Basic File Searching Methods in Linux

Command line and graphical tools for searching for files or strings within a file.

This document briefly describes how to use locate and find to find the names of files or the names of files which contain certain strings (i.e. text) within them.

Using Gnome File Browser

Using the graphical File Browser

The Nautilus file manager includes an easy and simple to use way search for your files and folders. To begin a search press Ctrl+F or select the Search toolbar button.

  1. The search bar should appear as in
  2. Enter characters present in the name or contents of the file or folder you wish to find and press Enter. The results of your search should appear in the view pane as illustrated in:
  3. To add search conditions click the + icon. Restricting a search. shows a search which has been restricted to the users home directory and to only search for text files.

Using the Locate Command

Using the locate command

Using locate is very fast because it uses a pre-generated list of files to search instead of actually searching the entire drive. The drawback is that it will not see recent changes unless that index is manually updated by using the updatedb command. To update the database, type the command su - to switch to root, then updatedb:

su -


  1. To search for a particular file, simply issue locate :
    locate test.txt

    (if the file exists, it's full path will be printed)

  2. To print based on a part of a file (i.e. wildcard), use the * wildcard option:
    locate *.mp3
  3. To specify a particular path or even sub-wildcard:
    locate *.mp3 | grep "/home"

    (print out any names of mp3 music files located in the /home folder)

  4. To search for a particular file and then look for some value within it you can do the following:
    su -c"updatedb"
    locate "*.lis" | xargs grep -l "fatal"

    (search for any files which end with .lis, and within those results search for the word 'fatal' within those files)

Using the Find Command

Using the find command

Using find is slower but in some cases necessary when looking for files (i.e. out on a network file space for example). The find command is usually coupled with grep to narrow searches.

  1. Display all files in the current directory and all sub-directories (like an ls):
    find . -print
  2. How do I do a live search of the entire system? specify the / option:
    find / -name foo

    This will search the whole system for any files named foo and display their pathnames. Here we are using the criteria -name with the argument foo to tell find to perform a name search for the filename foo. The output might look like this:

  3. To search based on a part of the word, simply find a file using * wildecard:
    find / -name *tax*.doc

    (find the doc file which contains the word tax in it)

Using find to search and then execute based on results

  1. Say that you want to look for certain files on your system, you could use the find command. What if out of these files, you only wanted only print those files that contained a certain word. Hence to narrow down a search to find which files contain a certain string:
    find ./ -name "*.lis"  -type f -print | xargs grep -l "fatal"


    ( search from the current directory and into any sub-directories for any files ending with .lis, then print the names of these files which contain the word ' fatal '. This is accomplished by using xargs and grep )

  2. To find which files contains multiple strings:
    find ./ -name "*.lis"  -type f -print | xargs grep -l "fatal|error"


    ( search from the current directory and into any sub-directories for any files ending with .lis, then print the names of the files which contain the word ' fatal OR error '. )

Another way to search and execute a command based on the results

  1. To find which files contain a certain string:
    find ./ -name "*.lis" -exec grep -l "fatal" '{}' \;


Using Grep standalone

Using the Grep command

grep (g lobal / r egular e xpression / p arser) is a command line text search utility similar to find or locate. The grep command searches files or standard input globally for lines matching a given regular expression, and prints them to the program's standard output. Grep is many times used in combination with other commands (via the | piping option) but can easily be used by it self.

Basic Grep options

  1. The basic usage of grep command is to search for a specific string in the specified file as shown below.
    grep "literal_string" filename
    • A great way to search a file and look for something is to grep based on some search string:
      grep -i network socks.conf

      # --- IBM 9.x.x.x direct network
      # --- IBM 32.x.x.x direct network
      # --- Proxy servers 129.39.x.x direct network
      # --- Customer Site West Gate x.x.x.x
      # --- Customer Site East Gate x.x.x.x

      In this well documented file, ( socks.conf ) printed out all of the lines of text regarding which networks have been setup in this proxy file. In this example we could have just as easily searched using the '# — ' instead of ' network ' as well.

  2. Checking for the given string in multiple files.
    grep "string" FILE_PATTERN
    • Search for the word network in several files:
      grep -i network *.conf

      # --- IBM 9.x.x.x direct network
      # --- IBM 32.x.x.x direct network
      .... ... ... ....

Search and print additional lines before or after found key word(s)

  1. The following example prints the matched line, along with the 3 lines after it:
    grep -A 3 -i "example" demo_text
    Example to show the difference between WORD and word

    * - single WORD
    * - seven words.
  2. When you had option to show the lines after match, you have the -B option for the opposite.
    $ grep -B 2 "single WORD" demo_text
    Example to show the difference between WORD and word

    * - single WORD

Using grep with other commands

  1. Say you wanted to see certain processes on the system via the command line so you issue the command ' ps -ef '. What if you know which process you are looking for and would like to further narrow down the results:
    ps -ef | grep bash

    quickm 2664 2662 0 Jul21 pts/0 00:00:00 bash
    quickm 3004 2662 0 Jul21 pts/1 00:00:00 bash
    quickm 8164 2662 0 Jul21 pts/2 00:00:00 bash
    quickm 22004 7762 0 11:21 pts/2 00:00:00 grep bash

    In this case, we wanted to see how many terminal sessions were running. This shows that there are three bash terminal sessions running on the system. Unintentionally our results also printed our search using grep (i.e. the 'grep bash' line) which is obviously a undesired but harmless result.

  2. A way to remove that unintentional result (i.e. the 'grep bash') is to exclude it:
    ps -ef | grep bash | grep -v "grep bash"

    quickm 2664 2662 0 Jul21 pts/0 00:00:00 bash
    quickm 3004 2662 0 Jul21 pts/1 00:00:00 bash
    quickm 8164 2662 0 Jul21 pts/2 00:00:00 bash

    This is telling the system to first print every process running that has the word bash in it, then calls bash again with the -v option to exclude any results which contain ' grep bash ' . To bundle commands we use the '|' "pipe" option.

  3. Say we want to print the names of the files which contain the word fatal in them ?
    grep -l "fatal" *
  4. Say we wanted to print out all of the installed packages on the system, we would use the ' rpm -qa ' command. What if we wanted to only see if Firefox was installed:
    rpm -qa | grep -i Firefox


    This returned that Firefox is installed (if it weren't, nothing would have printed to the screen), and that it's version 3.5. For example, if it weren't installed we could install it using the yum command (i.e. yum install firefox ).

  5. Say that we wanted to search for a set of packages (applications) and based on that list remove those only:
    rpm -e `rpm -qa | grep openoffice.org-lanpack`

    In this case we've realized that we aren't as internationally savvy as we originally believed and do not need all of the language support for Open Office. In this case though we ran rpm as a separate instance by using the ` ` (tics) to specify for a search to print the results which were passed back to the rpm -e command. The -e option means to uninstall the package(s).

Piping the Results

Piping output

In some cases you may want to direct output to a file or only see the results and none of the potential errors.

  1. Print results (if any) to a file ./test.out :
    locate "*.lis" | xargs grep -l "fatal" > test.out

  2. To not print any error messages such as "access denied" but to print to a file ./test.out :
    locate "*.lis" | xargs grep -l "fatal" 2&>1 /dev/null > test.out

  3. To print any errors to test.out.err and results to test.out :
    locate "*.lis" | xargs grep -l "fatal" 2&>1 test.out.err > test.out

Other Tricks and Tips

Other Tricks and Tips

  1. List files in reverse date order. With this we discover that we want to delete x.txt and all older files.
    ls -alt
  2. Run find in listing mode to verify what we're going to delete.
    find /var/lib/tripwire/report/ ! -cnewer x.txt -ls
  3. Delete file x.txt and all files older.
    find /var/lib/tripwire/report/ ! -cnewer x.txt -exec /bin/rm -i {} \;
  4. create tmp.txt or set it's last modification date using touch. This example sets it's time of last mod to 10:11 am, today.
    touch --date="10:11:00" tmp.txt
    find ./ -cnewer tmp.txt
  5. Remove write privs, depth first. Can't use chmod -R since that starts with the parent directory, and when it isn't writable, files and subdirs can't chmod.
    find ./cmdev_save -depth -exec chmod a-w {} \;
  6. This should delete files older than 7 days, and print the name of each file it deletes.
    find ./ -ctime +7 -name "*.zip" -exec rm -f {} \; -ls


Post a Comment