23.第七章 Linux文件查找(一)

1.文件查找

在文件系统上查找符合条件的文件

文件查找:locate, find

  • 非实时查找(数据库查找):locate
  • 实时查找:find

1.1 locate

locate 查询系统上预建的文件索引数据库 /var/lib/mlocate/mlocate.db

索引的构建是在系统较为空闲时自动进行(周期性任务),执行updatedb可以更新数据库

索引构建过程需要遍历整个根文件系统,很消耗资源

来自于mlocate包

工作特点:

  • 查找速度快
  • 模糊查找
  • 非实时查找
  • 搜索的是文件的全路径,不仅仅是文件名
  • 可能只搜索用户具备读取和执行权限的目录

格式:

locate [OPTION]... [PATTERN]...

常用选项

-i 不区分大小写的搜索
-n N 只列举前N个匹配项目
-r 使用基本正则表达式

范例: locatedb创建数据库

[root@rocky8 ~]# locate passwd
-bash: locate: command not found
[root@rocky8 ~]# dnf provides locate
Last metadata expiration check: 18:19:06 ago on Sun 10 Oct 2021 06:59:53 PM CST.
mlocate-0.26-20.el8.x86_64 : An utility for finding files by name
Repo        : BaseOS
Matched from:
Filename    : /usr/bin/locate

[root@rocky8 ~]# dnf -y install mlocate

[root@rocky8 ~]# locate passwd
locate: can not stat () `/var/lib/mlocate/mlocate.db': No such file or directory
[root@rocky8 ~]# ll /var/lib/mlocate/mlocate.db
ls: cannot access '/var/lib/mlocate/mlocate.db': No such file or directory
[root@rocky8 ~]# updatedb
[root@rocky8 ~]# ll /var/lib/mlocate/mlocate.db
-rw-r----- 1 root slocate 1039430 Oct 11 13:20 /var/lib/mlocate/mlocate.db
[root@rocky8 ~]# locate passwd
/etc/passwd
/etc/passwd-
/etc/data2021-10-09_14-26-54/passwd
/etc/data2021-10-09_14-26-54/passwd-
/etc/data2021-10-09_14-26-54/pam.d/passwd
/etc/data2021-10-09_14-26-54/security/opasswd
/etc/data2021-10-09_14-27-19/security/opasswd
/etc/pam.d/passwd
/etc/security/opasswd
/usr/bin/gpasswd
/usr/bin/grub2-mkpasswd-pbkdf2
/usr/bin/htpasswd
/usr/bin/passwd
/usr/lib/firewalld/services/kpasswd.xml
/usr/lib64/security/pam_unix_passwd.so
/usr/sbin/chgpasswd
/usr/sbin/chpasswd
/usr/sbin/lpasswd
/usr/sbin/saslpasswd2
/usr/share/awk/passwd.awk
/usr/share/doc/passwd
/usr/share/doc/passwd/AUTHORS
/usr/share/doc/passwd/ChangeLog
/usr/share/doc/passwd/NEWS
/usr/share/licenses/passwd
/usr/share/licenses/passwd/COPYING
/usr/share/locale/ar/LC_MESSAGES/passwd.mo
/usr/share/locale/as/LC_MESSAGES/passwd.mo
/usr/share/locale/ast/LC_MESSAGES/passwd.mo
/usr/share/locale/bg/LC_MESSAGES/passwd.mo
/usr/share/locale/bn/LC_MESSAGES/passwd.mo
/usr/share/locale/bn_IN/LC_MESSAGES/passwd.mo
/usr/share/locale/bs/LC_MESSAGES/passwd.mo
/usr/share/locale/ca/LC_MESSAGES/passwd.mo
/usr/share/locale/cs/LC_MESSAGES/passwd.mo
/usr/share/locale/cy/LC_MESSAGES/passwd.mo
/usr/share/locale/da/LC_MESSAGES/passwd.mo
/usr/share/locale/de/LC_MESSAGES/passwd.mo
/usr/share/locale/el/LC_MESSAGES/passwd.mo
/usr/share/locale/en_GB/LC_MESSAGES/passwd.mo
/usr/share/locale/es/LC_MESSAGES/passwd.mo
/usr/share/locale/et/LC_MESSAGES/passwd.mo
/usr/share/locale/eu/LC_MESSAGES/passwd.mo
/usr/share/locale/fa/LC_MESSAGES/passwd.mo
/usr/share/locale/fi/LC_MESSAGES/passwd.mo
/usr/share/locale/fr/LC_MESSAGES/passwd.mo
/usr/share/locale/gl/LC_MESSAGES/passwd.mo
/usr/share/locale/gu/LC_MESSAGES/passwd.mo
/usr/share/locale/he/LC_MESSAGES/passwd.mo
/usr/share/locale/hi/LC_MESSAGES/passwd.mo
/usr/share/locale/hr/LC_MESSAGES/passwd.mo
/usr/share/locale/hu/LC_MESSAGES/passwd.mo
/usr/share/locale/hy/LC_MESSAGES/passwd.mo
/usr/share/locale/id/LC_MESSAGES/passwd.mo
/usr/share/locale/is/LC_MESSAGES/passwd.mo
/usr/share/locale/it/LC_MESSAGES/passwd.mo
/usr/share/locale/ja/LC_MESSAGES/passwd.mo
/usr/share/locale/ka/LC_MESSAGES/passwd.mo
/usr/share/locale/kn/LC_MESSAGES/passwd.mo
/usr/share/locale/ko/LC_MESSAGES/passwd.mo
/usr/share/locale/ku/LC_MESSAGES/passwd.mo
/usr/share/locale/lo/LC_MESSAGES/passwd.mo
/usr/share/locale/mk/LC_MESSAGES/passwd.mo
/usr/share/locale/ml/LC_MESSAGES/passwd.mo
/usr/share/locale/mr/LC_MESSAGES/passwd.mo
/usr/share/locale/ms/LC_MESSAGES/passwd.mo
/usr/share/locale/my/LC_MESSAGES/passwd.mo
/usr/share/locale/nb/LC_MESSAGES/passwd.mo
/usr/share/locale/nds/LC_MESSAGES/passwd.mo
/usr/share/locale/nl/LC_MESSAGES/passwd.mo
/usr/share/locale/nn/LC_MESSAGES/passwd.mo
/usr/share/locale/or/LC_MESSAGES/passwd.mo
/usr/share/locale/pa/LC_MESSAGES/passwd.mo
/usr/share/locale/pl/LC_MESSAGES/passwd.mo
/usr/share/locale/pt/LC_MESSAGES/passwd.mo
/usr/share/locale/pt_BR/LC_MESSAGES/passwd.mo
/usr/share/locale/ro/LC_MESSAGES/passwd.mo
/usr/share/locale/ru/LC_MESSAGES/passwd.mo
/usr/share/locale/si/LC_MESSAGES/passwd.mo
/usr/share/locale/sk/LC_MESSAGES/passwd.mo
/usr/share/locale/sl/LC_MESSAGES/passwd.mo
/usr/share/locale/sq/LC_MESSAGES/passwd.mo
/usr/share/locale/sr/LC_MESSAGES/passwd.mo
/usr/share/locale/sr@latin/LC_MESSAGES/passwd.mo
/usr/share/locale/sv/LC_MESSAGES/passwd.mo
/usr/share/locale/ta/LC_MESSAGES/passwd.mo
/usr/share/locale/te/LC_MESSAGES/passwd.mo
/usr/share/locale/tr/LC_MESSAGES/passwd.mo
/usr/share/locale/uk/LC_MESSAGES/passwd.mo
/usr/share/locale/ur/LC_MESSAGES/passwd.mo
/usr/share/locale/vi/LC_MESSAGES/passwd.mo
/usr/share/locale/wa/LC_MESSAGES/passwd.mo
/usr/share/locale/zh_CN/LC_MESSAGES/passwd.mo
/usr/share/locale/zh_TW/LC_MESSAGES/passwd.mo
/usr/share/man/cs/man1/gpasswd.1.gz
/usr/share/man/de/man1/gpasswd.1.gz
/usr/share/man/de/man8/chgpasswd.8.gz
/usr/share/man/de/man8/chpasswd.8.gz
/usr/share/man/fr/man1/gpasswd.1.gz
/usr/share/man/fr/man8/chgpasswd.8.gz
/usr/share/man/fr/man8/chpasswd.8.gz
/usr/share/man/hu/man1/gpasswd.1.gz
/usr/share/man/it/man1/gpasswd.1.gz
/usr/share/man/it/man8/chgpasswd.8.gz
/usr/share/man/it/man8/chpasswd.8.gz
/usr/share/man/ja/man1/gpasswd.1.gz
/usr/share/man/ja/man1/passwd.1.gz
/usr/share/man/ja/man8/chpasswd.8.gz
/usr/share/man/man1/gpasswd.1.gz
/usr/share/man/man1/grub2-mkpasswd-pbkdf2.1.gz
/usr/share/man/man1/htpasswd.1.gz
/usr/share/man/man1/lpasswd.1.gz
/usr/share/man/man1/openssl-passwd.1ssl.gz
/usr/share/man/man1/passwd.1.gz
/usr/share/man/man1/sslpasswd.1ssl.gz
/usr/share/man/man8/chgpasswd.8.gz
/usr/share/man/man8/chpasswd.8.gz
/usr/share/man/pt_BR/man1/gpasswd.1.gz
/usr/share/man/ru/man1/gpasswd.1.gz
/usr/share/man/ru/man8/chgpasswd.8.gz
/usr/share/man/ru/man8/chpasswd.8.gz
/usr/share/man/zh_CN/man1/gpasswd.1.gz
/usr/share/man/zh_CN/man8/chgpasswd.8.gz
/usr/share/man/zh_CN/man8/chpasswd.8.gz
/usr/share/man/zh_TW/man8/chpasswd.8.gz
/usr/share/vim/vim80/ftplugin/passwd.vim
/usr/share/vim/vim80/syntax/passwd.vim
/var/lib/sss/mc/passwd

范例:

#搜索名称或路径中包含“conf”的文件
locate conf
#使用Regex来搜索以“.conf”结尾的文件
locate -r '\.conf$'

范例:

[root@rocky8 ~]# locate -n 10 -ir '\.conf$'
/boot/loader/entries/ad9d4d0a9e7a41c6ba47c505d1172547-0-rescue.conf
/boot/loader/entries/ad9d4d0a9e7a41c6ba47c505d1172547-4.18.0-305.3.1.el8_4.x86_64.conf
/etc/dracut.conf
/etc/fuse.conf
/etc/host.conf
/etc/idmapd.conf
/etc/kdump.conf
/etc/krb5.conf
/etc/ld.so.conf
/etc/libaudit.conf

[root@rocky8 ~]# touch test.log
[root@rocky8 ~]# locate test.log
[root@rocky8 ~]# updatedb
[root@rocky8 ~]# locate test.log
/root/test.log

1.2 find

find 是实时查找工具,通过遍历指定路径完成文件查找

工作特点:

  • 查找速度略慢
  • 精确查找
  • 实时查找
  • 查找条件丰富
  • 可能只搜索用户具备读取和执行权限的目录

格式:

find [OPTION]... [查找路径] [查找条件] [处理动作]

查找路径:指定具体目标路径;默认为当前目录

查找条件:指定的查找标准,可以文件名、大小、类型、权限等标准进行;默认为找出指定路径下的所有文件

处理动作:对符合条件的文件做操作,默认输出至屏幕

范例:

[root@rocky8 ~]# find
.
./.cshrc
./.tcshrc
./anaconda-screenshots
./anaconda-screenshots/screenshot-0000.png
./anaconda-screenshots/screenshot-0001.png
./anaconda-screenshots/screenshot-0002.png
./anaconda-ks.cfg
./.bash_history
./.bash_profile
./.vimrc
./.bash_logout
./.lesshst
./.bashrc
./.viminfo
./test.log
#默认在当前目录下查找

[root@rocky8 ~]# mkdir -p d1/d2/d3
[root@rocky8 ~]# touch d1/d2/d3/a.txt
[root@rocky8 ~]# find
.
./.cshrc
./.tcshrc
./anaconda-screenshots
./anaconda-screenshots/screenshot-0000.png
./anaconda-screenshots/screenshot-0001.png
./anaconda-screenshots/screenshot-0002.png
./anaconda-ks.cfg
./.bash_history
./.bash_profile
./.vimrc
./.bash_logout
./.lesshst
./.bashrc
./.viminfo
./test.log
./d1
./d1/d2
./d1/d2/d3
./d1/d2/d3/a.txt
#默认递归查找

1.2.1 指定搜索目录层级

-maxdepth level 最大搜索目录深度,指定目录下的文件为第1级
-mindepth level 最小搜索目录深度

范例:

[root@rocky8 ~]# find /etc -maxdepth 1
#-maxdepth 1 最大一层

[root@rocky8 ~]# find /etc -maxdepth 3 -mindepth 2
#最大3层,最小2层

[root@rocky8 ~]# find /etc -maxdepth 2 -mindepth 2
#查看第2层,最大和最小都是2层

1.2.2 对每个目录先处理目录内的文件,再处理目录本身

-depth -d

范例:

[root@rocky8 ~]# mkdir /data/test/test2/test3 -p
[root@rocky8 ~]# touch /data/test/f{1..2}.txt
[root@rocky8 ~]# touch /data/test/test2/test3/f{3..4}.txt
[root@rocky8 ~]# tree /data/test
/data/test
├── f1.txt
├── f2.txt
└── test2
    └── test3
        ├── f3.txt
        └── f4.txt

2 directories, 4 files

[root@rocky8 ~]# find /data/test
/data/test
/data/test/test2
/data/test/test2/test3
/data/test/test2/test3/f3.txt
/data/test/test2/test3/f4.txt
/data/test/f1.txt
/data/test/f2.txt

[root@rocky8 ~]# find /data/test -depth
/data/test/test2/test3/f3.txt
/data/test/test2/test3/f4.txt
/data/test/test2/test3
/data/test/test2
/data/test/f1.txt
/data/test/f2.txt
/data/test

1.2.3 根据文件名和inode查找

-name "文件名称":支持使用glob,如:*, ?, [], [^],通配符要加双引号引起来
-iname "文件名称":不区分字母大小写
-inum n 按inode号查找
-samefile name 相同inode号的文件
-links n 链接数为n的文件
-regex “PATTERN”:以PATTERN匹配整个文件路径,而非文件名称

范例:

[root@rocky8 ~]# find /etc/ -name *.conf

[root@rocky8 ~]# touch a.conf
[root@rocky8 ~]# find /etc/ -name *.conf

[root@rocky8 ~]# find /etc/ -name "*.conf"
#一定要加双引号,不然如果当前目录下有.conf结尾的文件,就找不到了

[root@rocky8 ~]# find /etc/ -regex ".*\.txt$"
/etc/pki/nssdb/pkcs11.txt
/etc/data2021-10-09_14-26-54/pki/nssdb/pkcs11.txt
/etc/data2021-10-09_14-27-19/pki/nssdb/pkcs11.txt
#用正则表达式,要全部表示出来

[root@rocky8 ~]# find /etc/ -regex "\.txt$"
#如果不写全路径,是搜不出来的

1.2.4 根据属主、属组查找

-user USERNAME:查找属主为指定用户(UID)的文件
-group GRPNAME: 查找属组为指定组(GID)的文件
-uid UserID:查找属主为指定的UID号的文件
-gid GroupID:查找属组为指定的GID号的文件
-nouser:查找没有属主的文件
-nogroup:查找没有属组的文件

范例:

[root@rocky8 ~]# find /home -nouser
[root@rocky8 ~]# useradd tom
[root@rocky8 ~]# ll /home
total 0
drwx------ 2 raymond raymond 62 Oct 11 13:53 raymond
drwx------ 2 tom     tom     62 Oct 11 13:53 tom
[root@rocky8 ~]# userdel tom
[root@rocky8 ~]# ll /home
total 0
drwx------ 2 raymond raymond 62 Oct 11 13:53 raymond
drwx------ 2    1001    1001 62 Oct 11 13:53 tom
[root@rocky8 ~]# find /home -nouser
/home/tom
/home/tom/.bash_logout
/home/tom/.bash_profile
/home/tom/.bashrc

[root@rocky8 ~]#  find /home -nogroup
/home/tom
/home/tom/.bash_logout
/home/tom/.bash_profile
/home/tom/.bashrc

[root@rocky8 ~]# useradd -u 1001 jack
[root@rocky8 ~]# find /home -nouser
[root@rocky8 ~]# ll /home
total 0
drwx------ 2 jack    jack    62 Oct 11 13:55 jack
drwx------ 2 raymond raymond 62 Oct 11 13:53 raymond
drwx------ 2 jack    jack    62 Oct 11 13:53 tom
#系统是根据ID来判断身份的

[root@rocky8 ~]# id jack
uid=1001(jack) gid=1001(jack) groups=1001(jack)

1.2.5 根据文件类型查找

-type TYPE

TYPE可以是以下形式:
f: 普通文件
d: 目录文件
l: 符号链接文件
s:套接字文件
b: 块设备文件
c: 字符设备文件
p: 管道文件

范例:

[root@rocky8 ~]# find / -type s
/run/vmware/guestServicePipe
/run/dbus/system_bus_socket
/run/.heim_org.h5l.kcm-socket
/run/user/0/bus
/run/user/0/systemd/private
/run/user/0/systemd/notify
/run/udev/control
/run/systemd/coredump
/run/systemd/private
/run/systemd/journal/dev-log
/run/systemd/journal/socket
/run/systemd/journal/stdout
/run/systemd/cgroups-agent
/run/systemd/notify
/run/systemd/inaccessible/sock
/var/lib/sss/pipes/private/sbus-monitor
/var/lib/sss/pipes/private/sbus-dp_implicit_files.778
/var/lib/sss/pipes/nss

[root@rocky8 ~]# find / -type s -ls
    25848      0 srw-rw-rw-   1  root     root            0 Oct 11 13:47 /run/vmware/guestServicePipe
    24295      0 srw-rw-rw-   1  root     root            0 Oct 11 13:47 /run/dbus/system_bus_socket
    24291      0 srw-rw-rw-   1  root     root            0 Oct 11 13:47 /run/.heim_org.h5l.kcm-socket
    28702      0 srw-rw-rw-   1  root     root            0 Oct 11 13:47 /run/user/0/bus
    28695      0 srwxr-xr-x   1  root     root            0 Oct 11 13:47 /run/user/0/systemd/private
    28691      0 srwxr-xr-x   1  root     root            0 Oct 11 13:47 /run/user/0/systemd/notify
    22130      0 srw-------   1  root     root            0 Oct 11 13:47 /run/udev/control
    22127      0 srw-------   1  root     root            0 Oct 11 13:47 /run/systemd/coredump
    22116      0 srwxrwxrwx   1  root     root            0 Oct 11 13:47 /run/systemd/private
    13288      0 srw-rw-rw-   1  root     root            0 Oct 11 13:47 /run/systemd/journal/dev-log
    13170      0 srw-rw-rw-   1  root     root            0 Oct 11 13:47 /run/systemd/journal/socket
    13167      0 srw-rw-rw-   1  root     root            0 Oct 11 13:47 /run/systemd/journal/stdout
    13150      0 srwx------   1  root     root            0 Oct 11 13:47 /run/systemd/cgroups-agent
    13148      0 srwxrwxrwx   1  root     root            0 Oct 11 13:47 /run/systemd/notify
    12887      0 s---------   1  root     root            0 Oct 11 13:47 /run/systemd/inaccessible/sock
 67632837      0 srw-------   1  root     root            0 Oct 11 13:47 /var/lib/sss/pipes/private/sbus-monitor
 67632839      0 srw-------   1  root     root            0 Oct 11 13:47 /var/lib/sss/pipes/private/sbus-dp_implicit_files.778
   505672      0 srw-rw-rw-   1  root     root            0 Oct 11 13:47 /var/lib/sss/pipes/nss

1.2.6 空文件或目录

-empty

范例:

[root@rocky8 ~]# find /data -type d -empty
/data

1.2.7 组合条件

与:-a ,默认多个条件是与关系
或:-o
非:-not !

范例:

[root@rocky8 ~]# find /home -type f -user raymond
/home/raymond/.bash_logout
/home/raymond/.bash_profile
/home/raymond/.bashrc

[root@rocky8 ~]#  find /home -type f -a -user raymond
/home/raymond/.bash_logout
/home/raymond/.bash_profile
/home/raymond/.bashrc

[root@rocky8 ~]# find /home -type f -a -user raymond -ls
202128611      4 -rw-r--r--   1  raymond  raymond        18 Jun 17 07:42 /home/raymond/.bash_logout
202128612      4 -rw-r--r--   1  raymond  raymond       141 Jun 17 07:42 /home/raymond/.bash_profile
202128613      4 -rw-r--r--   1  raymond  raymond       376 Jun 17 07:42 /home/raymond/.bashrc

[root@rocky8 ~]# find /home -type f -o -user raymond
/home/raymond
/home/raymond/.bash_logout
/home/raymond/.bash_profile
/home/raymond/.bashrc
/home/tom/.bash_logout
/home/tom/.bash_profile
/home/tom/.bashrc
/home/jack/.bash_logout
/home/jack/.bash_profile
/home/jack/.bashrc

[root@rocky8 ~]# find /home -type f -o -user raymond -ls
202128610      0 drwx------   2  raymond  raymond        62 Oct 11 13:53 /home/raymond

[root@rocky8 ~]# find /home \( -type f -o -user raymond \) -ls
202128610      0 drwx------   2  raymond  raymond        62 Oct 11 13:53 /home/raymond
202128611      4 -rw-r--r--   1  raymond  raymond        18 Jun 17 07:42 /home/raymond/.bash_logout
202128612      4 -rw-r--r--   1  raymond  raymond       141 Jun 17 07:42 /home/raymond/.bash_profile
202128613      4 -rw-r--r--   1  raymond  raymond       376 Jun 17 07:42 /home/raymond/.bashrc
   505677      4 -rw-r--r--   1  jack     jack           18 Jun 17 07:42 /home/tom/.bash_logout
   505678      4 -rw-r--r--   1  jack     jack          141 Jun 17 07:42 /home/tom/.bash_profile
   505679      4 -rw-r--r--   1  jack     jack          376 Jun 17 07:42 /home/tom/.bashrc
 67632516      4 -rw-r--r--   1  jack     jack           18 Jun 17 07:42 /home/jack/.bash_logout
 67632843      4 -rw-r--r--   1  jack     jack          141 Jun 17 07:42 /home/jack/.bash_profile
 67632844      4 -rw-r--r--   1  jack     jack          376 Jun 17 07:42 /home/jack/.bashrc
#用()小括号 ,在find 里要用斜线

德·摩根定律:

  • (非 A) 或 (非 B) = 非(A 且 B)
  • (非 A) 且 (非 B) = 非(A 或 B)

示例:

!A -a !B = !(A -o B)
!A -o !B = !(A -a B)

23.第七章 Linux文件查找(一)
(非A)或(非B) =非(A且B) 非A :1、4 非B:1、3 结果:1、3、4

非(A且B) 既是A、又是B:2,非(A且B):1、3、4

范例:

[root@rocky8 ~]#  find /home ! -user raymond ! -user jack
/home

[root@rocky8 ~]#  find /home ! \( -user raymond -o -user jack \)
/home

范例:

[root@rocky8 ~]# find -user jack -group jack
[root@rocky8 ~]# find -user jack -not -group jack
[root@rocky8 ~]# find -user jack -o -user raymond
[root@rocky8 ~]# find -not \( -user jack -o -user raymond \)
.
./.bash_logout
./.bash_profile
./.bashrc
./.cshrc
./.tcshrc
./anaconda-screenshots
./anaconda-screenshots/screenshot-0000.png
./anaconda-screenshots/screenshot-0001.png
./anaconda-screenshots/screenshot-0002.png
./anaconda-ks.cfg
./.vimrc
./.bash_history

[root@rocky8 ~]# find / -user jack -o -uid 500
find: ‘/proc/1467/task/1467/fd/7’: No such file or directory
find: ‘/proc/1467/task/1467/fdinfo/7’: No such file or directory
find: ‘/proc/1467/fd/6’: No such file or directory
find: ‘/proc/1467/fdinfo/6’: No such file or directory
/var/spool/mail/tom
/var/spool/mail/jack
/home/tom
/home/tom/.bash_logout
/home/tom/.bash_profile
/home/tom/.bashrc
/home/jack
/home/jack/.bash_logout
/home/jack/.bash_profile
/home/jack/.bashrc

[root@rocky8 ~]# find ! \( -type d -a -empty \)| wc -l
13
[root@rocky8 ~]# find ! -type d -o ! -empty |wc -l
13

[root@rocky8 ~]# find ! -user raymond ! -user jack
.
./.bash_logout
./.bash_profile
./.bashrc
./.cshrc
./.tcshrc
./anaconda-screenshots
./anaconda-screenshots/screenshot-0000.png
./anaconda-screenshots/screenshot-0001.png
./anaconda-screenshots/screenshot-0002.png
./anaconda-ks.cfg
./.vimrc
./.bash_history

[root@rocky8 ~]# find /home ! \( -user raymond -o -user jack \)
/home
[root@rocky8 ~]# find ! -user raymond -a ! -user jack
.
./.bash_logout
./.bash_profile
./.bashrc
./.cshrc
./.tcshrc
./anaconda-screenshots
./anaconda-screenshots/screenshot-0000.png
./anaconda-screenshots/screenshot-0001.png
./anaconda-screenshots/screenshot-0002.png
./anaconda-ks.cfg
./.vimrc
./.bash_history

#找出/tmp目录下,属主不是root,且文件名不以f开头的文件
[root@rocky8 ~]# find /tmp \( -not -user root -a -not -name 'f*' \) -ls
[root@rocky8 ~]# find /tmp -not \( -user root -o -name 'f*' \) –ls
find: paths must precede expression: –ls
Usage: find [-H] [-L] [-P] [-Olevel] [-D help|tree|search|stat|rates|opt|exec] [path...] [expression]

1.2.8 排除目录

范例:

#查找/etc/下,除/etc/security目录的其它所有.conf后缀的文件
[root@rocky8 ~]# find /etc -path '/etc/security' -a -prune -o -name "*.conf"
/etc/resolv.conf
/etc/dnf/protected.d/setup.conf
/etc/dnf/protected.d/dnf.conf
/etc/dnf/protected.d/systemd.conf
/etc/dnf/protected.d/yum.conf
/etc/dnf/protected.d/sudo.conf
/etc/dnf/dnf.conf
/etc/dnf/plugins/copr.conf
/etc/dnf/plugins/debuginfo-install.conf
/etc/pki/ca-trust/ca-legacy.conf
/etc/security
/etc/depmod.d/dist.conf
/etc/selinux/semanage.conf
/etc/selinux/targeted/setrans.conf
/etc/plymouth/plymouthd.conf
/etc/dracut.conf
/etc/sysctl.conf
/etc/host.conf
/etc/systemd/coredump.conf
/etc/systemd/journald.conf
/etc/systemd/logind.conf
/etc/systemd/resolved.conf
/etc/systemd/system.conf
/etc/systemd/user.conf
/etc/sysctl.d/99-sysctl.conf
/etc/tcsd.conf
/etc/X11/xorg.conf.d/00-keyboard.conf
/etc/sysconfig/nftables.conf
/etc/ld.so.conf
/etc/ld.so.conf.d/kernel-4.18.0-305.3.1.el8_4.x86_64.conf
/etc/nsswitch.conf
/etc/idmapd.conf
/etc/gcrypt/random.conf
/etc/NetworkManager/NetworkManager.conf
/etc/sestatus.conf
/etc/ssh/ssh_config.d/05-redhat.conf
/etc/logrotate.conf
/etc/libaudit.conf
/etc/xattr.conf
/etc/libreport/events.d/collect_dnf.conf
/etc/authselect/user-nsswitch.conf
/etc/fuse.conf
/etc/dbus-1/session.conf
/etc/dbus-1/system.conf
/etc/dbus-1/system.d/nm-dispatcher.conf
/etc/dbus-1/system.d/nm-ifcfg-rh.conf
/etc/dbus-1/system.d/org.freedesktop.NetworkManager.conf
/etc/dbus-1/system.d/org.freedesktop.PolicyKit1.conf
/etc/dbus-1/system.d/teamd.conf
/etc/dbus-1/system.d/com.redhat.tuned.conf
/etc/sasl2/smtpd.conf
/etc/prelink.conf.d/grub2.conf
/etc/rdma/modules/infiniband.conf
/etc/rdma/modules/iwarp.conf
/etc/rdma/modules/opa.conf
/etc/rdma/modules/rdma.conf
/etc/rdma/modules/roce.conf
/etc/rdma/mlx4.conf
/etc/udev/udev.conf
/etc/modprobe.d/mlx4.conf
/etc/modprobe.d/truescale.conf
/etc/modprobe.d/firewalld-sysctls.conf
/etc/modprobe.d/tuned.conf
/etc/openldap/ldap.conf
/etc/libuser.conf
/etc/krb5.conf
/etc/firewalld/firewalld.conf
/etc/tuned/tuned-main.conf
/etc/yum.conf
/etc/vmware-tools/vgauth.conf
/etc/kdump.conf
/etc/audit/auditd.conf
/etc/audit/plugins.d/af_unix.conf
/etc/rsyslog.conf
/etc/sudo-ldap.conf
/etc/sudo.conf
/etc/mke2fs.conf
/etc/man_db.conf
/etc/locale.conf
/etc/vconsole.conf

#查找/etc/下,除/etc/security和/etc/systemd两个目录的所有.conf后缀的文件
[root@rocky8 ~]# find /etc \( -path "/etc/security" -o -path "/etc/systemd" \) -a -prune -o -name "*.conf"
/etc/resolv.conf
/etc/dnf/protected.d/setup.conf
/etc/dnf/protected.d/dnf.conf
/etc/dnf/protected.d/systemd.conf
/etc/dnf/protected.d/yum.conf
/etc/dnf/protected.d/sudo.conf
/etc/dnf/dnf.conf
/etc/dnf/plugins/copr.conf
/etc/dnf/plugins/debuginfo-install.conf
/etc/pki/ca-trust/ca-legacy.conf
/etc/security
/etc/depmod.d/dist.conf
/etc/selinux/semanage.conf
/etc/selinux/targeted/setrans.conf
/etc/plymouth/plymouthd.conf
/etc/dracut.conf
/etc/sysctl.conf
/etc/host.conf
/etc/systemd
/etc/sysctl.d/99-sysctl.conf
/etc/tcsd.conf
/etc/X11/xorg.conf.d/00-keyboard.conf
/etc/sysconfig/nftables.conf
/etc/ld.so.conf
/etc/ld.so.conf.d/kernel-4.18.0-305.3.1.el8_4.x86_64.conf
/etc/nsswitch.conf
/etc/idmapd.conf
/etc/gcrypt/random.conf
/etc/NetworkManager/NetworkManager.conf
/etc/sestatus.conf
/etc/ssh/ssh_config.d/05-redhat.conf
/etc/logrotate.conf
/etc/libaudit.conf
/etc/xattr.conf
/etc/libreport/events.d/collect_dnf.conf
/etc/authselect/user-nsswitch.conf
/etc/fuse.conf
/etc/dbus-1/session.conf
/etc/dbus-1/system.conf
/etc/dbus-1/system.d/nm-dispatcher.conf
/etc/dbus-1/system.d/nm-ifcfg-rh.conf
/etc/dbus-1/system.d/org.freedesktop.NetworkManager.conf
/etc/dbus-1/system.d/org.freedesktop.PolicyKit1.conf
/etc/dbus-1/system.d/teamd.conf
/etc/dbus-1/system.d/com.redhat.tuned.conf
/etc/sasl2/smtpd.conf
/etc/prelink.conf.d/grub2.conf
/etc/rdma/modules/infiniband.conf
/etc/rdma/modules/iwarp.conf
/etc/rdma/modules/opa.conf
/etc/rdma/modules/rdma.conf
/etc/rdma/modules/roce.conf
/etc/rdma/mlx4.conf
/etc/udev/udev.conf
/etc/modprobe.d/mlx4.conf
/etc/modprobe.d/truescale.conf
/etc/modprobe.d/firewalld-sysctls.conf
/etc/modprobe.d/tuned.conf
/etc/openldap/ldap.conf
/etc/libuser.conf
/etc/krb5.conf
/etc/firewalld/firewalld.conf
/etc/tuned/tuned-main.conf
/etc/yum.conf
/etc/vmware-tools/vgauth.conf
/etc/kdump.conf
/etc/audit/auditd.conf
/etc/audit/plugins.d/af_unix.conf
/etc/rsyslog.conf
/etc/sudo-ldap.conf
/etc/sudo.conf
/etc/mke2fs.conf
/etc/man_db.conf
/etc/locale.conf

[root@rocky8 ~]# find /etc  -name "*.conf"
/etc/resolv.conf
/etc/dnf/protected.d/setup.conf
/etc/dnf/protected.d/dnf.conf
/etc/dnf/protected.d/systemd.conf
/etc/dnf/protected.d/yum.conf
/etc/dnf/protected.d/sudo.conf
/etc/dnf/dnf.conf
/etc/dnf/plugins/copr.conf
/etc/dnf/plugins/debuginfo-install.conf
/etc/pki/ca-trust/ca-legacy.conf
/etc/security/pwquality.conf
/etc/security/access.conf
/etc/security/chroot.conf
/etc/security/faillock.conf
/etc/security/group.conf
/etc/security/limits.conf
/etc/security/namespace.conf
/etc/security/pam_env.conf
/etc/security/sepermit.conf
/etc/security/time.conf
/etc/depmod.d/dist.conf
/etc/selinux/semanage.conf
/etc/selinux/targeted/setrans.conf
/etc/plymouth/plymouthd.conf
/etc/dracut.conf
/etc/sysctl.conf
/etc/host.conf
/etc/systemd/coredump.conf
/etc/systemd/journald.conf
/etc/systemd/logind.conf
/etc/systemd/resolved.conf
/etc/systemd/system.conf
/etc/systemd/user.conf
/etc/sysctl.d/99-sysctl.conf
/etc/tcsd.conf
/etc/X11/xorg.conf.d/00-keyboard.conf
/etc/sysconfig/nftables.conf
/etc/ld.so.conf
/etc/ld.so.conf.d/kernel-4.18.0-305.3.1.el8_4.x86_64.conf
/etc/nsswitch.conf
/etc/idmapd.conf
/etc/gcrypt/random.conf
/etc/NetworkManager/NetworkManager.conf
/etc/sestatus.conf
/etc/ssh/ssh_config.d/05-redhat.conf
/etc/logrotate.conf
/etc/libaudit.conf
/etc/xattr.conf
/etc/libreport/events.d/collect_dnf.conf
/etc/authselect/user-nsswitch.conf
/etc/fuse.conf
/etc/dbus-1/session.conf
/etc/dbus-1/system.conf
/etc/dbus-1/system.d/nm-dispatcher.conf
/etc/dbus-1/system.d/nm-ifcfg-rh.conf
/etc/dbus-1/system.d/org.freedesktop.NetworkManager.conf
/etc/dbus-1/system.d/org.freedesktop.PolicyKit1.conf
/etc/dbus-1/system.d/teamd.conf
/etc/dbus-1/system.d/com.redhat.tuned.conf
/etc/sasl2/smtpd.conf
/etc/prelink.conf.d/grub2.conf
/etc/rdma/modules/infiniband.conf
/etc/rdma/modules/iwarp.conf
/etc/rdma/modules/opa.conf
/etc/rdma/modules/rdma.conf
/etc/rdma/modules/roce.conf
/etc/rdma/mlx4.conf
/etc/udev/udev.conf
/etc/modprobe.d/mlx4.conf
/etc/modprobe.d/truescale.conf
/etc/modprobe.d/firewalld-sysctls.conf
/etc/modprobe.d/tuned.conf
/etc/openldap/ldap.conf
/etc/libuser.conf
/etc/krb5.conf
/etc/firewalld/firewalld.conf
/etc/tuned/tuned-main.conf
/etc/yum.conf
/etc/vmware-tools/vgauth.conf
/etc/kdump.conf
/etc/audit/auditd.conf
/etc/audit/plugins.d/af_unix.conf
/etc/rsyslog.conf
/etc/sudo-ldap.conf
/etc/sudo.conf
/etc/mke2fs.conf
/etc/man_db.conf
/etc/locale.conf
/etc/vconsole.conf

#排除/proc和/sys目录
[root@rocky8 ~]# find / \( -path "/sys" -o -path "/proc" \) -a -prune -o -type f -a -mmin -1
/proc
/sys

1.2.9 根据文件大小来查找

-size [+|-]#UNIT
        常用单位:k, M, G,c(byte),注意大小写敏感
#UNIT: (#-1, #]
        如:6k 表示(5k,6k]
-#UNIT:[0,#-1]
        如:-6k 表示[0,5k]
+#UNIT:(#,∞)
        如:+6k 表示(6k,∞)

范例:

[root@rocky8 ~]# find / -size 10G #是9-10G

[root@rocky8 ~]# find / -size -10G #是0-9G

[root@rocky8 ~]# find / -size +10G #是10G以上

1.2.10 根据时间戳

#以“天”为单位
-atime [+|-]#
-mtime
-ctime

#: [#,#+1)
-#: [0,#)
+#: [#+1,∞]

-mtime 10
-mtime -10
-mtime +10

#以“分钟”为单位
-amin
-mmin
-cmin

23.第七章 Linux文件查找(一)
范例:

[root@rocky8 ~]# find / -mtime 10   #是10-11天
[root@rocky8 ~]# find / -mtime -10  #是0-10天
[root@rocky8 ~]# find / -mtime +10  #是11天以上

1.2.11 根据权限查找

-perm [/|-]MODE

MODE: 精确权限匹配
/MODE:任何一类(u,g,o)对象的权限中只要能一位匹配即可,或关系,+ 从CentOS 7开始淘汰
-MODE:每一类对象都必须同时拥有指定权限,与关系
0 表示不关注

说明:

find -perm 755 会匹配权限模式恰好是755的文件

只要当任意人有写权限时,find -perm /222就会匹配

只有当每个人都有写权限时,find -perm -222才会匹配

只有当其它人(other)有写权限时,find -perm -002才会匹配

范例:

find -perm /222   这里的/ 斜线代表 或的关系, u、g、o 三个只要一个人有w权限就可以
find -perm -222   - 代表并且,就是都有的意思,表示u、g、o ,三个都要有w 权限

[root@rocky8 ~]# find /etc -perm -222

[root@rocky8 ~]# find /etc -perm -222  -ls

[root@rocky8 ~]# find /etc -perm -022  -ls
#0表示不关心

[root@rocky8 ~]# find /etc -perm -002
[root@rocky8 ~]# find /etc -perm /002
#上面两个命令执行结果是一样的

1.2.12 处理动作

-print:默认的处理动作,显示至屏幕
-ls:类似于对查找到的文件执行"ls -dils"命令格式输出
-fls file:查找到的所有文件的长格式信息保存至指定文件中,相当于 -ls > file
-delete:删除查找到的文件,慎用!
-ok COMMAND {} \; 对查找到的每个文件执行由COMMAND指定的命令,对于每个文件执行命令之前,都会交互式要求用户确认
-exec COMMAND {} \; 对查找到的每个文件执行由COMMAND指定的命令
{}: 用于引用查找到的文件名称自身

范例:

[root@rocky8 ~]# touch {a..c}.txt
[root@rocky8 ~]# ls *.txt
a.txt  b.txt  c.txt
[root@rocky8 ~]# find -name "*.txt" -delete
[root@rocky8 ~]# ls *.txt
ls: cannot access '*.txt': No such file or directory
#-delete  找到文件直接删除

[root@rocky8 ~]# touch {a..z}.txt
[root@rocky8 ~]# ls *.txt
a.txt  c.txt  e.txt  g.txt  i.txt  k.txt  m.txt  o.txt  q.txt  s.txt  u.txt  w.txt  y.txt
b.txt  d.txt  f.txt  h.txt  j.txt  l.txt  n.txt  p.txt  r.txt  t.txt  v.txt  x.txt  z.txt
[root@rocky8 ~]# find -name "*.txt" -ok mv {} /opt \;
< mv ... ./a.txt > ? y
< mv ... ./b.txt > ? y
< mv ... ./c.txt > ? 
< mv ... ./d.txt > ? 
< mv ... ./e.txt > ? ^C
#-ok    会询问
[root@rocky8 ~]# ls /opt
a.txt  b.txt

[root@rocky8 ~]# find -name "*.txt" -exec mv {} /opt \;
[root@rocky8 ~]# ls /opt
a.txt  c.txt  e.txt  g.txt  i.txt  k.txt  m.txt  o.txt  q.txt  s.txt  u.txt  w.txt  y.txt
b.txt  d.txt  f.txt  h.txt  j.txt  l.txt  n.txt  p.txt  r.txt  t.txt  v.txt  x.txt  z.tx
#-exec  直接处理

[root@rocky8 ~]# find /opt -name "*.txt" -exec rm {} \;
[root@rocky8 ~]# ls /opt
#加rm 会直接删除,很危险,小心使用

范例:

#备份配置文件,添加.orig这个扩展名
[root@rocky8 ~]# find -name ".conf" -exec cp {} {}.orig \;

#提示删除存在时间超过3天以上的jack的临时文件
[root@rocky8 ~]# find /tmp -ctime +3 -user jack -ok rm {} \;

#在主目录中寻找可被其它用户写入的文件
[root@rocky8 ~]# find ~ -perm -002 -exec chmod o-w {} \;

#查找/data下的权限为644,后缀为sh的普通文件,增加执行权限
[root@rocky8 ~]# find /data –type f -perm 644 -name "*.sh" –exec chmod 755 {} \;

1.3 参数替换 xargs

由于很多命令不支持管道|来传递参数,xargs用于产生某个命令的参数,xargs 可以读入 stdin 的数据,并且以空格符或回车符将 stdin 的数据分隔成为参数,另外,许多命令不能接受过多参数,命令执行可能会失败,xargs 可以解决

注意:文件名或者是其他意义的名词内含有空格符的情况

find 经常和 xargs 命令进行组合,形式如下:

find | xargs COMMAND

范例::

[root@rocky8 ~]# echo {a..z}
a b c d e f g h i j k l m n o p q r s t u v w x y z
[root@rocky8 ~]# echo {a..z} |xargs echo
a b c d e f g h i j k l m n o p q r s t u v w x y z
[root@rocky8 ~]# cd /opt;echo {a..z}.txt |xargs touch
[root@rocky8 opt]# ls 
a.txt  c.txt  e.txt  g.txt  i.txt  k.txt  m.txt  o.txt  q.txt  s.txt  u.txt  w.txt  y.txt
b.txt  d.txt  f.txt  h.txt  j.txt  l.txt  n.txt  p.txt  r.txt  t.txt  v.txt  x.txt  z.txt
#xargs  把前一个命令的结果 接收,传给后一个命令当输入

[root@rocky8 opt]# rm -f *
[root@rocky8 opt]# ls
[root@rocky8 opt]# echo {a..z} |xargs -n1 echo
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z
#-n1  一个传一个参数

[root@rocky8 opt]# echo {a..z} |xargs -n2 echo
a b
c d
e f
g h
i j
k l
m n
o p
q r
s t
u v
w x
y z
[root@rocky8 opt]# echo {a..z} |xargs -n3 echo
a b c
d e f
g h i
j k l
m n o
p q r
s t u
v w x
y z

[root@rocky8 opt]# echo user{1..100} | xargs -n1 useradd
#批量创建100个账户

[root@rocky8 opt]# echo user{1..100} | xargs -n 1 userdel -r
#批量删除100个账户

范例:

[root@rocky8 opt]# xargs
1
2
3
1 2 3
[root@rocky8 opt]# xargs echo
1
2
3
1 2 3

#显示10个数字
[root@rocky8 opt]# seq 10 | xargs
1 2 3 4 5 6 7 8 9 10

#删除当前目录下的大量文件
[root@rocky8 opt]# ls | xargs rm

#对文件排序显示
[root@rocky8 opt]# find -name "*.sh" | xargs ls -Sl

#这个命令是错误的
[root@rocky8 opt]# find /sbin/ -perm /700 | ls -l

#查找有特殊权限的文件,并排序
[root@rocky8 opt]# find /bin/ -perm /7000 | xargs ls -Sl
---s--x--x. 1 root root 165632 May 19 11:01 /bin/sudo
-rwsr-xr-x. 1 root root  84368 May 19 11:02 /bin/gpasswd
-rwsr-xr-x. 1 root root  79616 May 19 11:02 /bin/chage
-rwsr-xr-x. 1 root root  63368 Mar 15  2021 /bin/crontab
-rwsr-xr-x. 1 root root  58768 Apr 12 08:29 /bin/at
-rwsr-xr-x. 1 root root  50584 May 19 11:01 /bin/mount
-rwsr-xr-x. 1 root root  50464 May 19 11:01 /bin/su
-rwsr-xr-x. 1 root root  43560 May 19 11:02 /bin/newgrp
-rwsr-xr-x. 1 root root  37720 Apr 12 09:30 /bin/fusermount
-rws--x--x. 1 root root  33944 May 19 11:01 /bin/chfn
-rwsr-xr-x. 1 root root  33776 May 19 11:01 /bin/umount
-rwsr-xr-x. 1 root root  33544 Mar 15  2021 /bin/passwd
-rwsr-xr-x. 1 root root  28976 Jun 11 08:16 /bin/pkexec
-rws--x--x. 1 root root  25552 May 19 11:01 /bin/chsh
-rwxr-sr-x. 1 root tty   21368 May 19 11:01 /bin/write

#此命令和上面有何区别?
[root@rocky8 opt]# find /bin/ -perm -7000 | xargs ls -Sl

#以字符nul分隔
[root@rocky8 ~]# touch "a b.txt"
[root@rocky8 ~]# ls *.txt
'a b.txt'
[root@rocky8 ~]# find -name "*.txt" |xargs rm
rm: cannot remove './a': No such file or directory
rm: cannot remove 'b.txt': No such file or directory
[root@rocky8 ~]# find -name "*.txt" -print0 |xargs -0 rm
[root@rocky8 ~]# ls *.txt
ls: cannot access '*.txt': No such file or directory

#并发执行多个进程
[root@rocky8 opt]# seq 100 | xargs -i -P10 wget -P /data http://172.31.1.8/{}.html

1.4 练习

1、查找/var目录下属主为root,且属组为mail的所有文件
2、查找/var目录下不属于root、lp、gdm的所有文件
3、查找/var目录下最近一周内其内容修改过,同时属主不为root,也不是postfix的文件
4、查找当前系统上没有属主或属组,且最近一个周内曾被访问过的文件
5、查找/etc目录下大于1M且类型为普通文件的所有文件
6、查找/etc目录下所有用户都没有写权限的文件
7、查找/etc目录下至少有一类用户没有执行权限的文件
8、查找/etc/init.d目录下,所有用户都有执行权限,且其它用户有写权限的文件

上一篇:21.第六章 Shell脚本编程基础入门(四)


下一篇:51.第十一章 进程和计划任务(三)