This section covers the broad subject of listing files in directories, showing file contents, finding files and finding files that contain specific contents.
tested on Red Hat/Centos v5,v6, v7
The ls command lists information about files in the current directory by default sorting entries alphabetically by default.
> ls 123 123a123b123 abc abcde newbackup12.tar RA23a123b123 rA23ab123b123 1234 A23a123b123 abcd backup1.tar newbackup1.tar rA23a123b123 src
This command comnes with many useful switches. Here are some examples...
A wildcard is a character that can be used as a substitute for any one or more character in a search, thereby greatly increasing the flexibility and efficiency of searches. The star wildcard can represent zero, one or many characters.
list all files that contain word backup and end with ".tar"
ll *backup*.tar -rw-r--r--. 1 root root 0 Sep 24 18:59 backup1.tar -rw-r--r--. 1 root root 0 Sep 24 18:59 newbackup12.tar -rw-r--r--. 1 root root 0 Sep 24 18:59 newbackup1.tar
all files that start with lowercase or uppercase "r"
ll [rR]*
all files that contain "a" with a "b" immediately afterwards
ls *[a][b]*
all files that contain "a" with a "b" somewhere afterwards
ls *[a]*[b]*
all files that contain ANY of characters 2016 in /var/log/.
# ll -l /var/log/*[2016]* -rw-------. 1 root root 9012 Sep 20 03:21 /var/log/cron-20160920 -rw-------. 1 root root 1584 Sep 20 01:03 /var/log/maillog-20160920 -rw-------. 1 root root 738281 Sep 20 03:21 /var/log/messages-20160920 -rw-------. 1 root root 0 Sep 15 01:15 /var/log/spooler-20160920 -rw-r--r--. 1 root root 0 Sep 22 20:24 /var/log/serviceA-1 -rw-r--r--. 1 root root 0 Sep 22 20:24 /var/log/serviceB-160101 -rw-r--r--. 1 root root 0 Sep 22 20:23 /var/log/serviceC-16200101
The tree command lists the contents of directories in a tree-like format. tree is a recursive directory listing program that produces a depth indented listing of files. tree may not be installed in every distribution. Use yum install tree to install.
> tree /etc | more /etc ├── adjtime ├── aliases ├── aliases.db ├── alternatives │ ├── ld -> /usr/bin/ld.bfd │ ├── libnssckbi.so.x86_64 -> /usr/lib64/pkcs11/p11-kit-trust.so │ ├── mta -> /usr/sbin/sendmail.postfix │ ├── mta-aliasesman -> /usr/share/man/man5/aliases.postfix.5.gz │ ├── mta-mailq -> /usr/bin/mailq.postfix │ ├── mta-mailqman -> /usr/share/man/man1/mailq.postfix.1.gz │ ├── mta-newaliases -> /usr/bin/newaliases.postfix │ ├── mta-newaliasesman -> /usr/share/man/man1/newaliases.postfix.1.gz │ ├── mta-pam -> /etc/pam.d/smtp.postfix │ ├── mta-rmail -> /usr/bin/rmail.postfix │ ├── mta-sendmail -> /usr/lib/sendmail.postfix │ └── mta-sendmailman -> /usr/share/man/man1/sendmail.postfix.1.gz ├── anacrontab ├── asound.conf ├── audisp │ ├── audispd.conf │ └── plugins.d │ ├── af_unix.conf │ └── syslog.conf ├── audit ...
The Linux stat command is a tool that can be used for displaying detailed information relating to a file or file system on a Linux system. By default the stat command should be available on most distributions of Linux.
The simplest use of the stat command is to pass the name of a file to the command. In the example below you can see the default output from the stat command. Basic information such as size, file type, Inode information, Number of links, Access, Modification and Change date and time stamps are displayed. The stat command is often used to view Modification/access times on a file. (A more detailed way of displaying creation time and access time stamps on a file is to use the debugfs command)
> stat /etc/passwd File: ‘/etc/passwd’ Size: 1307 Blocks: 8 IO Block: 4096 regular file Device: fd00h/64768d Inode: 16784286 Links: 1 Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root) Context: system_u:object_r:passwd_file_t:s0 Access: 2015-11-24 15:16:38.826200796 -0500 Modify: 2015-11-18 15:38:59.975483707 -0500 Change: 2015-11-18 15:38:59.977650390 -0500 Birth: -
Use the -f option to report status of a filesystem
> stat -f /dev/sda1
File: "/dev/sda1"
ID: 0 Namelen: 255 Type: tmpfs
Block size: 4096 Fundamental block size: 4096
Blocks: Total: 122009 Free: 122009 Available: 122009
Inodes: Total: 122009 Free: 121595
Using stat with --format to generate a listing similar to the Linux llcommand
where:--format or -c - custom format %A - access rights in human readable format %h - Number of hard links %U - User name of owner %G - Group name of owner %s - Total size, in bytes %.16y - Time of last modification %n File name
> stat --format "%A %h %U %G %s %.16y %n" /var/* drwxr-xr-x 2 root root 6 2016-11-05 11:38 /var/adm drwxr-xr-x 5 root root 44 2017-11-05 07:12 /var/cache drwxr-xr-x 2 root root 6 2017-10-19 17:03 /var/crash drwxr-xr-x 3 root root 34 2017-11-18 16:30 /var/db -rw-r--r-- 1 user1 user2 0 2017-11-25 07:34 /var/test ...
Use %C to get SELinux security context information
> stat --format "%n %A %C" /var/* /var/adm drwxr-xr-x system_u:object_r:var_t:s0 /var/cache drwxr-xr-x system_u:object_r:var_t:s0 /var/crash drwxr-xr-x system_u:object_r:kdump_crash_t:s0 /var/db drwxr-xr-x system_u:object_r:system_db_t:s0 /var/empty drwxr-xr-x system_u:object_r:var_t:s0 ...
The find command allows you to search for files in a directory hierarchy. It can be slower than locate command so it is best to specify directory if you know where your file may be located.
The find command has many switches and options. These include:
If you run find with exec, {} expands to the filename of each file or directory found with find (so that ls in your example gets every found filename as an argument - note that it calls ls or whatever other command you specify once for each file found).
Semicolon ; ends the command executed by exec. It needs to be escaped with \ so that the shell you run find inside does not treat it as its own special character, but rather passes it to find.
1. Find all files with called profile. The find command atomatically assumes that you want to search recursively
> find / -name profile /etc/lvm/profile /etc/profile
2. Find all file names starting with phrase prof in /etc directory. -iname allows you to ignore case
> find /etc -iname 'prof*'
3. Find all files (type f) modified in year 2015
this finds all files, displays by date & file name, then greps for string 2015 only.
stat helps us format the file information where
%y specifies date/time of last modification
%n specifies complete file and directory name
> find /var -type f -exec stat -c "%y %n " {} \; | grep 2015
4. For directories, change type file(f) to type directory (d).
> find /var -type d -exec stat -c "%y %n " {} \; | grep 2015
5. find and copy
> find /home/user1/ -name 'test*' -exec cp {} /home/user2 \;
6. Files in /hom/ modified in last 31 days
> find / -mtime -31 -type f -exec stat -c "%A %h %U %G %s %.16y %n " {} \;
-rw-rwxr-- 1 root root 0 2015-11-16 18:35 /home/file1
-rw-r--r-- 1 root root 0 2015-11-16 20:20 /home/dir1/file1
----rwx-w- 1 root root 0 2015-11-18 03:31 /home/file22
7. Files modified in last 30 minutes
> find / -mmin -30 -type f -exec stat -c "%y %n " {} \;
8. Find files that contain string "ifcfg-" up to 4 directory layers down
> find / -maxdepth 4 -name '*ifcfg-*'
locate is similar to find, but is based on a database. It has to be installed from repository for RedHat/Centos 7. locate reads one or more databases prepared by updatedb and writes file names matching pattern requested
Install locate
> yum install mlocate
Update locate database
> updatedb
Using locate to find file name
> locate ifcfg-ens33 /etc/sysconfig/network-scripts/ifcfg-ens33
Using locate to find substring of name and directory
> locate scripts/ifcfg- /etc/sysconfig/network-scripts/ifcfg-Myhome1 /etc/sysconfig/network-scripts/ifcfg-Myhome1-1 /etc/sysconfig/network-scripts/ifcfg-ens33 /etc/sysconfig/network-scripts/ifcfg-lo
These are several commands used to view content of text files in Linux.
Examples:
# cat myfile.txt # more myfile.txt # less myfile.txt # head -10 myfile.txt # tail myfile.txt
Notably the -f (follow) option on the tail command, allows you to view log files in real time.
# tail -f /var/log/mylog.txt # tail -F /var/log/mylog.txt
grep is a command-line utility for searching plain-text data sets for lines matching a regular expression. Its name comes from the ed command g/re/p (globally search a regular expression and print), which has the same effect: doing a global search with the regular expression and printing all matching lines.
look for the string test in myfile.txt using grep
> grep 'test' myfile.txt this is a test another line with test
This is another approach. Look for the string test in myfile.txt using cat and grep
> cat myfile.txt | grep 'test' myfile.txt this is a test another line with test
look for the string test in directory /home< and subdirectories
> grep -r 'test' /home this is a test another line with test
look for the lines that don't contain the word test using the invert-match (-v) switch
> grep -v 'test' myfile.txt
look for the string 'test' in myfile.txt - case insensitive (checks for both upper and lower case)
> grep -i 'TeSt' myfile.txt
look for the string 'all' in /home directory and sub-directories (recursive) using -R or -r
> grep -r 'all' /home
look for the full word 'all' in /home directory. Full word has space before and after
> grep -w 'all' /home
count number of lines that contain match from output grep command using wc command
> grep 'test' myfile.txt | wc -l 2
add line numbers (n)
> grep -n 'test' myfile.txt 1:this is a test 2:another line with test
show 2 lines after line or lines found. Here we use the A switch for lines after. Use B for lines before.
> grep -nA 2 'test' myfile.txt 1:this is a test 2-another line 3-another line -- 5:another line with test 6-the quick cat jobs over the lazy dog 7-TEST UPPER CASE
some regex syntax
^ - starts with
$ - ends with
. - anycharacter
* - the preceding item will be matched zero or more times
? - the preceding item will be matched one or more times
- - turn off the special meaning of the next character
[] - match any one of the enclosed characters
\{x,y\} - match x to y occurrences of the preceding.
\{x\} - match exactly x occurrences of the preceding.
\{x,\} - match x or more occurrences of the preceding.
find lines that start with 123
grep '^123' myfile.txt
lines that end with 123
grep '123$' myfile.txt
lines that start with 123 and end with the same 123
grep -E '^123$'
lines that does not contain 123
grep -v '123' myfile.txt
find any lines containing number 0 to 9 or a to z in any file in current directory
grep '[0-9a-z]' *
find any lines containing five number (0 to 9) in any file in current directory
grep '^[0-9]\{5\}$' *
show lines which does not begin with '#' or ';'
grep '^[^#;]' /etc/httpd/conf/httpd.conf
show line if it begins with one to six numbers (0 to 999999) with nothing afterwards
grep '^[0-9]\{1,6\}$' myfile.txt
Word boundaries: find matches with space before and after. Here we will find the but not there
grep -i "\bthe\b" myfile.txt
find USA, United-States or united-states
grep 'USA\|\([Uu]nited\( \|\-\)[Ss]tates\)' *
character class syntax
[:digit:] Only the digits 0 to 9 [:alnum:] Any alphanumeric character 0 to 9 OR A to Z or a to z. [:alpha:] Any alpha character A to Z or a to z. [:blank:] Space and TAB characters only.
show lines with one or more digits
grep [[:digit:]] myfile.txt
pipe list of processes into grep command and search for any process that contains the string http
ps -A | grep http
list all files in all directories and look for string 2015
ls -R / | grep 2015
egrep is the same as grep but permits some advanced regular expression functionality. egrep functions can be obtained using egrep command or grep with -E switch.
look for the lines that contain test or abc
> egrep 'test|abc' myfile.txt
> grep -E 'test|abc' myfile.txt
sed is a powerful tool or command used for efficient text processing in Unix.
Suppress all lines containing the string test
cat myfile.txt | sed -e '/test/d'
This is similar to the match-inverse switch with grep
grep -v 'test' myfile.txt
# vi /etc/httpd/conf/httpd.conf
# vi /var/log/httpd/error_log # vi /var/log/httpd/php_error_log # vi /var/log/httpd/ssl_access_log # vi /var/log/httpd/ssl_error_log # vi /var/log/httpd/ssl_request_log
# vi /etc/httpd/conf/httpd.conf
# vi /var/log/httpd/error_log # vi /var/log/httpd/php_error_log # vi /var/log/httpd/ssl_access_log # vi /var/log/httpd/ssl_error_log # vi /var/log/httpd/ssl_request_log