When it comes to Linux system troubleshooting, find is my best friend

The way to discover what you are looking for can be deeper than you thought, or it may be right around the corner. It all depends on how you look, where you look, and what you are looking for. When you are troubleshooting problems that arise, it can be easier than it seems. One of my favorite tools is the find command. The find command is a utility to walk through a directory tree, descending into directories with each path listed, and evaluating expressions added for each file listed. With this command, you can accomplish quite a lot. In this article, I cover different ways, as well as one-liners, to help you to find large files, to find multiple files, and even to locate specific file types.

Find multiple files in Linux

The find command is used in various ways. One thing you don't want to do as a system administrator is work harder than you need to. Instead of running the same command to search for one file over and over, you can use the find command to locate multiple files at the same time.

$ find /home -type f -name file.txt -exec {} \;

This one-liner can be broken down. I find it best almost to read it as a sentence:

• searching the /home directory
• searching for a file (-type f) or a directory (-type d)
• filename is file.txt (-name file.txt)
• executing another command from the previous output

Find large files in Linux

You can also use find to discover large files in Linux. Finding large files has proven helpful to me in the long run. find can help to locate large files quickly, such as backups and ISO files.

$ find / -type f -size +500000k -exec ls -lh {} \;

This one-liner can be broken down:

• searching the / directory
• searching for a file (type -f)
• searching for a file larger than 500000k
• executing the command ls -lh on the files found in the previous output

Find specific file types in Linux

Another good method is to locate file extensions using the find command. I find this helpful, as it has shown me ways of finding specific files with only a specific keyword. In this case, the example below is looking for files that only contain a specific extension:

# find / -type f \( -name "*.sh" -o -name "*.txt" )

To dissect this:

• searching in the / directory
• searching for a file (-type f) or a directory (-type d)
• searching for a file name that is a wildcard but ends with the extension .sh or .txt

I have even looked for content within a file that matches a specific keyword. These commands can be tweaked and modified to achieve the desired result.

Find modified files in Linux

The last example shows how to find a file modified in the last 50 days. This can be helpful when you need to locate recently modified files due to a security reason or if there are unwanted users on the network accessing other files.

# find / -type f -ctime +50 -exec rm -f {} \;

The command above shows:

• searching in the / directory
• searching for a file (-type f) or a directory (-type d)
• searching for files older than 50 days
• executing the command rm -f on the files found in the previous output

This can help remove those malicious files all in one go. You just have to make sure that the files you select are the files you want to remove. One way to check is to run the command without the exec section to see the files that come up in the output. If there are a large number of files, redirect the output into a file:

# find / -type f -ctime +50 > files.txt

The content can be reviewed and verified before you run a one-liner that removes the /etc folder. Not ideal.

Wrapping up

The find command has a variety of uses and availability where administrators can find the content they need (no pun intended). With this command, the possibilities are literally endless! When it comes to troubleshooting, having that flexibility in searching and investigating allows you to look for things that you may not have noticed before. As a result, you might just find the answer you were looking for (pun intended).

[ Free online course: Red Hat Enterprise Linux technical overview. ]