LAB-NAV-05 - Finding Anything: find, locate, wildcards
Finding Anything: find, locate, wildcards
Master the art of file search using the robust find command, the speedy locate database, and precise wildcard expansions.
- Master the art of file search using the robust find command, the speedy locate database, and precise wildcard expansions.
- Repeat the workflow without copy-paste or step-by-step prompting.
Part A: The Field Guide
🎯 What & Why
If cd is walking, and ls is a flashlight, what happens when you dropped your keys somewhere in a 1,000-room mansion, and you don’t know which room? Walking around with a flashlight (cd and ls) will take years.
You need a search drone.
Linux provides two distinct search drones:
locate: Fast but dumb. It asks an index database: “Do you know where a file with this name is?” It’s instant, but if the file was created 5 minutes ago (after the database was last updated), it’s blind.find: Slow but brilliant. It physically crawls through the folders in real-time. It can search not just by name, but by size, by date modified, by owner, and by permissions. It can even execute commands on the files it finds.
To use these tools effectively, you must also understand Wildcards (Globbing) — the language of “I know part of what I’m looking for.”
🧠 Mental Model: Wildcards (Globbing)
Before you search, you must know how to communicate partial names to the shell.
-
*(Asterisk) = “Zero or more of ANY character.”*.logmatcheserror.log,sys.log,.logbackup*matchesbackup.zip,backup_2026.tar,backup*conf*matchesnginx.conf,config.php,my_conf_file.txt
-
?(Question Mark) = “Exactly ONE of ANY character.”image?.jpgmatchesimage1.jpg,imageA.jpg(but NOTimage12.jpg)
📖 Command Reference
locate — The Instant Index Search
locate queries a pre-built database (updatedb). It searches the entire absolute path of every file on the system for the string you provide.
$ # Find any path containing the word “nginx” $ locate nginx
$ # Find files ending in EXACTLY .pdf (using wildcards) $ # We quote it so the shell doesn’t try to expand the wildcard before locate runs $ locate “*.pdf”
⚠️ The locate limitation
If you create a file right now (touch ~/my_secret_file.txt) and instantly run locate my_secret_file.txt, it will return nothing. The database usually updates once a day via a cron job. You can force an update by running sudo updatedb.
find — The Real-Time Crawler
find is one of the most powerful (and syntax-heavy) commands in Linux.
Anatomy of find: find [WHERE_TO_LOOK] [CRITERIA] [ACTION]
If you omit the action, the default action is “print the path to the screen.”
$ # Find inside /var/log, matching names ending in .log $ find /var/log -name “*.log”
$ # Case-insensitive name search (matches .log, .LOG, .Log) $ find /var/log -iname “*.log”
Finding by Type
Is it a file, or a directory?
-type f(files only)-type d(directories only)
$ # Find all DIRECTORIES inside /etc that have "network" in the name
$ find /etc -type d -name "*network*"Finding by Size
-size +50M(Larger than 50 Megabytes)-size -10k(Smaller than 10 Kilobytes)-size +1G(Larger than 1 Gigabyte)
$ # Find all massive files on the root file system
$ find / -type f -size +500MFinding by Time
-mtime -7(Modified LESS than 7 days ago)-mtime +30(Modified MORE than 30 days ago)-mmin -60(Modified in the last 60 minutes)
$ # What files in my home folder changed today?
$ find ~ -type f -mtime -1🌍 Real Scenarios
Scenario 1: You lost a configuration file
# You know it's a file (-type f)
# You know it ends in .conf (-name "*.conf")
# It's probably in /etc
$ find /etc -type f -name "*.conf"Scenario 2: Disk is 100% full, need to clear space immediately
# Search the whole system (/)
# Look for files only (-type f)
# Look for files over 1 Gigabyte
# Send Permission Denied errors to the void (2>/dev/null)
$ find / -type f -size +1G 2>/dev/nullScenario 3: Security audit (Has anyone modified web files recently?)
# Search /var/www/html
# For files modified in the last 24 hours (-mtime -1)
$ find /var/www/html -type f -mtime -1⚠️ Gotchas & Pitfalls
-
Forgetting Quotes on Wildcards with
find- 🔴 WRONG:
find . -name *.log - If there is a
.logfile in your current folder, the shell expands the wildcard beforefindeven runs. The command becomesfind . -name error.log. It will now ONLY search forerror.log. - 🟢 RIGHT:
find . -name "*.log"(Quotes protect the wildcard from the shell, passing it safely tofind).
- 🔴 WRONG:
-
The 2>/dev/null Trick
- If you run
find /, it tries to search every folder on the system. As a normal user, you don’t have permission to look inside/rootor other users’ folders. Your screen will fill with “Permission denied” errors, hiding the actual results. - Append
2>/dev/nullto the end of your command. This tells Linux: “Take all error messages (stream 2) and throw them in the black hole (/dev/null).”
- If you run
Part B: The Drill Deck
Terminal Required: Open your Linux terminal for these exercises.
G Guided Step by step - type exactly this and compare the result >
Exercise G1: Wildcard visualizer
- Go to
/etc(cd /etc). - Type
ls *conf*— Notice how the shell expands the wildcard to show any file or folder with “conf” in the name. - Type
ls *.conf— Notice how this only shows files strictly ENDING in.conf.
Exercise G2: Basic Find
- Go to your home directory (
cd ~). - Let’s find all hidden directories.
- Type:
find . -type d -name ".*".means “start searching here”.-type dmeans “directories only”.-name ".*"means “name starts with a dot”.
- You should see
.cache,.config, etc.
Exercise G3: Squelching Errors
- Search the whole system for the
hostnamefile:find / -name "hostname" - Notice the massive wall of “Permission denied” errors. You can’t even see if it found the file!
- Now run it with the magic trick:
find / -name "hostname" 2>/dev/null - Clean output! You should clearly see
/etc/hostname(and possibly a few others).
S Solo Task described, hints available - figure it out >
Exercise S1: Size Hunter
Construct a find command that meets these criteria simultaneously:
- Starts scanning from
/var/log - Looks for files only (
-type f) - Looks for files larger than 10 Megabytes (
-size +10M)
Note: If your system is new, this might return nothing. That’s okay!
Exercise S2: Time Traveler
Construct a find command that meets these criteria simultaneously:
- Starts scanning your home directory (
~) - Looks for files modified in the last 60 minutes (
-mmin -60) - Squelches permission errors (
2>/dev/null)
Hint: Before you run this, quickly create a test file: touch ~/recent_test_file.txt. Ensure your find command catches it!
Exercise S3: Locate verification
- Ensure the database is up to date. Run:
sudo updatedb(You may need to enter your password). - Run:
locate passwd - Notice how it instantly spits out hundreds of paths.
- Run:
locate "*/passwd"(Requires the exact filename to bepasswdat the end of a path). Much cleaner!
M Mission Real scenario - no hints, combine multiple skills >
Mission M1: The Audit
You have inherited a Linux server. You need to identify ALL shell scripts (.sh files) anywhere on the entire system (/) that are larger than 1 Megabyte.
Formulate the single find command that will reliably give you this list, without drowning your screen in permission errors.
Mission M2: The Cleanup
A runaway process dumped thousands of temporary files into /tmp. You know two things about these files:
- They all end with
.dump - They were all created/modified more than 7 days ago.
Write the find command that will list only these specific files in /tmp.
(Advanced Bonus: If you know about the -delete or -exec rm {'{}'} + actions in find, how would you modify the command to actually destroy the files it finds, instead of just printing their names? Do NOT run this if you aren’t absolutely sure!)