{"id":49,"date":"2022-03-19T21:14:00","date_gmt":"2022-03-20T01:14:00","guid":{"rendered":"http:\/\/triosdevelopers.com\/J.Smith\/rjeffsmith.ca\/wordpress\/?p=49"},"modified":"2025-08-11T12:23:21","modified_gmt":"2025-08-11T16:23:21","slug":"using-the-find-command","status":"publish","type":"post","link":"https:\/\/triosdevelopers.com\/J.Smith\/rjeffsmith.ca\/wordpress\/?p=49","title":{"rendered":"using the ‘find’ command"},"content":{"rendered":"\n
Using the find command<\/strong>
find ~\/bin -iname filename<\/code><\/pre>\n\n\n\n
or:<\/p>\n\n\n\n
find ~\/bin -iname \"filen*\"<\/code><\/pre>\n\n\n\n
Moving large number of files<\/strong>
find \/source\/directory -mindepth 1 -maxdepth 1 -name '*' -print0 | xargs -0 mv -t \/target\/directory;<\/code><\/pre>\n\n\n\n
using find with rename recursively<\/strong>
find . -depth -exec rename -v 's!\\texttoremove\/newtext\/' {} +
you may have to run it twice if the subfolders get renamed in the process
or:
find . -type f -iname \"Ghost*\" -exec rename -v 's\/S02\\ E\/S02E\/g' {} \\;<\/code><\/pre>\n\n\n\n
move files from subfolders to parent folder<\/strong><\/p>\n\n\n\n
Move to target folder and execute:<\/p>\n\n\n\n
find . -mindepth 2 -type f -print -exec mv {} . \\;<\/code><\/pre>\n\n\n\n
Delete empty directories<\/strong><\/p>\n\n\n\n
find . -empty -type d -delete<\/code><\/pre>\n\n\n\n
Delete empty files<\/strong><\/h3>\n\n\n\n
find . -empty -type f -delete<\/code><\/pre>\n\n\n\n
Command<\/strong>\nfind \/tmp -name “foo.txt” ##Find a file a called foo.txt in \/tmp\nfind \/tmp -iname “foo.txt” ##Find a file (case insensitive) called foo.txt in \/tmp\nfind \/tmp -name “foo*” ##Find a file starting with the substring foo\nfind \/tmp -regex “.*f.*t” ##Find regex pattern (regex must include the full path)<\/p>\n\n\n\n
Time<\/strong>
-mtime -7 ##Modified within the last 7 days
-mtime +1 -mtime -7 ##Modified more than 1 day ago, but no more than 7
-daystart ##Start from today rather than from 24 hours ago

Recursion<\/strong>
-maxdepth levels : Descend at most levels (a non-negative integer) levels of directories below the starting-points. -maxdepth 0 means only apply the tests and actions to the starting-points themselves.
-mindepth levels : Do not apply any tests or actions at levels less than levels (a non-negative integer). -mindepth 1 means process all files except the starting-points.

-maxdepth 2 ##Go no more than 2 subdirectories deep during search
-mindepth 4 ##Ignore results that are less than 4 subdirectories deep
-mount -xdev ##Don’t search directories contained on another filesystem

Other attributes<\/strong>
-uid 1000User ID is 1000
-user tux User name is tux
-writable -readable File is writable, readable
-perm u=rwx -perm 700Permissions are exactly 700
-perm -u+w,g+w -perm -220User or group has write permission –
-perm \/a+w -perm \/222 At least one permission is set to write \/
-size +5M File is larger than 5 MB
-true Always true

Actions<\/strong>
-exec grep foo {} \\; Execute grep on each file found
-ok sed ‘s\/foo\/bar\/g’ {} \\; Prompt user to execute sed on each file found
-execdir chmod 700 {} \\; Run chmod (in subdirectory of result) on each file found
-fprint Add a newline to output -fprint0Do not add a newline
-ls Print results in ls -dils format
-fls output.txt Write results, in ls -dils frormat, to output.txt
-fprint -fprint0Write output to out.txt …with no newline
-prune Don’t descend into subdirectories
-quit Quit (usually used after other actions)\u00a0<\/p>\n\n\n\n
Find multiple files in Linux<\/strong><\/p>\n\n\n\n
The find<\/code> command is used in various ways. One thing you don’t want to do as a system administrator is work harder than you need to. Instead of running the same command to search for one file over and over, you can use the find<\/code> command to locate multiple files at the same time.<\/p>\n\n\n\n
sudo find \/home -type f -name file.txt -exec {} \\;<\/pre>\n\n\n\n
This one-liner can be broken down. I find it best almost to read it as a sentence:<\/p>\n\n\n\n
    \n
  • searching the \/home<\/code> directory<\/li>\n\n\n\n
  • searching for a file (-type f<\/code>) or a directory (-type d<\/code>)<\/li>\n\n\n\n
  • filename is file.txt (-name file.txt<\/code>)<\/li>\n\n\n\n
  • executing another command from the previous output<\/li>\n<\/ul>\n\n\n\n
    Find large files in Linux<\/strong><\/p>\n\n\n\n
    You can also use find<\/code> to discover large files in Linux. Finding large files has proven helpful to me in the long run. find<\/code> can help to locate large files quickly, such as backups and ISO files.<\/p>\n\n\n\n
    sudo find \/ -type f -size +500000k -exec ls -lh {} \\;<\/code><\/pre>\n\n\n\n
    This one-liner can be broken down:<\/p>\n\n\n\n
      \n
    • searching the \/<\/code> directory<\/li>\n\n\n\n
    • searching for a file (type -f<\/code>)<\/li>\n\n\n\n
    • searching for a file larger than 500000k<\/code><\/li>\n\n\n\n
    • executing the command ls -lh<\/code> on the files found in the previous output<\/li>\n<\/ul>\n\n\n\n
      Find specific file types in Linux<\/strong><\/p>\n\n\n\n
      Another good method is to locate file extensions using the find<\/code> command. I find this helpful, as it has shown me ways of finding specific files with only a specific keyword. In this case, the example below is looking for files that only contain a specific extension:<\/p>\n\n\n\n
      sudo find \/ -type f \\( -name \"*.sh\" -o -name \"*.txt\" )<\/code><\/pre>\n\n\n\n
      To dissect this:<\/p>\n\n\n\n
        \n
      • searching in the \/<\/code> directory<\/li>\n\n\n\n
      • searching for a file (-type f<\/code>) or a directory (-type d<\/code>)<\/li>\n\n\n\n
      • searching for a file name that is a wildcard but ends with the extension .sh<\/code> or .txt<\/code><\/li>\n<\/ul>\n\n\n\n
        Find modified files in Linux<\/strong><\/p>\n\n\n\n
        The last example shows how to find<\/code> a file modified in the last 50 days. This can be helpful when you need to locate recently modified files due to a security reason or if there are unwanted users on the network accessing other files.<\/p>\n\n\n\n
        sudo find \/ -type f -ctime +50 -exec rm -f {} \\;<\/code><\/pre>\n\n\n\n
        The command above shows:<\/p>\n\n\n\n
          \n
        • searching in the \/<\/code> directory<\/li>\n\n\n\n
        • searching for a file (-type f<\/code>) or a directory (-type d<\/code>)<\/li>\n\n\n\n
        • searching for files older than 50<\/code> days<\/li>\n\n\n\n
        • executing the command rm -f<\/code> on the files found in the previous output<\/li>\n<\/ul>\n\n\n\n
          This can help remove those malicious files all in one go. You just have to make sure that the files you select are the files you want to remove. One way to check is to run the command without the exec<\/code> section to see the files that come up in the output. If there are a large number of files, redirect the output into a file:<\/p>\n\n\n\n
          find \/ -type f -ctime +50 > files.txt<\/code><\/pre>\n\n\n\n
          The content can be reviewed and verified before you run a one-liner that removes the \/etc<\/code> folder. Not ideal.<\/p>\n\n\n\n
           check out:   find . -criteria etc -print0 | xargs -0 command\n(might be safer than -exec stuff)<\/pre>\n\n\n\n
          List Symlinks<\/strong><\/p>\n\n\n\n
          sudo find \/ -type l<\/code><\/pre>\n\n\n\n
          Finding files by size<\/strong><\/p>\n\n\n\n
          find -size +1G -ls 2>\/dev\/nullthe +1G means \"larger than a gigabyte\"<\/code><\/pre>\n\n\n\n
          Finding files by inode number<\/strong><\/p>\n\n\n\n
          find -inum 919674 -ls 2>\/dev\/null919674 is the inode number<\/code><\/pre>\n\n\n\n
          Finding files with a specific file owner or group<\/strong><\/p>\n\n\n\n
          find \/home -user bob -name \"*.png\"-lsfind \/tmp -group admins -ls<\/code><\/pre>\n\n\n\n
          Finding files with no owners or groups<\/strong><\/p>\n\n\n\n
          find \/tmp -nouser -ls<\/code><\/pre>\n\n\n\n
          Finding files by last update time<\/strong><\/p>\n\n\n\n
          find \/home\/bob -mtime -1<\/code><\/pre>\n\n\n\n
          Finding files by when permissions were last changed<\/strong><\/p>\n\n\n\n
          find . -ctime -1 -ls<\/code><\/pre>\n\n\n\n
          Finding files based on last access times<\/strong><\/p>\n\n\n\n
          find -name \"*.pdf\" -atime -2<\/code><\/pre>\n\n\n\n
          Finding files based on their age relative to another file<\/strong><\/p>\n\n\n\n
          find . -newer dig1 -ls<\/code><\/pre>\n\n\n\n
          Finding files by type<\/strong>
          b block (buffered) special<\/p>\n\n\n\n
          c character (unbuffered) special<\/p>\n\n\n\n
          d directory<\/p>\n\n\n\n
          p named pipe (FIFO)<\/p>\n\n\n\n
          f regular file<\/p>\n\n\n\n
          l symbolic link<\/p>\n\n\n\n
          s socket<\/p>\n\n\n\n

          find . -type l -ls<\/p>\n\n\n\n
          Limiting how deeply find should look<\/strong><\/p>\n\n\n\n
          The -mindepth and -maxdepth options control how deeply into the file system the search will look (from the current location or starting point).
          find -maxdepth 3 -name “*loop”<\/p>\n\n\n\n

          Finding files only if empty<\/strong><\/p>\n\n\n\n
          find . -maxdepth 2 -empty -type f -ls<\/p>\n\n\n\n
          Finding files by permissions<\/strong><\/p>\n\n\n\n
          find -perm 777 -type f -ls<\/p>\n\n\n\n
          Using find to help you get rid of files<\/strong><\/p>\n\n\n\n
          find . -name filename -exec rm {} \\;<\/p>\n\n\n\n
          The {} represents the name of each of the files located by the search criteria.<\/p>\n\n\n\n
          replace -exec with -ok if you want it to ask for a confirmation before it removes any file.<\/p>\n\n\n\n
          find . -name runme -ok rm -rf {} \\;<\/p>\n\n\n\n
          <\/p>\n","protected":false},"excerpt":{"rendered":"
          or: move files from subfolders to parent folder Move to target folder and execute: Delete empty directories Delete empty files Command find \/tmp -name “foo.txt” ##Find a file a called foo.txt in \/tmp find \/tmp -iname “foo.txt” ##Find a file (case insensitive) called foo.txt in \/tmp find \/tmp -name “foo*” ##Find a file starting with […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[15],"tags":[],"class_list":["post-49","post","type-post","status-publish","format-standard","hentry","category-file-management"],"_links":{"self":[{"href":"https:\/\/triosdevelopers.com\/J.Smith\/rjeffsmith.ca\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/49","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/triosdevelopers.com\/J.Smith\/rjeffsmith.ca\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/triosdevelopers.com\/J.Smith\/rjeffsmith.ca\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/triosdevelopers.com\/J.Smith\/rjeffsmith.ca\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/triosdevelopers.com\/J.Smith\/rjeffsmith.ca\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=49"}],"version-history":[{"count":5,"href":"https:\/\/triosdevelopers.com\/J.Smith\/rjeffsmith.ca\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/49\/revisions"}],"predecessor-version":[{"id":308,"href":"https:\/\/triosdevelopers.com\/J.Smith\/rjeffsmith.ca\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/49\/revisions\/308"}],"wp:attachment":[{"href":"https:\/\/triosdevelopers.com\/J.Smith\/rjeffsmith.ca\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=49"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/triosdevelopers.com\/J.Smith\/rjeffsmith.ca\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=49"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/triosdevelopers.com\/J.Smith\/rjeffsmith.ca\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=49"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}