Linux / UNIX: Finding and locating files with find command part # 2

In the first part we talked about find command basic usage.

ADVERTISEMENTS

Now let us see how to use find command
(a) To gain lots of useful information about users and their files

(b) Monitor and enhance the security of system using find command

Finding all set user id files

setuid (“suid”) and setgid are access right flags that can be assigned to files and directories on a Unix based operating system. They are mostly used to allow users on a computer system to execute binary executables with temporarily elevated privileges in order to perform a specific task.
# find / -perm +u=s
OR
# find / -perm +4000

See also, shell script to find all programs and scripts with setuid set on.

Finding all set group id files

# find / -perm +g=s
OR
# find / -perm +2000

See also, shell script to find all programs and scripts with setgid bit set on.

Finding all large directories

To find all directories taking 50k (kilobytes) blocks of space. This is useful to find out which directories on system taking lot of space.
# find / -type d -size +50k
Output:

/var/lib/dpkg/info
/var/log/ksymoops
/usr/share/doc/HOWTO/en-html
/usr/share/man/man3

Finding all large files on a Linux / UNIX

# find / -type f -size +20000k
Output:

var/log/kern.log
/sys/devices/pci0000:00/0000:00:02.0/resource0
/sys/devices/pci0000:00/0000:00:00.0/resource0
/opt/03Jun05/firefox-1.0.4-source.tar.bz2

However my favorite hack to above command is as follows:
# find / -type f -size +20000k -exec ls -lh {} \; | awk '{ print $8 ": " $5 }'

/var/log/kern.log: 22M
/sys/devices/pci0000:00/0000:00:02.0/resource0: 128M
/sys/devices/pci0000:00/0000:00:00.0/resource0: 256M
/opt/03Jun05/firefox-1.0.4-source.tar.bz2: 32M

Above command will find all files block size greater than 20000k and print filename followed by the file size. Output is more informative as compare to normal find command output 😀

🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source & DevOps topics via:
CategoryList of Unix and Linux commands
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNCentOS 8 Debian 10 Firewall Ubuntu 20.04

ADVERTISEMENTS
12 comments… add one
  • Axxs Jan 26, 2006 @ 7:48

    the last hack there is a nice one .. great having sizes show 🙂

  • Sharjeel Aug 8, 2006 @ 19:05

    The last hack for finding large files should be as follows

    find / -type f -size +100000k -exec ls -lh {} ; | awk ‘{ print $9 “: ” $5 }’


    Sharjeel
    http://www.sharjeel.net

  • JeffB Dec 6, 2006 @ 10:40

    Thanks a bunch, that command string was just what I was looking for, and I had looked at around 20 other sites with nothing near as good. (As Sharjeel said $9 is the filename, at least on my system.)

    To tweak the output and have the file sizes in a column, add this to the end:

    | column -t

    this just expands the tabs to even the columns out.

  • Diesel Jan 2, 2007 @ 20:11

    Thank you very much for this snip!!! I was looking all over for something this small and simple to tell me what I needed to know in a clear manner!

    Thanks Again!

  • William Bequette Aug 12, 2007 @ 15:39

    Very nice little piece of info.
    Is there a way to escape file name spaces?
    Output stops with colon at first win file name space for each file found.
    Thanks FnG

  • Valter Feb 26, 2008 @ 19:06

    In my system I had to remove the k from the size to work.

  • Aaron Dec 5, 2008 @ 16:42

    Valter, you are probably using HP-UX which does not accept (…+20000k) k for the size to work

  • jagadeesh Jan 21, 2009 @ 13:41

    how to redirect the running log file info to other file

  • kashyap Dec 22, 2010 @ 5:57

    How to exlude a directory while executing the find command

  • Dotcode Mar 7, 2011 @ 16:26

    i have tried to write a bash script for linux that would tell us the largest file in a folder.
    someone who can should help me. tanks

  • Patrick Dec 21, 2011 @ 7:53

    The find command for setuid files isnt that useful. Almost never is the setuid bit the only bit set. The better way is
    # find / -perm -u=s
    or
    # find / -perm -4000

    Those will find any files with the setuid bit set. Not just files with only the setuid bit set.

  • puneeta Apr 24, 2012 @ 10:41

    thanks, great !

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.