Moving to Linux: Kiss the Blue Screen of Death Goodbye!

One of the most useful commands in your arsenal is the find command. This powerhouse doesn't get anywhere near the credit it deserves. Generally speaking, find is used to list files and redirect (or pipe) that output to do some simple reporting or backups. There it ends. If anything, this should only be the beginning. As versatile as find is, you should take some time to get to know it. Let me give you a whirlwind tour of this awesome command. Let's start with the basics:

find starting_dir [options]

One of those options is -print, which only makes sense if you want to see any kind of output from this command. You could easily get a listing of every file on the system by starting at the top and recursively listing the disk:

find / -print

While that might be interesting and you might want to redirect that to a file for future reference, it is only so useful. It makes more sense to search for something. For instance, look for all the JPEG-type image files sitting on your disk. Because you know that these images end in a .jpg extension, you can use that to search:

find / -name "*.jpg" -print

Depending on the power of your system, this can take a while and you are likely to get a lot of "Permission denied" messages (particularly as you traverse a directory called /proc). If you are running this as a user other than root, you will likely get a substantial number of "Permission denied" messages. At this point, the usefulness of find should start to become apparent, because a lot of images stashed away in various parts of the disk can certainly add up as far as disk space is concerned. Try it with an .avi or .mpg extension to look for video clips (which can be very large).

If what you are trying to do is locate old files or particularly large files, then try the following example. Look for anything that has not been modified (this is the -mtime parameter) or accessed (the -atime parameter) in the last 12 months. The -o flag is the "or" in this equation:

# find /data1/Marcel -size +1024 \ \( -mtime +365 -o -atime +365 \) -ls

A few techniques introduced here are worth noting. The backslashes in front of the round brackets are escape characters, there to make sure the shell does not interpret them in ways you do not want it to in this case, the open and close parentheses on the second line. The first line also has a backslash at the end. This is to indicate a line break, because the whole command will not fit neatly on one line of this page. Were you to type it exactly as shown, without any backslashes, it would not work; however, the backslashes in the second line are essential. The preceding command also searches for files that are greater than 500 KB in size. That is what the -size +1024 means, because 1024 refers to 512-byte blocks. The -ls at the end of the command tells the system to do a long listing of any files it finds that fit my search criteria.

Earlier in this chapter, you learned about setuid and setgid files. Keeping an eye on where these files are and determining if they belong there are important aspects of maintaining security on your system. Here's a command that will examine the permissions on your files (the perm option) and report back on what it finds:

find / -type f \( -perm -4000 -o -perm -2000 \) -ls

You may want to redirect this output to a file that you can later peruse and decide on what course of action to take.

Now let's look at another find example to help you uncover what types of files you are looking at. Your Linux system has another command, called file, that can deliver useful information on files and what they are, whether they are executables, text files, or movie clips. Here's a sample of some of the files in my home directory as reported by file:

$ file $HOME/* code.layout: ASCII text cron.txt: data dainbox: International language text dainbox.gz: gzip compressed data, deflated, original filename, last modified: Sat Oct 7 13:21:14 2000, os: Unix definition.htm: HTML document text gatekeeper.1: troff or preprocessor input text gatekeeper.man: English text gatekeeper.pl: perl commands text hilarious.mpg: MPEG video stream data

The next step is to modify the find command by adding a -exec clause so that I can get the file command's output on what find locates:

# find /data1/Marcel -size +1024 \ \( -mtime +365 -o -atime +365 \) -ls -exec file {} \;

The open and close braces that follow -exec file mean that the list of files generated should be passed to whatever command follows the -exec option (in other words, the command you will be executing). The backslash followed by a semicolon at the end is required for the command to be valid.

As you can see, find is extremely powerful. Learning to harness that power can make your administrative life much easier. You'll encounter find again as you work more and more with the shell.

Категории