. Both work well. Some admins strongly favor one approach over the other, but I'm impartial.

Here's one command to show the top line of any file named "xyz":

$ find . -name xyz -exec head -1 {} \;
hello

Here's another:

$ find . -name xyz | xargs head -1
==> ./xyz <==
hello

You can also use the find command to copy files to particular directories. Say you want to copy a file to every top level directory. You might use a command like this:

$ find . -maxdepth 1 -type d -exec cp .htaccess {} \;

This command says "find every top level directory in the current location and copy the .htaccess file to it".

You can use the -newer option to find files that are newer than some particular file. There
doesn't seem to a similar option for older.



Photo Credit: 

flickr / Heather Blacklock, modified

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Operating SystemsWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question