The find command is one of the most powerful and versatile tools in Linux for searching files and directories. Available by default in all Linux distributions, find allows you to search for files based on various criteria including name, size, permissions, ownership, modification time, and more. Beyond simple searching, find can execute commands on the results, making it invaluable for system administration tasks like cleanup, backups, and batch operations.
📑 Table of Contents
- Introduction to Find Command
- Basic Find Command Syntax
- Finding Files by Name
- Search by Exact Name
- Case-Insensitive Name Search
- Finding Files with Specific Extension
- Finding Files with Multiple Extensions
- Finding Files by Type
- Finding Files by Size
- Finding and Removing Zero Size Files
- Remove Empty Files in Current Directory
- Remove Empty Files in Specific Directory
- List Before Deleting (Safer)
- Finding Files by Time
- Modified Time
- Accessed Time
- Changed Time (Metadata)
- Finding Files by Permissions
- Finding Files by Ownership
- Executing Commands on Found Files
- Using -exec
- Using -exec with Confirmation
- Using xargs (More Efficient)
- Advanced Find Examples
- Combining Multiple Criteria (AND)
- Using OR Conditions
- Using NOT (Negation)
- Limiting Search Depth
- Practical Find Use Cases
- Disk Cleanup
- Security Auditing
- Backup Operations
- Log Management
- Common Find Command Options
- Frequently Asked Questions
- What is the difference between find . and find / ?
- How do I suppress permission denied errors when using find?
- What is the difference between -exec and -delete?
- How can I find files modified within the last hour?
- Why does find . -name “*.txt” not work without quotes?
- How do I find and delete files safely to avoid accidents?
- Can find follow symbolic links?
- How do I find files between certain sizes?
- What is the difference between -exec rm {} \; and -exec rm {} +?
- How can I exclude certain directories from find results?
- Conclusion
Introduction to Find Command
The find command traverses directory hierarchies to locate files and directories matching specified criteria. Unlike simple search tools, find provides fine-grained control over search parameters and can perform actions on matched files. Whether you’re searching for configuration files, cleaning up disk space, or managing file permissions across large directory trees, find is an essential tool in every Linux administrator’s toolkit.
Basic Find Command Syntax
find [path] [options] [expression] [action]- path: Starting directory for the search (e.g., /etc, /home, . for current directory)
- options: Modify find behavior (e.g., -maxdepth, -mindepth)
- expression: Search criteria (e.g., -name, -size, -type)
- action: What to do with matched files (e.g., -print, -delete, -exec)
Finding Files by Name
Search by Exact Name
# Find file named test.txt in current directory and subdirectories
find . -name "test.txt"
# Find in specific directory
find /home/user -name "test.txt"Case-Insensitive Name Search
# Find files regardless of case
find . -iname "test.txt"
# Matches: test.txt, Test.txt, TEST.TXT, etc.Finding Files with Specific Extension
# Find all .conf files in /etc directory
find /etc/ -type f -name "*.conf"
# Find all .log files
find /var/log -type f -name "*.log"
# Find all .pdf documents in home directory
find ~ -type f -name "*.pdf"Finding Files with Multiple Extensions
# Find .jpg or .png files
find . -type f \( -name "*.jpg" -o -name "*.png" \)Finding Files by Type
# Find only directories
find /home -type d -name "Documents"
# Find only regular files
find /var -type f
# Find symbolic links
find /etc -type l
# Find sockets
find /var -type sFinding Files by Size
# Find files larger than 100MB
find /home -type f -size +100M
# Find files smaller than 10KB
find /tmp -type f -size -10k
# Find files exactly 1GB
find . -type f -size 1G
# Find zero-byte (empty) files
find . -type f -size 0Size units: c (bytes), k (kilobytes), M (megabytes), G (gigabytes)
Finding and Removing Zero Size Files
Zero-byte files often accumulate from failed processes or incomplete downloads. Find can locate and remove them:
Remove Empty Files in Current Directory
# Find and remove zero byte files in current directory
find . -size 0 -exec rm {} \;
# Alternative using -delete (faster)
find . -size 0 -deleteRemove Empty Files in Specific Directory
# Remove zero byte files in /tmp directory
find /tmp -size 0 -exec rm {} \;
# Remove empty files in /var/log
find /var/log -type f -size 0 -deleteList Before Deleting (Safer)
# First, list zero-byte files to review
find . -type f -size 0 -ls
# Then delete if confirmed
find . -type f -size 0 -deleteFinding Files by Time
Modified Time
# Find files modified in last 7 days
find /home -type f -mtime -7
# Find files modified more than 30 days ago
find /var/log -type f -mtime +30
# Find files modified exactly 10 days ago
find . -type f -mtime 10Accessed Time
# Find files accessed in last 24 hours
find /tmp -type f -atime -1
# Find files not accessed in 90 days
find /home -type f -atime +90Changed Time (Metadata)
# Find files whose metadata changed in last hour
find /etc -type f -cmin -60Finding Files by Permissions
# Find files with exact permission 644
find /home -type f -perm 644
# Find files with at least 644 permissions
find . -type f -perm -644
# Find files writable by others (security risk)
find /var/www -type f -perm /002
# Find setuid files (security audit)
find / -type f -perm -4000 2>/dev/nullFinding Files by Ownership
# Find files owned by specific user
find /home -user apache
# Find files owned by specific group
find /var -group www-data
# Find files not owned by any user (orphaned)
find / -nouser 2>/dev/nullExecuting Commands on Found Files
Using -exec
# Change permissions on all .sh files
find . -type f -name "*.sh" -exec chmod +x {} \;
# Copy all .conf files to backup directory
find /etc -name "*.conf" -exec cp {} /backup/ \;
# Display detailed info for large files
find /var -type f -size +100M -exec ls -lh {} \;Using -exec with Confirmation
# Ask before deleting each file
find /tmp -type f -name "*.tmp" -ok rm {} \;Using xargs (More Efficient)
# Delete old log files (faster than -exec)
find /var/log -type f -name "*.log" -mtime +30 | xargs rm
# Compress old files
find /backup -type f -mtime +90 | xargs gzipAdvanced Find Examples
Combining Multiple Criteria (AND)
# Find .log files larger than 10MB modified in last 7 days
find /var/log -type f -name "*.log" -size +10M -mtime -7Using OR Conditions
# Find .jpg or .png files
find . -type f \( -name "*.jpg" -o -name "*.png" \)
# Find files owned by user1 or user2
find /home -type f \( -user user1 -o -user user2 \)Using NOT (Negation)
# Find files NOT named .git
find . -type d ! -name ".git"
# Find files NOT owned by root
find /home -type f ! -user rootLimiting Search Depth
# Search only current directory (no subdirectories)
find . -maxdepth 1 -name "*.txt"
# Search at least 2 levels deep
find /var -mindepth 2 -maxdepth 4 -name "*.conf"Practical Find Use Cases
Disk Cleanup
# Find and remove files older than 90 days in /tmp
find /tmp -type f -mtime +90 -delete
# Find largest files for cleanup review
find /home -type f -size +500M -exec ls -lh {} \; | sort -k5 -hr
# Remove old backup files
find /backup -type f -name "*.tar.gz" -mtime +180 -deleteSecurity Auditing
# Find world-writable files (security risk)
find / -type f -perm -002 2>/dev/null
# Find setuid/setgid files
find / \( -perm -4000 -o -perm -2000 \) -type f 2>/dev/null
# Find files without owner
find / -nouser -o -nogroup 2>/dev/nullBackup Operations
# Find and archive modified files
find /home -type f -mtime -1 -exec tar -rvf /backup/daily.tar {} \;
# Create list of files for backup
find /var/www -type f -newer /backup/last-backup.timestamp > /backup/filelist.txtLog Management
# Compress old log files
find /var/log -type f -name "*.log" -mtime +7 -exec gzip {} \;
# Remove compressed logs older than 30 days
find /var/log -type f -name "*.gz" -mtime +30 -deleteCommon Find Command Options
| Option | Description |
|---|---|
| -name | Search by filename (case-sensitive) |
| -iname | Search by filename (case-insensitive) |
| -type | Search by type (f=file, d=directory, l=link) |
| -size | Search by file size |
| -mtime | Search by modification time (days) |
| -atime | Search by access time (days) |
| -perm | Search by permissions |
| -user | Search by owner |
| -group | Search by group |
| -exec | Execute command on results |
| -delete | Delete matched files |
Frequently Asked Questions
What is the difference between find . and find / ?
The dot (.) means current directory, so “find .” searches from your current location downward through subdirectories. The slash (/) means root directory, so “find /” searches the entire filesystem from the top level. Use “find .” for localized searches and “find /” when you need system-wide results. Searching from / requires more time and often needs sudo for accessing restricted directories.
How do I suppress permission denied errors when using find?
Redirect error messages to /dev/null using “2>/dev/null”. For example: “find / -name “*.conf” 2>/dev/null”. This suppresses “Permission denied” messages for directories you can’t access. Alternatively, run find with sudo to access all directories, but be cautious when using -delete or -exec with elevated privileges.
What is the difference between -exec and -delete?
The -delete option is a faster, built-in way to remove files that find locates. The -exec option is more versatile, allowing any command to run on matched files. Use -delete for simple removal tasks; use -exec for complex operations like copying, moving, or running scripts. Note that -delete is safer when combined with -type f to avoid accidentally deleting directories.
How can I find files modified within the last hour?
Use -mmin for minute-based searches: “find /var/log -type f -mmin -60” finds files modified in the last 60 minutes. The -mtime option works in days, so -mmin is better for recent changes. You can also use -cmin for metadata changes and -amin for access time in minutes.
Why does find . -name “*.txt” not work without quotes?
Without quotes, the shell expands *.txt to matching files in the current directory before passing it to find, which breaks the search. With quotes, “*.txt” is passed literally to find, which then uses it as a pattern for all subdirectories. Always quote patterns containing wildcards (*) when using find.
How do I find and delete files safely to avoid accidents?
Always test your find command first with -ls or -print to review what will be affected: “find /tmp -name “*.tmp” -ls”. Once confirmed, use -delete or -exec rm. For extra safety, use -ok instead of -exec to prompt for confirmation before each deletion. Never run “find / -delete” without specific criteria, as it could delete your entire filesystem.
Can find follow symbolic links?
By default, find does not follow symbolic links. Use the -L option to follow links: “find -L /var -name “*.log””. This makes find treat symlinks as the files/directories they point to. Be cautious, as this can create infinite loops if links create circular references.
How do I find files between certain sizes?
Combine two -size conditions: “find /home -type f -size +10M -size -100M” finds files larger than 10MB but smaller than 100MB. The + means greater than, – means less than. You can use this approach to find files in any size range.
What is the difference between -exec rm {} \; and -exec rm {} +?
The \; syntax runs the command once per file (slower but safer). The + syntax passes multiple files to a single command invocation (faster but less control). Example: “find . -name “*.tmp” -exec rm {} +” is more efficient for bulk deletions. Use \; when you need to process files individually or when the command doesn’t accept multiple arguments.
How can I exclude certain directories from find results?
Use -prune to exclude directories: “find /home -path /home/user/.cache -prune -o -name “*.txt” -print”. This excludes .cache directory from the search. You can exclude multiple directories: “find / \( -path /proc -o -path /sys \) -prune -o -type f -print”. This technique improves performance when searching large filesystems.
Conclusion
The find command is an indispensable tool for Linux system administration, offering powerful file search and manipulation capabilities. From simple filename searches to complex operations involving multiple criteria and batch actions, find provides the flexibility needed for efficient file management. By mastering find’s options and combining them creatively, you can automate routine tasks, maintain system cleanliness, perform security audits, and manage large file hierarchies effectively.
Whether you’re cleaning up disk space, auditing file permissions, backing up specific files, or managing log rotation, find is the go-to tool that every Linux administrator should master. Practice with safe operations first, always test before executing destructive commands, and you’ll soon find yourself using find for countless daily tasks.
Was this article helpful?
