In this tutorial, you will understand the basic file management tools in Linux and how to effectively use tool like “find” in Linux
File management in Linux is very important. Everything in Linux is a file and the ability to be able to manage files is a very important skill for an administrator.
Basic file management involves using some important utilities to perform basic activities on files. We will look at using some of these utilities with examples as we continue in this subject matter.
There are a lot of Linux file management commands but we will look at the basic and important ones such as more, less, head, tail, grep, find, locate, whereis, which, and regular expressions.
Using more and less Utilities In Linux
more, just as cat is used to view a file, but the “more” command views file one at a time with ease. With the use of a space bar, files can easily be displayed one at a time.
The “less” command is also used to view a file one at a time.
To view one of the log files, “var/log/messages” on the system with more, use the command
[root@HQEBPRD ~]# more /var/log/messages
Apr 13 13:49:16 HQEBPRD rsyslogd[1650]: [origin software="rsyslogd" swVersion="8.37.0-13.el8" x-pid="1650" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
Apr 13 14:01:34 HQEBPRD NetworkManager[9507]: <info> [1586782894.3812] dhcp4 (ens33): state changed bound -> bound
Apr 13 14:01:34 HQEBPRD dbus-daemon[1000]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-o
.....................................
Tap the space bar key to keep scrolling down.
To view the “/var/log messages” log file with the “less” command, do
[root@HQEBPRD ~]# less /var/log/messages
Apr 13 13:49:16 HQEBPRD rsyslogd[1650]: [origin software="rsyslogd" swVersion="8.37.0-13.el8" x-pid="1650" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
Apr 13 14:01:34 HQEBPRD NetworkManager[9507]: <info> [1586782894.3812] dhcp4 (ens33): state changed bound -> bound
Apr 13 14:01:34 HQEBPRD dbus-daemon[1000]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service' requested by ':1.385' (uid=0 pid=9507 comm="/usr/sbin/NetworkManager --no-daemon " label="system_u:system_r:NetworkManager_t:s0")
Apr 13 14:01:34 HQEBPRD systemd[1]: Starting Network Manager Script Dispatcher Service...
..................................................
Tap the space bar key to keep scrolling down.
If you compare using the “cat” command and the “more” or “less” command on a large file like the one we just viewed, you will notice that the “more” utility is a better command to use.
Using head and tail filters in Linux
The head command, by default, is used to display the first 10 lines of a file, while the tail command by default, is used to display the last 10 lines of a file.
For example, if you use the head command on the “/var/log/messages” directory, it will display the first 10 lines
[root@HQEBPRD ~]# head /var/log/messages
Apr 13 13:49:16 HQEBPRD rsyslogd[1650]: [origin software="rsyslogd"
Apr 13 14:01:34 HQEBPRD NetworkManager[9507]: <info>
Apr 13 14:01:34 HQEBPRD dbus-daemon[1000]: [system] Activating via
Apr 13 14:01:34 HQEBPRD systemd[1]: Starting Network Manager Script
Apr 13 14:01:34 HQEBPRD dbus-daemon[1000]: [system] Successfully
Apr 13 14:01:34 HQEBPRD systemd[1]: Started Network Manager Script
Apr 13 14:07:48 HQEBPRD kernel: e1000: ens33 NIC Link is Down
Apr 13 14:07:52 HQEBPRD kernel: e1000: ens33 NIC Link is Up 1000 Mbps
Apr 13 14:07:52 HQEBPRD NetworkManager[9507]: <info>
Apr 13 14:07:52 HQEBPRD NetworkManager[9507]: <info>
To display the first three lines, use the command,
[root@HQEBPRD ~]# head -3 /var/log/messages
Apr 13 13:49:16 HQEBPRD rsyslogd[1650]: [origin software="rsyslogd"
Apr 13 14:01:34 HQEBPRD NetworkManager[9507]: <info>
Apr 13 14:01:34 HQEBPRD dbus-daemon[1000]: [system] Activating via
To display the last three lines, use the command,
[root@HQEBPRD ~]# tail -n 3 /var/log/messages
Apr 16 21:34:11 HQEBPRD systemd[1]: Starting Network Manager Script
Apr 16 21:34:11 HQEBPRD dbus-daemon[994]: [system] Successfully
Apr 16 21:34:11 HQEBPRD systemd[1]: Started Network Manager Script
Using grep Filter In Linux
The grep command is used to filter/match a search pattern
For this tutorial, create a test file in /tmp directory
[root@HQEBPRD ~]# vi /tmp/test
This is apple
Apple is good for the body
Eat at least one apple everyday
You will notice that apple is mentioned three times in the file, one with initial uppercase and two with initial lowercase.
- To search for the text apple, use the command
[root@HQEBPRD ~]# grep apple /tmp/test
This is apple
Eat at least one apple everyday
[root@HQEBPRD ~]#
In the output displayed, you can only see apple appearing twice and it is in lowercase. As you know, Linux is case sensitive. To ignore the cases, use the option i as it is shown in the example below.
[root@HQEBPRD ~]# grep -i apple /tmp/test
This is apple
Apple is good for the body
Eat at least one apple everyday
[root@HQEBPRD ~]#
- To search for the files that contains ipv4 in the /sys/module directory, use the command
[root@HQEBPRD ~]# ls /sys/module |grep ipv4
nf_conntrack_ipv4
nf_defrag_ipv4
nf_nat_ipv4
nf_reject_ipv4
nft_chain_nat_ipv4
nft_chain_route_ipv4
nft_fib_ipv4
[root@HQEBPRD ~]#
- To search for the sshd process with the “ps -ef” command, use the command,
[root@HQEBPRD module]# ps -ef |grep sshd
root 19565 1180 0 15:04 ? 00:00:00 sshd: root [priv]
root 19586 19565 0 15:05 ? 00:00:00 sshd: root@pts/1
root 19933 19590 0 15:34 pts/1 00:00:00 grep --color=auto sshd
For other ways grep can be used, refer to the manual page.
Using Regular Expression In Linux
Regular expressions are used to match/filter a search pattern. It is similar to globbing but different from globbing
Examples of regular expressions are
^ (carrot)
$ (dollar}
| (Alteration)
+ (plus)
and so on.
They are mostly used by utilities like grep, sed, and vim
To learn more about regular expression, see the man page, “man 7 regex”.
Searching/Finding Files and Directories In Linux
In Linux, there are a few utilities that can be used to search for files or directories. In this tutorial, we will look at four utilities that we can use to do a search on Linux which are “find”, “whereis”, “which” and “locate”.
How To Search Files/Directories In Linux Command Line With “find” utility
The find utility is a very powerful utility that can search through the whole entire filesystem of a Linux system. Let’s use find with examples for better understanding.
To find the file, “tekneed”
(If you don’t know the location of the file on the system), specify the “/” so that find utility can start the search from the root filesystem, use the command,
[root@HQEBPRD ~]# find / -name "tekneed"
/etc/logrotate.d/tekneed
/media/test4/tekneed
/media/test5/tekneed
/tmp/tekneed
/tmp/test2/tekneed
/tmp/test3/tekneed
/tmp/test1/tekneed
/tekneed
(If you know the location of the directory but you are not sure where the file is), specify the directory, for example, if the directory is “/tmp”, use the command,
[root@HQEBPRD ~]# find /tmp -name "tekneed"
/tmp/tekneed
/tmp/test2/tekneed
/tmp/test3/tekneed
/tmp/test1/tekneed
[root@HQEBPRD ~]#
if you are presently in the directory, use the command,
[root@HQEBPRD tmp]# find -name "tekneed"
./tekneed
./test2/tekneed
./test3/tekneed
./test1/tekneed
If you don’t know if the file name is in uppercase or lowercase, use the command,
[root@HQEBPRD etc]# find / -iname "tekneed"
/etc/logrotate.d/tekneed
/etc/Tekneed
/media/test4/tekneed
/media/test5/tekneed
/mnt/Tekneed
/mnt/victor/Tekneed
/tmp/tekneed
/tmp/test2/tekneed
/tmp/test3/tekneed
/tmp/test1/tekneed
/tekneed
[root@HQEBPRD etc]#
Files can also be found by specifying the type of file.
To find by directories only, use the option -d
For example, to find the directories only in “/tmp” directory, use the command,
[root@HQEBPRD ~]# find /tmp -type d
/tmp
/tmp/.X11-unix
/tmp/.ICE-unix
/tmp/.Test-unix
/tmp/vmware-root_1013-4290232108
/tmp/test2
/tmp/test3
/tmp/crc32c_intel/holders
/tmp/crc32c_intel/sections
/tmp/crc32c_intel/notes
/tmp/vmware-root_990-2999657286
/tmp/test1
To find by files only, use the option -f
For example, to find the files only in “/tmp” directory, use the command,
[root@HQEBPRD ~]# find /tmp -type f
/tmp/now
/tmp/test6
/tmp/tekneed
/tmp/test2/tekneed
/tmp/test3/tekneed
/tmp/dbus.log
/tmp/.X0-lock
/tmp/.X1024-lock
/tmp/crc32c_intel/srcversion
/tmp/crc32c_intel/rhelversion
/tmp/crc32c_intel/initstate
/tmp/crc32c_intel/coresize
/tmp/crc32c_intel/initsize
To find by symbolic/soft link only, use the option -l
For example, to find the symbolic link only in “/etc” directory, use the command,
[root@HQEBPRD ~]# find /etc -type l
/etc/mtab
/etc/fonts/conf.d/66-sil-nuosu.conf
/etc/fonts/conf.d/31-cantarell.conf
/etc/fonts/conf.d/65-0-lohit-bengali.conf
/etc/fonts/conf.d/59-liberation-mono.conf
/etc/fonts/conf.d/59-lohit-devanagari.conf
/etc/fonts/conf.d/59-liberation-sans.conf
/etc/fonts/conf.d/66-google-noto-sans-tai-viet.conf
/etc/fonts/conf.d/20-unhint-small-dejavu-sans.conf
/etc/fonts/conf.d/65-sil-padauk.conf
How To Use The Find Utility To Find All The Files Owned By a Particular User or Group
To find all the files owned by a particular user, use the command,
find / -user <user-name>
For example, to find all the files owned by the user, “oluwatomisin”, use the command,
[root@HQDEV1 ~]# find / -user oluwatomisin
find: ‘/proc/6228/task/6228/fd/7’: No such file or directory
find: ‘/proc/6228/task/6228/fdinfo/7’: No such file or directory
find: ‘/proc/6228/fd/8’: No such file or directory
find: ‘/proc/6228/fdinfo/8’: No such file or directory
/var/spool/mail/oluwatomisin
/home/oluwatomisin
/home/oluwatomisin/.mozilla
/home/oluwatomisin/.mozilla/extensions
/home/oluwatomisin/.mozilla/plugins
/home/oluwatomisin/.bash_logout
/home/oluwatomisin/.bash_profile
/home/oluwatomisin/.bashrc
[root@HQDEV1 ~]#
To find all the files owned by a particular group, use the command,
find / -user <group-name>
For example, to find all the files owned by the group finance, use the command,
[root@HQDEV1 ~]# find / -group finance
find: ‘/proc/6249/task/6249/fd/7’: No such file or directory
find: ‘/proc/6249/task/6249/fdinfo/7’: No such file or directory
find: ‘/proc/6249/fd/8’: No such file or directory
find: ‘/proc/6249/fdinfo/8’: No such file or directory
How To Search Files In Linux With “whereis” Utility
“whereis” is another tool that can be used to search a file in Linux, “whereis” only searches for binary files, source files, and manual pages file. it is not as robust as the “find” utility.
To use “whereis” command to find the sshd binary and manual pages file, use the command,
[root@HQEBPRD ~]# whereis sshd
sshd: /usr/sbin/sshd /usr/share/man/man8/sshd.8.gz
[root@HQEBPRD ~]#
How To Search Files In Linux With “which” Utility
“which” is another tool that can be used to search a file in Linux, but “which” only searches for binary or executable files. It is not as robust as the “find” utility.
To use “which” command to find ssh binary file, use the command,
[root@HQEBPRD ~]# which ssh
/usr/bin/ssh
How To Search Files/Directories In Linux With “locate” utility
Locate is another tool that can be used to search for a file in Linux. The locate utility works with a database. Instead of “locate” to search the whole entire filesystem, it searches through the database, as such faster than the “find” utility.
To use the locate command, it is advisable to update the database with the command, “updatedb” especially when you are searching for a file that has not been created up to a day because by default, the database is updated once a day
To use the “locate” command to find the file, tekneed, use the command,
[root@HQEBPRD ~]# locate tekneed
/tekneed
/tekneed2
/etc/logrotate.d/tekneed
/var/lib/NetworkManager/internal-b359145d-506b-485b-b656-8d3bba605737-tekneed.lease
/var/log/tekneed.log
/var/log/tekneed.log-20200413
[root@HQEBPRD ~]#
NB: you may need to update locate’s database (mlocate) before a file or directory can be found.
To update the database, use the command,
[root@HQEBPRD ~]# updatedb
Parting Hint: whereis, which and locate utility all have their searching mechanism. When you search for files with these tools and can’t find the files, use the “find” utility”. The find utility will search through the entire filesystem.
To learn more about these tools, please refer to their manual pages.
Your feedback is welcomed. If you love others, you will share with others
Leave a Reply