Check the absolute path of the command:
which is used to find and display the absolute path of a given command, and the PATH parameter in the environment variable can also be found.
[root@localhost ~]# which bash
/usr/bin/bash
[root@localhost ~]# which ls
alias ls='ls --color=auto'
/usr/bin/ls
Find a specific file:
The whereis command is used to locate the path of the binary program, source code file, man page and other related files of the instruction. This command can only be used to search the program name
[root@localhost ~]# whereis --help
语法格式:[ whereis [选项] 文件名 ]
-b #只找二进制文件
-m #只找man文档
-s #只找源代码
Use the whereis -b command to find binary files, and help manuals.
[root@localhost ~]# whereis -b ifconfig
ifconfig: /usr/sbin/ifconfig
[root@localhost ~]# whereis -m ifconfig
ifconfig: /usr/share/man/man8/ifconfig.8.gz
Cache lookup files:
locate searches for a database /var/lib/mlocatedb, which contains all local file information. The Linux system automatically creates this database and automatically updates it once a day, so the latest changed files cannot be found using the locate command. In order to avoid this In this case, you can use the updatedb command to manually update the database before using locate. The updatedb command will update the file according to /etc/updatedb.conf.
[root@localhost ~]# yum install -y mlocate
[root@localhost ~]# locate --help
语法格式:[ locate [选项] 文件名 ]
-d 目录 #指定数据库所在的目录
-i #忽略大小写差异
-r #后面接正则表达式
Use the locate command to query a file.
[root@localhost ~]# updatedb
[root@localhost ~]# locate /etc/passwd
/etc/passwd
/etc/passwd-
Traverse the file to find:
The find command can be said to be the most important search command, and this command has many parameters.
[root@localhost ~]# find --help
语法格式:[ find [目录] [属性] 文件名 ]
-name #按文件名查找
-size #根据大小查找
-user #根据属主查找
-perm #根据权限查找
-type #根据类型查找
-time #按时间查找
-inum #根据i节点查询
-exec #查找后执行命令
-name Find by filename:
Common query wildcards
\* #匹配任意一个或多个字符
? #匹配任意一个字符
[] #指定范围,外侧加引号
Find files ending in .log in the /var/ directory.
[root@localhost ~]# find /var/ -name "*.log"
/var/log/tuned/tuned.log
/var/log/audit/audit.log
/var/log/anaconda/X.log
/var/log/anaconda/program.log
....省略....
Find files in the /root/ directory with [1-3] ending in .txt
[root@localhost ~]# ls
1.txt 2.txt 3.txt Catalog File
[root@localhost ~]# find /root/ -name "[1-3].txt"
/root/1.txt
/root/2.txt
/root/3.txt
Find files in the /etc/ directory that start with 6 arbitrary characters
[root@localhost ~]# find /etc/ -name "??????"
/etc/grub.d
/etc/grub.d/README
/etc/shells
/etc/init.d
....省略....
-size find by size
单位是 block 数据块 一块是512字节
1M -> 1024k -> 2048 块 (1块是0.5k 也就是512字节)
100M -> 102400k -> 204800块
Find files less than 10k in the /etc/ directory
root@localhost ~]# find /etc/ -size -10k
/etc/crypttab
/etc/.pwd.lock
/etc/environment
....省略....
Find files larger than 1M in the /etc/ directory
[root@localhost ~]# find /etc/ -size +1M #查询大于1M的文件
/etc/udev/hwdb.bin
/etc/selinux/targeted/active/policy.kern
/etc/selinux/targeted/contexts/files/file_contexts.bin
/etc/selinux/targeted/policy/policy.31
....省略....
#注意:+-号如果没有,是精确到这么大,通常都会带上+或-号表示一个范围.
-user Find by owner and permissions
Find files belonging to user wang in the /root directory
[root@localhost ~]# find /root/ -user wang
/root/1.txt
/root/2.txt
/root/3.txt
#注意:系统中要存在该用户,否则会报错误.
Find files with permissions 644 in the /boot/ directory
[root@localhost ~]# find /boot/ -perm 0644
/boot/grub2/device.map
/boot/grub2/i386-pc/gcry_rmd160.mod
/boot/grub2/i386-pc/acpi.mod
/boot/grub2/i386-pc/gcry_rsa.mod
....省略....
-type find by type
-type f 二进制文件(普通文件)
-type l 软链接文件
-type d 目录
Find the /usr/bin/ directory, the type is binary file.
[root@localhost ~]# find /usr/bin/ -type f
/usr/bin/cp
/usr/bin/gzip
/usr/bin/alias
/usr/bin/csplit
/usr/bin/bash
....省略....
-time find by time
按天数 ctime atime mtime
按分钟 cmin amin mmin
c change #表示属性被修改过:所有者、所属组、权限
a access #被访问过(被查看过)
m modify #表示内容被修改过
Find files whose content has been modified within 120 minutes in the /etc/ directory
[root@localhost ~]# find /etc/ -mmin -120
/etc/
/etc/resolv.conf
/etc/group-
/etc/gshadow-
/etc/group
/etc/gshadow
....省略....
Find files whose attributes have been modified before 7 days in the /etc/ directory
[root@localhost ~]# find /etc/ -ctime +7
/etc/resolv.conf
/etc/group-
/etc/gshadow-
....省略....
-inum query based on i-node
Some files have a large number of hard links and have the same i-node. Find the i-node number of one of the files and delete them at one time.
[root@localhost ~]# find ./ -inum 1024 -exec rm{
} \; #删除相同I节点的数据
-and or logical connector
-a (and 逻辑与)
-o (or 逻辑或)
In the /etc/ directory, look for files greater than 1k and less than 10k
[root@localhost ~]# find /etc/ -size +1k -a -size -10k
/etc/
/etc/grub.d/00_header
/etc/grub.d/20_ppc_terminfo
/etc/grub.d/00_tuned
/etc/rc.d/init.d/README
/etc/rc.d/init.d/netconsole
/etc/rc.d/init.d/network
/etc/pam.d
....省略....
-exec command execution connector
[查询格式] find ... -exec 命令 {
} \;
{
} #表示find查询的结果集
\ #是转义符,不使用命令别名,直接使用命令本身
; #分号是表示语句的结束.
#注意:固定格式,只能这样写.注意中间的空格.
(公众号:网络工程师阿龙)-----------------------------------------------------------------
说明: 转义符的作用是什么?
在linux中有一个别名机制,如rm删除文件,执行的却是rm -i(用which rm 可以查看命令别名),
使用rm删除文件前会提示,就是因为rm -i这个参数。如果想使用命令原意,可以在加\转义,
如:\rm test.txt 则不会提示,直接删除
Find the file whose name ends with .log in the /var/log/ directory, and execute ls -l to display the detailed information.
[root@localhost ~]# find /var/log/ *.log -exec ls -l {
} \;
total 1176
drwxr-xr-x. 2 root root 204 Sep 18 09:12 anaconda
drwx------. 2 root root 23 Sep 18 09:12 audit
-rw-------. 1 root root 53001 Sep 19 00:57 boot.log
-rw-------. 1 root utmp 384 Sep 18 09:22 btmp
drwxr-xr-x. 2 chrony chrony 6 Apr 12 13:37 chrony
-rw-------. 1 root root 3523 Sep 19 01:01 cron
-rw-r--r-- 1 root root 119414 Sep 19 00:57 dmesg
-rw-r--r-- 1 root root 119599 Sep 18 23:35 dmesg.old
-rw-r--r--. 1 root root 1320 Sep 19 00:23 firewalld
-rw-r--r--. 1 root root 193 Sep 18 09:05 grubby_prune_debug
....
Look for files whose names start with "init*" in the /etc/ directory. After finding them, list only files, filter out directories, and execute ls -l to display detailed information.
[root@localhost ~]# find /etc/ -name "init*" -a -type f -exec ls -l {
} \;
-rw-r--r--. 1 root root 511 Apr 11 01:09 /etc/inittab
-rw-r--r--. 1 root root 798 Apr 11 01:09 /etc/sysconfig/init
-rwxr-xr-x. 1 root root 5419 Jan 2 2018 /etc/sysconfig/network-scripts/init.ipv6-global
-rw-r--r--. 1 root root 30 Apr 11 14:12 /etc/selinux/targeted/contexts/initrc_context
Find the yum.log file under /tmp/, and delete it directly after finding it.
[root@localhost tmp]# find /tmp/ -name yum.log -exec rm {
} \;
[root@localhost tmp]#
Find under the root, find all files about lyshark users, and delete them directly after finding them.
[root@localhost ~]# find / -user lyshark -exec rm -r {
} \;
find: ‘/proc/1465/task/1465/fd/6’: No such file or directory
find: ‘/proc/1465/task/1465/fdinfo/6’: No such file or directory
find: ‘/proc/1465/fd/5’: No such file or directory
find: ‘/proc/1465/fdinfo/5’: No such file or directory
find: ‘/root/Catalog’: No such file or directory
find: ‘/home/lyshark’: No such file or directory
#rm -r 连带目录一起删除.报错原因:-exec 不适合大量传输,速率慢导致.
Under the root, look for the file of the lyshark user, and delete it after finding it. Before deleting, you will be prompted whether to delete it.
[root@localhost ~]# find / -user lyshark -ok rm -r {
} \;
find: ‘/proc/1777/task/1777/fd/6’: No such file or directory
find: ‘/proc/1777/task/1777/fdinfo/6’: No such file or directory
< rm ... /root/LyShark > ? y
# -ok的使用和-exec是一样的,区别是-ok,执行时会提示你是否进行下一步操作.