1.文件查找
在文件系统上查找符合条件的文件
文件查找:locate, find
- 非实时查找(数据库查找):locate
- 实时查找:find
1.1 locate
locate 查询系统上预建的文件索引数据库 /var/lib/mlocate/mlocate.db
索引的构建是在系统较为空闲时自动进行(周期性任务),执行updatedb可以更新数据库
索引构建过程需要遍历整个根文件系统,很消耗资源
来自于mlocate包
工作特点:
- 查找速度快
- 模糊查找
- 非实时查找
- 搜索的是文件的全路径,不仅仅是文件名
- 可能只搜索用户具备读取和执行权限的目录
格式:
locate [OPTION]... [PATTERN]...
常用选项
-i 不区分大小写的搜索
-n N 只列举前N个匹配项目
-r 使用基本正则表达式
范例: locatedb创建数据库
[root@rocky8 ~]# locate passwd
-bash: locate: command not found
[root@rocky8 ~]# dnf provides locate
Last metadata expiration check: 18:19:06 ago on Sun 10 Oct 2021 06:59:53 PM CST.
mlocate-0.26-20.el8.x86_64 : An utility for finding files by name
Repo : BaseOS
Matched from:
Filename : /usr/bin/locate
[root@rocky8 ~]# dnf -y install mlocate
[root@rocky8 ~]# locate passwd
locate: can not stat () `/var/lib/mlocate/mlocate.db': No such file or directory
[root@rocky8 ~]# ll /var/lib/mlocate/mlocate.db
ls: cannot access '/var/lib/mlocate/mlocate.db': No such file or directory
[root@rocky8 ~]# updatedb
[root@rocky8 ~]# ll /var/lib/mlocate/mlocate.db
-rw-r----- 1 root slocate 1039430 Oct 11 13:20 /var/lib/mlocate/mlocate.db
[root@rocky8 ~]# locate passwd
/etc/passwd
/etc/passwd-
/etc/data2021-10-09_14-26-54/passwd
/etc/data2021-10-09_14-26-54/passwd-
/etc/data2021-10-09_14-26-54/pam.d/passwd
/etc/data2021-10-09_14-26-54/security/opasswd
/etc/data2021-10-09_14-27-19/security/opasswd
/etc/pam.d/passwd
/etc/security/opasswd
/usr/bin/gpasswd
/usr/bin/grub2-mkpasswd-pbkdf2
/usr/bin/htpasswd
/usr/bin/passwd
/usr/lib/firewalld/services/kpasswd.xml
/usr/lib64/security/pam_unix_passwd.so
/usr/sbin/chgpasswd
/usr/sbin/chpasswd
/usr/sbin/lpasswd
/usr/sbin/saslpasswd2
/usr/share/awk/passwd.awk
/usr/share/doc/passwd
/usr/share/doc/passwd/AUTHORS
/usr/share/doc/passwd/ChangeLog
/usr/share/doc/passwd/NEWS
/usr/share/licenses/passwd
/usr/share/licenses/passwd/COPYING
/usr/share/locale/ar/LC_MESSAGES/passwd.mo
/usr/share/locale/as/LC_MESSAGES/passwd.mo
/usr/share/locale/ast/LC_MESSAGES/passwd.mo
/usr/share/locale/bg/LC_MESSAGES/passwd.mo
/usr/share/locale/bn/LC_MESSAGES/passwd.mo
/usr/share/locale/bn_IN/LC_MESSAGES/passwd.mo
/usr/share/locale/bs/LC_MESSAGES/passwd.mo
/usr/share/locale/ca/LC_MESSAGES/passwd.mo
/usr/share/locale/cs/LC_MESSAGES/passwd.mo
/usr/share/locale/cy/LC_MESSAGES/passwd.mo
/usr/share/locale/da/LC_MESSAGES/passwd.mo
/usr/share/locale/de/LC_MESSAGES/passwd.mo
/usr/share/locale/el/LC_MESSAGES/passwd.mo
/usr/share/locale/en_GB/LC_MESSAGES/passwd.mo
/usr/share/locale/es/LC_MESSAGES/passwd.mo
/usr/share/locale/et/LC_MESSAGES/passwd.mo
/usr/share/locale/eu/LC_MESSAGES/passwd.mo
/usr/share/locale/fa/LC_MESSAGES/passwd.mo
/usr/share/locale/fi/LC_MESSAGES/passwd.mo
/usr/share/locale/fr/LC_MESSAGES/passwd.mo
/usr/share/locale/gl/LC_MESSAGES/passwd.mo
/usr/share/locale/gu/LC_MESSAGES/passwd.mo
/usr/share/locale/he/LC_MESSAGES/passwd.mo
/usr/share/locale/hi/LC_MESSAGES/passwd.mo
/usr/share/locale/hr/LC_MESSAGES/passwd.mo
/usr/share/locale/hu/LC_MESSAGES/passwd.mo
/usr/share/locale/hy/LC_MESSAGES/passwd.mo
/usr/share/locale/id/LC_MESSAGES/passwd.mo
/usr/share/locale/is/LC_MESSAGES/passwd.mo
/usr/share/locale/it/LC_MESSAGES/passwd.mo
/usr/share/locale/ja/LC_MESSAGES/passwd.mo
/usr/share/locale/ka/LC_MESSAGES/passwd.mo
/usr/share/locale/kn/LC_MESSAGES/passwd.mo
/usr/share/locale/ko/LC_MESSAGES/passwd.mo
/usr/share/locale/ku/LC_MESSAGES/passwd.mo
/usr/share/locale/lo/LC_MESSAGES/passwd.mo
/usr/share/locale/mk/LC_MESSAGES/passwd.mo
/usr/share/locale/ml/LC_MESSAGES/passwd.mo
/usr/share/locale/mr/LC_MESSAGES/passwd.mo
/usr/share/locale/ms/LC_MESSAGES/passwd.mo
/usr/share/locale/my/LC_MESSAGES/passwd.mo
/usr/share/locale/nb/LC_MESSAGES/passwd.mo
/usr/share/locale/nds/LC_MESSAGES/passwd.mo
/usr/share/locale/nl/LC_MESSAGES/passwd.mo
/usr/share/locale/nn/LC_MESSAGES/passwd.mo
/usr/share/locale/or/LC_MESSAGES/passwd.mo
/usr/share/locale/pa/LC_MESSAGES/passwd.mo
/usr/share/locale/pl/LC_MESSAGES/passwd.mo
/usr/share/locale/pt/LC_MESSAGES/passwd.mo
/usr/share/locale/pt_BR/LC_MESSAGES/passwd.mo
/usr/share/locale/ro/LC_MESSAGES/passwd.mo
/usr/share/locale/ru/LC_MESSAGES/passwd.mo
/usr/share/locale/si/LC_MESSAGES/passwd.mo
/usr/share/locale/sk/LC_MESSAGES/passwd.mo
/usr/share/locale/sl/LC_MESSAGES/passwd.mo
/usr/share/locale/sq/LC_MESSAGES/passwd.mo
/usr/share/locale/sr/LC_MESSAGES/passwd.mo
/usr/share/locale/sr@latin/LC_MESSAGES/passwd.mo
/usr/share/locale/sv/LC_MESSAGES/passwd.mo
/usr/share/locale/ta/LC_MESSAGES/passwd.mo
/usr/share/locale/te/LC_MESSAGES/passwd.mo
/usr/share/locale/tr/LC_MESSAGES/passwd.mo
/usr/share/locale/uk/LC_MESSAGES/passwd.mo
/usr/share/locale/ur/LC_MESSAGES/passwd.mo
/usr/share/locale/vi/LC_MESSAGES/passwd.mo
/usr/share/locale/wa/LC_MESSAGES/passwd.mo
/usr/share/locale/zh_CN/LC_MESSAGES/passwd.mo
/usr/share/locale/zh_TW/LC_MESSAGES/passwd.mo
/usr/share/man/cs/man1/gpasswd.1.gz
/usr/share/man/de/man1/gpasswd.1.gz
/usr/share/man/de/man8/chgpasswd.8.gz
/usr/share/man/de/man8/chpasswd.8.gz
/usr/share/man/fr/man1/gpasswd.1.gz
/usr/share/man/fr/man8/chgpasswd.8.gz
/usr/share/man/fr/man8/chpasswd.8.gz
/usr/share/man/hu/man1/gpasswd.1.gz
/usr/share/man/it/man1/gpasswd.1.gz
/usr/share/man/it/man8/chgpasswd.8.gz
/usr/share/man/it/man8/chpasswd.8.gz
/usr/share/man/ja/man1/gpasswd.1.gz
/usr/share/man/ja/man1/passwd.1.gz
/usr/share/man/ja/man8/chpasswd.8.gz
/usr/share/man/man1/gpasswd.1.gz
/usr/share/man/man1/grub2-mkpasswd-pbkdf2.1.gz
/usr/share/man/man1/htpasswd.1.gz
/usr/share/man/man1/lpasswd.1.gz
/usr/share/man/man1/openssl-passwd.1ssl.gz
/usr/share/man/man1/passwd.1.gz
/usr/share/man/man1/sslpasswd.1ssl.gz
/usr/share/man/man8/chgpasswd.8.gz
/usr/share/man/man8/chpasswd.8.gz
/usr/share/man/pt_BR/man1/gpasswd.1.gz
/usr/share/man/ru/man1/gpasswd.1.gz
/usr/share/man/ru/man8/chgpasswd.8.gz
/usr/share/man/ru/man8/chpasswd.8.gz
/usr/share/man/zh_CN/man1/gpasswd.1.gz
/usr/share/man/zh_CN/man8/chgpasswd.8.gz
/usr/share/man/zh_CN/man8/chpasswd.8.gz
/usr/share/man/zh_TW/man8/chpasswd.8.gz
/usr/share/vim/vim80/ftplugin/passwd.vim
/usr/share/vim/vim80/syntax/passwd.vim
/var/lib/sss/mc/passwd
范例:
#搜索名称或路径中包含“conf”的文件
locate conf
#使用Regex来搜索以“.conf”结尾的文件
locate -r '\.conf$'
范例:
[root@rocky8 ~]# locate -n 10 -ir '\.conf$'
/boot/loader/entries/ad9d4d0a9e7a41c6ba47c505d1172547-0-rescue.conf
/boot/loader/entries/ad9d4d0a9e7a41c6ba47c505d1172547-4.18.0-305.3.1.el8_4.x86_64.conf
/etc/dracut.conf
/etc/fuse.conf
/etc/host.conf
/etc/idmapd.conf
/etc/kdump.conf
/etc/krb5.conf
/etc/ld.so.conf
/etc/libaudit.conf
[root@rocky8 ~]# touch test.log
[root@rocky8 ~]# locate test.log
[root@rocky8 ~]# updatedb
[root@rocky8 ~]# locate test.log
/root/test.log
1.2 find
find 是实时查找工具,通过遍历指定路径完成文件查找
工作特点:
- 查找速度略慢
- 精确查找
- 实时查找
- 查找条件丰富
- 可能只搜索用户具备读取和执行权限的目录
格式:
find [OPTION]... [查找路径] [查找条件] [处理动作]
查找路径:指定具体目标路径;默认为当前目录
查找条件:指定的查找标准,可以文件名、大小、类型、权限等标准进行;默认为找出指定路径下的所有文件
处理动作:对符合条件的文件做操作,默认输出至屏幕
范例:
[root@rocky8 ~]# find
.
./.cshrc
./.tcshrc
./anaconda-screenshots
./anaconda-screenshots/screenshot-0000.png
./anaconda-screenshots/screenshot-0001.png
./anaconda-screenshots/screenshot-0002.png
./anaconda-ks.cfg
./.bash_history
./.bash_profile
./.vimrc
./.bash_logout
./.lesshst
./.bashrc
./.viminfo
./test.log
#默认在当前目录下查找
[root@rocky8 ~]# mkdir -p d1/d2/d3
[root@rocky8 ~]# touch d1/d2/d3/a.txt
[root@rocky8 ~]# find
.
./.cshrc
./.tcshrc
./anaconda-screenshots
./anaconda-screenshots/screenshot-0000.png
./anaconda-screenshots/screenshot-0001.png
./anaconda-screenshots/screenshot-0002.png
./anaconda-ks.cfg
./.bash_history
./.bash_profile
./.vimrc
./.bash_logout
./.lesshst
./.bashrc
./.viminfo
./test.log
./d1
./d1/d2
./d1/d2/d3
./d1/d2/d3/a.txt
#默认递归查找
1.2.1 指定搜索目录层级
-maxdepth level 最大搜索目录深度,指定目录下的文件为第1级
-mindepth level 最小搜索目录深度
范例:
[root@rocky8 ~]# find /etc -maxdepth 1
#-maxdepth 1 最大一层
[root@rocky8 ~]# find /etc -maxdepth 3 -mindepth 2
#最大3层,最小2层
[root@rocky8 ~]# find /etc -maxdepth 2 -mindepth 2
#查看第2层,最大和最小都是2层
1.2.2 对每个目录先处理目录内的文件,再处理目录本身
-depth -d
范例:
[root@rocky8 ~]# mkdir /data/test/test2/test3 -p
[root@rocky8 ~]# touch /data/test/f{1..2}.txt
[root@rocky8 ~]# touch /data/test/test2/test3/f{3..4}.txt
[root@rocky8 ~]# tree /data/test
/data/test
├── f1.txt
├── f2.txt
└── test2
└── test3
├── f3.txt
└── f4.txt
2 directories, 4 files
[root@rocky8 ~]# find /data/test
/data/test
/data/test/test2
/data/test/test2/test3
/data/test/test2/test3/f3.txt
/data/test/test2/test3/f4.txt
/data/test/f1.txt
/data/test/f2.txt
[root@rocky8 ~]# find /data/test -depth
/data/test/test2/test3/f3.txt
/data/test/test2/test3/f4.txt
/data/test/test2/test3
/data/test/test2
/data/test/f1.txt
/data/test/f2.txt
/data/test
1.2.3 根据文件名和inode查找
-name "文件名称":支持使用glob,如:*, ?, [], [^],通配符要加双引号引起来
-iname "文件名称":不区分字母大小写
-inum n 按inode号查找
-samefile name 相同inode号的文件
-links n 链接数为n的文件
-regex “PATTERN”:以PATTERN匹配整个文件路径,而非文件名称
范例:
[root@rocky8 ~]# find /etc/ -name *.conf
[root@rocky8 ~]# touch a.conf
[root@rocky8 ~]# find /etc/ -name *.conf
[root@rocky8 ~]# find /etc/ -name "*.conf"
#一定要加双引号,不然如果当前目录下有.conf结尾的文件,就找不到了
[root@rocky8 ~]# find /etc/ -regex ".*\.txt$"
/etc/pki/nssdb/pkcs11.txt
/etc/data2021-10-09_14-26-54/pki/nssdb/pkcs11.txt
/etc/data2021-10-09_14-27-19/pki/nssdb/pkcs11.txt
#用正则表达式,要全部表示出来
[root@rocky8 ~]# find /etc/ -regex "\.txt$"
#如果不写全路径,是搜不出来的
1.2.4 根据属主、属组查找
-user USERNAME:查找属主为指定用户(UID)的文件
-group GRPNAME: 查找属组为指定组(GID)的文件
-uid UserID:查找属主为指定的UID号的文件
-gid GroupID:查找属组为指定的GID号的文件
-nouser:查找没有属主的文件
-nogroup:查找没有属组的文件
范例:
[root@rocky8 ~]# find /home -nouser
[root@rocky8 ~]# useradd tom
[root@rocky8 ~]# ll /home
total 0
drwx------ 2 raymond raymond 62 Oct 11 13:53 raymond
drwx------ 2 tom tom 62 Oct 11 13:53 tom
[root@rocky8 ~]# userdel tom
[root@rocky8 ~]# ll /home
total 0
drwx------ 2 raymond raymond 62 Oct 11 13:53 raymond
drwx------ 2 1001 1001 62 Oct 11 13:53 tom
[root@rocky8 ~]# find /home -nouser
/home/tom
/home/tom/.bash_logout
/home/tom/.bash_profile
/home/tom/.bashrc
[root@rocky8 ~]# find /home -nogroup
/home/tom
/home/tom/.bash_logout
/home/tom/.bash_profile
/home/tom/.bashrc
[root@rocky8 ~]# useradd -u 1001 jack
[root@rocky8 ~]# find /home -nouser
[root@rocky8 ~]# ll /home
total 0
drwx------ 2 jack jack 62 Oct 11 13:55 jack
drwx------ 2 raymond raymond 62 Oct 11 13:53 raymond
drwx------ 2 jack jack 62 Oct 11 13:53 tom
#系统是根据ID来判断身份的
[root@rocky8 ~]# id jack
uid=1001(jack) gid=1001(jack) groups=1001(jack)
1.2.5 根据文件类型查找
-type TYPE
TYPE可以是以下形式:
f: 普通文件
d: 目录文件
l: 符号链接文件
s:套接字文件
b: 块设备文件
c: 字符设备文件
p: 管道文件
范例:
[root@rocky8 ~]# find / -type s
/run/vmware/guestServicePipe
/run/dbus/system_bus_socket
/run/.heim_org.h5l.kcm-socket
/run/user/0/bus
/run/user/0/systemd/private
/run/user/0/systemd/notify
/run/udev/control
/run/systemd/coredump
/run/systemd/private
/run/systemd/journal/dev-log
/run/systemd/journal/socket
/run/systemd/journal/stdout
/run/systemd/cgroups-agent
/run/systemd/notify
/run/systemd/inaccessible/sock
/var/lib/sss/pipes/private/sbus-monitor
/var/lib/sss/pipes/private/sbus-dp_implicit_files.778
/var/lib/sss/pipes/nss
[root@rocky8 ~]# find / -type s -ls
25848 0 srw-rw-rw- 1 root root 0 Oct 11 13:47 /run/vmware/guestServicePipe
24295 0 srw-rw-rw- 1 root root 0 Oct 11 13:47 /run/dbus/system_bus_socket
24291 0 srw-rw-rw- 1 root root 0 Oct 11 13:47 /run/.heim_org.h5l.kcm-socket
28702 0 srw-rw-rw- 1 root root 0 Oct 11 13:47 /run/user/0/bus
28695 0 srwxr-xr-x 1 root root 0 Oct 11 13:47 /run/user/0/systemd/private
28691 0 srwxr-xr-x 1 root root 0 Oct 11 13:47 /run/user/0/systemd/notify
22130 0 srw------- 1 root root 0 Oct 11 13:47 /run/udev/control
22127 0 srw------- 1 root root 0 Oct 11 13:47 /run/systemd/coredump
22116 0 srwxrwxrwx 1 root root 0 Oct 11 13:47 /run/systemd/private
13288 0 srw-rw-rw- 1 root root 0 Oct 11 13:47 /run/systemd/journal/dev-log
13170 0 srw-rw-rw- 1 root root 0 Oct 11 13:47 /run/systemd/journal/socket
13167 0 srw-rw-rw- 1 root root 0 Oct 11 13:47 /run/systemd/journal/stdout
13150 0 srwx------ 1 root root 0 Oct 11 13:47 /run/systemd/cgroups-agent
13148 0 srwxrwxrwx 1 root root 0 Oct 11 13:47 /run/systemd/notify
12887 0 s--------- 1 root root 0 Oct 11 13:47 /run/systemd/inaccessible/sock
67632837 0 srw------- 1 root root 0 Oct 11 13:47 /var/lib/sss/pipes/private/sbus-monitor
67632839 0 srw------- 1 root root 0 Oct 11 13:47 /var/lib/sss/pipes/private/sbus-dp_implicit_files.778
505672 0 srw-rw-rw- 1 root root 0 Oct 11 13:47 /var/lib/sss/pipes/nss
1.2.6 空文件或目录
-empty
范例:
[root@rocky8 ~]# find /data -type d -empty
/data
1.2.7 组合条件
与:-a ,默认多个条件是与关系
或:-o
非:-not !
范例:
[root@rocky8 ~]# find /home -type f -user raymond
/home/raymond/.bash_logout
/home/raymond/.bash_profile
/home/raymond/.bashrc
[root@rocky8 ~]# find /home -type f -a -user raymond
/home/raymond/.bash_logout
/home/raymond/.bash_profile
/home/raymond/.bashrc
[root@rocky8 ~]# find /home -type f -a -user raymond -ls
202128611 4 -rw-r--r-- 1 raymond raymond 18 Jun 17 07:42 /home/raymond/.bash_logout
202128612 4 -rw-r--r-- 1 raymond raymond 141 Jun 17 07:42 /home/raymond/.bash_profile
202128613 4 -rw-r--r-- 1 raymond raymond 376 Jun 17 07:42 /home/raymond/.bashrc
[root@rocky8 ~]# find /home -type f -o -user raymond
/home/raymond
/home/raymond/.bash_logout
/home/raymond/.bash_profile
/home/raymond/.bashrc
/home/tom/.bash_logout
/home/tom/.bash_profile
/home/tom/.bashrc
/home/jack/.bash_logout
/home/jack/.bash_profile
/home/jack/.bashrc
[root@rocky8 ~]# find /home -type f -o -user raymond -ls
202128610 0 drwx------ 2 raymond raymond 62 Oct 11 13:53 /home/raymond
[root@rocky8 ~]# find /home \( -type f -o -user raymond \) -ls
202128610 0 drwx------ 2 raymond raymond 62 Oct 11 13:53 /home/raymond
202128611 4 -rw-r--r-- 1 raymond raymond 18 Jun 17 07:42 /home/raymond/.bash_logout
202128612 4 -rw-r--r-- 1 raymond raymond 141 Jun 17 07:42 /home/raymond/.bash_profile
202128613 4 -rw-r--r-- 1 raymond raymond 376 Jun 17 07:42 /home/raymond/.bashrc
505677 4 -rw-r--r-- 1 jack jack 18 Jun 17 07:42 /home/tom/.bash_logout
505678 4 -rw-r--r-- 1 jack jack 141 Jun 17 07:42 /home/tom/.bash_profile
505679 4 -rw-r--r-- 1 jack jack 376 Jun 17 07:42 /home/tom/.bashrc
67632516 4 -rw-r--r-- 1 jack jack 18 Jun 17 07:42 /home/jack/.bash_logout
67632843 4 -rw-r--r-- 1 jack jack 141 Jun 17 07:42 /home/jack/.bash_profile
67632844 4 -rw-r--r-- 1 jack jack 376 Jun 17 07:42 /home/jack/.bashrc
#用()小括号 ,在find 里要用斜线
德·摩根定律:
- (非 A) 或 (非 B) = 非(A 且 B)
- (非 A) 且 (非 B) = 非(A 或 B)
示例:
!A -a !B = !(A -o B)
!A -o !B = !(A -a B)
(非A)或(非B) =非(A且B) 非A :1、4 非B:1、3 结果:1、3、4
非(A且B) 既是A、又是B:2,非(A且B):1、3、4
范例:
[root@rocky8 ~]# find /home ! -user raymond ! -user jack
/home
[root@rocky8 ~]# find /home ! \( -user raymond -o -user jack \)
/home
范例:
[root@rocky8 ~]# find -user jack -group jack
[root@rocky8 ~]# find -user jack -not -group jack
[root@rocky8 ~]# find -user jack -o -user raymond
[root@rocky8 ~]# find -not \( -user jack -o -user raymond \)
.
./.bash_logout
./.bash_profile
./.bashrc
./.cshrc
./.tcshrc
./anaconda-screenshots
./anaconda-screenshots/screenshot-0000.png
./anaconda-screenshots/screenshot-0001.png
./anaconda-screenshots/screenshot-0002.png
./anaconda-ks.cfg
./.vimrc
./.bash_history
[root@rocky8 ~]# find / -user jack -o -uid 500
find: ‘/proc/1467/task/1467/fd/7’: No such file or directory
find: ‘/proc/1467/task/1467/fdinfo/7’: No such file or directory
find: ‘/proc/1467/fd/6’: No such file or directory
find: ‘/proc/1467/fdinfo/6’: No such file or directory
/var/spool/mail/tom
/var/spool/mail/jack
/home/tom
/home/tom/.bash_logout
/home/tom/.bash_profile
/home/tom/.bashrc
/home/jack
/home/jack/.bash_logout
/home/jack/.bash_profile
/home/jack/.bashrc
[root@rocky8 ~]# find ! \( -type d -a -empty \)| wc -l
13
[root@rocky8 ~]# find ! -type d -o ! -empty |wc -l
13
[root@rocky8 ~]# find ! -user raymond ! -user jack
.
./.bash_logout
./.bash_profile
./.bashrc
./.cshrc
./.tcshrc
./anaconda-screenshots
./anaconda-screenshots/screenshot-0000.png
./anaconda-screenshots/screenshot-0001.png
./anaconda-screenshots/screenshot-0002.png
./anaconda-ks.cfg
./.vimrc
./.bash_history
[root@rocky8 ~]# find /home ! \( -user raymond -o -user jack \)
/home
[root@rocky8 ~]# find ! -user raymond -a ! -user jack
.
./.bash_logout
./.bash_profile
./.bashrc
./.cshrc
./.tcshrc
./anaconda-screenshots
./anaconda-screenshots/screenshot-0000.png
./anaconda-screenshots/screenshot-0001.png
./anaconda-screenshots/screenshot-0002.png
./anaconda-ks.cfg
./.vimrc
./.bash_history
#找出/tmp目录下,属主不是root,且文件名不以f开头的文件
[root@rocky8 ~]# find /tmp \( -not -user root -a -not -name 'f*' \) -ls
[root@rocky8 ~]# find /tmp -not \( -user root -o -name 'f*' \) –ls
find: paths must precede expression: –ls
Usage: find [-H] [-L] [-P] [-Olevel] [-D help|tree|search|stat|rates|opt|exec] [path...] [expression]
1.2.8 排除目录
范例:
#查找/etc/下,除/etc/security目录的其它所有.conf后缀的文件
[root@rocky8 ~]# find /etc -path '/etc/security' -a -prune -o -name "*.conf"
/etc/resolv.conf
/etc/dnf/protected.d/setup.conf
/etc/dnf/protected.d/dnf.conf
/etc/dnf/protected.d/systemd.conf
/etc/dnf/protected.d/yum.conf
/etc/dnf/protected.d/sudo.conf
/etc/dnf/dnf.conf
/etc/dnf/plugins/copr.conf
/etc/dnf/plugins/debuginfo-install.conf
/etc/pki/ca-trust/ca-legacy.conf
/etc/security
/etc/depmod.d/dist.conf
/etc/selinux/semanage.conf
/etc/selinux/targeted/setrans.conf
/etc/plymouth/plymouthd.conf
/etc/dracut.conf
/etc/sysctl.conf
/etc/host.conf
/etc/systemd/coredump.conf
/etc/systemd/journald.conf
/etc/systemd/logind.conf
/etc/systemd/resolved.conf
/etc/systemd/system.conf
/etc/systemd/user.conf
/etc/sysctl.d/99-sysctl.conf
/etc/tcsd.conf
/etc/X11/xorg.conf.d/00-keyboard.conf
/etc/sysconfig/nftables.conf
/etc/ld.so.conf
/etc/ld.so.conf.d/kernel-4.18.0-305.3.1.el8_4.x86_64.conf
/etc/nsswitch.conf
/etc/idmapd.conf
/etc/gcrypt/random.conf
/etc/NetworkManager/NetworkManager.conf
/etc/sestatus.conf
/etc/ssh/ssh_config.d/05-redhat.conf
/etc/logrotate.conf
/etc/libaudit.conf
/etc/xattr.conf
/etc/libreport/events.d/collect_dnf.conf
/etc/authselect/user-nsswitch.conf
/etc/fuse.conf
/etc/dbus-1/session.conf
/etc/dbus-1/system.conf
/etc/dbus-1/system.d/nm-dispatcher.conf
/etc/dbus-1/system.d/nm-ifcfg-rh.conf
/etc/dbus-1/system.d/org.freedesktop.NetworkManager.conf
/etc/dbus-1/system.d/org.freedesktop.PolicyKit1.conf
/etc/dbus-1/system.d/teamd.conf
/etc/dbus-1/system.d/com.redhat.tuned.conf
/etc/sasl2/smtpd.conf
/etc/prelink.conf.d/grub2.conf
/etc/rdma/modules/infiniband.conf
/etc/rdma/modules/iwarp.conf
/etc/rdma/modules/opa.conf
/etc/rdma/modules/rdma.conf
/etc/rdma/modules/roce.conf
/etc/rdma/mlx4.conf
/etc/udev/udev.conf
/etc/modprobe.d/mlx4.conf
/etc/modprobe.d/truescale.conf
/etc/modprobe.d/firewalld-sysctls.conf
/etc/modprobe.d/tuned.conf
/etc/openldap/ldap.conf
/etc/libuser.conf
/etc/krb5.conf
/etc/firewalld/firewalld.conf
/etc/tuned/tuned-main.conf
/etc/yum.conf
/etc/vmware-tools/vgauth.conf
/etc/kdump.conf
/etc/audit/auditd.conf
/etc/audit/plugins.d/af_unix.conf
/etc/rsyslog.conf
/etc/sudo-ldap.conf
/etc/sudo.conf
/etc/mke2fs.conf
/etc/man_db.conf
/etc/locale.conf
/etc/vconsole.conf
#查找/etc/下,除/etc/security和/etc/systemd两个目录的所有.conf后缀的文件
[root@rocky8 ~]# find /etc \( -path "/etc/security" -o -path "/etc/systemd" \) -a -prune -o -name "*.conf"
/etc/resolv.conf
/etc/dnf/protected.d/setup.conf
/etc/dnf/protected.d/dnf.conf
/etc/dnf/protected.d/systemd.conf
/etc/dnf/protected.d/yum.conf
/etc/dnf/protected.d/sudo.conf
/etc/dnf/dnf.conf
/etc/dnf/plugins/copr.conf
/etc/dnf/plugins/debuginfo-install.conf
/etc/pki/ca-trust/ca-legacy.conf
/etc/security
/etc/depmod.d/dist.conf
/etc/selinux/semanage.conf
/etc/selinux/targeted/setrans.conf
/etc/plymouth/plymouthd.conf
/etc/dracut.conf
/etc/sysctl.conf
/etc/host.conf
/etc/systemd
/etc/sysctl.d/99-sysctl.conf
/etc/tcsd.conf
/etc/X11/xorg.conf.d/00-keyboard.conf
/etc/sysconfig/nftables.conf
/etc/ld.so.conf
/etc/ld.so.conf.d/kernel-4.18.0-305.3.1.el8_4.x86_64.conf
/etc/nsswitch.conf
/etc/idmapd.conf
/etc/gcrypt/random.conf
/etc/NetworkManager/NetworkManager.conf
/etc/sestatus.conf
/etc/ssh/ssh_config.d/05-redhat.conf
/etc/logrotate.conf
/etc/libaudit.conf
/etc/xattr.conf
/etc/libreport/events.d/collect_dnf.conf
/etc/authselect/user-nsswitch.conf
/etc/fuse.conf
/etc/dbus-1/session.conf
/etc/dbus-1/system.conf
/etc/dbus-1/system.d/nm-dispatcher.conf
/etc/dbus-1/system.d/nm-ifcfg-rh.conf
/etc/dbus-1/system.d/org.freedesktop.NetworkManager.conf
/etc/dbus-1/system.d/org.freedesktop.PolicyKit1.conf
/etc/dbus-1/system.d/teamd.conf
/etc/dbus-1/system.d/com.redhat.tuned.conf
/etc/sasl2/smtpd.conf
/etc/prelink.conf.d/grub2.conf
/etc/rdma/modules/infiniband.conf
/etc/rdma/modules/iwarp.conf
/etc/rdma/modules/opa.conf
/etc/rdma/modules/rdma.conf
/etc/rdma/modules/roce.conf
/etc/rdma/mlx4.conf
/etc/udev/udev.conf
/etc/modprobe.d/mlx4.conf
/etc/modprobe.d/truescale.conf
/etc/modprobe.d/firewalld-sysctls.conf
/etc/modprobe.d/tuned.conf
/etc/openldap/ldap.conf
/etc/libuser.conf
/etc/krb5.conf
/etc/firewalld/firewalld.conf
/etc/tuned/tuned-main.conf
/etc/yum.conf
/etc/vmware-tools/vgauth.conf
/etc/kdump.conf
/etc/audit/auditd.conf
/etc/audit/plugins.d/af_unix.conf
/etc/rsyslog.conf
/etc/sudo-ldap.conf
/etc/sudo.conf
/etc/mke2fs.conf
/etc/man_db.conf
/etc/locale.conf
[root@rocky8 ~]# find /etc -name "*.conf"
/etc/resolv.conf
/etc/dnf/protected.d/setup.conf
/etc/dnf/protected.d/dnf.conf
/etc/dnf/protected.d/systemd.conf
/etc/dnf/protected.d/yum.conf
/etc/dnf/protected.d/sudo.conf
/etc/dnf/dnf.conf
/etc/dnf/plugins/copr.conf
/etc/dnf/plugins/debuginfo-install.conf
/etc/pki/ca-trust/ca-legacy.conf
/etc/security/pwquality.conf
/etc/security/access.conf
/etc/security/chroot.conf
/etc/security/faillock.conf
/etc/security/group.conf
/etc/security/limits.conf
/etc/security/namespace.conf
/etc/security/pam_env.conf
/etc/security/sepermit.conf
/etc/security/time.conf
/etc/depmod.d/dist.conf
/etc/selinux/semanage.conf
/etc/selinux/targeted/setrans.conf
/etc/plymouth/plymouthd.conf
/etc/dracut.conf
/etc/sysctl.conf
/etc/host.conf
/etc/systemd/coredump.conf
/etc/systemd/journald.conf
/etc/systemd/logind.conf
/etc/systemd/resolved.conf
/etc/systemd/system.conf
/etc/systemd/user.conf
/etc/sysctl.d/99-sysctl.conf
/etc/tcsd.conf
/etc/X11/xorg.conf.d/00-keyboard.conf
/etc/sysconfig/nftables.conf
/etc/ld.so.conf
/etc/ld.so.conf.d/kernel-4.18.0-305.3.1.el8_4.x86_64.conf
/etc/nsswitch.conf
/etc/idmapd.conf
/etc/gcrypt/random.conf
/etc/NetworkManager/NetworkManager.conf
/etc/sestatus.conf
/etc/ssh/ssh_config.d/05-redhat.conf
/etc/logrotate.conf
/etc/libaudit.conf
/etc/xattr.conf
/etc/libreport/events.d/collect_dnf.conf
/etc/authselect/user-nsswitch.conf
/etc/fuse.conf
/etc/dbus-1/session.conf
/etc/dbus-1/system.conf
/etc/dbus-1/system.d/nm-dispatcher.conf
/etc/dbus-1/system.d/nm-ifcfg-rh.conf
/etc/dbus-1/system.d/org.freedesktop.NetworkManager.conf
/etc/dbus-1/system.d/org.freedesktop.PolicyKit1.conf
/etc/dbus-1/system.d/teamd.conf
/etc/dbus-1/system.d/com.redhat.tuned.conf
/etc/sasl2/smtpd.conf
/etc/prelink.conf.d/grub2.conf
/etc/rdma/modules/infiniband.conf
/etc/rdma/modules/iwarp.conf
/etc/rdma/modules/opa.conf
/etc/rdma/modules/rdma.conf
/etc/rdma/modules/roce.conf
/etc/rdma/mlx4.conf
/etc/udev/udev.conf
/etc/modprobe.d/mlx4.conf
/etc/modprobe.d/truescale.conf
/etc/modprobe.d/firewalld-sysctls.conf
/etc/modprobe.d/tuned.conf
/etc/openldap/ldap.conf
/etc/libuser.conf
/etc/krb5.conf
/etc/firewalld/firewalld.conf
/etc/tuned/tuned-main.conf
/etc/yum.conf
/etc/vmware-tools/vgauth.conf
/etc/kdump.conf
/etc/audit/auditd.conf
/etc/audit/plugins.d/af_unix.conf
/etc/rsyslog.conf
/etc/sudo-ldap.conf
/etc/sudo.conf
/etc/mke2fs.conf
/etc/man_db.conf
/etc/locale.conf
/etc/vconsole.conf
#排除/proc和/sys目录
[root@rocky8 ~]# find / \( -path "/sys" -o -path "/proc" \) -a -prune -o -type f -a -mmin -1
/proc
/sys
1.2.9 根据文件大小来查找
-size [+|-]#UNIT
常用单位:k, M, G,c(byte),注意大小写敏感
#UNIT: (#-1, #]
如:6k 表示(5k,6k]
-#UNIT:[0,#-1]
如:-6k 表示[0,5k]
+#UNIT:(#,∞)
如:+6k 表示(6k,∞)
范例:
[root@rocky8 ~]# find / -size 10G #是9-10G
[root@rocky8 ~]# find / -size -10G #是0-9G
[root@rocky8 ~]# find / -size +10G #是10G以上
1.2.10 根据时间戳
#以“天”为单位
-atime [+|-]#
-mtime
-ctime
#: [#,#+1)
-#: [0,#)
+#: [#+1,∞]
-mtime 10
-mtime -10
-mtime +10
#以“分钟”为单位
-amin
-mmin
-cmin
范例:
[root@rocky8 ~]# find / -mtime 10 #是10-11天
[root@rocky8 ~]# find / -mtime -10 #是0-10天
[root@rocky8 ~]# find / -mtime +10 #是11天以上
1.2.11 根据权限查找
-perm [/|-]MODE
MODE: 精确权限匹配
/MODE:任何一类(u,g,o)对象的权限中只要能一位匹配即可,或关系,+ 从CentOS 7开始淘汰
-MODE:每一类对象都必须同时拥有指定权限,与关系
0 表示不关注
说明:
find -perm 755 会匹配权限模式恰好是755的文件
只要当任意人有写权限时,find -perm /222就会匹配
只有当每个人都有写权限时,find -perm -222才会匹配
只有当其它人(other)有写权限时,find -perm -002才会匹配
范例:
find -perm /222 这里的/ 斜线代表 或的关系, u、g、o 三个只要一个人有w权限就可以
find -perm -222 - 代表并且,就是都有的意思,表示u、g、o ,三个都要有w 权限
[root@rocky8 ~]# find /etc -perm -222
[root@rocky8 ~]# find /etc -perm -222 -ls
[root@rocky8 ~]# find /etc -perm -022 -ls
#0表示不关心
[root@rocky8 ~]# find /etc -perm -002
[root@rocky8 ~]# find /etc -perm /002
#上面两个命令执行结果是一样的
1.2.12 处理动作
-print:默认的处理动作,显示至屏幕
-ls:类似于对查找到的文件执行"ls -dils"命令格式输出
-fls file:查找到的所有文件的长格式信息保存至指定文件中,相当于 -ls > file
-delete:删除查找到的文件,慎用!
-ok COMMAND {} \; 对查找到的每个文件执行由COMMAND指定的命令,对于每个文件执行命令之前,都会交互式要求用户确认
-exec COMMAND {} \; 对查找到的每个文件执行由COMMAND指定的命令
{}: 用于引用查找到的文件名称自身
范例:
[root@rocky8 ~]# touch {a..c}.txt
[root@rocky8 ~]# ls *.txt
a.txt b.txt c.txt
[root@rocky8 ~]# find -name "*.txt" -delete
[root@rocky8 ~]# ls *.txt
ls: cannot access '*.txt': No such file or directory
#-delete 找到文件直接删除
[root@rocky8 ~]# touch {a..z}.txt
[root@rocky8 ~]# ls *.txt
a.txt c.txt e.txt g.txt i.txt k.txt m.txt o.txt q.txt s.txt u.txt w.txt y.txt
b.txt d.txt f.txt h.txt j.txt l.txt n.txt p.txt r.txt t.txt v.txt x.txt z.txt
[root@rocky8 ~]# find -name "*.txt" -ok mv {} /opt \;
< mv ... ./a.txt > ? y
< mv ... ./b.txt > ? y
< mv ... ./c.txt > ?
< mv ... ./d.txt > ?
< mv ... ./e.txt > ? ^C
#-ok 会询问
[root@rocky8 ~]# ls /opt
a.txt b.txt
[root@rocky8 ~]# find -name "*.txt" -exec mv {} /opt \;
[root@rocky8 ~]# ls /opt
a.txt c.txt e.txt g.txt i.txt k.txt m.txt o.txt q.txt s.txt u.txt w.txt y.txt
b.txt d.txt f.txt h.txt j.txt l.txt n.txt p.txt r.txt t.txt v.txt x.txt z.tx
#-exec 直接处理
[root@rocky8 ~]# find /opt -name "*.txt" -exec rm {} \;
[root@rocky8 ~]# ls /opt
#加rm 会直接删除,很危险,小心使用
范例:
#备份配置文件,添加.orig这个扩展名
[root@rocky8 ~]# find -name ".conf" -exec cp {} {}.orig \;
#提示删除存在时间超过3天以上的jack的临时文件
[root@rocky8 ~]# find /tmp -ctime +3 -user jack -ok rm {} \;
#在主目录中寻找可被其它用户写入的文件
[root@rocky8 ~]# find ~ -perm -002 -exec chmod o-w {} \;
#查找/data下的权限为644,后缀为sh的普通文件,增加执行权限
[root@rocky8 ~]# find /data –type f -perm 644 -name "*.sh" –exec chmod 755 {} \;
1.3 参数替换 xargs
由于很多命令不支持管道|来传递参数,xargs用于产生某个命令的参数,xargs 可以读入 stdin 的数据,并且以空格符或回车符将 stdin 的数据分隔成为参数,另外,许多命令不能接受过多参数,命令执行可能会失败,xargs 可以解决
注意:文件名或者是其他意义的名词内含有空格符的情况
find 经常和 xargs 命令进行组合,形式如下:
find | xargs COMMAND
范例::
[root@rocky8 ~]# echo {a..z}
a b c d e f g h i j k l m n o p q r s t u v w x y z
[root@rocky8 ~]# echo {a..z} |xargs echo
a b c d e f g h i j k l m n o p q r s t u v w x y z
[root@rocky8 ~]# cd /opt;echo {a..z}.txt |xargs touch
[root@rocky8 opt]# ls
a.txt c.txt e.txt g.txt i.txt k.txt m.txt o.txt q.txt s.txt u.txt w.txt y.txt
b.txt d.txt f.txt h.txt j.txt l.txt n.txt p.txt r.txt t.txt v.txt x.txt z.txt
#xargs 把前一个命令的结果 接收,传给后一个命令当输入
[root@rocky8 opt]# rm -f *
[root@rocky8 opt]# ls
[root@rocky8 opt]# echo {a..z} |xargs -n1 echo
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
#-n1 一个传一个参数
[root@rocky8 opt]# echo {a..z} |xargs -n2 echo
a b
c d
e f
g h
i j
k l
m n
o p
q r
s t
u v
w x
y z
[root@rocky8 opt]# echo {a..z} |xargs -n3 echo
a b c
d e f
g h i
j k l
m n o
p q r
s t u
v w x
y z
[root@rocky8 opt]# echo user{1..100} | xargs -n1 useradd
#批量创建100个账户
[root@rocky8 opt]# echo user{1..100} | xargs -n 1 userdel -r
#批量删除100个账户
范例:
[root@rocky8 opt]# xargs
1
2
3
1 2 3
[root@rocky8 opt]# xargs echo
1
2
3
1 2 3
#显示10个数字
[root@rocky8 opt]# seq 10 | xargs
1 2 3 4 5 6 7 8 9 10
#删除当前目录下的大量文件
[root@rocky8 opt]# ls | xargs rm
#对文件排序显示
[root@rocky8 opt]# find -name "*.sh" | xargs ls -Sl
#这个命令是错误的
[root@rocky8 opt]# find /sbin/ -perm /700 | ls -l
#查找有特殊权限的文件,并排序
[root@rocky8 opt]# find /bin/ -perm /7000 | xargs ls -Sl
---s--x--x. 1 root root 165632 May 19 11:01 /bin/sudo
-rwsr-xr-x. 1 root root 84368 May 19 11:02 /bin/gpasswd
-rwsr-xr-x. 1 root root 79616 May 19 11:02 /bin/chage
-rwsr-xr-x. 1 root root 63368 Mar 15 2021 /bin/crontab
-rwsr-xr-x. 1 root root 58768 Apr 12 08:29 /bin/at
-rwsr-xr-x. 1 root root 50584 May 19 11:01 /bin/mount
-rwsr-xr-x. 1 root root 50464 May 19 11:01 /bin/su
-rwsr-xr-x. 1 root root 43560 May 19 11:02 /bin/newgrp
-rwsr-xr-x. 1 root root 37720 Apr 12 09:30 /bin/fusermount
-rws--x--x. 1 root root 33944 May 19 11:01 /bin/chfn
-rwsr-xr-x. 1 root root 33776 May 19 11:01 /bin/umount
-rwsr-xr-x. 1 root root 33544 Mar 15 2021 /bin/passwd
-rwsr-xr-x. 1 root root 28976 Jun 11 08:16 /bin/pkexec
-rws--x--x. 1 root root 25552 May 19 11:01 /bin/chsh
-rwxr-sr-x. 1 root tty 21368 May 19 11:01 /bin/write
#此命令和上面有何区别?
[root@rocky8 opt]# find /bin/ -perm -7000 | xargs ls -Sl
#以字符nul分隔
[root@rocky8 ~]# touch "a b.txt"
[root@rocky8 ~]# ls *.txt
'a b.txt'
[root@rocky8 ~]# find -name "*.txt" |xargs rm
rm: cannot remove './a': No such file or directory
rm: cannot remove 'b.txt': No such file or directory
[root@rocky8 ~]# find -name "*.txt" -print0 |xargs -0 rm
[root@rocky8 ~]# ls *.txt
ls: cannot access '*.txt': No such file or directory
#并发执行多个进程
[root@rocky8 opt]# seq 100 | xargs -i -P10 wget -P /data http://172.31.1.8/{}.html
1.4 练习
1、查找/var目录下属主为root,且属组为mail的所有文件
2、查找/var目录下不属于root、lp、gdm的所有文件
3、查找/var目录下最近一周内其内容修改过,同时属主不为root,也不是postfix的文件
4、查找当前系统上没有属主或属组,且最近一个周内曾被访问过的文件
5、查找/etc目录下大于1M且类型为普通文件的所有文件
6、查找/etc目录下所有用户都没有写权限的文件
7、查找/etc目录下至少有一类用户没有执行权限的文件
8、查找/etc/init.d目录下,所有用户都有执行权限,且其它用户有写权限的文件