Hi Hackers! Today we will learn about finding files in Linux. Finding a important file with one command will save you much more time if you're in a tight schedule. How to find files quickly in Linux? When you ask google this question and google brings you here, then it's my responsibility to teach some cool tricks to find a file quickly. So let's get started.
There are so many files in a operating system. Sometimes it's hard to find a specific file. So what you can do is, you can manually look for the file or be smart. We have some weapons in our arsenal to find files in Linux such as locate, whereis, which, find. Let's see some examples, shall we?
With locate, whereis and which, all you have to do is give the file name. Then they will carry out from there. And you can also check out there help menu. You know how to see a command's help menu, right?
$ locate [target_file]
$ whereis [target_file]
$ which [target_file]
To get the help menu,
$ locate -h or locate --help [whichever works]
But Find is the most flexible one. You can do whatever you want with find. You can specify where that file can be, which type of file, name of the file, extension of the file. Awesome!, right? We should see the help menu of find command. Then we will jump into the examples.
Basic Commands
The syntax of the command is simple:
find [where_to_look] [which_to_look]
First you fire up find , then tell where that file can be you're looking for and last but not least, specify the file name.
$ find / -name note.txt
Here, / is used for searching the whole filesystem. You can also use directory name.
-name is used for specifying the file name or a certain pattern.
You can also -type flag.
-type is used for specifying file type. You can use d to find directories or f to find files. Wildcards are allowed in these commands.
You can also use -iname instead of -name. The only difference between them is case sensitivity. -iname is case sensitive.
Examples:
$ find / -type f -name "*.php"
This command will find all the files that have .php extension.
$ find /home -type f -iname hacker.txt
This command will find the file named "hacker.txt" in /home directory. -iname is used because the file name is case-sensitive.
$ find / -type d -name "reverse"
This command will find directories that have "reverse" in their name.
Advance Commands
We learned some basic commands but that's not enough. Don't worry. With find, you can also specify the owner, the size, the permissions and the time the file was last accessed/modified.
You can specify size with -size flag. The size flag takes number followed by size type. Suppose, the number is n. So you can specify -n, +n and n. And as for size types, c represents Bytes, k represents KB and M represents MB. Also, -n means smaller than n, +n means greater than n and n means exactly n.
Example:
$ find / -type f -size +30k
This means find files which are greater than 30 KB.
To specify permissions, you need to use
-perm flag. You can specify permission in octal form(421) or symbolic form(-u=r). If you don't know about that octal formation, you can see my
TryHackMe Linux Fundamentals Part 2 walkthrough. I have explained there about file permissions. If you specify the permission mode as 421 or -u=r, then find will only return files exactly with those permissions. There is a way to increase your search range, the
- and
/ prefix. Those are used to make your search more inclusive. Using the
- prefix will return files with at least the specified permissions. That means -111 will return files that are executable by everyone even if someone also has read and/or write permissions.
/ prefix will return files that match any of the permissions that has been set. Suppose, you set /444. Now it will match files that are readable by at least one of the groups(Owners, groups and others).
You can also make time-based search. This is little bit complex than the above two. But human can do anything. Let's get into this. You can search by minutes and days which are represented by min and time flag. These two need prefixes such as a, m and c. a is for accessing a file, m is for modifying a file and c is for changing a file. Suppose you want a file that was accessed more than 15 minutes ago. Then, the option will be -amin +15. A file was modified in less than 15 days ago. Then, -mtime -15. And a file was changed within 24 hours, then the option will be -ctime 0.
To sum up: First you have to give a state; If accessed then a, If modified then m, If changed then c. Then you have to specify time by min or time flag. min is for minutes and time is for days. And at last, give a number with +(if it's larger) or -(if it's lesser) or nothing(If you know exact time).
Examples:
$ find / -type f -user bucky
This command will find files owned by the user "bucky".
$ find / -type f -size 150M
This command will find files that is exactly 150MB.
$ find /home -type f -size -30c -name "*.php"
This will find files in the home directory for php files and whose size are less than 30bytes.
$ find / -type f -perm 744
This will find files which are readable, writable and executable by the owner and readable by others.
$ find / -type f -perm /444
This will return files that are at least readable by anyone.
$ find / -type f -perm -o=w -name "*.sh"
This will match all files with write permission for the group "others", regardless of any other permissions, with extension ".sh"
$ find /usr/bin -type f -user root -perm -u=s
This will return all files in the /usr/bin directory (recursive) that are owned by root and have at least the SUID permission
$ find / -type f -atime +10 -name "*.png"
This will find all files that were not accessed in the last 10 days with extension ".png"
$ find /usr/share -type f -mmin -120
Find all files in the /usr/share directory (recursive) that have been modified within the last 2 hours.
You can save the results of the find command in a file using > operator. If you want error free result, you can use 2>/dev/null . It will suppress the output of any possible errors to make the output more readable.
If you want to execute command also, it has -exec flag. You can specify command with this flag.
We can talk about it in another time. That's all for today. Practice and learn the usage of find command.
Reference:
🔗TryHackMe | The find command
Happy Hacking!!!😊😊
No comments