Finding Anything


One of the most useful commands in your arsenal is the find command. This powerhouse doesn't get the credit it deserves. Generally speaking, find is used to list files and redirect (or pipe) that output to do some simple reporting or backups. There it ends. If anything, this should only be the beginning. As versatile as find is, you should take some time to get to know it. Let me give you a whirlwind tour of this awesome command. Let's start with the basics:

find starting_dir [options] 


One of those options is -print, which only makes sense if you want to see any kind of output from this command. You could easily get a listing of every file on the system by starting at the top and recursively listing the disk.

find / -print 


Although that might be interesting and you might want to redirect that to a file for future reference, it is only so useful. It makes more sense to search for something. For instance, look for all the JPEG-type image files sitting on your disk. Because you know that these images end in a .jpg extension, you can use that to search.

find / -name "*.jpg" -print 


Depending on the power of your system, this can take a while and you are likely to get a lot of Permission Denied messages (particularly as you traverse a directory called /proc). If you are running this as a user other than root, you likely get a substantial number of Permission Denied messages. At this point, the usefulness of find should start to become apparent because a lot of images stashed away in various parts of the disk can certainly add up as far as disk space is concerned. Try it with an .avi or .mpg extension to look for video clips (which can be very large).

If you are trying to locate old files or particularly large files, try the following example. Look for anything that has not been modified (this is the -mtime parameter) or accessed (the -atime parameter) in the last 12 months. The -o flag is the OR in this equation.

$ find /data1/Marcel -size +1024 \ \( -mtime +365 -o -atime +365 \) -ls 


A few techniques introduced here are worth noting. The backslashes in front of the round brackets are escape characters; they are there to make sure the shell does not interpret them in ways you do not want it toin this case, the open and close parentheses on the second line. The first line also has a backslash at the end. This is to indicate a line break, as the whole command does not fit neatly on one line of this page. If you typed it exactly as shown without any backslashes, it would not work; however, the backslashes in the second line are essential. The preceding command also searches for files that are greater than 500KB in size. That is what the -size +1024 means because 1024 refers to 512-byte blocks. The -ls at the end of the command tells the system to do a long listing of any files it finds that fit my search criteria.

Earlier in this chapter, you learned about setuid and setgid files. Keeping an eye on where these files are and determining if they belong there are important aspects of maintaining security on your system. Here's a command that examines the permissions on your files (the perm option) and reports back what it finds.

find / -type f \( -perm -4000 -o -perm -2000 \) -ls 


You may want to redirect this output to a file that you can later peruse and decide on what course of action to take. Now let's look at another find example to help you uncover what types of files you are looking at. Your Linux system has another command called file that can deliver useful information on files and what they are, whether they are executables, text files, or movie clips. Here's a sample of some of the files in my home directory as reported by file:

[View full width]

$ file $HOME/* code.layout: ASCII text cron.txt: data dainbox: International language text dainbox.gz: gzip compressed data, deflated, original filename, last modified: Sat Oct 7 13 :21:14 2000, os: Unix definition.htm: HTML document text gatekeeper.1: troff or preprocessor input text gatekeeper.man: English text gatekeeper.pl: perl commands text hilarious.mpg: MPEG video stream data


The next step is to modify the find command by adding a -exec clause so that I can get the file command's output on what find locates.

$ find /data1/Marcel -size +1024  \ \( -mtime +365 -o -atime +365 \) -ls -exec file {} \; 


The open and close braces that follow -exec file mean that the list of files generated should be passed to whatever command follows the -exec option (in other words, the command you will be executing). The backslash followed by a semicolon at the end is required for the command to be valid. As you can see, find is extremely powerful. Learning to harness that power can make your administrative life much easier. You'll encounter find again at various times in this book.

Using grep

grep: Global regular expression parser.

That definition of the acronym is one of many. Don't be surprised if you hear it called the gobble research exercise program instead. Basically, grep's purpose in life is to make it easy for you to find strings in text files. This is its basic format:

grep pattern file(s) 


As an example, let's say you want to find out if you have a user named natika in your /etc/passwd file. The trouble is that you have 500 lines in the file.

$ grep natika /etc/passwd natika:x:504:504:Natika the Cat:/home/natika:/bin/bash 


Sometimes you just want to know if a particular chunk of text exists in a file, but you don't know which file specifically. Using the -l option with grep enables you to list filenames only, rather than lines (grep's default behavior). In the next example, I am going to look for natika's name in my email folders. Because I don't know whether natika is capitalized in the mail folders, I'll introduce another useful flag to grep: the -i flag. It tells the command to ignore case.

$ grep -i -l natika * Baroque music Linux Stuff Personal stuff Silliness sent-mail 


As you can see, the lines with the word (or name) natika are not displayedonly the files. Here's another great use for grep. Every once in a while, you want to scan for a process. The reason might be to locate a misbehaving terminal or to find out what a specific login is doing. Because grep can filter out patterns in your files or your output, it is a useful tool. Rather than trying to scan through 400 lines on your screen for one command, let grep narrow the search for you. When grep finds the target text, it displays that line on your screen.

$ ps ax | grep getty 4779 tty1     Ss+    0:00 /sbin/getty 38400 tty1 4780 tty2     Ss+    0:00 /sbin/getty 38400 tty2 4781 tty3     Ss+    0:00 /sbin/getty 38400 tty3 4782 tty4     Ss+    0:00 /sbin/getty 38400 tty4 4783 tty5     Ss+    0:00 /sbin/getty 38400 tty5 4784 tty6     Ss+    0:00 /sbin/getty 38400 tty6 3083 pts/9    S+     0:00 grep getty 


Here, the ps ax command lists the processes, and then the | pipes the output to the grep command. Notice the last line that shows the grep command itself in the process list. You use that line as the launch point to one last example with grep. If you want to scan for strings other than the one specified, use the v option. Using this option, it's a breeze to list all processes currently running on the system but ignore any that have a reference to root.

ps ax | grep v root 


And speaking of processes . . .




Moving to Ubuntu Linux
Moving to Ubuntu Linux
ISBN: 032142722X
EAN: 2147483647
Year: 2004
Pages: 201

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net