Command Structure
The find command syntax consists of three primary components:
find /etc -name "passwd"
The first segment is the commmand itself, followed by the target directory path. Multiple paths can be specified:
find /etc /var /usr -name "passwd"
The third segment contains expressions that define search criteria and actions. Expressions fall into four categories:
- Tests: File attribute conditions
- Actions: Operations on matched files
- Global Options: Search constraints like depth limits
- Positional Options: Location-based conditions
Time-Based Searching
Time parameters use numeric arguments with modifiers:
+n: Greater than n-n: Less than nn: Exactly n
Example with modification time:
find /var/log -mtime 3 -ls
This finds files modified exactly 3*24 hours ago. Other time parameters:
-ctime: Change time in days-atime: Access time in days-mmin: Modification time in minutes-cmin: Change time in minutes-amin: Access time in minutes
Compare files using time references:
find /home -newer /var/log/lastlog
User and Permission Filters
User-based filtering:
find /opt -user daemon -ls
find /var -group wheel -ls
find /tmp -nouser -o -nogroup
Permission matching:
find /usr/bin -perm 755 -ls
find /etc -perm /u=rwx,g=rx -ls
find /srv -perm -644 -executable
Path and Name Matching
Name pattern matching:
find /usr/include -name "*.h" -ls
find /etc -iname "*CONF*" -type f
find /var -lname "*/tmp/*" -ls
Path-based searching:
find /usr -path "*/local/*" -name "lib"
find /etc -regex ".*[0-9]\\.conf$"
File Attributes and Conditions
Size filtering:
find /var -size +100M -ls
find /tmp -size -1k -empty
find /home -type f -size 10G -o -size +20G
Other attributes:
find /dev -type b -o -type c
find /etc -links +5 -ls
find /usr -inum 12345 -ls
File Operations
Basic output actions:
find /tmp -name "core" -fprint /var/log/core_files.log
find /var/tmp -mtime +30 -print0 | xargs -0 ls -l
Safe deletion with confirmation:
find /tmp -name "*.tmp" -mtime +7 -ok rm {} \;
Command Execution Methods
Single file processing:
find /var/log -name "*.log.1" -exec gzip {} \;
Batch processing:
find /home/projects -name "*.java" -exec cp -t /backup/ {} +
Directory context execution:
find /etc/nginx -name "*.conf" -execdir nginx -t -c {} \;
Logical Operators
Combining conditions:
find / \( -name "*.tmp" -o -name "*.temp" \) -mtime +30
find /home \( -user alice -a -size +1G \) -o \( -user bob -a -name "*.iso" \)
Negation examples:
find /usr/bin ! -executable -type f
find /var ! \( -name "*.log" -o -name "*.pid" \) -ls
Search Optimization
Depth control:
find /usr/local -maxdepth 2 -name "bin" -type d
find /var/spool -mindepth 3 -name "mail"
Efficient directory traversal:
find /proc -depth -name "cmdline" -exec cat {} \;
Advanced Pattern Matching
Complex regex patterns:
find /etc -regextype posix-extended -regex ".*[0-9]{3}\\.conf$"
find /usr/share -iregex ".*LICENSE.*" -type f
Permission bitmask examples:
find /srv -perm 2750 -ls
find /opt -perm /u=s,g=s -type f