The find command is a powerful tool for searching files and directories in Unix-like operating systems. It allows users to perform complex search operations based on various criteria such as file name, size, modification date, access permissions, and much more.

Using find can significantly simplify many system administration and file management tasks. For example, you can quickly find all files of a certain type, delete old files, change access permissions for a group of files, or even execute a command for each found file.

Basic search operations

To begin, you need to connect to the server using an SSH terminal. If you are not familiar with the SSH connection process, we recommend reading our detailed instructions at the provided link.

After successfully connecting, you will have access to the server’s command line. It is here that you can use the find command to search for files and folders. This command is extremely flexible and allows you to search based on various criteria.

Searching for files by name

• Searching for files by name:

  Explanation: These commands search for the file report.txt or all files with the .txt extension in the /home/user/documents/ directory.

  find /home/user/documents/ -name "report.txt"
  
  

  find /home/user/documents/ -name "*.txt"
  
  

• Case-insensitive search:

  Explanation: This command searches for the file project.conf in the /home/user/projects/ directory, ignoring letter case.

  find /home/user/projects/ -iname project.conf
  
  

Searching by file size

• Searching by file size:

  Explanation: This command finds all files larger than 10 megabytes in the /home/user/downloads/ directory.

  find /home/user/downloads/ -size +10M
  
  

Searching by access permissions

• Searching by permission mask:

  Explanation: This command finds all files with access permissions 700 (read, write, and execute only for the owner) in the /home/user/scripts/ directory.

  find /home/user/scripts/ -perm 700
  
  

Searching by modification date

• Searching for files created or modified within the last 5 days:

  Explanation: This command finds files created or modified within the last 5 days in the /home/user/documents/ directory.

  find /home/user/documents/ -type f -mtime -5
  
  

• Files created or modified within the last 5 minutes:

  Explanation: This command finds files created or modified within the last 5 minutes in the /home/user/temp/ directory.

  find /home/user/temp/ -type f -mmin -5
  
  

• Find files created or modified more than 30 days ago (searching for outdated files):

  Explanation: This command finds files that haven’t been modified for more than 30 days in the /home/user/archives/ directory.

  find /home/user/archives/ -type f -mtime +30
  
  

• Delete files created or modified more than 30 days ago:

  Explanation: This command deletes files that haven’t been modified for more than 30 days in the /home/user/temp/ directory.

  find /home/user/temp/ -type f -mtime +30 -delete
  
  

• Files last accessed more than 5 days ago:

  Explanation: This command finds files that haven’t been accessed for more than 5 days in the /home/user/logs/ directory.

  find /home/user/logs/ -type f -atime +5
  
  

Searching by file content

• Searching for a string in files:

  Explanation: This command searches for the word TODO (case-insensitive) in all files in the /home/user/projects/ directory.

  find /home/user/projects/ -type f -exec grep -i -H "TODO" {} \;
  
  

• Find all PHP files containing the string STRING:

  Explanation: This command searches for the word STRING in all PHP files in the /var/www/html/ directory.

  find /var/www/html/ -type f -name "*.php" -exec grep -i -H "STRING" {} \;
  
  

• You can also use the grep command with the -R option to search for files by content:

  Explanation: This command recursively searches for STRING in all files in the /home/user/documents/ directory.

  grep "STRING" -R /home/user/documents/
  
  

Replacing text in files

• Replacing text in files:

  Explanation: This command replaces all occurrences of old_server with new_server in all .conf files in the /home/user/configs/ directory.

  find /home/user/configs/ -type f -name "*.conf" -exec sed -i 's/old_server/new_server/g' {} \;
  
  

Changing access permissions

• Mass change of access permissions, setting permissions 644 on all files in the current directory and all subdirectories:

  Explanation: This command sets access permissions 644 on all files in the /home/user/public_html/ directory and its subdirectories.

  find /home/user/public_html/ -type f -exec chmod 644 {} \;
  
  

• Setting access permissions 755 on all folders in the current directory and all subdirectories:

  Explanation: This command sets access permissions 755 on all directories in /home/user/public_html/ and its subdirectories.

  find /home/user/public_html/ -type d -exec chmod 755 {} \;
  
  

Complex search operations

• Search for all HTML files containing the code: 0; URL = http and set all their permissions to 000 (useful for finding malicious code):

  Explanation: This command searches for HTML files that contain potentially malicious redirect code and changes their access permissions to 000.

  find /var/www/html/ -type f -name "*.html" -exec grep -i -H "0;URL=http" {} \; -exec chmod -R 000 {} \;
  
  

• Search for all PHP files in the specified wp-content/uploads directory up to 3 levels deep for all users of all sites on the server and set all their permissions to 000:

  Explanation: This command finds all PHP files in WordPress upload directories and changes their access permissions to 000, which can be useful for security.

  find /var/www/*/wp-content/uploads/*/*/*.php -exec chmod -R 000 {} \;