0x01 列出某个目录下今天创建或者修改的文件
cd /home/ym
1 显示目录home/ym下,今天创建或者修改的文件
ls -al --time-style=+%D | grep 'date +%D'
参数解释:
-a - 列出所有文件,包括隐藏文件
-l - 启用长列表格式
--time-style=FORMAT - 显示指定 FORMAT 的时间
+%D - 以 %m/%d/%y (月/日/年)格式显示或使用日期-a - 列出所有文件,包括隐藏文件
-l - 启用长列表格式
--time-style=FORMAT - 显示指定 FORMAT 的时间
+%D - 以 %m/%d/%y (月/日/年)格式显示或使用日期
2 按字母顺序对结果排序显示
ls -alX --time-style=+%D | grep 'date +%D'
3 按文件大小从大到小对结果排序显示
0x02 列出某天所有被修改文件
1 列出当前目录今天被修改的文件
find . -maxdepth 1 -newermt "2017-1-8"
find . -maxdepth 1 -newermt "1/8/2017"
2 列出系统中今天被修改的所有文件
find . -newermt "2017-1-8"
find . -newermt "1/8/2017"
0x03 查找被访问过的文件
1 今天被访问的文件
find /home -atime 0 #查看home 目录下今天被访问的文件
2 查看几天之内被访问的文件
find . -atime +2 # -atime n, File was last accessed n*24 hours ago.;查看当前目录三天之内被访问的文件
0x04 查看被修改过的文件
1 今天被访问的文件
find /home -ctime 0 #查看home 目录下今天被修改过的文件2 查看几天之内被访问的文件
find . -ctime +2 # -ctime n, File was last changed n*24 hours ago.;查看当前目录三天之内被修改过的文件
0x05 更多查看文件的用法
man find
find /tmp -name core -type f -print | xargs /bin/rm -f
Find files named core in or below the directory /tmp and delete them. Note that this will work incor‐
rectly if there are any filenames containing newlines, single or double quotes, or spaces.
find /tmp -name core -type f -print0 | xargs -0 /bin/rm -f
Find files named core in or below the directory /tmp and delete them, processing filenames in such a
way that file or directory names containing single or double quotes, spaces or newlines are correctly
handled. The -name test comes before the -type test in order to avoid having to call stat(2) on every
file.
find . -type f -exec file '{}' \;
Runs `file' on every file in or below the current directory. Notice that the braces are enclosed in
single quote marks to protect them from interpretation as shell script punctuation. The semicolon is
similarly protected by the use of a backslash, though single quotes could have been used in that case
also.
find / \
\( -perm -4000 -fprintf /root/suid.txt %#m %u %p\n \) , \
\( -size +100M -fprintf /root/big.txt %-10s %p\n \)
Traverse the filesystem just once, listing setuid files and directories into /root/suid.txt and large
files into /root/big.txt.
find $HOME -mtime 0
Search for files in your home directory which have been modified in the last twenty-four hours. This
command works this way because the time since each file was last modified is divided by 24 hours and
any remainder is discarded. That means that to match -mtime 0, a file will have to have a modifica‐
tion in the past which is less than 24 hours ago.
find /sbin /usr/sbin -executable \! -readable -print
Search for files which are executable but not readable.
find . -perm 664
Search for files which have read and write permission for their owner, and group, but which other
users can read but not write to. Files which meet these criteria but have other permissions bits set
(for example if someone can execute the file) will not be matched.
find . -perm -664
Search for files which have read and write permission for their owner and group, and which other users
can read, without regard to the presence of any extra permission bits (for example the executable
bit). This will match a file which has mode 0777, for example.
find . -perm /222
Search for files which are writable by somebody (their owner, or their group, or anybody else).
find . -perm /220
find . -perm /u+w,g+w
find . -perm /u=w,g=w
find . -perm 664
Search for files which have read and write permission for their owner, and group, but which other
users can read but not write to. Files which meet these criteria but have other permissions bits set
(for example if someone can execute the file) will not be matched.
find . -perm -664
Search for files which have read and write permission for their owner and group, and which other users
can read, without regard to the presence of any extra permission bits (for example the executable
bit). This will match a file which has mode 0777, for example.
All three of these commands do the same thing, but the first one uses the octal representation of the
file mode, and the other two use the symbolic form. These commands all search for files which are
writable by either their owner or their group. The files don't have to be writable by both the owner
and group to be matched; either will do.
find . -perm -220
find . -perm -g+w,u+w
Both these commands do the same thing; search for files which are writable by both their owner and
their group.
find . -perm -444 -perm /222 ! -perm /111
find . -perm -a+r -perm /a+w ! -perm /a+x
These two commands both search for files that are readable for everybody ( -perm -444 or -perm -a+r),
have at least one write bit set ( -perm /222 or -perm /a+w) but are not executable for anybody ( !
-perm /111 and ! -perm /a+x respectively).
cd /source-dir
find . -name .snapshot -prune -o \( \! -name *~ -print0 \)| cpio -pmd0 /dest-dir
This command copies the contents of /source-dir to /dest-dir, but omits files and directories named
.snapshot (and anything in them). It also omits files or directories whose name ends in ~, but not
their contents. The construct -prune -o \( ... -print0 \) is quite common. The idea here is that the
expression before -prune matches things which are to be pruned. However, the -prune action itself
returns true, so the following -o ensures that the right hand side is evaluated only for those direc‐
tories which didn't get pruned (the contents of the pruned directories are not even visited, so their
contents are irrelevant). The expression on the right hand side of the -o is in parentheses only for
clarity. It emphasises that the -print0 action takes place only for things that didn't have -prune
applied to them. Because the default `and' condition between tests binds more tightly than -o, this
is the default anyway, but the parentheses help to show what is going on.
欢迎大家分享更好的思路,热切期待^^_^^ !