7 Uses of find Command in Linux

Find it and do what you want

It’s safe to say that the find command in Linux is one of the must-know operations for backend developers, unless you are using a Windows Server.

For technical interviews, it’s also a popular topic. Let’s see a real question:

If there is a directory called logs on your Linux server, how to delete the log files under it whose last access time was over one year ago? 🤔

This scenario is common, but surprisingly, not every developer can write the command clearly in an interview.

Answer: First of all, we need to use the cd command to enter the corresponding directory, and then, the command is as follows:

find . -type f -atime +365 -exec rm -rf {} \; 

If you don’t fully understand the above command yet, no worries at all. This article will introduce 7 practical uses of the find command and you’ll master it eventually. If you already knew it, reading this article will be a great recap for you.

0. Find Files by Names or Regular Expressions

Let’s start from the simplest usage. To search files by a specific name, the command is like the following:

find . -name test.txt

The . symbol of the above code means the current path. If we would like to search files under another path, just point it out:

find ./yang/books -name test.pdf

How about finding all books whose format are pdf? Use regular expressions:

find ./yang/books -name "*.pdf"

By default, the find command searches for regular files, but it’s a good habit to specify it to make everything clearer:

find ./yang/books -type f -name "*.pdf"

1. Find Different Types of Files

Besides searching for normal files, we can also search other types of files by specifying the -type option.

Such as directories:

find . -type d -name "yang*"

Or symbolic links:

find . -type l -name "yang*"

2. Find Files by Specific Timestamps

To search files by specific timestamps, we need to know the 3 different timestamps in a Linux system:

• Access timestamp (atime): The last time when a file was read.
• Modified timestamp (mtime): The last time when a file’s content was modified.
• Change timestamp (ctime): the last time when a file’s metadata, such as its ownership, location, file type and permission settings, was changed.

So, as the interview question mentioned at the beginning, to search files whose atime is over one year ago, we can write the command like the following:

find . -type f -atime +365

If we need to find files whose mtime is exactly 5 days ago, don’t include the +, cause it means “larger than”.

find . -type f -mtime 5

Obviously, the + means “larger than” and the - means “less than”. So we can search files whose ctime is between 5 and 10 days ago:

find . -type f -ctime +5 -ctime -10

3. Find Files by Their Sizes

The -size option gives us abilities to find files by specific sizes. We can specify its unit of measurement as the following conventions:

• b: 512-byte blocks (default)
• c: bytes
• w: two-byte words
• k: Kilobytes
• M: Megabytes
• G: Gigabytes

Similar to finding files by timestamps, the + means “larger than” and the - means “less than”. For example, to find files whose size is between 10 megabytes and 1 gigabyte:

find . -type f -size +10M -size -1G

4. Find Files by Permissions

Controlling permissions of files properly is a significant task for Linux administrators. The -perm option of the find command can help us search files by specific permissions:

find . -type f -perm 777

For instance, the above command search all files that have 777 permission, which means a file has all the read, write and executable permissions for its owner, group and all users.

5. Find Files by Their Ownership

This task is simple. We can just specify a user name with the -user option. For example, the following command will find all files that belong to yang:

find -type f -user yang

6. Execute Commands after Finding Files

In most cases, we would like to do some following operations after finding the files we need. Such as deleting them, checking details of them and so on. The -exec command makes all the things easier.

Now, to understand how to use it, let’s go back to the interview question mentioned before:

find . -type f -atime +365 -exec rm -rf {} \;

The above command after -exec option is rm -rf, which is for deleting files. The {} is a placeholder for the finding results.

Note: The placeholder {} is extremely important, especially if you would like to delete files. Cause if you don’t use it, the command will execute for all files instead of the files you just found by the find command.

To have a try, execute the following two commands on your terminal and check what’s different of their results:

One is using the placeholder:

find . -type f -atime +5 -exec ls {} \;

The other is not:

find . -type f -atime +5 -exec ls \;

A command following the -exec option must be ended by a semicolon. As we all know, escape characters are used to remove the special meaning from a single character. A backslash, \, is used as an escape character in Linux. So we use it for the semicolon character.

Conclusion

After reading the 7 usages of the find command, the interview question mentioned at the beginning seems very easy now. Can you write down its answer directly and explain it clearly now?

find . -type f -atime +365 -exec rm -rf {} \;

Thanks for reading. If you like it, please follow me and become a Medium member to enjoy more great articles. 🙂

Relative article: