How To Find a File In Linux From the Command Line

Find files in Linux

Need to know how to find a file in Linux? Well, surprise, surprise, you’re going to need the find command in Linux to scour your directory or file system. The Linux find command can filter objects recursively using a simple conditional mechanism, and if you use the -exec flag, you’ll also be able to find a file in Linux straightaway and process it without needing to use another command.

Locate Linux Files by Their Name or Extension

Type find into the command line to track down a particular file by its name or extension. If you want to look for *.err files in the /home/username/ directory and all sub-directories, try this: find /home/username/ -name "*.err"

Typical Linux Find Commands and Syntax

find command expressions look like this:

find command options starting/path expression

The options attribute controls the behavior and optimization method of the find process. The starting/path attribute defines the top-level directory where the find command in Linux begins the filtering process. The expression attribute controls the assessments that scour the directory tree to create output.

Let’s break down a Linux find command where we don’t just want Linux find file by name:

find -O3 -L /var/www/ -name "*.html"

It enables the top-level optimization (-O3) and permits find to follow symbolic links (-L). The find command in Linux searches through the whole directory hierarchy under /var/www/ for files that have .html on the end.

Basic Examples

1. find . -name thisfile.txt

If you need to know how to find a file in Linux called thisfile.txt, it will look for it in current and sub-directories.

2. find /home -name *.jpg

Look for all .jpg files in the /home and directories below it.

3. find . -type f -empty

Look for an empty file inside the current directory.

4. find /home -user randomperson-mtime 6 -iname ".db"

Look for all .db files (ignoring text case) that have been changed in the preceding 6 days by a user called randomperson.

Options and Optimization for Find Command for Linux

find is configured to ignore symbolic links (shortcut files) by default. If you’d like the find command to follow and show symbolic links, just add the -L option to the command, as we did in this example.

find can help Linux find file by name. The Linux find command enhances its approach to filtering so that performance is optimised. The user can find a file in Linux by selecting three stages of optimisation-O1, -O2, and -O3. -O1 is the standard setting and it causes find to filter according to filename before it runs any other tests.

-O2 filters by name and type of file before carrying on with more demanding filters to find a file in Linux. Level -O3 reorders all tests according to their relative expense and how likely they are to succeed.

  • -O1 – (Default) filter based on file name first
  • -O2 – File name first, then file-type
  • -O3 – Allow find to automatically re-order the search based on efficient use of resources and likelihood of success
  • -maxdepth X – Search this directory along with all sub-directories to a level of X
  • -iname – Search while ignoring text case.
  • -not – Only produce results that don’t match the test case
  • -type f – Look for files
  • -type d – Look for directories

Find Files by When They Were Modified

The Linux find command contains the ability to filter a directory hierarchy based on when the file was last modified:

find / -name "*jpg" -mtime 5

find /home/randomuser/ -name "*jpg" -mtime 4

The initial Linux find command pulls up a list of files in the whole system that end with the characters jpg and have been modified in the preceding 5 days. The next one filters randomuser’s home directory for files with names that end with the characters “conf” and have been modified in the preceding 4 days.

Use Grep to Find Files Based on Content

The find command in Linux is great but it can only filter the directory tree according to filename and meta data. To search files based on what they contain you’ll need a tool like grep. Take a look:

find . -type f -exec grep "forinstance" '{}' \; -print

This goes through every object in the current directory tree (.) that’s a file (-type f) and then runs grep ” forinstance ” for every file that matches, then prints them on the screen (-print). The curly braces ({}) are a placeholder for those results matched by the Linux find command. The {} go inside single quotes (‘) so that grep isn’t given a misshapen file name. The -exec command is ended with a semicolon (;), which also needs an escape (\;) so that it doesn’t end up being interpreted by the shell.

Before -exec was implemented, xargs would have been used to create the same kind of output:

find . -type f -print | xargs grep "forinstance"

How to Locate and Process Files Using the Find Command in Linux

The -exec option runs commands against every object that matches the find expression. Let’s see how that looks:

find . -name "rc.conf" -exec chmod o+r '{}' \;

This filters all objects in the current directory tree (.) for files named rc.conf and runs the chmod o+r command to alter file permissions of the results that find returns.

The root directory of the Linux is where the commands that -exec runs are executed. Use -execdir to execute the command you want in the directory where the match is sitting, because this might be more secure and improve performance under certain circumstances.

The -exec or -execdir options will continue to run on their own, but if you’d like to see prompts before they do anything, swap out -exec  -ok or -execdir for -okdir.

How To Manage Files Using Plesk?

Let’s say you have a website that’s all ready to go on your laptop/desktop and you’d like to use File Manager to upload it to the Plesk on Linux server:

  1. On your machine, you’ll need to take the folder with all of your website’s files on it and add it to a compressed archive in one of the usual formats (ZIP, RAR, TAR, TGZ, or TAR.GZ).
  2. In Plesk, go to Files, click the httpdocs folder to open it, click Upload, choose the archive file, and then click Open.
  3. As soon as you’ve uploaded it, click in the checkbox you see alongside and then on Extract Files.

How to Edit Files in File Manager

File Manager lets you edit your website pages by default. To do this you can use:

  • An HTML editor or a “what-you-see-is-what-you-get” style of editor, which is a nice option because it adds the HTML tags for you. If you aren’t all that confident with HTML then this can be a helpful option.
  • Code editor. When you open HTML files with this one you’ll be presented with text where the HTML syntax is highlighted. If you’re comfortable with adding HTML tags yourself then code editor is for you.
  • Text editor. HTML files are opened as ordinary text with this one.

Your Plesk administrator may have already et up the Rich Editor extension, in which case you can use it for HTML file editing. Rich Editor works in a what-you-see-is-what-you-get fashion, just like Code Editor, although it’s better specced with features like a spellchecker for instance.

Here’s how to use File Manager to edit a file:

  1. Put the cursor over the file and the line that corresponds with it will show a highlight.
  2. Open the context menu for the file by clicking on it.
  3. Click Edit in … Editor (this will vary depending on your chosen editor).

How to Change Permissions with File Manager

There are some web pages and files that you don’t necessarily want to share with the world, and that’s where altering their permissions settings can come in handy.

To achieve this, find the item you want to restrict Internet access for like this:

  1. Place your cursor over it and wait for the highlight to appear as in the previous example.
  2. Click on the file to open its context menu and do the same again on Change Permissions.
  3. Make your change and then hit OK. If you’d like to find out more about how to look at and alter permissions in Setting File and Directory Access Permissions.

File Manager’s default approach is to change permissions in a non-recursive manner, so consequently, sub-files and directories don’t aren’t affected by the changed permissions of the higher-level directories they belong to. With Plesk for Linux, you can make File Manager modify permissions in a recursive manner, assuming that your Plesk administrator set up the Permissions Recursive extension and that you understand the octal notation of file permissions.

To enable recursive editing of access permissions:

  1. Place the cursor over the directory and wait for the highlight.
  2. Click to open its context menu and then again on Set Permissions Recursive.
  3. Now you can edit them. “Folder Permissions” is talking about the higher-level directory and any of its associated sub-directories. “File Permissions” applies to sub-files in this instance.
  4. When you’ve completed your permission amendments, click OK.

File Search in File Manager

You’ve got a little bit of latitude with file searches. You can have File Manager hunt for a specific bit of text either in the file name, in the content, or in both. You can choose how you want it to search for files by clicking on the icon that appears adjacent to your chosen search field, and then clicking on whichever type you prefer.

Easy Steps to List All Open Linux Ports

Open Linux Ports

If you wanted to know what you need to do to list all of the open ports in a Linux instance you’ve come to the right place. But, what is a port and why would you want to have a list of all the open ports?

In short, a port is an access point that an operating system makes available so that it can facilitate network traffic with other devices or servers, while also differentiating the traffic in order to understand what service or app the traffic is being sent to.

There are two common protocols when it comes to ports: TCP, or the transmission control protocol; and of course, UDP – the user datagram protocol. Each of these protocols have a range of port numbers which is commonly classified into three groups:

Linux System Ports

Also known as “well-known” ports. These are port numbers from 0 to 1023 which are considered important for typical system use, commonly these ports are considered quite critical for ensuring ongoing communications services.

Linux User Ports

Also know as “registered ports” which range from 1024 to 49151. It is possible to send a request to the Internet Assigned Numbers Authority (IANA) to request retention of one of these ports for your application.

Linux Private Ports

Also known as “dynamic ports” range from 49152 to 65535. These ports are open for whatever use case you deem privately necessary and so are dynamic in nature – they are not fixed to specific applications.

Now, even though many ports have specific uses, it is important to keep an eye on ports which are “open” without the need for that port to be open. This is because ports that are unnecessarily left open can be a security risk – and also a sign that an intrusion is actively occurring.

Understanding which ports are open and “listening” for communications is therefore absolutely crucial to ensuring that you block efforts to break into your systems. Of course, some common ports need to be left open in order to facilitate ordinary internet communications. For example:

  • FTP (the file transfer protocol) uses port 20 for data transfers
  • Likewise, FTP uses port 21 to issue commands and to control the FTP session
  • Port 22 is dedicated to SSH, or secure shell login
  • Telnet uses port 23 to facilitate remote logins but this port entails unencrypted messaging which is not secure so it’s not really recommended for use
  • E-mail routing via SMTP (the simple mail transfer protocol) is achieved on port 25
  • Port 43 is dedicated to the WHOIS system which can check who owns a domain
  • The domain name service (DNS) makes use of port 53
  • DHCP uses port 67 as the server port, and port 68 as the client port
  • HTTP, the hypertext transfer protocol, uses port 80 to deliver web pages
  • POP3, the e-mail centric “post office protocol” uses port 110
  • Port 119 is used by the news transfer protocol, NNTP
  • The network time protocol, NTP, uses port 123
  • IMAP, another email protocol, makes use of port 143 to retrieve email messages
  • SNP or the simple network management protocol uses port 161
  • Port 194 is dedicated to IRC, the internet relay chat app
  • Port 443 is dedicated to HTTPS, the secure version of HTTP delivered over TLS/SSL
  • SMTP, the simple mail transfer protocol, uses port 587 to submit emails

It is often possible to configure a specific service to use a port which is not the standard port, but this configuration needs to be made on both the sender and recipient side – in other words, on both client and server. Otherwise if only one side uses a non-standard port configuration communication won’t be possible.

How do you get a simple list of common ports that are open? Use this command:

$ cat /etc/services

Alternatively, you can modify the size of the list you get by adding “less” to your command

$ cat /etc/services | less

However, you can use a range of other commands on a Linux machine which will give you all the TCP and the UDP ports which are open and ready to receive communication from other machines. We will cover three in the following section – Isof, netstat and nmap.

The netstat or network statistics command

Most Linux distributions will include netstat by default, in their installations. It’s a really capable tool which can display all the TCP/IDP network connections that are active – both for incoming connections, and outgoing connections. It also displays routing tables plus the number of the network interface alongside comprehensive statistics for network protocols.

So, you can use netstat to troubleshoot and to measure the performance of your network. While basic, it is a useful and essential too for finding faults in network services. It clearly tells you which ports are open, and where a program or service is listening on a specific port. We will now give you some examples on how to make use of netstat.

Retrieving a list of all TCP and UDP ports which are currently listening

It’s simple really, just use the -a flag alongside a pipe that specifies less, this will give you TCP and UDP ports which are currently listening

$ netstat -a | less

To list all the connections that are listening

Make use of the -l flag in the netstat command to get a list of every port connection which is actively listening

$ netstat -l

Display ports that are open, alongside current TCP connections

Here, we combine a couple of flags in order to show a list of ports which are open and the established (TCP) connections.

$ netstat -vatn

A list of open UDP ports

You might only want to see the UDP ports which are open, excluding the open TCP ports. The command you need is this:

$ netstat -vaun

Get a list of your Linux services which are listening on TCP and UDP, a list of the open ports on your machine which are free, alongside the name and the PID of the service or program

This command gives you all the services and apps which listen on either TCP or UDP. It also gives you the open ports on your Linux instance which are free, plus the program name and process ID that is associated with every open socket.

$ netstat -tnlup

So you can see how the different commands you can use with netstat makes it very versatile, allowing you to see what the status quo is on your Linux machine. But what exactly does these individual flags mean? It’s simple really:

  • -a will show all sockets that are listening and all non-listening sockets too
  • -l only shows ports which are actively listening
  • -v means “verbose” and tells netstat to include additional information about any address families that are not currently configured
  • -t restricts the listing to TCP connections only
  • -u restricts the listing to UDP connections only
  • -n tells netstat to display the numerical addresses too
  • -p adds the process ID (PID) as well as the name of the program

Keep in mind that the seven flags we’ve shown above are just a couple of the many flags you can specify for netstat. Check out the help file by triggering

$ man netstat

You’ll get a full listing of all the options and features you can make use of with netstat.

nmap – the Network Mapper command

An open source tool, nmap is great for exploring your network, scanning it for security vulnerabilities and to audit your network. That said, new users might find nmap challenging to use because it is so feature-rich: nmap comes with so many options that you might find it difficult to figure out, even if it does mean it is a very robust tool.

It’s worth remembering that nmap will deliver very extensive information about the network that it is scanning. So, do not use nmap on a network unless you have permission to examine it – permission to scan it, basically. You need to have a reason to use nmap, in other words, and the permission of the network owner.

We will now give you a basic overview of nmap including typical usage of the map command. To start off with, here is the instructions you need to install nmap if you have Ubuntu or Debian server:

$ sudo apt-get install nmap

The command is slightly different if you’re using RHEL or CentOS:

$ sudo yum install nmap

There’s a file you can view for a wider picture of ports and services. Use this command:

$ less /usr/share/nmap/nmap-services

It’s an example of exactly how extensive the details are when you use nmap as a tool. If you want to experiment with nmap you could try to check out your own virtual private server, but you could also give nmap a go on the official nmap test server – located at scanme.nmap.org.

In order to try out some basic nmap commands we will make use of sudo privileges to ensure that the queries give complete results – not partial results. Remember, some nmap commands will take a little bit longer to execute.

Throughout these examples we will make use of mywebsite.com as the example domain; replace your actual domain in place of mywebsite.com when you run this command.

Scanning for open ports on a domain

$ sudo nmap -vv mywebsite.com

Here you can see we have used the -vv flag, which has a specific function. When you use -vv it means “verbose”, in other words it will show you extensive output, including the process as nmap scans for open ports. Leave out the -vv flag and you will quickly see the difference.

List of ports that are listening for connections via TCP

$ sudo nmap -sT mywebsite.com

You’ll note the -sT flag, this is usually what you’d specify to scan for TCP connections when a SYN scan cannot be performed.

List of ports that are listening for connections via UDP

$ sudo nmap -sU mywebsite.com

So, -sU is what you use to get a UDP scan. However you can scan for both UDP and TCP connections by using another flag, -sS. You’ll get a list covering both UDP and TCP.

Look at a specific port (instead of all ports)

$ sudo nmap -p port_number mywebsite.com

In this case, -p means that you only look at the port number specified in place of “port_number”.

Scan every open port on both TCP and UDP

$ sudo nmap -n -Pn -sT -sU -p- mywebsite.com

We use two flags here: first -n which specified to nmap that it must not make a reverse domain resolution for an active IP address, where it finds one. -Pn disables pinging, treating all of the hosts as if they are online.

It’s just a few examples but nmap is a really fantastic tool than can help you a lot. Remember, typing $ man nmap will give you a full list of all the tools at your disposal; many of these are very useful for exploring the security of your network and to find potentially vulnerable points.

The lsof (List Open Files) command

It’s easy to remember what lsof means – the list open files command – just take ls as “list” and of as “open files” and you’ll clearly see why lsof means “list open files”.

Listing all active network connections

Use the -i flag with lsof in order to get a full list of every network connection which is both listening and established.

$ sudo lsof -i

Find a process that is using a specified port

As an example, for all processes which are currently operating on port 22, you’ll run this command:

$ sudo lsof -i TCP:22

Get a list of all the UDP and TCP connections

To list every single UDP and TCP connection just use this command:

$ sudo lsof -i tcp; sudo lsof -i udp;

Just like with nmap, you can check the manual for lsof in order to get a full view of all the options you have when you are using lsof.

So, to wrap up, Linux fans must understand at least a little bit about ports – particularly if they plan on managing Linux servers. We’ve given three examples of great tools – nmap, lsof and netstat – which will help you on the way to understanding which ports are open on your machine, and which services are active on your server.

We suggest that you take a look at the man pages for each of these commands so that you can get a better idea of what they do. While these tools are great for checking the exposure on your own network, never abuse any of these tools by scanning networks that do not belong to you.

Your guide to Linux server administration

Linux Server Administration

Managing a Linux server is not the same as managing a Linux workstation, and Linux server administration is miles away from running a desktop operating system like Windows or Mac OS X. Read this article to find out everything you need to know about managing a Linux server, whether dedicated or cloud-hosted.

What is Linux server management?

Technology staff that are new to Linux server management need to understand that Linux servers are different from the many Linux distributions available for workstation, or desktop use. As with Windows server editions, Linux server editions are more powerful and are built to serve high demands.

Linux servers include additional features for Linux server management that makes it easier to handle network administration. These management tools include advanced system administration features and the ability to administer databases too. Your Linux server edition is also capable of running advanced web applications and other services.

Choosing a Linux server means you get the benefit of high levels of security and solid stability, while retaining a large degree of flexibility. Linux server administration involves choices, one of these are which Linux distribution you prefer – choosing amongst CentOS, Debian or Ubuntu for example. Server administrators like the fact that Linux is open source.

The difference between a dedicated and a cloud server

If you’re planning on acting as a Linux server administrator you need to understand the difference between a dedicated server, and a cloud server. A dedicated server is a machine that is fully dedicated to your application. You rent this server from a company who acts as the owner.

Linux server management could also involve a cloud server. Here, your server could be a part of a pool of cloud servers, sharing physical resources with other server instances. Cloud Linux servers are typically run as virtual machines and have their benefits, including a lower management overhead. But some server admins prefer dedicated servers.

How to perform Linux server management for a dedicated server

We’ve mentioned that each type of Linux server management has pros and cons. Dedicated servers undoubtedly have perks, mainly centered around the fact that you have more control over the server. With cloud hosted Linux servers, the ability to customize is more limited and you have fewer choices around the exact operating system version and the applications on the machine.

On the flipside, Linux server management that involves a dedicated server includes higher responsibilities. First, your responsibilities around security are much tighter: while cloud hosts will install firewalls and other protective services a dedicated server will require closer security management.

Linux server administrators in control of a dedicated server should pay attention to the limitations imposed by SSH. Network services use this protocol for a broad variety of purposes, and server functions tend to create a lot of connections. These purposes range from remote login through to management consoles. Exceeding the number of available concurrent SSH sessions can cause service disruptions.

We mentioned firewalls earlier, a salient responsibility that everyone that practices Linux server administration in a dedicated setting faces is that of updates and patches. Many operating systems would automatically run updates on a regular basis, but Linux requires the sysadmin to trigger patches when these are available. Regularly installing Linux security updates are crucial and administrators are ultimately responsible for this on a dedicated server.

Finally, logs on Linux can be incredibly revealing. While the host is responsible for the smooth running of a cloud server, dedicated Linux server administration involves closer scrutiny. Whether it is the bootup process that needs debugging or a glitchy application, your dedicated server’s OS logs will tell you what the source of the problem is, quickly.

Managing cloud servers

Frankly, Linux server management involving a cloud server is a lot easier. There are some similarities with managing a dedicated server but there are quite a few points you simply won’t need to take care of. First and foremost, though some dedicated server providers will look after your hardware, many won’t, and dedicated server management could involve hardware management. With cloud servers, hardware management is not in the picture at all.

On the flipside cloud Linux server management involves constraints. You cannot customize too much with a cloud server because so many variables are under the control of the cloud host. In fact, you are sharing hardware which significantly removes customization options. Yet there is a range of choices with cloud providers, with some offering more opportunity for customization than others.

Also note that you are reliant on the cloud provider’s security arrangements. This could be a good thing if you have a very capable cloud provider, or a big risk if your cloud provider practices bad Linux server management. Yes, you can apply firewalls on some levels plus other security arrangements, but your options are nonetheless restricted.

The importance of server monitoring for Linux server administration

Server monitoring is clearly important, whether you are practicing Linux server management in a dedicated setting or in a cloud setting. Yes, cloud providers will monitor many aspects but any serious Linux sysadmin should use their own monitoring tools. Though every sysadmin needs to pick their tool of choice there are some tools that stand out. We think these tools are great choices:

  • Disk utility. Try iotop to check whether your disks are in good shape. It provides Linux server management experts with real insights into the efficiency of the input/output aspects of their machines. Reliable data transmission is key to server performance.
  • Monitor network traffic. Not sure what’s going on with your network traffic? Check out nload, which will show you what is consuming the most bandwidth on your machine and whether there are any network glitches.
  • Connection monitor. Hacking and cybercrime is a huge problem. Monitor your network connections with iftop, the tool that shows you the active network connections to your server. Any unexpected connection should be investigated as it could be the result of an intrusion.

It’s worth consulting an expert

The right choice between dedicated and cloud Linux server management requires a real think-through of your business needs and requirements. Get help with this choice, even though dedicated servers have advantages many businesses find that cloud server are better for their needs. This is because a cloud server can provide a release from many of the requirements involved in maintaining a server operating system.

If you do decide to pay for a dedicated server, make sure you have the right Linux server administration expertise to fully manage the machine end to end. In fact, the skills you have available to your business may very well determine whether you choose dedicated server hosting, or choose a cloud hosting solution.