An intermediate look at the find utility

If you've not used the find utility before, you may want to start by reading Getting Started with the Find Utility.

Finding files based on file size

Find will allow you to search for files based on the file size. Firstly, lets look at how you'd search for files of an exact size.

Note that the "c" represents bytes (characters). So the command above will match files in your filesystem that are exactly 2048 bytes in size, no file with size more or less than this will be matched.

If you would like to search for all files under the current directory that are less than a certain size, simply prefix the number with a "-". For example, to search for all files that are less than 50KB, you could use:

The "k" used above simply stands for Kilobytes (KB).

If you need to find all files on your system that are greater than 100 Megabytes, use:

Similarly, to find files greater than 3 Gigabytes, you could use:

Find files accessed/changed/modified within the last few minutes

As you probably know already, each file has three timestamps associated with it.

Lets just clarify or refresh ourselves about what these timestamps are for:

When you want to find files that have been accessed, you use the -amin option.

So, to find files in the current directory that were accessed exactly 10 minutes ago, you could use:

To find files that were accessed within the last few minutes, precede the number of minutes with a -. To find files accessed within the last 30 minutes, run:

If you want to find all files than have been modified you would use -mmin and to find files who's metadata or status has changed, you'd use -cmin. Hence, to search for config files in /etc who's contents has been modified over the last 30 minutes, use the command:

Find files Accessed/Changed/Modified within the last few days

To find files accessed/changed/modified in the last 24 hours, use -atime, -ctime, and -mtime respectively.

So to find any files on your system that have been accessed in the last 24 hours, you could use:

The number of 24 hour periods actually gets rounded off so that fractions of a day are ignored.
This means that to find files accessed in the last 0 to 24 hours, use -atime 0 as above, and to find files accessed in the last 24 to 48 hours, use -atime 1, and so on.

This can be used in conjunction with + which basically means older than (in this case). So to find files that were accessed at least 3 days ago, you could use:

that is older than the 24 hour period between 48 --> 72 hours ago, or in other words, to be part of the results, the files must have been accessed more than 2 days ago (at least 3 days).

Note that for the -amin, -cmin, -mmin, -atime, -ctime, and -mtime options, you can specify to measure times from the beginning of the day rather than the last 24 hours by using the -daystart option; for example;

will show all files in /var/log modified since the beginning of today rather than in the last 24 hours.

Find files based on owner and/or group

If you need to find files belonging to a particular owner use the -user option as shown below for the user tutonics:

If file.txt exists on on the system, but is owned by another user, it will not be returned in the results.

You can also search for files in a particular group by using the -group option, for example to search for all .log files in group adm, you could use:

If you need to check for both a specific owner and group, just use both as in:

To check for files with no known user or group, use the options -nouser and -nogroup respectively.

If a user account gets removed from your desktop or server it is always a good idea to find files that have no user or group and give them a user/group or even remove them from your system.

To identify files on your system that have no user:

To find files that have no user and no group use:

Mounted file systems

If you don't want find to descend directories of other file systems that you've mounted, use the -mount option or the equivalent -xdev option; for example:

or