|
find actions - Having found a set of one or more files, performing an action allows you to actually make changes; such as deleting the file or changing it's permissions. All actions have side effects and return a TRUE or FALSE value.
If you are dealing with a large quantity of files it is often much faster to execute a command by piping find into xargs
xargs, will bundle up the files and (almost always) run them through a single instance of the called program
find -exec, will run a seperate instance of the called program for each file.
Use operators to separate multiple actions. If the operator is omitted, -and is assumed, If the expression contains no actions other than -prune, -print is performed on all files for which the expression is true.
-delete
Delete files; returns TRUE if removal succeeds. If the removal fails, an error is issued.
-exec command ;
Execute command; returns TRUE if the command returns a status of 0.
All following arguments to find are taken to be arguments to the command until an argument consisting of ';' is encountered.The string '{}' is replaced by the current file name being processed everywhere it occurs in the arguments to the command, not just in arguments where it is alone, as in some versions of find.
Both of these constructions might need to be escaped (with a '\') or quoted to protect them from expansion by the shell.
See the example at the bottom of this page.The specified command is run once for each matched file. The command is executed in the starting directory. There are unavoidable security problems surrounding use of the -exec option; you should use the -execdir option instead.
-exec command {} +
This variant of the -exec option runs the specified command on the selected files, but the command line is built by appending
each selected file name at the end; the total number of invocations of the command will be much less than the number of matched files. The command line is built in much the same way that xargs builds its command lines. Only one instance of '{}' is allowed within the command. The command is executed in the starting directory.
-execdir command ;
-execdir command {} +
Like -exec, but the specified command is run from the subdirectory containing the matched file, which is not normally the directory in which you started find. This a much more secure method for invoking commands, as it avoids race conditions during resolution of the paths to the matched files.
As with the -exec option, the '+' form of -execdir will build a command line to process more than one matched file, but any given invocation of command will only list files that exist in the same subdirectory. If you use this option, you must ensure that your $PATH environment variable does not reference the current directory; otherwise, an attacker can run any commands they like by leaving an appropriately-named file in a directory in which you will run -execdir.
-fls file
True; like -ls but write to file like -fprint. The output file is always created, even if the predicate is never matched.
-fprint file
True; print the full file name into file file.
If file does not exist, it is created; if it does exist, it is truncated. The file names '/dev/stdout’ and '/dev/stderr'are handled specially; they refer to the standard output and standard error output, respectively. The output file is always created, even if the predicate is never matched.
-fprint0 file
True; like -print0 but write to file like -fprint. The output file is always created, even if the predicate is never matched.
-fprintf file format
True; like -printf but write to file like -fprint. The output file is always created, even if the predicate is never matched.
-ok command ;
Like -exec but ask the user first (on the standard input); if the response does not start with ?ey?f or ?eY?f, do not run the command, and return false.
-print True;
print the full file name on the standard output, followed by a newline. If you are piping the output of find into another program and there is the faintest possibility that the files which you are searching for might contain a newline, then you should seriously consider using the '-print0' option instead of '-print'
-okdir command ;
Like -execdir but ask the user first (on the standard input); if the response does not start with 'y' or 'Y', do not run the command, and return false.
-print0
True; print the full file name on the standard output, followed by a null character (instead of the newline character that '-print' uses). This allows file names that contain newlines or other types of white space to be correctly interpreted by programs that process the find output. This option corresponds to the '-0' option of xargs.
-printf format
True; print format on the standard output, interpreting '\' escapes and '%' directives. Field widths and precisions can be specified as with the 'printf' C function. Please note that many of the fields are printed as %s rather than %d, and this may mean that flags don't work as you might expect. This also means that the '-' flag does work (it forces fields to be left aligned). Unlike -print, -printf does not add a newline at the end of the string.
The escapes and directives are:
\a Alarm bell.
\b Backspace.
\c Stop printing from this format immediately and flush the output.
\f Form feed.
\n Newline.
\r Carriage return.
\t Horizontal tab.
\v Vertical tab.
\ ASCII NUL.
\\ A literal backslash ('\').
\NNN The character whose ASCII code is NNN (octal).
A '\' character followed by any other character is treated as an
ordinary character, so they both are printed.
%% A literal percent sign.
%a File's last access time in the format returned by the C 'ctime' function.
%Ak File's last access time in the format specified by k,
which is either '@' or a directive for the C 'strftime'
function. The possible values for k are listed below;
some of them might not be available on all systems, due
to differences in 'strftime' between systems.
@ seconds since Jan. 1, 1970, 00:00 GMT.
Time fields:
H hour (00..23)
I hour (01..12)
k hour ( 0..23)
l hour ( 1..12)
M minute (00..59)
p locale?fs AM or PM
r time, 12-hour (hh:mm:ss [AP]M)
S second (00..61)
T time, 24-hour (hh:mm:ss)
+ Date and time, separated by '+', for example
'2004-04-28+22:22:05'. The time is given in the
current timezone (which may be affected by set-
ting the TZ environment variable). This is a GNU
extension.
X locale's time representation (H:M:S)
Z time zone (e.g., EDT), or nothing if no time zone
is determinable
Date fields:
a locale's abbreviated weekday name (Sun..Sat)
A locale's full weekday name, variable length
(Sunday..Saturday)
b locale's abbreviated month name (Jan..Dec)
B locale's full month name, variable length
(January..December)
c locale's date and time (Sat Nov 04 12:02:33 EST 1989)
d day of month (01..31)
D date (mm/dd/yy)
h same as b
j day of year (001..366)
m month (01..12)
U week number of year with Sunday as first day of
week (00..53)
w day of week (0..6)
W week number of year with Monday as first day of
week (00..53)
x locale's date representation (mm/dd/yy)
y last two digits of year (00..99)
Y year (1970...)
%b File's size in 512-byte blocks (rounded up).
%c File's last status change time in the format returned by
the C 'ctime' function.
%Ck File's last status change time in the format specified by
k, which is the same as for %A.
%d File's depth in the directory tree; 0 means the file is a
command line argument.
%D The device number on which the file exists (the st_dev
field of struct stat), in decimal.
%f File's name with any leading directories removed (only
the last element).
%F Type of the filesystem the file is on; this value can be
used for -fstype.
%g File's group name, or numeric group ID if the group has
no name.
%G File's numeric group ID.
%h Leading directories of file?fs name (all but the last ele-
ment). If the file name contains no slashes (since it is
in the current directory) the %h specifier expands to
".".
%H Command line argument under which file was found.
%i File's inode number (in decimal).
%k The amount of disk space used for this file in 1K blocks
(rounded up). This is different from %s/1024 if the file
is a sparse file.
%l Object of symbolic link (empty string if file is not a
symbolic link).
%m File's permission bits (in octal). This option uses the
'traditional' numbers which most Unix implementations
use, but if your particular implementation uses an
unusual ordering of octal permissions bits, you will see
a difference between the actual value of the file?fs mode
and the output of %m. Normally you will want to have a
leading zero on this number, and to do this, you should
use the # flag (as in, for example, '%#m').
%n Number of hard links to file.
%p File's name.
%P File's name with the name of the command line argument
under which it was found removed.
%s File's size in bytes.
%t File's last modification time in the format returned by
the C 'ctime' function.
%Tk File's last modification time in the format specified by
k, which is the same as for %A.
%u File's user name, or numeric user ID if the user has no
name.
%U File's numeric user ID.
%y File's type (like in ls -l), U=unknown type (shouldn't
happen)
%Y File's type (like %y), plus follow symlinks: L=loop,
N=nonexistent
%Z (SELinux only) file's security context.
A '%' character followed by any other character is discarded
(but the other character is printed).
The %m and %d directives support the # , 0 and + flags, but the
other directives do not, even if they print numbers. Numeric
directives that do not support these flags include G, U, b, D, k
and n. The '-' format flag is supported and changes the align-
ment of a field from right-justified (which is the default) to
left-justified.
-prune
If -depth is not given, TRUE; if the file is a directory, do not descend into it. If -depth is given, FALSE; no effect.
-quit
Exit immediately. No child proceses will be left running, but no more paths specified on the command line will be processed.
For example, find /tmp/foo /tmp/bar -print -quit will print only /tmp/foo. Any command lines which have been built up with
-execdir ... {} + will be invoked before find exits.
The exit status may or may not be zero, depending on whether an error has
already occurred.
-ls True;
list current file in ?els -dils?f format on standard output. The block counts are of 1K blocks, unless the environment vari-
able POSIXLY_CORRECT is set, in which case 512-byte blocks are used.
Examples
Run 'file' on every file in or below the current directory:
find . -type f -exec file '{}' \;
Notice that the braces are enclosed in single quote marks to protect them from interpretation as shell script punctuation. The semicolon is similarly protected by the use of a backslash, though ';' could have been used in that case also.
Find files named 'core' in or below the directory /tmp and delete them:
find /tmp -name core -type f -print | xargs /bin/rm -f
Note this will work incorrectly if there are any filenames containing newlines, single or double quotes, or spaces. (Replace print with print0 to handle such filenames) The -name test comes before the -type test in order to avoid having to call stat(2) on every file.
Traverse the filesystem just once, listing setuid files and directories into /root/suid.txt and large files into /root/big/txt.
find / ( -perm +4000 -fprintf /root/suid.txt '%#m %u %p\n' ) , \
( -size +100M -fprintf /root/big.txt '%-10s %p\n' )
"Instead of getting married again, I'm going to find a woman I don't like and just give her a house." - Lewis Grizzard
Related Linux Bash commands:
find - Search a folder hierarchy for filename(s) that meet a desired criteria.
grep - Search file(s) for lines that match a given pattern
xargs - Execute utility, passing constructed argument list(s)
Equivalent Windows XP command:
DIR /b /s - Display a list of files and (sub)folders
