The tutorial you're about to read has been marked as one of our older tutorials. While it may still prove useful to you, we recommend visiting our more recent desktop tutorials section.

Linux Search Utilities

If you're like most computer users, you probably misplace things on your hard drive from time to time, and have to search for them when you need them. Or, you may have to perform searches for other reasons. You may need to see where the operating system has stored certain files, or you may need to search for files that have certain permissions settings. And, if you're used to running that off-brand operating system from the great Northwest, you probably know that its search utility isn't very flexible. (But, it's not all bad. You'll at least have a cute animated pooch to entertain you while your search is in progress.)

Linux comes with several built-in search utilities that all serve different purposes. You won't have that cute little search-pooch to watch, but you will have the flexibility to perform searches in just about any way that you need to. It may take a bit of getting used to, since they're all command-line tools, but none are really all that difficult.

which

First, let's say that you need to know where the executable file for a certain command is. Just enter “which”, followed by the name of the command. For example, you need to see where the “ls” executable is. Enter:

which ls

Normally, the output will just be the path to that command's executable file. Some Linux distros, however, come with built-in aliases for certain commands. In that case the output for the above command would be:

alias ls='ls --color=tty'

/bin/ls

If you only want to see the path for the binary file itself, and not the alias, then use the “--skip-alias” option.

which --skip-alias ls

There is a slight catch to using "which". It's just that it works by reading the path variable for the environment of the user who is currently logged in. So, if you're logged in with your normal user account, "which" won't show you any program files that require root privileges. To see them, you'll either need to precede the "which" command with "sudo", and enter the root password, or "su" to the root account.

There are a few other "which" options that we haven't covered. Enter "man which" for more info.

whereis

The "which" utility only searches for executable binary files, but "whereis" will search for the binary, source, and man page files for any given command. Unlike "which", "whereis" will allow you to use your normal user account to find files that require root privileges.

Using "whereis" is just as easy as using "which". Just enter the command, followed by whatever command you want information for. So, if you want to find the "fsck" files, enter:

whereis fsck

Your output will be:

fsck: /sbin/fsck /sbin/fsck.ext3 /sbin/fsck.cramfs /sbin/fsck.vfat /sbin/fsck.msdos /sbin/fsck.ext2 /usr/share/man/man8/fsck.8.gz

The "-b", "-m", and "-s" option switches allow you to find only the binary, man pages, or the source files, respectively.

There are also several other options. Just enter "man whereis" for the details.

locate

The utilities that we've looked at so far will only find files that are associated with a particular command. The "locate" utility is more of a general purpose search tool.

On most modern distros of Linux, "locate" is a symbolic link to "slocate". "slocate" is a security enhancement that prevents users from finding files that they don't have permission to access. Instead of searching through the whole filesystem for a particular file, "locate" works by searching through a database of all files that are stored on the filesystem. You'd set up the database ahead of time by running the "updatedb" command. You'd also want to set up a cron job that will run updatedb on a periodic basis. In between runs of updatedb, you may not be able to "locate" recently added files, and files that have been recently deleted may still show up.

Instead of searching for whole words, "locate" will search for any text string that contains what you tell it to look for. So, if you enter,

locate fs

you'll get a whole screen full of output, with all kinds of different files whose names contain the string, "fs".

find

"find" is the Cool Mac-Daddy of all Linux search utilities. It's a general purpose tool, that's much more flexible than "locate". It's not terribly difficult to use, but there are a lot of options. You'll just need a bit of practice to get the hang of it.

To use it, you'll need to enter "find", followed by the path that you wish to search through, an option switch, and finally, the string or expression on which you want to perform the search. (You'll also need to enclose the string or expression within single quotes.) So, if you want to perform a case-sensitive search through the entire filesystem for all files whose names begin with "rpc", you'd enter:

find / -name 'rpc*'

With "find", you can also search on other criteria than just filenames. If you want to search for all files with permissions settings of 666, for example, you'd use the "-perm" switch.

find / -perm 666

Or, if you need to find all files in a certain directory that have been modified within the last two days, you could enter something like:

find /var/www/ -ctime 2

With these examples, we've only scratched the surface with what you can do with "find". For more information, enter "man find" at the command-line. (Or, if you want to learn some really fancy tricks, try our Advanced Command-line course.)

Official Nagios Training

Preview Our Live Nagios Class

Contact Us

BeginLinux.com
(407)-620-4092
mike at beginlinux.com