Linux find command

Master the "find" Command, essential Tips & Tricks for navigating your Linux System.

Syntax:

find [path...] [expression]

Find all files ending with xml

find / -type f -name "*.xml"

Find a file with the exact name. (case insensitive)

find /home -type f -iname "settings.cfg"

Find all directories that contain the string "project"

find / -type d -name "*project*" 2>/dev/null

2>/dev/null redirect all errors (like permission deny) to a blackhole to keep the output clean

Limit the depth of your search with "-maxdepth"

find ~/Public/ -maxdepth 1 -type d

Find big files. Here all files bigger than 2G

find /home -type f -size +2G

File all files that have been modified in the last 2 hours:

find /var/log -type f -mmin -120

Find all files that haven't been accessed in the last 2 years and that are bigger than 50M

find . -type f -size +50M -atime +730"

-size n[b|k|M|G]

Find files with specific permissions:

find / -type f -perm 644

Find all scripts that are writable by anyone

find / -type f -perm -o=w -name "*.sh"

Find all files that are onwed by root and the SUID set

Pay attention to these files as they can be the entry point for privilege escalation) Ref: https://gtfobins.github.io/

find / -type f -user root -perm -u=s 2>/dev/null

Find files created within the last 3 days:

find /path/to/search -ctime -3

Find files with status change time within the last 5 days:

find /path/to/search -cmin -5

Find files whose metadata was changed within the last 24 hours:

find /path/to/search -ctime -1

These examples demonstrate the use of ctime (file creation time), cmin (status change time), and ctime (metadata change time) options in the find command. Adjust the values as needed based on your specific requirements. If you have any additional criteria or if you'd like further clarification on any of these options, feel free to provide more details.

Find files created or with metadata changed more recently than a reference file:

find /path/to/search -cnewer /path/to/reference/file

In this example, replace /path/to/search with the directory where you want to search for files, and /path/to/reference/file with the path to the reference file.

List of metadata:

1. File Permissions: Information about who can read, write, or execute the file.
2. File Ownership: Indicates the user and group associated with the file.
3. Timestamps:
   • Access Time (atime): The last time the file was accessed.
   • Modification Time (mtime): The last time the file's content was modified.
   • Change Time (ctime): The last time the file's metadata (permissions, ownership) was changed.
4. File Size: The size of the file in bytes.
5. File Type: Indicates whether the file is a regular file, directory, symbolic link, etc.

Find files modified in the last 5 seconds:

find . -type f -newermt "$(date -d 'now - 5 seconds' '+%Y-%m-%d %H:%M:%S')"

Find files created (birth time) after a reference file:

find /path/to/search -newerBt reference_file

Find files with metadata changes after a reference file:

find /path/to/search -newerct reference_file

Find files accessed after a reference file:

find /path/to/search -newerat /reference/file

find /path/to/search -newerXt /reference/file

X:

• a: Last access time of the reference file.
• B: Birth time of the reference file (creation time).
• c: Last change time of the reference file (metadata change).
• m: Last modification time of the reference file.