An intro to finding things in Linux
Let's take a look at these commands:
locate
whereis
which
find
The locate
command
This command will go through your entire filesystem and locate every occurrence of that keyword, so you can image that the results can be overwhelming.
locate keyword
locate
uses a database that is usually updated once a day, so if you're searching for something that was created recently, it might not return in your search. You can use the
updatedb
command to manually update the locate
command's database.
locate aircrack-ng
The whereis
command
In Linux, executable files are called binaries, if you want to locate a binary, whereis
is more efficient than locate
.
whereis binary
This command will return the binaries location, its source and the man page if available
whereis aircrack-ng
The which
command
The PATH
variable in Linux holds the directories in which the operating system looks for the commands you execute in the command line.
which binary
The which command locates an a binary in your PATH
. If it doesn’t find the binary in the current PATH
, it returns nothing.
which aircrack-ng
These directories typically include /usr/bin
but may include /usr/sbin
and a few others.
The find
command
The most powerful searching command is the find
command. You can use it to search in any designated directory and use a variety of parameters.
The basic syntax is:
find directory options expression
Let's say I have a file named test.txt
and I need to find it but am not sure what exact directory it's in. I can execute the following to search starting from the top of the file system /
find / -type f -name test.txt
/
means from the top of the file system-type
is what you are looking for,f
means file,b
means block special device file,c
character special device file,d
directory,l
symbolic link.-name
is the name you are looking for, results will match exactly.
A search that looks in every directory, starting from the top, can take a while. We can speed things up by providing a directory, let's say I know this file is in the home directory.
time find /home -type f -name test.txt
I used the time
command here so we can see how long each command took.
The find
command only displays exact name matches. If file.txt
had a different extension, it would not have been returned. I've created another file test.conf
and now if I search with find
only using test.txt
as the name, I no longer get the test.conf
file returned.
We can work around this limitation by using wildcards
. They let us match multiple characters and come in a few different forms:
Let's say we have a directory with files cat, hat, what, and bat
*
matches multiple characters*at
would match: cat, hat, what, and bat.?
matches a single character?at
would match cat, hat, bat but not what.[]
matches character that appear inside the square brackets[c,b]
would match cat and bat
find /home -type f -name test.*
find
supports plenty of tests and even operators, let's say we wanted to find all the files with permissions that are not 0600 and the directories that are not 0700.
find ~ \( -type f -not -perm 0600 \) -or \( -type d -not perm 0700 \)
this command says: find all files where permissions are not 0600 or all directories where permissions are not 0700.
find ~
look in the~
directory (home).\( -type f -not -perm 0600)
The slash is escaping the parenthesis, we use parenthesis here to group tests and operators together to form a larger expression. By default,find
evaluates from left to right. The-not
tells us this test is a match if the result is false.-not
can be abbreviated with an!
so this part could be\( -type f ! -perm 0600)
as well-or
This is telling us that if either test is true, it's a match. Can be abbreviated to-o
\( -type d -not perm 0700 \)
another test, very similar to the first one, except the type here is directory.
find
is a powerful command with many tests, make sure to look into it more.
and that's it for this intro to finding stuff in Linux :)