[Linux acquaintance] file search (locate/find)

When using the linux operating system, when we forget the location of a file storage before, but know its file name or vague file name, we can find it through the file search tool. linux provides two commonly used search tools, location and find. In daily use, the latter is more powerful and more real-time than the former. Here we will These two tools talk about how they are used.

 

Locate

Loce is a built index library based on the implementation (the index library can be understood as a collection of file paths). The location of the index library is in the / var/lib/mlocate/mlocate.db file. The system usually updates automatically once a day or manually with updatedb. It should be noted that the construction process of the index library needs to traverse the entire file system, which consumes system resources.

Loce is characterized by faster lookup speed, much faster than find, because it is only looking for index libraries, and find traverses the path of the entire file system. The disadvantage of location is that it's not real-time search, which means that if you just created a file, but you forget its path and remember its name, then it's not recommended to use location at this time, because the index database is not updated, you can't find it with location, unless you're lucky, the time of regular updates happens to be creating text. After the file is finished, location is a blurred match when matching the file name.

Now let's introduce the use of location:

locate

NAME: Find files by filename
SYNOPSIS: locate [OPTION]... PATTERN...
-b: Only the base name in the path is matched.
-c: Number of eligible files output
-r: Use basic regular expressions
--regex: Using Extended Regular Expressions
-i: ignore case
-q: Quiet mode, no output

Example 1: Find a file name with "passwd"

[root@localhost ~]# locate  passwd
/etc/passwd
/etc/passwd-
/etc/pam.d/passwd
/etc/security/opasswd
/usr/bin/gpasswd
/usr/bin/grub2-mkpasswd-pbkdf2
......(Ellipsis)
/usr/share/doc/passwd-0.79/AUTHORS
/usr/share/doc/passwd-0.79/COPYING
/usr/share/doc/passwd-0.79/ChangeLog
/usr/share/doc/passwd-0.79/NEWS
/usr/share/vim/vim74/ftplugin/passwd.vim
/usr/share/vim/vim74/syntax/passwd.vim

We will find that passwd in non-base names can also be matched. We can use the "-b" option to match:

[root@localhost ~]# locate -b  passwd
/etc/passwd
/etc/passwd-
/etc/pam.d/passwd
/etc/security/opasswd
/usr/bin/gpasswd
/usr/bin/grub2-mkpasswd-pbkdf2
/usr/bin/kdepasswd
/usr/bin/kpasswd
/usr/bin/lppasswd
/usr/bin/passwd
/usr/bin/vncpasswd
......
/usr/share/man/zh_CN/man8/chpasswd.8.gz
/usr/share/man/zh_CN/man8/smbpasswd.8.gz
/usr/share/man/zh_TW/man8/chpasswd.8.gz
/usr/share/ruby/webrick/httpauth/htpasswd.rb
/usr/share/vim/vim74/ftplugin/passwd.vim
/usr/share/vim/vim74/syntax/passwd.vim
Looking at the output, only those with "passwd" in the base name will be matched.
Example 2: Find the number of file names that contain "passwd" only in the base name
[root@localhost ~]# locate -bc  passwd
155

Example 3: Find files with only "passwd" files in the base name

[root@localhost ~]# locate -br "\<passwd$"
/etc/passwd
/etc/pam.d/passwd
/usr/bin/passwd
/usr/share/bash-completion/completions/passwd

The configuration file for updatedb is in / etc/updatedb.conf

PRUNE_BIND_MOUNTS = "yes"
PRUNEFS = "9p afs anon_inodefs auto autofs bdev binfmt_misc cgroup cifs coda configfs cpuset debugfs devpts ecryptfs exofs fuse fuse.sshfs fusectl gfs gfs2 gpfs hugetlbfs inotifyfs iso9660 jffs2 lustre mqueue ncpfs nfs nfs4 nfsd pipefs proc ramfs rootfs rpc_pipefs securityfs selinuxfs sfs sockfs sysfs tmpfs ubifs udf usbfs"
PRUNENAMES = ".git .hg .svn"
PRUNEPATHS = "/afs /media /mnt /net /sfs /tmp /udev /var/cache/ccache /var/lib/yum/yumdb /var/spool/cups /var/spool/squid /var/tmp"

PRUNE_BIND_MOUNTS: Indicates whether search is restricted

PRUNEFS: Listed file systems that are not searched for

PRUNENAMES: The suffix names listed are not searched

PRUNEPATHS: Files under the file path listed are not searched

Real-time detection

[root@localhost etc]# touch mypasswd
[root@localhost etc]# 
[root@localhost etc]# locate mypasswd
[root@localhost etc]# 
[root@localhost etc]# updatedb
[root@localhost etc]# 
[root@localhost etc]# locate mypasswd
/etc/mypasswd

We create mypasswd under etc. We can use location command to find it immediately, but we can find it after updating the index database with updatedb.

 

find

We know that "find" means "find", which is a real-time search command. When searching, it will traverse the file system hierarchy under the specified starting path to complete the file search, so its disadvantage is that the speed of searching is slower than that of locate.

Next, we will introduce how to use find.

NAME: Processing files recursively in hierarchical directories
SYNOPSIS: find [OPTIONS] [Find Start Path] [Find Conditions] [Processing Action]
Find Path: You can specify the actual path of the search target by default to the current directory
Finding conditions: Finding criteria can be specified and matched according to file name, size, type, affiliation, permission, etc.
Processing actions: Actions on files that meet the search criteria, such as deletion, default behavior to standard output

Find options are not commonly used, understand that you can use man find to view, the following main description of the search conditions and processing actions, find status return value is Boolean value, find is returned to "0", find is not returned to greater than "0" number.

Find conditions:

1. Find by file name

-name  "pattern"
-iname "pattern"   #Supported wildcard pattern, i is case-insensitive
-regex "pattern"   #Looking for files based on regular expression patterns, note that what matches here is not the file itself, but the path containing the file.

Give an example:

[root@localhost etc]# find /etc/ -name "passwd"    #search/etc The catalogue contains passwd Documents
/etc/pam.d/passwd
/etc/passwd
[root@localhost etc]# find /etc/ -iname "passwd"   #search/etc The catalogue contains passwd File, ignoring character case
/etc/pam.d/passwd
/etc/passwd
/etc/Passwd
[root@localhost etc]# find /etc/ -iname "passwd[0-9]"  #search/etc The catalogue contains passwd And then there's 0-9 Any number of files
/etc/passwd1
[root@localhost etc]# find /etc/ -regex '/etc/passwd.?'  #search/etc The directory contains the base name passwd Documents that can start and end with arbitrary characters or not
/etc/passwd
/etc/passwd-
/etc/passwd1

 

2. Search according to file affiliation

- user USERNAME: Find files whose owner is the specified user
- group GROUPNAME: Find files belonging to a specified group
- uid UID: Find files whose owner is the specified UID
- gid GID: Find files whose subgroup is the specified GID
- nouser: Find files without ownership
- nogroup: Find files that do not belong to a group

Give an example:

[root@localhost ~]# find /tmp/ -user frank -ls   #output tmp The subordinates are frank Documents,-ls I'll talk about it later.
9336543    0 drwx------   2 frank    frank          27 7 month 16 04:46 /tmp/kde-frank
9357728    4 -rw-rw-r--   1 frank    frank         132 7 month 16 04:46 /tmp/kde-frank/xauth-1000-_0
9357736    0 drwx------   2 frank    frank          34 7 month 16 04:47 /tmp/akonadi-frank.yFqCJF
9357758    0 srwxrwxr-x   1 frank    frank           0 7 month 16 04:46 /tmp/akonadi-frank.yFqCJF/akonadiserver.socket
27750615    0 drwx------   2 frank    frank           6 7 month 16 04:47 /tmp/.esd-1000
[root@localhost ~]# find /tmp/ -group frank -ls  #output/tmp Catalog subgroups are frank Documents
9336543    0 drwx------   2 frank    frank          27 7 month 16 04:46 /tmp/kde-frank
9357728    4 -rw-rw-r--   1 frank    frank         132 7 month 16 04:46 /tmp/kde-frank/xauth-1000-_0
9357736    0 drwx------   2 frank    frank          34 7 month 16 04:47 /tmp/akonadi-frank.yFqCJF
9357758    0 srwxrwxr-x   1 frank    frank           0 7 month 16 04:46 /tmp/akonadi-frank.yFqCJF/akonadiserver.socket
27750615    0 drwx------   2 frank    frank           6 7 month 16 04:47 /tmp/.esd-1000
[root@localhost ~]# find /tmp/ -uid 1000 #display/tmp lower uid Documents for 1000
/tmp/kde-frank
/tmp/kde-frank/xauth-1000-_0
/tmp/akonadi-frank.yFqCJF
/tmp/akonadi-frank.yFqCJF/akonadiserver.socket
/tmp/.esd-1000
[root@localhost ~]# find /tmp/ -nouser  -ls  #display/tmp If a user creates a file and the user is deleted, it will be displayed as the original file. uid and gid,Doesn't show the owner of the genus combination
375722    0 -rw-rw-r--   1 1003     1003            0 7 month 23 00:08 /tmp/mygrp.txt

 

3. Search by file type

-type TYPE
TYPE can be as follows:
f: Ordinary documents
d: Catalog files
l: Symbolic Links
b: Block device file
c: Character device files
p: Pipeline files
s: socket file

Give an example:

[root@localhost ~]# find /dev/ -type b  #Find block device files in dev directory
/dev/dm-2
/dev/dm-1
/dev/dm-0
/dev/sr0
/dev/sda2
/dev/sda1
/dev/sda

 

4. Find by file size

The general format is - size [+ |-]# UNIT. The commonly used units of UNIT are: k,M,G

- size # UNIT: The size range of matches is # and files larger than # - 1

Examples: Matching 3K, larger than 2K and smaller than or equal to 3K will be matched.

[root@localhost ~]# ll -h
//Total dosage 16K
-rw-------. 1 root root 2.1K 7 month  16 04:45 anaconda-ks.cfg
-rw-r--r--. 1 root root 2.1K 7 month  16 04:45 initial-setup-ks.cfg
-rw-r--r--. 1 root root  555 7 month  19 10:04 TEST
-rw-------. 1 root root 3.0K 7 month  23 00:23 test.txt
[root@localhost ~]# find  -size 3k -ls
27734414    4 -rw-------   1 root     root         2094 7 month 16 04:45 ./anaconda-ks.cfg
27734452    4 -rw-r--r--   1 root     root         2142 7 month 16 04:45 ./initial-setup-ks.cfg
25795843    4 -rw-------   1 root     root         3070 7 month 23 00:23 ./test.txt

- Size - UNIT: The range of matches is a file whose size is greater than 0 and smaller than or equal to 1

Give an example:

[root@localhost ~]# find  -size -3k -ls
25165889    0 dr-xr-x---   6 root     root          261 7 month 23 00:23 .
27728080    4 -rw-r--r--   1 root     root           18 12 month 29  2013 ./.bash_logout
27728081    4 -rw-r--r--   1 root     root          176 12 month 29  2013 ./.bash_profile
27728082    4 -rw-r--r--   1 root     root          176 12 month 29  2013 ./.bashrc
27728083    4 -rw-r--r--   1 root     root          100 12 month 29  2013 ./.cshrc
27728084    4 -rw-r--r--   1 root     root          129 12 month 29  2013 ./.tcshrc
1327848    0 drwx------   3 root     root           25 7 month 16 04:45 ./.dbus
9336529    0 drwx------   2 root     root           48 7 month 16 04:45 ./.dbus/session-bus
9336530    4 -rw-r--r--   1 root     root          462 7 month 16 04:45 ./.dbus/session-bus/6155eeadc72c4d45b9ead1cf2a8c65a0-9
....(Ellipsis)

- size +#UNIT: Matches files larger than #.

[root@localhost ~]# ll -ah    
//Total dosage 52K
dr-xr-x---.  6 root root  261 7 month  23 00:23 .
dr-xr-xr-x. 17 root root  233 7 month  16 04:44 ..
-rw-------.  1 root root 2.1K 7 month  16 04:45 anaconda-ks.cfg
-rw-------.  1 root root 4.8K 7 month  19 10:14 .bash_history
-rw-r--r--.  1 root root   18 12 month 29 2013 .bash_logout
-rw-r--r--.  1 root root  176 12 month 29 2013 .bash_profile
-rw-r--r--.  1 root root  176 12 month 29 2013 .bashrc
drwx------.  4 root root   31 7 month  16 04:46 .cache
drwxr-xr-x.  3 root root   40 7 month  16 04:46 .config
-rw-r--r--.  1 root root  100 12 month 29 2013 .cshrc
drwx------.  3 root root   25 7 month  16 04:45 .dbus
-rw-r--r--.  1 root root 2.1K 7 month  16 04:45 initial-setup-ks.cfg
drwxr-xr-x.  3 root root  123 7 month  16 04:45 .kde
-rw-r--r--.  1 root root  129 12 month 29 2013 .tcshrc
-rw-r--r--.  1 root root  555 7 month  19 10:04 TEST
-rw-------.  1 root root 3.0K 7 month  23 00:23 test.txt
-rw-------.  1 root root 6.4K 7 month  23 00:23 .viminfo
[root@localhost ~]# find -size +3k      #Match files larger than 3k
./.config/Trolltech.conf
./.bash_history
./.viminfo

 

5. Search by timestamp

It can be found by day or minute.

According to the day:
- atime n: The last access to a file was 24 hours ago
- mtime n: The last modification to file data was before n*24 hours
- ctime n: The last modification to the state of a file was made 24 hours ago when the metadata was modified
According to minutes:
- amin n: The last access to a file was n minutes ago
- mmin n: The last modification to file data was n minutes ago
- cmin n: The last modification to the file state was n minutes ago when the metadata was modified

It also supports "- atime [+ |-]"

Scenario 1: find-atime 1: If the time is 0:56, look for the files that were accessed one day ago. Find the files that were accessed from 2017-7-21-0:56 (excluded) to 2017-7-21-00:56 (inclusive).

Scenario 2: find-atime-1: Use "-" to find within one day, as shown below, if it is 0:56 now, it does not include 2017-7-22-0:56.

 

Scenario 3: find-atime+1: Use the symbol "+" to indicate that the files accessed before 1+1 are found. If 0:56 is now, the files accessed before 2017-7-21-00:56 (including 00:56) will only be matched.

 

Other ctime, mtime, and minute lookups are similar, so there's no more Aoshu. Tests can be attempted using touch commands to modify timestamps

touch -t 201707210130  mytime.txt 

 

6. Search by permission

Format: - perm [/|-]mode
mode: Precise matching permissions
/ mode: Any one of the permissions of any kind of user (u,g,o) (r,w,x) meets the requirement, and there is an "or" relationship between the nine-bit permissions.
- mode: each user (u,g,o) has the right to satisfy the requirement at the same time; there is a "and" relationship between the nine-bit rights

Example 1: Accurate matching of files with permissions 411 in the / tmp/myper directory

[root@localhost ~]# find /tmp/myper/ -perm 422 -ls
654578    0 -r---w--w-   1 root     root            0 7 month 23 07:32 /tmp/myper/myper2

Example 2: Matching files with execution privileges for/tmp/myper other users

[root@localhost ~]# find /tmp/myper/ -perm /001 -ls
18772160    0 drwxr-xr-x   2 root     root           62 7 month 23 07:38 /tmp/myper/
654577    0 -rw---x--x   1 root     root            0 7 month 23 07:32 /tmp/myper/myper1
654579    0 ---xr-xr-x   1 root     root            0 7 month 23 07:32 /tmp/myper/myper3
654580    0 -rwxr-xr-x   1 root     root            0 7 month 23 07:32 /tmp/myper/myper4

Example 3: Files with user privileges at least readable and group and other privileges at least executable under match/tmp/myper

[root@localhost ~]# find /tmp/myper/ -perm -411 -ls
18772160    0 drwxr-xr-x   2 root     root           62 7 month 23 07:38 /tmp/myper/
654577    0 -rw---x--x   1 root     root            0 7 month 23 07:32 /tmp/myper/myper1
654580    0 -rwxr-xr-x   1 root     root            0 7 month 23 07:32 /tmp/myper/myper4

 

Processing actions:

- print: Output to standard output, default option
- ls: Similar to executing the "ls-l" command on the files found
- delete: Delete the files found
- fls/PATE/TO/SOMEFILE: Save the long format information of all files found to the specified file
- ok COMMAND {}: Execute commands represented by COMMAND for each file found, and each operation is confirmed by the user.
- exec COMMAND {}: Execute commands represented by COMMAND for each file found without user confirmation

When find passes the found file path to the following command, it first finds all the qualified paths and passes them to the following command at one time. But some commands can not accept long parameters. At this time, the command will fail to execute. The following methods can be used:

find  | xargs COMMAND

xargs can read the standard output, and use blank or line-breaking characters as separators, separated into arguments, and then passed one by one to COMMAND for execution.

Examples: Viewing file metadata for eligible files

[root@localhost ~]# find /tmp/myper/ -perm -411  |    stat
stat: Lack of operands
Try 'stat --help' for more information.
[root@localhost ~]# find /tmp/myper/ -perm -411  |  xargs  stat
  Document: "/tmp/myper/"
  Size: 62 blocks: 0 IO blocks: 4096 directories
Equipment: fd00h/64768d Inode:18772160 Hard Link:2
Permissions: (0755/drwxr-xr-x) Uid:(0/root) Gid:(0/root)
Environment: unconfined_u:object_r:user_tmp_t:s0
Recent visit: 2017-07-23 07:38:40.570675351+0800
Recent changes: 2017-07-23 07:38:33.192894947+0800
Recent changes: 2017-07-23 07:38:33.192894947+0800
Creation time:-
  Document: "/tmp/myper/myper1"
  Size: 7 Blocks: 8 IO Blocks: 4096 Ordinary Files
Equipment: fd00h/64768d Inode:654577 Hard Link:1
Permissions: (0611/-rw-x-x) Uid:(0/root) Gid:(0/root)
Environment: unconfined_u:object_r:user_tmp_t:s0
Recent visits: 2017-07-23 07:58:31.699745976+0800
Recent changes: 2017-07-23 07:57:38.304747287+0800
Recent changes: 2017-07-23 07:57:38.304747287+0800
Creation time:-
  Document: "/tmp/myper/myper4"
  Size: 7 Blocks: 8 IO Blocks: 4096 Ordinary Files
Equipment: fd00h/64768d Inode:654580 Hard Link:1
Permissions: (0755/-rwxr-xr-x) Uid:(0/root) Gid:(0/root)
Environment: unconfined_u:object_r:user_tmp_t:s0
Recent visits: 2017-07-23 07:58:31.699745976+0800
Recent changes: 2017-07-23 07:57:53.229457221+0800
Recent changes: 2017-07-23 07:57:53.2294 57221+0800
Creation time:-

 

Expanding small features:

The relationship between multiple conditions when searching:
With: -a, the default relationship
Or: -o, satisfy a condition.
No: - not or!, the condition is reversed.
There are the following expressions:
!A -a !B = !(A -o B)
!A -o !B = !(A -a B)

 

Practice:
Exercise 1: Find out all files in the / tmp directory that are not root
find /tmp/  -not -user root  -ls

Exercise 2: Find out files that do not contain fstab strings in file names under the / tmp directory

find /tmp/ -not -name fstab

Exercise 3: Find out files whose subordinates in the / tmp directory are non-root and whose filenames do not contain fstab strings

find /tmp/ ! \( -user root -o -name fstab \)

Exercise 4: Find all files or directories in the / var directory whose subordinate is root and whose subordinate group is mail

find  /var/ -user root -a -group mail -ls

Exercise 5: Find all files or directories in the / usr directory that do not belong to user root, bin or hadoop; use two methods

find /usr/ -not -user root -a -not -user bin -a -not -user hadoop
find /usr/ -not \( -user root -o -user bin -o -user hadoop \) 

Exercise 6: Find files or directories in the / etc directory that have been modified in the last week and are not owned by root users or hadoop users

find /etc/ -mtime 7  -a  -not -user root -a -not -user hadoop 

Exercise 7: Find files or directories that have not belonged to or belonged to a group on the current system and that have been accessed in the last week

find  /  \( -nouser -o -nogroup \)  -atime  -7 

Exercise 8: Find all files larger than 1M in the / etc directory and of normal file type

find /etc/ -size +1M  -type f  -exec ls -lh {} \;

Exercise 9: Find files in the / etc directory where all users do not have write permissions

find /etc/  -not  -perm  /222

Exercise 10: Find at least one class of files in the / etc directory that users do not have permission to execute

find /etc/ -not  -perm  -111

Exercise 11: Find all files in / etc/init.d / directory where all users have execution rights and other users have write rights

find /etc/init.d/  -perm  -113 

Tags: Linux vim Hadoop socket DBus

Posted on Tue, 11 Jun 2019 14:01:52 -0700 by bachx