example: find ./ -name "irs-iface.log.2015-08*" -exec more {} \;|grep error : Find all files in the current directory whose names start with irs-iface.log.2015-08 The content of the line containing the error string
After find is the path of the file to be found, if not filled, it means the current directory
-name According to the file name, some versions of Linux do not need to use quotation marks to package the file name, and the file name can use regular and *
exec is followed by the command to be executed after the file is found, {} \; when there is an exec parameter, it must be followed by
The following is to find the detailed parameters and demo
find path -option [ -print ] [ -exec -ok command ] {} \;
Parameters of the find command;
pathname: The directory path that the find command looks for. For example, use . to represent the current directory and / to represent the system root directory.
-print: The find command outputs matching files to standard output.
-exec: The find command executes the shell command given by this parameter to the matching files. The corresponding command is of the form 'command' { } \;, note the space between { } and \;.
-ok: The same as -exec, except that the shell command given by this parameter is executed in a safer mode. Before executing each command, a prompt will be given to let the user determine whether to execute it.
#-print prints the found files to standard output
#-exec command {} \; ——– execute the command operation on the found file, there is a space between {} and \;
#-ok is the same as -exec, except that the user is asked before the operation
例:find . -name .svn | xargs rm -rf
====================================================
-name filename #Find a file named filename
-perm #Search by execution permission
-user username #Search by file owner
-group groupname #Search by group
-mtime -n +n #Find files by file change time, -n means within n days, +n means before n days
-atime -n +n #Check GIN by file access time: 0px">
-ctime -n +n #Find files by file creation time, -n means within n days, +n means before n days
-nogroup #Check files with no valid group, that is, the group of the file does not exist in /etc/groups
-nouser #Check files with no valid owner, that is, the owner of the file does not exist in /etc/passwd
-newer f1 !f2 Find files, -n refers to within n days, +n refers to n days ago
-ctime -n +n #Find files by file creation time, -n means within n days, +n means before n days
-nogroup #Check files with no valid group, that is, the group of the file does not exist in /etc/groups
-nouser #Check files with no valid owner, that is, the owner of the file does not exist in /etc/passwd
-newer f1 !f2 #Check files whose change time is newer than f1 but older than f2
-type b/d/c/p/l/f #Check is block device, directory, character device, pipe, symbolic link, ordinary file
-size n[c] #Check files of length n blocks [or n bytes]
-depth #Make the search complete this directory before entering the subdirectory
-fstype #Check files whose change time is newer than f1 but older than f2
-type b/d/c/p/l/f #Check is block device, directory, character device, pipe, symbolic link, ordinary file
-size n[c] #Check files of length n blocks [or n bytes]
-depth #Make the search complete this directory before entering the subdirectory
-fstype #Check files located in a certain type of file system, these file system types can usually be found in /etc/fstab
-mount #Do not cross file system mount points when checking files
-follow #If a symbolic link file is encountered, follow the file pointed to by the link
-cpio %; #Check files located in a certain type of file system, these file system types can usually be found in /etc/fstab
-mount #Do not cross file system mount points when checking files
-follow #If a symbolic link file is encountered, follow the file pointed to by the link
-cpio #Use the cpio command on matching files to back them up to a tape device
-prune #Ignore a directory
=====================================================
$find ~ -name "*.txt" -print #Check the .txt file in $HOME and display it
$find . -name "*.txt" -print
$find . -name "[AZ]*" -print #Find files starting with uppercase letters
$find /etc -name "host*" -print #Check files starting with host
$find . -name "[az][az][0–9][0–9].txt" -print #Find txt files starting with two lowercase letters and two numbers
$find . -perm 755 -print
$find . -perm -007 -exec ls -l {} \; #Check the files that all users can read, write and execute with -perm 777
$find . -type d -print
$find . ! -type d -print
$find . -type l -print
$find . -size +1000000c -print #Check files longer than 1Mb
$find . -size 100c -print # Find files with a length of 100c
$find . -size +10 -print #Check for files whose length exceeds the expiration date by 10 blocks (1 block = 512 bytes)
$cd /
$find etc home apps -depth -print | cpio -ivcdC65536 -o /dev/rmt0
$find /etc -name "passwd*" -exec grep "cnscn" {} \; #See if there is a cnscn user
$find . -name "yao*" | xargs file
$find . -name "yao*" | xargs echo "" > /tmp/core.log
$find . -name "yao*" | xargs chmod o-w
======================================================
find -name april* Find files starting with april in the current directory
find -name april* fprint file Find files starting with april in the current directory and output the results to file
find -name ap* -o -name may* find files starting with ap or may
find /mnt -name tom.txt -ftype vfat Finds a file with name tom.txt and file system type vfat under /mnt
find /mnt -name t.txt ! -ftype vfat Find files under /mnt whose name is tom.txt and whose file system type is not vfat
find /tmp -name wa* -type l Find files under /tmp whose names begin with wa and whose type is a symbolic link
find /home -mtime -2 Find files under /home that have been changed in the last two days
find /home -atime -1 Find files that have been accessed within 1 day
find /home -mmin +60 Find files under /home that were changed 60 minutes ago
find /home -amin +30 Find files that have been accessed in the last 30 minutes
find /home -newer tmp.txt Find files or directories under /home whose update time is closer to tmp.txt
find /home -anewer tmp.txt Find files or directories under /home whose access time is closer to tmp.txt
find /home -used -2 List files or directories that have been accessed within 2 days after the file or directory has been changed
find /home -user cnscn List the files or directories in the /home directory that belong to the user cnscn
find /home -uid +501 List files or directories with user IDs greater than 501 in the /home directory
find /home -group cnscn List files or directories with group cnscn in /home
find /home -gid 501 List files or directories with group id 501 in /home
find /home -nouser List files or directories in /home that do not belong to local users
find /home -nogroup List files or directories in /home that do not belong to the local group
find /home -name tmp.txt -maxdepth 4 List the tmp.txt in /home The depth is up to 3 layers
find /home -name tmp.txt -mindepth 3 Start from layer 2
find /home -empty finds files or empty directories of size 0
find /home -size +512k Find files larger than 512k
find /home -size -512k Find files smaller than 512k
find /home -links +2 Find files or directories with more than 2 hard links
find /home -perm 0700 to find files or directories with permissions of 700
find /tmp -name tmp.txt -exec cat {} \;
find /tmp -name tmp.txt -ok rm {} \;
find / -amin -10 # Find files accessed in the system in the last 10 minutes
find / -atime -2 # Find files accessed in the system in the last 48 hours
find / -empty # Find files or folders that are empty in the system
find / -group cat # Find files belonging to groupcat in the system
find / -mmin -5 # Find files modified in the system in the last 5 minutes
find / -mtime -1 #Find files modified in the system in the last 24 hours
find / -nouser #Find files belonging to invalid users in the system
find / -user fred #Find files belonging to the user FRED in the system
Check all common files in the current directory
# find . -type f -exec ls -l {} \;
-rw-r–r– 1 root root 34928 2003-02-25 ./conf/httpd.conf
-rw-r–r– 1 root root 12959 2003-02-25 ./conf/magic
-rw-r–r– 1 root root 180 2003-02-25 ./conf.d/README
Check all ordinary files in the current directory and list them with the ls -l command in the -exec option
=================================================
Find files in the /logs directory with changes older than 5 days and delete them:
$ find logs -type f -mtime +5 -exec -ok rm {} \;
=================================================
Query files modified on the day
[root@book class]# find ./ -mtime -1 -type f -exec ls -l {} \;
=================================================
Query the file and ask if you want to display
[root@book class]# find ./ -mtime -1 -type f -ok ls -l {} \;
< ls … ./classDB.inc.php > ? y
-rw-r – r– 1 cnscn cnscn 13709 1 月 12 12:22 ./classDB.inc.php
[root@book class]# find ./ -mtime -1 -type f -ok ls -l {} \;
< ls … ./classDB.inc.php > ? n
[root@book class]#
=================================================
Query and hand it over to awk for processing
[root@book class]# who | awk ’{print $1"\t"$2}’
cnscn pts/0
=================================================
awk — grep — sed
[root@book class]# df -k | awk ‘{print $1}’ | grep -v ’none’ | sed s"/\/dev\///g"
File system
sda2
sda1
[root@book class]# df -k | awk ‘{print $1}’ | grep -v ’none’
File system
/dev/sda2
/dev/sda1
1) Find all *.h in /tmp, and find "SYSCALL_VECTOR" in these files, and finally print out all file names that contain "SYSCALL_VECTOR"
A) find /tmp -name "*.h" | xargs -n50 grep SYSCALL_VECTOR
B) grep SYSCALL_VECTOR /tmp/*.h | cut -d’:' -f1| uniq > filename
C) find /tmp -name "*.h" -exec grep "SYSCALL_VECTOR" {} \; -print
2)find / -name filename -exec rm -rf {} \;
find / -name filename -ok rm -rf {} \;
3) For example, to find files larger than 3M in the disk:
find . -size +3000k -exec ls -ld {} ;
4) Copy the found things to another place
find *.c -exec cp ‘{}’ /tmp ‘;’
If there are special files, you can use cpio, or you can use this syntax:
find dir -name filename -print | cpio -pdv newdir
6) Find files changed at 2004-11-30 16:36:37
# A=`find ./ -name "*php"` | ls -l –full-time $A 2>/dev/null | grep "2004-11-30 16:36:37"