find:search for files in a directory hierarchy
-name:base of file name 根据文件名搜索文件
-type c:c, the type of file,比如,d:directory;s:socket;f:regular file;l:symbolic link
-perm +mode/-mode/mode
mode:SUID:4; SGID:2; SBIT:1; r:4; w;2; x:1
-exec command:execute command;
find /tmp -name '*test*' -exec ls -l {} \;
-exec:额外动作的开始
\; :额外动作的结束 (;--- 转码\;)
真正的额外动作:ls -l {} , find /tmp -name '*test*' 查询的结果放在{}里
mtime(modification time):文件内容修改的时间,比如往文件内写入了新的内容,mtime就会更新
ctime(status time):文件状态修改的时间,比如,修改了文件的权限或属性,ctime就会更新
atime(access time):文件读取的时间,比如,使用cat读取了某个文件,atime就会更新
+n:for greater than n;
-n:for less than n;
n:for exactly n
-atime n:file was last accessed n*24 hours ago.
when find figures out how many 24-hour periods ago the file was last accessed,any fractional part is ignored,so to match -atime +1,a file has to have been accessed at least two days ago.
-group gname:file belongs to group gname 群组名
-gid n:file's numeric group ID is n 群组ID(群组ID保存在/etc/group)
-nogroup:no group corresponds to file's numberic group ID 不属于任何群组,也就是没有群组的
-user uname:file is owned by user uname 所有者名
-uid n:file's numeric user ID is n 所有者ID(所有者ID保存在/etc/passwd)
-nouser:no user corresponds to file's numeric user ID 不属于任何所有者,也就是没有所有者的
cd /etc
find ./ -name passwd
./pam.d/passwd
./default/passwd
./passwd
which passwd
/usr/bin/passwd
whereis passwd
passwd: /usr/bin/passwd /etc/passwd.old /etc/passwd /usr/bin/X11/passwd /usr/share/man/man1/passwd.1.gz /usr/share/man/man1/passwd.1ssl.gz /usr/share/man/man5/passwd.5.gz
find /var -type s
/var/spool/postfix/public/flush
/var/spool/postfix/public/cleanup
ls -l /var/spool/postfix/public/flush
srw-rw-rw- 1 postfix postfix 0 Nov 20 2017 /var/spool/postfix/public/flush
find /var -perm +7000
/var/lock
/var/log/gdm
ls -ld /var/lock; ls -ld /var/log/gdm
drwxrwxr-t 5 root uucp 4096 Mar 27 2014 /var/lock
drwxrwx--T 2 root gdm 4096 Mar 28 2014 /var/log/gdm
+7000: ---s--s--t,所以find /var -perm +7000;只要包含s或t权限就列出
cd /tmp
touch test1;touch test2;touch test3;
chmod 7000 test1;chmod 7755 test2;chmod 6666 test3;
ll test1;ll test2;ll test3;
---S--S--T 1 root root 0 Aug 28 17:06 test1
-rwsr-sr-t 1 root root 0 Aug 28 17:06 test2
-rwSrwSrw- 1 root root 0 Aug 28 17:06 test3
find ./ -perm 7000
./test1
find ./ -perm -7000
./test1
./test2
7000:---S--S--T,所以find ./ -perm 7000,文件权限和---S--S--T完全一致就列出
-7000:---S--S--T,所以find ./ -perm -7000,文件权限至少包含 ---S--S--T就列出
find /tmp -name '*test*'
./test3
./test1
./test2
find /tmp -name '*test*' -exec ls -l {} \;
-rwSrwSrw- 1 root root 0 Aug 28 17:06 /tmp/test3
---S--S--T 1 root root 0 Aug 28 17:06 /tmp/test1
-rwsr-sr-t 1 root root 0 Aug 28 17:06 /tmp/test2
root用户操作
find / -mtime 0
find / -mtime 1 =1(exactly 1) 根目录下1天前的那一天(1-2那一天)修改的文件
find / -mtime +1 >1(greater than 1 ) 根目录下2天前修改的文件
find / -mtime -1 <1(less than 1) 根目录下 1天内修改的文件
find /etc/ -mtime 1
find /etc/ -mtime -1
/etc/acc
/etc/acc/disk/smartInfo
/etc/acc/disk/info
/etc/acc/main.db
/etc/adjtime
ls -ld /etc/acc; ls -ld /etc/adjtime
drwxr-xr-x 4 root root 4096 Aug 28 15:05 /etc/acc
-rw-r--r-- 1 root root 45 Aug 28 00:00 /etc/adjtime
find /etc/ -mtime +1
/etc/mtab
/etc/rpc
/etc/sudoers.new
ls -l /etc/sudoers.new; ls -l /etc/rpc; ls -l /etc/mtab;
-r--r----- 1 root root 5025 Aug 23 20:11 /etc/sudoers.new
-rw-r--r-- 1 root root 1615 May 10 2013 /etc/rpc
-rw-r--r-- 1 root root 387 Nov 20 2017 /etc/mtab
date
Tue Aug 28 15:15:10 CST 2018
find /etc newer /etc/passwd
如果文件日期比/etc/passwd新,则列出
find /home -user myuser
/home/myuser
ls -ld /home/myuser
drwxr-x--- 8 myuser mygroup 4096 Aug 27 17:39 /home/myuser