1 This is ../../../findutils/doc/find.info, produced by makeinfo version
2 4.13 from ../../../findutils/doc/find.texi.
4 INFO-DIR-SECTION Basics
6 * Finding files: (find). Operating on files matching certain criteria.
9 INFO-DIR-SECTION Individual utilities
11 * find: (find)Invoking find. Finding and acting on files.
12 * locate: (find)Invoking locate. Finding files in a database.
13 * updatedb: (find)Invoking updatedb. Building the locate database.
14 * xargs: (find)Invoking xargs. Operating on many files.
17 This file documents the GNU utilities for finding files that match
18 certain criteria and performing various operations on them.
20 Copyright (C) 1994, 1996, 1998, 2000, 2001, 2003, 2004, 2005, 2006,
21 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc.
23 Permission is granted to copy, distribute and/or modify this document
24 under the terms of the GNU Free Documentation License, Version 1.3 or
25 any later version published by the Free Software Foundation; with no
26 Invariant Sections, with no Front-Cover Texts, and with no Back-Cover
27 Texts. A copy of the license is included in the section entitled "GNU
28 Free Documentation License".
31 File: find.info, Node: Top, Next: Introduction, Up: (dir)
36 This file documents the GNU utilities for finding files that match
37 certain criteria and performing various operations on them.
39 Copyright (C) 1994, 1996, 1998, 2000, 2001, 2003, 2004, 2005, 2006,
40 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc.
42 Permission is granted to copy, distribute and/or modify this document
43 under the terms of the GNU Free Documentation License, Version 1.3 or
44 any later version published by the Free Software Foundation; with no
45 Invariant Sections, with no Front-Cover Texts, and with no Back-Cover
46 Texts. A copy of the license is included in the section entitled "GNU
47 Free Documentation License".
49 This file documents the GNU utilities for finding files that match
50 certain criteria and performing various actions on them.
52 This is edition 4.5.14, for `find' version 4.5.14.
56 * Introduction:: Summary of the tasks this manual describes.
57 * Finding Files:: Finding files that match certain criteria.
58 * Actions:: Doing things to files you have found.
59 * Databases:: Maintaining file name databases.
60 * File Permissions:: How to control access to files.
61 * Date input formats:: Specifying literal times.
62 * Configuration:: Options you can select at compile time.
63 * Reference:: Summary of how to invoke the programs.
64 * Common Tasks:: Solutions to common real-world problems.
65 * Worked Examples:: Examples demonstrating more complex points.
66 * Security Considerations:: Security issues relating to findutils.
67 * Error Messages:: Explanations of some messages you might see.
68 * GNU Free Documentation License:: Copying and sharing this manual.
69 * Primary Index:: The components of `find' expressions.
72 File: find.info, Node: Introduction, Next: Finding Files, Prev: Top, Up: Top
77 This manual shows how to find files that meet criteria you specify, and
78 how to perform various actions on the files that you find. The
79 principal programs that you use to perform these tasks are `find',
80 `locate', and `xargs'. Some of the examples in this manual use
81 capabilities specific to the GNU versions of those programs.
83 GNU `find' was originally written by Eric Decker, with enhancements
84 by David MacKenzie, Jay Plett, and Tim Wood. GNU `xargs' was
85 originally written by Mike Rendell, with enhancements by David
86 MacKenzie. GNU `locate' and its associated utilities were originally
87 written by James Woods, with enhancements by David MacKenzie. The idea
88 for `find -print0' and `xargs -0' came from Dan Bernstein. The current
89 maintainer of GNU findutils (and this manual) is James Youngman. Many
90 other people have contributed bug fixes, small improvements, and
91 helpful suggestions. Thanks!
93 To report a bug in GNU findutils, please use the form on the Savannah
94 web site at `http://savannah.gnu.org/bugs/?group=findutils'. Reporting
95 bugs this way means that you will then be able to track progress in
98 If you don't have web access, you can also just send mail to the
99 mailing list. The mailing list <bug-findutils@gnu.org> carries
100 discussion of bugs in findutils, questions and answers about the
101 software and discussion of the development of the programs. To join
102 the list, send email to <bug-findutils-request@gnu.org>.
104 Please read any relevant sections of this manual before asking for
105 help on the mailing list. You may also find it helpful to read the
106 NON-BUGS section of the `find' manual page.
108 If you ask for help on the mailing list, people will be able to help
109 you much more effectively if you include the following things:
111 * The version of the software you are running. You can find this
112 out by running `locate --version'.
114 * What you were trying to do
116 * The _exact_ command line you used
118 * The _exact_ output you got (if this is very long, try to find a
119 smaller example which exhibits the same problem)
121 * The output you expected to get
123 It may also be the case that the bug you are describing has already
124 been fixed, if it is a bug. Please check the most recent findutils
125 releases at `ftp://ftp.gnu.org/gnu/findutils' and, if possible, the
126 development branch at `ftp://alpha.gnu.org/gnu/findutils'. If you take
127 the time to check that your bug still exists in current releases, this
128 will greatly help people who want to help you solve your problem.
129 Please also be aware that if you obtained findutils as part of the
130 GNU/Linux 'distribution', the distributions often lag seriously behind
131 findutils releases, even the stable release. Please check the GNU FTP
141 File: find.info, Node: Scope, Next: Overview, Up: Introduction
146 For brevity, the word "file" in this manual means a regular file, a
147 directory, a symbolic link, or any other kind of node that has a
148 directory entry. A directory entry is also called a "file name". A
149 file name may contain some, all, or none of the directories in a path
150 that leads to the file. These are all examples of what this manual
157 /usr/local/include/termcap.h
159 A "directory tree" is a directory and the files it contains, all of
160 its subdirectories and the files they contain, etc. It can also be a
161 single non-directory file.
163 These programs enable you to find the files in one or more directory
166 * have names that contain certain text or match a certain pattern;
168 * are links to certain files;
170 * were last used during a certain period of time;
172 * are within a certain size range;
174 * are of a certain type (regular file, directory, symbolic link,
177 * are owned by a certain user or group;
179 * have certain access permissions or special mode bits;
181 * contain text that matches a certain pattern;
183 * are within a certain depth in the directory tree;
185 * or some combination of the above.
187 Once you have found the files you're looking for (or files that are
188 potentially the ones you're looking for), you can do more to them than
189 simply list their names. You can get any combination of the files'
190 attributes, or process the files in many ways, either individually or
191 in groups of various sizes. Actions that you might want to perform on
192 the files you have found include, but are not limited to:
196 * store in an archive
200 * change access permissions
202 * classify into groups
204 This manual describes how to perform each of those tasks, and more.
207 File: find.info, Node: Overview, Next: find Expressions, Prev: Scope, Up: Introduction
212 The principal programs used for making lists of files that match given
213 criteria and running commands on them are `find', `locate', and
214 `xargs'. An additional command, `updatedb', is used by system
215 administrators to create databases for `locate' to use.
217 `find' searches for files in a directory hierarchy and prints
218 information about the files it found. It is run like this:
220 find [FILE...] [EXPRESSION]
222 Here is a typical use of `find'. This example prints the names of all
223 files in the directory tree rooted in `/usr/src' whose name ends with
224 `.c' and that are larger than 100 Kilobytes.
225 find /usr/src -name '*.c' -size +100k -print
227 Notice that the wildcard must be enclosed in quotes in order to
228 protect it from expansion by the shell.
230 `locate' searches special file name databases for file names that
231 match patterns. The system administrator runs the `updatedb' program
232 to create the databases. `locate' is run like this:
234 locate [OPTION...] PATTERN...
236 This example prints the names of all files in the default file name
237 database whose name ends with `Makefile' or `makefile'. Which file
238 names are stored in the database depends on how the system
239 administrator ran `updatedb'.
240 locate '*[Mm]akefile'
242 The name `xargs', pronounced EX-args, means "combine arguments."
243 `xargs' builds and executes command lines by gathering together
244 arguments it reads on the standard input. Most often, these arguments
245 are lists of file names generated by `find'. `xargs' is run like this:
247 xargs [OPTION...] [COMMAND [INITIAL-ARGUMENTS]]
249 The following command searches the files listed in the file `file-list'
250 and prints all of the lines in them that contain the word `typedef'.
251 xargs grep typedef < file-list
254 File: find.info, Node: find Expressions, Prev: Overview, Up: Introduction
256 1.3 `find' Expressions
257 ======================
259 The expression that `find' uses to select files consists of one or more
260 "primaries", each of which is a separate command line argument to
261 `find'. `find' evaluates the expression each time it processes a file.
262 An expression can contain any of the following types of primaries:
265 affect overall operation rather than the processing of a specific
269 return a true or false value, depending on the file's attributes;
272 have side effects and return a true or false value; and
275 connect the other arguments and affect when and whether they are
278 You can omit the operator between two primaries; it defaults to
279 `-and'. *Note Combining Primaries With Operators::, for ways to
280 connect primaries into more complex expressions. If the expression
281 contains no actions other than `-prune', `-print' is performed on all
282 files for which the entire expression is true (*note Print File Name::).
284 Options take effect immediately, rather than being evaluated for each
285 file when their place in the expression is reached. Therefore, for
286 clarity, it is best to place them at the beginning of the expression.
287 There are two exceptions to this; `-daystart' and `-follow' have
288 different effects depending on where in the command line they appear.
289 This can be confusing, so it's best to keep them at the beginning, too.
291 Many of the primaries take arguments, which immediately follow them
292 in the next command line argument to `find'. Some arguments are file
293 names, patterns, or other strings; others are numbers. Numeric
294 arguments can be specified as
306 File: find.info, Node: Finding Files, Next: Actions, Prev: Introduction, Up: Top
311 By default, `find' prints to the standard output the names of the files
312 that match the given criteria. *Note Actions::, for how to get more
313 information about the matching files.
327 * Combining Primaries With Operators::
330 File: find.info, Node: Name, Next: Links, Up: Finding Files
335 Here are ways to search for files whose name matches a certain pattern.
336 *Note Shell Pattern Matching::, for a description of the PATTERN
337 arguments to these tests.
339 Each of these tests has a case-sensitive version and a
340 case-insensitive version, whose name begins with `i'. In a
341 case-insensitive comparison, the patterns `fo*' and `F??' match the
342 file names `Foo', `FOO', `foo', `fOo', etc.
346 * Base Name Patterns::
347 * Full Name Patterns::
348 * Fast Full Name Search::
349 * Shell Pattern Matching:: Wildcards used by these programs.
352 File: find.info, Node: Base Name Patterns, Next: Full Name Patterns, Up: Name
354 2.1.1 Base Name Patterns
355 ------------------------
357 -- Test: -name pattern
358 -- Test: -iname pattern
359 True if the base of the file name (the path with the leading
360 directories removed) matches shell pattern PATTERN. For `-iname',
361 the match is case-insensitive.(1) To ignore a whole directory
362 tree, use `-prune' (*note Directories::). As an example, to find
363 Texinfo source files in `/usr/local/doc':
365 find /usr/local/doc -name '*.texi'
367 Notice that the wildcard must be enclosed in quotes in order to
368 protect it from expansion by the shell.
370 As of findutils version 4.2.2, patterns for `-name' and `-iname'
371 will match a file name with a leading `.'. For example the
372 command `find /tmp -name \*bar' will match the file
373 `/tmp/.foobar'. Braces within the pattern (`{}') are not
374 considered to be special (that is, `find . -name 'foo{1,2}''
375 matches a file named `foo{1,2}', not the files `foo1' and `foo2'.
377 Because the leading directories are removed, the file names
378 considered for a match with `-name' will never include a slash, so
379 `-name a/b' will never match anything (you probably need to use
382 ---------- Footnotes ----------
384 (1) Because we need to perform case-insensitive matching, the GNU
385 fnmatch implementation is always used; if the C library includes the GNU
386 implementation, we use that and otherwise we use the one from gnulib
389 File: find.info, Node: Full Name Patterns, Next: Fast Full Name Search, Prev: Base Name Patterns, Up: Name
391 2.1.2 Full Name Patterns
392 ------------------------
394 -- Test: -path pattern
395 -- Test: -wholename pattern
396 True if the entire file name, starting with the command line
397 argument under which the file was found, matches shell pattern
398 PATTERN. To ignore a whole directory tree, use `-prune' rather
399 than checking every file in the tree (*note Directories::). The
400 "entire file name" as used by `find' starts with the starting-point
401 specified on the command line, and is not converted to an absolute
402 pathname, so for example `cd /; find tmp -wholename /tmp' will
403 never match anything.
405 Find compares the `-path' argument with the concatenation of a
406 directory name and the base name of the file it's considering.
407 Since the concatenation will never end with a slash, `-path'
408 arguments ending in `/' will match nothing (except perhaps a start
409 point specified on the command line).
411 The name `-wholename' is GNU-specific, but `-path' is more
412 portable; it is supported by HP-UX `find' and is part of the POSIX
416 -- Test: -ipath pattern
417 -- Test: -iwholename pattern
418 These tests are like `-wholename' and `-path', but the match is
421 In the context of the tests `-path', `-wholename', `-ipath' and
422 `-wholename', a "full path" is the name of all the directories
423 traversed from `find''s start point to the file being tested, followed
424 by the base name of the file itself. These paths are often not
425 absolute paths; for example
428 $ mkdir -p foo/bar/baz
429 $ find foo -path foo/bar -print
431 $ find foo -path /tmp/foo/bar -print
432 $ find /tmp/foo -path /tmp/foo/bar -print
435 Notice that the second `find' command prints nothing, even though
436 `/tmp/foo/bar' exists and was examined by `find'.
438 Unlike file name expansion on the command line, a `*' in the pattern
439 will match both `/' and leading dots in file names:
443 $ find . -path '*/*config'
444 ./quux/bar/baz/.config
447 -- Test: -iregex expr
448 True if the entire file name matches regular expression EXPR.
449 This is a match on the whole path, not a search. For example, to
450 match a file named `./fubar3', you can use the regular expression
451 `.*bar.' or `.*b.*3', but not `f.*r3'. *Note Syntax of Regular
452 Expressions: (emacs)Regexps, for a description of the syntax of
453 regular expressions. For `-iregex', the match is case-insensitive.
455 As for `-path', the candidate file name never ends with a slash,
456 so regular expressions which only match something that ends in
457 slash will always fail.
459 There are several varieties of regular expressions; by default this
460 test uses POSIX basic regular expressions, but this can be changed
461 with the option `-regextype'.
463 -- Option: -regextype name
464 This option controls the variety of regular expression syntax
465 understood by the `-regex' and `-iregex' tests. This option is
466 positional; that is, it only affects regular expressions which
467 occur later in the command line. If this option is not given, GNU
468 Emacs regular expressions are assumed. Currently-implemented types
472 Regular expressions compatible with GNU Emacs; this is also
473 the default behaviour if this option is not used.
476 Regular expressions compatible with the POSIX awk command
480 POSIX Basic Regular Expressions.
483 Regular expressions compatible with the POSIX egrep command
486 POSIX Extended Regular Expressions
488 *note Regular Expressions:: for more information on the regular
489 expression dialects understood by GNU findutils.
493 File: find.info, Node: Fast Full Name Search, Next: Shell Pattern Matching, Prev: Full Name Patterns, Up: Name
495 2.1.3 Fast Full Name Search
496 ---------------------------
498 To search for files by name without having to actually scan the
499 directories on the disk (which can be slow), you can use the `locate'
500 program. For each shell pattern you give it, `locate' searches one or
501 more databases of file names and displays the file names that contain
502 the pattern. *Note Shell Pattern Matching::, for details about shell
505 If a pattern is a plain string - it contains no metacharacters -
506 `locate' displays all file names in the database that contain that
507 string. If a pattern contains metacharacters, `locate' only displays
508 file names that match the pattern exactly. As a result, patterns that
509 contain metacharacters should usually begin with a `*', and will most
510 often end with one as well. The exceptions are patterns that are
511 intended to explicitly match the beginning or end of a file name.
513 If you only want `locate' to match against the last component of the
514 file names (the "base name" of the files) you can use the `--basename'
515 option. The opposite behaviour is the default, but can be selected
516 explicitly by using the option `--wholename'.
521 is almost equivalent to
522 find DIRECTORIES -name PATTERN
524 where DIRECTORIES are the directories for which the file name
525 databases contain information. The differences are that the `locate'
526 information might be out of date, and that `locate' handles wildcards
527 in the pattern slightly differently than `find' (*note Shell Pattern
530 The file name databases contain lists of files that were on the
531 system when the databases were last updated. The system administrator
532 can choose the file name of the default database, the frequency with
533 which the databases are updated, and the directories for which they
536 Here is how to select which file name databases `locate' searches.
537 The default is system-dependent. At the time this document was
538 generated, the default was `/usr/local/var/locatedb'.
542 Instead of searching the default file name database, search the
543 file name databases in PATH, which is a colon-separated list of
544 database file names. You can also use the environment variable
545 `LOCATE_PATH' to set the list of database files to search. The
546 option overrides the environment variable if both are used.
548 GNU `locate' can read file name databases generated by the `slocate'
549 package. However, these generally contain a list of all the files on
550 the system, and so when using this database, `locate' will produce
551 output only for files which are accessible to you. *Note Invoking
552 locate::, for a description of the `--existing' option which is used to
555 The `updatedb' program can also generate database in a format
556 compatible with `slocate'. *Note Invoking updatedb::, for a
557 description of its `--dbformat' and `--output' options.
560 File: find.info, Node: Shell Pattern Matching, Prev: Fast Full Name Search, Up: Name
562 2.1.4 Shell Pattern Matching
563 ----------------------------
565 `find' and `locate' can compare file names, or parts of file names, to
566 shell patterns. A "shell pattern" is a string that may contain the
567 following special characters, which are known as "wildcards" or
570 You must quote patterns that contain metacharacters to prevent the
571 shell from expanding them itself. Double and single quotes both work;
572 so does escaping with a backslash.
575 Matches any zero or more characters.
578 Matches any one character.
581 Matches exactly one character that is a member of the string
582 STRING. This is called a "character class". As a shorthand,
583 STRING may contain ranges, which consist of two characters with a
584 dash between them. For example, the class `[a-z0-9_]' matches a
585 lowercase letter, a number, or an underscore. You can negate a
586 class by placing a `!' or `^' immediately after the opening
587 bracket. Thus, `[^A-Z@]' matches any character except an
588 uppercase letter or an at sign.
591 Removes the special meaning of the character that follows it. This
592 works even in character classes.
594 In the `find' tests that do shell pattern matching (`-name',
595 `-wholename', etc.), wildcards in the pattern will match a `.' at the
596 beginning of a file name. This is also the case for `locate'. Thus,
597 `find -name '*macs'' will match a file named `.emacs', as will `locate
600 Slash characters have no special significance in the shell pattern
601 matching that `find' and `locate' do, unlike in the shell, in which
602 wildcards do not match them. Therefore, a pattern `foo*bar' can match
603 a file name `foo3/bar', and a pattern `./sr*sc' can match a file name
606 If you want to locate some files with the `locate' command but don't
607 need to see the full list you can use the `--limit' option to see just
608 a small number of results, or the `--count' option to display only the
609 total number of matches.
612 File: find.info, Node: Links, Next: Time, Prev: Name, Up: Finding Files
617 There are two ways that files can be linked together. "Symbolic links"
618 are a special type of file whose contents are a portion of the name of
619 another file. "Hard links" are multiple directory entries for one
620 file; the file names all have the same index node ("inode") number on
629 File: find.info, Node: Symbolic Links, Next: Hard Links, Up: Links
634 Symbolic links are names that reference other files. GNU `find' will
635 handle symbolic links in one of two ways; firstly, it can dereference
636 the links for you - this means that if it comes across a symbolic link,
637 it examines the file that the link points to, in order to see if it
638 matches the criteria you have specified. Secondly, it can check the
639 link itself in case you might be looking for the actual link. If the
640 file that the symbolic link points to is also within the directory
641 hierarchy you are searching with the `find' command, you may not see a
642 great deal of difference between these two alternatives.
644 By default, `find' examines symbolic links themselves when it finds
645 them (and, if it later comes across the linked-to file, it will examine
646 that, too). If you would prefer `find' to dereference the links and
647 examine the file that each link points to, specify the `-L' option to
648 `find'. You can explicitly specify the default behaviour by using the
649 `-P' option. The `-H' option is a half-way-between option which
650 ensures that any symbolic links listed on the command line are
651 dereferenced, but other symbolic links are not.
653 Symbolic links are different from "hard links" in the sense that you
654 need permission to search the directories in the linked-to file name to
655 dereference the link. This can mean that even if you specify the `-L'
656 option, `find' may not be able to determine the properties of the file
657 that the link points to (because you don't have sufficient permission).
658 In this situation, `find' uses the properties of the link itself. This
659 also occurs if a symbolic link exists but points to a file that is
662 The options controlling the behaviour of `find' with respect to
663 links are as follows:
666 `find' does not dereference symbolic links at all. This is the
667 default behaviour. This option must be specified before any of the
668 file names on the command line.
671 `find' does not dereference symbolic links (except in the case of
672 file names on the command line, which are dereferenced). If a
673 symbolic link cannot be dereferenced, the information for the
674 symbolic link itself is used. This option must be specified
675 before any of the file names on the command line.
678 `find' dereferences symbolic links where possible, and where this
679 is not possible it uses the properties of the symbolic link itself.
680 This option must be specified before any of the file names on the
681 command line. Use of this option also implies the same behaviour
682 as the `-noleaf' option. If you later use the `-H' or `-P'
683 options, this does not turn off `-noleaf'.
686 This option forms part of the "expression" and must be specified
687 after the file names, but it is otherwise equivalent to `-L'. The
688 `-follow' option affects only those tests which appear after it on
689 the command line. This option is deprecated. Where possible, you
690 should use `-L' instead.
692 The following differences in behaviour occur when the `-L' option is
695 * `find' follows symbolic links to directories when searching
698 * `-lname' and `-ilname' always return false (unless they happen to
699 match broken symbolic links).
701 * `-type' reports the types of the files that symbolic links point
702 to. This means that in combination with `-L', `-type l' will be
703 true only for broken symbolic links. To check for symbolic links
704 when `-L' has been specified, use `-xtype l'.
706 * Implies `-noleaf' (*note Directories::).
708 If the `-L' option or the `-H' option is used, the file names used
709 as arguments to `-newer', `-anewer', and `-cnewer' are dereferenced and
710 the timestamp from the pointed-to file is used instead (if possible -
711 otherwise the timestamp from the symbolic link is used).
713 -- Test: -lname pattern
714 -- Test: -ilname pattern
715 True if the file is a symbolic link whose contents match shell
716 pattern PATTERN. For `-ilname', the match is case-insensitive.
717 *Note Shell Pattern Matching::, for details about the PATTERN
718 argument. If the `-L' option is in effect, this test will always
719 return false for symbolic links unless they are broken. So, to
720 list any symbolic links to `sysdep.c' in the current directory and
721 its subdirectories, you can do:
723 find . -lname '*sysdep.c'
726 File: find.info, Node: Hard Links, Prev: Symbolic Links, Up: Links
731 Hard links allow more than one name to refer to the same file. To find
732 all the names which refer to the same file as NAME, use `-samefile
733 NAME'. If you are not using the `-L' option, you can confine your
734 search to one filesystem using the `-xdev' option. This is useful
735 because hard links cannot point outside a single filesystem, so this
736 can cut down on needless searching.
738 If the `-L' option is in effect, and NAME is in fact a symbolic
739 link, the symbolic link will be dereferenced. Hence you are searching
740 for other links (hard or symbolic) to the file pointed to by NAME. If
741 `-L' is in effect but NAME is not itself a symbolic link, other
742 symbolic links to the file NAME will be matched.
744 You can also search for files by inode number. This can occasionally
745 be useful in diagnosing problems with filesystems for example, because
746 `fsck' tends to print inode numbers. Inode numbers also occasionally
747 turn up in log messages for some types of software, and are used to
748 support the `ftok()' library function.
750 You can learn a file's inode number and the number of links to it by
751 running `ls -li' or `find -ls'.
753 You can search for hard links to inode number NUM by using `-inum
754 NUM'. If there are any filesystem mount points below the directory
755 where you are starting the search, use the `-xdev' option unless you
756 are also using the `-L' option. Using `-xdev' this saves needless
757 searching, since hard links to a file must be on the same filesystem.
760 -- Test: -samefile NAME
761 File is a hard link to the same inode as NAME. If the `-L' option
762 is in effect, symbolic links to the same file as NAME points to
766 File has inode number N. The `+' and `-' qualifiers also work,
767 though these are rarely useful. Much of the time it is easier to
768 use `-samefile' rather than this option.
770 You can also search for files that have a certain number of links,
771 with `-links'. Directories normally have at least two hard links;
772 their `.' entry is the second one. If they have subdirectories, each
773 of those also has a hard link called `..' to its parent directory. The
774 `.' and `..' directory entries are not normally searched unless they
775 are mentioned on the `find' command line.
778 File has N hard links.
781 File has more than N hard links.
784 File has fewer than N hard links.
787 File: find.info, Node: Time, Next: Size, Prev: Links, Up: Finding Files
792 Each file has three time stamps, which record the last time that
793 certain operations were performed on the file:
795 1. access (read the file's contents)
797 2. change the status (modify the file or its attributes)
799 3. modify (change the file's contents)
801 Some systems also provide a timestamp that indicates when a file was
802 _created_. For example, the UFS2 filesystem under NetBSD-3.1 records
803 the _birth time_ of each file. This information is also available
804 under other versions of BSD and some versions of Cygwin. However, even
805 on systems which support file birth time, files may exist for which
806 this information was not recorded (for example, UFS1 file systems
807 simply do not contain this information).
809 You can search for files whose time stamps are within a certain age
810 range, or compare them to other time stamps.
815 * Comparing Timestamps::
818 File: find.info, Node: Age Ranges, Next: Comparing Timestamps, Up: Time
823 These tests are mainly useful with ranges (`+N' and `-N').
828 True if the file was last accessed (or its status changed, or it
829 was modified) N*24 hours ago. The number of 24-hour periods since
830 the file's timestamp is always rounded down; therefore 0 means
831 "less than 24 hours ago", 1 means "between 24 and 48 hours ago",
832 and so forth. Fractional values are supported but this only
833 really makes sense for the case where ranges (`+N' and `-N') are
839 True if the file was last accessed (or its status changed, or it
840 was modified) N minutes ago. These tests provide finer granularity
841 of measurement than `-atime' et al., but rounding is done in a
842 similar way (again, fractions are supported). For example, to list
843 files in `/u/bill' that were last read from 2 to 6 minutes ago:
845 find /u/bill -amin +2 -amin -6
848 Measure times from the beginning of today rather than from 24 hours
849 ago. So, to list the regular files in your home directory that
850 were modified yesterday, do
852 find ~/ -daystart -type f -mtime 1
854 The `-daystart' option is unlike most other options in that it has
855 an effect on the way that other tests are performed. The affected
856 tests are `-amin', `-cmin', `-mmin', `-atime', `-ctime' and
857 `-mtime'. The `-daystart' option only affects the behaviour of
858 any tests which appear after it on the command line.
861 File: find.info, Node: Comparing Timestamps, Prev: Age Ranges, Up: Time
863 2.3.2 Comparing Timestamps
864 --------------------------
866 -- Test: -newerXY reference
867 Succeeds if timestamp `X' of the file being considered is newer
868 than timestamp `Y' of the file `reference'. The letters `X' and
869 `Y' can be any of the following letters:
872 Last-access time of `reference'
875 Birth time of `reference' (when this is not known, the test
879 Last-change time of `reference'
882 Last-modification time of `reference'
885 The `reference' argument is interpreted as a literal time,
886 rather than the name of a file. *Note Date input formats::,
887 for a description of how the timestamp is understood. Tests
888 of the form `-newerXt' are valid but tests of the form
891 For example the test `-newerac /tmp/foo' succeeds for all files
892 which have been accessed more recently than `/tmp/foo' was
893 changed. Here `X' is `a' and `Y' is `c'.
895 Not all files have a known birth time. If `Y' is `b' and the
896 birth time of `reference' is not available, `find' exits with an
897 explanatory error message. If `X' is `b' and we do not know the
898 birth time the file currently being considered, the test simply
899 fails (that is, it behaves like `-false' does).
901 Some operating systems (for example, most implementations of Unix)
902 do not support file birth times. Some others, for example
903 NetBSD-3.1, do. Even on operating systems which support file
904 birth times, the information may not be available for specific
905 files. For example, under NetBSD, file birth times are supported
906 on UFS2 file systems, but not UFS1 file systems.
909 There are two ways to list files in `/usr' modified after February 1
910 of the current year. One uses `-newermt':
912 find /usr -newermt "Feb 1"
914 The other way of doing this works on the versions of find before
917 touch -t 02010000 /tmp/stamp$$
918 find /usr -newer /tmp/stamp$$
921 -- Test: -anewer file
922 -- Test: -cnewer file
924 True if the file was last accessed (or its status changed, or it
925 was modified) more recently than FILE was modified. These tests
926 are affected by `-follow' only if `-follow' comes before them on
927 the command line. *Note Symbolic Links::, for more information on
928 `-follow'. As an example, to list any files modified since
929 `/bin/sh' was last modified:
931 find . -newer /bin/sh
934 True if the file was last accessed N days after its status was
935 last changed. Useful for finding files that are not being used,
936 and could perhaps be archived or removed to save disk space.
939 File: find.info, Node: Size, Next: Type, Prev: Time, Up: Finding Files
944 -- Test: -size n[bckwMG]
945 True if the file uses N units of space, rounding up. The units
946 are 512-byte blocks by default, but they can be changed by adding a
947 one-character suffix to N:
950 512-byte blocks (never 1024)
956 kilobytes (1024 bytes)
962 Megabytes (units of 1048576 bytes)
965 Gigabytes (units of 1073741824 bytes)
967 The `b' suffix always considers blocks to be 512 bytes. This is
968 not affected by the setting (or non-setting) of the
969 `POSIXLY_CORRECT' environment variable. This behaviour is
970 different from the behaviour of the `-ls' action). If you want to
971 use 1024-byte units, use the `k' suffix instead.
973 The number can be prefixed with a `+' or a `-'. A plus sign
974 indicates that the test should succeed if the file uses at least N
975 units of storage (a common use of this test) and a minus sign
976 indicates that the test should succeed if the file uses less than
977 N units of storage. There is no `=' prefix, because that's the
980 The size does not count indirect blocks, but it does count blocks
981 in sparse files that are not actually allocated. In other words,
982 it's consistent with the result you get for `ls -l' or `wc -c'.
983 This handling of sparse files differs from the output of the `%k'
984 and `%b' format specifiers for the `-printf' predicate.
988 True if the file is empty and is either a regular file or a
989 directory. This might help determine good candidates for
990 deletion. This test is useful with `-depth' (*note Directories::)
991 and `-delete' (*note Single File::).
994 File: find.info, Node: Type, Next: Owner, Prev: Size, Up: Finding Files
1000 True if the file is of type C:
1003 block (buffered) special
1006 character (unbuffered) special
1018 symbolic link; if `-L' is in effect, this is true only for
1019 broken symbolic links. If you want to search for symbolic
1020 links when `-L' is in effect, use `-xtype' instead of `-type'.
1029 This test behaves the same as `-type' unless the file is a
1030 symbolic link. If the file is a symbolic link, the result is as
1031 follows (in the table below, `X' should be understood to represent
1032 any letter except `l'):
1035 True if the symbolic link is broken
1038 True if the (ultimate) target file is of type `X'.
1044 False unless the symbolic link is broken
1046 In other words, for symbolic links, `-xtype' checks the type of
1047 the file that `-type' does not check.
1049 The `-H' option also affects the behaviour of `-xtype'. When `-H'
1050 is in effect, `-xtype' behaves as if `-L' had been specified when
1051 examining files listed on the command line, and as if `-P' had
1052 been specified otherwise. If neither `-H' nor `-L' was specified,
1053 `-xtype' behaves as if `-P' had been specified.
1055 *Note Symbolic Links::, for more information on `-follow' and `-L'.
1058 File: find.info, Node: Owner, Next: Mode Bits, Prev: Type, Up: Finding Files
1063 -- Test: -user uname
1064 -- Test: -group gname
1065 True if the file is owned by user UNAME (belongs to group GNAME).
1066 A numeric ID is allowed.
1070 True if the file's numeric user ID (group ID) is N. These tests
1071 support ranges (`+N' and `-N'), unlike `-user' and `-group'.
1075 True if no user corresponds to the file's numeric user ID (no group
1076 corresponds to the numeric group ID). These cases usually mean
1077 that the files belonged to users who have since been removed from
1078 the system. You probably should change the ownership of such
1079 files to an existing user or group, using the `chown' or `chgrp'
1083 File: find.info, Node: Mode Bits, Next: Contents, Prev: Owner, Up: Finding Files
1088 *Note File Permissions::, for information on how file mode bits are
1089 structured and how to specify them.
1091 Four tests determine what users can do with files. These are
1092 `-readable', `-writable', `-executable' and `-perm'. The first three
1093 tests ask the operating system if the current user can perform the
1094 relevant operation on a file, while `-perm' just examines the file's
1095 mode. The file mode may give a misleading impression of what the user
1096 can actually do, because the file may have an access control list, or
1097 exist on a read-only filesystem, for example. Of these four tests
1098 though, only `-perm' is specified by the POSIX standard.
1100 The `-readable', `-writable' and `-executable' tests are implemented
1101 via the `access' system call. This is implemented within the operating
1102 system itself. If the file being considered is on an NFS filesystem,
1103 the remote system may allow or forbid read or write operations for
1104 reasons of which the NFS client cannot take account. This includes
1105 user-ID mapping, either in the general sense or the more restricted
1106 sense in which remote superusers are treated by the NFS server as if
1107 they are the local user `nobody' on the NFS server.
1109 None of the tests in this section should be used to verify that a
1110 user is authorised to perform any operation (on the file being tested or
1111 any other file) because of the possibility of a race condition. That
1112 is, the situation may change between the test and an action being taken
1113 on the basis of the result of that test.
1116 True if the file can be read by the invoking user.
1119 True if the file can be written by the invoking user. This is an
1120 in-principle check, and other things may prevent a successful write
1121 operation; for example, the filesystem might be full.
1123 -- Test: -executable
1124 True if the file can be executed/searched by the invoking user.
1126 -- Test: -perm pmode
1127 True if the file's mode bits match PMODE, which can be either a
1128 symbolic or numeric MODE (*note File Permissions::) optionally
1129 prefixed by `-' or `/'.
1131 A PMODE that starts with neither `-' nor `/' matches if MODE
1132 exactly matches the file mode bits. (To avoid confusion with an
1133 obsolete GNU extension, MODE must not start with a `+' immediately
1134 followed by an octal digit.)
1136 A PMODE that starts with `-' matches if _all_ the file mode bits
1137 set in MODE are set for the file; bits not set in MODE are ignored.
1139 A PMODE that starts with `/' matches if _any_ of the file mode
1140 bits set in MODE are set for the file; bits not set in MODE are
1141 ignored. This is a GNU extension.
1143 If you don't use the `/' or `-' form with a symbolic mode string,
1144 you may have to specify a rather complex mode string. For example
1145 `-perm g=w' will only match files that have mode 0020 (that is,
1146 ones for which group write permission is the only file mode bit
1147 set). It is more likely that you will want to use the `/' or `-'
1148 forms, for example `-perm -g=w', which matches any file with group
1152 Match files that have read and write permission for their
1153 owner, and group, but that the rest of the world can read but
1154 not write to. Do not match files that meet these criteria
1155 but have other file mode bits set (for example if someone can
1156 execute/search the file).
1159 Match files that have read and write permission for their
1160 owner, and group, but that the rest of the world can read but
1161 not write to, without regard to the presence of any extra
1162 file mode bits (for example the executable bit). This
1163 matches a file with mode 0777, for example.
1166 Match files that are writable by somebody (their owner, or
1167 their group, or anybody else).
1170 Match files that are writable by either their owner or their
1171 group. The files don't have to be writable by both the owner
1172 and group to be matched; either will do.
1181 Match files that are writable by both their owner and their
1184 `-perm -444 -perm /222 ! -perm /111'
1185 Match files that are readable for everybody, have at least one
1186 write bit set (i.e., somebody can write to them), but that
1187 cannot be executed/searched by anybody. Note that in some
1188 shells the `!' must be escaped;.
1190 `-perm -a+r -perm /a+w ! -perm /a+x'
1196 Warning: If you specify `-perm /000' or `-perm /mode' where
1197 the symbolic mode `mode' has no bits set, the test matches
1198 all files. Versions of GNU `find' prior to 4.3.3 matched no
1199 files in this situation.
1202 -- Test: -context pattern
1203 True if file's SELinux context matches the pattern PATTERN. The
1204 pattern uses shell glob matching.
1206 This predicate is supported only on `find' versions compiled with
1207 SELinux support and only when SELinux is enabled.
1210 File: find.info, Node: Contents, Next: Directories, Prev: Mode Bits, Up: Finding Files
1215 To search for files based on their contents, you can use the `grep'
1216 program. For example, to find out which C source files in the current
1217 directory contain the string `thing', you can do:
1219 grep -l thing *.[ch]
1221 If you also want to search for the string in files in subdirectories,
1222 you can combine `grep' with `find' and `xargs', like this:
1224 find . -name '*.[ch]' | xargs grep -l thing
1226 The `-l' option causes `grep' to print only the names of files that
1227 contain the string, rather than the lines that contain it. The string
1228 argument (`thing') is actually a regular expression, so it can contain
1229 metacharacters. This method can be refined a little by using the `-r'
1230 option to make `xargs' not run `grep' if `find' produces no output, and
1231 using the `find' action `-print0' and the `xargs' option `-0' to avoid
1232 misinterpreting files whose names contain spaces:
1234 find . -name '*.[ch]' -print0 | xargs -r -0 grep -l thing
1236 For a fuller treatment of finding files whose contents match a
1237 pattern, see the manual page for `grep'.
1240 File: find.info, Node: Directories, Next: Filesystems, Prev: Contents, Up: Finding Files
1245 Here is how to control which directories `find' searches, and how it
1246 searches them. These two options allow you to process a horizontal
1247 slice of a directory tree.
1249 -- Option: -maxdepth levels
1250 Descend at most LEVELS (a non-negative integer) levels of
1251 directories below the command line arguments. `-maxdepth 0' means
1252 only apply the tests and actions to the command line arguments.
1254 -- Option: -mindepth levels
1255 Do not apply any tests or actions at levels less than LEVELS (a
1256 non-negative integer). `-mindepth 1' means process all files
1257 except the command line arguments.
1260 Process each directory's contents before the directory itself.
1261 Doing this is a good idea when producing lists of files to archive
1262 with `cpio' or `tar'. If a directory does not have write
1263 permission for its owner, its contents can still be restored from
1264 the archive since the directory's permissions are restored after
1268 This is a deprecated synonym for `-depth', for compatibility with
1269 Mac OS X, FreeBSD and OpenBSD. The `-depth' option is a POSIX
1270 feature, so it is better to use that.
1273 If the file is a directory, do not descend into it. The result is
1274 true. For example, to skip the directory `src/emacs' and all
1275 files and directories under it, and print the names of the other
1278 find . -wholename './src/emacs' -prune -o -print
1280 The above command will not print `./src/emacs' among its list of
1281 results. This however is not due to the effect of the `-prune'
1282 action (which only prevents further descent, it doesn't make sure
1283 we ignore that item). Instead, this effect is due to the use of
1284 `-o'. Since the left hand side of the "or" condition has
1285 succeeded for `./src/emacs', it is not necessary to evaluate the
1286 right-hand-side (`-print') at all for this particular file. If
1287 you wanted to print that directory name you could use either an
1288 extra `-print' action:
1290 find . -wholename './src/emacs' -prune -print -o -print
1292 or use the comma operator:
1294 find . -wholename './src/emacs' -prune , -print
1296 If the `-depth' option is in effect, the subdirectories will have
1297 already been visited in any case. Hence `-prune' has no effect in
1300 Because `-delete' implies `-depth', using `-prune' in combination
1301 with `-delete' may well result in the deletion of more files than
1305 Exit immediately (with return value zero if no errors have
1306 occurred). This is different to `-prune' because `-prune' only
1307 applies to the contents of pruned directories, while `-quit'
1308 simply makes `find' stop immediately. No child processes will be
1309 left running, but no more files specified on the command line will
1310 be processed. For example, `find /tmp/foo /tmp/bar -print -quit'
1311 will print only `/tmp/foo'. Any command lines which have been
1312 built by `-exec ... \+' or `-execdir ... \+' are invoked before
1313 the program is exited.
1316 Do not optimize by assuming that directories contain 2 fewer
1317 subdirectories than their hard link count. This option is needed
1318 when searching filesystems that do not follow the Unix
1319 directory-link convention, such as CD-ROM or MS-DOS filesystems or
1320 AFS volume mount points. Each directory on a normal Unix
1321 filesystem has at least 2 hard links: its name and its `.' entry.
1322 Additionally, its subdirectories (if any) each have a `..' entry
1323 linked to that directory. When `find' is examining a directory,
1324 after it has statted 2 fewer subdirectories than the directory's
1325 link count, it knows that the rest of the entries in the directory
1326 are non-directories ("leaf" files in the directory tree). If only
1327 the files' names need to be examined, there is no need to stat
1328 them; this gives a significant increase in search speed.
1330 -- Option: -ignore_readdir_race
1331 If a file disappears after its name has been read from a directory
1332 but before `find' gets around to examining the file with `stat',
1333 don't issue an error message. If you don't specify this option, an
1334 error message will be issued. This option can be useful in system
1335 scripts (cron scripts, for example) that examine areas of the
1336 filesystem that change frequently (mail queues, temporary
1337 directories, and so forth), because this scenario is common for
1338 those sorts of directories. Completely silencing error messages
1339 from `find' is undesirable, so this option neatly solves the
1340 problem. There is no way to search one part of the filesystem
1341 with this option on and part of it with this option off, though.
1342 When this option is turned on and find discovers that one of the
1343 start-point files specified on the command line does not exist, no
1344 error message will be issued.
1347 -- Option: -noignore_readdir_race
1348 This option reverses the effect of the `-ignore_readdir_race'
1352 File: find.info, Node: Filesystems, Next: Combining Primaries With Operators, Prev: Directories, Up: Finding Files
1357 A "filesystem" is a section of a disk, either on the local host or
1358 mounted from a remote host over a network. Searching network
1359 filesystems can be slow, so it is common to make `find' avoid them.
1361 There are two ways to avoid searching certain filesystems. One way
1362 is to tell `find' to only search one filesystem:
1366 Don't descend directories on other filesystems. These options are
1369 The other way is to check the type of filesystem each file is on, and
1370 not descend directories that are on undesirable filesystem types:
1372 -- Test: -fstype type
1373 True if the file is on a filesystem of type TYPE. The valid
1374 filesystem types vary among different versions of Unix; an
1375 incomplete list of filesystem types that are accepted on some
1376 version of Unix or another is:
1377 ext2 ext3 proc sysfs ufs 4.2 4.3 nfs tmp mfs S51K S52K
1378 You can use `-printf' with the `%F' directive to see the types of
1379 your filesystems. The `%D' directive shows the device number.
1380 *Note Print File Information::. `-fstype' is usually used with
1381 `-prune' to avoid searching remote filesystems (*note
1385 File: find.info, Node: Combining Primaries With Operators, Prev: Filesystems, Up: Finding Files
1387 2.11 Combining Primaries With Operators
1388 =======================================
1390 Operators build a complex expression from tests and actions. The
1391 operators are, in order of decreasing precedence:
1394 Force precedence. True if EXPR is true.
1398 True if EXPR is false. In some shells, it is necessary to protect
1399 the `!' from shell interpretation by quoting it.
1404 And; EXPR2 is not evaluated if EXPR1 is false.
1408 Or; EXPR2 is not evaluated if EXPR1 is true.
1411 List; both EXPR1 and EXPR2 are always evaluated. True if EXPR2 is
1412 true. The value of EXPR1 is discarded. This operator lets you do
1413 multiple independent operations on one traversal, without
1414 depending on whether other operations succeeded. The two
1415 operations EXPR1 and EXPR2 are not always fully independent, since
1416 EXPR1 might have side effects like touching or deleting files, or
1417 it might use `-prune' which would also affect EXPR2.
1419 `find' searches the directory tree rooted at each file name by
1420 evaluating the expression from left to right, according to the rules of
1421 precedence, until the outcome is known (the left hand side is false for
1422 `-and', true for `-or'), at which point `find' moves on to the next
1425 There are two other tests that can be useful in complex expressions:
1434 File: find.info, Node: Actions, Next: Databases, Prev: Finding Files, Up: Top
1439 There are several ways you can print information about the files that
1440 match the criteria you gave in the `find' expression. You can print
1441 the information either to the standard output or to a file that you
1442 name. You can also execute commands that have the file names as
1443 arguments. You can use those commands as further filters to select
1449 * Print File Information::
1455 File: find.info, Node: Print File Name, Next: Print File Information, Up: Actions
1461 True; print the entire file name on the standard output, followed
1462 by a newline. If there is the faintest possibility that one of
1463 the files for which you are searching might contain a newline, you
1464 should use `-print0' instead.
1466 -- Action: -fprint file
1467 True; print the entire file name into file FILE, followed by a
1468 newline. If FILE does not exist when `find' is run, it is
1469 created; if it does exist, it is truncated to 0 bytes. The named
1470 output file is always created, even if no output is sent to it.
1471 The file names `/dev/stdout' and `/dev/stderr' are handled
1472 specially; they refer to the standard output and standard error
1473 output, respectively.
1475 If there is the faintest possibility that one of the files for
1476 which you are searching might contain a newline, you should use
1480 File: find.info, Node: Print File Information, Next: Run Commands, Prev: Print File Name, Up: Actions
1482 3.2 Print File Information
1483 ==========================
1486 True; list the current file in `ls -dils' format on the standard
1487 output. The output looks like this:
1489 204744 17 -rw-r--r-- 1 djm staff 17337 Nov 2 1992 ./lwall-quotes
1493 1. The inode number of the file. *Note Hard Links::, for how to
1494 find files based on their inode number.
1496 2. the number of blocks in the file. The block counts are of 1K
1497 blocks, unless the environment variable `POSIXLY_CORRECT' is
1498 set, in which case 512-byte blocks are used. *Note Size::,
1499 for how to find files based on their size.
1501 3. The file's type and file mode bits. The type is shown as a
1502 dash for a regular file; for other file types, a letter like
1503 for `-type' is used (*note Type::). The file mode bits are
1504 read, write, and execute/search for the file's owner, its
1505 group, and other users, respectively; a dash means the
1506 permission is not granted. *Note File Permissions::, for
1507 more details about file permissions. *Note Mode Bits::, for
1508 how to find files based on their file mode bits.
1510 4. The number of hard links to the file.
1512 5. The user who owns the file.
1514 6. The file's group.
1516 7. The file's size in bytes.
1518 8. The date the file was last modified.
1520 9. The file's name. `-ls' quotes non-printable characters in the
1521 file names using C-like backslash escapes. This may change
1522 soon, as the treatment of unprintable characters is
1523 harmonised for `-ls', `-fls', `-print', `-fprint', `-printf'
1526 -- Action: -fls file
1527 True; like `-ls' but write to FILE like `-fprint' (*note Print
1528 File Name::). The named output file is always created, even if no
1529 output is sent to it.
1531 -- Action: -printf format
1532 True; print FORMAT on the standard output, interpreting `\'
1533 escapes and `%' directives (more details in the following
1536 Field widths and precisions can be specified as with the `printf' C
1537 function. Format flags (like `#' for example) may not work as you
1538 expect because many of the fields, even numeric ones, are printed
1539 with %s. Numeric flags which are affected in this way include `G',
1540 `U', `b', `D', `k' and `n'. This difference in behaviour means
1541 though that the format flag `-' will work; it forces
1542 left-alignment of the field. Unlike `-print', `-printf' does not
1543 add a newline at the end of the string. If you want a newline at
1544 the end of the string, add a `\n'.
1546 As an example, an approximate equivalent of `-ls' with
1547 null-terminated filenames can be achieved with this `-printf'
1550 find -printf "%i %4k %M %3n %-8u %-8g %8s %T+ %p\n->%l\0" | cat
1552 A practical reason for doing this would be to get literal
1553 filenames in the output, instead of `-ls''s backslash-escaped
1554 names. (Using `cat' here prevents this happening for the `%p'
1555 format specifier; *note Unusual Characters in File Names::). This
1556 format also outputs a uniform timestamp format.
1558 As for symlinks, the format above outputs the symlink target on a
1559 second line, following `\n->'. There is nothing following the
1560 arrow for non-symlinks. Another approach, for complete
1561 consistency, would be to `-fprintf' the symlinks into a separate
1562 file, so they too can be null-terminated.
1564 -- Action: -fprintf file format
1565 True; like `-printf' but write to FILE like `-fprint' (*note Print
1566 File Name::). The output file is always created, even if no
1567 output is ever sent to it.
1572 * Format Directives::
1574 * Formatting Flags::
1577 File: find.info, Node: Escapes, Next: Format Directives, Up: Print File Information
1582 The escapes that `-printf' and `-fprintf' recognise are:
1591 Stop printing from this format immediately and flush the output.
1609 A literal backslash (`\').
1615 The character whose ASCII code is NNN (octal).
1617 A `\' character followed by any other character is treated as an
1618 ordinary character, so they both are printed, and a warning message is
1619 printed to the standard error output (because it was probably a typo).
1622 File: find.info, Node: Format Directives, Next: Time Formats, Prev: Escapes, Up: Print File Information
1624 3.2.2 Format Directives
1625 -----------------------
1627 `-printf' and `-fprintf' support the following format directives to
1628 print information about the file being processed. The C `printf'
1629 function, field width and precision specifiers are supported, as
1630 applied to string (%s) types. That is, you can specify "minimum field
1631 width"."maximum field width" for each directive. Format flags (like
1632 `#' for example) may not work as you expect because many of the fields,
1633 even numeric ones, are printed with %s. The format flag `-' does work;
1634 it forces left-alignment of the field.
1636 `%%' is a literal percent sign. *Note Reserved and Unknown
1637 Directives::, for a description of how format directives not mentioned
1640 A `%' at the end of the format argument causes undefined behaviour
1641 since there is no following character. In some locales, it may hide
1642 your door keys, while in others it may remove the final page from the
1643 novel you are reading.
1648 * Ownership Directives::
1650 * Location Directives::
1652 * Other Directives::
1653 * Reserved and Unknown Directives::
1656 File: find.info, Node: Name Directives, Next: Ownership Directives, Up: Format Directives
1658 3.2.2.1 Name Directives
1659 .......................
1662 File's name (not the absolute path name, but the name of the file
1663 as it was encountered by `find' - that is, as a relative path from
1664 one of the starting points).
1667 File's name with any leading directories removed (only the last
1671 Leading directories of file's name (all but the last element and
1672 the slash before it). If the file's name contains no slashes (for
1673 example because it was named on the command line and is in the
1674 current working directory), then "%h" expands to ".". This
1675 prevents "%h/%f" expanding to "/foo", which would be surprising
1676 and probably not desirable.
1679 File's name with the name of the command line argument under which
1680 it was found removed from the beginning.
1683 Command line argument under which file was found.
1686 File: find.info, Node: Ownership Directives, Next: Size Directives, Prev: Name Directives, Up: Format Directives
1688 3.2.2.2 Ownership Directives
1689 ............................
1692 File's group name, or numeric group ID if the group has no name.
1695 File's numeric group ID.
1698 File's user name, or numeric user ID if the user has no name.
1701 File's numeric user ID.
1704 File's mode bits (in octal). If you always want to have a leading
1705 zero on the number, use the '#' format flag, for example '%#m'.
1707 The file mode bit numbers used are the traditional Unix numbers,
1708 which will be as expected on most systems, but if your system's
1709 file mode bit layout differs from the traditional Unix semantics,
1710 you will see a difference between the mode as printed by `%m' and
1711 the mode as it appears in `struct stat'.
1714 File's type and mode bits (in symbolic form, as for `ls'). This
1715 directive is supported in findutils 4.2.5 and later.
1718 File: find.info, Node: Size Directives, Next: Location Directives, Prev: Ownership Directives, Up: Format Directives
1720 3.2.2.3 Size Directives
1721 .......................
1724 The amount of disk space used for this file in 1K blocks. Since
1725 disk space is allocated in multiples of the filesystem block size
1726 this is usually greater than %s/1024, but it can also be smaller
1727 if the file is a sparse file (that is, it has "holes").
1730 The amount of disk space used for this file in 512-byte blocks.
1731 Since disk space is allocated in multiples of the filesystem block
1732 size this is usually greater than %s/512, but it can also be
1733 smaller if the file is a sparse file (that is, it has "holes").
1736 File's size in bytes.
1739 File's sparseness. This is calculated as `(BLOCKSIZE*st_blocks /
1740 st_size)'. The exact value you will get for an ordinary file of a
1741 certain length is system-dependent. However, normally sparse files
1742 will have values less than 1.0, and files which use indirect blocks
1743 and have few holes may have a value which is greater than 1.0. The
1744 value used for BLOCKSIZE is system-dependent, but is usually 512
1745 bytes. If the file size is zero, the value printed is undefined.
1746 On systems which lack support for st_blocks, a file's sparseness is
1750 File: find.info, Node: Location Directives, Next: Time Directives, Prev: Size Directives, Up: Format Directives
1752 3.2.2.4 Location Directives
1753 ...........................
1756 File's depth in the directory tree (depth below a file named on the
1757 command line, not depth below the root directory). Files named on
1758 the command line have a depth of 0. Subdirectories immediately
1759 below them have a depth of 1, and so on.
1762 The device number on which the file exists (the `st_dev' field of
1763 `struct stat'), in decimal.
1766 Type of the filesystem the file is on; this value can be used for
1767 `-fstype' (*note Directories::).
1770 Object of symbolic link (empty string if file is not a symbolic
1774 File's inode number (in decimal).
1777 Number of hard links to file.
1780 Type of the file as used with `-type'. If the file is a symbolic
1781 link, `l' will be printed.
1784 Type of the file as used with `-type'. If the file is a symbolic
1785 link, it is dereferenced. If the file is a broken symbolic link,
1790 File: find.info, Node: Time Directives, Next: Other Directives, Prev: Location Directives, Up: Format Directives
1792 3.2.2.5 Time Directives
1793 .......................
1795 Some of these directives use the C `ctime' function. Its output
1796 depends on the current locale, but it typically looks like
1798 Wed Nov 2 00:42:36 1994
1801 File's last access time in the format returned by the C `ctime'
1805 File's last access time in the format specified by K (*note Time
1809 File's last status change time in the format returned by the C
1813 File's last status change time in the format specified by K (*note
1817 File's last modification time in the format returned by the C
1821 File's last modification time in the format specified by K (*note
1825 File: find.info, Node: Other Directives, Next: Reserved and Unknown Directives, Prev: Time Directives, Up: Format Directives
1827 3.2.2.6 Other Directives
1828 ........................
1831 File's SELinux context, or empty string if the file has no SELinux
1835 File: find.info, Node: Reserved and Unknown Directives, Prev: Other Directives, Up: Format Directives
1837 3.2.2.7 Reserved and Unknown Directives
1838 .......................................
1840 The `%(', `%{' and `%[' format directives, with or without field with
1841 and precision specifications, are reserved for future use. Don't use
1842 them and don't rely on current experiment to predict future behaviour.
1843 To print `(', simply use `(' rather than `%('. Likewise for `{' and
1846 Similarly, a `%' character followed by any other unrecognised
1847 character (i.e., not a known directive or `printf' field width and
1848 precision specifier), is discarded (but the unrecognised character is
1849 printed), and a warning message is printed to the standard error output
1850 (because it was probably a typo). Don't rely on this behaviour,
1851 because other directives may be added in the future.
1854 File: find.info, Node: Time Formats, Next: Formatting Flags, Prev: Format Directives, Up: Print File Information
1859 Below are the formats for the directives `%A', `%C', and `%T', which
1860 print the file's timestamps. Some of these formats might not be
1861 available on all systems, due to differences in the C `strftime'
1862 function between systems.
1868 * Combined Time Formats::
1871 File: find.info, Node: Time Components, Next: Date Components, Up: Time Formats
1873 3.2.3.1 Time Components
1874 .......................
1876 The following format directives print single components of the time.
1894 time zone (e.g., EDT), or nothing if no time zone is determinable
1900 second (00..61). There is a fractional part.
1903 seconds since Jan. 1, 1970, 00:00 GMT, with fractional part.
1905 The fractional part of the seconds field is of indeterminate length
1906 and precision. That is, the length of the fractional part of the
1907 seconds field will in general vary between findutils releases and
1908 between systems. This means that it is unwise to assume that field has
1909 any specific length. The length of this field is not usually a guide
1910 to the precision of timestamps in the underlying file system.
1913 File: find.info, Node: Date Components, Next: Combined Time Formats, Prev: Time Components, Up: Time Formats
1915 3.2.3.2 Date Components
1916 .......................
1918 The following format directives print single components of the date.
1921 locale's abbreviated weekday name (Sun..Sat)
1924 locale's full weekday name, variable length (Sunday..Saturday)
1928 locale's abbreviated month name (Jan..Dec)
1931 locale's full month name, variable length (January..December)
1937 day of month (01..31)
1943 day of year (001..366)
1946 week number of year with Sunday as first day of week (00..53)
1949 week number of year with Monday as first day of week (00..53)
1955 last two digits of year (00..99)
1958 File: find.info, Node: Combined Time Formats, Prev: Date Components, Up: Time Formats
1960 3.2.3.3 Combined Time Formats
1961 .............................
1963 The following format directives print combinations of time and date
1967 time, 12-hour (hh:mm:ss [AP]M)
1970 time, 24-hour (hh:mm:ss)
1973 locale's time representation (H:M:S)
1976 locale's date and time in ctime format (Sat Nov 04 12:02:33 EST
1977 1989). This format does not include any fractional part in the
1984 locale's date representation (mm/dd/yy)
1987 Date and time, separated by '+', for example
1988 `2004-04-28+22:22:05.0000000000'. The time is given in the
1989 current timezone (which may be affected by setting the TZ
1990 environment variable). This is a GNU extension. The seconds
1991 field includes a fractional part.
1994 File: find.info, Node: Formatting Flags, Prev: Time Formats, Up: Print File Information
1996 3.2.4 Formatting Flags
1997 ----------------------
1999 The `%m' and `%d' directives support the `#', `0' and `+' flags, but
2000 the other directives do not, even if they print numbers. Numeric
2001 directives that do not support these flags include
2003 `G', `U', `b', `D', `k' and `n'.
2005 All fields support the format flag `-', which makes fields
2006 left-aligned. That is, if the field width is greater than the actual
2007 contents of the field, the requisite number of spaces are printed after
2008 the field content instead of before it.
2011 File: find.info, Node: Run Commands, Next: Delete Files, Prev: Print File Information, Up: Actions
2016 You can use the list of file names created by `find' or `locate' as
2017 arguments to other commands. In this way you can perform arbitrary
2018 actions on the files.
2027 File: find.info, Node: Single File, Next: Multiple Files, Up: Run Commands
2032 Here is how to run a command on one file at a time.
2034 -- Action: -execdir command ;
2035 Execute COMMAND; true if COMMAND returns zero. `find' takes all
2036 arguments after `-execdir' to be part of the command until an
2037 argument consisting of `;' is reached. It replaces the string
2038 `{}' by the current file name being processed everywhere it occurs
2039 in the command. Both of these constructions need to be escaped
2040 (with a `\') or quoted to protect them from expansion by the
2041 shell. The command is executed in the directory which `find' was
2042 searching at the time the action was executed (that is, {} will
2043 expand to a file in the local directory).
2045 For example, to compare each C header file in or below the current
2046 directory with the file `/tmp/master':
2048 find . -name '*.h' -execdir diff -u '{}' /tmp/master ';'
2050 If you use `-execdir', you must ensure that the `$PATH' variable
2051 contains only absolute directory names. Having an empty element in
2052 `$PATH' or explicitly including `.' (or any other non-absolute name) is
2053 insecure. GNU find will refuse to run if you use `-execdir' and it
2054 thinks your `$PATH' setting is insecure. For example:
2057 Insecure; empty path element (at the end)
2059 `:/bin:/usr/bin:/usr/local/bin'
2060 Insecure; empty path element (at the start)
2062 `/bin:/usr/bin::/usr/local/bin'
2063 Insecure; empty path element (two colons in a row)
2065 `/bin:/usr/bin:.:/usr/local/bin'
2066 Insecure; `.' is a path element (`.' is not an absolute file name)
2068 `/bin:/usr/bin:sbin:/usr/local/bin'
2069 Insecure; `sbin' is not an absolute file name
2071 `/bin:/usr/bin:/sbin:/usr/local/bin'
2072 Secure (if you control the contents of those directories and any
2075 Another similar option, `-exec' is supported, but is less secure.
2076 *Note Security Considerations::, for a discussion of the security
2077 problems surrounding `-exec'.
2079 -- Action: -exec command ;
2080 This insecure variant of the `-execdir' action is specified by
2081 POSIX. Like `-execdir command ;' it is true if zero is returned
2082 by COMMAND. The main difference is that the command is executed in
2083 the directory from which `find' was invoked, meaning that `{}' is
2084 expanded to a relative path starting with the name of one of the
2085 starting directories, rather than just the basename of the matched
2088 While some implementations of `find' replace the `{}' only where
2089 it appears on its own in an argument, GNU `find' replaces `{}'
2090 wherever it appears.
2093 File: find.info, Node: Multiple Files, Next: Querying, Prev: Single File, Up: Run Commands
2095 3.3.2 Multiple Files
2096 --------------------
2098 Sometimes you need to process files one at a time. But usually this is
2099 not necessary, and, it is faster to run a command on as many files as
2100 possible at a time, rather than once per file. Doing this saves on the
2101 time it takes to start up the command each time.
2103 The `-execdir' and `-exec' actions have variants that build command
2104 lines containing as many matched files as possible.
2106 -- Action: -execdir command {} +
2107 This works as for `-execdir command ;', except that the result is
2108 always true, and the `{}' at the end of the command is expanded to
2109 a list of names of matching files. This expansion is done in such
2110 a way as to avoid exceeding the maximum command line length
2111 available on the system. Only one `{}' is allowed within the
2112 command, and it must appear at the end, immediately before the
2113 `+'. A `+' appearing in any position other than immediately after
2114 `{}' is not considered to be special (that is, it does not
2115 terminate the command).
2117 -- Action: -exec command {} +
2118 This insecure variant of the `-execdir' action is specified by
2119 POSIX. The main difference is that the command is executed in the
2120 directory from which `find' was invoked, meaning that `{}' is
2121 expanded to a relative path starting with the name of one of the
2122 starting directories, rather than just the basename of the matched
2123 file. The result is always true.
2125 Before `find' exits, any partially-built command lines are executed.
2126 This happens even if the exit was caused by the `-quit' action.
2127 However, some types of error (for example not being able to invoke
2128 `stat()' on the current directory) can cause an immediate fatal exit.
2129 In this situation, any partially-built command lines will not be
2130 invoked (this prevents possible infinite loops).
2132 At first sight, it looks like the list of filenames to be processed
2133 can only be at the end of the command line, and that this might be a
2134 problem for some commands (`cp' and `rsync' for example).
2136 However, there is a slightly obscure but powerful workaround for this
2137 problem which takes advantage of the behaviour of `sh -c':
2139 find startpoint -tests ... -exec sh -c 'scp "$@" remote:/dest' sh {} +
2141 In the example above, the filenames we want to work on need to occur
2142 on the `scp' command line before the name of the destination. We use
2143 the shell to invoke the command `scp "$@" remote:/dest' and the shell
2144 expands `"$@"' to the list of filenames we want to process.
2146 Another, but less secure, way to run a command on more than one file
2147 at once, is to use the `xargs' command, which is invoked like this:
2149 xargs [OPTION...] [COMMAND [INITIAL-ARGUMENTS]]
2151 `xargs' normally reads arguments from the standard input. These
2152 arguments are delimited by blanks (which can be protected with double
2153 or single quotes or a backslash) or newlines. It executes the COMMAND
2154 (the default is `echo') one or more times with any INITIAL-ARGUMENTS
2155 followed by arguments read from standard input. Blank lines on the
2156 standard input are ignored. If the `-L' option is in use, trailing
2157 blanks indicate that `xargs' should consider the following line to be
2160 Instead of blank-delimited names, it is safer to use `find -print0'
2161 or `find -fprint0' and process the output by giving the `-0' or
2162 `--null' option to GNU `xargs', GNU `tar', GNU `cpio', or `perl'. The
2163 `locate' command also has a `-0' or `--null' option which does the same
2166 You can use shell command substitution (backquotes) to process a list
2167 of arguments, like this:
2169 grep -l sprintf `find $HOME -name '*.c' -print`
2171 However, that method produces an error if the length of the `.c'
2172 file names exceeds the operating system's command line length limit.
2173 `xargs' avoids that problem by running the command as many times as
2174 necessary without exceeding the limit:
2176 find $HOME -name '*.c' -print | xargs grep -l sprintf
2178 However, if the command needs to have its standard input be a
2179 terminal (`less', for example), you have to use the shell command
2180 substitution method or use the `--arg-file' option of `xargs'.
2182 The `xargs' command will process all its input, building command
2183 lines and executing them, unless one of the commands exits with a
2184 status of 255 (this will cause xargs to issue an error message and
2185 stop) or it reads a line contains the end of file string specified with
2190 * Unsafe File Name Handling::
2191 * Safe File Name Handling::
2192 * Unusual Characters in File Names::
2193 * Limiting Command Size::
2194 * Controlling Parallelism::
2195 * Interspersing File Names::
2198 File: find.info, Node: Unsafe File Name Handling, Next: Safe File Name Handling, Up: Multiple Files
2200 3.3.2.1 Unsafe File Name Handling
2201 .................................
2203 Because file names can contain quotes, backslashes, blank characters,
2204 and even newlines, it is not safe to process them using `xargs' in its
2205 default mode of operation. But since most files' names do not contain
2206 blanks, this problem occurs only infrequently. If you are only
2207 searching through files that you know have safe names, then you need
2208 not be concerned about it.
2210 Error messages issued by `find' and `locate' quote unusual
2211 characters in file names in order to prevent unwanted changes in the
2214 In many applications, if `xargs' botches processing a file because
2215 its name contains special characters, some data might be lost. The
2216 importance of this problem depends on the importance of the data and
2217 whether anyone notices the loss soon enough to correct it. However,
2218 here is an extreme example of the problems that using blank-delimited
2219 names can cause. If the following command is run daily from `cron',
2220 then any user can remove any file on the system:
2222 find / -name '#*' -atime +7 -print | xargs rm
2224 For example, you could do something like this:
2229 and then `cron' would delete `/vmunix', if it ran `xargs' with `/' as
2230 its current directory.
2232 To delete other files, for example `/u/joeuser/.plan', you could do
2239 eg$ mkdir u u/joeuser u/joeuser/.plan'
2241 eg$ echo > u/joeuser/.plan'
2244 eg$ find . -name '#*' -print | xargs echo
2245 ./# ./# /u/joeuser/.plan /#foo
2248 File: find.info, Node: Safe File Name Handling, Next: Unusual Characters in File Names, Prev: Unsafe File Name Handling, Up: Multiple Files
2250 3.3.2.2 Safe File Name Handling
2251 ...............................
2253 Here is how to make `find' output file names so that they can be used
2254 by other programs without being mangled or misinterpreted. You can
2255 process file names generated this way by giving the `-0' or `--null'
2256 option to GNU `xargs', GNU `tar', GNU `cpio', or `perl'.
2259 True; print the entire file name on the standard output, followed
2260 by a null character.
2262 -- Action: -fprint0 file
2263 True; like `-print0' but write to FILE like `-fprint' (*note Print
2264 File Name::). The output file is always created.
2266 As of findutils version 4.2.4, the `locate' program also has a
2267 `--null' option which does the same thing. For similarity with
2268 `xargs', the short form of the option `-0' can also be used.
2270 If you want to be able to handle file names safely but need to run
2271 commands which want to be connected to a terminal on their input, you
2272 can use the `--arg-file' option to `xargs' like this:
2274 find / -name xyzzy -print0 > list
2275 xargs --null --arg-file=list munge
2277 The example above runs the `munge' program on all the files named
2278 `xyzzy' that we can find, but `munge''s input will still be the
2279 terminal (or whatever the shell was using as standard input). If your
2280 shell has the "process substitution" feature `<(...)', you can do this
2283 xargs --null --arg-file=<(find / -name xyzzy -print0) munge
2286 File: find.info, Node: Unusual Characters in File Names, Next: Limiting Command Size, Prev: Safe File Name Handling, Up: Multiple Files
2288 3.3.2.3 Unusual Characters in File Names
2289 ........................................
2291 As discussed above, you often need to be careful about how the names of
2292 files are handled by `find' and other programs. If the output of
2293 `find' is not going to another program but instead is being shown on a
2294 terminal, this can still be a problem. For example, some character
2295 sequences can reprogram the function keys on some terminals. *Note
2296 Security Considerations::, for a discussion of other security problems
2299 Unusual characters are handled differently by various actions, as
2304 Always print the exact file name, unchanged, even if the output is
2305 going to a terminal.
2309 Always print the exact file name, unchanged. This will probably
2310 change in a future release.
2314 Unusual characters are always escaped. White space, backslash, and
2315 double quote characters are printed using C-style escaping (for
2316 example `\f', `\"'). Other unusual characters are printed using
2317 an octal escape. Other printable characters (for `-ls' and `-fls'
2318 these are the characters between octal 041 and 0176) are printed
2323 If the output is not going to a terminal, it is printed as-is.
2324 Otherwise, the result depends on which directive is in use:
2327 These expand to values which are not under control of files'
2328 owners, and so are printed as-is.
2330 %a, %b, %c, %d, %g, %G, %i, %k, %m, %M, %n, %s, %t, %u, %U
2331 These have values which are under the control of files'
2332 owners but which cannot be used to send arbitrary data to the
2333 terminal, and so these are printed as-is.
2336 The output of these directives is quoted if the output is
2337 going to a terminal. The setting of the `LC_CTYPE'
2338 environment variable is used to determine which characters
2341 This quoting is performed in the same way as for GNU `ls'.
2342 This is not the same quoting mechanism as the one used for
2343 `-ls' and `fls'. If you are able to decide what format to
2344 use for the output of `find' then it is normally better to
2345 use `\0' as a terminator than to use newline, as file names
2346 can contain white space and newline characters.
2350 Quoting is handled in the same way as for the `%p' directive of
2351 `-printf' and `-fprintf'. If you are using `find' in a script or
2352 in a situation where the matched files might have arbitrary names,
2353 you should consider using `-print0' instead of `-print'.
2355 The `locate' program quotes and escapes unusual characters in file
2356 names in the same way as `find''s `-print' action.
2358 The behaviours described above may change soon, as the treatment of
2359 unprintable characters is harmonised for `-ls', `-fls', `-print',
2360 `-fprint', `-printf' and `-fprintf'.
2363 File: find.info, Node: Limiting Command Size, Next: Controlling Parallelism, Prev: Unusual Characters in File Names, Up: Multiple Files
2365 3.3.2.4 Limiting Command Size
2366 .............................
2368 `xargs' gives you control over how many arguments it passes to the
2369 command each time it executes it. By default, it uses up to `ARG_MAX'
2370 - 2k, or 128k, whichever is smaller, characters per command. It uses
2371 as many lines and arguments as fit within that limit. The following
2372 options modify those values.
2376 If the standard input does not contain any nonblanks, do not run
2377 the command. By default, the command is run once even if there is
2378 no input. This option is a GNU extension.
2380 `--max-lines[=MAX-LINES]'
2383 Use at most MAX-LINES nonblank input lines per command line;
2384 MAX-LINES defaults to 1 if omitted; omitting the argument is not
2385 allowed in the case of the `-L' option. Trailing blanks cause an
2386 input line to be logically continued on the next input line, for
2387 the purpose of counting the lines. Implies `-x'. The preferred
2388 name for this option is `-L' as this is specified by POSIX.
2390 `--max-args=MAX-ARGS'
2392 Use at most MAX-ARGS arguments per command line. Fewer than
2393 MAX-ARGS arguments will be used if the size (see the `-s' option)
2394 is exceeded, unless the `-x' option is given, in which case
2397 `--max-chars=MAX-CHARS'
2399 Use at most MAX-CHARS characters per command line, including the
2400 command initial arguments and the terminating nulls at the ends of
2401 the argument strings. If you specify a value for this option
2402 which is too large or small, a warning message is printed and the
2403 appropriate upper or lower limit is used instead. You can use
2404 `--show-limits' option to understand the command-line limits
2405 applying to `xargs' and how this is affected by any other options.
2406 The POSIX limits shown when you do this have already been adjusted
2407 to take into account the size of your environment variables.
2409 The largest allowed value is system-dependent, and is calculated as
2410 the argument length limit for exec, less the size of your
2411 environment, less 2048 bytes of headroom. If this value is more
2412 than 128KiB, 128Kib is used as the default value; otherwise, the
2413 default value is the maximum.
2416 File: find.info, Node: Controlling Parallelism, Next: Interspersing File Names, Prev: Limiting Command Size, Up: Multiple Files
2418 3.3.2.5 Controlling Parallelism
2419 ...............................
2421 Normally, `xargs' runs one command at a time. This is called "serial"
2422 execution; the commands happen in a series, one after another. If
2423 you'd like `xargs' to do things in "parallel", you can ask it to do so,
2424 either when you invoke it, or later while it is running. Running
2425 several commands at one time can make the entire operation go more
2426 quickly, if the commands are independent, and if your system has enough
2427 resources to handle the load. When parallelism works in your
2428 application, `xargs' provides an easy way to get your work done faster.
2430 `--max-procs=MAX-PROCS'
2432 Run up to MAX-PROCS processes at a time; the default is 1. If
2433 MAX-PROCS is 0, `xargs' will run as many processes as possible at
2434 a time. Use the `-n', `-s', or `-L' option with `-P'; otherwise
2435 chances are that the command will be run only once.
2437 For example, suppose you have a directory tree of large image files
2438 and a `makeallsizes' script that takes a single file name and creates
2439 various sized images from it (thumbnail-sized, web-page-sized,
2440 printer-sized, and the original large file). The script is doing enough
2441 work that it takes significant time to run, even on a single image.
2444 find originals -name '*.jpg' | xargs -1 makeallsizes
2446 This will run `makeallsizes FILENAME' once for each `.jpg' file in
2447 the `originals' directory. However, if your system has two central
2448 processors, this script will only keep one of them busy. Instead, you
2449 could probably finish in about half the time by running:
2451 find originals -name '*.jpg' | xargs -1 -P 2 makeallsizes
2453 `xargs' will run the first two commands in parallel, and then
2454 whenever one of them terminates, it will start another one, until the
2457 The same idea can be generalized to as many processors as you have
2458 handy. It also generalizes to other resources besides processors. For
2459 example, if `xargs' is running commands that are waiting for a response
2460 from a distant network connection, running a few in parallel may reduce
2461 the overall latency by overlapping their waiting time.
2463 If you are running commands in parallel, you need to think about how
2464 they should arbitrate access to any resources that they share. For
2465 example, if more than one of them tries to print to stdout, the ouptut
2466 will be produced in an indeterminate order (and very likely mixed up)
2467 unless the processes collaborate in some way to prevent this. Using
2468 some kind of locking scheme is one way to prevent such problems. In
2469 general, using a locking scheme will help ensure correct output but
2470 reduce performance. If you don't want to tolerate the performance
2471 difference, simply arrange for each process to produce a separate output
2472 file (or otherwise use separate resources).
2474 `xargs' also allows you to "turn up" or "turn down" its parallelism
2475 in the middle of a run. Suppose you are keeping your four-processor
2476 system busy for hours, processing thousands of images using `-P 4'.
2477 Now, in the middle of the run, you or someone else wants you to reduce
2478 your load on the system, so that something else will run faster. If
2479 you interrupt `xargs', your job will be half-done, and it may take
2480 significant manual work to resume it only for the remaining images. If
2481 you suspend `xargs' using your shell's job controls (e.g. `control-Z'),
2482 then it will get no work done while suspended.
2484 Find out the process ID of the `xargs' process, either from your
2485 shell or with the `ps' command. After you send it the signal
2486 `SIGUSR2', `xargs' will run one fewer command in parallel. If you send
2487 it the signal `SIGUSR1', it will run one more command in parallel. For
2490 shell$ xargs <allimages -1 -P 4 makeallsizes &
2492 ... at some later point ...
2493 shell$ kill -USR2 27643
2494 shell$ kill -USR2 %4
2496 The first `kill' command will cause `xargs' to wait for two commands
2497 to terminate before starting the next command (reducing the parallelism
2498 from 4 to 3). The second `kill' will reduce it from 3 to 2. (`%4'
2499 works in some shells as a shorthand for the process ID of the
2500 background job labeled `[4]'.)
2502 Similarly, if you started a long `xargs' job without parallelism, you
2503 can easily switch it to start running two commands in parallel by
2504 sending it a `SIGUSR1'.
2506 `xargs' will never terminate any existing commands when you ask it
2507 to run fewer processes. It merely waits for the excess commands to
2508 finish. If you ask it to run more commands, it will start the next one
2509 immediately (if it has more work to do).
2511 If you send several identical signals quickly, the operating system
2512 does not guarantee that each of them will be delivered to `xargs'.
2513 This means that you can't rapidly increase or decrease the parallelism
2514 by more than one command at a time. You can avoid this problem by
2515 sending a signal, observing the result, then sending the next one; or
2516 merely by delaying for a few seconds between signals (unless your
2517 system is very heavily loaded).
2519 Whether or not parallel execution will work well for you depends on
2520 the nature of the commmand you are running in parallel, on the
2521 configuration of the system on which you are running the command, and
2522 on the other work being done on the system at the time.
2525 File: find.info, Node: Interspersing File Names, Prev: Controlling Parallelism, Up: Multiple Files
2527 3.3.2.6 Interspersing File Names
2528 ................................
2530 `xargs' can insert the name of the file it is processing between
2531 arguments you give for the command. Unless you also give options to
2532 limit the command size (*note Limiting Command Size::), this mode of
2533 operation is equivalent to `find -exec' (*note Single File::).
2535 `--replace[=REPLACE-STR]'
2538 Replace occurrences of REPLACE-STR in the initial arguments with
2539 names read from the input. Also, unquoted blanks do not terminate
2540 arguments; instead, the input is split at newlines only. For the
2541 `-i' option, if REPLACE-STR is omitted for `--replace' or `-i', it
2542 defaults to `{}' (like for `find -exec'). Implies `-x' and `-l
2543 1'. `-i' is deprecated in favour of `-I'. As an example, to sort
2544 each file in the `bills' directory, leaving the output in that
2545 file name with `.sorted' appended, you could do:
2547 find bills -type f | xargs -I XX sort -o XX.sorted XX
2549 The equivalent command using `find -execdir' is:
2551 find bills -type f -execdir sort -o '{}.sorted' '{}' ';'
2553 When you use the `-I' option, each line read from the input is
2554 buffered internally. This means that there is an upper limit on the
2555 length of input line that `xargs' will accept when used with the `-I'
2556 option. To work around this limitation, you can use the `-s' option to
2557 increase the amount of buffer space that xargs uses, and you can also
2558 use an extra invocation of xargs to ensure that very long lines do not
2561 somecommand | xargs -s 50000 echo | xargs -I '{}' -s 100000 rm '{}'
2563 Here, the first invocation of `xargs' has no input line length limit
2564 because it doesn't use the `-I' option. The second invocation of
2565 `xargs' does have such a limit, but we have ensured that it never
2566 encounters a line which is longer than it can handle.
2568 This is not an ideal solution. Instead, the `-I' option should not
2569 impose a line length limit (apart from any limit imposed by the
2570 operating system) and so one might consider this limitation to be a
2571 bug. A better solution would be to allow `xargs -I' to automatically
2572 move to a larger value for the `-s' option when this is needed.
2574 This sort of problem doesn't occur with the output of `find' because
2575 it emits just one filename per line.
2578 File: find.info, Node: Querying, Prev: Multiple Files, Up: Run Commands
2583 To ask the user whether to execute a command on a single file, you can
2584 use the `find' primary `-okdir' instead of `-execdir', and the `find'
2585 primary `-ok' instead of `-exec':
2587 -- Action: -okdir command ;
2588 Like `-execdir' (*note Single File::), but ask the user first. If
2589 the user does not agree to run the command, just return false.
2590 Otherwise, run it, with standard input redirected from
2593 The response to the prompt is matched against a pair of regular
2594 expressions to determine if it is a yes or no response. These
2595 regular expressions are obtained from the system (`nl_langinfo'
2596 items YESEXPR and NOEXPR are used) if the `POSIXLY_CORRECT'
2597 environment variable is set and the system has such patterns
2598 available. Otherwise, `find''s message translations are used. In
2599 either case, the `LC_MESSAGES' environment variable will determine
2600 the regular expressions used to determine if the answer is
2601 affirmative or negative. The interpretation of the regular
2602 expressions themselves will be affected by the environment
2603 variables `LC_CTYPE' (character classes) and `LC_COLLATE'
2604 (character ranges and equivalence classes).
2606 -- Action: -ok command ;
2607 This insecure variant of the `-okdir' action is specified by
2608 POSIX. The main difference is that the command is executed in the
2609 directory from which `find' was invoked, meaning that `{}' is
2610 expanded to a relative path starting with the name of one of the
2611 starting directories, rather than just the basename of the matched
2612 file. If the command is run, its standard input is redirected from
2615 When processing multiple files with a single command, to query the
2616 user you give `xargs' the following option. When using this option,
2617 you might find it useful to control the number of files processed per
2618 invocation of the command (*note Limiting Command Size::).
2622 Prompt the user about whether to run each command line and read a
2623 line from the terminal. Only run the command line if the response
2624 starts with `y' or `Y'. Implies `-t'.
2627 File: find.info, Node: Delete Files, Next: Adding Tests, Prev: Run Commands, Up: Actions
2633 Delete files or directories; true if removal succeeded. If the
2634 removal failed, an error message is issued.
2636 The use of the `-delete' action on the command line automatically
2637 turns on the `-depth' option (*note find Expressions::). This can
2638 be surprising if you were previously just testing with `-print',
2639 so it is usually best to remember to use `-depth' explicitly.
2641 If `-delete' fails, `find''s exit status will be nonzero (when it
2645 File: find.info, Node: Adding Tests, Prev: Delete Files, Up: Actions
2650 You can test for file attributes that none of the `find' builtin tests
2651 check. To do this, use `xargs' to run a program that filters a list of
2652 files printed by `find'. If possible, use `find' builtin tests to pare
2653 down the list, so the program run by `xargs' has less work to do. The
2654 tests builtin to `find' will likely run faster than tests that other
2657 For reasons of efficiency it is often useful to limit the number of
2658 times an external program has to be run. For this reason, it is often
2659 a good idea to implement "extended" tests by using `xargs'.
2661 For example, here is a way to print the names of all of the
2662 unstripped binaries in the `/usr/local' directory tree. Builtin tests
2663 avoid running `file' on files that are not regular files or are not
2666 find /usr/local -type f -perm /a=x | xargs file |
2667 grep 'not stripped' | cut -d: -f1
2669 The `cut' program removes everything after the file name from the
2672 However, using `xargs' can present important security problems
2673 (*note Security Considerations::). These can be avoided by using
2674 `-execdir'. The `-execdir' action is also a useful way of putting your
2675 own test in the middle of a set of other tests or actions for `find'
2676 (for example, you might want to use `-prune').
2678 To place a special test somewhere in the middle of a `find'
2679 expression, you can use `-execdir' (or, less securely, `-exec') to run
2680 a program that performs the test. Because `-execdir' evaluates to the
2681 exit status of the executed program, you can use a program (which can
2682 be a shell script) that tests for a special attribute and make it exit
2683 with a true (zero) or false (non-zero) status. It is a good idea to
2684 place such a special test _after_ the builtin tests, because it starts
2685 a new process which could be avoided if a builtin test evaluates to
2688 Here is a shell script called `unstripped' that checks whether its
2689 argument is an unstripped binary file:
2692 file "$1" | grep -q "not stripped"
2694 This script relies on the shell exiting with the status of the last
2695 command in the pipeline, in this case `grep'. The `grep' command exits
2696 with a true status if it found any matches, false if not. Here is an
2697 example of using the script (assuming it is in your search path). It
2698 lists the stripped executables (and shell scripts) in the file `sbins'
2699 and the unstripped ones in `ubins'.
2701 find /usr/local -type f -perm /a=x \
2702 \( -execdir unstripped '{}' \; -fprint ubins -o -fprint sbins \)
2705 File: find.info, Node: Databases, Next: File Permissions, Prev: Actions, Up: Top
2707 4 File Name Databases
2708 *********************
2710 The file name databases used by `locate' contain lists of files that
2711 were in particular directory trees when the databases were last
2712 updated. The file name of the default database is determined when
2713 `locate' and `updatedb' are configured and installed. The frequency
2714 with which the databases are updated and the directories for which they
2715 contain entries depend on how often `updatedb' is run, and with which
2718 You can obtain some statistics about the databases by using `locate
2723 * Database Locations::
2724 * Database Formats::
2725 * Newline Handling::
2728 File: find.info, Node: Database Locations, Next: Database Formats, Up: Databases
2730 4.1 Database Locations
2731 ======================
2733 There can be multiple file name databases. Users can select which
2734 databases `locate' searches using the `LOCATE_PATH' environment
2735 variable or a command line option. The system administrator can choose
2736 the file name of the default database, the frequency with which the
2737 databases are updated, and the directories for which they contain
2738 entries. File name databases are updated by running the `updatedb'
2739 program, typically nightly.
2741 In networked environments, it often makes sense to build a database
2742 at the root of each filesystem, containing the entries for that
2743 filesystem. `updatedb' is then run for each filesystem on the
2744 fileserver where that filesystem is on a local disk, to prevent
2745 thrashing the network.
2747 *Note Invoking updatedb::, for the description of the options to
2748 `updatedb'. These options can be used to specify which directories are
2749 indexed by each database file.
2751 The default location for the locate database depends on how findutils
2752 is built, but the findutils installation accompanying this manual uses
2753 the default location `/usr/local/var/locatedb'.
2755 If no database exists at `/usr/local/var/locatedb' but the user did
2756 not specify where to look (by using `-d' or setting `LOCATE_PATH'),
2757 then `locate' will also check for a "secure" database in
2758 `/var/lib/slocate/slocate.db'.
2761 File: find.info, Node: Database Formats, Next: Newline Handling, Prev: Database Locations, Up: Databases
2763 4.2 Database Formats
2764 ====================
2766 The file name databases contain lists of files that were in particular
2767 directory trees when the databases were last updated. The file name
2768 database format changed starting with GNU `locate' version 4.0 to allow
2769 machines with different byte orderings to share the databases.
2771 GNU `locate' can read both the old and new database formats.
2772 However, old versions of `locate' (on other Unix systems, or GNU
2773 `locate' before version 4.0) produce incorrect results if run against a
2774 database in something other than the old format.
2776 Support for the old database format will eventually be discontinued,
2777 first in `updatedb' and later in `locate'.
2779 If you run `locate --statistics', the resulting summary indicates
2780 the type of each `locate' database. You select which database format
2781 `updatedb' will use with the `--dbformat' option.
2785 * LOCATE02 Database Format::
2786 * Sample LOCATE02 Database::
2787 * slocate Database Format::
2788 * Old Database Format::
2791 File: find.info, Node: LOCATE02 Database Format, Next: Sample LOCATE02 Database, Up: Database Formats
2793 4.2.1 LOCATE02 Database Format
2794 ------------------------------
2796 `updatedb' runs a program called `frcode' to "front-compress" the list
2797 of file names, which reduces the database size by a factor of 4 to 5.
2798 Front-compression (also known as incremental encoding) works as follows.
2800 The database entries are a sorted list (case-insensitively, for
2801 users' convenience). Since the list is sorted, each entry is likely to
2802 share a prefix (initial string) with the previous entry. Each database
2803 entry begins with an offset-differential count byte, which is the
2804 additional number of characters of prefix of the preceding entry to use
2805 beyond the number that the preceding entry is using of its predecessor.
2806 (The counts can be negative.) Following the count is a null-terminated
2807 ASCII remainder - the part of the name that follows the shared prefix.
2809 If the offset-differential count is larger than can be stored in a
2810 byte (+/-127), the byte has the value 0x80 and the count follows in a
2811 2-byte word, with the high byte first (network byte order).
2813 Every database begins with a dummy entry for a file called
2814 `LOCATE02', which `locate' checks for to ensure that the database file
2815 has the correct format; it ignores the entry in doing the search.
2817 Databases cannot be concatenated together, even if the first (dummy)
2818 entry is trimmed from all but the first database. This is because the
2819 offset-differential count in the first entry of the second and
2820 following databases will be wrong.
2822 In the output of `locate --statistics', the new database format is
2823 referred to as `LOCATE02'.
2826 File: find.info, Node: Sample LOCATE02 Database, Next: slocate Database Format, Prev: LOCATE02 Database Format, Up: Database Formats
2828 4.2.2 Sample LOCATE02 Database
2829 ------------------------------
2831 Sample input to `frcode':
2834 /usr/src/cmd/aardvark.c
2835 /usr/src/cmd/armadillo.c
2838 Length of the longest prefix of the preceding entry to share:
2845 Output from `frcode', with trailing nulls changed to newlines and
2846 count bytes made printable:
2854 (6 = 14 - 8, and -9 = 5 - 14)
2857 File: find.info, Node: slocate Database Format, Next: Old Database Format, Prev: Sample LOCATE02 Database, Up: Database Formats
2859 4.2.3 slocate Database Format
2860 -----------------------------
2862 The `slocate' program uses a database format similar to, but not quite
2863 the same as, GNU `locate'. The first byte of the database specifies
2864 its "security level". If the security level is 0, `slocate' will read,
2865 match and print filenames on the basis of the information in the
2866 database only. However, if the security level byte is 1, `slocate'
2867 omits entries from its output if the invoking user is unable to access
2868 them. The second byte of the database is zero. The second byte is
2869 immediately followed by the first database entry. The first entry in
2870 the database is not preceded by any differential count or dummy entry.
2871 Instead the differential count for the first item is assumed to be zero.
2873 Starting with the second entry (if any) in the database, data is
2874 interpreted as for the GNU LOCATE02 format.
2877 File: find.info, Node: Old Database Format, Prev: slocate Database Format, Up: Database Formats
2879 4.2.4 Old Database Format
2880 -------------------------
2882 The old database format is used by Unix `locate' and `find' programs
2883 and earlier releases of the GNU ones. `updatedb' produces this format
2884 if given the `--old-format' option.
2886 `updatedb' runs programs called `bigram' and `code' to produce
2887 old-format databases. The old format differs from the new one in the
2888 following ways. Instead of each entry starting with an
2889 offset-differential count byte and ending with a null, byte values from
2890 0 through 28 indicate offset-differential counts from -14 through 14.
2891 The byte value indicating that a long offset-differential count follows
2892 is 0x1e (30), not 0x80. The long counts are stored in host byte order,
2893 which is not necessarily network byte order, and host integer word
2894 size, which is usually 4 bytes. They also represent a count 14 less
2895 than their value. The database lines have no termination byte; the
2896 start of the next line is indicated by its first byte having a value <=
2899 In addition, instead of starting with a dummy entry, the old database
2900 format starts with a 256 byte table containing the 128 most common
2901 bigrams in the file list. A bigram is a pair of adjacent bytes. Bytes
2902 in the database that have the high bit set are indexes (with the high
2903 bit cleared) into the bigram table. The bigram and offset-differential
2904 count coding makes these databases 20-25% smaller than the new format,
2905 but makes them not 8-bit clean. Any byte in a file name that is in the
2906 ranges used for the special codes is replaced in the database by a
2907 question mark, which not coincidentally is the shell wildcard to match
2910 The old format therefore cannot faithfully store entries with
2911 non-ASCII characters. It therefore should not be used in
2912 internationalised environments. That is, most installations should not
2915 Because the long counts are stored by the `code' program as
2916 native-order machine words, the database format is not easily used in
2917 environments which differ in terms of byte order. If locate databases
2918 are to be shared between machines, the LOCATE02 database format should
2919 be used. This has other benefits as discussed above. However, the
2920 length of the filename currently being processed can normally be used
2921 to place reasonable limits on the long counts and so this information
2922 is used by locate to help it guess the byte ordering of the old format
2923 database. Unless it finds evidence to the contrary, `locate' will
2924 assume that the byte order of the database is the same as the native
2925 byte order of the machine running `locate'. The output of `locate
2926 --statistics' also includes information about the byte order of
2927 old-format databases.
2929 The output of `locate --statistics' will give an incorrect count of
2930 the number of file names containing newlines or high-bit characters for
2931 old-format databases.
2933 Old versions of GNU `locate' fail to correctly handle very long file
2934 names, possibly leading to security problems relating to a heap buffer
2935 overrun. *Note Security Considerations for locate::, for a detailed
2939 File: find.info, Node: Newline Handling, Prev: Database Formats, Up: Databases
2941 4.3 Newline Handling
2942 ====================
2944 Within the database, file names are terminated with a null character.
2945 This is the case for both the old and the new format.
2947 When the new database format is being used, the compression technique
2948 used to generate the database though relies on the ability to sort the
2949 list of files before they are presented to `frcode'.
2951 If the system's sort command allows its input list of files to be
2952 separated with null characters via the `-z' option, this option is used
2953 and therefore `updatedb' and `locate' will both correctly handle file
2954 names containing newlines. If the `sort' command lacks support for
2955 this, the list of files is delimited with the newline character,
2956 meaning that parts of file names containing newlines will be
2957 incorrectly sorted. This can result in both incorrect matches and
2958 incorrect failures to match.
2960 On the other hand, if you are using the old database format, file
2961 names with embedded newlines are not correctly handled. There is no
2962 technical limitation which enforces this, it's just that the `bigram'
2963 program has not been updated to support lists of file names separated
2966 So, if you are using the new database format (this is the default)
2967 and your system uses GNU `sort', newlines will be correctly handled at
2968 all times. Otherwise, newlines may not be correctly handled.
2971 File: find.info, Node: File Permissions, Next: Date input formats, Prev: Databases, Up: Top
2976 Each file has a set of "permissions" that control the kinds of access
2977 that users have to that file. The permissions for a file are also
2978 called its "access mode". They can be represented either in symbolic
2979 form or as an octal number.
2983 * Mode Structure:: Structure of file permissions.
2984 * Symbolic Modes:: Mnemonic permissions representation.
2985 * Numeric Modes:: Permissions as octal numbers.
2988 File: find.info, Node: Mode Structure, Next: Symbolic Modes, Up: File Permissions
2990 5.1 Structure of File Permissions
2991 =================================
2993 There are three kinds of permissions that a user can have for a file:
2995 1. permission to read the file. For directories, this means
2996 permission to list the contents of the directory.
2998 2. permission to write to (change) the file. For directories, this
2999 means permission to create and remove files in the directory.
3001 3. permission to execute the file (run it as a program). For
3002 directories, this means permission to access files in the
3005 There are three categories of users who may have different
3006 permissions to perform any of the above operations on a file:
3008 1. the file's owner;
3010 2. other users who are in the file's group;
3014 Files are given an owner and group when they are created. Usually
3015 the owner is the current user and the group is the group of the
3016 directory the file is in, but this varies with the operating system, the
3017 file system the file is created on, and the way the file is created.
3018 You can change the owner and group of a file by using the `chown' and
3021 In addition to the three sets of three permissions listed above, a
3022 file's permissions have three special components, which affect only
3023 executable files (programs) and, on some systems, directories:
3025 1. Set the process's effective user ID to that of the file upon
3026 execution (called the "setuid bit"). No effect on directories.
3028 2. Set the process's effective group ID to that of the file upon
3029 execution (called the "setgid bit"). For directories on some
3030 systems, put files created in the directory into the same group as
3031 the directory, no matter what group the user who creates them is
3034 3. prevent users from removing or renaming a file in a directory
3035 unless they own the file or the directory; this is called the
3036 "restricted deletion flag" for the directory. For regular files
3037 on some systems, save the program's text image on the swap device
3038 so it will load more quickly when run; this is called the "sticky
3041 In addition to the permissions listed above, there may be file
3042 attributes specific to the file system, e.g: access control lists
3043 (ACLs), whether a file is compressed, whether a file can be modified
3044 (immutability), whether a file can be dumped. These are usually set
3045 using programs specific to the file system. For example:
3048 On GNU and GNU/Linux the file permissions ("attributes") specific
3049 to the ext2 file system are set using `chattr'.
3052 On FreeBSD the file permissions ("flags") specific to the FFS file
3053 system are set using `chrflags'.
3055 Although a file's permission "bits" allow an operation on that file,
3056 that operation may still fail, because:
3058 * the file-system-specific permissions do not permit it;
3060 * the file system is mounted as read-only.
3062 For example, if the immutable attribute is set on a file, it cannot
3063 be modified, regardless of the fact that you may have just run `chmod
3067 File: find.info, Node: Symbolic Modes, Next: Numeric Modes, Prev: Mode Structure, Up: File Permissions
3072 "Symbolic modes" represent changes to files' permissions as operations
3073 on single-character symbols. They allow you to modify either all or
3074 selected parts of files' permissions, optionally based on their
3075 previous values, and perhaps on the current `umask' as well (*note
3076 Umask and Protection::).
3078 The format of symbolic modes is:
3080 [ugoa...][+-=]PERMS...[,...]
3082 where PERMS is either zero or more letters from the set `rwxXst', or a
3083 single letter from the set `ugo'.
3085 The following sections describe the operators and other details of
3090 * Setting Permissions:: Basic operations on permissions.
3091 * Copying Permissions:: Copying existing permissions.
3092 * Changing Special Permissions:: Special permissions.
3093 * Conditional Executability:: Conditionally affecting executability.
3094 * Multiple Changes:: Making multiple changes.
3095 * Umask and Protection:: The effect of the umask.
3098 File: find.info, Node: Setting Permissions, Next: Copying Permissions, Up: Symbolic Modes
3100 5.2.1 Setting Permissions
3101 -------------------------
3103 The basic symbolic operations on a file's permissions are adding,
3104 removing, and setting the permission that certain users have to read,
3105 write, and execute the file. These operations have the following
3108 USERS OPERATION PERMISSIONS
3110 The spaces between the three parts above are shown for readability only;
3111 symbolic modes cannot contain spaces.
3113 The USERS part tells which users' access to the file is changed. It
3114 consists of one or more of the following letters (or it can be empty;
3115 *note Umask and Protection::, for a description of what happens then).
3116 When more than one of these letters is given, the order that they are
3120 the user who owns the file;
3123 other users who are in the file's group;
3129 all users; the same as `ugo'.
3131 The OPERATION part tells how to change the affected users' access to
3132 the file, and is one of the following symbols:
3135 to add the PERMISSIONS to whatever permissions the USERS already
3139 to remove the PERMISSIONS from whatever permissions the USERS
3140 already have for the file;
3143 to make the PERMISSIONS the only permissions that the USERS have
3146 The PERMISSIONS part tells what kind of access to the file should be
3147 changed; it is normally zero or more of the following letters. As with
3148 the USERS part, the order does not matter when more than one letter is
3149 given. Omitting the PERMISSIONS part is useful only with the `='
3150 operation, where it gives the specified USERS no access at all to the
3154 the permission the USERS have to read the file;
3157 the permission the USERS have to write to the file;
3160 the permission the USERS have to execute the file.
3162 For example, to give everyone permission to read and write a file,
3163 but not to execute it, use:
3167 To remove write permission for all users other than the file's
3172 The above command does not affect the access that the owner of the file
3173 has to it, nor does it affect whether other users can read or execute
3176 To give everyone except a file's owner no permission to do anything
3177 with that file, use the mode below. Other users could still remove the
3178 file, if they have write permission on the directory it is in.
3182 Another way to specify the same thing is:
3187 File: find.info, Node: Copying Permissions, Next: Changing Special Permissions, Prev: Setting Permissions, Up: Symbolic Modes
3189 5.2.2 Copying Existing Permissions
3190 ----------------------------------
3192 You can base a file's permissions on its existing permissions. To do
3193 this, instead of using a series of `r', `w', or `x' letters after the
3194 operator, you use the letter `u', `g', or `o'. For example, the mode
3198 adds the permissions for users who are in a file's group to the
3199 permissions that other users have for the file. Thus, if the file
3200 started out as mode 664 (`rw-rw-r--'), the above mode would change it
3201 to mode 666 (`rw-rw-rw-'). If the file had started out as mode 741
3202 (`rwxr----x'), the above mode would change it to mode 745
3203 (`rwxr--r-x'). The `-' and `=' operations work analogously.
3206 File: find.info, Node: Changing Special Permissions, Next: Conditional Executability, Prev: Copying Permissions, Up: Symbolic Modes
3208 5.2.3 Changing Special Permissions
3209 ----------------------------------
3211 In addition to changing a file's read, write, and execute permissions,
3212 you can change its special permissions. *Note Mode Structure::, for a
3213 summary of these permissions.
3215 To change a file's permission to set the user ID on execution, use
3216 `u' in the USERS part of the symbolic mode and `s' in the PERMISSIONS
3219 To change a file's permission to set the group ID on execution, use
3220 `g' in the USERS part of the symbolic mode and `s' in the PERMISSIONS
3223 To change a file's permission to set the restricted deletion flag or
3224 sticky bit, omit the USERS part of the symbolic mode (or use `a') and
3225 put `t' in the PERMISSIONS part.
3227 For example, to add set-user-ID permission to a program, you can use
3232 To remove both set-user-ID and set-group-ID permission from it, you
3237 To set the restricted deletion flag or sticky bit, you can use the
3242 The combination `o+s' has no effect. On GNU systems the
3243 combinations `u+t' and `g+t' have no effect, and `o+t' acts like plain
3246 The `=' operator is not very useful with special permissions; for
3251 does set the restricted deletion flag or sticky bit, but it also
3252 removes all read, write, and execute permissions that users not in the
3253 file's group might have had for it.
3256 File: find.info, Node: Conditional Executability, Next: Multiple Changes, Prev: Changing Special Permissions, Up: Symbolic Modes
3258 5.2.4 Conditional Executability
3259 -------------------------------
3261 There is one more special type of symbolic permission: if you use `X'
3262 instead of `x', execute permission is affected only if the file is a
3263 directory or already had execute permission.
3265 For example, this mode:
3269 gives all users permission to search directories, or to execute files if
3270 anyone could execute them before.
3273 File: find.info, Node: Multiple Changes, Next: Umask and Protection, Prev: Conditional Executability, Up: Symbolic Modes
3275 5.2.5 Making Multiple Changes
3276 -----------------------------
3278 The format of symbolic modes is actually more complex than described
3279 above (*note Setting Permissions::). It provides two ways to make
3280 multiple changes to files' permissions.
3282 The first way is to specify multiple OPERATION and PERMISSIONS parts
3283 after a USERS part in the symbolic mode.
3285 For example, the mode:
3289 gives users other than the owner of the file read permission and, if it
3290 is a directory or if someone already had execute permission to it,
3291 gives them execute permission; and it also denies them write permission
3292 to the file. It does not affect the permission that the owner of the
3293 file has for it. The above mode is equivalent to the two modes:
3298 The second way to make multiple changes is to specify more than one
3299 simple symbolic mode, separated by commas. For example, the mode:
3303 gives everyone permission to read the file and removes write permission
3304 on it for all users except its owner. Another example:
3308 sets all of the non-special permissions for the file explicitly. (It
3309 gives users who are not in the file's group no permission at all for
3312 The two methods can be combined. The mode:
3316 gives all users permission to read the file, and gives users who are in
3317 the file's group permission to execute it, as well, but not permission
3318 to write to it. The above mode could be written in several different
3324 File: find.info, Node: Umask and Protection, Prev: Multiple Changes, Up: Symbolic Modes
3326 5.2.6 The Umask and Protection
3327 ------------------------------
3329 If the USERS part of a symbolic mode is omitted, it defaults to `a'
3330 (affect all users), except that any permissions that are _set_ in the
3331 system variable `umask' are _not affected_. The value of `umask' can
3332 be set using the `umask' command. Its default value varies from system
3335 Omitting the USERS part of a symbolic mode is generally not useful
3336 with operations other than `+'. It is useful with `+' because it
3337 allows you to use `umask' as an easily customizable protection against
3338 giving away more permission to files than you intended to.
3340 As an example, if `umask' has the value 2, which removes write
3341 permission for users who are not in the file's group, then the mode:
3345 adds permission to write to the file to its owner and to other users who
3346 are in the file's group, but _not_ to other users. In contrast, the
3351 ignores `umask', and _does_ give write permission for the file to all
3355 File: find.info, Node: Numeric Modes, Prev: Symbolic Modes, Up: File Permissions
3360 As an alternative to giving a symbolic mode, you can give an octal
3361 (base 8) number that represents the new mode. This number is always
3362 interpreted in octal; you do not have to add a leading 0, as you do in
3363 C. Mode 0055 is the same as mode 55.
3365 A numeric mode is usually shorter than the corresponding symbolic
3366 mode, but it is limited in that it cannot take into account a file's
3367 previous permissions; it can only set them absolutely.
3369 The permissions granted to the user, to other users in the file's
3370 group, and to other users not in the file's group each require three
3371 bits, which are represented as one octal digit. The three special
3372 permissions also require one bit each, and they are as a group
3373 represented as another octal digit. Here is how the bits are arranged,
3374 starting with the lowest valued bit:
3376 Value in Corresponding
3379 Other users not in the file's group:
3384 Other users in the file's group:
3394 Special permissions:
3395 1000 Restricted deletion flag or sticky bit
3396 2000 Set group ID on execution
3397 4000 Set user ID on execution
3399 For example, numeric mode 4755 corresponds to symbolic mode
3400 `u=rwxs,go=rx', and numeric mode 664 corresponds to symbolic mode
3401 `ug=rw,o=r'. Numeric mode 0 corresponds to symbolic mode `a='.
3404 File: find.info, Node: Date input formats, Next: Configuration, Prev: File Permissions, Up: Top
3406 6 Date input formats
3407 ********************
3411 Our units of temporal measurement, from seconds on up to months,
3412 are so complicated, asymmetrical and disjunctive so as to make
3413 coherent mental reckoning in time all but impossible. Indeed, had
3414 some tyrannical god contrived to enslave our minds to time, to
3415 make it all but impossible for us to escape subjection to sodden
3416 routines and unpleasant surprises, he could hardly have done
3417 better than handing down our present system. It is like a set of
3418 trapezoidal building blocks, with no vertical or horizontal
3419 surfaces, like a language in which the simplest thought demands
3420 ornate constructions, useless particles and lengthy
3421 circumlocutions. Unlike the more successful patterns of language
3422 and science, which enable us to face experience boldly or at least
3423 level-headedly, our system of temporal calculation silently and
3424 persistently encourages our terror of time.
3426 ... It is as though architects had to measure length in feet,
3427 width in meters and height in ells; as though basic instruction
3428 manuals demanded a knowledge of five different languages. It is
3429 no wonder then that we often look into our own immediate past or
3430 future, last Tuesday or a week from Sunday, with feelings of
3431 helpless confusion. ...
3433 --Robert Grudin, `Time and the Art of Living'.
3435 This section describes the textual date representations that GNU
3436 programs accept. These are the strings you, as a user, can supply as
3437 arguments to the various programs. The C interface (via the
3438 `parse_datetime' function) is not described here.
3442 * General date syntax:: Common rules.
3443 * Calendar date items:: 19 Dec 1994.
3444 * Time of day items:: 9:20pm.
3445 * Time zone items:: EST, PDT, UTC, ...
3446 * Combined date and time of day items:: 1972-09-24T20:02:00,000000-0500.
3447 * Day of week items:: Monday and others.
3448 * Relative items in date strings:: next tuesday, 2 years ago.
3449 * Pure numbers in date strings:: 19931219, 1440.
3450 * Seconds since the Epoch:: @1078100502.
3451 * Specifying time zone rules:: TZ="America/New_York", TZ="UTC0".
3452 * Authors of parse_datetime:: Bellovin, Eggert, Salz, Berets, et al.
3455 File: find.info, Node: General date syntax, Next: Calendar date items, Up: Date input formats
3457 6.1 General date syntax
3458 =======================
3460 A "date" is a string, possibly empty, containing many items separated
3461 by whitespace. The whitespace may be omitted when no ambiguity arises.
3462 The empty string means the beginning of today (i.e., midnight). Order
3463 of the items is immaterial. A date string may contain many flavors of
3466 * calendar date items
3472 * combined date and time of day items
3474 * day of the week items
3480 We describe each of these item types in turn, below.
3482 A few ordinal numbers may be written out in words in some contexts.
3483 This is most useful for specifying day of the week items or relative
3484 items (see below). Among the most commonly used ordinal numbers, the
3485 word `last' stands for -1, `this' stands for 0, and `first' and `next'
3486 both stand for 1. Because the word `second' stands for the unit of
3487 time there is no way to write the ordinal number 2, but for convenience
3488 `third' stands for 3, `fourth' for 4, `fifth' for 5, `sixth' for 6,
3489 `seventh' for 7, `eighth' for 8, `ninth' for 9, `tenth' for 10,
3490 `eleventh' for 11 and `twelfth' for 12.
3492 When a month is written this way, it is still considered to be
3493 written numerically, instead of being "spelled in full"; this changes
3494 the allowed strings.
3496 In the current implementation, only English is supported for words
3497 and abbreviations like `AM', `DST', `EST', `first', `January',
3498 `Sunday', `tomorrow', and `year'.
3500 The output of the `date' command is not always acceptable as a date
3501 string, not only because of the language problem, but also because
3502 there is no standard meaning for time zone items like `IST'. When using
3503 `date' to generate a date string intended to be parsed later, specify a
3504 date format that is independent of language and that does not use time
3505 zone items other than `UTC' and `Z'. Here are some ways to do this:
3507 $ LC_ALL=C TZ=UTC0 date
3508 Mon Mar 1 00:21:42 UTC 2004
3509 $ TZ=UTC0 date +'%Y-%m-%d %H:%M:%SZ'
3510 2004-03-01 00:21:42Z
3511 $ date --rfc-3339=ns # --rfc-3339 is a GNU extension.
3512 2004-02-29 16:21:42.692722128-08:00
3513 $ date --rfc-2822 # a GNU extension
3514 Sun, 29 Feb 2004 16:21:42 -0800
3515 $ date +'%Y-%m-%d %H:%M:%S %z' # %z is a GNU extension.
3516 2004-02-29 16:21:42 -0800
3517 $ date +'@%s.%N' # %s and %N are GNU extensions.
3518 @1078100502.692722128
3520 Alphabetic case is completely ignored in dates. Comments may be
3521 introduced between round parentheses, as long as included parentheses
3522 are properly nested. Hyphens not followed by a digit are currently
3523 ignored. Leading zeros on numbers are ignored.
3525 Invalid dates like `2005-02-29' or times like `24:00' are rejected.
3526 In the typical case of a host that does not support leap seconds, a
3527 time like `23:59:60' is rejected even if it corresponds to a valid leap
3531 File: find.info, Node: Calendar date items, Next: Time of day items, Prev: General date syntax, Up: Date input formats
3533 6.2 Calendar date items
3534 =======================
3536 A "calendar date item" specifies a day of the year. It is specified
3537 differently, depending on whether the month is specified numerically or
3538 literally. All these strings specify the same calendar date:
3540 1972-09-24 # ISO 8601.
3541 72-9-24 # Assume 19xx for 69 through 99,
3542 # 20xx for 00 through 68.
3543 72-09-24 # Leading zeros are ignored.
3544 9/24/72 # Common U.S. writing.
3546 24 Sept 72 # September has a special abbreviation.
3547 24 Sep 72 # Three-letter abbreviations always allowed.
3552 The year can also be omitted. In this case, the last specified year
3553 is used, or the current year if none. For example:
3560 For numeric months, the ISO 8601 format `YEAR-MONTH-DAY' is allowed,
3561 where YEAR is any positive number, MONTH is a number between 01 and 12,
3562 and DAY is a number between 01 and 31. A leading zero must be present
3563 if a number is less than ten. If YEAR is 68 or smaller, then 2000 is
3564 added to it; otherwise, if YEAR is less than 100, then 1900 is added to
3565 it. The construct `MONTH/DAY/YEAR', popular in the United States, is
3566 accepted. Also `MONTH/DAY', omitting the year.
3568 Literal months may be spelled out in full: `January', `February',
3569 `March', `April', `May', `June', `July', `August', `September',
3570 `October', `November' or `December'. Literal months may be abbreviated
3571 to their first three letters, possibly followed by an abbreviating dot.
3572 It is also permitted to write `Sept' instead of `September'.
3574 When months are written literally, the calendar date may be given as
3575 any of the following:
3582 Or, omitting the year:
3587 File: find.info, Node: Time of day items, Next: Time zone items, Prev: Calendar date items, Up: Date input formats
3589 6.3 Time of day items
3590 =====================
3592 A "time of day item" in date strings specifies the time on a given day.
3593 Here are some examples, all of which represent the same time:
3598 20:02-0500 # In EST (U.S. Eastern Standard Time).
3600 More generally, the time of day may be given as
3601 `HOUR:MINUTE:SECOND', where HOUR is a number between 0 and 23, MINUTE
3602 is a number between 0 and 59, and SECOND is a number between 0 and 59
3603 possibly followed by `.' or `,' and a fraction containing one or more
3604 digits. Alternatively, `:SECOND' can be omitted, in which case it is
3605 taken to be zero. On the rare hosts that support leap seconds, SECOND
3608 If the time is followed by `am' or `pm' (or `a.m.' or `p.m.'), HOUR
3609 is restricted to run from 1 to 12, and `:MINUTE' may be omitted (taken
3610 to be zero). `am' indicates the first half of the day, `pm' indicates
3611 the second half of the day. In this notation, 12 is the predecessor of
3612 1: midnight is `12am' while noon is `12pm'. (This is the zero-oriented
3613 interpretation of `12am' and `12pm', as opposed to the old tradition
3614 derived from Latin which uses `12m' for noon and `12pm' for midnight.)
3616 The time may alternatively be followed by a time zone correction,
3617 expressed as `SHHMM', where S is `+' or `-', HH is a number of zone
3618 hours and MM is a number of zone minutes. The zone minutes term, MM,
3619 may be omitted, in which case the one- or two-digit correction is
3620 interpreted as a number of hours. You can also separate HH from MM
3621 with a colon. When a time zone correction is given this way, it forces
3622 interpretation of the time relative to Coordinated Universal Time
3623 (UTC), overriding any previous specification for the time zone or the
3624 local time zone. For example, `+0530' and `+05:30' both stand for the
3625 time zone 5.5 hours ahead of UTC (e.g., India). This is the best way to
3626 specify a time zone correction by fractional parts of an hour. The
3627 maximum zone correction is 24 hours.
3629 Either `am'/`pm' or a time zone correction may be specified, but not
3633 File: find.info, Node: Time zone items, Next: Combined date and time of day items, Prev: Time of day items, Up: Date input formats
3638 A "time zone item" specifies an international time zone, indicated by a
3639 small set of letters, e.g., `UTC' or `Z' for Coordinated Universal
3640 Time. Any included periods are ignored. By following a
3641 non-daylight-saving time zone by the string `DST' in a separate word
3642 (that is, separated by some white space), the corresponding daylight
3643 saving time zone may be specified. Alternatively, a
3644 non-daylight-saving time zone can be followed by a time zone
3645 correction, to add the two values. This is normally done only for
3646 `UTC'; for example, `UTC+05:30' is equivalent to `+05:30'.
3648 Time zone items other than `UTC' and `Z' are obsolescent and are not
3649 recommended, because they are ambiguous; for example, `EST' has a
3650 different meaning in Australia than in the United States. Instead,
3651 it's better to use unambiguous numeric time zone corrections like
3652 `-0500', as described in the previous section.
3654 If neither a time zone item nor a time zone correction is supplied,
3655 time stamps are interpreted using the rules of the default time zone
3656 (*note Specifying time zone rules::).
3659 File: find.info, Node: Combined date and time of day items, Next: Day of week items, Prev: Time zone items, Up: Date input formats
3661 6.5 Combined date and time of day items
3662 =======================================
3664 The ISO 8601 date and time of day extended format consists of an ISO
3665 8601 date, a `T' character separator, and an ISO 8601 time of day.
3666 This format is also recognized if the `T' is replaced by a space.
3668 In this format, the time of day should use 24-hour notation.
3669 Fractional seconds are allowed, with either comma or period preceding
3670 the fraction. ISO 8601 fractional minutes and hours are not supported.
3671 Typically, hosts support nanosecond timestamp resolution; excess
3672 precision is silently discarded.
3674 Here are some examples:
3676 2012-09-24T20:02:00.052-0500
3677 2012-12-31T23:59:59,999999999+1100
3681 File: find.info, Node: Day of week items, Next: Relative items in date strings, Prev: Combined date and time of day items, Up: Date input formats
3683 6.6 Day of week items
3684 =====================
3686 The explicit mention of a day of the week will forward the date (only
3687 if necessary) to reach that day of the week in the future.
3689 Days of the week may be spelled out in full: `Sunday', `Monday',
3690 `Tuesday', `Wednesday', `Thursday', `Friday' or `Saturday'. Days may
3691 be abbreviated to their first three letters, optionally followed by a
3692 period. The special abbreviations `Tues' for `Tuesday', `Wednes' for
3693 `Wednesday' and `Thur' or `Thurs' for `Thursday' are also allowed.
3695 A number may precede a day of the week item to move forward
3696 supplementary weeks. It is best used in expression like `third
3697 monday'. In this context, `last DAY' or `next DAY' is also acceptable;
3698 they move one week before or after the day that DAY by itself would
3701 A comma following a day of the week item is ignored.
3704 File: find.info, Node: Relative items in date strings, Next: Pure numbers in date strings, Prev: Day of week items, Up: Date input formats
3706 6.7 Relative items in date strings
3707 ==================================
3709 "Relative items" adjust a date (or the current date if none) forward or
3710 backward. The effects of relative items accumulate. Here are some
3718 The unit of time displacement may be selected by the string `year'
3719 or `month' for moving by whole years or months. These are fuzzy units,
3720 as years and months are not all of equal duration. More precise units
3721 are `fortnight' which is worth 14 days, `week' worth 7 days, `day'
3722 worth 24 hours, `hour' worth 60 minutes, `minute' or `min' worth 60
3723 seconds, and `second' or `sec' worth one second. An `s' suffix on
3724 these units is accepted and ignored.
3726 The unit of time may be preceded by a multiplier, given as an
3727 optionally signed number. Unsigned numbers are taken as positively
3728 signed. No number at all implies 1 for a multiplier. Following a
3729 relative item by the string `ago' is equivalent to preceding the unit
3730 by a multiplier with value -1.
3732 The string `tomorrow' is worth one day in the future (equivalent to
3733 `day'), the string `yesterday' is worth one day in the past (equivalent
3736 The strings `now' or `today' are relative items corresponding to
3737 zero-valued time displacement, these strings come from the fact a
3738 zero-valued time displacement represents the current time when not
3739 otherwise changed by previous items. They may be used to stress other
3740 items, like in `12:00 today'. The string `this' also has the meaning
3741 of a zero-valued time displacement, but is preferred in date strings
3742 like `this thursday'.
3744 When a relative item causes the resulting date to cross a boundary
3745 where the clocks were adjusted, typically for daylight saving time, the
3746 resulting date and time are adjusted accordingly.
3748 The fuzz in units can cause problems with relative items. For
3749 example, `2003-07-31 -1 month' might evaluate to 2003-07-01, because
3750 2003-06-31 is an invalid date. To determine the previous month more
3751 reliably, you can ask for the month before the 15th of the current
3755 Thu, 31 Jul 2003 13:02:39 -0700
3756 $ date --date='-1 month' +'Last month was %B?'
3757 Last month was July?
3758 $ date --date="$(date +%Y-%m-15) -1 month" +'Last month was %B!'
3759 Last month was June!
3761 Also, take care when manipulating dates around clock changes such as
3762 daylight saving leaps. In a few cases these have added or subtracted
3763 as much as 24 hours from the clock, so it is often wise to adopt
3764 universal time by setting the `TZ' environment variable to `UTC0'
3765 before embarking on calendrical calculations.
3768 File: find.info, Node: Pure numbers in date strings, Next: Seconds since the Epoch, Prev: Relative items in date strings, Up: Date input formats
3770 6.8 Pure numbers in date strings
3771 ================================
3773 The precise interpretation of a pure decimal number depends on the
3774 context in the date string.
3776 If the decimal number is of the form YYYYMMDD and no other calendar
3777 date item (*note Calendar date items::) appears before it in the date
3778 string, then YYYY is read as the year, MM as the month number and DD as
3779 the day of the month, for the specified calendar date.
3781 If the decimal number is of the form HHMM and no other time of day
3782 item appears before it in the date string, then HH is read as the hour
3783 of the day and MM as the minute of the hour, for the specified time of
3784 day. MM can also be omitted.
3786 If both a calendar date and a time of day appear to the left of a
3787 number in the date string, but no relative item, then the number
3791 File: find.info, Node: Seconds since the Epoch, Next: Specifying time zone rules, Prev: Pure numbers in date strings, Up: Date input formats
3793 6.9 Seconds since the Epoch
3794 ===========================
3796 If you precede a number with `@', it represents an internal time stamp
3797 as a count of seconds. The number can contain an internal decimal
3798 point (either `.' or `,'); any excess precision not supported by the
3799 internal representation is truncated toward minus infinity. Such a
3800 number cannot be combined with any other date item, as it specifies a
3801 complete time stamp.
3803 Internally, computer times are represented as a count of seconds
3804 since an epoch--a well-defined point of time. On GNU and POSIX
3805 systems, the epoch is 1970-01-01 00:00:00 UTC, so `@0' represents this
3806 time, `@1' represents 1970-01-01 00:00:01 UTC, and so forth. GNU and
3807 most other POSIX-compliant systems support such times as an extension
3808 to POSIX, using negative counts, so that `@-1' represents 1969-12-31
3811 Traditional Unix systems count seconds with 32-bit two's-complement
3812 integers and can represent times from 1901-12-13 20:45:52 through
3813 2038-01-19 03:14:07 UTC. More modern systems use 64-bit counts of
3814 seconds with nanosecond subcounts, and can represent all the times in
3815 the known lifetime of the universe to a resolution of 1 nanosecond.
3817 On most hosts, these counts ignore the presence of leap seconds.
3818 For example, on most hosts `@915148799' represents 1998-12-31 23:59:59
3819 UTC, `@915148800' represents 1999-01-01 00:00:00 UTC, and there is no
3820 way to represent the intervening leap second 1998-12-31 23:59:60 UTC.
3823 File: find.info, Node: Specifying time zone rules, Next: Authors of parse_datetime, Prev: Seconds since the Epoch, Up: Date input formats
3825 6.10 Specifying time zone rules
3826 ===============================
3828 Normally, dates are interpreted using the rules of the current time
3829 zone, which in turn are specified by the `TZ' environment variable, or
3830 by a system default if `TZ' is not set. To specify a different set of
3831 default time zone rules that apply just to one date, start the date
3832 with a string of the form `TZ="RULE"'. The two quote characters (`"')
3833 must be present in the date, and any quotes or backslashes within RULE
3834 must be escaped by a backslash.
3836 For example, with the GNU `date' command you can answer the question
3837 "What time is it in New York when a Paris clock shows 6:30am on October
3838 31, 2004?" by using a date beginning with `TZ="Europe/Paris"' as shown
3839 in the following shell transcript:
3841 $ export TZ="America/New_York"
3842 $ date --date='TZ="Europe/Paris" 2004-10-31 06:30'
3843 Sun Oct 31 01:30:00 EDT 2004
3845 In this example, the `--date' operand begins with its own `TZ'
3846 setting, so the rest of that operand is processed according to
3847 `Europe/Paris' rules, treating the string `2004-10-31 06:30' as if it
3848 were in Paris. However, since the output of the `date' command is
3849 processed according to the overall time zone rules, it uses New York
3850 time. (Paris was normally six hours ahead of New York in 2004, but
3851 this example refers to a brief Halloween period when the gap was five
3854 A `TZ' value is a rule that typically names a location in the `tz'
3855 database (http://www.twinsun.com/tz/tz-link.htm). A recent catalog of
3856 location names appears in the TWiki Date and Time Gateway
3857 (http://twiki.org/cgi-bin/xtra/tzdate). A few non-GNU hosts require a
3858 colon before a location name in a `TZ' setting, e.g.,
3859 `TZ=":America/New_York"'.
3861 The `tz' database includes a wide variety of locations ranging from
3862 `Arctic/Longyearbyen' to `Antarctica/South_Pole', but if you are at sea
3863 and have your own private time zone, or if you are using a non-GNU host
3864 that does not support the `tz' database, you may need to use a POSIX
3865 rule instead. Simple POSIX rules like `UTC0' specify a time zone
3866 without daylight saving time; other rules can specify simple daylight
3867 saving regimes. *Note Specifying the Time Zone with `TZ': (libc)TZ
3871 File: find.info, Node: Authors of parse_datetime, Prev: Specifying time zone rules, Up: Date input formats
3873 6.11 Authors of `parse_datetime'
3874 ================================
3876 `parse_datetime' started life as `getdate', as originally implemented
3877 by Steven M. Bellovin (<smb@research.att.com>) while at the University
3878 of North Carolina at Chapel Hill. The code was later tweaked by a
3879 couple of people on Usenet, then completely overhauled by Rich $alz
3880 (<rsalz@bbn.com>) and Jim Berets (<jberets@bbn.com>) in August, 1990.
3881 Various revisions for the GNU system were made by David MacKenzie, Jim
3882 Meyering, Paul Eggert and others, including renaming it to `get_date' to
3883 avoid a conflict with the alternative Posix function `getdate', and a
3884 later rename to `parse_datetime'. The Posix function `getdate' can
3885 parse more locale-specific dates using `strptime', but relies on an
3886 environment variable and external file, and lacks the thread-safety of
3889 This chapter was originally produced by Franc,ois Pinard
3890 (<pinard@iro.umontreal.ca>) from the `parse_datetime.y' source code,
3891 and then edited by K. Berry (<kb@cs.umb.edu>).
3894 File: find.info, Node: Configuration, Next: Reference, Prev: Date input formats, Up: Top
3899 The findutils source distribution includes a `configure' script which
3900 examines the system and generates files required to build findutils.
3901 See the files `README' and `INSTALL'.
3903 A number of options can be specified on the `configure' command
3904 line, and many of these are straightforward, adequately documented in
3905 the `--help' output, or not normally useful. Options which are useful
3906 or which are not obvious are explained here.
3910 * Leaf Optimisation:: Take advantage of Unix file system semantics.
3911 * d_type Optimisation:: Take advantage of file type information.
3912 * fts:: A non-recursive file system search.
3915 File: find.info, Node: Leaf Optimisation, Next: d_type Optimisation, Up: Configuration
3917 7.1 Leaf Optimisation
3918 =====================
3920 Files in Unix file systems have a link count which indicates how many
3921 names point to the same inode. Directories in Unix filssytems have a
3922 `..' entry which functions as a hard link to the parent directory and a
3923 `.' entry which functions as a link to the directory itself. The `..'
3924 entry of the root directory also points to the root. This means that
3925 `find' can deduce the number of subdirectories a directory has, simply
3926 by subtracting 2 from the directory's link count. This allows `find'
3927 the calls to `stat' which would otherwise be needed to discover which
3928 directory entries are subdirectories.
3930 File systems which don't have these semantics should simply return a
3931 value less than 2 in the `st_nlinks' member of `struct stat' in
3932 response to a successful call to `stat'.
3934 If you are building `find' for a system on which the value of
3935 `st_nlinks' is unreliable, you can specify
3936 `--disable-leaf-optimisation' to `configure' to prevent this assumption
3940 File: find.info, Node: d_type Optimisation, Next: fts, Prev: Leaf Optimisation, Up: Configuration
3942 7.2 d_type Optimisation
3943 =======================
3945 When this feature is enabled, `find' takes advantage of the fact that
3946 on some systems `readdir' will return the type of a file in `struct
3950 File: find.info, Node: fts, Prev: d_type Optimisation, Up: Configuration
3955 The findutils source distribution contains two different
3956 implementations of `find'. The older implementation descends the file
3957 system recursively, while the newer one uses `fts'. Both are normally
3960 If the option `--without-fts' was passed to `configure', the
3961 recursive implementation is installed as `find' and the fts-based
3962 implementation is installed as `ftsfind'. Otherwise, the fts-based
3963 implementation is installed as `find' and the recursive implementation
3964 is installed as `oldfind'.
3967 File: find.info, Node: Reference, Next: Common Tasks, Prev: Configuration, Up: Top
3972 Below are summaries of the command line syntax for the programs
3973 discussed in this manual.
3979 * Invoking updatedb::
3981 * Regular Expressions::
3982 * Environment Variables::
3985 File: find.info, Node: Invoking find, Next: Invoking locate, Up: Reference
3990 find [-H] [-L] [-P] [-D DEBUGOPTIONS] [-OLEVEL] [FILE...] [EXPRESSION]
3992 `find' searches the directory tree rooted at each file name FILE by
3993 evaluating the EXPRESSION on each file it finds in the tree.
3995 The command line may begin with the `-H', `-L', `-P', `-D' and `-O'
3996 options. These are followed by a list of files or directories that
3997 should be searched. If no files to search are specified, the current
3998 directory (`.') is used.
4000 This list of files to search is followed by a list of expressions
4001 describing the files we wish to search for. The first part of the
4002 expression is recognised by the fact that it begins with `-' followed
4003 by some other letters (for example `-print'), or is either `(' or `!'.
4004 Any arguments after it are the rest of the expression.
4006 If no expression is given, the expression `-print' is used.
4008 The `find' command exits with status zero if all files matched are
4009 processed successfully, greater than zero if errors occur.
4011 The `find' program also recognises two options for administrative
4015 Print a summary of the command line usage and exit.
4018 Print the version number of `find' and exit.
4020 The `-version' option is a synonym for `--version'
4024 * Filesystem Traversal Options::
4025 * Warning Messages::
4026 * Optimisation Options::
4028 * Find Expressions::
4031 File: find.info, Node: Filesystem Traversal Options, Next: Warning Messages, Up: Invoking find
4033 8.1.1 Filesystem Traversal Options
4034 ----------------------------------
4036 The options `-H', `-L' or `-P' may be specified at the start of the
4037 command line (if none of these is specified, `-P' is assumed). If you
4038 specify more than one of these options, the last one specified takes
4039 effect (but note that the `-follow' option is equivalent to `-L').
4042 Never follow symbolic links (this is the default), except in the
4043 case of the `-xtype' predicate.
4046 Always follow symbolic links, except in the case of the `-xtype'
4050 Follow symbolic links specified in the list of files to search, or
4051 which are otherwise specified on the command line.
4053 If `find' would follow a symbolic link, but cannot for any reason
4054 (for example, because it has insufficient permissions or the link is
4055 broken), it falls back on using the properties of the symbolic link
4056 itself. *note Symbolic Links:: for a more complete description of how
4057 symbolic links are handled.
4060 File: find.info, Node: Warning Messages, Next: Optimisation Options, Prev: Filesystem Traversal Options, Up: Invoking find
4062 8.1.2 Warning Messages
4063 ----------------------
4065 If there is an error on the `find' command line, an error message is
4066 normally issued. However, there are some usages that are inadvisable
4067 but which `find' should still accept. Under these circumstances,
4068 `find' may issue a warning message.
4070 By default, warnings are enabled only if `find' is being run
4071 interactively (specifically, if the standard input is a terminal) and
4072 the `POSIXLY_CORRECT' environment variable is not set. Warning
4073 messages can be controlled explicitly by the use of options on the
4077 Issue warning messages where appropriate.
4080 Do not issue warning messages.
4082 These options take effect at the point on the command line where they
4083 are specified. Therefore it's not useful to specify `-nowarn' at the
4084 end of the command line. The warning messages affected by the above
4085 options are triggered by:
4087 - Use of the `-d' option which is deprecated; please use `-depth'
4088 instead, since the latter is POSIX-compliant.
4090 - Use of the `-ipath' option which is deprecated; please use
4091 `-iwholename' instead.
4093 - Specifying an option (for example `-mindepth') after a non-option
4094 (for example `-type' or `-print') on the command line.
4096 - Use of the `-name' or `-iname' option with a slash character in
4097 the pattern. Since the name predicates only compare against the
4098 basename of the visited files, the only file that can match a
4099 slash is the root directory itself.
4101 The default behaviour above is designed to work in that way so that
4102 existing shell scripts don't generate spurious errors, but people will
4103 be made aware of the problem.
4105 Some warning messages are issued for less common or more serious
4106 problems, and consequently cannot be turned off:
4108 - Use of an unrecognised backslash escape sequence with `-fprintf'
4110 - Use of an unrecognised formatting directive with `-fprintf'
4113 File: find.info, Node: Optimisation Options, Next: Debug Options, Prev: Warning Messages, Up: Invoking find
4115 8.1.3 Optimisation Options
4116 --------------------------
4118 The `-OLEVEL' option sets `find''s optimisation level to LEVEL. The
4119 default optimisation level is 1.
4121 At certain optimisation levels, `find' reorders tests to speed up
4122 execution while preserving the overall effect; that is, predicates with
4123 side effects are not reordered relative to each other. The
4124 optimisations performed at each optimisation level are as follows.
4127 Currently equivalent to optimisation level 1.
4130 This is the default optimisation level and corresponds to the
4131 traditional behaviour. Expressions are reordered so that tests
4132 based only on the names of files (for example` -name' and
4133 `-regex') are performed first.
4136 Any `-type' or `-xtype' tests are performed after any tests based
4137 only on the names of files, but before any tests that require
4138 information from the inode. On many modern versions of Unix, file
4139 types are returned by `readdir()' and so these predicates are
4140 faster to evaluate than predicates which need to stat the file
4143 If you use the `-fstype FOO' predicate and specify a filsystem
4144 type `FOO' which is not known (that is, present in `/etc/mtab') at
4145 the time `find' starts, that predicate is equivalent to `-false'.
4148 At this optimisation level, the full cost-based query optimiser is
4149 enabled. The order of tests is modified so that cheap (i.e., fast)
4150 tests are performed first and more expensive ones are performed
4151 later, if necessary. Within each cost band, predicates are
4152 evaluated earlier or later according to whether they are likely to
4153 succeed or not. For `-o', predicates which are likely to succeed
4154 are evaluated earlier, and for `-a', predicates which are likely
4155 to fail are evaluated earlier.
4158 File: find.info, Node: Debug Options, Next: Find Expressions, Prev: Optimisation Options, Up: Invoking find
4163 The `-D' option makes `find' produce diagnostic output. Much of the
4164 information is useful only for diagnosing problems, and so most people
4165 will not find this option helpful.
4167 The list of debug options should be comma separated. Compatibility
4168 of the debug options is not guaranteed between releases of findutils.
4169 For a complete list of valid debug options, see the output of `find -D
4170 help'. Valid debug options include:
4172 Explain the debugging options.
4175 Show the expression tree in its original and optimised form.
4178 Print messages as files are examined with the stat and lstat system
4179 calls. The find program tries to minimise such calls.
4182 Prints diagnostic information relating to the optimisation of the
4183 expression tree; see the `-O' option.
4186 Prints a summary indicating how often each predicate succeeded or
4190 File: find.info, Node: Find Expressions, Prev: Debug Options, Up: Invoking find
4192 8.1.5 Find Expressions
4193 ----------------------
4195 The final part of the `find' command line is a list of expressions.
4196 *Note Primary Index::, for a summary of all of the tests, actions, and
4197 options that the expression can contain. If the expression is missing,
4198 `-print' is assumed.
4201 File: find.info, Node: Invoking locate, Next: Invoking updatedb, Prev: Invoking find, Up: Reference
4203 8.2 Invoking `locate'
4204 =====================
4206 locate [OPTION...] PATTERN...
4208 For each PATTERN given `locate' searches one or more file name
4209 databases returning each match of PATTERN.
4211 For each PATTERN given `locate' searches one or more file name
4212 databases returning each match of PATTERN.
4216 Print only names which match all non-option arguments, not those
4217 matching one or more non-option arguments.
4221 The specified pattern is matched against just the last component of
4222 the name of a file in the `locate' database. This last component
4223 is also called the "base name". For example, the base name of
4224 `/tmp/mystuff/foo.old.c' is `foo.old.c'. If the pattern contains
4225 metacharacters, it must match the base name exactly. If not, it
4226 must match part of the base name.
4230 Instead of printing the matched file names, just print the total
4231 number of matches found, unless `--print' (`-p') is also present.
4235 Instead of searching the default `locate' database
4236 `/usr/local/var/locatedb', `locate' searches the file name
4237 databases in PATH, which is a colon-separated list of database
4238 file names. You can also use the environment variable
4239 `LOCATE_PATH' to set the list of database files to search. The
4240 option overrides the environment variable if both are used. Empty
4241 elements in PATH (that is, a leading or trailing colon, or two
4242 colons in a row) are taken to stand for the default database. A
4243 database can be supplied on stdin, using `-' as an element of
4244 `path'. If more than one element of `path' is `-', later instances
4245 are ignored (but a warning message is printed).
4249 Only print out such names which currently exist (instead of such
4250 names which existed when the database was created). Note that
4251 this may slow down the program a lot, if there are many matches in
4252 the database. The way in which broken symbolic links are treated
4253 is affected by the `-L', `-P' and `-H' options. Please note that
4254 it is possible for the file to be deleted after `locate' has
4255 checked that it exists, but before you use it. This option is
4256 automatically turned on when reading an `slocate' database in
4257 secure mode (*note slocate Database Format::).
4261 Only print out such names which currently do not exist (instead of
4262 such names which existed when the database was created). Note that
4263 this may slow down the program a lot, if there are many matches in
4264 the database. The way in which broken symbolic links are treated
4265 is affected by the `-L', `-P' and `-H' options. Please note that
4266 `locate' checks that the file does not exist, but a file of the
4267 same name might be created after `locate''s check but before you
4268 read `locate''s output.
4272 If testing for the existence of files (with the `-e' or `-E'
4273 options), consider broken symbolic links to be non-existing. This
4274 is the default behaviour.
4279 If testing for the existence of files (with the `-e' or `-E'
4280 options), treat broken symbolic links as if they were existing
4281 files. The `-H' form of this option is provided purely for
4282 similarity with `find'; the use of `-P' is recommended over `-H'.
4286 Ignore case distinctions in both the pattern and the file names.
4290 Limit the number of results printed to N. When used with the
4291 `--count' option, the value printed will never be larger than this
4294 `--max-database-age=D'
4295 Normally, `locate' will issue a warning message when it searches a
4296 database which is more than 8 days old. This option changes that
4297 value to something other than 8. The effect of specifying a
4298 negative value is undefined.
4302 Accepted but does nothing. The option is supported only to provide
4303 compatibility with BSD's `locate'.
4307 Results are separated with the ASCII NUL character rather than the
4308 newline character. To get the full benefit of this option, use
4309 the new `locate' database format (that is the default anyway).
4313 Print search results when they normally would not be due to use of
4314 `--statistics' (`-S') or `--count' (`-c').
4318 The specified pattern is matched against the whole name of the
4319 file in the `locate' database. If the pattern contains
4320 metacharacters, it must match exactly. If not, it must match part
4321 of the whole file name. This is the default behaviour.
4325 Instead of using substring or shell glob matching, the pattern
4326 specified on the command line is understood to be a regular
4327 expression. GNU Emacs-style regular expressions are assumed unless
4328 the `--regextype' option is also given. File names from the
4329 `locate' database are matched using the specified regular
4330 expression. If the `-i' flag is also given, matching is
4331 case-insensitive. Matches are performed against the whole path
4332 name, and so by default a pathname will be matched if any part of
4333 it matches the specified regular expression. The regular
4334 expression may use `^' or `$' to anchor a match at the beginning
4335 or end of a pathname.
4338 This option changes the regular expression syntax and behaviour
4339 used by the `--regex' option. *note Regular Expressions:: for more
4340 information on the regular expression dialects understood by GNU
4345 Accepted but does nothing. The option is supported only to provide
4346 compatibility with BSD's `locate'.
4350 Print some summary information for each `locate' database. No
4351 search is performed unless non-option arguments are given.
4352 Although the BSD version of locate also has this option, the
4353 format of the output is different.
4356 Print a summary of the command line usage for `locate' and exit.
4359 Print the version number of `locate' and exit.
4362 File: find.info, Node: Invoking updatedb, Next: Invoking xargs, Prev: Invoking locate, Up: Reference
4364 8.3 Invoking `updatedb'
4365 =======================
4367 updatedb [OPTION...]
4369 `updatedb' creates and updates the database of file names used by
4370 `locate'. `updatedb' generates a list of files similar to the output
4371 of `find' and then uses utilities for optimizing the database for
4372 performance. `updatedb' is often run periodically as a `cron' job and
4373 configured with environment variables or command options. Typically,
4374 operating systems have a shell script that "exports" configurations for
4375 variable definitions and uses another shell script that "sources" the
4376 configuration file into the environment and then executes `updatedb' in
4379 `--findoptions='OPTION...''
4380 Global options to pass on to `find'. The environment variable
4381 `FINDOPTIONS' also sets this value. Default is none.
4383 `--localpaths='PATH...''
4384 Non-network directories to put in the database. Default is `/'.
4386 `--netpaths='PATH...''
4387 Network (NFS, AFS, RFS, etc.) directories to put in the database.
4388 The environment variable `NETPATHS' also sets this value. Default
4391 `--prunepaths='PATH...''
4392 Directories to omit from the database, which would otherwise be
4393 included. The environment variable `PRUNEPATHS' also sets this
4394 value. Default is `/tmp /usr/tmp /var/tmp /afs'. The paths are
4395 used as regular expressions (with `find ... -regex', so you need
4396 to specify these paths in the same way that `find' will encounter
4397 them. This means for example that the paths must not include
4400 `--prunefs='PATH...''
4401 Filesystems to omit from the database, which would otherwise be
4402 included. Note that files are pruned when a filesystem is reached;
4403 Any filesystem mounted under an undesired filesystem will be
4404 ignored. The environment variable `PRUNEFS' also sets this value.
4405 Default is `nfs NFS proc'.
4408 The database file to build. The default is system-dependent, but
4409 when this document was formatted it was `/usr/local/var/locatedb'.
4412 The user to search the non-network directories as, using `su'.
4413 Default is to search the non-network directories as the current
4414 user. You can also use the environment variable `LOCALUSER' to
4418 The user to search network directories as, using `su'. Default
4419 `user' is `daemon'. You can also use the environment variable
4420 `NETUSER' to set this user.
4423 Generate a `locate' database in the old format, for compatibility
4424 with versions of `locate' other than GNU `locate'. Using this
4425 option means that `locate' will not be able to properly handle
4426 non-ASCII characters in file names (that is, file names containing
4427 characters which have the eighth bit set, such as many of the
4428 characters from the ISO-8859-1 character set). *Note Database
4429 Formats::, for a detailed description of the supported database
4433 Generate the locate database in format `FORMAT'. Supported
4434 database formats include `LOCATE02' (which is the default), `old'
4435 and `slocate'. The `old' format exists for compatibility with
4436 implementations of `locate' on other Unix systems. The `slocate'
4437 format exists for compatibility with `slocate'. *Note Database
4438 Formats::, for a detailed description of each format.
4441 Print a summary of the command line usage and exit.
4444 Print the version number of `updatedb' and exit.
4447 File: find.info, Node: Invoking xargs, Next: Regular Expressions, Prev: Invoking updatedb, Up: Reference
4449 8.4 Invoking `xargs'
4450 ====================
4452 xargs [OPTION...] [COMMAND [INITIAL-ARGUMENTS]]
4454 `xargs' exits with the following status:
4460 if any invocation of the command exited with status 1-125
4463 if the command exited with status 255
4466 if the command is killed by a signal
4469 if the command cannot be run
4472 if the command is not found
4475 if some other error occurred.
4477 Exit codes greater than 128 are used by the shell to indicate that a
4478 program died due to a fatal signal.
4483 * Invoking the shell from xargs::
4486 File: find.info, Node: xargs options, Next: Invoking the shell from xargs, Up: Invoking xargs
4491 `--arg-file=INPUTFILE'
4493 Read names from the file INPUTFILE instead of standard input. If
4494 you use this option, the standard input stream remains unchanged
4495 when commands are run. Otherwise, stdin is redirected from
4500 Input file names are terminated by a null character instead of by
4501 whitespace, and any quotes and backslash characters are not
4502 considered special (every character is taken literally). Disables
4503 the end of file string, which is treated like any other argument.
4507 Input file names are terminated by the specified character DELIM
4508 instead of by whitespace, and any quotes and backslash characters
4509 are not considered special (every character is taken literally).
4510 Disables the logical end of file marker string, which is treated
4511 like any other argument.
4513 The specified delimiter may be a single character, a C-style
4514 character escape such as `\n', or an octal or hexadecimal escape
4515 code. Octal and hexadecimal escape codes are understood as for the
4516 `printf' command. Multibyte characters are not supported.
4521 Set the logical end of file marker string to EOF-STR. If the
4522 logical end of file marker string occurs as a line of input, the
4523 rest of the input is ignored. If EOF-STR is omitted (`-e') or
4524 blank (either `-e' or `-E'), there is no logical end of file marker
4525 string. The `-e' form of this option is deprecated in favour of
4526 the POSIX-compliant `-E' option, which you should use instead. As
4527 of GNU `xargs' version 4.2.9, the default behaviour of `xargs' is
4528 not to have a logical end of file marker string. The POSIX
4529 standard (IEEE Std 1003.1, 2004 Edition) allows this.
4531 The logical end of file marker string is not treated specially if
4532 the `-d' or the `-0' options are in effect. That is, when either
4533 of these options are in effect, the whole input file will be read
4534 even if `-E' was used.
4537 Print a summary of the options to `xargs' and exit.
4540 `--replace[=REPLACE-STR]'
4542 Replace occurrences of REPLACE-STR in the initial arguments with
4543 names read from standard input. Also, unquoted blanks do not
4544 terminate arguments; instead, the input is split at newlines only.
4545 If REPLACE-STR is omitted (omitting it is allowed only for `-i'),
4546 it defaults to `{}' (like for `find -exec'). Implies `-x' and `-l
4547 1'. The `-i' option is deprecated in favour of the `-I' option.
4550 `--max-lines[=MAX-LINES]'
4552 Use at most MAX-LINES non-blank input lines per command line. For
4553 `-l', MAX-LINES defaults to 1 if omitted. For `-L', the argument
4554 is mandatory. Trailing blanks cause an input line to be logically
4555 continued on the next input line, for the purpose of counting the
4556 lines. Implies `-x'. The `-l' form of this option is deprecated
4557 in favour of the POSIX-compliant `-L' option.
4559 `--max-args=MAX-ARGS'
4561 Use at most MAX-ARGS arguments per command line. Fewer than
4562 MAX-ARGS arguments will be used if the size (see the `-s' option)
4563 is exceeded, unless the `-x' option is given, in which case
4568 Prompt the user about whether to run each command line and read a
4569 line from the terminal. Only run the command line if the response
4570 starts with `y' or `Y'. Implies `-t'.
4574 If the standard input is completely empty, do not run the command.
4575 By default, the command is run once even if there is no input.
4577 `--max-chars=MAX-CHARS'
4579 Use at most MAX-CHARS characters per command line, including the
4580 command, initial arguments and any terminating nulls at the ends of
4581 the argument strings.
4584 Display the limits on the command-line length which are imposed by
4585 the operating system, `xargs'' choice of buffer size and the `-s'
4586 option. Pipe the input from `/dev/null' (and perhaps specify
4587 `--no-run-if-empty') if you don't want `xargs' to do anything.
4591 Print the command line on the standard error output before
4595 Print the version number of `xargs' and exit.
4599 Exit if the size (see the `-s' option) is exceeded.
4601 `--max-procs=MAX-PROCS'
4603 Run simultaneously up to MAX-PROCS processes at once; the default
4604 is 1. If MAX-PROCS is 0, `xargs' will run as many processes as
4605 possible simultaneously.
4607 `--process-slot-var=ENVIRONMENT-VARIABLE-NAME'
4608 Set the environment variable ENVIRONMENT-VARIABLE-NAME to a unique
4609 value in each running child process. Each value is a decimal
4610 integer. Values are reused once child processes exit. This can be
4611 used in a rudimentary load distribution scheme, for example.
4614 File: find.info, Node: Invoking the shell from xargs, Prev: xargs options, Up: Invoking xargs
4616 8.4.2 Invoking the shell from xargs
4617 -----------------------------------
4619 Normally, `xargs' will exec the command you specified directly, without
4620 invoking a shell. This is normally the behaviour one would want. It's
4621 somewhat more efficient and avoids problems with shell metacharacters,
4622 for example. However, sometimes it is necessary to manipulate the
4623 environment of a command before it is run, in a way that `xargs' does
4624 not directly support.
4626 Invoking a shell from `xargs' is a good way of performing such
4627 manipulations. However, some care must be taken to prevent problems,
4628 for example unwanted interpretation of shell metacharacters.
4630 This command moves a set of files into an archive directory:
4632 find /foo -maxdepth 1 -atime +366 -exec mv {} /archive \;
4634 However, this will only move one file at a time. We cannot in this
4635 case use `-exec ... +' because the matched file names are added at the
4636 end of the command line, while the destination directory would need to
4637 be specified last. We also can't use `xargs' in the obvious way for
4638 the same reason. One way of working around this problem is to make use
4639 of the special properties of GNU `mv'; it has a `-t' option that allows
4640 the target directory to be specified before the list of files to be
4641 moved. However, while this technique works for GNU `mv', it doesn't
4642 solve the more general problem.
4644 Here is a more general technique for solving this problem:
4646 find /foo -maxdepth 1 -atime +366 -print0 |
4647 xargs -r0 sh -c 'mv "$@" /archive' move
4649 Here, a shell is being invoked. There are two shell instances to
4650 think about. The first is the shell which launches the `xargs' command
4651 (this might be the shell into which you are typing, for example). The
4652 second is the shell launched by `xargs' (in fact it will probably
4653 launch several, one after the other, depending on how many files need to
4654 be archived). We'll refer to this second shell as a subshell.
4656 Our example uses the `-c' option of `sh'. Its argument is a shell
4657 command to be executed by the subshell. Along with the rest of that
4658 command, the $@ is enclosed by single quotes to make sure it is passed
4659 to the subshell without being expanded by the parent shell. It is also
4660 enclosed with double quotes so that the subshell will expand `$@'
4661 correctly even if one of the file names contains a space or newline.
4663 The subshell will use any non-option arguments as positional
4664 parameters (that is, in the expansion of `$@'). Because `xargs'
4665 launches the `sh -c' subshell with a list of files, those files will
4666 end up as the expansion of `$@'.
4668 You may also notice the `move' at the end of the command line. This
4669 is used as the value of `$0' by the subshell. We include it because
4670 otherwise the name of the first file to be moved would be used instead.
4671 If that happened it would not be included in the subshell's expansion
4672 of `$@', and so it wouldn't actually get moved.
4674 Another reason to use the `sh -c' construct could be to perform
4677 find /usr/include -name '*.h' | xargs grep -wl mode_t |
4678 xargs -r sh -c 'exec emacs "$@" < /dev/tty' Emacs
4680 Notice that we use the shell builtin `exec' here. That's simply
4681 because the subshell needs to do nothing once Emacs has been invoked.
4682 Therefore instead of keeping a `sh' process around for no reason, we
4683 just arrange for the subshell to exec Emacs, saving an extra process
4686 Sometimes, though, it can be helpful to keep the shell process
4689 find /foo -maxdepth 1 -atime +366 -print0 |
4690 xargs -r0 sh -c 'mv "$@" /archive || exit 255' move
4692 Here, the shell will exit with status 255 if any `mv' failed. This
4693 causes `xargs' to stop immediately.
4696 File: find.info, Node: Regular Expressions, Next: Environment Variables, Prev: Invoking xargs, Up: Reference
4698 8.5 Regular Expressions
4699 =======================
4701 The `-regex' and `-iregex' tests of `find' allow matching by regular
4702 expression, as does the `--regex' option of `locate'.
4704 Your locale configuration affects how regular expressions are
4705 interpreted. *Note Environment Variables::, for a description of how
4706 your locale setup affects the interpretation of regular expressions.
4708 There are also several different types of regular expression, and
4709 these are interpreted differently. Normally, the type of regular
4710 expression used by `find' and `locate' is the same as is used in GNU
4711 Emacs. Both programs provide an option which allows you to select an
4712 alternative regular expression syntax; for `find' this is the
4713 `-regextype' option, and for `locate' this is the `--regextype' option.
4715 These options take a single argument, which indicates the specific
4716 regular expression syntax and behaviour that should be used. This
4717 should be one of the following:
4721 * findutils-default regular expression syntax::
4722 * awk regular expression syntax::
4723 * egrep regular expression syntax::
4724 * emacs regular expression syntax::
4725 * gnu-awk regular expression syntax::
4726 * grep regular expression syntax::
4727 * posix-awk regular expression syntax::
4728 * posix-basic regular expression syntax::
4729 * posix-egrep regular expression syntax::
4730 * posix-extended regular expression syntax::
4733 File: find.info, Node: findutils-default regular expression syntax, Next: awk regular expression syntax, Up: Regular Expressions
4735 8.5.1 `findutils-default' regular expression syntax
4736 ---------------------------------------------------
4738 The character `.' matches any single character.
4741 indicates that the regular expression should match one or more
4742 occurrences of the previous atom or regexp.
4745 indicates that the regular expression should match zero or one
4746 occurrence of the previous atom or regexp.
4754 Bracket expressions are used to match ranges of characters. Bracket
4755 expressions where the range is backward, for example `[z-a]', are
4756 ignored. Within square brackets, `\' is taken literally. Character
4757 classes are not supported, so for example you would need to use `[0-9]'
4758 instead of `[[:digit:]]'.
4760 GNU extensions are supported:
4761 1. `\w' matches a character within a word
4763 2. `\W' matches a character which is not within a word
4765 3. `\<' matches the beginning of a word
4767 4. `\>' matches the end of a word
4769 5. `\b' matches a word boundary
4771 6. `\B' matches characters which are not a word boundary
4773 7. `\`' matches the beginning of the whole input
4775 8. `\'' matches the end of the whole input
4778 Grouping is performed with backslashes followed by parentheses `\(',
4779 `\)'. A backslash followed by a digit acts as a back-reference and
4780 matches the same thing as the previous grouped expression indicated by
4781 that number. For example `\2' matches the second group expression.
4782 The order of group expressions is determined by the position of their
4783 opening parenthesis `\('.
4785 The alternation operator is `\|'.
4787 The character `^' only represents the beginning of a string when it
4789 1. At the beginning of a regular expression
4791 2. After an open-group, signified by `\('
4793 3. After the alternation operator `\|'
4796 The character `$' only represents the end of a string when it
4798 1. At the end of a regular expression
4800 2. Before a close-group, signified by `\)'
4802 3. Before the alternation operator `\|'
4805 `*', `+' and `?' are special at any point in a regular expression
4807 1. At the beginning of a regular expression
4809 2. After an open-group, signified by `\('
4811 3. After the alternation operator `\|'
4814 The longest possible match is returned; this applies to the regular
4815 expression as a whole and (subject to this constraint) to
4816 subexpressions within groups.
4819 File: find.info, Node: awk regular expression syntax, Next: egrep regular expression syntax, Prev: findutils-default regular expression syntax, Up: Regular Expressions
4821 8.5.2 `awk' regular expression syntax
4822 -------------------------------------
4824 The character `.' matches any single character except the null
4828 indicates that the regular expression should match one or more
4829 occurrences of the previous atom or regexp.
4832 indicates that the regular expression should match zero or one
4833 occurrence of the previous atom or regexp.
4841 Bracket expressions are used to match ranges of characters. Bracket
4842 expressions where the range is backward, for example `[z-a]', are
4843 invalid. Within square brackets, `\' can be used to quote the
4844 following character. Character classes are supported; for example
4845 `[[:digit:]]' will match a single decimal digit.
4847 GNU extensions are not supported and so `\w', `\W', `\<', `\>',
4848 `\b', `\B', `\`', and `\'' match `w', `W', `<', `>', `b', `B', ``', and
4851 Grouping is performed with parentheses `()'. An unmatched `)'
4852 matches just itself. A backslash followed by a digit matches that
4855 The alternation operator is `|'.
4857 The characters `^' and `$' always represent the beginning and end of
4858 a string respectively, except within square brackets. Within brackets,
4859 `^' can be used to invert the membership of the character class being
4862 `*', `+' and `?' are special at any point in a regular expression
4864 1. At the beginning of a regular expression
4866 2. After an open-group, signified by `('
4868 3. After the alternation operator `|'
4871 The longest possible match is returned; this applies to the regular
4872 expression as a whole and (subject to this constraint) to
4873 subexpressions within groups.
4876 File: find.info, Node: egrep regular expression syntax, Next: emacs regular expression syntax, Prev: awk regular expression syntax, Up: Regular Expressions
4878 8.5.3 `egrep' regular expression syntax
4879 ---------------------------------------
4881 The character `.' matches any single character except newline.
4884 indicates that the regular expression should match one or more
4885 occurrences of the previous atom or regexp.
4888 indicates that the regular expression should match zero or one
4889 occurrence of the previous atom or regexp.
4897 Bracket expressions are used to match ranges of characters. Bracket
4898 expressions where the range is backward, for example `[z-a]', are
4899 ignored. Within square brackets, `\' is taken literally. Character
4900 classes are supported; for example `[[:digit:]]' will match a single
4901 decimal digit. Non-matching lists `[^...]' do not ever match newline.
4903 GNU extensions are supported:
4904 1. `\w' matches a character within a word
4906 2. `\W' matches a character which is not within a word
4908 3. `\<' matches the beginning of a word
4910 4. `\>' matches the end of a word
4912 5. `\b' matches a word boundary
4914 6. `\B' matches characters which are not a word boundary
4916 7. `\`' matches the beginning of the whole input
4918 8. `\'' matches the end of the whole input
4921 Grouping is performed with parentheses `()'. A backslash followed
4922 by a digit acts as a back-reference and matches the same thing as the
4923 previous grouped expression indicated by that number. For example `\2'
4924 matches the second group expression. The order of group expressions is
4925 determined by the position of their opening parenthesis `('.
4927 The alternation operator is `|'.
4929 The characters `^' and `$' always represent the beginning and end of
4930 a string respectively, except within square brackets. Within brackets,
4931 `^' can be used to invert the membership of the character class being
4934 The characters `*', `+' and `?' are special anywhere in a regular
4937 The longest possible match is returned; this applies to the regular
4938 expression as a whole and (subject to this constraint) to
4939 subexpressions within groups.
4942 File: find.info, Node: emacs regular expression syntax, Next: gnu-awk regular expression syntax, Prev: egrep regular expression syntax, Up: Regular Expressions
4944 8.5.4 `emacs' regular expression syntax
4945 ---------------------------------------
4947 The character `.' matches any single character except newline.
4950 indicates that the regular expression should match one or more
4951 occurrences of the previous atom or regexp.
4954 indicates that the regular expression should match zero or one
4955 occurrence of the previous atom or regexp.
4963 Bracket expressions are used to match ranges of characters. Bracket
4964 expressions where the range is backward, for example `[z-a]', are
4965 ignored. Within square brackets, `\' is taken literally. Character
4966 classes are not supported, so for example you would need to use `[0-9]'
4967 instead of `[[:digit:]]'.
4969 GNU extensions are supported:
4970 1. `\w' matches a character within a word
4972 2. `\W' matches a character which is not within a word
4974 3. `\<' matches the beginning of a word
4976 4. `\>' matches the end of a word
4978 5. `\b' matches a word boundary
4980 6. `\B' matches characters which are not a word boundary
4982 7. `\`' matches the beginning of the whole input
4984 8. `\'' matches the end of the whole input
4987 Grouping is performed with backslashes followed by parentheses `\(',
4988 `\)'. A backslash followed by a digit acts as a back-reference and
4989 matches the same thing as the previous grouped expression indicated by
4990 that number. For example `\2' matches the second group expression.
4991 The order of group expressions is determined by the position of their
4992 opening parenthesis `\('.
4994 The alternation operator is `\|'.
4996 The character `^' only represents the beginning of a string when it
4998 1. At the beginning of a regular expression
5000 2. After an open-group, signified by `\('
5002 3. After the alternation operator `\|'
5005 The character `$' only represents the end of a string when it
5007 1. At the end of a regular expression
5009 2. Before a close-group, signified by `\)'
5011 3. Before the alternation operator `\|'
5014 `*', `+' and `?' are special at any point in a regular expression
5016 1. At the beginning of a regular expression
5018 2. After an open-group, signified by `\('
5020 3. After the alternation operator `\|'
5023 The longest possible match is returned; this applies to the regular
5024 expression as a whole and (subject to this constraint) to
5025 subexpressions within groups.
5028 File: find.info, Node: gnu-awk regular expression syntax, Next: grep regular expression syntax, Prev: emacs regular expression syntax, Up: Regular Expressions
5030 8.5.5 `gnu-awk' regular expression syntax
5031 -----------------------------------------
5033 The character `.' matches any single character.
5036 indicates that the regular expression should match one or more
5037 occurrences of the previous atom or regexp.
5040 indicates that the regular expression should match zero or one
5041 occurrence of the previous atom or regexp.
5049 Bracket expressions are used to match ranges of characters. Bracket
5050 expressions where the range is backward, for example `[z-a]', are
5051 invalid. Within square brackets, `\' can be used to quote the
5052 following character. Character classes are supported; for example
5053 `[[:digit:]]' will match a single decimal digit.
5055 GNU extensions are supported:
5056 1. `\w' matches a character within a word
5058 2. `\W' matches a character which is not within a word
5060 3. `\<' matches the beginning of a word
5062 4. `\>' matches the end of a word
5064 5. `\b' matches a word boundary
5066 6. `\B' matches characters which are not a word boundary
5068 7. `\`' matches the beginning of the whole input
5070 8. `\'' matches the end of the whole input
5073 Grouping is performed with parentheses `()'. An unmatched `)'
5074 matches just itself. A backslash followed by a digit acts as a
5075 back-reference and matches the same thing as the previous grouped
5076 expression indicated by that number. For example `\2' matches the
5077 second group expression. The order of group expressions is determined
5078 by the position of their opening parenthesis `('.
5080 The alternation operator is `|'.
5082 The characters `^' and `$' always represent the beginning and end of
5083 a string respectively, except within square brackets. Within brackets,
5084 `^' can be used to invert the membership of the character class being
5087 `*', `+' and `?' are special at any point in a regular expression
5089 1. At the beginning of a regular expression
5091 2. After an open-group, signified by `('
5093 3. After the alternation operator `|'
5096 Intervals are specified by `{' and `}'. Invalid intervals are
5097 treated as literals, for example `a{1' is treated as `a\{1'
5099 The longest possible match is returned; this applies to the regular
5100 expression as a whole and (subject to this constraint) to
5101 subexpressions within groups.
5104 File: find.info, Node: grep regular expression syntax, Next: posix-awk regular expression syntax, Prev: gnu-awk regular expression syntax, Up: Regular Expressions
5106 8.5.6 `grep' regular expression syntax
5107 --------------------------------------
5109 The character `.' matches any single character except newline.
5112 indicates that the regular expression should match one or more
5113 occurrences of the previous atom or regexp.
5116 indicates that the regular expression should match zero or one
5117 occurrence of the previous atom or regexp.
5122 Bracket expressions are used to match ranges of characters. Bracket
5123 expressions where the range is backward, for example `[z-a]', are
5124 ignored. Within square brackets, `\' is taken literally. Character
5125 classes are supported; for example `[[:digit:]]' will match a single
5126 decimal digit. Non-matching lists `[^...]' do not ever match newline.
5128 GNU extensions are supported:
5129 1. `\w' matches a character within a word
5131 2. `\W' matches a character which is not within a word
5133 3. `\<' matches the beginning of a word
5135 4. `\>' matches the end of a word
5137 5. `\b' matches a word boundary
5139 6. `\B' matches characters which are not a word boundary
5141 7. `\`' matches the beginning of the whole input
5143 8. `\'' matches the end of the whole input
5146 Grouping is performed with backslashes followed by parentheses `\(',
5147 `\)'. A backslash followed by a digit acts as a back-reference and
5148 matches the same thing as the previous grouped expression indicated by
5149 that number. For example `\2' matches the second group expression.
5150 The order of group expressions is determined by the position of their
5151 opening parenthesis `\('.
5153 The alternation operator is `\|'.
5155 The character `^' only represents the beginning of a string when it
5157 1. At the beginning of a regular expression
5159 2. After an open-group, signified by `\('
5163 4. After the alternation operator `\|'
5166 The character `$' only represents the end of a string when it
5168 1. At the end of a regular expression
5170 2. Before a close-group, signified by `\)'
5174 4. Before the alternation operator `\|'
5177 `\*', `\+' and `\?' are special at any point in a regular expression
5179 1. At the beginning of a regular expression
5181 2. After an open-group, signified by `\('
5185 4. After the alternation operator `\|'
5188 Intervals are specified by `\{' and `\}'. Invalid intervals such as
5189 `a\{1z' are not accepted.
5191 The longest possible match is returned; this applies to the regular
5192 expression as a whole and (subject to this constraint) to
5193 subexpressions within groups.
5196 File: find.info, Node: posix-awk regular expression syntax, Next: posix-basic regular expression syntax, Prev: grep regular expression syntax, Up: Regular Expressions
5198 8.5.7 `posix-awk' regular expression syntax
5199 -------------------------------------------
5201 The character `.' matches any single character except the null
5205 indicates that the regular expression should match one or more
5206 occurrences of the previous atom or regexp.
5209 indicates that the regular expression should match zero or one
5210 occurrence of the previous atom or regexp.
5218 Bracket expressions are used to match ranges of characters. Bracket
5219 expressions where the range is backward, for example `[z-a]', are
5220 invalid. Within square brackets, `\' can be used to quote the
5221 following character. Character classes are supported; for example
5222 `[[:digit:]]' will match a single decimal digit.
5224 GNU extensions are not supported and so `\w', `\W', `\<', `\>',
5225 `\b', `\B', `\`', and `\'' match `w', `W', `<', `>', `b', `B', ``', and
5228 Grouping is performed with parentheses `()'. An unmatched `)'
5229 matches just itself. A backslash followed by a digit acts as a
5230 back-reference and matches the same thing as the previous grouped
5231 expression indicated by that number. For example `\2' matches the
5232 second group expression. The order of group expressions is determined
5233 by the position of their opening parenthesis `('.
5235 The alternation operator is `|'.
5237 The characters `^' and `$' always represent the beginning and end of
5238 a string respectively, except within square brackets. Within brackets,
5239 `^' can be used to invert the membership of the character class being
5242 `*', `+' and `?' are special at any point in a regular expression
5243 except the following places, where they are not allowed:
5244 1. At the beginning of a regular expression
5246 2. After an open-group, signified by `('
5248 3. After the alternation operator `|'
5251 Intervals are specified by `{' and `}'. Invalid intervals are
5252 treated as literals, for example `a{1' is treated as `a\{1'
5254 The longest possible match is returned; this applies to the regular
5255 expression as a whole and (subject to this constraint) to
5256 subexpressions within groups.
5259 File: find.info, Node: posix-basic regular expression syntax, Next: posix-egrep regular expression syntax, Prev: posix-awk regular expression syntax, Up: Regular Expressions
5261 8.5.8 `posix-basic' regular expression syntax
5262 ---------------------------------------------
5264 This is a synonym for ed.
5267 File: find.info, Node: posix-egrep regular expression syntax, Next: posix-extended regular expression syntax, Prev: posix-basic regular expression syntax, Up: Regular Expressions
5269 8.5.9 `posix-egrep' regular expression syntax
5270 ---------------------------------------------
5272 The character `.' matches any single character except newline.
5275 indicates that the regular expression should match one or more
5276 occurrences of the previous atom or regexp.
5279 indicates that the regular expression should match zero or one
5280 occurrence of the previous atom or regexp.
5288 Bracket expressions are used to match ranges of characters. Bracket
5289 expressions where the range is backward, for example `[z-a]', are
5290 ignored. Within square brackets, `\' is taken literally. Character
5291 classes are supported; for example `[[:digit:]]' will match a single
5292 decimal digit. Non-matching lists `[^...]' do not ever match newline.
5294 GNU extensions are supported:
5295 1. `\w' matches a character within a word
5297 2. `\W' matches a character which is not within a word
5299 3. `\<' matches the beginning of a word
5301 4. `\>' matches the end of a word
5303 5. `\b' matches a word boundary
5305 6. `\B' matches characters which are not a word boundary
5307 7. `\`' matches the beginning of the whole input
5309 8. `\'' matches the end of the whole input
5312 Grouping is performed with parentheses `()'. A backslash followed
5313 by a digit acts as a back-reference and matches the same thing as the
5314 previous grouped expression indicated by that number. For example `\2'
5315 matches the second group expression. The order of group expressions is
5316 determined by the position of their opening parenthesis `('.
5318 The alternation operator is `|'.
5320 The characters `^' and `$' always represent the beginning and end of
5321 a string respectively, except within square brackets. Within brackets,
5322 `^' can be used to invert the membership of the character class being
5325 The characters `*', `+' and `?' are special anywhere in a regular
5328 Intervals are specified by `{' and `}'. Invalid intervals are
5329 treated as literals, for example `a{1' is treated as `a\{1'
5331 The longest possible match is returned; this applies to the regular
5332 expression as a whole and (subject to this constraint) to
5333 subexpressions within groups.
5336 File: find.info, Node: posix-extended regular expression syntax, Prev: posix-egrep regular expression syntax, Up: Regular Expressions
5338 8.5.10 `posix-extended' regular expression syntax
5339 -------------------------------------------------
5341 The character `.' matches any single character except the null
5345 indicates that the regular expression should match one or more
5346 occurrences of the previous atom or regexp.
5349 indicates that the regular expression should match zero or one
5350 occurrence of the previous atom or regexp.
5358 Bracket expressions are used to match ranges of characters. Bracket
5359 expressions where the range is backward, for example `[z-a]', are
5360 invalid. Within square brackets, `\' is taken literally. Character
5361 classes are supported; for example `[[:digit:]]' will match a single
5364 GNU extensions are supported:
5365 1. `\w' matches a character within a word
5367 2. `\W' matches a character which is not within a word
5369 3. `\<' matches the beginning of a word
5371 4. `\>' matches the end of a word
5373 5. `\b' matches a word boundary
5375 6. `\B' matches characters which are not a word boundary
5377 7. `\`' matches the beginning of the whole input
5379 8. `\'' matches the end of the whole input
5382 Grouping is performed with parentheses `()'. An unmatched `)'
5383 matches just itself. A backslash followed by a digit acts as a
5384 back-reference and matches the same thing as the previous grouped
5385 expression indicated by that number. For example `\2' matches the
5386 second group expression. The order of group expressions is determined
5387 by the position of their opening parenthesis `('.
5389 The alternation operator is `|'.
5391 The characters `^' and `$' always represent the beginning and end of
5392 a string respectively, except within square brackets. Within brackets,
5393 `^' can be used to invert the membership of the character class being
5396 `*', `+' and `?' are special at any point in a regular expression
5397 except the following places, where they are not allowed:
5398 1. At the beginning of a regular expression
5400 2. After an open-group, signified by `('
5402 3. After the alternation operator `|'
5405 Intervals are specified by `{' and `}'. Invalid intervals such as
5406 `a{1z' are not accepted.
5408 The longest possible match is returned; this applies to the regular
5409 expression as a whole and (subject to this constraint) to
5410 subexpressions within groups.
5413 File: find.info, Node: Environment Variables, Prev: Regular Expressions, Up: Reference
5415 8.6 Environment Variables
5416 =========================
5419 Provides a default value for the internationalisation variables
5420 that are unset or null.
5423 If set to a non-empty string value, override the values of all the
5424 other internationalisation variables.
5427 The POSIX standard specifies that this variable affects the pattern
5428 matching to be used for the `\-name' option. GNU find uses the
5429 GNU version of the `fnmatch' library function.
5431 This variable also affects the interpretation of the response to
5432 `-ok'; while the `LC_MESSAGES' variable selects the actual pattern
5433 used to interpret the response to `-ok', the interpretation of any
5434 bracket expressions in the pattern will be affected by the
5435 `LC_COLLATE' variable.
5438 This variable affects the treatment of character classes used in
5439 regular expression and with the `-name' test, if the `fnmatch'
5440 function supports this.
5442 This variable also affects the interpretation of any character
5443 classes in the regular expressions used to interpret the response
5444 to the prompt issued by `-ok'. The `LC_CTYPE' environment
5445 variable will also affect which characters are considered to be
5446 unprintable when filenames are printed (*note Unusual Characters
5450 Determines the locale to be used for internationalised messages,
5451 including the interpretation of the response to the prompt made by
5455 Determines the location of the internationalisation message
5459 Affects the directories which are searched to find the executables
5460 invoked by `-exec', `-execdir' `-ok' and `-okdir'. If the PATH
5461 environment variable includes the current directory (by explicitly
5462 including `.' or by having an empty element), and the find command
5463 line includes `-execdir' or `-okdir', `find' will refuse to run.
5464 *Note Security Considerations::, for a more detailed discussion of
5468 Determines the block size used by `-ls' and `-fls'. If
5469 `POSIXLY_CORRECT' is set, blocks are units of 512 bytes. Otherwise
5470 they are units of 1024 bytes.
5472 Setting this variable also turns off warning messages (that is,
5473 implies `-nowarn') by default, because POSIX requires that apart
5474 from the output for `-ok', all messages printed on stderr are
5475 diagnostics and must result in a non-zero exit status.
5477 When `POSIXLY_CORRECT' is set, the response to the prompt made by
5478 the `-ok' action is interpreted according to the system's message
5479 catalogue, as opposed to according to `find''s own message
5483 Affects the time zone used for some of the time-related format
5484 directives of `-printf' and `-fprintf'.
5487 File: find.info, Node: Common Tasks, Next: Worked Examples, Prev: Reference, Up: Top
5492 The sections that follow contain some extended examples that both give
5493 a good idea of the power of these programs, and show you how to solve
5494 common real-world problems.
5498 * Viewing And Editing::
5501 * Strange File Names::
5502 * Fixing Permissions::
5503 * Classifying Files::
5506 File: find.info, Node: Viewing And Editing, Next: Archiving, Up: Common Tasks
5508 9.1 Viewing And Editing
5509 =======================
5511 To view a list of files that meet certain criteria, simply run your
5512 file viewing program with the file names as arguments. Shells
5513 substitute a command enclosed in backquotes with its output, so the
5514 whole command looks like this:
5516 less `find /usr/include -name '*.h' | xargs grep -l mode_t`
5518 You can edit those files by giving an editor name instead of a file
5521 emacs `find /usr/include -name '*.h' | xargs grep -l mode_t`
5523 Because there is a limit to the length of any individual command
5524 line, there is a limit to the number of files that can be handled in
5525 this way. We can get around this difficulty by using `xargs' like this:
5527 find /usr/include -name '*.h' | xargs grep -l mode_t > todo
5528 xargs --arg-file=todo emacs
5530 Here, `xargs' will run `emacs' as many times as necessary to visit
5531 all of the files listed in the file `todo'. Generating a temporary
5532 file is not always convenient, though. This command does much the same
5533 thing without needing one:
5535 find /usr/include -name '*.h' | xargs grep -l mode_t |
5536 xargs sh -c 'emacs "$@" < /dev/tty' Emacs
5538 The example above illustrates a useful trick; Using `sh -c' you can
5539 invoke a shell command from `xargs'. The `$@' in the command line is
5540 expanded by the shell to a list of arguments as provided by `xargs'.
5541 The single quotes in the command line protect the `$@' against
5542 expansion by your interactive shell (which will normally have no
5543 arguments and thus expand `$@' to nothing). The capitalised `Emacs' on
5544 the command line is used as `$0' by the shell that `xargs' launches.
5547 File: find.info, Node: Archiving, Next: Cleaning Up, Prev: Viewing And Editing, Up: Common Tasks
5552 You can pass a list of files produced by `find' to a file archiving
5553 program. GNU `tar' and `cpio' can both read lists of file names from
5554 the standard input - either delimited by nulls (the safe way) or by
5555 blanks (the lazy, risky default way). To use null-delimited names,
5556 give them the `--null' option. You can store a file archive in a file,
5557 write it on a tape, or send it over a network to extract on another
5560 One common use of `find' to archive files is to send a list of the
5561 files in a directory tree to `cpio'. Use `-depth' so if a directory
5562 does not have write permission for its owner, its contents can still be
5563 restored from the archive since the directory's permissions are
5564 restored after its contents. Here is an example of doing this using
5565 `cpio'; you could use a more complex `find' expression to archive only
5568 find . -depth -print0 |
5569 cpio --create --null --format=crc --file=/dev/nrst0
5571 You could restore that archive using this command:
5573 cpio --extract --null --make-dir --unconditional \
5574 --preserve --file=/dev/nrst0
5576 Here are the commands to do the same things using `tar':
5578 find . -depth -print0 |
5579 tar --create --null --files-from=- --file=/dev/nrst0
5581 tar --extract --null --preserve-perm --same-owner \
5584 Here is an example of copying a directory from one machine to
5587 find . -depth -print0 | cpio -0o -Hnewc |
5588 rsh OTHER-MACHINE "cd `pwd` && cpio -i0dum"
5591 File: find.info, Node: Cleaning Up, Next: Strange File Names, Prev: Archiving, Up: Common Tasks
5596 This section gives examples of removing unwanted files in various
5597 situations. Here is a command to remove the CVS backup files created
5598 when an update requires a merge:
5600 find . -name '.#*' -print0 | xargs -0r rm -f
5602 If your `find' command removes directories, you may find that you
5603 get a spurious error message when `find' tries to recurse into a
5604 directory that has now been removed. Using the `-depth' option will
5605 normally resolve this problem.
5607 It is also possible to use the `-delete' action:
5609 find . -depth -name '.#*' -delete
5611 You can run this command to clean out your clutter in `/tmp'. You
5612 might place it in the file your shell runs when you log out
5613 (`.bash_logout', `.logout', or `.zlogout', depending on which shell you
5616 find /tmp -depth -user "$LOGNAME" -type f -delete
5618 To remove old Emacs backup and auto-save files, you can use a command
5619 like the following. It is especially important in this case to use
5620 null-terminated file names because Emacs packages like the VM mailer
5621 often create temporary file names with spaces in them, like `#reply to
5622 David J. MacKenzie<1>#'.
5624 find ~ \( -name '*~' -o -name '#*#' \) -print0 |
5625 xargs --no-run-if-empty --null rm -vf
5627 Removing old files from `/tmp' is commonly done from `cron':
5629 find /tmp /var/tmp -depth -not -type d -mtime +3 -delete
5630 find /tmp /var/tmp -depth -mindepth 1 -type d -empty -delete
5632 The second `find' command above cleans out empty directories
5633 depth-first (`-delete' implies `-depth' anyway), hoping that the
5634 parents become empty and can be removed too. It uses `-mindepth' to
5635 avoid removing `/tmp' itself if it becomes totally empty.
5637 Lastly, an example of a program that almost certainly does not do
5638 what the user intended:
5640 find dirname -delete -name quux
5642 If the user hoped to delete only files named `quux' they will get an
5643 unpleasant surprise; this command will attempt to delete everything at
5644 or below the starting point `dirname'. This is because `find'
5645 evaluates the items on the command line as an expression. The `find'
5646 program will normally execute an action if the preceding action
5647 succeeds. Here, there is no action or test before the `-delete' so it
5648 will always be executed. The `-name quux' test will be performed for
5649 files we successfully deleted, but that test has no effect since
5650 `-delete' also disables the default `-print' operation. So the above
5651 example will probably delete a lot of files the user didn't want to
5654 This command is also likely to do something you did not intend:
5655 find dirname -path dirname/foo -prune -o -delete
5657 Because `-delete' turns on `-depth', the `-prune' action has no
5658 effect and files in `dirname/foo' will be deleted too.
5661 File: find.info, Node: Strange File Names, Next: Fixing Permissions, Prev: Cleaning Up, Up: Common Tasks
5663 9.4 Strange File Names
5664 ======================
5666 `find' can help you remove or rename a file with strange characters in
5667 its name. People are sometimes stymied by files whose names contain
5668 characters such as spaces, tabs, control characters, or characters with
5669 the high bit set. The simplest way to remove such files is:
5671 rm -i SOME*PATTERN*THAT*MATCHES*THE*PROBLEM*FILE
5673 `rm' asks you whether to remove each file matching the given
5674 pattern. If you are using an old shell, this approach might not work
5675 if the file name contains a character with the high bit set; the shell
5676 may strip it off. A more reliable way is:
5678 find . -maxdepth 1 TESTS -okdir rm '{}' \;
5680 where TESTS uniquely identify the file. The `-maxdepth 1' option
5681 prevents `find' from wasting time searching for the file in any
5682 subdirectories; if there are no subdirectories, you may omit it. A
5683 good way to uniquely identify the problem file is to figure out its
5688 Suppose you have a file whose name contains control characters, and
5689 you have found that its inode number is 12345. This command prompts
5690 you for whether to remove it:
5692 find . -maxdepth 1 -inum 12345 -okdir rm -f '{}' \;
5694 If you don't want to be asked, perhaps because the file name may
5695 contain a strange character sequence that will mess up your screen when
5696 printed, then use `-execdir' instead of `-okdir'.
5698 If you want to rename the file instead, you can use `mv' instead of
5701 find . -maxdepth 1 -inum 12345 -okdir mv '{}' NEW-FILE-NAME \;
5704 File: find.info, Node: Fixing Permissions, Next: Classifying Files, Prev: Strange File Names, Up: Common Tasks
5706 9.5 Fixing Permissions
5707 ======================
5709 Suppose you want to make sure that everyone can write to the
5710 directories in a certain directory tree. Here is a way to find
5711 directories lacking either user or group write permission (or both),
5712 and fix their permissions:
5714 find . -type d -not -perm -ug=w | xargs chmod ug+w
5716 You could also reverse the operations, if you want to make sure that
5717 directories do _not_ have world write permission.
5720 File: find.info, Node: Classifying Files, Prev: Fixing Permissions, Up: Common Tasks
5722 9.6 Classifying Files
5723 =====================
5725 If you want to classify a set of files into several groups based on
5726 different criteria, you can use the comma operator to perform multiple
5727 independent tests on the files. Here is an example:
5729 find / -type d \( -perm -o=w -fprint allwrite , \
5730 -perm -o=x -fprint allexec \)
5732 echo "Directories that can be written to by everyone:"
5735 echo "Directories with search permissions for everyone:"
5738 `find' has only to make one scan through the directory tree (which
5739 is one of the most time consuming parts of its work).
5742 File: find.info, Node: Worked Examples, Next: Security Considerations, Prev: Common Tasks, Up: Top
5747 The tools in the findutils package, and in particular `find', have a
5748 large number of options. This means that quite often, there is more
5749 than one way to do things. Some of the options and facilities only
5750 exist for compatibility with other tools, and findutils provides
5751 improved ways of doing things.
5753 This chapter describes a number of useful tasks that are commonly
5754 performed, and compares the different ways of achieving them.
5759 * Copying A Subset of Files::
5760 * Updating A Timestamp File::
5761 * Finding the Shallowest Instance::
5764 File: find.info, Node: Deleting Files, Next: Copying A Subset of Files, Up: Worked Examples
5769 One of the most common tasks that `find' is used for is locating files
5770 that can be deleted. This might include:
5772 * Files last modified more than 3 years ago which haven't been
5773 accessed for at least 2 years
5775 * Files belonging to a certain user
5777 * Temporary files which are no longer required
5779 This example concentrates on the actual deletion task rather than on
5780 sophisticated ways of locating the files that need to be deleted.
5781 We'll assume that the files we want to delete are old files underneath
5784 10.1.1 The Traditional Way
5785 --------------------------
5787 The traditional way to delete files in `/var/tmp/stuff' that have not
5788 been modified in over 90 days would have been:
5790 find /var/tmp/stuff -mtime +90 -exec /bin/rm {} \;
5792 The above command uses `-exec' to run the `/bin/rm' command to
5793 remove each file. This approach works and in fact would have worked in
5794 Version 7 Unix in 1979. However, there are a number of problems with
5797 The most obvious problem with the approach above is that it causes
5798 `find' to fork every time it finds a file that needs to delete, and the
5799 child process then has to use the `exec' system call to launch
5800 `/bin/rm'. All this is quite inefficient. If we are going to use
5801 `/bin/rm' to do this job, it is better to make it delete more than one
5804 The most obvious way of doing this is to use the shell's command
5807 /bin/rm `find /var/tmp/stuff -mtime +90 -print`
5808 or you could use the more modern form
5809 /bin/rm $(find /var/tmp/stuff -mtime +90 -print)
5811 The commands above are much more efficient than the first attempt.
5812 However, there is a problem with them. The shell has a maximum command
5813 length which is imposed by the operating system (the actual limit
5814 varies between systems). This means that while the command expansion
5815 technique will usually work, it will suddenly fail when there are lots
5816 of files to delete. Since the task is to delete unwanted files, this
5817 is precisely the time we don't want things to go wrong.
5819 10.1.2 Making Use of `xargs'
5820 ----------------------------
5822 So, is there a way to be more efficient in the use of `fork()' and
5823 `exec()' without running up against this limit? Yes, we can be almost
5824 optimally efficient by making use of the `xargs' command. The `xargs'
5825 command reads arguments from its standard input and builds them into
5826 command lines. We can use it like this:
5828 find /var/tmp/stuff -mtime +90 -print | xargs /bin/rm
5830 For example if the files found by `find' are `/var/tmp/stuff/A',
5831 `/var/tmp/stuff/B' and `/var/tmp/stuff/C' then `xargs' might issue the
5834 /bin/rm /var/tmp/stuff/A /var/tmp/stuff/B
5835 /bin/rm /var/tmp/stuff/C
5837 The above assumes that `xargs' has a very small maximum command line
5838 length. The real limit is much larger but the idea is that `xargs'
5839 will run `/bin/rm' as many times as necessary to get the job done,
5840 given the limits on command line length.
5842 This usage of `xargs' is pretty efficient, and the `xargs' command
5843 is widely implemented (all modern versions of Unix offer it). So far
5844 then, the news is all good. However, there is bad news too.
5846 10.1.3 Unusual characters in filenames
5847 --------------------------------------
5849 Unix-like systems allow any characters to appear in file names with the
5850 exception of the ASCII NUL character and the slash. Slashes can occur
5851 in path names (as the directory separator) but not in the names of
5852 actual directory entries. This means that the list of files that
5853 `xargs' reads could in fact contain white space characters - spaces,
5854 tabs and newline characters. Since by default, `xargs' assumes that
5855 the list of files it is reading uses white space as an argument
5856 separator, it cannot correctly handle the case where a filename
5857 actually includes white space. This makes the default behaviour of
5858 `xargs' almost useless for handling arbitrary data.
5860 To solve this problem, GNU findutils introduced the `-print0' action
5861 for `find'. This uses the ASCII NUL character to separate the entries
5862 in the file list that it produces. This is the ideal choice of
5863 separator since it is the only character that cannot appear within a
5864 path name. The `-0' option to `xargs' makes it assume that arguments
5865 are separated with ASCII NUL instead of white space. It also turns off
5866 another misfeature in the default behaviour of `xargs', which is that
5867 it pays attention to quote characters in its input. Some versions of
5868 `xargs' also terminate when they see a lone `_' in the input, but GNU
5869 `find' no longer does that (since it has become an optional behaviour
5870 in the Unix standard).
5872 So, putting `find -print0' together with `xargs -0' we get this
5875 find /var/tmp/stuff -mtime +90 -print0 | xargs -0 /bin/rm
5877 The result is an efficient way of proceeding that correctly handles
5878 all the possible characters that could appear in the list of files to
5879 delete. This is good news. However, there is, as I'm sure you're
5880 expecting, also more bad news. The problem is that this is not a
5881 portable construct; although other versions of Unix (notably
5882 BSD-derived ones) support `-print0', it's not universal. So, is there
5883 a more universal mechanism?
5885 10.1.4 Going back to `-exec'
5886 ----------------------------
5888 There is indeed a more universal mechanism, which is a slight
5889 modification to the `-exec' action. The normal `-exec' action assumes
5890 that the command to run is terminated with a semicolon (the semicolon
5891 normally has to be quoted in order to protect it from interpretation as
5892 the shell command separator). The SVR4 edition of Unix introduced a
5893 slight variation, which involves terminating the command with `+'
5896 find /var/tmp/stuff -mtime +90 -exec /bin/rm {} \+
5898 The above use of `-exec' causes `find' to build up a long command
5899 line and then issue it. This can be less efficient than some uses of
5900 `xargs'; for example `xargs' allows new command lines to be built up
5901 while the previous command is still executing, and allows you to
5902 specify a number of commands to run in parallel. However, the `find
5903 ... -exec ... +' construct has the advantage of wide portability. GNU
5904 findutils did not support `-exec ... +' until version 4.2.12; one of
5905 the reasons for this is that it already had the `-print0' action in any
5908 10.1.5 A more secure version of `-exec'
5909 ---------------------------------------
5911 The command above seems to be efficient and portable. However, within
5912 it lurks a security problem. The problem is shared with all the
5913 commands we've tried in this worked example so far, too. The security
5914 problem is a race condition; that is, if it is possible for somebody to
5915 manipulate the filesystem that you are searching while you are
5916 searching it, it is possible for them to persuade your `find' command
5917 to cause the deletion of a file that you can delete but they normally
5920 The problem occurs because the `-exec' action is defined by the
5921 POSIX standard to invoke its command with the same working directory as
5922 `find' had when it was started. This means that the arguments which
5923 replace the {} include a relative path from `find''s starting point
5924 down the file that needs to be deleted. For example,
5926 find /var/tmp/stuff -mtime +90 -exec /bin/rm {} \+
5928 might actually issue the command:
5930 /bin/rm /var/tmp/stuff/A /var/tmp/stuff/B /var/tmp/stuff/passwd
5932 Notice the file `/var/tmp/stuff/passwd'. Likewise, the command:
5934 cd /var/tmp && find stuff -mtime +90 -exec /bin/rm {} \+
5936 might actually issue the command:
5938 /bin/rm stuff/A stuff/B stuff/passwd
5940 If an attacker can rename `stuff' to something else (making use of
5941 their write permissions in `/var/tmp') they can replace it with a
5942 symbolic link to `/etc'. That means that the `/bin/rm' command will be
5943 invoked on `/etc/passwd'. If you are running your `find' command as
5944 root, the attacker has just managed to delete a vital file. All they
5945 needed to do to achieve this was replace a subdirectory with a symbolic
5946 link at the vital moment.
5948 There is however, a simple solution to the problem. This is an
5949 action which works a lot like `-exec' but doesn't need to traverse a
5950 chain of directories to reach the file that it needs to work on. This
5951 is the `-execdir' action, which was introduced by the BSD family of
5952 operating systems. The command,
5954 find /var/tmp/stuff -mtime +90 -execdir /bin/rm {} \+
5956 might delete a set of files by performing these actions:
5958 1. Change directory to /var/tmp/stuff/foo
5960 2. Invoke `/bin/rm ./file1 ./file2 ./file3'
5962 3. Change directory to /var/tmp/stuff/bar
5964 4. Invoke `/bin/rm ./file99 ./file100 ./file101'
5966 This is a much more secure method. We are no longer exposed to a
5967 race condition. For many typical uses of `find', this is the best
5968 strategy. It's reasonably efficient, but the length of the command
5969 line is limited not just by the operating system limits, but also by
5970 how many files we actually need to delete from each directory.
5972 Is it possible to do any better? In the case of general file
5973 processing, no. However, in the specific case of deleting files it is
5974 indeed possible to do better.
5976 10.1.6 Using the `-delete' action
5977 ---------------------------------
5979 The most efficient and secure method of solving this problem is to use
5980 the `-delete' action:
5982 find /var/tmp/stuff -mtime +90 -delete
5984 This alternative is more efficient than any of the `-exec' or
5985 `-execdir' actions, since it entirely avoids the overhead of forking a
5986 new process and using `exec' to run `/bin/rm'. It is also normally
5987 more efficient than `xargs' for the same reason. The file deletion is
5988 performed from the directory containing the entry to be deleted, so the
5989 `-delete' action has the same security advantages as the `-execdir'
5992 The `-delete' action was introduced by the BSD family of operating
5995 10.1.7 Improving things still further
5996 -------------------------------------
5998 Is it possible to improve things still further? Not without either
5999 modifying the system library to the operating system or having more
6000 specific knowledge of the layout of the filesystem and disk I/O
6003 The `find' command traverses the filesystem, reading directories.
6004 It then issues a separate system call for each file to be deleted. If
6005 we could modify the operating system, there are potential gains that
6008 * We could have a system call to which we pass more than one filename
6011 * Alternatively, we could pass in a list of inode numbers (on
6012 GNU/Linux systems, `readdir()' also returns the inode number of
6013 each directory entry) to be deleted.
6015 The above possibilities sound interesting, but from the kernel's
6016 point of view it is difficult to enforce standard Unix access controls
6017 for such processing by inode number. Such a facility would probably
6018 need to be restricted to the superuser.
6020 Another way of improving performance would be to increase the
6021 parallelism of the process. For example if the directory hierarchy we
6022 are searching is actually spread across a number of disks, we might
6023 somehow be able to arrange for `find' to process each disk in parallel.
6024 In practice GNU `find' doesn't have such an intimate understanding of
6025 the system's filesystem layout and disk I/O subsystem.
6027 However, since the system administrator can have such an
6028 understanding they can take advantage of it like so:
6030 find /var/tmp/stuff1 -mtime +90 -delete &
6031 find /var/tmp/stuff2 -mtime +90 -delete &
6032 find /var/tmp/stuff3 -mtime +90 -delete &
6033 find /var/tmp/stuff4 -mtime +90 -delete &
6036 In the example above, four separate instances of `find' are used to
6037 search four subdirectories in parallel. The `wait' command simply
6038 waits for all of these to complete. Whether this approach is more or
6039 less efficient than a single instance of `find' depends on a number of
6042 * Are the directories being searched in parallel actually on separate
6043 disks? If not, this parallel search might just result in a lot of
6044 disk head movement and so the speed might even be slower.
6046 * Other activity - are other programs also doing things on those
6052 The fastest and most secure way to delete files with the help of `find'
6053 is to use `-delete'. Using `xargs -0 -P N' can also make effective use
6054 of the disk, but it is not as secure.
6056 In the case where we're doing things other than deleting files, the
6057 most secure alternative is `-execdir ... +', but this is not as
6058 portable as the insecure action `-exec ... +'.
6060 The `-delete' action is not completely portable, but the only other
6061 possibility which is as secure (`-execdir') is no more portable. The
6062 most efficient portable alternative is `-exec ...+', but this is
6063 insecure and isn't supported by versions of GNU findutils prior to
6067 File: find.info, Node: Copying A Subset of Files, Next: Updating A Timestamp File, Prev: Deleting Files, Up: Worked Examples
6069 10.2 Copying A Subset of Files
6070 ==============================
6072 Suppose you want to copy some files from `/source-dir' to `/dest-dir',
6073 but there are a small number of files in `/source-dir' you don't want
6076 One option of course is `cp /source-dir /dest-dir' followed by
6077 deletion of the unwanted material under `/dest-dir'. But often that
6078 can be inconvenient, because for example we would have copied a large
6079 amount of extraneous material, or because `/dest-dir' is too small.
6080 Naturally there are many other possible reasons why this strategy may
6083 So we need to have some way of identifying which files we want to
6084 copy, and we need to have a way of copying that file list. The second
6085 part of this condition is met by `cpio -p'. Of course, we can identify
6086 the files we wish to copy by using `find'. Here is a command that
6090 find . -name '.snapshot' -prune -o \( \! -name '*~' -print0 \) |
6091 cpio -pmd0 /dest-dir
6093 The first part of the `find' command here identifies files or
6094 directories named `.snapshot' and tells `find' not to recurse into them
6095 (since they do not need to be copied). The combination `-name
6096 '.snapshot' -prune' yields false for anything that didn't get pruned,
6097 but it is exactly those files we want to copy. Therefore we need to
6098 use an OR (`-o') condition to introduce the rest of our expression.
6099 The remainder of the expression simply arranges for the name of any
6100 file not ending in `~' to be printed.
6102 Using `-print0' ensures that white space characters in file names do
6103 not pose a problem. The `cpio' command does the actual work of copying
6104 files. The program as a whole fails if the `cpio' program returns
6105 nonzero. If the `find' command returns non-zero on the other hand, the
6106 Unix shell will not diagnose a problem (since `find' is not the last
6107 command in the pipeline).
6110 File: find.info, Node: Updating A Timestamp File, Next: Finding the Shallowest Instance, Prev: Copying A Subset of Files, Up: Worked Examples
6112 10.3 Updating A Timestamp File
6113 ==============================
6115 Suppose we have a directory full of files which is maintained with a
6116 set of automated tools; perhaps one set of tools updates them and
6117 another set of tools uses the result. In this situation, it might be
6118 useful for the second set of tools to know if the files have recently
6119 been changed. It might be useful, for example, to have a 'timestamp'
6120 file which gives the timestamp on the newest file in the collection.
6122 We can use `find' to achieve this, but there are several different
6125 10.3.1 Updating the Timestamp The Wrong Way
6126 -------------------------------------------
6128 The obvious but wrong answer is just to use `-newer':
6130 find subdir -newer timestamp -exec touch -r {} timestamp \;
6132 This does the right sort of thing but has a bug. Suppose that two
6133 files in the subdirectory have been updated, and that these are called
6134 `file1' and `file2'. The command above will update `timestamp' with
6135 the modification time of `file1' or that of `file2', but we don't know
6136 which one. Since the timestamps on `file1' and `file2' will in general
6137 be different, this could well be the wrong value.
6139 One solution to this problem is to modify `find' to recheck the
6140 modification time of `timestamp' every time a file is to be compared
6141 against it, but that will reduce the performance of `find'.
6143 10.3.2 Using the test utility to compare timestamps
6144 ---------------------------------------------------
6146 The `test' command can be used to compare timestamps:
6148 find subdir -exec test {} -nt timestamp \; -exec touch -r {} timestamp \;
6150 This will ensure that any changes made to the modification time of
6151 `timestamp' that take place during the execution of `find' are taken
6152 into account. This resolves our earlier problem, but unfortunately
6153 this runs much more slowly.
6155 10.3.3 A combined approach
6156 --------------------------
6158 We can of course still use `-newer' to cut down on the number of calls
6161 find subdir -newer timestamp -and \
6162 -exec test {} -nt timestamp \; -and \
6163 -exec touch -r {} timestamp \;
6165 Here, the `-newer' test excludes all the files which are definitely
6166 older than the timestamp, but all the files which are newer than the
6167 old value of the timestamp are compared against the current updated
6170 This is indeed faster in general, but the speed difference will
6171 depend on how many updated files there are.
6173 10.3.4 Using `-printf' and `sort' to compare timestamps
6174 -------------------------------------------------------
6176 It is possible to use the `-printf' action to abandon the use of `test'
6179 newest=$(find subdir -newer timestamp -printf "%A%p\n" |
6183 touch -r "${newest:-timestamp}" timestamp
6185 The command above works by generating a list of the timestamps and
6186 names of all the files which are newer than the timestamp. The `sort',
6187 `tail' and `cut' commands simply pull out the name of the file with the
6188 largest timestamp value (that is, the latest file). The `touch'
6189 command is then used to update the timestamp,
6191 The `"${newest:-timestamp}"' expression simply expands to the value
6192 of `$newest' if that variable is set, but to `timestamp' otherwise.
6193 This ensures that an argument is always given to the `-r' option of the
6196 This approach seems quite efficient, but unfortunately it has a
6197 problem. Many operating systems now keep file modification time
6198 information at a granularity which is finer than one second. Findutils
6199 version 4.3.3 and later will print a fractional part with %A@, but
6200 older versions will not.
6202 10.3.5 Solving the problem with `make'
6203 --------------------------------------
6205 Another tool which often works with timestamps is `make'. We can use
6206 `find' to generate a `Makefile' file on the fly and then use `make' to
6207 update the timestamps:
6213 -printf "timestamp:: %p\n\ttouch -r %p timestamp\n\n" > "$makefile"
6217 Unfortunately although the solution above is quite elegant, it fails
6218 to cope with white space within file names, and adjusting it to do so
6219 would require a rather complex shell script.
6221 10.3.6 Coping with odd filenames too
6222 ------------------------------------
6224 We can fix both of these problems (looping and problems with white
6225 space), and do things more efficiently too. The following command
6226 works with newlines and doesn't need to sort the list of filenames.
6228 find subdir -newer timestamp -printf "%A@:%p\0" |
6230 xargs --no-run-if-empty --null -i \
6231 find {} -maxdepth 0 -newer timestamp -exec touch -r {} timestamp \;
6233 The first `find' command generates a list of files which are newer
6234 than the original timestamp file, and prints a list of them with their
6235 timestamps. The `newest.pl' script simply filters out all the
6236 filenames which have timestamps which are older than whatever the
6241 my $latest_stamp = undef;
6243 my ($stamp, $name) = split(/:/);
6244 if (!defined($latest_stamp) || ($tstamp > $latest_stamp)) {
6245 $latest_stamp = $stamp;
6248 if ($tstamp >= $latest_stamp) {
6249 push @newest, $name;
6252 print join("\0", @newest);
6254 This prints a list of zero or more files, all of which are newer than
6255 the original timestamp file, and which have the same timestamp as each
6256 other, to the nearest second. The second `find' command takes each
6257 resulting file one at a time, and if that is newer than the timestamp
6258 file, the timestamp is updated.
6261 File: find.info, Node: Finding the Shallowest Instance, Prev: Updating A Timestamp File, Up: Worked Examples
6263 10.4 Finding the Shallowest Instance
6264 ====================================
6266 Suppose you maintain local copies of sources from various projects,
6267 each with their own choice of directory organisation and source code
6268 management (SCM) tool. You need to periodically synchronize each
6269 project with its upstream tree. As the number local repositories
6270 grows, so does the work involved in maintaining synchronization. SCM
6271 utilities typically create some sort of administrative directory: .svn
6272 for Subversion, CVS for CVS, and so on. These directories can be used
6273 as a key to search for the bases of the project source trees. Suppose
6274 we have the following directory structure:
6277 repo/gnu/project2/.svn
6278 repo/gnu/project3/.svn
6279 repo/gnu/project3/src/.svn
6280 repo/gnu/project3/doc/.svn
6283 One would expect to update each of the `projectX' directories, but
6284 not their subdirectories (src, doc, etc.). To locate the project
6285 roots, we would need to find the least deeply nested directories
6286 containing an SCM-related subdirectory. The following command
6287 discovers those roots efficiently. It is efficient because it avoids
6288 searching subdirectories inside projects whose SCM directory we already
6292 -exec test -d {}/.svn \; -or \
6293 -exec test -d {}/.git \; -or \
6294 -exec test -d {}/CVS \; -print -prune
6296 In this example, `test' is used to tell if we are currently
6297 examining a directory which appears to the a project's root directory
6298 (because it has an SCM subdirectory). When we find a project root,
6299 there is no need to search inside it, and `-prune' makes sure that we
6302 For large, complex trees like the Linux kernel, this will prevent
6303 searching a large portion of the structure, saving a good deal of time.
6306 File: find.info, Node: Security Considerations, Next: Error Messages, Prev: Worked Examples, Up: Top
6308 11 Security Considerations
6309 **************************
6311 Security considerations are important if you are using `find' or
6312 `xargs' to search for or process files that don't belong to you or
6313 which other people have control. Security considerations relating to
6314 `locate' may also apply if you have files which you do not want others
6317 The most severe forms of security problems affecting `find' and
6318 related programs are when third parties bring about a situation
6319 allowing them to do something they would normally not be able to
6320 accomplish. This is called _privilege elevation_. This might include
6321 deleting files they would not normally be able to delete. It is common
6322 for the operating system to periodically invoke `find' for
6323 self-maintenance purposes. These invocations of `find' are
6324 particularly problematic from a security point of view as these are
6325 often invoked by the superuser and search the entire filesystem
6326 hierarchy. Generally, the severity of any associated problem depends
6327 on what the system is going to do with the files found by `find'.
6331 * Levels of Risk:: What is your level of exposure to security problems?
6332 * Security Considerations for find:: Security problems with find
6333 * Security Considerations for xargs:: Security problems with xargs
6334 * Security Considerations for locate:: Security problems with locate
6335 * Security Summary:: That was all very complex, what does it boil down to?
6336 * Further Reading on Security::
6339 File: find.info, Node: Levels of Risk, Next: Security Considerations for find, Up: Security Considerations
6344 There are some security risks inherent in the use of `find', `xargs'
6345 and (to a lesser extent) `locate'. The severity of these risks depends
6346 on what sort of system you are using:
6349 Multi-user systems where you do not control (or trust) the other
6350 users, and on which you execute `find', including areas where
6351 those other users can manipulate the filesystem (for example
6352 beneath `/home' or `/tmp').
6355 Systems where the actions of other users can create file names
6356 chosen by them, but to which they don't have access while `find' is
6357 being run. This access might include leaving programs running
6358 (shell background jobs, `at' or `cron' tasks, for example). On
6359 these sorts of systems, carefully written commands (avoiding use of
6360 `-print' for example) should not expose you to a high degree of
6361 risk. Most systems fall into this category.
6364 Systems to which untrusted parties do not have access, cannot
6365 create file names of their own choice (even remotely) and which
6366 contain no security flaws which might enable an untrusted third
6367 party to gain access. Most systems do not fall into this category
6368 because there are many ways in which external parties can affect
6369 the names of files that are created on your system. The system on
6370 which I am writing this for example automatically downloads
6371 software updates from the Internet; the names of the files in
6372 which these updates exist are chosen by third parties(1).
6374 In the discussion above, "risk" denotes the likelihood that someone
6375 can cause `find', `xargs', `locate' or some other program which is
6376 controlled by them to do something you did not intend. The levels of
6377 risk suggested do not take any account of the consequences of this sort
6378 of event. That is, if you operate a "low risk" type system, but the
6379 consequences of a security problem are disastrous, then you should
6380 still give serious thought to all the possible security problems, many
6381 of which of course will not be discussed here - this section of the
6382 manual is intended to be informative but not comprehensive or
6385 If you are responsible for the operation of a system where the
6386 consequences of a security problem could be very important, you should
6389 1. Define a security policy which defines who is allowed to do what
6392 2. Seek competent advice on how to enforce your policy, detect
6393 breaches of that policy, and take account of any potential problems
6394 that might fall outside the scope of your policy.
6396 ---------- Footnotes ----------
6398 (1) Of course, I trust these parties to a large extent anyway,
6399 because I install software provided by them; I choose to trust them in
6400 this way, and that's a deliberate choice
6403 File: find.info, Node: Security Considerations for find, Next: Security Considerations for xargs, Prev: Levels of Risk, Up: Security Considerations
6405 11.2 Security Considerations for `find'
6406 =======================================
6408 Some of the actions `find' might take have a direct effect; these
6409 include `-exec' and `-delete'. However, it is also common to use
6410 `-print' explicitly or implicitly, and so if `find' produces the wrong
6411 list of file names, that can also be a security problem; consider the
6412 case for example where `find' is producing a list of files to be
6415 We normally assume that the `find' command line expresses the file
6416 selection criteria and actions that the user had in mind - that is, the
6417 command line is "trusted" data.
6419 From a security analysis point of view, the output of `find' should
6420 be correct; that is, the output should contain only the names of those
6421 files which meet the user's criteria specified on the command line.
6422 This applies for the `-exec' and `-delete' actions; one can consider
6423 these to be part of the output.
6425 On the other hand, the contents of the filesystem can be manipulated
6426 by other people, and hence we regard this as "untrusted" data. This
6427 implies that the `find' command line is a filter which converts the
6428 untrusted contents of the filesystem into a correct list of output
6431 The filesystem will in general change while `find' is searching it;
6432 in fact, most of the potential security problems with `find' relate to
6433 this issue in some way.
6435 "Race conditions" are a general class of security problem where the
6436 relative ordering of actions taken by `find' (for example) and
6437 something else are critically important in getting the correct and
6438 expected result(1) .
6440 For `find', an attacker might move or rename files or directories in
6441 the hope that an action might be taken against a file which was not
6442 normally intended to be affected. Alternatively, this sort of attack
6443 might be intended to persuade `find' to search part of the filesystem
6444 which would not normally be included in the search (defeating the
6445 `-prune' action for example).
6449 * Problems with -exec and filenames::
6450 * Changing the Current Working Directory::
6451 * Race Conditions with -exec::
6452 * Race Conditions with -print and -print0::
6454 ---------- Footnotes ----------
6456 (1) This is more or less the definition of the term "race condition"
6459 File: find.info, Node: Problems with -exec and filenames, Next: Changing the Current Working Directory, Up: Security Considerations for find
6461 11.2.1 Problems with `-exec' and filenames
6462 ------------------------------------------
6464 It is safe in many cases to use the `-execdir' action with any file
6465 name. Because `-execdir' prefixes the arguments it passes to programs
6466 with `./', you will not accidentally pass an argument which is
6467 interpreted as an option. For example the file `-f' would be passed to
6468 `rm' as `./-f', which is harmless.
6470 However, your degree of safety does depend on the nature of the
6471 program you are running. For example constructs such as these two
6475 find -exec sh -c "something {}" \;
6476 find -execdir sh -c "something {}" \;
6478 are very dangerous. The reason for this is that the `{}' is
6479 expanded to a filename which might contain a semicolon or other
6480 characters special to the shell. If for example someone creates the
6481 file `/tmp/foo; rm -rf $HOME' then the two commands above could delete
6482 someone's home directory.
6484 So for this reason do not run any command which will pass untrusted
6485 data (such as the names of files) to commands which interpret arguments
6486 as commands to be further interpreted (for example `sh').
6488 In the case of the shell, there is a clever workaround for this
6492 find -exec sh -c 'something "$@"' sh {} \;
6493 find -execdir sh -c 'something "$@"' sh {}\;
6495 This approach is not guaranteed to avoid every problem, but it is
6496 much safer than substituting data of an attacker's choice into the text
6500 File: find.info, Node: Changing the Current Working Directory, Next: Race Conditions with -exec, Prev: Problems with -exec and filenames, Up: Security Considerations for find
6502 11.2.2 Changing the Current Working Directory
6503 ---------------------------------------------
6505 As `find' searches the filesystem, it finds subdirectories and then
6506 searches within them by changing its working directory. First, `find'
6507 reaches and recognises a subdirectory. It then decides if that
6508 subdirectory meets the criteria for being searched; that is, any
6509 `-xdev' or `-prune' expressions are taken into account. The `find'
6510 program will then change working directory and proceed to search the
6513 A race condition attack might take the form that once the checks
6514 relevant to `-xdev' and `-prune' have been done, an attacker might
6515 rename the directory that was being considered, and put in its place a
6516 symbolic link that actually points somewhere else.
6518 The idea behind this attack is to fool `find' into going into the
6519 wrong directory. This would leave `find' with a working directory
6520 chosen by an attacker, bypassing any protection apparently provided by
6521 `-xdev' and `-prune', and any protection provided by being able to
6522 _not_ list particular directories on the `find' command line. This
6523 form of attack is particularly problematic if the attacker can predict
6524 when the `find' command will be run, as is the case with `cron' tasks
6527 GNU `find' has specific safeguards to prevent this general class of
6528 problem. The exact form of these safeguards depends on the properties
6533 * O_NOFOLLOW:: Safely changing directory using `fchdir'.
6534 * Systems without O_NOFOLLOW:: Checking for symbolic links after `chdir'.
6537 File: find.info, Node: O_NOFOLLOW, Next: Systems without O_NOFOLLOW, Up: Changing the Current Working Directory
6539 11.2.2.1 `O_NOFOLLOW'
6540 .....................
6542 If your system supports the `O_NOFOLLOW' flag (1) to the `open(2)'
6543 system call, `find' uses it to safely change directories. The target
6544 directory is first opened and then `find' changes working directory
6545 with the `fchdir()' system call. This ensures that symbolic links are
6546 not followed, preventing the sort of race condition attack in which use
6547 is made of symbolic links.
6549 If for any reason this approach does not work, `find' will fall back
6550 on the method which is normally used if `O_NOFOLLOW' is not supported.
6552 You can tell if your system supports `O_NOFOLLOW' by running
6556 This will tell you the version number and which features are enabled.
6557 For example, if I run this on my system now, this gives:
6558 find (GNU findutils) 4.5.11-git
6559 Copyright (C) 2012 Free Software Foundation, Inc.
6560 License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>.
6561 This is free software: you are free to change and redistribute it.
6562 There is NO WARRANTY, to the extent permitted by law.
6564 Written by Eric B. Decker, James Youngman, and Kevin Dalley.
6565 Features enabled: D_TYPE O_NOFOLLOW(enabled) LEAF_OPTIMISATION FTS(FTS_CWDFD) CBO(level=2)
6567 Here, you can see that I am running a version of `find' which was
6568 built from the development (git) code prior to the release of
6569 findutils-4.5.12, and that several features including `O_NOFOLLOW' are
6570 present. `O_NOFOLLOW' is qualified with "enabled". This simply means
6571 that the current system seems to support `O_NOFOLLOW'. This check is
6572 needed because it is possible to build `find' on a system that defines
6573 `O_NOFOLLOW' and then run it on a system that ignores the `O_NOFOLLOW'
6574 flag. We try to detect such cases at startup by checking the operating
6575 system and version number; when this happens you will see
6576 `O_NOFOLLOW(disabled)' instead.
6578 ---------- Footnotes ----------
6580 (1) GNU/Linux (kernel version 2.1.126 and later) and FreeBSD
6581 (3.0-CURRENT and later) support this
6584 File: find.info, Node: Systems without O_NOFOLLOW, Prev: O_NOFOLLOW, Up: Changing the Current Working Directory
6586 11.2.2.2 Systems without `O_NOFOLLOW'
6587 .....................................
6589 The strategy for preventing this type of problem on systems that lack
6590 support for the `O_NOFOLLOW' flag is more complex. Each time `find'
6591 changes directory, it examines the directory it is about to move to,
6592 issues the `chdir()' system call, and then checks that it has ended up
6593 in the subdirectory it expected. If all is as expected, processing
6594 continues as normal. However, there are two main reasons why the
6595 directory might change: the use of an automounter and the someone
6596 removing the old directory and replacing it with something else while
6597 `find' is trying to descend into it.
6599 Where a filesystem "automounter" is in use it can be the case that
6600 the use of the `chdir()' system call can itself cause a new filesystem
6601 to be mounted at that point. On systems that do not support
6602 `O_NOFOLLOW', this will cause `find''s security check to fail.
6604 However, this does not normally represent a security problem, since
6605 the automounter configuration is normally set up by the system
6606 administrator. Therefore, if the `chdir()' sanity check fails, `find'
6607 will make one more attempt(1). If that succeeds, execution carries on
6608 as normal. This is the usual case for automounters.
6610 Where an attacker is trying to exploit a race condition, the problem
6611 may not have gone away on the second attempt. If this is the case,
6612 `find' will issue a warning message and then ignore that subdirectory.
6613 When this happens, actions such as `-exec' or `-print' may already have
6614 taken place for the problematic subdirectory. This is because `find'
6615 applies tests and actions to directories before searching within them
6616 (unless `-depth' was specified).
6618 Because of the nature of the directory-change operation and security
6619 check, in the worst case the only things that `find' would have done
6620 with the directory are to move into it and back out to the original
6621 parent. No operations would have been performed within that directory.
6623 ---------- Footnotes ----------
6625 (1) This may not be the case for the fts-based executable
6628 File: find.info, Node: Race Conditions with -exec, Next: Race Conditions with -print and -print0, Prev: Changing the Current Working Directory, Up: Security Considerations for find
6630 11.2.3 Race Conditions with `-exec'
6631 -----------------------------------
6633 The `-exec' action causes another program to be run. It passes to the
6634 program the name of the file which is being considered at the time.
6635 The invoked program will typically then perform some action on that
6636 file. Once again, there is a race condition which can be exploited
6637 here. We shall take as a specific example the command
6639 find /tmp -path /tmp/umsp/passwd -exec /bin/rm
6641 In this simple example, we are identifying just one file to be
6642 deleted and invoking `/bin/rm' to delete it. A problem exists because
6643 there is a time gap between the point where `find' decides that it
6644 needs to process the `-exec' action and the point where the `/bin/rm'
6645 command actually issues the `unlink()' system call to delete the file
6646 from the filesystem. Within this time period, an attacker can rename
6647 the `/tmp/umsp' directory, replacing it with a symbolic link to `/etc'.
6648 There is no way for `/bin/rm' to determine that it is working on the
6649 same file that `find' had in mind. Once the symbolic link is in place,
6650 the attacker has persuaded `find' to cause the deletion of the
6651 `/etc/passwd' file, which is not the effect intended by the command
6652 which was actually invoked.
6654 One possible defence against this type of attack is to modify the
6655 behaviour of `-exec' so that the `/bin/rm' command is run with the
6656 argument `./passwd' and a suitable choice of working directory. This
6657 would allow the normal sanity check that `find' performs to protect
6658 against this form of attack too. Unfortunately, this strategy cannot
6659 be used as the POSIX standard specifies that the current working
6660 directory for commands invoked with `-exec' must be the same as the
6661 current working directory from which `find' was invoked. This means
6662 that the `-exec' action is inherently insecure and can't be fixed.
6664 GNU `find' implements a more secure variant of the `-exec' action,
6665 `-execdir'. The `-execdir' action ensures that it is not necessary to
6666 dereference subdirectories to process target files. The current
6667 directory used to invoke programs is the same as the directory in which
6668 the file to be processed exists (`/tmp/umsp' in our example, and only
6669 the basename of the file to be processed is passed to the invoked
6670 command, with a `./' prepended (giving `./passwd' in our example).
6672 The `-execdir' action refuses to do anything if the current
6673 directory is included in the $PATH environment variable. This is
6674 necessary because `-execdir' runs programs in the same directory in
6675 which it finds files - in general, such a directory might be writable
6676 by untrusted users. For similar reasons, `-execdir' does not allow
6677 `{}' to appear in the name of the command to be run.
6680 File: find.info, Node: Race Conditions with -print and -print0, Prev: Race Conditions with -exec, Up: Security Considerations for find
6682 11.2.4 Race Conditions with `-print' and `-print0'
6683 --------------------------------------------------
6685 The `-print' and `-print0' actions can be used to produce a list of
6686 files matching some criteria, which can then be used with some other
6687 command, perhaps with `xargs'. Unfortunately, this means that there is
6688 an unavoidable time gap between `find' deciding that one or more files
6689 meet its criteria and the relevant command being executed. For this
6690 reason, the `-print' and `-print0' actions are just as insecure as
6693 In fact, since the construction
6695 find ... -print | xargs ...
6697 does not cope correctly with newlines or other "white space" in file
6698 names, and copes poorly with file names containing quotes, the `-print'
6699 action is less secure even than `-print0'.
6702 File: find.info, Node: Security Considerations for xargs, Next: Security Considerations for locate, Prev: Security Considerations for find, Up: Security Considerations
6704 11.3 Security Considerations for `xargs'
6705 ========================================
6707 The description of the race conditions affecting the `-print' action of
6708 `find' shows that `xargs' cannot be secure if it is possible for an
6709 attacker to modify a filesystem after `find' has started but before
6710 `xargs' has completed all its actions.
6712 However, there are other security issues that exist even if it is not
6713 possible for an attacker to have access to the filesystem in real time.
6714 Firstly, if it is possible for an attacker to create files with names
6715 of their choice on the filesystem, then `xargs' is insecure unless the
6716 `-0' option is used. If a file with the name
6717 `/home/someuser/foo/bar\n/etc/passwd' exists (assume that `\n' stands
6718 for a newline character), then `find ... -print' can be persuaded to
6719 print three separate lines:
6721 /home/someuser/foo/bar
6725 If it finds a blank line in the input, `xargs' will ignore it.
6726 Therefore, if some action is to be taken on the basis of this list of
6727 files, the `/etc/passwd' file would be included even if this was not
6728 the intent of the person running find. There are circumstances in
6729 which an attacker can use this to their advantage. The same
6730 consideration applies to file names containing ordinary spaces rather
6731 than newlines, except that of course the list of file names will no
6732 longer contain an "extra" newline.
6734 This problem is an unavoidable consequence of the default behaviour
6735 of the `xargs' command, which is specified by the POSIX standard. The
6736 only ways to avoid this problem are either to avoid all use of `xargs'
6737 in favour for example of `find -exec' or (where available) `find
6738 -execdir', or to use the `-0' option, which ensures that `xargs'
6739 considers file names to be separated by ASCII NUL characters rather
6740 than whitespace. However, useful as this option is, the POSIX standard
6741 does not make it mandatory.
6743 POSIX also specifies that `xargs' interprets quoting and trailing
6744 whitespace specially in filenames, too. This means that using `find
6745 ... -print | xargs ...' can cause the commands run by `xargs' to
6746 receive a list of file names which is not the same as the list printed
6747 by `find'. The interpretation of quotes and trailing whitespace is
6748 turned off by the `-0' argument to `xargs', which is another reason to
6752 File: find.info, Node: Security Considerations for locate, Next: Security Summary, Prev: Security Considerations for xargs, Up: Security Considerations
6754 11.4 Security Considerations for `locate'
6755 =========================================
6757 11.4.1 Race Conditions
6758 ----------------------
6760 It is fairly unusual for the output of `locate' to be fed into another
6761 command. However, if this were to be done, this would raise the same
6762 set of security issues as the use of `find ... -print'. Although the
6763 problems relating to whitespace in file names can be resolved by using
6764 `locate''s `-0' option, this still leaves the race condition problems
6765 associated with `find ... -print0'. There is no way to avoid these
6766 problems in the case of `locate'.
6768 11.4.2 Long File Name Bugs with Old-Format Databases
6769 ----------------------------------------------------
6771 Old versions of `locate' have a bug in the way that old-format
6772 databases are read. This bug affects the following versions of
6775 1. All releases prior to 4.2.31
6777 2. All 4.3.x releases prior to 4.3.7
6779 The affected versions of `locate' read file names into a
6780 fixed-length 1026 byte buffer, allocated on the heap. This buffer is
6781 not extended if file names are too long to fit into the buffer. No
6782 range checking on the length of the filename is performed. This could
6783 in theory lead to a privilege escalation attack. Findutils versions
6784 4.3.0 to 4.3.6 are also affected.
6786 On systems using the old database format and affected versions of
6787 `locate', carefully-chosen long file names could in theory allow
6788 malicious users to run code of their choice as any user invoking locate.
6790 If remote users can choose the names of files stored on your system,
6791 and these files are indexed by `updatedb', this may be a remote
6792 security vulnerability. Findutils version 4.2.31 and findutils version
6793 4.3.7 include fixes for this problem. The `updatedb', `bigram' and
6794 `code' programs do no appear to be affected.
6796 If you are also using GNU coreutils, you can use the following
6797 command to determine the length of the longest file name on a given
6800 find / -print0 | tr -c '\0' 'x' | tr '\0' '\n' | wc -L
6802 Although this problem is significant, the old database format is not
6803 the default, and use of the old database format is not common. Most
6804 installations and most users will not be affected by this problem.
6807 File: find.info, Node: Security Summary, Next: Further Reading on Security, Prev: Security Considerations for locate, Up: Security Considerations
6812 Where untrusted parties can create files on the system, or affect the
6813 names of files that are created, all uses for `find', `locate' and
6814 `xargs' have known security problems except the following:
6816 Informational use only
6817 Uses where the programs are used to prepare lists of file names
6818 upon which no further action will ever be taken.
6821 Use of the `-delete' action with `find' to delete files which meet
6825 Use of the `-execdir' action with `find' where the `PATH'
6826 environment variable contains directories which contain only
6830 File: find.info, Node: Further Reading on Security, Prev: Security Summary, Up: Security Considerations
6832 11.6 Further Reading on Security
6833 ================================
6835 While there are a number of books on computer security, there are also
6836 useful articles on the web that touch on the issues described above:
6838 `http://goo.gl/DAvh'
6839 This article describes some of the unfortunate effects of allowing
6840 free choice of file names.
6842 `http://cwe.mitre.org/data/definitions/78.html'
6843 Describes OS Command Injection
6845 `https://cwe.mitre.org/data/definitions/73.html'
6846 Describes problems arising from allowing remote computers to send
6847 requests which specify file names of their choice
6849 `http://cwe.mitre.org/data/definitions/116.html'
6850 Describes problems relating to encoding file names and escaping
6851 characters. This article is relevant to findutils because for
6852 command lines processed via the shell, the encoding and escaping
6853 rules are already set by the shell. For example command lines
6854 like `find ... -print | some-shell-script' require specific care.
6856 `http://xkcd.com/327/'
6857 A humorous and pithy summary of the broader problem.
6860 File: find.info, Node: Error Messages, Next: GNU Free Documentation License, Prev: Security Considerations, Up: Top
6865 This section describes some of the error messages sometimes made by
6866 `find', `xargs', or `locate', explains them and in some cases provides
6867 advice as to what you should do about this.
6869 This manual is written in English. The GNU findutils software
6870 features translations of error messages for many languages. For this
6871 reason the error messages produced by the programs are made to be as
6872 self-explanatory as possible. This approach avoids leaving people to
6873 figure out which test an English-language error message corresponds to.
6874 Error messages which are self-explanatory will not normally be
6875 mentioned in this document. For those messages mentioned in this
6876 document, only the English-language version of the message will be
6881 * Error Messages From find::
6882 * Error Messages From xargs::
6883 * Error Messages From locate::
6884 * Error Messages From updatedb::
6887 File: find.info, Node: Error Messages From find, Next: Error Messages From xargs, Up: Error Messages
6889 12.1 Error Messages From `find'
6890 ===============================
6892 Most error messages produced by find are self-explanatory. Error
6893 messages sometimes include a filename. When this happens, the filename
6894 is quoted in order to prevent any unusual characters in the filename
6895 making unwanted changes in the state of the terminal.
6897 `invalid predicate `-foo''
6898 This means that the `find' command line included something that
6899 started with a dash or other special character. The `find'
6900 program tried to interpret this as a test, action or option, but
6901 didn't recognise it. If it was intended to be a test, check what
6902 was specified against the documentation. If, on the other hand,
6903 the string is the name of a file which has been expanded from a
6904 wildcard (for example because you have a `*' on the command line),
6905 consider using `./*' or just `.' instead.
6907 `unexpected extra predicate'
6908 This usually happens if you have an extra bracket on the command
6909 line (for example `find . -print \)').
6911 `Warning: filesystem /path/foo has recently been mounted'
6912 `Warning: filesystem /path/foo has recently been unmounted'
6913 These messages might appear when `find' moves into a directory and
6914 finds that the device number and inode are different from what it
6915 expected them to be. If the directory `find' has moved into is on
6916 a network filesystem (NFS), it will not issue this message, because
6917 `automount' frequently mounts new filesystems on directories as
6918 you move into them (that is how it knows you want to use the
6919 filesystem). So, if you do see this message, be wary -
6920 `automount' may not have been responsible. Consider the
6921 possibility that someone else is manipulating the filesystem while
6922 `find' is running. Some people might do this in order to mislead
6923 `find' or persuade it to look at one set of files when it thought
6924 it was looking at another set.
6926 `/path/foo changed during execution of find (old device number 12345, new device number 6789, filesystem type is <whatever>) [ref XXX]'
6927 This message is issued when `find' moves into a directory and ends
6928 up somewhere it didn't expect to be. This happens in one of two
6929 circumstances. Firstly, this happens when `automount' intervenes
6930 on a system where `find' doesn't know how to determine what the
6931 current set of mounted filesystems is.
6933 Secondly, this can happen when the device number of a directory
6934 appears to change during a change of current directory, but `find'
6935 is moving up the filesystem hierarchy rather than down into it.
6936 In order to prevent `find' wandering off into some unexpected part
6937 of the filesystem, we stop it at this point.
6939 `Don't know how to use getmntent() to read `/etc/mtab'. This is a bug.'
6940 This message is issued when a problem similar to the above occurs
6941 on a system where `find' doesn't know how to figure out the current
6942 list of mount points. Ask for help on <bug-findutils@gnu.org>.
6944 `/path/foo/bar changed during execution of find (old inode number 12345, new inode number 67893, filesystem type is <whatever>) [ref XXX]"),'
6945 This message is issued when `find' moves into a directory and
6946 discovers that the inode number of that directory is different
6947 from the inode number that it obtained when it examined the
6948 directory previously. This usually means that while `find' was
6949 deep in a directory hierarchy doing a time consuming operation,
6950 somebody has moved one of the parent directories to another
6951 location in the same filesystem. This may or may not have been
6952 done maliciously. In any case, `find' stops at this point to
6953 avoid traversing parts of the filesystem that it wasn't intended
6954 to. You can use `ls -li' or `find /path -inum 12345 -o -inum
6955 67893' to find out more about what has happened.
6957 `sanity check of the fnmatch() library function failed.'
6958 Please submit a bug report. You may well be asked questions about
6959 your system, and if you compiled the `findutils' code yourself,
6960 you should keep your copy of the build tree around. The likely
6961 explanation is that your system has a buggy implementation of
6962 `fnmatch' that looks enough like the GNU version to fool
6963 `configure', but which doesn't work properly.
6966 This normally happens if you use the `-exec' action or something
6967 similar (`-ok' and so forth) but the system has run out of free
6968 process slots. This is either because the system is very busy and
6969 the system has reached its maximum process limit, or because you
6970 have a resource limit in place and you've reached it. Check the
6971 system for runaway processes (with `ps', if possible). Some
6972 process slots are normally reserved for use by `root'.
6974 `some-program terminated by signal 99'
6975 Some program which was launched with `-exec' or similar was killed
6976 with a fatal signal. This is just an advisory message.
6979 File: find.info, Node: Error Messages From xargs, Next: Error Messages From locate, Prev: Error Messages From find, Up: Error Messages
6981 12.2 Error Messages From `xargs'
6982 ================================
6984 `environment is too large for exec'
6985 This message means that you have so many environment variables set
6986 (or such large values for them) that there is no room within the
6987 system-imposed limits on program command line argument length to
6988 invoke any program. This is an unlikely situation and is more
6989 likely result of an attempt to test the limits of `xargs', or
6990 break it. Please try unsetting some environment variables, or
6991 exiting the current shell. You can also use `xargs --show-limits'
6992 to understand the relevant sizes.
6994 `argument list too long'
6995 You are using the `-I' option and `xargs' doesn't have enough
6996 space to build a command line because it has read a really large
6997 item and it doesn't fit. You may be able to work around this
6998 problem with the `-s' option, but the default size is pretty
6999 large. This is a rare situation and is more likely an attempt to
7000 test the limits of `xargs', or break it. Otherwise, you will need
7001 to try to shorten the problematic argument or not use `xargs'.
7003 `argument line too long'
7004 You are using the `-L' or `-l' option and one of the input lines
7005 is too long. You may be able to work around this problem with the
7006 `-s' option, but the default size is pretty large. If you can
7007 modify the your `xargs' command not to use `-L' or `-l', that will
7008 be more likely to result in success.
7011 See the description of the similar message for `find'.
7013 `<program>: exited with status 255; aborting'
7014 When a command run by `xargs' exits with status 255, `xargs' is
7015 supposed to stop. If this is not what you intended, wrap the
7016 program you are trying to invoke in a shell script which doesn't
7019 `<program>: terminated by signal 99'
7020 See the description of the similar message for `find'.
7022 `cannot set SIGUSR1 signal handler'
7023 `xargs' is having trouble preparing for you to be able to send it
7024 signals to increase or decrease the parallelism of its processing.
7025 If you don't plan to send it those signals, this warning can be
7026 ignored (though if you're a programmer, you may want to help us
7027 figure out why `xargs' is confused by your operating system).
7030 File: find.info, Node: Error Messages From locate, Next: Error Messages From updatedb, Prev: Error Messages From xargs, Up: Error Messages
7032 12.3 Error Messages From `locate'
7033 =================================
7035 `warning: database `/usr/local/var/locatedb' is more than 8 days old'
7036 The `locate' program relies on a database which is periodically
7037 built by the `updatedb' program. That hasn't happened in a long
7038 time. To fix this problem, run `updatedb' manually. This can
7039 often happen on systems that are generally not left on, so the
7040 periodic "cron" task which normally does this doesn't get a chance
7043 `locate database `/usr/local/var/locatedb' is corrupt or invalid'
7044 This should not happen. Re-run `updatedb'. If that works, but
7045 `locate' still produces this error, run `locate --version' and
7046 `updatedb --version'. These should produce the same output. If
7047 not, you are using a mixed toolset; check your `$PATH' environment
7048 variable and your shell aliases (if you have any). If both
7049 programs claim to be GNU versions, this is a bug; all versions of
7050 these programs should interoperate without problem. Ask for help
7051 on <bug-findutils@gnu.org>.
7054 File: find.info, Node: Error Messages From updatedb, Prev: Error Messages From locate, Up: Error Messages
7056 12.4 Error Messages From `updatedb'
7057 ===================================
7059 The `updatedb' program (and the programs it invokes) do issue error
7060 messages, but none seem to be candidates for guidance. If you are
7061 having a problem understanding one of these, ask for help on
7062 <bug-findutils@gnu.org>.