Open in app

Sign in

Write

Sign in

How to find in Linux ?

sanket salavi
4 min readOct 15, 2020

Modern operating systems hold a lot of files. It’s not uncommon for an operating system with just one user to store over 100,000 files on its disk. (At the time of writing my laptop is home to 1,268,988 files.) Which means virtually every computer’s disk has become a haystack and any file we did not store in an organized way (that we still remember) becomes the proverbial needle.

Luckily there are several tools which will help us find files on our computer. The right tool for the job will depend on what sort of file we want to find and what parameters we can supply to help the system find our data.

In instances where we know the name of a program, such as ls, grep, or systemctl, but do not know the directory it is in, we can use the which command to find it. The which program takes the name of a command and tells us its full pathname, as shown below:

which grep
/bin/grep

In cases where we know part of a filename, but not its full location, or perhaps even its full name, most distributions can use the locate command to find files with similar names. Let’s say I want to find any document with the term “tax” in the name. I can locate any matching files using locate as follows:

locate tax

The above command will return files with names like the following:

/usr/share/yelp-xsl/js/jquery.syntax.js
/usr/include/netax25
/home/jesse/Documents/income-tax.ods

Chances are the only file in the above list we really wanted was the last one. So if we are getting dozens or hundreds of matches we can use the grep command to filter down the results. For instance, the following command also looks for files with the term “tax” in the name, but then filters down the results to only show results in my home directory:

locate tax | grep /home/jesse

In this next example, I want to find all songs on my computer with the word “love” in the title. The “love” keyword will show up in many system files, so I modify the locate command to only show items it finds in my Music folder:

locate love | grep Music

In this case I was missing some entries that I thought should appear and it turned out that, since Linux filenames are case-sensitive, that locate was not finding songs with “Love” or “LOVE” in the title, only “love”. To fix this, we can use the “-i” parameter to tell locate to ignore case-sensitivity.

locate -i love | grep Music

The locate command has the advantage of being very fast. It returns results quickly because it is not examining the available files on the disk when it is run, it is looking through a database of filenames that are updated periodically. This means locate is ideal at finding information that is a day or more older, and it is good at finding matching filenames, but it is not useful for finding brand new files or files with specific characteristics. For special cases like these we will want to use the find command.

The find command accepts a location where it will look for files, followed by flags that tell it how to narrow its search. To find a file with a specific series of characters in the name we can use the “-iname” parameter. For instance, here I look for any files with the “.html” extension in my Documents directory. The “*” matches any characters, so this example finds any files with names that end with “.html”:

find ~/Documents -iname “*.html”

We can also search for files based on when they were last modified. This is useful when looking for new files we want to add to a backup. For instance, this find command looks for all files in our home directory that have been created or modified in the past seven days:

find ~/ -mtime -7

The “-7” in this case means we want to see files changed less than seven days ago. We can reverse the logic and look for files more than a week old by using “+7”:

find ~/ -mtime +7

The find command can also locate files based on which permissions they have. Permissions are passed to find the same way they are passed to chmod. Programs that retain root permissions when they are run are especially powerful and we might want to know if any of them are on the system. Special executables, such as sudo and firejail, will show up when we look for programs with the set user identity (setuid) permission. Here we can search for setuid programs:

find /usr -perm -4000

Searching the entirety of the /usr directory is likely to take a long time. We can narrow our search to using just our user’s path (the locations where the system will look for programs) by performing the following search:

find $(echo $PATH | tr ‘:’ ‘ ‘) -perm -4000

The above command filters out the separating colon characters from our user’s PATH variable and uses the locations included in the path to narrow our search for powerful setuid programs that may be used to elevate permissions.

The find command allows for multiple parameters to be used. For instance, we can combine looking for specific strings of characters and modification times. This example looks through my Documents directory for new text (txt) files that are less than a week old:

find ~/Documents -mtime -7 -iname “*.txt”

The above command is especially useful if we know we created a file recently, but completely forgot what it was named.

Commands
Linux
Tech
Tutorial
India

--

--

sanket salavi

Written by sanket salavi

13 Followers

Investigator of nerdy stuff !! Programmer , Linux super user , developer ,hacks !!

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams