Quick Tips to Find Files on Linux File System
One of the first hurdles that every Linux newbie working on Command Line Interface (CLI) bumps into is finding files on the file system. Administrators who switch from Windows environment are so much used to the click-n-find mentality that discovering files via Linux CLI is painful for them. This tutorial is written for those friends who work on Linux and don’t have the luxury of Graphical User Interface (GUI).
I started playing with Linux during my internship, working with Snort (Intrusion Detection System), Nessus (Vulnerability Scanner) and IPTables (Firewall). Like most of programs, these tools also have quite a few configuration files. Initially, it was difficult for me to remember path to each file and I started to use the power of ‘find’ and ‘locate’ commands which I will share with you in this tutorial.
Method 1: LOCATE
Before we start playing around with LOCATE command, it’s important to learn about “updatedb”. Every day, your system automatically via cron runs updatedb command to create or update a database that keeps a record of all filenames. The locate command then searches through this database to find files.
This database is by default stored at /var/lib/mlocate/mlocate.db. Obviously we are curious to what this database looks like, so first I do ls -lh to find the size of this file.
Since this is in db format, I doubt if we would see anything legible with a “cat” command. So instead I used a string command, which threw a lot of file names on the string (132516 to be exact). Hence, I used grep to only see filenames which have lighttpd – a web server installed on my system.
But, of course this is not the right way to do searches. This we did just to see what updatedb is doing. Now let’s get back to “locate”. Remember that since locate is reading the database created by updatedb, so your results would be as new as the last run of updatedb command. You can always run updatedb manually from the CLI and then use the locate command.
Let’s start exercising this command by searching for commands. I start by looking for pdf documentation files for “snort”. If I just type in “locate snort” it gives me 1179 file names in result.
[root@localhost:~] locate snort | less
/etc/snort
/etc/snort/rules
/etc/snort/rules/VRT-License.txt
/etc/snort/rules/attack-responses.rules
/etc/snort/rules/backdoor.rules
/etc/snort/rules/bad-traffic.rules
/etc/snort/rules/cgi-bin.list
/etc/snort/rules/chat.rules
/etc/snort/rules/classification.config
/etc/snort/rules/ddos.rules
/etc/snort/rules/deleted.rules
....
But, I want the documentation files which I already know are in PDF format. So now I will use power or regular expressions to further narrow down my results.
The “–r” options is used to tell “locate” command to expect a regular expression. In the above case, I use pdf$ in regex to only show me files which end with pdf.
Remember that updatedb exclude temporary folders, so it may not give you results as you expect. To remove these bottlenecks comes the command “find”.
Method 2: Find
Find command is the most useful of all commands I have used in my few years of managing Linux machines. Still this command is not fully understood and utilized by many administrators. Unlike “locate” command, “find” command actually goes through the file-system and looks for the pattern you define while running the command.
Most common usage of “find” command is to search for a file with specific file name.
Like “-name” find command has other qualifiers based on time as show below. These are also very helpful if you are doing forensic analysis on your Linux machine.
- -iname = same, as name but case insensitive
- -atime n = true, if file was accessed n days ago
- -amin n = true, if file was accessed n minutes ago
- -mtime n = true, if file contents were changed n days ago
- -mmin n = true, if file content were changed n minutes ago
- -ctime n = true, if file attributes were changed n days ago
- -cmin n = true, if file attributes were changed n minutes ago
To make reader understand these qualifiers, I created a file with name “foobar.txt” four minutes back and then I run “find /root -mmin -5” to show me all files in /root folder where last modification time is less than 5 minutes and it shows me the foobar.txt file. However, if I change the value of –mmin to less than 2 minutes, it shows me nothing.
There is another very useful qualifier, which searches on file size.
Some other qualifiers that I always use while administering Linux servers are:
- -regex expression = select files which match the regular expression
- -iregex expression = same as above but case insensitive
- -empty = select files and directories which are empty
- -type filetype = Select file by Linux file types
- -user username = Select files owned by the given user
- -group groupname = Select files owned by the given group
There are few more qualifiers, but I leave those as homework for you to read the manpage and enhance your knowledge.
NOTE: One thing you will notice is that “locate” runs at super fast, that’s because it is looking from a database file rather than actually traversing the file system.
This was a very short and crisp introduction to find and locate commands, but these are the most important commands for any administrator. Once you get used to them, you will wish there was something similar and so powerful in windows.
cool, thanks
cool, thanks
scares me
the graphical explanation already scares me, hope I don't have to switch to Linux :P
Using locate and find in Windows
This was a very short and crisp introduction to find and locate commands, but these are the most important commands for any administrator. Once you get used to them, you will wish there was something similar and so powerful in windows.
If you want the power of these commands and lots of other Linux based CLI (and a few GUI) tools in a Windows environment, you should definitely check out the Cygwin enironment. Of course, if you have the opportunity to run Linux as your main OS, more power to you.
Nice intro
Nice introduction to some very useful commands, but it should be noted that you really don't want to be logged in as root unless you're doing something that requires root privileges.
Absolutely Correct
Nice Catch ! You are absolutely correct, IIRC I sudo'ed to run "updatedb" command and never exited :(
...and people wonder why
...and people wonder why windows rulz the world,
even tho your chopsticks are cool, when it comes down to eating the meal, most of the world will still use the fork
...if you can't figure out why, look ^
bad analogy
The chinese population is 1 billion. they use chopstick
The indian population is 5 times the american, they use their hands.
Now if you really think about it, your fork users are pretty small.
So before you make a stupid analogy like that think first.
If you ever have to administer hundred of machines, linux is the most efficient. Try open up a few terminal service connection and your administration computer will be screwed. With linux, an ssh connection gives you flexibility and power with tiny overhead.
Windows rulz the world because people like you who are stupid to understand anything other than point and click.
Why assume Linux lacks a fork?
A typical Linux distribution provides several different file search systems. If all you want to do is to find a particular letter you wrote, or a particular photograph you took, you can use an indexing search system like Beagle. Under Ubuntu, this is as easy as clicking the Places menu, then clicking Search, and typing in some keywords into the search box. This is equivalent to Spotlight under OSX, or Vista's desktop search.
If you want to perform more complex searches involving regular expressions, greps, pipes or whatever, then you have the option to do that too, as this article demonstrates. Linux not only provides chopsticks, but also enough cutlery to sate even the most pedantic of gourmets. There are areas where Linux lags behind Windows, but file searching isn't really one of them.
Linux has a fork!
Hey, Linux has a fork() and a spork()!
just what i needed!
many thanks for this excellent tutorial!
Wow, this was very helpful.
Wow, this was very helpful. Yes, you're very correct about searching for files in Linux compared to Windows. I'm still somewhat of a newbie to Linux, but that was one of the hardest things for me to do, until now. Many thanks!
wild cards in -name
Don't forget that you can also do:
$find . -name snort\*.pdf
For those times when you can't remember the full name, and a regex would be overkill.
Great tips
Great tips to using the CLI tools, but one has to remember that today we've got really powerful GUI search tools, like Beagle, which instantly indexes documents if inotify is present (just like Spotlight on the Mac and the new Windows Vista search). (See: http://www.beagle-project.org/)
rlocate!
Slocate (the locate used here) has to be updated all the time....try out rlocate, it runs as a kernel module and keeps track of all the filesystem changes so you never have to run updatedb manually again.
http://rlocate.sourceforge.net
rlocate?
Unfortunately it's not compatible with SELinux enabled systems (the author recommends disabling same), so until that hurdle has been, well, hurdled...
Windows users
As a duel-user (but Linux noob) I can see both sides of the XP-Linux argument when it comes to which is best. The Linux search options are powerful but you need to get your hands a bit dirty to really make use of them, whereas with XP you have the convenience of a GUI and more user-friendly options - it all depends what people want from their computers. Linux-users tend to enjoy fiddling and using computers for the sake of using them, which is fine (I am one of them to an extent) but most pc-users want their computer to be a tool to achieve something else, and for this reason I totally see why learning technicalities, for them at least, is a pain in the ass.
Once the Linux community has reached the XP standard of driver location/installation, etc. then they will be a true rival of Vista for the common man (or woman!).
Windows don't use any
Windows don't use any standard, look the directory system, its a mess. Don't apply to File Hierarchy System. So they only want to break the O/S standards.
Windows do not apply to any
Windows do not apply to any standard, only follow his owns rules, look at the file system, don't apply to FHS (File Hierarchy System). They break the international standard. And that its only the beginning.
so does linux ;-)
Lol funny you say windows doesn't apply to any standard.
On which planet do you live?
It really pisses me of this ongoing battle between *NIX and WIN and OS X users. Some like one OS and other like another OS. But to write some pro and con arguments you first have to try an OS out (for at least few months).
Did you even read all the comments?
Linux users have Beagle which is (IMHO) much better than XP file search. I use both OS's all the time and times when *NIX was unusable for non technical users are past. Vista has a comparable search tool. But XP? Hell no.
As for driver location / installation: have you recently really tried a Linux distro like Ubuntu? Because Ubuntu also finds hardware that XP is unable to find it even with updates (and vice versa).
And yes: I'm primarily the Win XP user. I use various *NIX distros for workstations and servers. And I have few Win servers. I'm considering myself the technical user.
But my dad who's using a PC for about 5 years prefers Ubuntu over XP. He says it's easier to get around (especially installing new software and upgrading and living without spyware and viruses) :). So he's a nontechnical user, using PC for web browsing, chat, reading emails and sometimes write something in a word processor! Is he using Linux for the sake of using it? No. Is he learning complex CLI tools? No. For what he needs Linux is way too much. And Windows as well. But financially Ubuntu was cheaper (he doesn't care about OSS). Does he need MS office or OOo? Neither one of them, and I could go on forever ...
And now what. Is Honda better than GMC? For some users yes. And for other no. But some don't like either one of them. That's why we have other companies to fill the niches.
Xp does have a comparable search tool.
Search for IndexingServices integrated at least since NT 4.0
;-)
"living without spyware and viruses" -> teach him how to surf!
Locate file with specific text inside a file using "find"
find / -type f -exec grep "text" {} /dev/null \;
Very useful when you have no idea where or what the file name is but know of some "text" string inside the file.
Just use piping.
Piping it is a HECK of a lot easier... especially for people like me who don't quite grasp regular expressions yet.
Just do this:
locate blah | grep .pdf
And that's it!
graphics
Can you explain what tool(s) you used to annotate the screenshots?
Used Paint.Net
Paint.NET is free image editing and photo manipulation software designed to be used on computers that run Windows. It supports layers, unlimited undo, special effects, and a wide variety of useful and powerful tools.
http://www.getpaint.net/index2.html
Any tool
Is there any tool with which i can search the contents of file rather than just file names. E.g searching for a string "pracheer gupta" in all the files of a directory?
pracheer gupta
Any tool
Grep will work or midnight commander
bill
grep -- you need the right options
grep is extremely powerful, but you need to know how to use the switches.
The command you want is: grep -r "pracheer gupta" *
That tells grep to look recursively (the -r option does this) for the string "pracheer gupta" in all files in the directory (the * does this)
use the grep --help command for your full list of options.
you can add options together, so grep -rn would both search recursively and add line numbers to the output.
If you just wanted to look for the string in all files in the current directory only, use grep "pracheer gupta" *
Awsome!
Awesome, so many time searching for something like this.
weird font
Can anyone read the commands he uses in the article above (awesome article by the way)? Here's what I'm seeing in FireFox, IE & Opera:
The “–r†options is used to tell “locate†command to expect a regular expression. In the above case, I use pdf$ in regex to only show me files which end with pdf. Remember that updatedb exclude temporary folders, so it may not give you results as you expect. To remove these bottlenecks comes the command “findâ€Â.
Any ideas? Thanks...
Database bug
We just upgraded our mysql database, which caused this problem. Thanks for bringing this to our attention - the problem has been fixed now.
hii
thank you, that was a good lesson on find and locate. I found it very useful
thanks
Best regards,
eliena andrews
Simply and Superb
Yes, This is simply and superb article for search file. Thank you..
thanks,
Avin
Very Helpful
Thank you for highlighting several methods. Locate works for me after the updatedb and is superfast.
Find works great to.
Post new comment